diff --git a/.cvsignore b/.cvsignore index 5628d11..e0f842b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -mysql-5.0.45.tar.gz +mysql-5.0.51a.tar.gz diff --git a/mysql-rename-bug.patch b/mysql-rename-bug.patch deleted file mode 100644 index cd5058d..0000000 --- a/mysql-rename-bug.patch +++ /dev/null @@ -1,75 +0,0 @@ -Back-port upstream fix for CVE-2007-5969. - -diff -Naur mysql-5.0.45.orig/mysql-test/r/symlink.result mysql-5.0.45/mysql-test/r/symlink.result ---- mysql-5.0.45.orig/mysql-test/r/symlink.result 2007-07-04 09:49:09.000000000 -0400 -+++ mysql-5.0.45/mysql-test/r/symlink.result 2007-12-13 12:28:59.000000000 -0500 -@@ -99,6 +99,12 @@ - `b` int(11) default NULL - ) ENGINE=MyISAM DEFAULT CHARSET=latin1 - drop table t1; -+CREATE TABLE t1(a INT) -+DATA DIRECTORY='TEST_DIR/master-data/mysql' -+INDEX DIRECTORY='TEST_DIR/master-data/mysql'; -+RENAME TABLE t1 TO user; -+ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17) -+DROP TABLE t1; - show create table t1; - Table Create Table - t1 CREATE TABLE `t1` ( -diff -Naur mysql-5.0.45.orig/mysql-test/t/symlink.test mysql-5.0.45/mysql-test/t/symlink.test ---- mysql-5.0.45.orig/mysql-test/t/symlink.test 2007-07-04 09:49:09.000000000 -0400 -+++ mysql-5.0.45/mysql-test/t/symlink.test 2007-12-13 12:28:59.000000000 -0500 -@@ -125,6 +125,18 @@ - drop table t1; - - # -+# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE -+# -+--replace_result $MYSQLTEST_VARDIR TEST_DIR -+eval CREATE TABLE t1(a INT) -+DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql' -+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'; -+--replace_result $MYSQLTEST_VARDIR TEST_DIR -+--error 1 -+RENAME TABLE t1 TO user; -+DROP TABLE t1; -+ -+# - # Test specifying DATA DIRECTORY that is the same as what would normally - # have been chosen. (Bug #8707) - # -diff -Naur mysql-5.0.45.orig/mysys/my_symlink2.c mysql-5.0.45/mysys/my_symlink2.c ---- mysql-5.0.45.orig/mysys/my_symlink2.c 2007-07-04 09:06:25.000000000 -0400 -+++ mysql-5.0.45/mysys/my_symlink2.c 2007-12-13 12:28:59.000000000 -0500 -@@ -124,6 +124,7 @@ - int was_symlink= (!my_disable_symlinks && - !my_readlink(link_name, from, MYF(0))); - int result=0; -+ int name_is_different; - DBUG_ENTER("my_rename_with_symlink"); - - if (!was_symlink) -@@ -132,6 +133,14 @@ - /* Change filename that symlink pointed to */ - strmov(tmp_name, to); - fn_same(tmp_name,link_name,1); /* Copy dir */ -+ name_is_different= strcmp(link_name, tmp_name); -+ if (name_is_different && !access(tmp_name, F_OK)) -+ { -+ my_errno= EEXIST; -+ if (MyFlags & MY_WME) -+ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST); -+ DBUG_RETURN(1); -+ } - - /* Create new symlink */ - if (my_symlink(tmp_name, to, MyFlags)) -@@ -143,7 +152,7 @@ - the same basename and different directories. - */ - -- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags)) -+ if (name_is_different && my_rename(link_name, tmp_name, MyFlags)) - { - int save_errno=my_errno; - my_delete(to, MyFlags); /* Remove created symlink */ diff --git a/mysql-ssl.patch b/mysql-ssl.patch new file mode 100644 index 0000000..5fbbe4f --- /dev/null +++ b/mysql-ssl.patch @@ -0,0 +1,75 @@ +Repair 5.0.50 SSL breakage, per upstream bug +http://bugs.mysql.com/bug.php?id=33050 + + +diff -Naur mysql-5.0.54a.orig/vio/viossl.c mysql-5.0.54a/vio/viossl.c +--- mysql-5.0.54a.orig/vio/viossl.c 2008-01-11 09:08:38.000000000 -0500 ++++ mysql-5.0.54a/vio/viossl.c 2008-02-12 15:30:42.000000000 -0500 +@@ -172,20 +172,15 @@ + vio_delete(vio); + } + +-int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) +-{ +- DBUG_ENTER("sslaccept"); +- DBUG_RETURN(sslconnect(ptr, vio, timeout)); +-} +- + +-int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) ++static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, ++ int (*connect_accept_func)(SSL*)) + { + SSL *ssl; + my_bool unused; + my_bool was_blocking; + +- DBUG_ENTER("sslconnect"); ++ DBUG_ENTER("ssl_do"); + DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx", + (long) ptr, vio->sd, (long) ptr->ssl_context)); + +@@ -204,13 +199,9 @@ + SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); + SSL_set_fd(ssl, vio->sd); + +- /* +- SSL_do_handshake will select between SSL_connect +- or SSL_accept depending on server or client side +- */ +- if (SSL_do_handshake(ssl) < 1) ++ if (connect_accept_func(ssl) < 