databases/mysql* fix for mysqlbug.sh

Peter Pentchev roam at ringlet.net
Mon May 17 03:05:03 PDT 2004 

Hi,

What do you think about the attached patch, taken from the MySQL
BitKeeper repository, that fixes the mysqlbug.sh symlink vulnerability
announced back in March and brought up recently on -security?

This patch is for the mysql40-* ports, but the mysqlbug.sh script has
not changed in the 4.1 or 5.0 tree, so it should work with those ports,
too.  Of course, it's your call as maintainer to decide whether to
globally bump the PORTREVISION, or only bump it for the -client ports :)

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at sbnd.net    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain.

Index: ports/databases/mysql40-server/Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/mysql40-server/Makefile,v
retrieving revision 1.184
diff -u -r1.184 Makefile
--- ports/databases/mysql40-server/Makefile	14 Mar 2004 06:16:09 -0000	1.184
+++ ports/databases/mysql40-server/Makefile	17 May 2004 09:31:55 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME?=	mysql
 PORTVERSION=	4.0.18
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES=	databases
 MASTER_SITES=	ftp://planetmirror.com/pub/mysql/Downloads/MySQL-4.0/ \
 		http://www.softagency.co.jp/MySQL/Downloads/MySQL-4.0/ \
Index: ports/databases/mysql40-server/files/patch-scripts::mysqlbug.sh
===================================================================
RCS file: ports/databases/mysql40-server/files/patch-scripts::mysqlbug.sh
diff -N ports/databases/mysql40-server/files/patch-scripts::mysqlbug.sh
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ ports/databases/mysql40-server/files/patch-scripts::mysqlbug.sh	17 May 2004 09:30:32 -0000
@@ -0,0 +1,15 @@
+===== scripts/mysqlbug.sh 1.4 vs 1.4.1.1 =====
+--- scripts/mysqlbug.sh	Fri Jan 19 02:46:12 2001
++++ scripts/mysqlbug.sh	Wed Mar 24 21:27:05 2004
+@@ -252,9 +252,9 @@
+ if cmp -s $TEMP $TEMP.x
+ then
+   echo "File not changed, no bug report submitted."
+-  cp $TEMP /tmp/failed-mysql-bugreport
++  mv -f $TEMP /tmp/failed-mysql-bugreport
+   echo "The raw bug report exists in /tmp/failed-mysql-bugreport"
+-  echo "If you use this remember that the first lines of the report now is a lie.."
++  echo "If you use this remember that the first lines of the report are now a lie.."
+   exit 1
+ fi
+ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040517/327b2994/attachment.bin

More information about the freebsd-ports mailing list