feasibility of updating databases/mysql41-server?
Xin LI
delphij at delphij.net
Sat Sep 27 07:43:57 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Daugherity wrote:
> I still have a server running mysql 4.1.22, and it's marked as having the "MyISAM table privileges secuity [sic] bypass vulnerability". According to CVE-2008-2079 (linked from portaudit), this is fixed in 4.1.24.
>
> I was going to file a PR asking for an update to 4.1.24, but then I discovered that MySQL 4.1 is in the "extended support" phase where they aren't releasing tarballs any more (and of course no binaries). The source *is* still available, but it's in the bazaar repo (see: http://blogs.sun.com/datacharmer/entry/hidden_jevewls_in_mysql_bazaar ). This can be checked out and built, but having a build-dep of bzr is probably not wanted.
>
> Is it feasible (both license-wise and technically) to have a mirror of a 4.1.24 bzr checkout in tarball form somewhere, so the port can be built?
Yes, but for this case I think the more preferred way would be to obtain
the fix from repository and apply it in files/ as a patch. This makes
reviewing the code much easier.
Cheers,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkjd5C0ACgkQi+vbBBjt66CQ6wCbBYJAysE7YzcCaHwRyvcVfuya
GnMAnjAIHEgf5ABw2/57dmWnIy1I+ocn
=WZdp
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list