1) + { +- DBUG_PRINT("error", ("SSL_do_handshake failure")); ++ DBUG_PRINT("error", ("SSL_connect/accept failure")); + report_errors(ssl); + SSL_free(ssl); + vio_blocking(vio, was_blocking, &unused); +@@ -259,6 +250,20 @@ + } + + ++int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) ++{ ++ DBUG_ENTER("sslaccept"); ++ DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept)); ++} ++ ++ ++int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) ++{ ++ DBUG_ENTER("sslconnect"); ++ DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect)); ++} ++ ++ + int vio_ssl_blocking(Vio *vio __attribute__((unused)), + my_bool set_blocking_mode, + my_bool *old_mode) +@@ -269,4 +274,6 @@ + return (set_blocking_mode ? 0 : 1); + } + ++ ++ + #endif /* HAVE_OPENSSL */ diff --git a/mysql-view-bug.patch b/mysql-view-bug.patch deleted file mode 100644 index 93d8b82..0000000 --- a/mysql-view-bug.patch +++ /dev/null @@ -1,160 +0,0 @@ -Back-port upstream fix for CVE-2007-6303. - -diff -Naur mysql-5.0.45.orig/mysql-test/r/view_grant.result mysql-5.0.45/mysql-test/r/view_grant.result ---- mysql-5.0.45.orig/mysql-test/r/view_grant.result 2007-07-04 09:49:09.000000000 -0400 -+++ mysql-5.0.45/mysql-test/r/view_grant.result 2007-12-13 14:20:02.000000000 -0500 -@@ -776,15 +776,60 @@ - GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; - GRANT SELECT ON db26813.t1 TO u26813@localhost; - ALTER VIEW v1 AS SELECT f2 FROM t1; --ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1' -+ERROR 42000: Access denied; you need the SUPER privilege for this operation - ALTER VIEW v2 AS SELECT f2 FROM t1; --ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2' -+ERROR 42000: Access denied; you need the SUPER privilege for this operation - ALTER VIEW v3 AS SELECT f2 FROM t1; -+ERROR 42000: Access denied; you need the SUPER privilege for this operation - SHOW CREATE VIEW v3; - View Create View --v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1` -+v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1` - DROP USER u26813@localhost; - DROP DATABASE db26813; -+# -+# Bug#29908: A user can gain additional access through the ALTER VIEW. -+# -+CREATE DATABASE mysqltest_29908; -+USE mysqltest_29908; -+CREATE TABLE t1(f1 INT, f2 INT); -+CREATE USER u29908_1@localhost; -+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; -+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS -+SELECT f1 FROM t1; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; -+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; -+CREATE USER u29908_2@localhost; -+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; -+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; -+ALTER VIEW v1 AS SELECT f2 FROM t1; -+ERROR 42000: Access denied; you need the SUPER privilege for this operation -+ALTER VIEW v2 AS SELECT f2 FROM t1; -+ERROR 42000: Access denied; you need the SUPER privilege for this operation -+SHOW CREATE VIEW v2; -+View Create View -+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` -+ALTER VIEW v1 AS SELECT f2 FROM t1; -+SHOW CREATE VIEW v1; -+View Create View -+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1` -+ALTER VIEW v2 AS SELECT f2 FROM t1; -+SHOW CREATE VIEW v2; -+View Create View -+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1` -+ALTER VIEW v1 AS SELECT f1 FROM t1; -+SHOW CREATE VIEW v1; -+View Create View -+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1` -+ALTER VIEW v2 AS SELECT f1 FROM t1; -+SHOW CREATE VIEW v2; -+View Create View -+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` -+DROP USER u29908_1@localhost; -+DROP USER u29908_2@localhost; -+DROP DATABASE mysqltest_29908; -+####################################################################### - DROP DATABASE IF EXISTS mysqltest1; - DROP DATABASE IF EXISTS mysqltest2; - CREATE DATABASE mysqltest1; -diff -Naur mysql-5.0.45.orig/mysql-test/t/view_grant.test mysql-5.0.45/mysql-test/t/view_grant.test ---- mysql-5.0.45.orig/mysql-test/t/view_grant.test 2007-07-04 09:49:09.000000000 -0400 -+++ mysql-5.0.45/mysql-test/t/view_grant.test 2007-12-13 14:19:43.000000000 -0500 -@@ -1034,10 +1034,11 @@ - - connect (u1,localhost,u26813,,db26813); - connection u1; ----error 1142 -+--error ER_SPECIFIC_ACCESS_DENIED_ERROR - ALTER VIEW v1 AS SELECT f2 FROM t1; ----error 1142 -+--error ER_SPECIFIC_ACCESS_DENIED_ERROR - ALTER VIEW v2 AS SELECT f2 