Date: Sat, 27 Sep 2008 00:43:41 -0700 From: Xin LI <delphij@delphij.net> To: Andrew Daugherity <adaugherity@tamu.edu> Cc: freebsd-ports@freebsd.org Subject: Re: feasibility of updating databases/mysql41-server? Message-ID: <48DDE42D.3050006@delphij.net> In-Reply-To: <48DA385B.2389.00F2.0@vprmail.tamu.edu> References: <48DA385B.2389.00F2.0@vprmail.tamu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Daugherity wrote: > I still have a server running mysql 4.1.22, and it's marked as having the "MyISAM table privileges secuity [sic] bypass vulnerability". According to CVE-2008-2079 (linked from portaudit), this is fixed in 4.1.24. > > I was going to file a PR asking for an update to 4.1.24, but then I discovered that MySQL 4.1 is in the "extended support" phase where they aren't releasing tarballs any more (and of course no binaries). The source *is* still available, but it's in the bazaar repo (see: http://blogs.sun.com/datacharmer/entry/hidden_jevewls_in_mysql_bazaar ). This can be checked out and built, but having a build-dep of bzr is probably not wanted. > > Is it feasible (both license-wise and technically) to have a mirror of a 4.1.24 bzr checkout in tarball form somewhere, so the port can be built? Yes, but for this case I think the more preferred way would be to obtain the fix from repository and apply it in files/ as a patch. This makes reviewing the code much easier. Cheers, -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjd5C0ACgkQi+vbBBjt66CQ6wCbBYJAysE7YzcCaHwRyvcVfuya GnMAnjAIHEgf5ABw2/57dmWnIy1I+ocn =WZdp -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48DDE42D.3050006>