[Pkg-mysql-commits] r1239 - trunk/debian/patches

Norbert Tretkowski nobse at alioth.debian.org
Mon May 26 19:08:31 UTC 2008 

Author: nobse
Date: 2008-05-26 19:08:30 +0000 (Mon, 26 May 2008)
New Revision: 1239

Removed:
   trunk/debian/patches/91_SECURITY_CVE-2007-5925.dpatch
Modified:
   trunk/debian/patches/00list
Log:
Drop patch for CVE-2007-5925.

Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list	2008-05-26 19:07:22 UTC (rev 1238)
+++ trunk/debian/patches/00list	2008-05-26 19:08:30 UTC (rev 1239)
@@ -17,4 +17,3 @@
 86_PATH_MAX.dpatch
 89_ndb__staticlib.dpatch
 90_upstreamdebiandir.dpatch
-91_SECURITY_CVE-2007-5925.dpatch

Deleted: trunk/debian/patches/91_SECURITY_CVE-2007-5925.dpatch
===================================================================
--- trunk/debian/patches/91_SECURITY_CVE-2007-5925.dpatch	2008-05-26 19:07:22 UTC (rev 1238)
+++ trunk/debian/patches/91_SECURITY_CVE-2007-5925.dpatch	2008-05-26 19:08:30 UTC (rev 1239)
@@ -1,123 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 91_SECURITY_CVE-2007-5925.dpatch by Norbert Tretkowski <nobse at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix for CVE-2007-5925: The convert_search_mode_to_innobase function in
-## DP: ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
-## DP: remote authenticated users to cause a denial of service (database crash)
-## DP: via a certain CONTAINS operation on an indexed column, which triggers an
-## DP: assertion error. (closes: #451235)
-
- at DPATCH@
-diff -ru old/innobase/include/db0err.h new/innobase/include/db0err.h
---- old/innobase/include/db0err.h	2007-07-04 16:06:59.000000000 +0300
-+++ new/innobase/include/db0err.h	2007-11-15 10:23:51.000000000 +0200
-@@ -57,6 +57,18 @@
- 					buffer pool (for big transactions,
- 					InnoDB stores the lock structs in the
- 					buffer pool) */
-+#define DB_FOREIGN_DUPLICATE_KEY 46	/* foreign key constraints
-+					activated by the operation would
-+					lead to a duplicate key in some
-+					table */
-+#define DB_TOO_MANY_CONCURRENT_TRXS 47	/* when InnoDB runs out of the
-+					preconfigured undo slots, this can
-+					only happen when there are too many
-+					concurrent transactions */
-+#define DB_UNSUPPORTED		48	/* when InnoDB sees any artefact or
-+					a feature that it can't recoginize or
-+					work with e.g., FT indexes created by
-+					a later version of the engine. */
- 
- /* The following are partial failure codes */
- #define DB_FAIL 		1000
-diff -ru old/innobase/include/page0cur.h new/innobase/include/page0cur.h
---- old/innobase/include/page0cur.h	2007-07-04 16:06:10.000000000 +0300
-+++ new/innobase/include/page0cur.h	2007-11-15 10:23:51.000000000 +0200
-@@ -22,6 +22,7 @@
- 
- /* Page cursor search modes; the values must be in this order! */
- 
-+#define	PAGE_CUR_UNSUPP	0
- #define	PAGE_CUR_G	1
- #define	PAGE_CUR_GE	2
- #define	PAGE_CUR_L	3
-diff -ru old/sql/ha_innodb.cc new/sql/ha_innodb.cc
---- old/sql/ha_innodb.cc	2007-07-04 16:06:48.000000000 +0300
-+++ new/sql/ha_innodb.cc	2007-11-15 10:25:55.000000000 +0200
-@@ -526,6 +526,9 @@
-  		}
- 
-     		return(HA_ERR_LOCK_TABLE_FULL);
-+ 	} else if (error == DB_UNSUPPORTED) {
-+ 
-+ 		return(HA_ERR_UNSUPPORTED);
-     	} else {
-     		return(-1);			// Unknown error
-     	}
-@@ -3689,11 +3692,21 @@
- 		  and comparison of non-latin1 char type fields in
- 		  innobase_mysql_cmp() to get PAGE_CUR_LE_OR_EXTENDS to
- 		  work correctly. */
--
--		default:			assert(0);
-+		case HA_READ_MBR_CONTAIN:
-+		case HA_READ_MBR_INTERSECT:
-+		case HA_READ_MBR_WITHIN:
-+		case HA_READ_MBR_DISJOINT:
-+			my_error(ER_TABLE_CANT_HANDLE_SPKEYS, MYF(0));
-+			return(PAGE_CUR_UNSUPP);
-+		/* do not use "default:" in order to produce a gcc warning:
-+		enumeration value '...' not handled in switch
-+		(if -Wswitch or -Wall is used)
-+		*/
- 	}
- 
--	return(0);
-+	my_error(ER_CHECK_NOT_IMPLEMENTED, MYF(0), "this functionality");
-+
-+	return(PAGE_CUR_UNSUPP);
- }
- 
- /*
-@@ -3831,11 +3844,18 @@
- 
- 	last_match_mode = (uint) match_mode;
- 
--	innodb_srv_conc_enter_innodb(prebuilt->trx);
-+	if (mode != PAGE_CUR_UNSUPP) {
- 
--	ret = row_search_for_mysql((byte*) buf, mode, prebuilt, match_mode, 0);
-+		innodb_srv_conc_enter_innodb(prebuilt->trx);
- 
--	innodb_srv_conc_exit_innodb(prebuilt->trx);
-+		ret = row_search_for_mysql((byte*) buf, mode, prebuilt,
-+					   match_mode, 0);
-+
-+		innodb_srv_conc_exit_innodb(prebuilt->trx);
-+	} else {
-+
-+		ret = DB_UNSUPPORTED;
-+	}
- 
- 	if (ret == DB_SUCCESS) {
- 		error = 0;
-@@ -5150,8 +5170,16 @@
- 	mode2 = convert_search_mode_to_innobase(max_key ? max_key->flag :
-                                                 HA_READ_KEY_EXACT);
- 
--	n_rows = btr_estimate_n_rows_in_range(index, range_start,
--						mode1, range_end, mode2);
-+	if (mode1 != PAGE_CUR_UNSUPP && mode2 != PAGE_CUR_UNSUPP) {
-+
-+		n_rows = btr_estimate_n_rows_in_range(index, range_start,
-+						      mode1, range_end,
-+						      mode2);
-+	} else {
-+
-+		n_rows = 0;
-+	}
-+
- 	dtuple_free_for_mysql(heap1);
- 	dtuple_free_for_mysql(heap2);
-

More information about the Pkg-mysql-commits mailing list