[Pkg-mysql-commits] r1134 - in trunk/debian: . patches
Norbert Tretkowski
nobse at alioth.debian.org
Tue Jan 29 18:02:19 UTC 2008
Author: nobse
Date: 2008-01-29 18:02:19 +0000 (Tue, 29 Jan 2008)
New Revision: 1134
Removed:
trunk/debian/patches/51_mysqlcheck-result.dpatch
trunk/debian/patches/92_SECURITY_CVE-2007-6303.dpatch
trunk/debian/patches/93_SECURITY_CVE-2007-6304.dpatch
trunk/debian/patches/94_SECURITY_CVE-2008-0226+0227.dpatch
Modified:
trunk/debian/changelog
trunk/debian/patches/00list
Log:
Update to 5.0.51a
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/changelog 2008-01-29 18:02:19 UTC (rev 1134)
@@ -1,6 +1,12 @@
-mysql-dfsg-5.0 (5.0.51-4) UNRELEASED; urgency=low
+mysql-dfsg-5.0 (5.0.51a-1) UNRELEASED; urgency=low
[ Norbert Tretkowski ]
+ * New upstream security hotfix release.
+ * Remove patches:
+ + debian/patches/51_mysqlcheck-result.dpatch
+ + debian/patches/92_SECURITY_CVE-2007-6303.dpatch
+ + debian/patches/93_SECURITY_CVE-2007-6304.dpatch
+ + debian/patches/94_SECURITY_CVE-2008-0226+0227.dpatch
* Add recommendation on libhtml-template-perl to -server package, used by
ndb_size. (closes: #462265)
* Update mysqlreport to 3.4a release.
@@ -8,7 +14,7 @@
[ Luk Claes ]
* Updated Japanese debconf translation (Closes: #462158).
- -- Luk Claes <luk at debian.org> Thu, 24 Jan 2008 19:45:59 +0100
+ -- Norbert Tretkowski <nobse at debian.org> Tue, 29 Jan 2008 18:48:06 +0100
mysql-dfsg-5.0 (5.0.51-3) unstable; urgency=high
Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/patches/00list 2008-01-29 18:02:19 UTC (rev 1134)
@@ -7,7 +7,6 @@
44_scripts__mysql_config__libs.dpatch
45_warn-CLI-passwords.dpatch
50_fix_mysqldump.dpatch
-51_mysqlcheck-result.dpatch
52_ndb-gcc-4.2.dpatch
53_integer-gcc-4.2.dpatch
54_ssl-client-support.dpatch
@@ -16,6 +15,3 @@
89_ndb__staticlib.dpatch
90_upstreamdebiandir.dpatch
91_SECURITY_CVE-2007-5925.dpatch
-92_SECURITY_CVE-2007-6303.dpatch
-93_SECURITY_CVE-2007-6304.dpatch
-94_SECURITY_CVE-2008-0226+0227.dpatch
Deleted: trunk/debian/patches/51_mysqlcheck-result.dpatch
===================================================================
--- trunk/debian/patches/51_mysqlcheck-result.dpatch 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/patches/51_mysqlcheck-result.dpatch 2008-01-29 18:02:19 UTC (rev 1134)
@@ -1,20 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 51_mysqlcheck-result.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
- at DPATCH@
-diff -Nrup a/mysql-test/r/mysqlcheck.result b/mysql-test/r/mysqlcheck.result
---- a/mysql-test/r/mysqlcheck.result 2007-04-17 00:00:13 +05:00
-+++ b/mysql-test/r/mysqlcheck.result 2007-11-22 14:10:16 +04:00
-@@ -49,7 +49,8 @@ insert into t_bug25347 values (1),(2),(3
- flush tables;
- removing and creating
- d_bug25347.t_bug25347
--error : Incorrect file format 't_bug25347'
-+Error : Incorrect file format 't_bug25347'
-+error : Corrupt
- insert into t_bug25347 values (4),(5),(6);
- ERROR HY000: Incorrect file format 't_bug25347'
- d_bug25347.t_bug25347
Deleted: trunk/debian/patches/92_SECURITY_CVE-2007-6303.dpatch
===================================================================
--- trunk/debian/patches/92_SECURITY_CVE-2007-6303.dpatch 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/patches/92_SECURITY_CVE-2007-6303.dpatch 2008-01-29 18:02:19 UTC (rev 1134)
@@ -1,168 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 92_SECURITY_CVE-2007-6303.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2007-6303: ALTER VIEW retained the original DEFINER value,
-## DP: even when altered by another user, which could allow that user to gain
-## DP: the access rights of the view. Now ALTER VIEW is allowed only to the
-## DP: original definer or users with the SUPER privilege. (closes: #455737)
-
- at DPATCH@
-diff -Nrup a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
---- a/mysql-test/r/view_grant.result 2007-11-15 15:28:37.000000000 +0100
-+++ b/mysql-test/r/view_grant.result 2007-09-29 03:06:40.000000000 +0200
-@@ -776,15 +776,60 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681
- GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813 at localhost;
- GRANT SELECT ON db26813.t1 TO u26813 at localhost;
- ALTER VIEW v1 AS SELECT f2 FROM t1;
--ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v2 AS SELECT f2 FROM t1;
--ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v3 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- SHOW CREATE VIEW v3;
- View Create View
--v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
-+v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1`
- DROP USER u26813 at localhost;
- DROP DATABASE db26813;
-+#
-+# Bug#29908: A user can gain additional access through the ALTER VIEW.
-+#
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+View Create View
-+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+View Create View
-+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+View Create View
-+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+#######################################################################
- DROP DATABASE IF EXISTS mysqltest1;
- DROP DATABASE IF EXISTS mysqltest2;
- CREATE DATABASE mysqltest1;
-diff -Nrup a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
---- a/mysql-test/t/view_grant.test 2007-11-15 15:28:37.000000000 +0100
-+++ b/mysql-test/t/view_grant.test 2007-09-29 03:06:22.000000000 +0200
-@@ -1034,10 +1034,11 @@ GRANT SELECT ON db26813.t1 TO u26813 at loc
-
- connect (u1,localhost,u26813,,db26813);
- connection u1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v1 AS SELECT f2 FROM t1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v2 AS SELECT f2 FROM t1;
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v3 AS SELECT f2 FROM t1;
-
- connection root;
-@@ -1047,6 +1048,51 @@ DROP USER u26813 at localhost;
- DROP DATABASE db26813;
- disconnect u1;
-
-+--echo #
-+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW.
-+--echo #
-+connection root;
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+ SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+
-+connect (u2,localhost,u29908_2,,mysqltest_29908);
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connect (u1,localhost,u29908_1,,mysqltest_29908);
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connection root;
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+disconnect u1;
-+disconnect u2;
-+--echo #######################################################################
-+
- #
- # BUG#24040: Create View don't succed with "all privileges" on a database.
- #
-diff -Nrup a/sql/sql_view.cc b/sql/sql_view.cc
---- a/sql/sql_view.cc 2007-09-03 11:22:54 +04:00
-+++ b/sql/sql_view.cc 2007-09-20 18:03:16 +04:00
-@@ -223,9 +223,6 @@ bool mysql_create_view(THD *thd, TABLE_L
- {
- LEX *lex= thd->lex;
- bool link_to_local;
--#ifndef NO_EMBEDDED_ACCESS_CHECKS
-- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
--#endif
- /* first table in list is target VIEW name => cut off it */
- TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
- TABLE_LIST *tables= lex->query_tables;
-@@ -280,7 +277,7 @@ bool mysql_create_view(THD *thd, TABLE_L
- - same as current user
- - current user has SUPER_ACL
- */
-- if (definer_check_is_needed &&
-+ if (lex->definer &&
- (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
- my_strcasecmp(system_charset_info,
- lex->definer->host.str,
Deleted: trunk/debian/patches/93_SECURITY_CVE-2007-6304.dpatch
===================================================================
--- trunk/debian/patches/93_SECURITY_CVE-2007-6304.dpatch 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/patches/93_SECURITY_CVE-2007-6304.dpatch 2008-01-29 18:02:19 UTC (rev 1134)
@@ -1,26 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 93_SECURITY_CVE-2007-6304.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2007-6304: When using a FEDERATED table, the local server can
-## DP: be forced to crash if the remote server returns a result with fewer columns
-## DP: than expected. (closes: #455737)
-
- at DPATCH@
-diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc
---- a/sql/ha_federated.cc 2007-07-26 05:22:50 +05:00
-+++ b/sql/ha_federated.cc 2007-10-15 10:11:50 +05:00
-@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
- status_query_string.length(0);
-
- result= mysql_store_result(mysql);
-- if (!result)
-+
-+ /*
-+ We're going to use fields num. 4, 12 and 13 of the resultset,
-+ so make sure we have these fields.
