Update to mysql version 5.0.51a

This commit is contained in:
Tom Lane 2008-03-04 02:46:54 +00:00 committed by Michal Schorm
parent 1986462cd1
commit 20564e52c0
6 changed files with 84 additions and 242 deletions

View File

@ -1 +1 @@
mysql-5.0.45.tar.gz
mysql-5.0.51a.tar.gz

View File

@ -1,75 +0,0 @@
Back-port upstream fix for CVE-2007-5969.
diff -Naur mysql-5.0.45.orig/mysql-test/r/symlink.result mysql-5.0.45/mysql-test/r/symlink.result
--- mysql-5.0.45.orig/mysql-test/r/symlink.result 2007-07-04 09:49:09.000000000 -0400
+++ mysql-5.0.45/mysql-test/r/symlink.result 2007-12-13 12:28:59.000000000 -0500
@@ -99,6 +99,12 @@
`b` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/master-data/mysql'
+INDEX DIRECTORY='TEST_DIR/master-data/mysql';
+RENAME TABLE t1 TO user;
+ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
+DROP TABLE t1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
diff -Naur mysql-5.0.45.orig/mysql-test/t/symlink.test mysql-5.0.45/mysql-test/t/symlink.test
--- mysql-5.0.45.orig/mysql-test/t/symlink.test 2007-07-04 09:49:09.000000000 -0400
+++ mysql-5.0.45/mysql-test/t/symlink.test 2007-12-13 12:28:59.000000000 -0500
@@ -125,6 +125,18 @@
drop table t1;
#
+# BUG#32111 <http://bugs.mysql.com/32111> - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
+#
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1
+RENAME TABLE t1 TO user;
+DROP TABLE t1;
+
+#
# Test specifying DATA DIRECTORY that is the same as what would normally
# have been chosen. (Bug #8707)
#
diff -Naur mysql-5.0.45.orig/mysys/my_symlink2.c mysql-5.0.45/mysys/my_symlink2.c
--- mysql-5.0.45.orig/mysys/my_symlink2.c 2007-07-04 09:06:25.000000000 -0400
+++ mysql-5.0.45/mysys/my_symlink2.c 2007-12-13 12:28:59.000000000 -0500
@@ -124,6 +124,7 @@
int was_symlink= (!my_disable_symlinks &&
!my_readlink(link_name, from, MYF(0)));
int result=0;
+ int name_is_different;
DBUG_ENTER("my_rename_with_symlink");
if (!was_symlink)
@@ -132,6 +133,14 @@
/* Change filename that symlink pointed to */
strmov(tmp_name, to);
fn_same(tmp_name,link_name,1); /* Copy dir */
+ name_is_different= strcmp(link_name, tmp_name);
+ if (name_is_different && !access(tmp_name, F_OK))
+ {
+ my_errno= EEXIST;
+ if (MyFlags & MY_WME)
+ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST);
+ DBUG_RETURN(1);
+ }
/* Create new symlink */
if (my_symlink(tmp_name, to, MyFlags))
@@ -143,7 +152,7 @@
the same basename and different directories.
*/
- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags))
+ if (name_is_different && my_rename(link_name, tmp_name, MyFlags))
{
int save_errno=my_errno;
my_delete(to, MyFlags); /* Remove created symlink */

75
mysql-ssl.patch Normal file
View File

@ -0,0 +1,75 @@
Repair 5.0.50 SSL breakage, per upstream bug
http://bugs.mysql.com/bug.php?id=33050
diff -Naur mysql-5.0.54a.orig/vio/viossl.c mysql-5.0.54a/vio/viossl.c
--- mysql-5.0.54a.orig/vio/viossl.c 2008-01-11 09:08:38.000000000 -0500
+++ mysql-5.0.54a/vio/viossl.c 2008-02-12 15:30:42.000000000 -0500
@@ -172,20 +172,15 @@
vio_delete(vio);
}
-int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
-{
- DBUG_ENTER("sslaccept");
- DBUG_RETURN(sslconnect(ptr, vio, timeout));
-}
-
-int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
+ int (*connect_accept_func)(SSL*))
{
SSL *ssl;
my_bool unused;
my_bool was_blocking;
- DBUG_ENTER("sslconnect");
+ DBUG_ENTER("ssl_do");
DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
(long) ptr, vio->sd, (long) ptr->ssl_context));
@@ -204,13 +199,9 @@
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
- /*
- SSL_do_handshake will select between SSL_connect
- or SSL_accept depending on server or client side
- */
- if (SSL_do_handshake(ssl) < 1)
+ if (connect_accept_func(ssl) < 1)
{
- DBUG_PRINT("error", ("SSL_do_handshake failure"));
+ DBUG_PRINT("error", ("SSL_connect/accept failure"));
report_errors(ssl);
SSL_free(ssl);
vio_blocking(vio, was_blocking, &unused);
@@ -259,6 +250,20 @@
}
+int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+{
+ DBUG_ENTER("sslaccept");
+ DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept));
+}
+
+
+int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+{
+ DBUG_ENTER("sslconnect");
+ DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect));
+}
+
+
int vio_ssl_blocking(Vio *vio __attribute__((unused)),
my_bool set_blocking_mode,
my_bool *old_mode)
@@ -269,4 +274,6 @@
return (set_blocking_mode ? 0 : 1);
}
+
+
#endif /* HAVE_OPENSSL */

