[Pkg-mysql-commits] r1290 - in trunk/debian: . patches
Norbert Tretkowski
nobse at alioth.debian.org
Tue Jul 15 17:40:01 UTC 2008
tags 480292 pending
thanks
Author: nobse
Date: 2008-07-15 17:40:00 +0000 (Tue, 15 Jul 2008)
New Revision: 1290
Modified:
trunk/debian/changelog
trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
Log:
Merge testing-security uploads.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2008-07-14 19:47:21 UTC (rev 1289)
+++ trunk/debian/changelog 2008-07-15 17:40:00 UTC (rev 1290)
@@ -1,5 +1,7 @@
-mysql-dfsg-5.0 (5.0.51a-10) UNRELEASED; urgency=low
+mysql-dfsg-5.0 (5.0.51a-10) UNRELEASED; urgency=high
+ * Merge testing-security upload to finally fix CVE-2008-2079, thanks to
+ Devin Carraway and Steffen Joeris. (closes: #480292)
* New patch 58_disable-ndb-backup-print.dpatch from 5.0.54 to disable
ndb_backup_print, ndb_alter_table and ndb_replace tests when running the
testsuite. (closes: #474893)
@@ -14,8 +16,24 @@
- Fix deprecated chown usage.
- Fix spelling error in description.
- -- Norbert Tretkowski <nobse at debian.org> Sun, 06 Jul 2008 12:25:35 +0200
+ -- Norbert Tretkowski <nobse at debian.org> Tue, 15 Jul 2008 19:37:35 +0200
+mysql-dfsg-5.0 (5.0.51a-9+lenny2) testing-security; urgency=high
+
+ * Non-maintainer upload by the security team.
+ * Correct error number in symlink.test to avoid FTBFS on some archs.
+
+ -- Steffen Joeris <white at debian.org> Sun, 13 Jul 2008 11:44:57 +0000
+
+mysql-dfsg-5.0 (5.0.51a-9+lenny1) testing-security; urgency=high
+
+ * Non-maintainer upload by the security team.
+ * Correct and expand 92_SECURITY_CVE-2008-2079.dpatch to cover all symlinks
+ and check the output of fn_format(). (closes: #480292)
+ Fixes: CVE-2008-2079
+
+ -- Steffen Joeris <white at debian.org> Sat, 12 Jul 2008 05:30:39 +0000
+
mysql-dfsg-5.0 (5.0.51a-9) unstable; urgency=low
* Ignore errors in testsuite on i386. (workaround for #474893)
Modified: trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
===================================================================
--- trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch 2008-07-14 19:47:21 UTC (rev 1289)
+++ trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch 2008-07-15 17:40:00 UTC (rev 1290)
@@ -103,9 +103,150 @@
+CREATE TABLE t1 (a INT) ENGINE MYISAM;
+DROP TABLE t1;
End of 5.0 tests
---- a/mysql-test/t/symlink.test.orig
-+++ b/mysql-test/t/symlink.test
-@@ -127,29 +127,22 @@ drop table t1;
+--- a/sql/mysql_priv.h.orig
++++ b/sql/mysql_priv.h
+@@ -1255,6 +1255,7 @@ void my_dbopt_free(void);
+ extern time_t server_start_time, flush_status_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++ mysql_unpacked_real_data_home[],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
+--- a/sql/mysqld.cc.orig
++++ b/sql/mysqld.cc
+@@ -453,14 +453,13 @@ char log_error_file[FN_REFLEN], glob_hos
+ char mysql_real_data_home[FN_REFLEN],
+ language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
+ *opt_init_file, *opt_tc_log_file,
++ mysql_unpacked_real_data_home[FN_REFLEN],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+-
++char *mysql_data_home= mysql_real_data_home;
+ const key_map key_map_empty(0);
