Add patch for CVE-2012-5611, and widen DH key length from 512 to 1024 bits
This commit is contained in:
Tom Lane
Michal Schorm
parent
b29f12be3a
commit
a07f891542
81
mysql-cve-2012-5611.patch
Normal file
81
mysql-cve-2012-5611.patch
Normal file
@ -0,0 +1,81 @@
|
||||
Back-ported patch for CVE-2012-5611 --- see
|
||||
http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.17
|
||||
|
||||
|
||||
diff -Naur mysql-5.5.28.orig/mysql-test/r/information_schema.result mysql-5.5.28/mysql-test/r/information_schema.result
|
||||
--- mysql-5.5.28.orig/mysql-test/r/information_schema.result 2012-08-29 04:50:47.000000000 -0400
|
||||
+++ mysql-5.5.28/mysql-test/r/information_schema.result 2012-12-05 10:33:56.906738492 -0500
|
||||
@@ -1712,6 +1712,10 @@
|
||||
length(CAST(b AS CHAR))
|
||||
20
|
||||
DROP TABLE ubig;
|
||||
+grant usage on *.* to mysqltest_1@localhost;
|
||||
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
|
||||
+1
|
||||
+drop user mysqltest_1@localhost;
|
||||
End of 5.1 tests.
|
||||
#
|
||||
# Additional test for WL#3726 "DDL locking for all metadata objects"
|
||||
diff -Naur mysql-5.5.28.orig/mysql-test/t/information_schema.test mysql-5.5.28/mysql-test/t/information_schema.test
|
||||
--- mysql-5.5.28.orig/mysql-test/t/information_schema.test 2012-08-29 04:50:47.000000000 -0400
|
||||
+++ mysql-5.5.28/mysql-test/t/information_schema.test 2012-12-05 10:33:56.908738590 -0500
|
||||
@@ -1444,6 +1444,13 @@
|
||||
|
||||
DROP TABLE ubig;
|
||||
|
||||
+grant usage on *.* to mysqltest_1@localhost;
|
||||
+connect (con1, localhost, mysqltest_1,,);
|
||||
+connection con1;
|
||||
+select 1 from information_schema.tables where table_schema=repeat('a', 2000);
|
||||
+connection default;
|
||||
+disconnect con1;
|
||||
+drop user mysqltest_1@localhost;
|
||||
|
||||
--echo End of 5.1 tests.
|
||||
|
||||
diff -Naur mysql-5.5.28.orig/sql/sql_acl.cc mysql-5.5.28/sql/sql_acl.cc
|
||||
--- mysql-5.5.28.orig/sql/sql_acl.cc 2012-08-29 04:50:46.000000000 -0400
|
||||
+++ mysql-5.5.28/sql/sql_acl.cc 2012-12-05 10:35:47.608766346 -0500
|
||||
@@ -1573,14 +1573,20 @@
|
||||
acl_entry *entry;
|
||||
DBUG_ENTER("acl_get");
|
||||
|
||||
- mysql_mutex_lock(&acl_cache->lock);
|
||||
- end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db);
|
||||
+ tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1;
|
||||
+ end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db);
|
||||
+
|
||||
+ if (end >= key + sizeof(key)) // db name was truncated
|
||||
+ DBUG_RETURN(0); // no privileges for an invalid db name
|
||||
+
|
||||
if (lower_case_table_names)
|
||||
{
|
||||
my_casedn_str(files_charset_info, tmp_db);
|
||||
db=tmp_db;
|
||||
}
|
||||
key_length= (size_t) (end-key);
|
||||
+
|
||||
+ mysql_mutex_lock(&acl_cache->lock);
|
||||
if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key,
|
||||
key_length)))
|
||||
{
|
||||
@@ -4902,11 +4908,17 @@
|
||||
bool check_grant_db(THD *thd,const char *db)
|
||||
{
|
||||
Security_context *sctx= thd->security_ctx;
|
||||
- char helping [NAME_LEN+USERNAME_LENGTH+2];
|
||||
+ char helping [NAME_LEN+USERNAME_LENGTH+2], *end;
|
||||
uint len;
|
||||
bool error= TRUE;
|
||||
|
||||
- len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1;
|
||||
+ end= strmov(helping, sctx->priv_user) + 1;
|
||||
+ end= strnmov(end, db, helping + sizeof(helping) - end);
|
||||
+
|
||||
+ if (end >= helping + sizeof(helping)) // db name was truncated
|
||||
+ return 1; // no privileges for an invalid db name
|
||||
+
|
||||
+ len= (uint) (end - helping) + 1;
|
||||
|
||||
mysql_rwlock_rdlock(&LOCK_grant);
|
||||
|
||||
63
mysql-dh1024.patch
Normal file
63
mysql-dh1024.patch
Normal file
@ -0,0 +1,63 @@
|
||||
Change the DH key length from 512 to 1024 bits to meet minimum requirements
|
||||
of FIPS 140-2. (In principle we could use the larger size only when FIPS
|
||||
mode is on, but it doesn't seem worth the trouble.)
|
||||
|
||||
The new parameter value was generated using "openssl dhparam -C 1024".
