packages: mysql/mysql.spec, mysql/mysql-CVE-2012-2122.patch (NEW)=?UTF-8?Q?=20?=- added p...

adwol adwol at pld-linux.org
Mon Jun 11 18:37:35 CEST 2012 

Author: adwol                        Date: Mon Jun 11 16:37:35 2012 GMT
Module: packages                      Tag: HEAD
---- Log message:
- added patch for CVE-2012-2122
- rel 3; STBR

---- Files affected:
packages/mysql:
   mysql.spec (1.571 -> 1.572) , mysql-CVE-2012-2122.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/mysql/mysql.spec
diff -u packages/mysql/mysql.spec:1.571 packages/mysql/mysql.spec:1.572
--- packages/mysql/mysql.spec:1.571	Fri Apr 27 15:00:48 2012
+++ packages/mysql/mysql.spec	Mon Jun 11 18:37:30 2012
@@ -37,7 +37,7 @@
 Summary(zh_CN.UTF-8):	MySQL数据库服务器
 Name:		mysql
 Version:	5.5.21
-Release:	2
+Release:	3
 License:	GPL + MySQL FLOSS Exception
 Group:		Applications/Databases
 # Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -75,6 +75,7 @@
 Patch19:	%{name}-chain-certs.patch
 # from fedora
 Patch20:	%{name}-dubious-exports.patch
+Patch21:	%{name}-CVE-2012-2122.patch
 # <percona patches, updated with percona.sh>
 Patch100:	bug933969.patch
 Patch101:	microsec_process.patch
@@ -574,6 +575,7 @@
 %patch14 -p0
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 # <percona %patches>
 %patch100 -p1
 %patch101 -p1
@@ -1271,6 +1273,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.572  2012/06/11 16:37:30  adwol
+- added patch for CVE-2012-2122
+- rel 3; STBR
+
 Revision 1.571  2012/04/27 13:00:48  arekm
 - rel 2; patches updated
 

================================================================
Index: packages/mysql/mysql-CVE-2012-2122.patch
diff -u /dev/null packages/mysql/mysql-CVE-2012-2122.patch:1.1
--- /dev/null	Mon Jun 11 18:37:35 2012
+++ packages/mysql/mysql-CVE-2012-2122.patch	Mon Jun 11 18:37:30 2012
@@ -0,0 +1,11 @@
+--- mysql-5.5.21.orig/sql/password.c	2012-01-31 12:28:14.000000000 +0100
++++ mysql-5.5.21/sql/password.c	2012-06-11 18:33:31.712820746 +0200
+@@ -531,7 +531,7 @@
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
+ }
+ 
+ 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/packages/mysql/mysql.spec?r1=1.571&r2=1.572

More information about the pld-cvs-commit mailing list