[Pkg-mysql-commits] r966 - in branches/sarge-4.1/debian: . patches

Christian Hammers ch at alioth.debian.org
Tue Nov 6 01:41:07 UTC 2007


tags 369735 pending
tags 373913 pending
tags 375694 pending
tags 383165 pending
tags 384798 pending
thanks

Author: ch
Date: 2007-11-06 01:41:07 +0000 (Tue, 06 Nov 2007)
New Revision: 966

Added:
   branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch
Removed:
   branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
   branches/sarge-4.1/debian/patches/70_replication_fix.dpatch
Modified:
   branches/sarge-4.1/debian/changelog
   branches/sarge-4.1/debian/patches/00list
Log:
Somebody overwrote the last uploads :-(
I reconstructed to:
	mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low



Modified: branches/sarge-4.1/debian/changelog
===================================================================
--- branches/sarge-4.1/debian/changelog	2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/changelog	2007-11-06 01:41:07 UTC (rev 966)
@@ -1,10 +1,60 @@
-mysql-dfsg-4.1 (4.1.11a-4sarge4) oldstable-security; urgency=low
+mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low
 
-  * Upload prepared for the security team by the debian mysql maintainers
-  * Fix for CVE-2007-2691: DROP/RENAME TABLE statements (closes: #424830).
+  * SECURITY:
+    MySQL when run on case-sensitive filesystems, allows remote
+    authenticated users to create or access a database when the
+    database name differs only in case from a database for which
+    they have permissions. (CVE-2006-4226). Closes: #384798
+  * SECURITY:
+    Certain SQL queries could crash the server and prevent master-slave
+    replication from continue until manual intervention was taken.
+    (CVE-2006-4380). Closes: #383165
 
- -- sean finney <seanius at debian.org>  Thu, 17 May 2007 19:13:14 +0200
+ -- Christian Hammers <ch at debian.org>  Sat, 26 Aug 2006 13:42:02 +0000
 
+mysql-dfsg-4.1 (4.1.11a-4sarge6) stable; urgency=low
+
+  * [this version was uploaded to stable-proposed-updates but never released]
+  * Certain SQL queries could crash the server and prevent master-slave
+    replication from continue until manual intervention was taken.
+    Closes: #383165
+
+ -- Christian Hammers <ch at debian.org>  Fri, 25 Aug 2006 21:15:35 +0000
+
+mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low
+
+  * Security upload prepared for the security team by the Debian MySQL
+    package maintainers.
+  * Fixed DoS bug where any user could crash the server with
+    "SELECT str_to_date(1, NULL);" (CVE-2006-3081).
+    The vulnerability was discovered by Kanatoko <anvil at jumperz.net>.
+    Closes: #373913
+  * Fixed DoS bug where any user could crash the server with
+    "SELECT date_format('%d%s', 1); (CVE-2006-3469).
+    The vulnerability was discovered by Maillefer Jean-David
+    <jean-david at kesako.ch> and filed as MySQL bug #20729.
+    Closes: #375694
+
+ -- Christian Hammers <ch at debian.org>  Fri, 16 Jun 2006 09:52:12 +0000
+
+mysql-dfsg-4.1 (4.1.11a-4sarge4) stable-security; urgency=low
+
+  * Security upload prepared for the security team bythe Debian MySQL
+    package maintainers.
+  * Extracted upstream patch from the diff of 4.1.19 and 4.1.20 to fix
+    the following bug:
+    "An SQL-injection security hole has been found in
+     multibyte encoding processing. The bug was in the server,
+     incorrectly parsing the string escaped with mysql_real_escape().
+
+     This vulnerability was discovered and reported by Josh Berkus
+     <josh at postgresql.org> and Tom Lane <tgl at sss.pgh.pa.us> as part of
+     the inter-project security collaboration of the OSDB consortium."
+    (CVE-2006-2753)
+    Closes: #369735
+
+ -- Christian Hammers <ch at debian.org>  Wed, 31 May 2006 22:42:57 +0000
+
 mysql-dfsg-4.1 (4.1.11a-4sarge3) stable-security; urgency=low
 
