Update to MySQL 5.5.32

This commit is contained in:
Honza Horák 2013-06-07 13:26:53 +02:00 committed by Michal Schorm
parent e6a00cb0a6
commit c8c1b8c56c
4 changed files with 20 additions and 139 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
/mysql-5.5.30-nodocs.tar.gz
/mysql-5.5.31-nodocs.tar.gz
/mysql-5.5.32-nodocs.tar.gz

View File

@ -1,3 +1,8 @@
It seems CVE-2013-1861 has been fixed in MySQL upstream, but they don't
ship a test case for that. This patch only includes the test case ported
from MariaDB fix:
https://mariadb.atlassian.net/browse/MDEV-4252
diff -up mysql-5.5.31/mysql-test/r/gis.result.cve mysql-5.5.31/mysql-test/r/gis.result
--- mysql-5.5.31/mysql-test/r/gis.result.cve 2013-06-03 16:32:33.732025515 +0200
+++ mysql-5.5.31/mysql-test/r/gis.result 2013-06-03 16:34:04.519691044 +0200
@ -36,135 +41,3 @@ diff -up mysql-5.5.31/mysql-test/t/gis.test.cve mysql-5.5.31/mysql-test/t/gis.te
+select astext(exteriorring(0x0100000000030000000100000000000010));
+select astext(centroid(0x0100000000030000000100000000000010));
--echo End of 5.5 tests
diff -up mysql-5.5.31/sql/spatial.cc.cve mysql-5.5.31/sql/spatial.cc
--- mysql-5.5.31/sql/spatial.cc.cve 2013-03-25 14:14:58.000000000 +0100
+++ mysql-5.5.31/sql/spatial.cc 2013-06-03 16:45:52.790665557 +0200
@@ -538,7 +538,7 @@ bool Gis_line_string::get_data_as_wkt(St
n_points= uint4korr(data);
data += 4;
- if (n_points < 1 ||
+ if (n_points < 1 || n_points > max_n_points ||
no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points) ||
txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1)*2 + 1) * n_points))
return 1;
@@ -576,7 +576,8 @@ int Gis_line_string::geom_length(double
return 1;
n_points= uint4korr(data);
data+= 4;
- if (n_points < 1 || no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
+ if (n_points < 1 || n_points > max_n_points ||
+ no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
return 1;
get_point(&prev_x, &prev_y, data);
@@ -610,7 +611,7 @@ int Gis_line_string::is_closed(int *clos
return 0;
}
data+= 4;
- if (n_points == 0 ||
+ if (n_points == 0 || n_points > max_n_points ||
no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
return 1;
@@ -780,7 +781,7 @@ bool Gis_polygon::get_data_as_wkt(String
return 1;
n_points= uint4korr(data);
data+= 4;
- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) ||
+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) ||
txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
return 1;
txt->qs_append('(');
@@ -834,7 +835,7 @@ int Gis_polygon::area(double *ar, const
if (no_data(data, 4))
return 1;
n_points= uint4korr(data);
- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
return 1;
get_point(&prev_x, &prev_y, data+4);
data+= (4+SIZEOF_STORED_DOUBLE*2);
@@ -870,7 +871,8 @@ int Gis_polygon::exterior_ring(String *r
n_points= uint4korr(data);
data+= 4;
length= n_points * POINT_DATA_SIZE;
- if (no_data(data, length) || result->reserve(1+4+4+ length))
+ if (n_points > max_n_points ||
+ no_data(data, length) || result->reserve(1+4+4+ length))
return 1;
result->q_append((char) wkb_ndr);
@@ -916,7 +918,8 @@ int Gis_polygon::interior_ring_n(uint32
n_points= uint4korr(data);
points_size= n_points * POINT_DATA_SIZE;
data+= 4;
- if (no_data(data, points_size) || result->reserve(1+4+4+ points_size))
+ if (n_points > max_n_points ||
+ no_data(data, points_size) || result->reserve(1+4+4+ points_size))
return 1;
result->q_append((char) wkb_ndr);
@@ -955,7 +958,7 @@ int Gis_polygon::centroid_xy(double *x,
return 1;
org_n_points= n_points= uint4korr(data);
data+= 4;
- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
return 1;
get_point(&prev_x, &prev_y, data);
data+= (SIZEOF_STORED_DOUBLE*2);
@@ -1242,7 +1245,7 @@ bool Gis_multi_line_string::get_data_as_
return 1;
n_points= uint4korr(data + WKB_HEADER_SIZE);
data+= WKB_HEADER_SIZE + 4;
- if (no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) ||
+ if (n_points > max_n_points || no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) ||
txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
return 1;
txt->qs_append('(');
@@ -1503,7 +1506,8 @@ bool Gis_multi_polygon::get_data_as_wkt(
return 1;
uint32 n_points= uint4korr(data);
data+= 4;
- if (no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) ||
+ if (n_points > max_n_points ||
+ no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) ||
txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points,
512))
return 1;
@@ -1586,6 +1590,8 @@ int Gis_multi_polygon::geometry_n(uint32
if (no_data(data, 4))
return 1;
n_points= uint4korr(data);
+ if (n_points > max_n_points)
+ return 1;
data+= 4 + POINT_DATA_SIZE * n_points;
}
} while (--num);
diff -up mysql-5.5.31/sql/spatial.h.cve mysql-5.5.31/sql/spatial.h
--- mysql-5.5.31/sql/spatial.h.cve 2013-03-25 14:14:58.000000000 +0100
+++ mysql-5.5.31/sql/spatial.h 2013-06-03 16:32:33.737025500 +0200
@@ -200,6 +200,11 @@ struct Geometry_buffer;
class Geometry
{
public:
+ // Maximum number of points in feature that can fit into String
+ static const uint32 max_n_points=
+ (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
+ POINT_DATA_SIZE;
+
Geometry() {} /* Remove gcc warning */
virtual ~Geometry() {} /* Remove gcc warning */
static void *operator new(size_t size, void *buffer)
@@ -383,10 +388,6 @@ public:
class Gis_line_string: public Geometry
{
- // Maximum number of points in LineString that can fit into String
- static const uint32 max_n_points=
- (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
- POINT_DATA_SIZE;
public:
Gis_line_string() {} /* Remove gcc warning */
virtual ~Gis_line_string() {} /* Remove gcc warning */

