[Pkg-mysql-commits] r1290 - in trunk/debian: . patches

[Norbert Tretkowski]

tags 480292 pending
thanks

Author: nobse
Date: 2008-07-15 17:40:00 +0000 (Tue, 15 Jul 2008)
New Revision: 1290

Modified:
   trunk/debian/changelog
   trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
Log:
Merge testing-security uploads.

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-07-14 19:47:21 UTC (rev 1289)
+++ trunk/debian/changelog	2008-07-15 17:40:00 UTC (rev 1290)
@@ -1,5 +1,7 @@
-mysql-dfsg-5.0 (5.0.51a-10) UNRELEASED; urgency=low
+mysql-dfsg-5.0 (5.0.51a-10) UNRELEASED; urgency=high
 
+  * Merge testing-security upload to finally fix CVE-2008-2079, thanks to
+    Devin Carraway and Steffen Joeris. (closes: #480292)
   * New patch 58_disable-ndb-backup-print.dpatch from 5.0.54 to disable
     ndb_backup_print, ndb_alter_table and ndb_replace tests when running the
     testsuite. (closes: #474893)
@@ -14,8 +16,24 @@
     - Fix deprecated chown usage.
     - Fix spelling error in description.
 
- -- Norbert Tretkowski <nobse at debian.org>  Sun, 06 Jul 2008 12:25:35 +0200
+ -- Norbert Tretkowski <nobse at debian.org>  Tue, 15 Jul 2008 19:37:35 +0200
 
+mysql-dfsg-5.0 (5.0.51a-9+lenny2) testing-security; urgency=high
+
+  * Non-maintainer upload by the security team.
+  * Correct error number in symlink.test to avoid FTBFS on some archs.
+
+ -- Steffen Joeris <white at debian.org>  Sun, 13 Jul 2008 11:44:57 +0000
+
+mysql-dfsg-5.0 (5.0.51a-9+lenny1) testing-security; urgency=high
+
+  * Non-maintainer upload by the security team.
+  * Correct and expand 92_SECURITY_CVE-2008-2079.dpatch to cover all symlinks
+    and check the output of fn_format(). (closes: #480292)
+    Fixes: CVE-2008-2079
+
+ -- Steffen Joeris <white at debian.org>  Sat, 12 Jul 2008 05:30:39 +0000
+
 mysql-dfsg-5.0 (5.0.51a-9) unstable; urgency=low
 
   * Ignore errors in testsuite on i386. (workaround for #474893)

