From c8c1b8c56c5618d95c40fd6bd3920ca985591b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Honza=20Hor=C3=A1k?= Date: Fri, 7 Jun 2013 13:26:53 +0200 Subject: [PATCH] Update to MySQL 5.5.32 --- .gitignore | 1 + community-mysql-cve-2013-1861.patch | 137 +--------------------------- community-mysql.spec | 19 ++-- sources | 2 +- 4 files changed, 20 insertions(+), 139 deletions(-) diff --git a/.gitignore b/.gitignore index ee32730..819fd32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /mysql-5.5.30-nodocs.tar.gz /mysql-5.5.31-nodocs.tar.gz +/mysql-5.5.32-nodocs.tar.gz diff --git a/community-mysql-cve-2013-1861.patch b/community-mysql-cve-2013-1861.patch index e8a27cf..75e35c3 100644 --- a/community-mysql-cve-2013-1861.patch +++ b/community-mysql-cve-2013-1861.patch @@ -1,3 +1,8 @@ +It seems CVE-2013-1861 has been fixed in MySQL upstream, but they don't +ship a test case for that. This patch only includes the test case ported +from MariaDB fix: +https://mariadb.atlassian.net/browse/MDEV-4252 + diff -up mysql-5.5.31/mysql-test/r/gis.result.cve mysql-5.5.31/mysql-test/r/gis.result --- mysql-5.5.31/mysql-test/r/gis.result.cve 2013-06-03 16:32:33.732025515 +0200 +++ mysql-5.5.31/mysql-test/r/gis.result 2013-06-03 16:34:04.519691044 +0200 @@ -36,135 +41,3 @@ diff -up mysql-5.5.31/mysql-test/t/gis.test.cve mysql-5.5.31/mysql-test/t/gis.te +select astext(exteriorring(0x0100000000030000000100000000000010)); +select astext(centroid(0x0100000000030000000100000000000010)); --echo End of 5.5 tests -diff -up mysql-5.5.31/sql/spatial.cc.cve mysql-5.5.31/sql/spatial.cc ---- mysql-5.5.31/sql/spatial.cc.cve 2013-03-25 14:14:58.000000000 +0100 -+++ mysql-5.5.31/sql/spatial.cc 2013-06-03 16:45:52.790665557 +0200 -@@ -538,7 +538,7 @@ bool Gis_line_string::get_data_as_wkt(St - n_points= uint4korr(data); - data += 4; - -- if (n_points < 1 || -+ if (n_points < 1 || n_points > max_n_points || - no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points) || - txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1)*2 + 1) * n_points)) - return 1; -@@ -576,7 +576,8 @@ int Gis_line_string::geom_length(double - return 1; - n_points= uint4korr(data); - data+= 4; -- if (n_points < 1 || no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points)) -+ if (n_points < 1 || n_points > max_n_points || -+ no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points)) - return 1; - - get_point(&prev_x, &prev_y, data); -@@ -610,7 +611,7 @@ int Gis_line_string::is_closed(int *clos - return 0; - } - data+= 4; -- if (n_points == 0 || -+ if (n_points == 0 || n_points > max_n_points || - no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points)) - return 1; - -@@ -780,7 +781,7 @@ bool Gis_polygon::get_data_as_wkt(String - return 1; - n_points= uint4korr(data); - data+= 4; -- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) || -+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) || - txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points)) - return 1; - txt->qs_append('('); -@@ -834,7 +835,7 @@ int Gis_polygon::area(double *ar, const - if (no_data(data, 4)) - return 1; - n_points= uint4korr(data); -- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points)) -+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points)) - return 1; - get_point(&prev_x, &prev_y, data+4); - data+= (4+SIZEOF_STORED_DOUBLE*2); -@@ -870,7 +871,8 @@ int Gis_polygon::exterior_ring(String *r - n_points= uint4korr(data); - data+= 4; - length= n_points * POINT_DATA_SIZE; -- if (no_data(data, length) || result->reserve(1+4+4+ length)) -+ if (n_points > max_n_points || -+ no_data(data, length) || result->reserve(1+4+4+ length)) - return 1; - - result->q_append((char) wkb_ndr); -@@ -916,7 +918,8 @@ int Gis_polygon::interior_ring_n(uint32 - n_points= uint4korr(data); - points_size= n_points * POINT_DATA_SIZE; - data+= 4; -- if (no_data(data, points_size) || result->reserve(1+4+4+ points_size)) -+ if (n_points > max_n_points || -+ no_data(data, points_size) || result->reserve(1+4+4+ points_size)) - return 1; - - result->q_append((char) wkb_ndr); -@@ -955,7 +958,7 @@ int Gis_polygon::centroid_xy(double *x, - return 1; - org_n_points= n_points= uint4korr(data); - data+= 4; -- if (no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points)) -+ if (n_points > max_n_points || no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points)) - return 1; - get_point(&prev_x, &prev_y, data); - data+= (SIZEOF_STORED_DOUBLE*2); -@@ -1242,7 +1245,7 @@ bool