Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the stack, which could lead to remote server compromise. http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html
mysql, please provide fixed ebuilds, thank you http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
ok, Falco pointed me to another issue: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00040.html please dont forget to supply new ebuilds soon, thanks in advance
It will be out later today, at : svn co http://svn.gnqs.org/svn/gentoo-mysql-overlay/experimental experimental an overlay for the impatients
Added to Portage 4.1.19 and 5.0.21 that fix this issue, 4.0.27 and 5.1.10 will be added as soon as upstream has them ready. @arch-teams: please stabilize dev-db/mysql-4.1.19, thanks! Best regards, CHTEKK.
(In reply to comment #4) > @arch-teams: please stabilize dev-db/mysql-4.1.19, thanks! `emerge =dev-db/mysql-4.1.19` with FEATURES="test" fails on amd64 on test 'rpl000015': rpl000015 [ fail ] Errors are (from /var/tmp/portage/mysql-4.1.19/work/mysql/mysql-test/var/log/mys qltest-time) : mysqltest: Result length mismatch (the last lines may be the most important ones) Below are the diffs between actual and expected results: ------------------------------------------------------- *** r/rpl000015.result Sat Apr 29 09:03:57 2006 --- r/rpl000015.reject Fri May 5 23:04:04 2006 *************** *** 8,14 **** change master to master_host='127.0.0.1'; show slave status; Slave_IO_State Master_Host Master_User Master_Port Connect_ Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos R elay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicat e_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table R eplicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Err or Skip_Counter Exec_Master_Log_Pos Relay_Log_Space Until_ConditionU ntil_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File M aster_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key S econds_Behind_Master ! # 127.0.0.1 test MASTER_PORT 7 4 slave-re lay-bin.000001 4 No No N one 0 No # change master to master_host='127.0.0.1',master_user='root', master_password='',master_port=MASTER_PORT; show slave status; --- 8,14 ---- change master to master_host='127.0.0.1'; show slave status; Slave_IO_State Master_Host Master_User Master_Port Connect_ Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos R elay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicat e_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table R eplicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Err or Skip_Counter Exec_Master_Log_Pos Relay_Log_Space Until_ConditionU ntil_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File M aster_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key S econds_Behind_Master ! # 127.0.0.1 test 3306 7 4 slave-relay-bin. 000001 4 No No N one 0 No # change master to master_host='127.0.0.1',master_user='root', master_password='',master_port=MASTER_PORT; show slave status; ------------------------------------------------------- # emerge --info Portage 2.0.54 (default-linux/amd64/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.15-gentoo-r7 x86_64) ================================================================= System uname: 2.6.15-gentoo-r7 x86_64 AMD Turion(tm) 64 Mobile Technology ML-32 Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib64/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig cvs distlocks multilib-strict sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.mirrored.ca/ http://adelie.polymtl.ca/ http://gentoo.osuosl.org/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="amd64 X aac acpi aim alsa audacious audiofile avi berkdb bitmap-fonts browserplugin bzip2 cdr cli crypt cups curl dbus dri eds emboss encode esd exif expat fam flac foomaticdb gd gdbm gif glut gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal icq idn imlib ipv6 isdnlog jabber java jpeg kde lcms libwww lua lzw lzw-tiff mad mikmod mng mono mozilla moznocompose moznoirc moznomail mp3 mpeg msn ncurses nls nocd nptl nptlonly nsplugin offensive ogg oggvorbis openal opengl oscar pam pcre pdflib perl png pppd python qt quicktime readline reflection sdl session shorten sndfile spell spl ssl symlink tcpd tetex tiff truetype truetype-fonts type1-fonts udev usb userlocales vorbis wxgtk1 xml2 xmms xorg xpm xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
x86 done
All tests passed on alpha. dev-db/mysql-4.1.19 stable on alpha.
The tests should all pass without problems, a problem I can see is the patchset, we revamped how patches are integrated in MySQL, so *please* make sure to also update your eclass/ directory in your CVS checkout, else it will download the wrong stuff and break all digests, thanks! Best regards, CHTEKK.
stable on ppc64
(In reply to comment #8) > The tests should all pass without problems I did an `emerge --sync` and tried again. All 311 tests were successful and it works well when I test it. amd64 stable.
And on the SPARCeth day, there was a SPARC keyword, and it was good.
