Bug 127731 - [patch] databases/mysql41-server fix for CVE-2008-2079
Summary: [patch] databases/mysql41-server fix for CVE-2008-2079
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-29 23:50 UTC by Andrew Daugherity
Modified: 2008-10-10 20:10 UTC (History)
0 users

See Also:


Attachments
mysql41-server.patch (11.80 KB, patch)
2008-09-29 23:50 UTC, Andrew Daugherity
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Daugherity 2008-09-29 23:50:01 UTC
	Fix for mysql41-server for the vulnerability referred to in http://www.freebsd.org/ports/portaudit/388d9ee4-7f22-11dd-a66a-0019666436c2.html

Fix: Patch attached.  Because MySQL 4.1 is in the "extended support" phase of the
lifecycle, there are no tarballs newer than 4.1.22 available, but security
patches are still issued, and code is available from the bzr repo.  Rather
than upgrading to 4.1.24 (the latest tagged version), which would require
a build-dep on bzr, or self-hosting a bzr export tarball, I generated a bzr
diff for this specific fix.

This is the commit log from mysql bzr:
    ------------------------------------------------------------
    revno: 2704.3.2
    committer: gluh@mysql.com/eagle.(none)
    timestamp: Fri 2008-02-29 13:55:00 +0400
    message:
      Bug#32167 another privilege bypass with DATA/INDEX DIRECORY(ver 4.1,5.0)
      added new function test_if_data_home_dir() which checks that
      path does not contain mysql data home directory.
      Using of mysql data home directory in
      DATA DIRECTORY & INDEX DIRECTORY is disallowed.
    ------------------------------------------------------------

The attached patch is the output of 'bzr diff -r 2704.3.1..2704.3.2' against
a checkout of mysql-4.1 branch, split into multiple files as per FreeBSD
ports policy, with the exception of the two files under mysql-test/, which
had intervening changes.  The diff for those two files came from
'bzr diff -r tag:mysql-4.1.22..tag:mysql-4.1.24 mysql-test/r/symlink.result'
and likewise for mysql-test/t/symlink.test.

All patches are new files, except for patch-sql::mysqld.cc, which has hunks
added to it.

Of course, the vulnerabilities database also needs to be updated once
this patch is committed.
Comment 1 Edwin Groothuis freebsd_committer 2008-09-29 23:50:11 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Eugene Grosbein 2008-10-01 21:27:43 UTC
Hi!

I've compile-checked this patch, it compiles and runs,
so I vote for it.

Andrew, does this patch contain all differences between
4.1.22 and 4.1.24 source codes? If so, we should name the port 4.1.24
and not 4.1.22_1 to we get right packages numbering and more correct
record in vulnerability databases later. So, next patch above yours
(or just replace first chunk with it):

--- Makefile.orig	2008-10-02 04:24:33.000000000 +0800
+++ Makefile	2008-10-02 04:18:34.000000000 +0800
@@ -6,8 +6,9 @@
 #
 
 PORTNAME?=	mysql
-PORTVERSION=	4.1.22
-PORTREVISION?=	1
+PORTVERSION=	4.1.24
+PORTREVISION?=	0
+DISTNAME=	mysql-4.1.22
 CATEGORIES=	databases
 MASTER_SITES=	${MASTER_SITE_MYSQL}
 MASTER_SITE_SUBDIR=	MySQL-4.1


Eugene Grosbein
Comment 3 Andrew Daugherity 2008-10-01 23:07:39 UTC
 >>> Eugene Grosbein <eugen@kuzbass.ru> 10/01/08 3:27 PM >>>=20
Andrew, does this patch contain all differences between
4.1.22 and 4.1.24 source codes?


No, this patch is just the diff of the revision claiming to fix this bug =
with the previous revision*, which is why I changed the version to =
4.1.22_1 rather than 4.1.24.  It applies cleanly to the 4.1.22 source =
(with some lines of offset, but I didn't bother changing that because the =
patch succeeded).

I first tried to update the port to 4.1.24, but decided it was too much =
work, since the bzr checkout requires autoreconf to be run first, and then =
most of the existing FreeBSD patches didn't apply.  Also, a diff between =
the 4.1.22 tarball and the 4.1.24 checkout was over 100k lines and changed =
472 files, so I decided to go this route instead.

* With the exception of a couple test files, as I noted in the bug report.


Andrew
Comment 4 Alex Dupre freebsd_committer 2008-10-10 19:42:36 UTC
State Changed
From-To: open->closed

Committed, thanks!
Comment 5 dfilter service freebsd_committer 2008-10-10 20:01:19 UTC
ale         2008-10-10 19:01:11 UTC

  FreeBSD ports repository

  Modified files:
    databases/mysql41-server Makefile 
    databases/mysql41-server/files patch-sql::mysqld.cc 
  Added files:
    databases/mysql41-server/files patch-sql_mysql_priv.h 
                                   patch-sql_sql_parse.cc 
  Log:
  Fix for CVE-2008-2079.
  
  PR:             ports/127731
  Submitted by:   Andrew Daugherity <adaugherity@tamu.edu>
  
  Revision  Changes    Path
  1.228     +1 -1      ports/databases/mysql41-server/Makefile
  1.5       +21 -0     ports/databases/mysql41-server/files/patch-sql::mysqld.cc
  1.1       +11 -0     ports/databases/mysql41-server/files/patch-sql_mysql_priv.h (new)
  1.1       +82 -0     ports/databases/mysql41-server/files/patch-sql_sql_parse.cc (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"