[Pkg-mysql-commits] r966 - in branches/sarge-4.1/debian: . patches
Christian Hammers
ch at alioth.debian.org
Tue Nov 6 01:41:07 UTC 2007
tags 369735 pending
tags 373913 pending
tags 375694 pending
tags 383165 pending
tags 384798 pending
thanks
Author: ch
Date: 2007-11-06 01:41:07 +0000 (Tue, 06 Nov 2007)
New Revision: 966
Added:
branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch
Removed:
branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
branches/sarge-4.1/debian/patches/70_replication_fix.dpatch
Modified:
branches/sarge-4.1/debian/changelog
branches/sarge-4.1/debian/patches/00list
Log:
Somebody overwrote the last uploads :-(
I reconstructed to:
mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
Modified: branches/sarge-4.1/debian/changelog
===================================================================
--- branches/sarge-4.1/debian/changelog 2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/changelog 2007-11-06 01:41:07 UTC (rev 966)
@@ -1,10 +1,60 @@
-mysql-dfsg-4.1 (4.1.11a-4sarge4) oldstable-security; urgency=low
+mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
- * Upload prepared for the security team by the debian mysql maintainers
- * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (closes: #424830).
+ * SECURITY:
+ MySQL when run on case-sensitive filesystems, allows remote
+ authenticated users to create or access a database when the
+ database name differs only in case from a database for which
+ they have permissions. (CVE-2006-4226). Closes: #384798
+ * SECURITY:
+ Certain SQL queries could crash the server and prevent master-slave
+ replication from continue until manual intervention was taken.
+ (CVE-2006-4380). Closes: #383165
- -- sean finney <seanius at debian.org> Thu, 17 May 2007 19:13:14 +0200
+ -- Christian Hammers <ch at debian.org> Sat, 26 Aug 2006 13:42:02 +0000
+mysql-dfsg-4.1 (4.1.11a-4sarge6) stable; urgency=low
+
+ * [this version was uploaded to stable-proposed-updates but never released]
+ * Certain SQL queries could crash the server and prevent master-slave
+ replication from continue until manual intervention was taken.
+ Closes: #383165
+
+ -- Christian Hammers <ch at debian.org> Fri, 25 Aug 2006 21:15:35 +0000
+
+mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low
+
+ * Security upload prepared for the security team by the Debian MySQL
+ package maintainers.
+ * Fixed DoS bug where any user could crash the server with
+ "SELECT str_to_date(1, NULL);" (CVE-2006-3081).
+ The vulnerability was discovered by Kanatoko <anvil at jumperz.net>.
+ Closes: #373913
+ * Fixed DoS bug where any user could crash the server with
+ "SELECT date_format('%d%s', 1); (CVE-2006-3469).
+ The vulnerability was discovered by Maillefer Jean-David
+ <jean-david at kesako.ch> and filed as MySQL bug #20729.
+ Closes: #375694
+
+ -- Christian Hammers <ch at debian.org> Fri, 16 Jun 2006 09:52:12 +0000
+
+mysql-dfsg-4.1 (4.1.11a-4sarge4) stable-security; urgency=low
+
+ * Security upload prepared for the security team bythe Debian MySQL
+ package maintainers.
+ * Extracted upstream patch from the diff of 4.1.19 and 4.1.20 to fix
+ the following bug:
+ "An SQL-injection security hole has been found in
+ multibyte encoding processing. The bug was in the server,
+ incorrectly parsing the string escaped with mysql_real_escape().
+
+ This vulnerability was discovered and reported by Josh Berkus
+ <josh at postgresql.org> and Tom Lane <tgl at sss.pgh.pa.us> as part of
+ the inter-project security collaboration of the OSDB consortium."