   * Security upload prepared for the security team by the debian mysql

Modified: branches/sarge-4.1/debian/patches/00list
===================================================================
--- branches/sarge-4.1/debian/patches/00list	2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/00list	2007-11-06 01:41:07 UTC (rev 966)
@@ -18,4 +18,8 @@
 61_SECURITY_CAN-2005-2558.dpatch
 62_SECURITY_CVE-2006-0903.dpatch
 63_SECURITY_CVE-2006-1516-1518.dpatch
-64_SECURITY_CVE-2007-2691_alter-drop.dpatch
+64_SECURITY_CVE-2006-2753.dpatch
+65_SECURITY_CVE-2006-3081.dpatch
+66_SECURITY_CVE-2006-3469.dpatch
+67_SECURITY_CVE-2006-4226.dpatch
+68_SECURITY_CVE-2006-4380.dpatch

Deleted: branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/64_SECURITY_CVE-2007-2691_alter-drop.dpatch	2007-11-06 01:41:07 UTC (rev 966)
@@ -1,15 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# taken from http://lists.mysql.com/commits/24642?f=plain
-
- at DPATCH@
---- 1.496/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
-+++ 1.497/sql/sql_parse.cc	2007-04-17 16:52:53 +05:00
-@@ -2818,7 +2818,7 @@ unsent_create_error:
- 	old_list=table[0];
- 	new_list=table->next[0];
- 	old_list.next=new_list.next=0;
--	if (check_grant(thd, ALTER_ACL, &old_list, 0, UINT_MAX, 0) ||
-+	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, UINT_MAX, 0) ||
- 	    (!test_all_bits(table->next->grant.privilege,
- 			    INSERT_ACL | CREATE_ACL) &&
- 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0,

Added: branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch	                        (rev 0)
+++ branches/sarge-4.1/debian/patches/68_SECURITY_CVE-2006-4380.dpatch	2007-11-06 01:41:07 UTC (rev 966)
@@ -0,0 +1,162 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99-unnamed.dpatch by  <ch at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Patch for a bug that causes replicating servers to crash on
+## DP: certain SQL queries. CVE-2006-4380. Closes: #383165
+## DP: http://lists.mysql.com/internals/26123?f=plain
+
+ at DPATCH@
+
+# From: Elliot&nbsp;MurphyDate: June 17 2005 5:15pm
+# Subject: bk commit into 4.1 tree (elliot:1.2301) BUG#10442
+# 
+# Below is the list of changes that have just been committed into a local
+# 4.1 repository of emurphy. When emurphy does a push these changes will
+# be propagated to the main repository and, within 24 hours after the
+# push, to the public repository.
+# For information on how to access the public repository
+# see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
+# 
+# ChangeSet
+#   1.2301 05/06/17 11:15:29 elliot at stripped +3 -0
+#   BUG#10442 Fix replication slave crash when a query with multiupdate and 
+#   subselects is used.
+# 
+#   sql/sql_parse.cc
+#     1.444 05/06/17 11:15:25 elliot at stripped +8 -8
+#     BUG#10442 Fix crash on replication slave by making sure that table list
+#     is filled out before it is used.
+# 
+#   mysql-test/r/rpl_multi_update3.result
+#     1.1 05/06/16 16:32:31 elliot at stripped +42 -0
+# 
+#   mysql-test/r/rpl_multi_update3.result
+#     1.0 05/06/16 16:32:31 elliot at stripped +0 -0
+#     BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/r/rpl_multi_update3.result
+# 
+#   mysql-test/t/rpl_multi_update3.test
