[Pkg-mysql-commits] r1230 - in trunk/debian: . patches

Norbert Tretkowski nobse at alioth.debian.org
Thu May 15 16:21:31 UTC 2008


Author: nobse
Date: 2008-05-15 16:21:31 +0000 (Thu, 15 May 2008)
New Revision: 1230

Removed:
   trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
Modified:
   trunk/debian/changelog
   trunk/debian/patches/00list
Log:
Drop patch until we have a working one for 5.0.51.

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-05-15 11:36:26 UTC (rev 1229)
+++ trunk/debian/changelog	2008-05-15 16:21:31 UTC (rev 1230)
@@ -1,26 +1,20 @@
-mysql-dfsg-5.0 (5.0.51a-7) UNRELEASED; urgency=high
+mysql-dfsg-5.0 (5.0.51a-7) UNRELEASED; urgency=low
 
   [ Norbert Tretkowski ]
-  * SECURITY:
-    Fix for CVE-2008-2079: It was possible to circumvent privileges through
-    the creation of MyISAM tables employing the DATA DIRECTORY and INDEX
-    DIRECTORY options to overwrite existing table files in the MySQL data
-    directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX
-    DIRECTORY is now disallowed. (closes: #480292)
   * Fix build on non-linux systems like hurd-i386. (closes: #480362)
   * Include symlinks for mysqlcheck. (closes: #480647)
 
   [ Monty Taylor ]
-  * Removed ndb_cpcd, as it is  only for the NDB test suite and not useful as
+  * Remove ndb_cpcd, as it is  only for the NDB test suite and not useful as
     a public program.
   * Fix debian-start.inc.sh for table names with characters needing quotes.
     Thanks Felix Rublack! (closes: #481154, #481303) 
-  * Fixed invalid pushdown conditions bug.
+  * Fix invalid pushdown conditions bug.
     http://bugs.mysql.com/bug.php?id=26963 is fixed with
     http://lists.mysql.com/commits/21697 in debian with
     93_fix_pushdown_conditions.dpatch (closes: #480954)
 
- -- Monty Taylor <mordred at inaugust.com>  Wed, 14 May 2008 02:00:36 -0700
+ -- Norbert Tretkowski <nobse at debian.org>  Thu, 15 May 2008 18:20:17 +0200
 
 mysql-dfsg-5.0 (5.0.51a-6) unstable; urgency=low
 

Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list	2008-05-15 11:36:26 UTC (rev 1229)
+++ trunk/debian/patches/00list	2008-05-15 16:21:31 UTC (rev 1230)
@@ -18,5 +18,4 @@
 89_ndb__staticlib.dpatch
 90_upstreamdebiandir.dpatch
 91_SECURITY_CVE-2007-5925.dpatch
-92_SECURITY_CVE-2008-2079.dpatch
 93_fix_pushdown_conditions.dpatch

