Hello, ocan-mysql is using a vulnerable version off shtool. ocaml-mysql-1.0.3/etc/shtool Regards.
Romang, did you contact upstream for this ? Or do you wait on shtool devs ?
Hello, If shtool is corrected then we can contact upstream ? What did you think about. Regards.
I would say we should forward them the same fix tigger wrote for shtool.
Eric, did you forward upstream the fix yet ? ml herd: please patch the included shtool with the fix from bug 93782
Hello, Yes upstream is informed. Regards.
Hmm we should wait for a more complete patch. Stay tuned...
I'm waiting...
(In reply to comment #7) > I'm waiting... please use attachment 60117 [details, diff]
Should be fixed in CVS now.
Thx Matthieu. We'll close this when the GLSA will be out.
GLSA 200506-08
This new patch fails on my system: >>> Source unpacked. * Applying ocaml-mysql-1.0.3-head.patch ... [ ok ] * Applying ocaml-mysql-1.0.3-shtool.patch ... * Failed Patch: ocaml-mysql-1.0.3-shtool.patch ! * ( /usr/portage/dev-ml/ocaml-mysql/files/ocaml-mysql-1.0.3-shtool.patch ) * * Include in your bugreport the contents of: * * /var/tmp/portage/ocaml-mysql-1.0.3-r1/temp/ocaml-mysql-1.0.3-shtool.patch-13375.out !!! ERROR: dev-ml/ocaml-mysql-1.0.3-r1 failed. !!! Function epatch, Line 359, Exitcode 0 !!! Failed Patch: ocaml-mysql-1.0.3-shtool.patch! !!! If you need support, post the topmost build error, NOT this status message. Exit 1 sh.common doesn't exist: ls -al /var/tmp/portage/ocaml-mysql-1.0.3-r1/work/ocaml-mysql-1.0.3/ total 273 drwxr-xr-x 4 root root 616 Jan 27 2004 . drwx------ 3 root root 88 Aug 1 11:51 .. -rw-r--r-- 1 root root 1931 Jan 27 2004 .ocmysql.prcs_aux -rw-r--r-- 1 root root 3065 Jan 27 2004 CHANGES -rw-r--r-- 1 root root 26536 Jan 27 2004 COPYING -rw-r--r-- 1 root root 138 Jan 27 2004 META -rw-r--r-- 1 root root 142 Jan 27 2004 META.in -rw-r--r-- 1 root root 124 Jan 27 2004 Makefile.conf -rw-r--r-- 1 root root 410 Jan 27 2004 Makefile.in -rw-r--r-- 1 root root 23881 Jan 27 2004 OCamlMakefile -rw-r--r-- 1 root root 3139 Jan 27 2004 README -rw-r--r-- 1 root root 50 Jan 27 2004 VERSION -rwxr-xr-x 1 root root 113197 Jan 27 2004 configure -rw-r--r-- 1 root root 1686 Jan 27 2004 configure.in -rw-r--r-- 1 root root 1692 Jan 27 2004 demo.ml drwxr-xr-x 3 root root 72 Jan 27 2004 doc drwxr-xr-x 2 root root 216 Aug 1 11:51 etc -rwxr-xr-x 1 root root 5598 Jan 27 2004 install-sh -rw-r--r-- 1 root root 22689 Jan 27 2004 mysql.ml -rw-r--r-- 1 root root 15094 Jan 27 2004 mysql.mli -rw-r--r-- 1 root root 14498 Jan 27 2004 mysql_stubs.c -rw-r--r-- 1 root root 2583 Jan 27 2004 ocmysql.prj Which file was that patch supposed to be applied to?
I can confirm it's broken. It's not a security bug though, so you should open a new bug (critical/blocker) saying ocaml_mysql stable can't be emerged currently. You can assign it to mattam@gentoo.org and/or the ml@gentoo.org herd.