+ key_map key_map_full(0); // Will be initialized later
+
+ const char *opt_date_time_formats[3];
+-
+-char *mysql_data_home= mysql_real_data_home;
+ char server_version[SERVER_VERSION_LENGTH];
+ char *mysqld_unix_port, *opt_mysql_tmpdir;
+ const char **errmesg; /* Error messages */
+@@ -7565,6 +7564,9 @@ static void fix_paths(void)
+ pos[1]= 0;
+ }
+ convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++ (void) fn_format(buff, mysql_real_data_home, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+ convert_dirname(language,language,NullS);
+ (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+ (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
+--- ../old/mysql-dfsg-5.0-5.0.51a/sql/sql_parse.cc 2008-01-11 14:43:38.000000000 +0000
++++ mysql-dfsg-5.0-5.0.51a/sql/sql_parse.cc 2008-07-12 06:18:51.000000000 +0000
+@@ -76,6 +76,7 @@
+ static bool append_file_to_dir(THD *thd, const char **filename_ptr,
+ const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
++static bool test_if_data_home_dir(const char *dir);
+
+ const char *any_db="*any*"; // Special symbol for check_access
+
+@@ -3001,6 +3002,20 @@
+ "INDEX DIRECTORY option ignored");
+ create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
++
++ if (test_if_data_home_dir(lex->create_info.data_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++ res= -1;
++ break;
++ }
++ if (test_if_data_home_dir(lex->create_info.index_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++ res= -1;
++ break;
++ }
++
+ /* Fix names if symlinked tables */
+ if (append_file_to_dir(thd, &create_info.data_file_name,
+ create_table->table_name) ||
+@@ -7843,3 +7858,49 @@
+
+ return TRUE;
+ }
++
++
++/*
++ Check if path does not contain mysql data home directory
++
++ SYNOPSIS
++ test_if_data_home_dir()
++ dir directory
++ conv_home_dir converted data home directory
++ home_dir_len converted data home directory length
++
++ RETURN VALUES
++ 0 ok
++ 1 error
++*/
++
++static bool test_if_data_home_dir(const char *dir)
++{
++ char path[FN_REFLEN], conv_path[PATH_MAX+1], real_path[PATH_MAX+1];
++ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
++ DBUG_ENTER("test_if_data_home_dir");
++
++ if (!dir)
++ DBUG_RETURN(0);
++
++ (void) fn_format(path, dir, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ if (!realpath(path, real_path))
++ DBUG_RETURN(1);
++ dir_len= unpack_dirname(conv_path, real_path);
++
++ if (home_dir_len <= dir_len)
++ {
++ if (lower_case_file_system)
++ {
++ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
++ home_dir_len,
++ (const uchar*) mysql_unpacked_real_data_home,
++ home_dir_len))
++ DBUG_RETURN(1);
++ }
++ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
++ DBUG_RETURN(1);
++ }
++ DBUG_RETURN(0);
++}
+--- ../old/mysql-dfsg-5.0-5.0.51a/mysql-test/t/symlink.test 2008-01-11 15:23:24.000000000 +0000
++++ mysql-dfsg-5.0-5.0.51a/mysql-test/t/symlink.test 2008-07-13 14:13:04.000000000 +0000
+@@ -71,17 +71,17 @@
+ SHOW CREATE TABLE t9;
+
+ disable_query_log;
+---error 1103,1103
++--error 1210,1210
+ create table t1 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam data directory="tmp";
+
+ # Check that we cannot link over a table from another database.