+ (CVE-2006-2753)
+ Closes: #369735
+
+ -- Christian Hammers <ch at debian.org> Wed, 31 May 2006 22:42:57 +0000
+
mysql-dfsg-4.1 (4.1.11a-4sarge3) stable-security; urgency=low
* Security upload prepared for the security team by the debian mysql
Modified: branches/sarge-4.1/debian/patches/00list
===================================================================
--- branches/sarge-4.1/debian/patches/00list 2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/00list 2007-11-06 01:41:07 UTC (rev 966)
@@ -18,4 +18,8 @@
61_SECURITY_CAN-2005-2558.dpatch
62_SECURITY_CVE-2006-0903.dpatch
63_SECURITY_CVE-2006-1516-1518.dpatch
-64_SECURITY_CVE-2007-2691_alter-drop.dpatch
+64_SECURITY_CVE-2006-2753.dpatch
+65_SECURITY_CVE-2006-3081.dpatch
+66_SECURITY_CVE-2006-3469.dpatch
+67_SECURITY_CVE-2006-4226.dpatch
+68_SECURITY_CVE-2006-4380.dpatch
Deleted: branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch 2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch 2007-11-06 01:41:07 UTC (rev 966)
@@ -1,15 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# taken from http://lists.mysql.com/commits/24642?f=plain
-
- at DPATCH@
---- 1.496/sql/sql_parse.cc 2007-04-17 16:52:53 +05:00
-+++ 1.497/sql/sql_parse.cc 2007-04-17 16:52:53 +05:00
-@@ -2818,7 +2818,7 @@ unsent_create_error:
- old_list=table[0];
- new_list=table->next[0];
- old_list.next=new_list.next=0;
-- if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
-+ if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
- (!test_all_bits(table->next->grant.privilege,
- INSERT_ACL | CREATE_ACL) &&
- check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,
Added: branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch (rev 0)
+++ branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch 2007-11-06 01:41:07 UTC (rev 966)
@@ -0,0 +1,162 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99-unnamed.dpatch by <ch at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch for a bug that causes replicating servers to crash on
+## DP: certain SQL queries. CVE-2006-4380. Closes: #383165
+## DP: http://lists.mysql.com/internals/26123?f=plain
+
+ at DPATCH@
+
+# From: Elliot MurphyDate: June 17 2005 5:15pm
+# Subject: bk commit into 4.1 tree (elliot:1.2301) BUG#10442
+#
+# Below is the list of changes that have just been committed into a local
+# 4.1 repository of emurphy. When emurphy does a push these changes will
+# be propagated to the main repository and, within 24 hours after the
+# push, to the public repository.
+# For information on how to access the public repository
+# see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
+#
+# ChangeSet
+# 1.2301 05/06/17 11:15:29 elliot at stripped +3 -0
+# BUG#10442 Fix replication slave crash when a query with multiupdate and
+# subselects is used.
+#
+# sql/sql_parse.cc
+# 1.444 05/06/17 11:15:25 elliot at stripped +8 -8
+# BUG#10442 Fix crash on replication slave by making sure that table list
+# is filled out before it is used.
+#
+# mysql-test/r/rpl_multi_update3.result
+# 1.1 05/06/16 16:32:31 elliot at stripped +42 -0
+#
+# mysql-test/r/rpl_multi_update3.result
+# 1.0 05/06/16 16:32:31 elliot at stripped +0 -0
+# BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/r/rpl_multi_update3.result
+#
+# mysql-test/t/rpl_multi_update3.test
+# 1.1 05/06/16 16:31:14 elliot at stripped +33 -0
+#
+# mysql-test/t/rpl_multi_update3.test
+# 1.0 05/06/16 16:31:14 elliot at stripped +0 -0
+# BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/t/rpl_multi_update3.test
+#
+# This is a BitKeeper patch. What follows are the unified diffs for the
+# set of deltas contained in the patch. The rest of the patch, the part
+# that BitKeeper cares about, is below these diffs.