Modified: trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
===================================================================
--- trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch	2008-07-14 19:47:21 UTC (rev 1289)
+++ trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch	2008-07-15 17:40:00 UTC (rev 1290)
@@ -103,9 +103,150 @@
 +CREATE TABLE t1 (a INT) ENGINE MYISAM;
 +DROP TABLE t1;
  End of 5.0 tests
---- a/mysql-test/t/symlink.test.orig
-+++ b/mysql-test/t/symlink.test
-@@ -127,29 +127,22 @@ drop table t1;
+--- a/sql/mysql_priv.h.orig
++++ b/sql/mysql_priv.h
+@@ -1255,6 +1255,7 @@ void my_dbopt_free(void);
+ extern time_t server_start_time, flush_status_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ 	    mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++	    mysql_unpacked_real_data_home[],
+             def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
+--- a/sql/mysqld.cc.orig
++++ b/sql/mysqld.cc
+@@ -453,14 +453,13 @@ char log_error_file[FN_REFLEN], glob_hos
+ char mysql_real_data_home[FN_REFLEN],
+      language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
+      *opt_init_file, *opt_tc_log_file,
++     mysql_unpacked_real_data_home[FN_REFLEN],
+      def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+-
++char *mysql_data_home= mysql_real_data_home;
+ const key_map key_map_empty(0);
+ key_map key_map_full(0);                        // Will be initialized later
+ 
+ const char *opt_date_time_formats[3];
+-
+-char *mysql_data_home= mysql_real_data_home;
+ char server_version[SERVER_VERSION_LENGTH];
+ char *mysqld_unix_port, *opt_mysql_tmpdir;
+ const char **errmesg;			/* Error messages */
+@@ -7565,6 +7564,9 @@ static void fix_paths(void)
+     pos[1]= 0;
+   }
+   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++  (void) fn_format(buff, mysql_real_data_home, "", "",
++                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+   convert_dirname(language,language,NullS);
+   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
+--- ../old/mysql-dfsg-5.0-5.0.51a/sql/sql_parse.cc	2008-01-11 14:43:38.000000000 +0000
++++ mysql-dfsg-5.0-5.0.51a/sql/sql_parse.cc	2008-07-12 06:18:51.000000000 +0000
+@@ -76,6 +76,7 @@
+ static bool append_file_to_dir(THD *thd, const char **filename_ptr,
+ 			       const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
++static bool test_if_data_home_dir(const char *dir);
+ 
+ const char *any_db="*any*";	// Special symbol for check_access
+ 
+@@ -3001,6 +3002,20 @@
+                    "INDEX DIRECTORY option ignored");
+     create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
++
++    if (test_if_data_home_dir(lex->create_info.data_file_name))
++    {
++      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++      res= -1;
++      break;
++    }
++    if (test_if_data_home_dir(lex->create_info.index_file_name))
++    {
++      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++      res= -1;
++      break;
++    }
++
+     /* Fix names if symlinked tables */
+     if (append_file_to_dir(thd, &create_info.data_file_name,
+ 			   create_table->table_name) ||
+@@ -7843,3 +7858,49 @@
+ 
+   return TRUE;
+ }
++
++
++/*
++  Check if path does not contain mysql data home directory
++
++  SYNOPSIS
++    test_if_data_home_dir()
++    dir                     directory
++    conv_home_dir           converted data home directory
++    home_dir_len            converted data home directory length
++
++  RETURN VALUES
++    0	ok
++    1	error
++*/
++
++static bool test_if_data_home_dir(const char *dir)
++{
++  char path[FN_REFLEN], conv_path[PATH_MAX+1], real_path[PATH_MAX+1];
++  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
++  DBUG_ENTER("test_if_data_home_dir");
++
++  if (!dir)
++    DBUG_RETURN(0);
++
++  (void) fn_format(path, dir, "", "",
++                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++  if (!realpath(path, real_path))
++    DBUG_RETURN(1);
++  dir_len= unpack_dirname(conv_path, real_path);
++
++  if (home_dir_len <= dir_len)
++  {
++    if (lower_case_file_system)
++    {
++      if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
++                        home_dir_len,
++                        (const uchar*) mysql_unpacked_real_data_home,
++                        home_dir_len))
++        DBUG_RETURN(1);
++    }
++    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
++      DBUG_RETURN(1);
++  }
++  DBUG_RETURN(0);
++}
+--- ../old/mysql-dfsg-5.0-5.0.51a/mysql-test/t/symlink.test	2008-01-11 15:23:24.000000000 +0000
++++ mysql-dfsg-5.0-5.0.51a/mysql-test/t/symlink.test	2008-07-13 14:13:04.000000000 +0000
+@@ -71,17 +71,17 @@
+ SHOW CREATE TABLE t9;
+ 
+ disable_query_log;
+---error 1103,1103
++--error 1210,1210
+ create table t1 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam data directory="tmp";
+ 
+ # Check that we cannot link over a table from another database.
+ 
+ create database mysqltest;
+ 
+---error 1,1
++--error 1210,1210
+ create table mysqltest.t9 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam index directory="/this-dir-does-not-exist";
+ 
+---error 1103,1103
++--error 1210,1210
+ create table mysqltest.t9 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam index directory="not-hard-path";
+ 
+ # Should fail becasue the file t9.MYI already exist in 'run'
+@@ -127,29 +127,22 @@
  #
  # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
  #
@@ -147,7 +288,7 @@
  
  #
  # Bug#8706 - temporary table with data directory option fails
-@@ -188,44 +181,61 @@ connection default;
+@@ -188,44 +181,61 @@
  select * from t1;
  drop table t1;
  