Deleted: trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch
===================================================================
--- trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch	2008-05-15 11:36:26 UTC (rev 1229)
+++ trunk/debian/patches/92_SECURITY_CVE-2008-2079.dpatch	2008-05-15 16:21:31 UTC (rev 1230)
@@ -1,247 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 92_SECURITY_CVE-2008-2079.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2008-2079: It was possible to circumvent privileges through
-## DP: the creation of MyISAM tables employing the DATA DIRECTORY and INDEX
-## DP: DIRECTORYoptions to overwrite existing table files in the MySQL data
-## DP: directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX
-## DP: DIRECTORY is now disallowed.
-
- at DPATCH@
-diff -Nrup a/mysql-test/r/symlink.result b/mysql-test/r/symlink.result
---- a/mysql-test/r/symlink.result	2007-11-12 21:51:47 +04:00
-+++ b/mysql-test/r/symlink.result	2008-02-29 13:54:59 +04:00
-@@ -91,23 +91,15 @@ t1	CREATE TABLE `t1` (
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1
- drop table t1;
- CREATE TABLE t1(a INT)
--DATA DIRECTORY='TEST_DIR/master-data/mysql'
--INDEX DIRECTORY='TEST_DIR/master-data/mysql';
--RENAME TABLE t1 TO user;
--ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
--DROP TABLE t1;
--show create table t1;
--Table	Create Table
--t1	CREATE TABLE `t1` (
--  `i` int(11) default NULL
--) ENGINE=MyISAM DEFAULT CHARSET=latin1
--drop table t1;
--show create table t1;
--Table	Create Table
--t1	CREATE TABLE `t1` (
--  `i` int(11) default NULL
--) ENGINE=MyISAM DEFAULT CHARSET=latin1
--drop table t1;
-+DATA DIRECTORY='TEST_DIR/tmp'
-+INDEX DIRECTORY='TEST_DIR/tmp';
-+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
-+CREATE TABLE t2(a INT)
-+DATA DIRECTORY='TEST_DIR/tmp'
-+INDEX DIRECTORY='TEST_DIR/tmp';
-+RENAME TABLE t2 TO t1;
-+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
-+DROP TABLE t2;
- show create table t1;
- Table	Create Table
- t1	CREATE TEMPORARY TABLE `t1` (
-@@ -144,4 +136,16 @@ t1	CREATE TABLE `t1` (
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
- drop table t1;
- deallocate prepare stmt;
-+CREATE TABLE t1(a INT)
-+DATA DIRECTORY='TEST_DIR/var/master-data/test';
-+ERROR HY000: Incorrect arguments to DATA DIRECORY
-+CREATE TABLE t1(a INT)
-+DATA DIRECTORY='/home/gluh/MySQL/Merge/4.1-opt/mysql-test/var/master-data/';
-+ERROR HY000: Incorrect arguments to DATA DIRECORY
-+CREATE TABLE t1(a INT)
-+INDEX DIRECTORY='/home/gluh/MySQL/Merge/4.1-opt/mysql-test/var/master-data';
-+ERROR HY000: Incorrect arguments to INDEX DIRECORY
-+CREATE TABLE t1(a INT)
-+INDEX DIRECTORY='/home/gluh/MySQL/Merge/4.1-opt/mysql-test/var/master-data_var';
-+ERROR HY000: Can't create/write to file '/home/gluh/MySQL/Merge/4.1-opt/mysql-test/var/master-data_var/t1.MYI' (Errcode: 2)
- End of 4.1 tests
-diff -Nrup a/mysql-test/t/symlink.test b/mysql-test/t/symlink.test
---- a/mysql-test/t/symlink.test	2007-11-12 21:51:28 +04:00
-+++ b/mysql-test/t/symlink.test	2008-02-29 13:54:59 +04:00
-@@ -121,29 +121,22 @@ drop table t1;
- #
- # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
- #
-+--write_file $MYSQLTEST_VARDIR/tmp/t1.MYI
-+EOF
- --replace_result $MYSQLTEST_VARDIR TEST_DIR
-+--error 1
- eval CREATE TABLE t1(a INT)
--DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
--INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
-+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
-+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
-+--replace_result $MYSQLTEST_VARDIR TEST_DIR
-+eval CREATE TABLE t2(a INT)
-+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
-+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
- --replace_result $MYSQLTEST_VARDIR TEST_DIR
- --error 1
--RENAME TABLE t1 TO user;
--DROP TABLE t1;
--
--#
--# Test specifying DATA DIRECTORY that is the same as what would normally
--# have been chosen. (Bug #8707)
--#
--disable_query_log;
--eval create table t1 (i int) data directory = "$MYSQL_TEST_DIR/var/master-data/test/";
--enable_query_log;
--show create table t1;
--drop table t1;
--disable_query_log;
--eval create table t1 (i int) index directory = "$MYSQL_TEST_DIR/var/master-data/test/";
--enable_query_log;
--show create table t1;
--drop table t1;
-+RENAME TABLE t2 TO t1;
-+DROP TABLE t2;
-+--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI
- 
- #
- # Bug#8706 - temporary table with data directory option fails
-@@ -200,5 +193,22 @@ execute stmt;
- show create table t1;
- drop table t1;
- deallocate prepare stmt;
-+
-+#
-+# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
-+#