+# User: elliot
+# Host: agony.local
+# Root: /Users/emurphy/src/work/mysql-4.1-bug10442
+
+--- old/sql/sql_parse.cc 2005-06-16 16:11:40 -04:00
++++ new/sql/sql_parse.cc 2005-06-17 11:15:25 -04:00
+@@ -1943,6 +1943,14 @@
+ if (tables || &lex->select_lex != lex->all_selects_list)
+ mysql_reset_errors(thd);
+
++ /* When subselects or time_zone info is used in a query
++ * we create a new TABLE_LIST containing all referenced tables
++ * and set local variable 'tables' to point to this list. */
++ if ((&lex->select_lex != lex->all_selects_list ||
++ lex->time_zone_tables_used) &&
++ lex->unit.create_total_list(thd, lex, &tables))
++ DBUG_VOID_RETURN;
++
+ #ifdef HAVE_REPLICATION
+ if (thd->slave_thread)
+ {
+@@ -1992,10 +2000,6 @@
+ #endif
+ }
+ #endif /* !HAVE_REPLICATION */
+- if ((&lex->select_lex != lex->all_selects_list ||
+- lex->time_zone_tables_used) &&
+- lex->unit.create_total_list(thd, lex, &tables))
+- DBUG_VOID_RETURN;
+
+ /*
+ When option readonly is set deny operations which change tables.
+--- New file ---
++++ new/mysql-test/r/rpl_multi_update3.result 05/06/16 16:32:31
+stop slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+reset master;
+reset slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+start slave;
+CREATE TABLE t1 (
+a int unsigned not null auto_increment primary key,
+b int unsigned
+) ENGINE=MyISAM;
+CREATE TABLE t2 (
+a int unsigned not null auto_increment primary key,
+b int unsigned
+) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (NULL, 0);
+INSERT INTO t1 SELECT NULL, 0 FROM t1;
+INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
+SELECT * FROM t1 ORDER BY a;
+a b
+1 0
+2 0
+SELECT * FROM t2 ORDER BY a;
+a b
+1 0
+2 1
+UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
+SELECT * FROM t1 ORDER BY a;
+a b
+1 0
+2 0
+SELECT * FROM t2 ORDER BY a;
+a b
+1 6
+2 6
+SELECT * FROM t1 ORDER BY a;
+a b
+1 0
+2 0
+SELECT * FROM t2 ORDER BY a;
+a b
+1 6
+2 6
+drop table t1,t2;
+
+--- New file ---
++++ new/mysql-test/t/rpl_multi_update3.test 05/06/16 16:31:14
+# Let's verify that multi-update with a subselect does not cause the slave to crash
+# (BUG#10442)
+
+source include/master-slave.inc;
+
+CREATE TABLE t1 (
+ a int unsigned not null auto_increment primary key,
+ b int unsigned
+) ENGINE=MyISAM;
+
+CREATE TABLE t2 (
+ a int unsigned not null auto_increment primary key,
+ b int unsigned
+) ENGINE=MyISAM;
+
+INSERT INTO t1 VALUES (NULL, 0);
+INSERT INTO t1 SELECT NULL, 0 FROM t1;
+
+INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
+
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+save_master_pos;
+connection slave;
+sync_with_master;
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+drop table t1,t2;
+
Deleted: branches/sarge-4.1/debian/patches/70_replication_fix.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/70_replication_fix.dpatch 2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/70_replication_fix.dpatch 2007-11-06 01:41:07 UTC (rev 966)
@@ -1,162 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 99-unnamed.dpatch by <ch at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Patch for a bug that causes replicating servers to crash on
-## DP: certain SQL queries. Closes: #383165
-## DP: http://lists.mysql.com/internals/26123?f=plain
-
- at DPATCH@
-
-# From: Elliot MurphyDate: June 17 2005 5:15pm
-# Subject: bk commit into 4.1 tree (elliot:1.2301) BUG#10442
-#
-# Below is the list of changes that have just been committed into a local
-# 4.1 repository of emurphy. When emurphy does a push these changes will
-# be propagated to the main repository and, within 24 hours after the
-# push, to the public repository.
-# For information on how to access the public repository
-# see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
-#
-# ChangeSet
-# 1.2301 05/06/17 11:15:29 elliot at stripped +3 -0
-# BUG#10442 Fix replication slave crash when a query with multiupdate and
-# subselects is used.
-#
-# sql/sql_parse.cc
-# 1.444 05/06/17 11:15:25 elliot at stripped +8 -8
-# BUG#10442 Fix crash on replication slave by making sure that table list
-# is filled out before it is used.
