[Pkg-mysql-commits] r1104 - in branches/etch-5.0/debian: . patches
Norbert Tretkowski
nobse at alioth.debian.org
Sat Dec 22 17:58:26 UTC 2007
Author: nobse
Date: 2007-12-22 17:58:26 +0000 (Sat, 22 Dec 2007)
New Revision: 1104
Added:
branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6304.dpatch
Removed:
branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6303.dpatch
branches/etch-5.0/debian/patches/97_SECURITY_CVE-2007-6304.dpatch
Modified:
branches/etch-5.0/debian/changelog
Log:
5.0.32 is not affected by CVE-2007-6303, drop patch.
Modified: branches/etch-5.0/debian/changelog
===================================================================
--- branches/etch-5.0/debian/changelog 2007-12-22 17:43:02 UTC (rev 1103)
+++ branches/etch-5.0/debian/changelog 2007-12-22 17:58:26 UTC (rev 1104)
@@ -6,14 +6,9 @@
table information by replacing the file to which the symlink points.
(closes: #455010)
* SECURITY:
- Fix for CVE-2007-6303: ALTER VIEW retained the original DEFINER value,
- even when altered by another user, which could allow that user to gain the
- access rights of the view. Now ALTER VIEW is allowed only to the original
- definer or users with the SUPER privilege. (closes: #455737)
- * SECURITY:
Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
be forced to crash if the remote server returns a result with fewer columns
- than expected.
+ than expected. (closes: #455737)
-- Norbert Tretkowski <nobse at debian.org> Tue, 11 Dec 2007 23:26:23 +0100
Deleted: branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6303.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6303.dpatch 2007-12-22 17:43:02 UTC (rev 1103)
+++ branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6303.dpatch 2007-12-22 17:58:26 UTC (rev 1104)
@@ -1,166 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 96_SECURITY_CVE-2007-6303.dpatch by <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2007-6303: ALTER VIEW retained the original DEFINER value,
-## DP: even when altered by another user, which could allow that user to gain
-## DP: the access rights of the view. Now ALTER VIEW is allowed only to the
-## DP: original definer or users with the SUPER privilege. (closes: #455737)
-
- at DPATCH@
-diff -Nrup a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
---- a/mysql-test/r/view_grant.result 2007-06-05 22:17:58 +04:00
-+++ b/mysql-test/r/view_grant.result 2007-09-20 17:48:10 +04:00
-@@ -776,15 +776,59 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681
- GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813 at localhost;
- GRANT SELECT ON db26813.t1 TO u26813 at localhost;
- ALTER VIEW v1 AS SELECT f2 FROM t1;
--ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v2 AS SELECT f2 FROM t1;
--ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v3 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- SHOW CREATE VIEW v3;
- View Create View
--v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
-+v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1`
- DROP USER u26813 at localhost;
- DROP DATABASE db26813;
-+#
-+# Bug#29908: A user can gain additional access through the ALTER VIEW.
-+#
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+View Create View
-+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+View Create View
-+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+#######################################################################
- DROP DATABASE IF EXISTS mysqltest1;
- DROP DATABASE IF EXISTS mysqltest2;
- CREATE DATABASE mysqltest1;
-diff -Nrup a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
---- a/mysql-test/t/view_grant.test 2007-03-23 18:56:41 +03:00
-+++ b/mysql-test/t/view_grant.test 2007-09-20 17:46:26 +04:00
-@@ -1034,10 +1034,11 @@ GRANT SELECT ON db26813.t1 TO u26813 at loc
-
- connect (u1,localhost,u26813,,db26813);
- connection u1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v1 AS SELECT f2 FROM t1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v2 AS SELECT f2 FROM t1;
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v3 AS SELECT f2 FROM t1;
-
- connection root;
-@@ -1046,6 +1047,50 @@ SHOW CREATE VIEW v3;
- DROP USER u26813 at localhost;
- DROP DATABASE db26813;
- disconnect u1;
-+
-+--echo #
-+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW.
