rpms/mysql8.4
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add backported patch for CVE-2008-7247 (upstream bug 39277)

Browse Source
This commit is contained in:
Tom Lane 2010-01-28 20:26:30 +00:00 committed by Michal Schorm
parent 56e52fefef
commit e98ad40f7f
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
mysql-cve-2008-7247.patch Normal file
View File

@ -0,0 +1,58 @@
Back-ported patch for upstream bug #39277.
diff -Naur mysql-5.1.42.orig/sql/sql_table.cc mysql-5.1.42/sql/sql_table.cc
--- mysql-5.1.42.orig/sql/sql_table.cc 2009-12-16 12:57:30.000000000 -0500
+++ mysql-5.1.42/sql/sql_table.cc 2010-01-28 14:33:52.000000000 -0500
@@ -3892,15 +3892,43 @@
create_info->table_existed= 0; // Mark that table is created
#ifdef HAVE_READLINK
- if (test_if_data_home_dir(create_info->data_file_name))
{
- my_error(ER_WRONG_ARGUMENTS, MYF(0), "DATA DIRECTORY");
- goto unlock_and_end;
- }
- if (test_if_data_home_dir(create_info->index_file_name))
- {
- my_error(ER_WRONG_ARGUMENTS, MYF(0), "INDEX DIRECTORY");
- goto unlock_and_end;
+ size_t dirlen;
+ char dirpath[FN_REFLEN];
+
+ /*
+ data_file_name and index_file_name include the table name without
+ extension. Mostly this does not refer to an existing file. When
+ comparing data_file_name or index_file_name against the data
+ directory, we try to resolve all symbolic links. On some systems,
+ we use realpath(3) for the resolution. This returns ENOENT if the
+ resolved path does not refer to an existing file. my_realpath()
+ does then copy the requested path verbatim, without symlink
+ resolution. Thereafter the comparison can fail even if the
+ requested path is within the data directory. E.g. if symlinks to
+ another file system are used. To make realpath(3) return the
+ resolved path, we strip the table name and compare the directory
+ path only. If the directory doesn't exist either, table creation
+ will fail anyway.
+ */
+ if (create_info->data_file_name)
+ {
+ dirname_part(dirpath, create_info->data_file_name, &dirlen);
+ if (test_if_data_home_dir(dirpath))
+ {
+ my_error(ER_WRONG_ARGUMENTS, MYF(0), "DATA DIRECTORY");
+ goto unlock_and_end;
+ }
+ }
+ if (create_info->index_file_name)
+ {
+ dirname_part(dirpath, create_info->index_file_name, &dirlen);
+ if (test_if_data_home_dir(dirpath))
+ {
+ my_error(ER_WRONG_ARGUMENTS, MYF(0), "INDEX DIRECTORY");
+ goto unlock_and_end;
+ }
+ }
}
#ifdef WITH_PARTITION_STORAGE_ENGINE

8
mysql.spec
View File

@ -1,6 +1,6 @@
Name: mysql Name: mysql
Version: 5.1.42 Version: 5.1.42
Release: 6%{?dist} Release: 7%{?dist}
Summary: MySQL client programs and shared libraries Summary: MySQL client programs and shared libraries
Group: Applications/Databases Group: Applications/Databases
URL: http://www.mysql.com URL: http://www.mysql.com
@ -37,6 +37,7 @@ Patch8: mysql-setschedparam.patch
Patch9: mysql-ndb-stacksize.patch Patch9: mysql-ndb-stacksize.patch
Patch10: mysql-strmov.patch Patch10: mysql-strmov.patch
Patch11: mysql-signal-align.patch Patch11: mysql-signal-align.patch
Patch12: mysql-cve-2008-7247.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gperf, perl, readline-devel, openssl-devel BuildRequires: gperf, perl, readline-devel, openssl-devel
@ -181,6 +182,7 @@ the MySQL sources.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
libtoolize --force libtoolize --force
aclocal aclocal
@ -666,6 +668,10 @@ fi
%{_mandir}/man1/mysql_client_test.1* %{_mandir}/man1/mysql_client_test.1*
%changelog %changelog
* Thu Jan 28 2010 Tom Lane <tgl@redhat.com> 5.1.42-7
- Add backported patch for CVE-2008-7247 (upstream bug 39277)
Related: #543619
* Tue Jan 26 2010 Tom Lane <tgl@redhat.com> 5.1.42-6 * Tue Jan 26 2010 Tom Lane <tgl@redhat.com> 5.1.42-6
- Emit explicit error message if user tries to build RPM as root - Emit explicit error message if user tries to build RPM as root
Related: #558915 Related: #558915