Gis_multi_line_string::get_data_as_ - return 1; - n_points= uint4korr(data + WKB_HEADER_SIZE); - data+= WKB_HEADER_SIZE + 4; -- if (no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) || -+ if (n_points > max_n_points || no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) || - txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points)) - return 1; - txt->qs_append('('); -@@ -1503,7 +1506,8 @@ bool Gis_multi_polygon::get_data_as_wkt( - return 1; - uint32 n_points= uint4korr(data); - data+= 4; -- if (no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) || -+ if (n_points > max_n_points || -+ no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) || - txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points, - 512)) - return 1; -@@ -1586,6 +1590,8 @@ int Gis_multi_polygon::geometry_n(uint32 - if (no_data(data, 4)) - return 1; - n_points= uint4korr(data); -+ if (n_points > max_n_points) -+ return 1; - data+= 4 + POINT_DATA_SIZE * n_points; - } - } while (--num); -diff -up mysql-5.5.31/sql/spatial.h.cve mysql-5.5.31/sql/spatial.h ---- mysql-5.5.31/sql/spatial.h.cve 2013-03-25 14:14:58.000000000 +0100 -+++ mysql-5.5.31/sql/spatial.h 2013-06-03 16:32:33.737025500 +0200 -@@ -200,6 +200,11 @@ struct Geometry_buffer; - class Geometry - { - public: -+ // Maximum number of points in feature that can fit into String -+ static const uint32 max_n_points= -+ (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) / -+ POINT_DATA_SIZE; -+ - Geometry() {} /* Remove gcc warning */ - virtual ~Geometry() {} /* Remove gcc warning */ - static void *operator new(size_t size, void *buffer) -@@ -383,10 +388,6 @@ public: - - class Gis_line_string: public Geometry - { -- // Maximum number of points in LineString that can fit into String -- static const uint32 max_n_points= -- (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) / -- POINT_DATA_SIZE; - public: - Gis_line_string() {} /* Remove gcc warning */ - virtual ~Gis_line_string() {} /* Remove gcc warning */ diff --git a/community-mysql.spec b/community-mysql.spec index cc66d61..f08367d 100644 --- a/community-mysql.spec +++ b/community-mysql.spec @@ -1,6 +1,6 @@ Name: community-mysql -Version: 5.5.31 -Release: 7%{?dist} +Version: 5.5.32 +Release: 1%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases @@ -491,6 +491,9 @@ cp %{SOURCE7} README.mysql-license # install the list of skipped tests to be available for user runs install -m 0644 mysql-test/rh-skipped-tests.list ${RPM_BUILD_ROOT}%{_datadir}/mysql-test +# we don't care about scripts for solaris +rm -f ${RPM_BUILD_ROOT}%{_datadir}/mysql/solaris/postinstall-solaris + %pre server /usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || : /usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \ @@ -706,6 +709,10 @@ install -m 0644 mysql-test/rh-skipped-tests.list ${RPM_BUILD_ROOT}%{_datadir}/my %{_mandir}/man1/mysql_client_test.1* %changelog +* Fri Jun 7 2013 Honza Horak 5.5.32-1 +- Update to MySQL 5.5.32, for various fixes described at + http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html + * Mon Jun 3 2013 Honza Horak 5.5.31-7 - Use /var/tmp as default tmpdir to prevent potential issues Resolves: #905635 @@ -1806,7 +1813,7 @@ Resolves: #199368 - 3.23.28 (gamma) - remove old patches, as they are now upstreamed -* Thu Nov 14 2000 Trond Eivind Glomsrd +* Tue Nov 14 2000 Trond Eivind Glomsrd - Add a requirement for a new glibc (#20735) - build on IA64 @@ -1846,7 +1853,7 @@ Resolves: #199368 - Don't try to include no-longer-existing PUBLIC file as doc (#17532) -* Thu Sep 12 2000 Trond Eivind Glomsrd +* Tue Sep 12 2000 Trond Eivind Glomsrd - rename config file to /etc/my.cnf, which is what mysqld wants... doh. (#17432) - include a changed safe_mysqld, so the pid file option @@ -1878,7 +1885,7 @@ Resolves: #199368 * Sat Aug 05 2000 Bill Nottingham - condrestart fixes -* Mon Aug 01 2000 Trond Eivind Glomsrd +* Tue Aug 01 2000 Trond Eivind Glomsrd - 3.23.22. Disable the old patches, they're now in. * Thu Jul 27 2000 Trond Eivind Glomsrd @@ -1937,7 +1944,7 @@ Resolves: #199368 - include a /etc/my.conf (empty, FTTB) - add conditional restart to spec file -* Tue Jul 2 2000 Jakub Jelinek +* Sun Jul 2 2000 Jakub Jelinek - Rebuild with new C++ * Fri Jun 30 2000 Trond Eivind Glomsrd diff --git a/sources b/sources index c09c60e..a947c94 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2dd78a69ceaaf40fcbf985add94c4a2b mysql-5.5.31-nodocs.tar.gz +42a449d1864d9f98534335e830fbb74b mysql-5.5.32-nodocs.tar.gz