View File

@ -1,6 +1,6 @@
Name: community-mysql
Version: 5.5.31
Release: 7%{?dist}
Version: 5.5.32
Release: 1%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
@ -491,6 +491,9 @@ cp %{SOURCE7} README.mysql-license
# install the list of skipped tests to be available for user runs
install -m 0644 mysql-test/rh-skipped-tests.list ${RPM_BUILD_ROOT}%{_datadir}/mysql-test
# we don't care about scripts for solaris
rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/solaris/postinstall-solaris
%pre server
/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || :
/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \
@ -706,6 +709,10 @@ install -m 0644 mysql-test/rh-skipped-tests.list ${RPM_BUILD_ROOT}%{_datadir}/my
%{_mandir}/man1/mysql_client_test.1*
%changelog
* Fri Jun 7 2013 Honza Horak <hhorak@redhat.com> 5.5.32-1
- Update to MySQL 5.5.32, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html
* Mon Jun 3 2013 Honza Horak <hhorak@redhat.com> 5.5.31-7
- Use /var/tmp as default tmpdir to prevent potential issues
Resolves: #905635
@ -1806,7 +1813,7 @@ Resolves: #199368
- 3.23.28 (gamma)
- remove old patches, as they are now upstreamed
* Thu Nov 14 2000 Trond Eivind Glomsrd <teg@redhat.com>
* Tue Nov 14 2000 Trond Eivind Glomsrd <teg@redhat.com>
- Add a requirement for a new glibc (#20735)
- build on IA64
@ -1846,7 +1853,7 @@ Resolves: #199368
- Don't try to include no-longer-existing PUBLIC file
as doc (#17532)
* Thu Sep 12 2000 Trond Eivind Glomsrd <teg@redhat.com>
* Tue Sep 12 2000 Trond Eivind Glomsrd <teg@redhat.com>
- rename config file to /etc/my.cnf, which is what
mysqld wants... doh. (#17432)
- include a changed safe_mysqld, so the pid file option
@ -1878,7 +1885,7 @@ Resolves: #199368
* Sat Aug 05 2000 Bill Nottingham <notting@redhat.com>
- condrestart fixes
* Mon Aug 01 2000 Trond Eivind Glomsrd <teg@redhat.com>
* Tue Aug 01 2000 Trond Eivind Glomsrd <teg@redhat.com>
- 3.23.22. Disable the old patches, they're now in.
* Thu Jul 27 2000 Trond Eivind Glomsrd <teg@redhat.com>
@ -1937,7 +1944,7 @@ Resolves: #199368
- include a /etc/my.conf (empty, FTTB)
- add conditional restart to spec file
* Tue Jul 2 2000 Jakub Jelinek <jakub@redhat.com>
* Sun Jul 2 2000 Jakub Jelinek <jakub@redhat.com>
- Rebuild with new C++
* Fri Jun 30 2000 Trond Eivind Glomsrd <teg@redhat.com>

View File

@ -1 +1 @@
2dd78a69ceaaf40fcbf985add94c4a2b mysql-5.5.31-nodocs.tar.gz
42a449d1864d9f98534335e830fbb74b mysql-5.5.32-nodocs.tar.gz