+#     1.1 05/06/16 16:31:14 elliot at stripped +33 -0
+# 
+#   mysql-test/t/rpl_multi_update3.test
+#     1.0 05/06/16 16:31:14 elliot at stripped +0 -0
+#     BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/t/rpl_multi_update3.test
+# 
+# This is a BitKeeper patch.  What follows are the unified diffs for the
+# set of deltas contained in the patch.  The rest of the patch, the part
+# that BitKeeper cares about, is below these diffs.
+# User:	elliot
+# Host:	agony.local
+# Root:	/Users/emurphy/src/work/mysql-4.1-bug10442
+
+--- old/sql/sql_parse.cc	2005-06-16 16:11:40 -04:00
++++ new/sql/sql_parse.cc	2005-06-17 11:15:25 -04:00
+@@ -1943,6 +1943,14 @@
+   if (tables || &lex->select_lex != lex->all_selects_list)
+     mysql_reset_errors(thd);
+ 
++  /* When subselects or time_zone info is used in a query
++   * we create a new TABLE_LIST containing all referenced tables
++   * and set local variable 'tables' to point to this list. */
++  if ((&lex->select_lex != lex->all_selects_list ||
++       lex->time_zone_tables_used) &&
++      lex->unit.create_total_list(thd, lex, &tables))
++    DBUG_VOID_RETURN;
++
+ #ifdef HAVE_REPLICATION
+   if (thd->slave_thread)
+   {
+@@ -1992,10 +2000,6 @@
+ #endif
+   }
+ #endif /* !HAVE_REPLICATION */
+-  if ((&lex->select_lex != lex->all_selects_list ||
+-       lex->time_zone_tables_used) &&
+-      lex->unit.create_total_list(thd, lex, &tables))
+-    DBUG_VOID_RETURN;
+ 
+   /*
+     When option readonly is set deny operations which change tables.
+--- New file ---
++++ new/mysql-test/r/rpl_multi_update3.result	05/06/16 16:32:31
+stop slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+reset master;
+reset slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+start slave;
+CREATE TABLE t1 (
+a int unsigned not null auto_increment primary key,
+b int unsigned
+) ENGINE=MyISAM;
+CREATE TABLE t2 (
+a int unsigned not null auto_increment primary key,
+b int unsigned
+) ENGINE=MyISAM;
+INSERT INTO t1 VALUES (NULL, 0);
+INSERT INTO t1 SELECT NULL, 0 FROM t1;
+INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
+SELECT * FROM t1 ORDER BY a;
+a	b
+1	0
+2	0
+SELECT * FROM t2 ORDER BY a;
+a	b
+1	0
+2	1
+UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
+SELECT * FROM t1 ORDER BY a;
+a	b
+1	0
+2	0
+SELECT * FROM t2 ORDER BY a;
+a	b
+1	6
+2	6
+SELECT * FROM t1 ORDER BY a;
+a	b
+1	0
+2	0
+SELECT * FROM t2 ORDER BY a;
+a	b
+1	6
+2	6
+drop table t1,t2;
+
+--- New file ---
++++ new/mysql-test/t/rpl_multi_update3.test	05/06/16 16:31:14
+# Let's verify that multi-update with a subselect does not cause the slave to crash
+# (BUG#10442)
+
+source include/master-slave.inc;
+
+CREATE TABLE t1 (
+ a int unsigned not null auto_increment primary key,
+ b int unsigned
+) ENGINE=MyISAM;
+
+CREATE TABLE t2 (
+ a int unsigned not null auto_increment primary key,
+ b int unsigned
+) ENGINE=MyISAM;
+
+INSERT INTO t1 VALUES (NULL, 0);
+INSERT INTO t1 SELECT NULL, 0 FROM t1;
+
+INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
+
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+save_master_pos;
+connection slave;
+sync_with_master;
+SELECT * FROM t1 ORDER BY a;
+SELECT * FROM t2 ORDER BY a;
+
+drop table t1,t2;
+