|
||||
|
||||
|
||||
diff -Naur mysql-5.5.28.orig/vio/viosslfactories.c mysql-5.5.28/vio/viosslfactories.c
|
||||
--- mysql-5.5.28.orig/vio/viosslfactories.c 2012-08-29 04:50:46.000000000 -0400
|
||||
+++ mysql-5.5.28/vio/viosslfactories.c 2012-11-15 11:19:38.575701435 -0500
|
||||
@@ -20,27 +20,32 @@
|
||||
static my_bool ssl_algorithms_added = FALSE;
|
||||
static my_bool ssl_error_strings_loaded= FALSE;
|
||||
|
||||
-static unsigned char dh512_p[]=
|
||||
+static unsigned char dh1024_p[]=
|
||||
{
|
||||
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
||||
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
||||
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
|
||||
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
|
||||
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
|
||||
- 0x47,0x74,0xE8,0x33,
|
||||
+ 0xBF,0x5C,0xFA,0xD1,0xDD,0xBB,0xB3,0x0A,0x58,0x29,0x05,0xF5,
|
||||
+ 0x7D,0x64,0xB2,0xE1,0xCE,0xE8,0xE0,0xE1,0x7A,0xB6,0xBC,0x5B,
|
||||
+ 0x21,0x56,0xDF,0x2C,0x82,0x60,0xDC,0x31,0xCA,0x1E,0x02,0xFE,
|
||||
+ 0xC4,0xE7,0x24,0x63,0x31,0xE4,0x67,0x1C,0x0B,0xFF,0x86,0x12,
|
||||
+ 0x0D,0x2E,0xE6,0x35,0x0A,0x07,0x4F,0xE7,0x3F,0xDE,0xFE,0xF0,
|
||||
+ 0x13,0x1C,0xA2,0x2B,0xF4,0xEE,0x2C,0x90,0x10,0x57,0x6B,0x2B,
|
||||
+ 0xB9,0x1E,0x1B,0x47,0xB0,0x25,0xBF,0x45,0x86,0xDA,0x87,0x35,
|
||||
+ 0x2C,0xF5,0x6A,0x41,0xA2,0x57,0xD8,0x16,0x5E,0x82,0x91,0x99,
|
||||
+ 0x33,0xA0,0x8B,0x9D,0x34,0xCE,0x03,0x01,0x80,0x32,0x07,0x3B,
|
||||
+ 0xF2,0x93,0xFC,0x3A,0x25,0xEC,0xB3,0xED,0x5C,0x4E,0x57,0xF2,
|
||||
+ 0x3C,0x2E,0x0D,0xB1,0x59,0xA2,0x08,0x93,
|
||||
};
|
||||
|
||||
-static unsigned char dh512_g[]={
|
||||
+static unsigned char dh1024_g[]={
|
||||
0x02,
|
||||
};
|
||||
|
||||
-static DH *get_dh512(void)
|
||||
+static DH *get_dh1024(void)
|
||||
{
|
||||
DH *dh;
|
||||
if ((dh=DH_new()))
|
||||
{
|
||||
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
||||
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
||||
+ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
|
||||
+ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
|
||||
if (! dh->p || ! dh->g)
|
||||
{
|
||||
DH_free(dh);
|
||||
@@ -255,7 +260,7 @@
|
||||
}
|
||||
|
||||
/* DH stuff */
|
||||
- dh=get_dh512();
|
||||
+ dh=get_dh1024();
|
||||
SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
|
||||
DH_free(dh);
|
||||
|
||||
13
mysql.spec
13
mysql.spec
@ -1,6 +1,6 @@
|
||||
Name: mysql
|
||||
Version: 5.5.28
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
Summary: MySQL client programs and shared libraries
|
||||
Group: Applications/Databases
|
||||
@ -55,6 +55,8 @@ Patch17: mysql-plugin-test.patch
|
||||
Patch18: mysql-cipherspec.patch
|
||||
Patch19: mysql-file-contents.patch
|
||||
Patch20: mysql-string-overflow.patch
|
||||
Patch21: mysql-dh1024.patch
|
||||
Patch22: mysql-cve-2012-5611.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
BuildRequires: perl, readline-devel, openssl-devel
|
||||
@ -209,6 +211,8 @@ the MySQL sources.
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
|
||||
# workaround for upstream bug #56342
|
||||
rm -f mysql-test/t/ssl_8k_key-master.opt
|
||||
@ -701,6 +705,13 @@ fi
|
||||
%{_mandir}/man1/mysql_client_test.1*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 5 2012 Tom Lane <tgl@redhat.com> 5.5.28-2
|
||||
- Add patch for CVE-2012-5611
|
||||
Resolves: #883642
|
||||
- Widen DH key length from 512 to 1024 bits to meet minimum requirements
|
||||
of FIPS 140-2
|
||||
Related: #877124
|
||||
|
||||
* Sat Sep 29 2012 Tom Lane <tgl@redhat.com> 5.5.28-1
|
||||
- Update to MySQL 5.5.28, for various fixes described at
|
||||
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-28.html
|
||||
|
||||
Loading…
Reference in New Issue
Block a user