Bug 127915

Summary: Security port patch for databases/mysql51-client 51.28
Product: Ports & Packages Reporter: Michael Scheidell <scheidell>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me CC: ale
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Michael Scheidell 2008-10-07 11:40:01 UTC 
portaudit and bugtraq
http://bugs.mysql.com/bug.php?id=27884
portaudit
portaudit
Affected package: mysql-client-5.1.28
Type of problem: mysql -- command line client input validation 
vulnerability.
Reference: 
<http://www.FreeBSD.org/ports/portaudit/4775c807-8f30-11dd-821f-001cc0377035.html>

Fix: patches from http://bugs.mysql.com/file.php?id=9232
changed locations for mysql51-28rc

tested, looks like it fixed it.
if you make full (client/server) and cd to $WORK/mysql* make test runs 
fine now
after patches: note the escaped <>.
note this is the correct test results, not as per patch
<TABLE BORDER=1><TR><TH>&lt;a&gt;</TH></TR><TR><TD>&lt;a&gt;</TD></TR></TABLE>
please inform portsaudit/security of fix and update portsaudit.
How serious? serious enough to be in portsaudit :-)

added files
Only in ./files: patch-client:mysql.cc
Only in ./files: patch-mysql-test:mysql.result
Only in ./files: patch-mysql-test:mysql.test

How-To-Repeat:  mysql --html --execute "select '<a>'"
(note, original report shows -execute. correct option is --execute)
if bad, will show:
mysql --html --execute "select '<a>'"
<TABLE BORDER=1><TR><TH><a></TH></TR><TR><TD><a></TD></TR></TABLE>
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-10-07 12:46:24 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Michael Scheidell 2008-10-08 12:46:23 UTC 
sorry, patch corrupted.   this:

@@ -0,0 +1,11 @@
+--- mysql-test/r/mysql.result.orig     2008-08-28 12:08:36.000000000 -0400
++++ mysql-test/r/mysql.result  2008-10-07 05:45:48.000000000 -0400
+@@ -182,6 +182,8 @@
+ This is a file starting with UTF8 BOM 0xEFBBBF
+ End of 5.0 tests
+ WARNING: --server-arg option not supported in this configuration.
+<TABLE BORDER=1><TR><TH>&lt;a&gt;</TH></TR><TR><TD>&lt;a&gt;</TD></TR></TABLE>
++End of 5.1 tests
+ Warning (Code 1286): Unknown table engine 'nonexistent'
+ Warning (Code 1266): Using storage engine MyISAM for table 't2'
+ Warning (Code 1286): Unknown table engine 'nonexistent2'

should be this: (note the missing extra + before <TABLE BORDER. found during regres test.

@@ -0,0 +1,11 @@
+--- mysql-test/r/mysql.result.orig     2008-08-28 12:08:36.000000000 -0400
++++ mysql-test/r/mysql.result  2008-10-07 05:45:48.000000000 -0400
+@@ -182,6 +182,8 @@
+ This is a file starting with UTF8 BOM 0xEFBBBF
+ End of 5.0 tests
+ WARNING: --server-arg option not supported in this configuration.
++<TABLE BORDER=1><TR><TH>&lt;a&gt;</TH></TR><TR><TD>&lt;a&gt;</TD></TR></TABLE>
++End of 5.1 tests
+ Warning (Code 1286): Unknown table engine 'nonexistent'
+ Warning (Code 1266): Using storage engine MyISAM for table 't2'
+ Warning (Code 1286): Unknown table engine 'nonexistent2'


-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * Everything Channel Hot Product of 2008
    * Shaping Information Security Award 2008
    * CRN Magazine Top 40 Emerging Security Vendors

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Comment 3 Alex Dupre freebsd_committer freebsd_triage 2008-10-10 19:41:57 UTC 
State Changed
From-To: open->closed

Fixed.