FROM t1; -+--error ER_SPECIFIC_ACCESS_DENIED_ERROR - ALTER VIEW v3 AS SELECT f2 FROM t1; - - connection root; -@@ -1047,6 +1048,51 @@ - DROP DATABASE db26813; - disconnect u1; - -+--echo # -+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW. -+--echo # -+connection root; -+CREATE DATABASE mysqltest_29908; -+USE mysqltest_29908; -+CREATE TABLE t1(f1 INT, f2 INT); -+CREATE USER u29908_1@localhost; -+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; -+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS -+ SELECT f1 FROM t1; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; -+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; -+CREATE USER u29908_2@localhost; -+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; -+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; -+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; -+ -+connect (u2,localhost,u29908_2,,mysqltest_29908); -+--error ER_SPECIFIC_ACCESS_DENIED_ERROR -+ALTER VIEW v1 AS SELECT f2 FROM t1; -+--error ER_SPECIFIC_ACCESS_DENIED_ERROR -+ALTER VIEW v2 AS SELECT f2 FROM t1; -+SHOW CREATE VIEW v2; -+ -+connect (u1,localhost,u29908_1,,mysqltest_29908); -+ALTER VIEW v1 AS SELECT f2 FROM t1; -+SHOW CREATE VIEW v1; -+ALTER VIEW v2 AS SELECT f2 FROM t1; -+SHOW CREATE VIEW v2; -+ -+connection root; -+ALTER VIEW v1 AS SELECT f1 FROM t1; -+SHOW CREATE VIEW v1; -+ALTER VIEW v2 AS SELECT f1 FROM t1; -+SHOW CREATE VIEW v2; -+ -+DROP USER u29908_1@localhost; -+DROP USER u29908_2@localhost; -+DROP DATABASE mysqltest_29908; -+disconnect u1; -+disconnect u2; -+--echo ####################################################################### -+ - # - # BUG#24040: Create View don't succed with "all privileges" on a database. - # -diff -Naur mysql-5.0.45.orig/sql/sql_view.cc mysql-5.0.45/sql/sql_view.cc ---- mysql-5.0.45.orig/sql/sql_view.cc 2007-07-04 09:06:03.000000000 -0400 -+++ mysql-5.0.45/sql/sql_view.cc 2007-12-13 13:30:29.000000000 -0500 -@@ -224,9 +224,6 @@ - { - LEX *lex= thd->lex; - bool link_to_local; --#ifndef NO_EMBEDDED_ACCESS_CHECKS -- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer; --#endif - /* first table in list is target VIEW name => cut off it */ - TABLE_LIST *view= lex->unlink_first_table(&link_to_local); - TABLE_LIST *tables= lex->query_tables; -@@ -281,7 +278,7 @@ - - same as current user - - current user has SUPER_ACL - */ -- if (definer_check_is_needed && -+ if (lex->definer && - (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || - my_strcasecmp(system_charset_info, - lex->definer->host.str, diff --git a/mysql.spec b/mysql.spec index 76bfd92..a15ca2b 100644 --- a/mysql.spec +++ b/mysql.spec @@ -1,6 +1,6 @@ Name: mysql -Version: 5.0.45 -Release: 11%{?dist} +Version: 5.0.51a +Release: 1%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases URL: http://www.mysql.com @@ -29,8 +29,7 @@ Patch8: mysql-install-test.patch Patch9: mysql-bdb-link.patch Patch10: mysql-bdb-open.patch Patch11: mysql-innodb-crash.patch -Patch12: mysql-rename-bug.patch -Patch13: mysql-view-bug.patch +Patch12: mysql-ssl.patch Patch14: mysql-ss-test.patch Patch15: mysql-stack-guard.patch @@ -140,7 +139,6 @@ the MySQL sources. %patch10 -p1 %patch11 -p1 %patch12 -p1 -%patch13 -p1 %patch14 -p1 %patch15 -p1 @@ -254,6 +252,7 @@ rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/make_sharedlib_distribution rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mi_test_all* rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/ndb-config-2-node.ini rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mysql.server +rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/mysqld_multi.server rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/MySQL-shared-compat.spec rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/*.plist rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/preinstall @@ -484,6 +483,9 @@ fi %{_mandir}/man1/mysql_client_test.1* %changelog +* Mon Mar 3 2008 Tom Lane 5.0.51a-1 +- Update to mysql version 5.0.51a + * Mon Mar 3 2008 Tom Lane 5.0.45-11 - Fix mysql-stack-guard patch to work correctly on IA64 - Fix mysql.init to wait correctly when socket is not in default place diff --git a/sources b/sources index 111ada4..7c17839 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a2a1c5a82bb22b45ab76a8ecab94e10d mysql-5.0.45.tar.gz +a83dbdbb91267daf73d2297a9c283dd1 mysql-5.0.51a.tar.gz