diff -Nru percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/changelog percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/changelog --- percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/changelog 2014-03-11 15:24:46.000000000 +0000 +++ percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/changelog 2014-03-18 17:19:00.000000000 +0000 @@ -1,3 +1,13 @@ +percona-xtradb-cluster-5.5 (5.5.34-25.9+dfsg-0ubuntu4) trusty; urgency=medium + + * d/p/CVE-2014-0001.patch: + - Fix buffer overflow in client/mysql.cc via a long server version string. + CVE-2014-0001 + * d/p/fix_standalone_tests.patch: Cherry pick patch from mysql-* packaging + to ensure that MySQL testsuite can be run from /usr/lib/mysql-testsuite. + + -- James Page Tue, 18 Mar 2014 17:18:58 +0000 + percona-xtradb-cluster-5.5 (5.5.34-25.9+dfsg-0ubuntu3) trusty; urgency=medium * d/p/70_mysql_va_list.patch: Cherry pick patch from mysql-5.5 to ensure that diff -Nru percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/CVE-2014-0001.patch percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/CVE-2014-0001.patch --- percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/CVE-2014-0001.patch 1970-01-01 00:00:00.000000000 +0000 +++ percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/CVE-2014-0001.patch 2014-03-16 16:35:29.000000000 +0000 @@ -0,0 +1,14 @@ +Description: Fix buffer overflow in client/mysql.cc via a long server version string. +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1054592 + +--- a/client/mysql.cc ++++ b/client/mysql.cc +@@ -1174,7 +1174,7 @@ int main(int argc,char *argv[]) + + put_info("Welcome to the MySQL monitor. Commands end with ; or \\g.", + INFO_INFO); +- sprintf((char*) glob_buffer.ptr(), ++ snprintf((char*) glob_buffer.ptr(), glob_buffer.alloced_length(), + "Your MySQL connection id is %lu\nServer version: %s\n", + mysql_thread_id(&mysql), server_version_string(&mysql)); + put_info((char*) glob_buffer.ptr(),INFO_INFO); diff -Nru percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/fix_standalone_tests.patch percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/fix_standalone_tests.patch --- percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/fix_standalone_tests.patch 1970-01-01 00:00:00.000000000 +0000 +++ percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/fix_standalone_tests.patch 2014-03-17 09:25:00.000000000 +0000 @@ -0,0 +1,17 @@ +From: Clint Byrum +Description: makes mtr look in the standard location from the + mysql-testsuite-5.5 package. +Forwarded: not-needed + +--- a/mysql-test/lib/mtr_cases.pm ++++ b/mysql-test/lib/mtr_cases.pm +@@ -287,7 +287,8 @@ sub collect_one_suite($) + else + { + $suitedir= my_find_dir($::basedir, +- ["share/mysql-test/suite", ++ ["lib/mysql-testsuite/suite", ++ "share/mysql-test/suite", + "mysql-test/suite", + "internal/mysql-test/suite", + "mysql-test", diff -Nru percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/series percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/series --- percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/series 2014-03-11 13:15:19.000000000 +0000 +++ percona-xtradb-cluster-5.5-5.5.34-25.9+dfsg/debian/patches/series 2014-03-17 09:23:18.000000000 +0000 @@ -6,3 +6,5 @@ 70_mysql_va_list.patch patch-sql_sql__yacc.yy fix-implicit-conversion.patch +CVE-2014-0001.patch +fix_standalone_tests.patch