-#
-# mysql-test/r/rpl_multi_update3.result
-# 1.1 05/06/16 16:32:31 elliot at stripped +42 -0
-#
-# mysql-test/r/rpl_multi_update3.result
-# 1.0 05/06/16 16:32:31 elliot at stripped +0 -0
-# BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/r/rpl_multi_update3.result
-#
-# mysql-test/t/rpl_multi_update3.test
-# 1.1 05/06/16 16:31:14 elliot at stripped +33 -0
-#
-# mysql-test/t/rpl_multi_update3.test
-# 1.0 05/06/16 16:31:14 elliot at stripped +0 -0
-# BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/t/rpl_multi_update3.test
-#
-# This is a BitKeeper patch. What follows are the unified diffs for the
-# set of deltas contained in the patch. The rest of the patch, the part
-# that BitKeeper cares about, is below these diffs.
-# User: elliot
-# Host: agony.local
-# Root: /Users/emurphy/src/work/mysql-4.1-bug10442
-
---- old/sql/sql_parse.cc 2005-06-16 16:11:40 -04:00
-+++ new/sql/sql_parse.cc 2005-06-17 11:15:25 -04:00
-@@ -1943,6 +1943,14 @@
- if (tables || &lex->select_lex != lex->all_selects_list)
- mysql_reset_errors(thd);
-
-+ /* When subselects or time_zone info is used in a query
-+ * we create a new TABLE_LIST containing all referenced tables
-+ * and set local variable 'tables' to point to this list. */
-+ if ((&lex->select_lex != lex->all_selects_list ||
-+ lex->time_zone_tables_used) &&
-+ lex->unit.create_total_list(thd, lex, &tables))
-+ DBUG_VOID_RETURN;
-+
- #ifdef HAVE_REPLICATION
- if (thd->slave_thread)
- {
-@@ -1992,10 +2000,6 @@
- #endif
- }
- #endif /* !HAVE_REPLICATION */
-- if ((&lex->select_lex != lex->all_selects_list ||
-- lex->time_zone_tables_used) &&
-- lex->unit.create_total_list(thd, lex, &tables))
-- DBUG_VOID_RETURN;
-
- /*
- When option readonly is set deny operations which change tables.
---- New file ---
-+++ new/mysql-test/r/rpl_multi_update3.result 05/06/16 16:32:31
-stop slave;
-drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
-reset master;
-reset slave;
-drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
-start slave;
-CREATE TABLE t1 (
-a int unsigned not null auto_increment primary key,
-b int unsigned
-) ENGINE=MyISAM;
-CREATE TABLE t2 (
-a int unsigned not null auto_increment primary key,
-b int unsigned
-) ENGINE=MyISAM;
-INSERT INTO t1 VALUES (NULL, 0);
-INSERT INTO t1 SELECT NULL, 0 FROM t1;
-INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
-SELECT * FROM t1 ORDER BY a;
-a b
-1 0
-2 0
-SELECT * FROM t2 ORDER BY a;
-a b
-1 0
-2 1
-UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
-SELECT * FROM t1 ORDER BY a;
-a b
-1 0
-2 0
-SELECT * FROM t2 ORDER BY a;
-a b
-1 6
-2 6
-SELECT * FROM t1 ORDER BY a;
-a b
-1 0
-2 0
-SELECT * FROM t2 ORDER BY a;
-a b
-1 6
-2 6
-drop table t1,t2;
-
---- New file ---
-+++ new/mysql-test/t/rpl_multi_update3.test 05/06/16 16:31:14
-# Let's verify that multi-update with a subselect does not cause the slave to crash
-# (BUG#10442)
-
-source include/master-slave.inc;
-
-CREATE TABLE t1 (
- a int unsigned not null auto_increment primary key,
- b int unsigned
-) ENGINE=MyISAM;
-
-CREATE TABLE t2 (
- a int unsigned not null auto_increment primary key,
- b int unsigned
-) ENGINE=MyISAM;
-
-INSERT INTO t1 VALUES (NULL, 0);
-INSERT INTO t1 SELECT NULL, 0 FROM t1;
-
-INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
-
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-save_master_pos;
-connection slave;
-sync_with_master;
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-drop table t1,t2;
-
More information about the Pkg-mysql-commits
mailing list