-+ */
-+ if (!result || (mysql_num_fields(result) < 14))
- goto error;
-
- if (!mysql_num_rows(result))
Deleted: trunk/debian/patches/94_SECURITY_CVE-2008-0226+0227.dpatch
===================================================================
--- trunk/debian/patches/94_SECURITY_CVE-2008-0226+0227.dpatch 2008-01-29 09:00:45 UTC (rev 1133)
+++ trunk/debian/patches/94_SECURITY_CVE-2008-0226+0227.dpatch 2008-01-29 18:02:19 UTC (rev 1134)
@@ -1,68 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 94_SECURITY_CVE-2008-0226+0227.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2008-0226 and CVE-2008-0227: Three vulnerabilities in yaSSL
-## DP: versions 1.7.5 and earlier were discovered that could lead to a server
-## DP: crash or execution of unauthorized code. The exploit requires a server
-## DP: with yaSSL enabled and TCP/IP connections enabled, but does not require
-## DP: valid MySQL account credentials. The exploit does not apply to OpenSSL.
-
- at DPATCH@
-diff -Nrup a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
---- a/extra/yassl/src/handshake.cpp 2007-01-25 19:34:38 +01:00
-+++ b/extra/yassl/src/handshake.cpp 2008-01-11 13:07:51 +01:00
-@@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer&
- input.read(len, sizeof(len));
- uint16 randomLen;
- ato16(len, randomLen);
-+ if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
-+ randomLen > RAN_LEN) {
-+ ssl.SetError(bad_input);
-+ return;
-+ }
-
- int j = 0;
- for (uint16 i = 0; i < ch.suite_len_; i += 3) {
-diff -Nrup a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp
---- a/extra/yassl/src/template_instnt.cpp 2006-09-27 14:27:49 +02:00
-+++ b/extra/yassl/src/template_instnt.cpp 2008-01-11 13:19:24 +01:00
-@@ -101,6 +101,7 @@ template void ysArrayDelete<unsigned cha
- template void ysArrayDelete<char>(char*);
-
- template int min<int>(int, int);
-+template uint16 min<uint16>(uint16, uint16);
- template unsigned int min<unsigned int>(unsigned int, unsigned int);
- template unsigned long min<unsigned long>(unsigned long, unsigned long);
- }
-diff -Nrup a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
---- a/extra/yassl/src/yassl_imp.cpp 2006-11-09 21:20:56 +01:00
-+++ b/extra/yassl/src/yassl_imp.cpp 2008-01-11 13:08:06 +01:00
-@@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buff
- }
-
- uint len = c24to32(length_);
-+ if (len > input.get_remaining()) {
-+ ssl.SetError(bad_input);
-+ return;
-+ }
- hashHandShake(ssl, input, len);
-
- hs->set_length(len);
-@@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& i
-
- // Suites
- byte tmp[2];
-+ uint16 len;
- tmp[0] = input[AUTO];
- tmp[1] = input[AUTO];
-- ato16(tmp, hello.suite_len_);
-+ ato16(tmp, len);
-+
-+ hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ));
- input.read(hello.cipher_suites_, hello.suite_len_);
-+ if (len > hello.suite_len_) // ignore extra suites
-+ input.set_current(input.get_current() + len - hello.suite_len_);
-
- // Compression
- hello.comp_len_ = input[AUTO];
More information about the Pkg-mysql-commits
mailing list