+
+ create database mysqltest;
+
+---error 1,1
++--error 1210,1210
+ create table mysqltest.t9 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam index directory="/this-dir-does-not-exist";
+
+---error 1103,1103
++--error 1210,1210
+ create table mysqltest.t9 (a int not null auto_increment, b char(16) not null, primary key (a)) engine=myisam index directory="not-hard-path";
+
+ # Should fail becasue the file t9.MYI already exist in 'run'
+@@ -127,29 +127,22 @@
#
# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
#
@@ -147,7 +288,7 @@
#
# Bug#8706 - temporary table with data directory option fails
-@@ -188,44 +181,61 @@ connection default;
+@@ -188,44 +181,61 @@
select * from t1;
drop table t1;
@@ -237,123 +378,3 @@
+DROP TABLE t1;
--echo End of 5.0 tests
---- a/sql/mysql_priv.h.orig
-+++ b/sql/mysql_priv.h
-@@ -1255,6 +1255,7 @@ void my_dbopt_free(void);
- extern time_t server_start_time, flush_status_time;
- extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
- mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
-+ mysql_unpacked_real_data_home[],
- def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
- #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
- extern MY_TMPDIR mysql_tmpdir_list;
---- a/sql/mysqld.cc.orig
-+++ b/sql/mysqld.cc
-@@ -453,14 +453,13 @@ char log_error_file[FN_REFLEN], glob_hos
- char mysql_real_data_home[FN_REFLEN],
- language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
- *opt_init_file, *opt_tc_log_file,
-+ mysql_unpacked_real_data_home[FN_REFLEN],
- def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
--
-+char *mysql_data_home= mysql_real_data_home;
- const key_map key_map_empty(0);
- key_map key_map_full(0); // Will be initialized later
-
- const char *opt_date_time_formats[3];
--
--char *mysql_data_home= mysql_real_data_home;
- char server_version[SERVER_VERSION_LENGTH];
- char *mysqld_unix_port, *opt_mysql_tmpdir;
- const char **errmesg; /* Error messages */
-@@ -7565,6 +7564,9 @@ static void fix_paths(void)
- pos[1]= 0;
- }
- convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
-+ (void) fn_format(buff, mysql_real_data_home, "", "",
-+ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
- convert_dirname(language,language,NullS);
- (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
- (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
---- a/sql/sql_parse.cc.orig
-+++ b/sql/sql_parse.cc
-@@ -76,6 +76,7 @@ static void remove_escape(char *name);
- static bool append_file_to_dir(THD *thd, const char **filename_ptr,
- const char *table_name);
- static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
-+static bool test_if_data_home_dir(const char *dir);
-
- const char *any_db="*any*"; // Special symbol for check_access
-
-@@ -3001,6 +3002,20 @@ mysql_execute_command(THD *thd)
- "INDEX DIRECTORY option ignored");
- create_info.data_file_name= create_info.index_file_name= NULL;
- #else
-+
-+ if (test_if_data_home_dir(lex->create_info.data_file_name))
-+ {
-+ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
-+ res= -1;
-+ break;
-+ }
-+ if (test_if_data_home_dir(lex->create_info.index_file_name))
-+ {
-+ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
-+ res= -1;
-+ break;
-+ }
-+
- /* Fix names if symlinked tables */
- if (append_file_to_dir(thd, &create_info.data_file_name,
- create_table->table_name) ||
-@@ -7843,3 +7858,48 @@ bool check_string_length(LEX_STRING *str
-
- return TRUE;
- }
-+
-+
-+/*
-+ Check if path does not contain mysql data home directory
-+
-+ SYNOPSIS
-+ test_if_data_home_dir()
-+ dir directory
-+ conv_home_dir converted data home directory
-+ home_dir_len converted data home directory length
-+
-+ RETURN VALUES
-+ 0 ok
-+ 1 error
-+*/
-+
-+static bool test_if_data_home_dir(const char *dir)
-+{
-+ char path[FN_REFLEN], conv_path[FN_REFLEN];
-+ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
-+ DBUG_ENTER("test_if_data_home_dir");
-+
-+ if (!dir)
-+ DBUG_RETURN(0);
-+
-+ (void) fn_format(path, dir, "", "",
-+ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+ dir_len= unpack_dirname(conv_path, dir);
-+
-+ if (home_dir_len <= dir_len)
-+ {
-+ if (lower_case_file_system)
-+ {
-+ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
-+ home_dir_len,
-+ (const uchar*) mysql_unpacked_real_data_home,
-+ home_dir_len))
-+ DBUG_RETURN(1);
-+ }
-+ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
-+ DBUG_RETURN(1);
-+ }
-+ DBUG_RETURN(0);
-+}
-+
-
More information about the Pkg-mysql-commits
mailing list