From: Adam Osuchowski Date: Mon, 11 Jun 2012 16:37:30 +0000 (+0000) Subject: - added patch for CVE-2012-2122 X-Git-Tag: auto/th/mysql-5_5_21-3 X-Git-Url: https://git.pld-linux.org/?p=packages%2Fmysql.git;a=commitdiff_plain;h=a5c997ca05e20984bbaa5fa043534aa539150f86 - added patch for CVE-2012-2122 - rel 3; STBR Changed files: mysql-CVE-2012-2122.patch -> 1.1 mysql.spec -> 1.572 --- diff --git a/mysql-CVE-2012-2122.patch b/mysql-CVE-2012-2122.patch new file mode 100644 index 0000000..afca95e --- /dev/null +++ b/mysql-CVE-2012-2122.patch @@ -0,0 +1,11 @@ +--- mysql-5.5.21.orig/sql/password.c 2012-01-31 12:28:14.000000000 +0100 ++++ mysql-5.5.21/sql/password.c 2012-06-11 18:33:31.712820746 +0200 +@@ -531,7 +531,7 @@ + mysql_sha1_reset(&sha1_context); + mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE); + mysql_sha1_result(&sha1_context, hash_stage2_reassured); +- return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); ++ return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE)); + } + + diff --git a/mysql.spec b/mysql.spec index b0c36d7..617aab9 100644 --- a/mysql.spec +++ b/mysql.spec @@ -36,7 +36,7 @@ Summary(uk.UTF-8): MySQL - швидкий SQL-сервер Summary(zh_CN.UTF-8): MySQL数据库服务器 Name: mysql Version: 5.5.21 -Release: 2 +Release: 3 License: GPL + MySQL FLOSS Exception Group: Applications/Databases # Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads @@ -74,6 +74,7 @@ Patch18: %{name}-sphinx.patch Patch19: %{name}-chain-certs.patch # from fedora Patch20: %{name}-dubious-exports.patch +Patch21: %{name}-CVE-2012-2122.patch # Patch100: bug933969.patch Patch101: microsec_process.patch @@ -573,6 +574,7 @@ mv sphinx-*/mysqlse storage/sphinx %patch14 -p0 %patch19 -p1 %patch20 -p1 +%patch21 -p1 # %patch100 -p1 %patch101 -p1