From owner-freebsd-ports@FreeBSD.ORG  Wed Sep 24 18:14:43 2008
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5FDEA106564A
	for <freebsd-ports@freebsd.org>; Wed, 24 Sep 2008 18:14:43 +0000 (UTC)
	(envelope-from adaugherity@tamu.edu)
Received: from vpr-mailsrv1.tamu.edu (vpr-mailsrv1.tamu.edu [165.91.114.160])
	by mx1.freebsd.org (Postfix) with ESMTP id 3A30D8FC20
	for <freebsd-ports@freebsd.org>; Wed, 24 Sep 2008 18:14:43 +0000 (UTC)
	(envelope-from adaugherity@tamu.edu)
Received: from vpr-groupwise-domain-MTA by vpr-mailsrv1.tamu.edu
	with Novell_GroupWise; Wed, 24 Sep 2008 12:54:09 -0500
Message-Id: <48DA385B.2389.00F2.0@vprmail.tamu.edu>
X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP
Date: Wed, 24 Sep 2008 12:53:47 -0500
From: "Andrew Daugherity" <adaugherity@tamu.edu>
To: <freebsd-ports@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: feasibility of updating databases/mysql41-server?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2008 18:14:43 -0000

I still have a server running mysql 4.1.22, and it's marked as having the =
"MyISAM table privileges secuity [sic] bypass vulnerability".  According =
to CVE-2008-2079 (linked from portaudit), this is fixed in 4.1.24.

I was going to file a PR asking for an update to 4.1.24, but then I =
discovered that MySQL 4.1 is in the "extended support" phase where they =
aren't releasing tarballs any more (and of course no binaries).  The =
source *is* still available, but it's in the bazaar repo (see: http://blogs=
.sun.com/datacharmer/entry/hidden_jevewls_in_mysql_bazaar ).  This can be =
checked out and built, but having a build-dep of bzr is probably not =
wanted.

Is it feasible (both license-wise and technically) to have a mirror of  a =
4.1.24 bzr checkout in tarball form somewhere, so the port can be built?


Thanks,

Andrew