From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-451501-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SLh0w-0000bF-Dt
	for garchives@archives.gentoo.org; Sat, 21 Apr 2012 20:34:38 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A6761E0AC4;
	Sat, 21 Apr 2012 20:34:26 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6A3D1E087D
	for <gentoo-commits@lists.gentoo.org>; Sat, 21 Apr 2012 20:34:26 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 9E46B1B40E4
	for <gentoo-commits@lists.gentoo.org>; Sat, 21 Apr 2012 20:34:25 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 68031E5403
	for <gentoo-commits@lists.gentoo.org>; Sat, 21 Apr 2012 20:34:24 +0000 (UTC)
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" <robbat2@gentoo.org>
Message-ID: <1335038606.7aa54c7d20620cbceeed24a65723d7d1c5a60bc4.robbat2@gentoo>
Subject: [gentoo-commits] proj/mysql-extras:master commit in: /
X-VCS-Repository: proj/mysql-extras
X-VCS-Files: 00000_index.txt 07342_all_mysql_auth_bypass-5.1.62.patch 07342_all_mysql_auth_bypass-5.5.22.patch
X-VCS-Directories: /
X-VCS-Committer: robbat2
X-VCS-Committer-Name: Robin H. Johnson
X-VCS-Revision: 7aa54c7d20620cbceeed24a65723d7d1c5a60bc4
X-VCS-Branch: master
Date: Sat, 21 Apr 2012 20:34:24 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 901ae9d0-7b80-4445-a1e4-79dc507134b7
X-Archives-Hash: b1104312748dd77bcc5c1a6750149e9c

commit:     7aa54c7d20620cbceeed24a65723d7d1c5a60bc4
Author:     Robin H. Johnson <robbat2 <AT> orbis-terrarum <DOT> net>
AuthorDate: Sat Apr 21 19:54:41 2012 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Apr 21 20:03:26 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/mysql-extras.=
git;a=3Dcommit;h=3D7aa54c7d

Fix auth bypass discovered by MontyProgram, already fix in last week's Ma=
riaDB releases.

---
 00000_index.txt                          |   10 ++++++++++
 07342_all_mysql_auth_bypass-5.1.62.patch |   29 ++++++++++++++++++++++++=
+++++
 07342_all_mysql_auth_bypass-5.5.22.patch |   17 +++++++++++++++++
 3 files changed, 56 insertions(+), 0 deletions(-)

diff --git a/00000_index.txt b/00000_index.txt
index d5cd020..bafb35f 100644
--- a/00000_index.txt
+++ b/00000_index.txt
@@ -767,6 +767,16 @@
 @pn mariadb
 @@ Gentoo Bug #344031: Fix new TEXTRELs
=20
+@patch 07342_all_mysql_auth_bypass-5.1.62.patch
+@ver 5.01.62.00 to 5.01.62.99
+@pn mysql
+@@ Upstream bug #64884: auth bypass
+
+@patch 07342_all_mysql_auth_bypass-5.5.22.patch
+@ver 5.05.22.00 to 5.05.22.99
+@pn mysql
+@@ Upstream bug #64884: auth bypass
+
 @patch 10010_all_show_patches-percona-5.0.75-b12.patch
 @ver 5.00.75.00 to 5.00.76.99
 @pn mysql-community

diff --git a/07342_all_mysql_auth_bypass-5.1.62.patch b/07342_all_mysql_a=
uth_bypass-5.1.62.patch
new file mode 100644
index 0000000..63cecf1
--- /dev/null
+++ b/07342_all_mysql_auth_bypass-5.1.62.patch
@@ -0,0 +1,29 @@
+Security bug http://bugs.mysql.com/bug.php?id=3D64884
+Already fixed in MariaDB 5.1.62+/5.5.23+
+
+Depends on the result of check_scramble being cast to char directly.
+
+diff -Nuar mysql.orig/libmysql/password.c mysql/libmysql/password.c
+--- mysql.orig/libmysql/password.c	2012-04-21 10:58:15.485424022 -0700
++++ mysql/libmysql/password.c	2012-04-21 10:57:34.077773190 -0700
+@@ -531,7 +531,7 @@
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE=
));
+ }
+=20
+=20
+diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c
+--- mysql.orig/sql/password.c	2012-04-21 10:58:18.941478337 -0700
++++ mysql/sql/password.c	2012-04-21 10:57:50.318028470 -0700
+@@ -531,7 +531,7 @@
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE=
));
+ }
+=20
+=20

diff --git a/07342_all_mysql_auth_bypass-5.5.22.patch b/07342_all_mysql_a=
uth_bypass-5.5.22.patch
new file mode 100644
index 0000000..84e306a
--- /dev/null
+++ b/07342_all_mysql_auth_bypass-5.5.22.patch
@@ -0,0 +1,17 @@
+Security bug http://bugs.mysql.com/bug.php?id=3D64884
+Already fixed in MariaDB 5.1.62+/5.5.23+
+
+Depends on the result of check_scramble being cast to char directly.
+
+diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c
+--- mysql.orig/sql/password.c	2012-03-02 11:44:47.000000000 -0800
++++ mysql/sql/password.c	2012-04-21 10:59:39.502744613 -0700
+@@ -531,7 +531,7 @@
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE=
));
+ }
+=20
+=20