Deleted: branches/sarge-4.1/debian/patches/70_replication_fix.dpatch
===================================================================
--- branches/sarge-4.1/debian/patches/70_replication_fix.dpatch	2007-10-20 15:16:58 UTC (rev 965)
+++ branches/sarge-4.1/debian/patches/70_replication_fix.dpatch	2007-11-06 01:41:07 UTC (rev 966)
@@ -1,162 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 99-unnamed.dpatch by  <ch at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Patch for a bug that causes replicating servers to crash on
-## DP: certain SQL queries. Closes: #383165
-## DP: http://lists.mysql.com/internals/26123?f=plain
-
- at DPATCH@
-
-# From: Elliot&nbsp;MurphyDate: June 17 2005 5:15pm
-# Subject: bk commit into 4.1 tree (elliot:1.2301) BUG#10442
-# 
-# Below is the list of changes that have just been committed into a local
-# 4.1 repository of emurphy. When emurphy does a push these changes will
-# be propagated to the main repository and, within 24 hours after the
-# push, to the public repository.
-# For information on how to access the public repository
-# see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
-# 
-# ChangeSet
-#   1.2301 05/06/17 11:15:29 elliot at stripped +3 -0
-#   BUG#10442 Fix replication slave crash when a query with multiupdate and 
-#   subselects is used.
-# 
-#   sql/sql_parse.cc
-#     1.444 05/06/17 11:15:25 elliot at stripped +8 -8
-#     BUG#10442 Fix crash on replication slave by making sure that table list
-#     is filled out before it is used.
-# 
-#   mysql-test/r/rpl_multi_update3.result
-#     1.1 05/06/16 16:32:31 elliot at stripped +42 -0
-# 
-#   mysql-test/r/rpl_multi_update3.result
-#     1.0 05/06/16 16:32:31 elliot at stripped +0 -0
-#     BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/r/rpl_multi_update3.result
-# 
-#   mysql-test/t/rpl_multi_update3.test
-#     1.1 05/06/16 16:31:14 elliot at stripped +33 -0
-# 
-#   mysql-test/t/rpl_multi_update3.test
-#     1.0 05/06/16 16:31:14 elliot at stripped +0 -0
-#     BitKeeper file /Users/emurphy/src/work/mysql-4.1-bug10442/mysql-test/t/rpl_multi_update3.test
-# 
-# This is a BitKeeper patch.  What follows are the unified diffs for the
-# set of deltas contained in the patch.  The rest of the patch, the part
-# that BitKeeper cares about, is below these diffs.
-# User:	elliot
-# Host:	agony.local
-# Root:	/Users/emurphy/src/work/mysql-4.1-bug10442
-
---- old/sql/sql_parse.cc	2005-06-16 16:11:40 -04:00
-+++ new/sql/sql_parse.cc	2005-06-17 11:15:25 -04:00
-@@ -1943,6 +1943,14 @@
-   if (tables || &lex->select_lex != lex->all_selects_list)
-     mysql_reset_errors(thd);
- 
-+  /* When subselects or time_zone info is used in a query
-+   * we create a new TABLE_LIST containing all referenced tables
-+   * and set local variable 'tables' to point to this list. */
-+  if ((&lex->select_lex != lex->all_selects_list ||
-+       lex->time_zone_tables_used) &&
-+      lex->unit.create_total_list(thd, lex, &tables))
-+    DBUG_VOID_RETURN;
-+
- #ifdef HAVE_REPLICATION
-   if (thd->slave_thread)
-   {
-@@ -1992,10 +2000,6 @@
- #endif
-   }
- #endif /* !HAVE_REPLICATION */
--  if ((&lex->select_lex != lex->all_selects_list ||
--       lex->time_zone_tables_used) &&
--      lex->unit.create_total_list(thd, lex, &tables))
--    DBUG_VOID_RETURN;
- 
-   /*
-     When option readonly is set deny operations which change tables.
---- New file ---
-+++ new/mysql-test/r/rpl_multi_update3.result	05/06/16 16:32:31
-stop slave;
-drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
-reset master;
-reset slave;
-drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
-start slave;
-CREATE TABLE t1 (
-a int unsigned not null auto_increment primary key,
-b int unsigned
-) ENGINE=MyISAM;
-CREATE TABLE t2 (
-a int unsigned not null auto_increment primary key,
-b int unsigned
-) ENGINE=MyISAM;
-INSERT INTO t1 VALUES (NULL, 0);
-INSERT INTO t1 SELECT NULL, 0 FROM t1;
-INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
-SELECT * FROM t1 ORDER BY a;
-a	b
-1	0
-2	0
-SELECT * FROM t2 ORDER BY a;
-a	b
-1	0
-2	1
-UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
-SELECT * FROM t1 ORDER BY a;
-a	b
-1	0
-2	0
-SELECT * FROM t2 ORDER BY a;
-a	b
-1	6
-2	6
-SELECT * FROM t1 ORDER BY a;
-a	b
-1	0
-2	0
-SELECT * FROM t2 ORDER BY a;
-a	b
-1	6
-2	6
-drop table t1,t2;
-
---- New file ---
-+++ new/mysql-test/t/rpl_multi_update3.test	05/06/16 16:31:14
-# Let's verify that multi-update with a subselect does not cause the slave to crash
-# (BUG#10442)
-
-source include/master-slave.inc;
-
-CREATE TABLE t1 (
- a int unsigned not null auto_increment primary key,
- b int unsigned
-) ENGINE=MyISAM;
-
-CREATE TABLE t2 (
- a int unsigned not null auto_increment primary key,
- b int unsigned
-) ENGINE=MyISAM;
-
-INSERT INTO t1 VALUES (NULL, 0);
-INSERT INTO t1 SELECT NULL, 0 FROM t1;
-
-INSERT INTO t2 VALUES (NULL, 0), (NULL,1);
-
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-UPDATE t2, (SELECT a FROM t1) AS t SET t2.b = t.a+5 ;
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-save_master_pos;
-connection slave;
-sync_with_master;
-SELECT * FROM t1 ORDER BY a;
-SELECT * FROM t2 ORDER BY a;
-
-drop table t1,t2;
-




More information about the Pkg-mysql-commits mailing list