From eb6025b18f7f2c15019efbf57972e6937fe33401 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Jan 30 2014 17:18:10 +0000 Subject: Fix for CVE-2014-0001 Resolves: #1059545 --- diff --git a/community-mysql-rhbz1059545.patch b/community-mysql-rhbz1059545.patch new file mode 100644 index 0000000..ece8ef1 --- /dev/null +++ b/community-mysql-rhbz1059545.patch @@ -0,0 +1,17 @@ +Unsifficient limit check aims to security issue. + +MariaDB upstream fix: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 +RHBZ#1059545 + +diff -up mysql-5.6.15/client/mysql.cc.bz1059545 mysql-5.6.15/client/mysql.cc +--- mysql-5.6.15/client/mysql.cc.bz1059545 2014-01-30 18:09:47.209588217 +0100 ++++ mysql-5.6.15/client/mysql.cc 2014-01-30 18:09:59.016581192 +0100 +@@ -1315,7 +1315,7 @@ int main(int argc,char *argv[]) + + put_info("Welcome to the MySQL monitor. Commands end with ; or \\g.", + INFO_INFO); +- sprintf((char*) glob_buffer.ptr(), ++ my_snprintf((char*) glob_buffer.ptr(), glob_buffer.alloced_length(), + "Your MySQL connection id is %lu\nServer version: %s\n", + mysql_thread_id(&mysql), server_version_string(&mysql)); + put_info((char*) glob_buffer.ptr(),INFO_INFO); diff --git a/community-mysql.spec b/community-mysql.spec index 9ae0879..1374c0b 100644 --- a/community-mysql.spec +++ b/community-mysql.spec @@ -1,6 +1,6 @@ Name: community-mysql Version: 5.5.35 -Release: 1%{?dist} +Release: 2%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases @@ -61,6 +61,7 @@ Patch27: community-mysql-innodbwarn.patch Patch28: community-mysql-covscan-signexpr.patch Patch29: community-mysql-covscan-stroverflow.patch Patch30: community-mysql-pluginerrmsg.patch +Patch31: community-mysql-rhbz1059545.patch BuildRequires: perl, readline-devel, openssl-devel BuildRequires: cmake, ncurses-devel, zlib-devel, libaio-devel @@ -250,6 +251,7 @@ the MySQL sources. %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 # workaround for upstream bug #56342 rm -f mysql-test/t/ssl_8k_key-master.opt @@ -724,6 +726,10 @@ rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/solaris/postinstall-solaris %{_mandir}/man1/mysql_client_test.1* %changelog +* Thu Jan 30 2014 Honza Horak 5.5.35-2 + Fix for CVE-2014-0001 + Resolves: #1059545 + * Mon Dec 9 2013 Honza Horak 5.5.35-1 - Update to MySQL 5.5.35, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html