[Pkg-mysql-commits] r1068 - trunk/debian/patches
Norbert Tretkowski
nobse at alioth.debian.org
Wed Dec 12 15:02:35 UTC 2007
Author: nobse
Date: 2007-12-12 15:02:35 +0000 (Wed, 12 Dec 2007)
New Revision: 1068
Modified:
trunk/debian/patches/93_SECURITY_CVE-2007-6303.dpatch
Log:
Update testsuite part of patch for CVE-2007-6303.
Modified: trunk/debian/patches/93_SECURITY_CVE-2007-6303.dpatch
===================================================================
--- trunk/debian/patches/93_SECURITY_CVE-2007-6303.dpatch 2007-12-12 12:30:43 UTC (rev 1067)
+++ trunk/debian/patches/93_SECURITY_CVE-2007-6303.dpatch 2007-12-12 15:02:35 UTC (rev 1068)
@@ -9,9 +9,9 @@
@DPATCH@
diff -Nrup a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
---- a/mysql-test/r/view_grant.result 2007-06-05 22:17:58 +04:00
-+++ b/mysql-test/r/view_grant.result 2007-09-20 17:48:10 +04:00
-@@ -776,15 +776,59 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681
+--- a/mysql-test/r/view_grant.result 2007-11-15 15:28:37.000000000 +0100
++++ b/mysql-test/r/view_grant.result 2007-09-29 03:06:40.000000000 +0200
+@@ -776,15 +776,60 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681
GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813 at localhost;
GRANT SELECT ON db26813.t1 TO u26813 at localhost;
ALTER VIEW v1 AS SELECT f2 FROM t1;
@@ -48,25 +48,26 @@
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+ALTER VIEW v2 AS SELECT f2 FROM t1;
++ERROR 42000: Access denied; you need the SUPER privilege for this operation
+SHOW CREATE VIEW v2;
+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
++v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v1;
+View Create View
+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
++ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
++v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
+ALTER VIEW v1 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v1;
+View Create View
+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
++ALTER VIEW v2 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v2;
+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
++v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
+DROP USER u29908_1 at localhost;
+DROP USER u29908_2 at localhost;
+DROP DATABASE mysqltest_29908;
@@ -75,8 +76,8 @@
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
diff -Nrup a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
---- a/mysql-test/t/view_grant.test 2007-03-23 18:56:41 +03:00
-+++ b/mysql-test/t/view_grant.test 2007-09-20 17:46:26 +04:00
+--- a/mysql-test/t/view_grant.test 2007-11-15 15:28:37.000000000 +0100
++++ b/mysql-test/t/view_grant.test 2007-09-29 03:06:22.000000000 +0200
@@ -1034,10 +1034,11 @@ GRANT SELECT ON db26813.t1 TO u26813 at loc
connect (u1,localhost,u26813,,db26813);
@@ -91,11 +92,10 @@
ALTER VIEW v3 AS SELECT f2 FROM t1;
connection root;
-@@ -1046,6 +1047,50 @@ SHOW CREATE VIEW v3;
- DROP USER u26813 at localhost;
+@@ -1047,6 +1048,51 @@ DROP USER u26813 at localhost;
DROP DATABASE db26813;
disconnect u1;
-+
+
+--echo #
+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW.
+--echo #
@@ -118,19 +118,20 @@
+connect (u2,localhost,u29908_2,,mysqltest_29908);
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+ALTER VIEW v1 AS SELECT f2 FROM t1;
++--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+
+connect (u1,localhost,u29908_1,,mysqltest_29908);
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
++ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+
+connection root;
+ALTER VIEW v1 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
++ALTER VIEW v2 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v2;
+
+DROP USER u29908_1 at localhost;
@@ -139,9 +140,10 @@
+disconnect u1;
+disconnect u2;
+--echo #######################################################################
-
++
#
# BUG#24040: Create View don't succed with "all privileges" on a database.
+ #
diff -Nrup a/sql/sql_view.cc b/sql/sql_view.cc
--- a/sql/sql_view.cc 2007-09-03 11:22:54 +04:00
+++ b/sql/sql_view.cc 2007-09-20 18:03:16 +04:00
More information about the Pkg-mysql-commits
mailing list