rpms/mysqlclient10/devel mysql-buffer-warning.patch, NONE, 1.1 mysqlclient10.spec, 1.8, 1.9

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Dec 15 03:02:53 UTC 2005 

Author: tgl

Update of /cvs/dist/rpms/mysqlclient10/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8443

Modified Files:
	mysqlclient10.spec 
Added Files:
	mysql-buffer-warning.patch 
Log Message:
Silence buildsystem security warning (which is about code we're not even
shipping, but apparently maintainers no longer have any say in the matter).

mysql-buffer-warning.patch:
 isam/test3.c      |    2 +-
 myisam/mi_test3.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE mysql-buffer-warning.patch ---
This patch is fairly pointless since it fixes a one-byte overflow in test code
that no one will care about or execute in the real world, and in fact isn't
even shipped in mysqlclient10.  But must fix to get past our buildsystem
security checker.  Patch based on upstream fix; see versions of this patch
file in later mysql packages for more info.


diff -Naur mysql-3.23.58.orig/isam/test3.c mysql-3.23.58/isam/test3.c
--- mysql-3.23.58.orig/isam/test3.c	2003-09-11 07:49:21.000000000 -0400
+++ mysql-3.23.58/isam/test3.c	2005-12-14 21:53:59.000000000 -0500
@@ -357,7 +357,7 @@
   }
 
   sprintf(record.id,"%7d",getpid());
-  strmov(record.text,"Testing...");
+  strnmov(record.text,"Testing...", sizeof(record.text));
 
   tries=(uint) rnd(100)+10;
   for (i=count=0 ; i < tries ; i++)
diff -Naur mysql-3.23.58.orig/myisam/mi_test3.c mysql-3.23.58/myisam/mi_test3.c
--- mysql-3.23.58.orig/myisam/mi_test3.c	2003-09-11 07:49:19.000000000 -0400
+++ mysql-3.23.58/myisam/mi_test3.c	2005-12-14 21:54:30.000000000 -0500
@@ -359,7 +359,7 @@
   }
 
   sprintf(record.id,"%7d",getpid());
-  strmov(record.text,"Testing...");
+  strnmov(record.text,"Testing...", sizeof(record.text));
 
   tries=(uint) rnd(100)+10;
   for (i=count=0 ; i < tries ; i++)


Index: mysqlclient10.spec
===================================================================
RCS file: /cvs/dist/rpms/mysqlclient10/devel/mysqlclient10.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mysqlclient10.spec	15 Dec 2005 00:00:02 -0000	1.8
+++ mysqlclient10.spec	15 Dec 2005 03:02:46 -0000	1.9
@@ -15,6 +15,7 @@
 Patch8: mysql-3.23.58-config.patch
 Patch9: mysql-3.23.58-security.patch
 Patch10: mysql-no-atomic.patch
+Patch11: mysql-buffer-warning.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Prereq: /sbin/ldconfig, /sbin/install-info, grep,  fileutils, chkconfig
 BuildRequires: gperf, perl, readline-devel
@@ -56,6 +57,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 libtoolize --force
 aclocal
@@ -154,6 +156,7 @@
   put the original my_config.h into my_config_$ARCH.h
 - Add license info (COPYING, COPYING.LIB) to the shipped documentation
 - Add -fwrapv to CFLAGS so that gcc 4.1 doesn't break it
+- Add mysql-buffer-warning.patch to silence build system security warning
 
 * Fri Apr  8 2005 Tom Lane <tgl at redhat.com> 3.23.58-6
 - Avoid dependency on <asm/atomic.h>, cause it won't build anymore on ia64.

More information about the fedora-cvs-commits mailing list