packages: mysql/mysql.spec, mysql/mysql-CVE-2012-2122.patch (NEW)=?UTF-8?Q?=20?=- added p...
adwol
adwol at pld-linux.org
Mon Jun 11 18:37:35 CEST 2012
Author: adwol Date: Mon Jun 11 16:37:35 2012 GMT
Module: packages Tag: HEAD
---- Log message:
- added patch for CVE-2012-2122
- rel 3; STBR
---- Files affected:
packages/mysql:
mysql.spec (1.571 -> 1.572) , mysql-CVE-2012-2122.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/mysql/mysql.spec
diff -u packages/mysql/mysql.spec:1.571 packages/mysql/mysql.spec:1.572
--- packages/mysql/mysql.spec:1.571 Fri Apr 27 15:00:48 2012
+++ packages/mysql/mysql.spec Mon Jun 11 18:37:30 2012
@@ -37,7 +37,7 @@
Summary(zh_CN.UTF-8): MySQL数据库服务器
Name: mysql
Version: 5.5.21
-Release: 2
+Release: 3
License: GPL + MySQL FLOSS Exception
Group: Applications/Databases
# Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -75,6 +75,7 @@
Patch19: %{name}-chain-certs.patch
# from fedora
Patch20: %{name}-dubious-exports.patch
+Patch21: %{name}-CVE-2012-2122.patch
# <percona patches, updated with percona.sh>
Patch100: bug933969.patch
Patch101: microsec_process.patch
@@ -574,6 +575,7 @@
%patch14 -p0
%patch19 -p1
%patch20 -p1
+%patch21 -p1
# <percona %patches>
%patch100 -p1
%patch101 -p1
@@ -1271,6 +1273,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.572 2012/06/11 16:37:30 adwol
+- added patch for CVE-2012-2122
+- rel 3; STBR
+
Revision 1.571 2012/04/27 13:00:48 arekm
- rel 2; patches updated
================================================================
Index: packages/mysql/mysql-CVE-2012-2122.patch
diff -u /dev/null packages/mysql/mysql-CVE-2012-2122.patch:1.1
--- /dev/null Mon Jun 11 18:37:35 2012
+++ packages/mysql/mysql-CVE-2012-2122.patch Mon Jun 11 18:37:30 2012
@@ -0,0 +1,11 @@
+--- mysql-5.5.21.orig/sql/password.c 2012-01-31 12:28:14.000000000 +0100
++++ mysql-5.5.21/sql/password.c 2012-06-11 18:33:31.712820746 +0200
+@@ -531,7 +531,7 @@
+ mysql_sha1_reset(&sha1_context);
+ mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+ mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+- return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++ return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
+ }
+
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/packages/mysql/mysql.spec?r1=1.571&r2=1.572
More information about the pld-cvs-commit
mailing list