-+--echo #
-+connection root;
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+ SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+
-+connect (u2,localhost,u29908_2,,mysqltest_29908);
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connect (u1,localhost,u29908_1,,mysqltest_29908);
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connection root;
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+disconnect u1;
-+disconnect u2;
-+--echo #######################################################################
-
- #
- # BUG#24040: Create View don't succed with "all privileges" on a database.
-diff -Nrup a/sql/sql_view.cc b/sql/sql_view.cc
---- a/sql/sql_view.cc 2007-09-03 11:22:54 +04:00
-+++ b/sql/sql_view.cc 2007-09-20 18:03:16 +04:00
-@@ -223,9 +223,6 @@ bool mysql_create_view(THD *thd, TABLE_L
- {
- LEX *lex= thd->lex;
- bool link_to_local;
--#ifndef NO_EMBEDDED_ACCESS_CHECKS
-- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
--#endif
- /* first table in list is target VIEW name => cut off it */
- TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
- TABLE_LIST *tables= lex->query_tables;
-@@ -280,7 +277,7 @@ bool mysql_create_view(THD *thd, TABLE_L
- - same as current user
- - current user has SUPER_ACL
- */
-- if (definer_check_is_needed &&
-+ if (lex->definer &&
- (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
- my_strcasecmp(system_charset_info,
- lex->definer->host.str,
Copied: branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6304.dpatch (from rev 1103, branches/etch-5.0/debian/patches/97_SECURITY_CVE-2007-6304.dpatch)
===================================================================
--- branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6304.dpatch (rev 0)
+++ branches/etch-5.0/debian/patches/96_SECURITY_CVE-2007-6304.dpatch 2007-12-22 17:58:26 UTC (rev 1104)
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 96_SECURITY_CVE-2007-6304.dpatch by <nobse at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
+## DP: be forced to crash if the remote server returns a result with fewer columns
+## DP: than expected. (closes: #455737)
+
+ at DPATCH@
+diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc
+--- a/sql/ha_federated.cc 2007-07-26 05:22:50 +05:00
++++ b/sql/ha_federated.cc 2007-10-15 10:11:50 +05:00
+@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
+ status_query_string.length(0);
+
+ result= mysql_store_result(mysql);
+- if (!result)
++
++ /*
++ We're going to use fields num. 4, 12 and 13 of the resultset,
++ so make sure we have these fields.
++ */
++ if (!result || (mysql_num_fields(result) < 14))
+ goto error;
+
+ if (!mysql_num_rows(result))
Deleted: branches/etch-5.0/debian/patches/97_SECURITY_CVE-2007-6304.dpatch
===================================================================
--- branches/etch-5.0/debian/patches/97_SECURITY_CVE-2007-6304.dpatch 2007-12-22 17:43:02 UTC (rev 1103)
+++ branches/etch-5.0/debian/patches/97_SECURITY_CVE-2007-6304.dpatch 2007-12-22 17:58:26 UTC (rev 1104)
@@ -1,26 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 97_SECURITY_CVE-2007-6304.dpatch by <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
-## DP: be forced to crash if the remote server returns a result with fewer columns
-## DP: than expected. (closes: #455737)
-
- at DPATCH@
-diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc
---- a/sql/ha_federated.cc 2007-07-26 05:22:50 +05:00
-+++ b/sql/ha_federated.cc 2007-10-15 10:11:50 +05:00
-@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
- status_query_string.length(0);
-
- result= mysql_store_result(mysql);
-- if (!result)
-+
-+ /*
-+ We're going to use fields num. 4, 12 and 13 of the resultset,
-+ so make sure we have these fields.
-+ */
-+ if (!result || (mysql_num_fields(result) < 14))
- goto error;
-
- if (!mysql_num_rows(result))
More information about the Pkg-mysql-commits
mailing list