View File

@ -1,160 +0,0 @@
Back-port upstream fix for CVE-2007-6303.
diff -Naur mysql-5.0.45.orig/mysql-test/r/view_grant.result mysql-5.0.45/mysql-test/r/view_grant.result
--- mysql-5.0.45.orig/mysql-test/r/view_grant.result 2007-07-04 09:49:09.000000000 -0400
+++ mysql-5.0.45/mysql-test/r/view_grant.result 2007-12-13 14:20:02.000000000 -0500
@@ -776,15 +776,60 @@
GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
GRANT SELECT ON db26813.t1 TO u26813@localhost;
ALTER VIEW v1 AS SELECT f2 FROM t1;
-ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
ALTER VIEW v2 AS SELECT f2 FROM t1;
-ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
ALTER VIEW v3 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
SHOW CREATE VIEW v3;
View Create View
-v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
+v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1`
DROP USER u26813@localhost;
DROP DATABASE db26813;
+#
+# Bug#29908: A user can gain additional access through the ALTER VIEW.
+#
+CREATE DATABASE mysqltest_29908;
+USE mysqltest_29908;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE USER u29908_1@localhost;
+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1;
+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS
+SELECT f1 FROM t1;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost;
+CREATE USER u29908_2@localhost;
+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+SHOW CREATE VIEW v2;
+View Create View
+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v1;
+View Create View
+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+View Create View
+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
+ALTER VIEW v1 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v1;
+View Create View
+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
+ALTER VIEW v2 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v2;
+View Create View
+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
+DROP USER u29908_1@localhost;
+DROP USER u29908_2@localhost;
+DROP DATABASE mysqltest_29908;
+#######################################################################
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
diff -Naur mysql-5.0.45.orig/mysql-test/t/view_grant.test mysql-5.0.45/mysql-test/t/view_grant.test
--- mysql-5.0.45.orig/mysql-test/t/view_grant.test 2007-07-04 09:49:09.000000000 -0400
+++ mysql-5.0.45/mysql-test/t/view_grant.test 2007-12-13 14:19:43.000000000 -0500
@@ -1034,10 +1034,11 @@
connect (u1,localhost,u26813,,db26813);
connection u1;
---error 1142
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
ALTER VIEW v1 AS SELECT f2 FROM t1;
---error 1142
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
ALTER VIEW v2 AS SELECT f2 FROM t1;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
ALTER VIEW v3 AS SELECT f2 FROM t1;
connection root;
@@ -1047,6 +1048,51 @@
DROP DATABASE db26813;
disconnect u1;
+--echo #
+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW.
+--echo #
+connection root;
+CREATE DATABASE mysqltest_29908;
+USE mysqltest_29908;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE USER u29908_1@localhost;
+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1;
+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS
+ SELECT f1 FROM t1;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost;
+CREATE USER u29908_2@localhost;
+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
+
+connect (u2,localhost,u29908_2,,mysqltest_29908);
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+
+connect (u1,localhost,u29908_1,,mysqltest_29908);
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v1;
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+
+connection root;
+ALTER VIEW v1 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v1;
+ALTER VIEW v2 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v2;
+
+DROP USER u29908_1@localhost;
+DROP USER u29908_2@localhost;
+DROP DATABASE mysqltest_29908;
+disconnect u1;
+disconnect u2;
+--echo #######################################################################
+
#
# BUG#24040: Create View don't succed with "all privileges" on a database.
#
diff -Naur mysql-5.0.45.orig/sql/sql_view.cc mysql-5.0.45/sql/sql_view.cc
--- mysql-5.0.45.orig/sql/sql_view.cc 2007-07-04 09:06:03.000000000 -0400
+++ mysql-5.0.45/sql/sql_view.cc 2007-12-13 13:30:29.000000000 -0500
@@ -224,9 +224,6 @@
{
LEX *lex= thd->lex;
bool link_to_local;
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
-#endif
/* first table in list is target VIEW name => cut off it */
TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
TABLE_LIST *tables= lex->query_tables;
@@ -281,7 +278,7 @@
- same as current user
- current user has SUPER_ACL
*/
- if (definer_check_is_needed &&
+ if (lex->definer &&
(strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
my_strcasecmp(system_charset_info,
lex->definer->host.str,

View File

@ -1,6 +1,6 @@
Name: mysql
Version: 5.0.45
Release: 11%{?dist}
Version: 5.0.51a
Release: 1%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
URL: http://www.mysql.com
@ -29,8 +29,7 @@ Patch8: mysql-install-test.patch
Patch9: mysql-bdb-link.patch
Patch10: mysql-bdb-open.patch
Patch11: mysql-innodb-crash.patch
Patch12: mysql-rename-bug.patch
Patch13: mysql-view-bug.patch
Patch12: mysql-ssl.patch
Patch14: mysql-ss-test.patch
Patch15: mysql-stack-guard.patch
@ -140,7 +139,6 @@ the MySQL sources.
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
@ -254,6 +252,7 @@ rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/make_sharedlib_distribution
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mi_test_all*
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/ndb-config-2-node.ini
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mysql.server
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mysqld_multi.server
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/MySQL-shared-compat.spec
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/*.plist
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/preinstall
@ -484,6 +483,9 @@ fi
%{_mandir}/man1/mysql_client_test.1*
%changelog
* Mon Mar 3 2008 Tom Lane <tgl@redhat.com> 5.0.51a-1
- Update to mysql version 5.0.51a
* Mon Mar 3 2008 Tom Lane <tgl@redhat.com> 5.0.45-11
- Fix mysql-stack-guard patch to work correctly on IA64
- Fix mysql.init to wait correctly when socket is not in default place

View File

@ -1 +1 @@
a2a1c5a82bb22b45ab76a8ecab94e10d mysql-5.0.45.tar.gz
a83dbdbb91267daf73d2297a9c283dd1 mysql-5.0.51a.tar.gz