@@ -237,123 +378,3 @@
 +DROP TABLE t1;
  
  --echo End of 5.0 tests
---- a/sql/mysql_priv.h.orig
-+++ b/sql/mysql_priv.h
-@@ -1255,6 +1255,7 @@ void my_dbopt_free(void);
- extern time_t server_start_time, flush_status_time;
- extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
- 	    mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
-+	    mysql_unpacked_real_data_home[],
-             def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
- #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
- extern MY_TMPDIR mysql_tmpdir_list;
---- a/sql/mysqld.cc.orig
-+++ b/sql/mysqld.cc
-@@ -453,14 +453,13 @@ char log_error_file[FN_REFLEN], glob_hos
- char mysql_real_data_home[FN_REFLEN],
-      language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
-      *opt_init_file, *opt_tc_log_file,
-+     mysql_unpacked_real_data_home[FN_REFLEN],
-      def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
--
-+char *mysql_data_home= mysql_real_data_home;
- const key_map key_map_empty(0);
- key_map key_map_full(0);                        // Will be initialized later
- 
- const char *opt_date_time_formats[3];
--
--char *mysql_data_home= mysql_real_data_home;
- char server_version[SERVER_VERSION_LENGTH];
- char *mysqld_unix_port, *opt_mysql_tmpdir;
- const char **errmesg;			/* Error messages */
-@@ -7565,6 +7564,9 @@ static void fix_paths(void)
-     pos[1]= 0;
-   }
-   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
-+  (void) fn_format(buff, mysql_real_data_home, "", "",
-+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
-   convert_dirname(language,language,NullS);
-   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
-   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
---- a/sql/sql_parse.cc.orig
-+++ b/sql/sql_parse.cc
-@@ -76,6 +76,7 @@ static void remove_escape(char *name);
- static bool append_file_to_dir(THD *thd, const char **filename_ptr,
- 			       const char *table_name);
- static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
-+static bool test_if_data_home_dir(const char *dir);
- 
- const char *any_db="*any*";	// Special symbol for check_access
- 
-@@ -3001,6 +3002,20 @@ mysql_execute_command(THD *thd)
-                    "INDEX DIRECTORY option ignored");
-     create_info.data_file_name= create_info.index_file_name= NULL;
- #else
-+
-+    if (test_if_data_home_dir(lex->create_info.data_file_name))
-+    {
-+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
-+      res= -1;
-+      break;
-+    }
-+    if (test_if_data_home_dir(lex->create_info.index_file_name))
-+    {
-+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
-+      res= -1;
-+      break;
-+    }
-+
-     /* Fix names if symlinked tables */
-     if (append_file_to_dir(thd, &create_info.data_file_name,
- 			   create_table->table_name) ||
-@@ -7843,3 +7858,48 @@ bool check_string_length(LEX_STRING *str
- 
-   return TRUE;
- }
-+
-+
-+/*
-+  Check if path does not contain mysql data home directory
-+
-+  SYNOPSIS
-+    test_if_data_home_dir()
-+    dir                     directory
-+    conv_home_dir           converted data home directory
-+    home_dir_len            converted data home directory length
-+
-+  RETURN VALUES
-+    0	ok
-+    1	error
-+*/
-+
-+static bool test_if_data_home_dir(const char *dir)
-+{
-+  char path[FN_REFLEN], conv_path[FN_REFLEN];
-+  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
-+  DBUG_ENTER("test_if_data_home_dir");
-+
-+  if (!dir)
-+    DBUG_RETURN(0);
-+
-+  (void) fn_format(path, dir, "", "",
-+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+  dir_len= unpack_dirname(conv_path, dir);
-+
-+  if (home_dir_len <= dir_len)
-+  {
-+    if (lower_case_file_system)
-+    {
-+      if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
-+                        home_dir_len,
-+                        (const uchar*) mysql_unpacked_real_data_home,
-+                        home_dir_len))
-+        DBUG_RETURN(1);
-+    }
-+    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
-+      DBUG_RETURN(1);
-+  }
-+  DBUG_RETURN(0);
-+}
-+
-