[community-mysql/f19] Fix for CVE-2014-0001 Resolves: #1059545
Honza Horak
hhorak at fedoraproject.org
Thu Jan 30 17:19:01 UTC 2014
commit 55ff01290afbca04cfe6792de71d3ced475bb6e4
Author: Honza Horak <hhorak at redhat.com>
Date: Thu Jan 30 18:14:42 2014 +0100
Fix for CVE-2014-0001
Resolves: #1059545
community-mysql-rhbz1059545.patch | 17 +++++++++++++++++
community-mysql.spec | 8 +++++++-
2 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/community-mysql-rhbz1059545.patch b/community-mysql-rhbz1059545.patch
new file mode 100644
index 0000000..ece8ef1
--- /dev/null
+++ b/community-mysql-rhbz1059545.patch
@@ -0,0 +1,17 @@
+Unsifficient limit check aims to security issue.
+
+MariaDB upstream fix: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
+RHBZ#1059545
+
+diff -up mysql-5.6.15/client/mysql.cc.bz1059545 mysql-5.6.15/client/mysql.cc
+--- mysql-5.6.15/client/mysql.cc.bz1059545 2014-01-30 18:09:47.209588217 +0100
++++ mysql-5.6.15/client/mysql.cc 2014-01-30 18:09:59.016581192 +0100
+@@ -1315,7 +1315,7 @@ int main(int argc,char *argv[])
+
+ put_info("Welcome to the MySQL monitor. Commands end with ; or \\g.",
+ INFO_INFO);
+- sprintf((char*) glob_buffer.ptr(),
++ my_snprintf((char*) glob_buffer.ptr(), glob_buffer.alloced_length(),
+ "Your MySQL connection id is %lu\nServer version: %s\n",
+ mysql_thread_id(&mysql), server_version_string(&mysql));
+ put_info((char*) glob_buffer.ptr(),INFO_INFO);
diff --git a/community-mysql.spec b/community-mysql.spec
index c21391b..1b72ee1 100644
--- a/community-mysql.spec
+++ b/community-mysql.spec
@@ -1,6 +1,6 @@
Name: community-mysql
Version: 5.5.35
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
@@ -61,6 +61,7 @@ Patch27: community-mysql-innodbwarn.patch
Patch28: community-mysql-covscan-signexpr.patch
Patch29: community-mysql-covscan-stroverflow.patch
Patch30: community-mysql-pluginerrmsg.patch
+Patch31: community-mysql-rhbz1059545.patch
BuildRequires: perl, readline-devel, openssl-devel
BuildRequires: cmake, ncurses-devel, zlib-devel, libaio-devel
@@ -250,6 +251,7 @@ the MySQL sources.
%patch28 -p1
%patch29 -p1
%patch30 -p1
+%patch31 -p1
# workaround for upstream bug #56342
rm -f mysql-test/t/ssl_8k_key-master.opt
@@ -724,6 +726,10 @@ rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/solaris/postinstall-solaris
%{_mandir}/man1/mysql_client_test.1*
%changelog
+* Thu Jan 30 2014 Honza Horak <hhorak at redhat.com> 5.5.35-2
+ Fix for CVE-2014-0001
+ Resolves: #1059545
+
* Mon Dec 9 2013 Honza Horak <hhorak at redhat.com> 5.5.35-1
- Update to MySQL 5.5.35, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
More information about the scm-commits
mailing list