-+--replace_result $MYSQL_TEST_DIR TEST_DIR
-+--error 1210
-+eval CREATE TABLE t1(a INT)
-+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test';
-+--error 1210
-+eval CREATE TABLE t1(a INT)
-+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/';
-+--error 1210
-+eval CREATE TABLE t1(a INT)
-+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data';
-+--error 1
-+eval CREATE TABLE t1(a INT)
-+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data_var';
- 
- --echo End of 4.1 tests
-diff -Nrup a/sql/mysql_priv.h b/sql/mysql_priv.h
---- a/sql/mysql_priv.h	2007-11-09 16:05:01 +04:00
-+++ b/sql/mysql_priv.h	2008-02-29 13:54:59 +04:00
-@@ -890,6 +890,7 @@ void my_dbopt_free(void);
- extern time_t start_time;
- extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
- 	    mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
-+	    mysql_unpacked_real_data_home[],
-             def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
- #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
- extern MY_TMPDIR mysql_tmpdir_list;
-diff -Nrup a/sql/mysqld.cc b/sql/mysqld.cc
---- a/sql/mysqld.cc	2007-11-29 14:52:36 +04:00
-+++ b/sql/mysqld.cc	2008-02-29 13:54:59 +04:00
-@@ -390,6 +390,7 @@ const char *opt_date_time_formats[3];
- char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
- char *language_ptr, *default_collation_name, *default_character_set_name;
- char mysql_data_home_buff[2], *mysql_data_home=mysql_real_data_home;
-+char mysql_unpacked_real_data_home[FN_REFLEN];
- struct passwd *user_info;
- char server_version[SERVER_VERSION_LENGTH];
- char *mysqld_unix_port, *opt_mysql_tmpdir;
-@@ -6896,6 +6897,9 @@ static void fix_paths(void)
-     pos[1]= 0;
-   }
-   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
-+  (void) fn_format(buff, mysql_real_data_home, "", "",
-+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
-   convert_dirname(language,language,NullS);
-   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
-   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
-diff -Nrup a/sql/sql_parse.cc b/sql/sql_parse.cc
---- a/sql/sql_parse.cc	2007-06-12 17:47:34 +05:00
-+++ b/sql/sql_parse.cc	2008-02-29 13:54:59 +04:00
-@@ -65,7 +65,8 @@ static bool append_file_to_dir(THD *thd,
- 			       const char *table_name);
-              
- static TABLE_LIST* get_table_by_alias(TABLE_LIST* tl, const char* db,
--  const char* alias);      
-+  const char* alias);
-+static bool test_if_data_home_dir(const char *dir);
- 
- const char *any_db="*any*";	// Special symbol for check_access
- 
-@@ -2531,6 +2532,20 @@ mysql_execute_command(THD *thd)
-                    "INDEX DIRECTORY option ignored");
-     create_info.data_file_name= create_info.index_file_name= NULL;
- #else
-+
-+    if (test_if_data_home_dir(lex->create_info.data_file_name))
-+    {
-+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
-+      res= -1;
-+      break;
-+    }
-+    if (test_if_data_home_dir(lex->create_info.index_file_name))
-+    {
-+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
-+      res= -1;
-+      break;
-+    }
-+
-     /* Fix names if symlinked tables */
-     if (append_file_to_dir(thd, &create_info.data_file_name,
- 			   create_table->real_name) ||
-@@ -5919,4 +5934,48 @@ Item *negate_expression(THD *thd, Item *
-   if ((negated= expr->neg_transformer(thd)) != 0)
-     return negated;
-   return new Item_func_not(expr);
-+}
-+
-+
-+/*
-+  Check if path does not contain mysql data home directory
-+
-+  SYNOPSIS
-+    test_if_data_home_dir()
-+    dir                     directory
-+    conv_home_dir           converted data home directory
-+    home_dir_len            converted data home directory length
-+
-+  RETURN VALUES
-+    0	ok
-+    1	error  
-+*/
-+
-+static bool test_if_data_home_dir(const char *dir)
-+{
-+  char path[FN_REFLEN], conv_path[FN_REFLEN];
-+  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
-+  DBUG_ENTER("test_if_data_home_dir");
-+
-+  if (!dir)
-+    DBUG_RETURN(0);
-+
-+  (void) fn_format(path, dir, "", "",
-+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
-+  dir_len= unpack_dirname(conv_path, dir);
-+
-+  if (home_dir_len <= dir_len)
-+  {
-+    if (lower_case_file_system)
-+    {
-+      if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
-+                        home_dir_len,
-+                        (const uchar*) mysql_unpacked_real_data_home,
-+                        home_dir_len))
-+        DBUG_RETURN(1);
-+    }
-+    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
-+      DBUG_RETURN(1);
-+  }
-+  DBUG_RETURN(0);
- }




More information about the Pkg-mysql-commits mailing list