rpl000015 [ fail ] Errors are (from /var/tmp/portage/mysql-4.1.19/work/mysql/mysql-test/var/log/mysqltest-time) : mysqltest: Result length mismatch (the last lines may be the most important ones) Below are the diffs between actual and expected results: ------------------------------------------------------- *** r/rpl000015.result Sat Apr 29 09:03:57 2006 --- r/rpl000015.reject Sun May 7 09:32:44 2006 *************** *** 8,14 **** change master to master_host='127.0.0.1'; show slave status; Slave_IO_State Master_Host Master_User Master_Port Connect_Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos Relay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicate_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table Replicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Error Skip_CounterExec_Master_Log_Pos Relay_Log_Space Until_Condition Until_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File Master_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key Seconds_Behind_Master ! # 127.0.0.1 test MASTER_PORT 7 4 slave-relay-bin.000001 4 No No 00 0 4 None 0 No # change master to master_host='127.0.0.1',master_user='root', master_password='',master_port=MASTER_PORT; show slave status; --- 8,14 ---- change master to master_host='127.0.0.1'; show slave status; Slave_IO_State Master_Host Master_User Master_Port Connect_Retry Master_Log_File Read_Master_Log_Pos Relay_Log_File Relay_Log_Pos Relay_Master_Log_File Slave_IO_Running Slave_SQL_Running Replicate_Do_DB Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table Replicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno Last_Error Skip_CounterExec_Master_Log_Pos Relay_Log_Space Until_Condition Until_Log_File Until_Log_Pos Master_SSL_Allowed Master_SSL_CA_File Master_SSL_CA_Path Master_SSL_Cert Master_SSL_Cipher Master_SSL_Key Seconds_Behind_Master ! # 127.0.0.1 test 3306 7 4 slave-relay-bin.000001 4 No No 00 0 4 None 0 No # change master to master_host='127.0.0.1',master_user='root', master_password='',master_port=MASTER_PORT; show slave status; ------------------------------------------------------- same as with tcort. I did a full cvs checkout of the entire directory about 10 minutes ago as well. [ebuild U ] dev-db/mysql-4.1.19 [4.1.14-r1] USE="berkdb perl ssl -big-tables -cluster -debug -embedded -extraengine -minimal -raid -srvdir -static" 0 kB [1] chris@tsubasa /usr/local/portage $ emerge --info Portage 2.1_pre10-r2 (default-linux/ppc/ppc32/2006.0/G4, gcc-3.4.5, glibc-2.3.5-r3, 2.6.15-gentoo-r1 ppc) ================================================================= System uname: 2.6.15-gentoo-r1 ppc 7447/7457, altivec supported Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="ppc" AUTOCLEAN="yes" CBUILD="powerpc-unknown-linux-gnu" CFLAGS="-O2 -maltivec -mcpu=G4 -mabi=altivec -pipe" CHOST="powerpc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -maltivec -mcpu=G4 -mabi=altivec -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig collision-protect cvs distclean distlocks fixpackages metadata-transfer nostrip sandbox sfperms sign splitdebug strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/gentoo-x86" SYNC="rsync://192.168.0.100/gentoo-portage" USE="ppc acl alsa altivec apache2 apm berkdb bitmap-fonts bonobo cdr cli crypt cups dri dvd eds emboss encode esd fam foomaticdb fortran gdbm gif gnome gpm gstreamer gtk2 gtkhtml imlib isdnlog jpeg kde ldap libg++ libwww mad mikmod motif mozilla mp3 mpeg mysql ncurses nls nptl nptlonly ogg opengl pam pcre pdflib perl png postgres pppd python quicktime readline reflection ruby session spell spl ssl tcpd truetype truetype-fonts type1-fonts udev unicode userlocales vorbis xml xmms xorg xv zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
stable on hppa
addiction to c#12 The problem arise in MASTER_PORT _not_ being converted to "3306" (or it's value) for some reason. I do strongly suspect this is not a problem of the test itself but of the mysql-test/mysql-test-run.{choose,your} used. __OR__ in the <code>sed -i -e "s|PORT=3306|PORT=3307|g" mysql-test-run</code> in the ebuild function src_test(), yes there is a reason why src_test() is the only fx not moved to the eclass ;)
KillerFox: Please update your eclass/ dir next time too. ;) ChrisWhite, tcort: that test is known to fail and I fixed it in the current MySQL verions, please make sure the 700_all_rpl000015* patch gets applied when you emerge dev-db/mysql-4.1.19, it always worked then... Best regards, CHTEKK.
Works for me on ppc, marked stable.
Just to clear it up for me: was this fixed in 4.0.26-r1 already?
Ready for GLSA
GLSA 200605-13 arm, ia64, s390, sh don't forget to mark stable to benefit from the GLSA.
MySQL 4.0.27 was just added to the tree, it passes all the tests and fixes the mentioned security vulnerabilities in the MySQL 4.0.X tree. As 4.0.X is stable on Gentoo and still used by a lot of people, please stable it @ arch-teams, thanks! And please make sure to update your eclass/ directory this time. ;) Best regards, CHTEKK.
4.0.27 stable on x86
4.0.27 stable on amd64.
4.0.27 stable on alpha.
SPARC'd
ppc stable
ppc64 please test and mark stable.
well... mysql-4.0.* fails on some of my PPC64 test systems with this error message: error: Could not find the right ps switches. Which OS is this ?. See the Installation chapter in the Reference Manual. But as the stable version (4.0.25-r2) also fails on some (the same systems 4.0.27 fails on) I've marked 4.0.27 stable on PPC64. Will handle the error in a seperate bug. Sorry for being late...
Maybe do a GLSA update together with bug 133354
GLSA 200605-13 updated and reissued. arm, ia64, mips, s390 and sh please don't forget to mark stable to benefit from the GLSA.
4.1.21 stable on mips.
