[Pkg-mysql-commits] r2044 - in mysql-5.1/branches/stable-security/debian: . patches
Clint Byrum
spamaps-guest at alioth.debian.org
Sat Mar 3 23:28:41 UTC 2012
tags 659687 pending
thanks
Author: spamaps-guest
Date: 2012-03-03 23:28:40 +0000 (Sat, 03 Mar 2012)
New Revision: 2044
Added:
mysql-5.1/branches/stable-security/debian/NEWS
Removed:
mysql-5.1/branches/stable-security/debian/libmysqlclient-dev.docs
mysql-5.1/branches/stable-security/debian/libmysqlclient16.docs
mysql-5.1/branches/stable-security/debian/mysql-server-5.1.docs
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3833.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3834.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3835.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3836.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3837.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3838.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3839.dpatch
mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3840.dpatch
mysql-5.1/branches/stable-security/debian/patches/99_fix_testsuite_for_installed_env.dpatch
Modified:
mysql-5.1/branches/stable-security/debian/changelog
mysql-5.1/branches/stable-security/debian/control
mysql-5.1/branches/stable-security/debian/mysql-client-5.1.docs
mysql-5.1/branches/stable-security/debian/patches/00list
Log:
* SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle.
in all versions of MySQL 5.1 earlier than 5.1.61. CVE list is as
follows: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101
CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115
CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484
CVE-2012-0485 CVE-2012-0490 CVE-2012-0492. (Closes: #659687)
* d/patches/61_CVE* - Removed as the new upstream version carries all of
these fixes.
* d/patches/99_fix_testsuite_for_installed_env.dpatch: Superseded
upstream.
* Upstream removed the file file EXCEPTIONS-CLIENT from their tarballs,
however the exception is still granted.
Added: mysql-5.1/branches/stable-security/debian/NEWS
===================================================================
--- mysql-5.1/branches/stable-security/debian/NEWS (rev 0)
+++ mysql-5.1/branches/stable-security/debian/NEWS 2012-03-03 23:28:40 UTC (rev 2044)
@@ -0,0 +1,62 @@
+mysql-5.1 (5.1.61-1) stable-security; urgency=high
+
+ Due to the non-disclosure of security patch information from Oracle,
+ we are forced to ship this upstream version update of MySQL 5.1 into
+ all releases that carry MySQL 5.1. There are several known incompatible
+ changes, which are listed below, taken from dev.mysql.com's changelogs,
+ available here: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
+
+ 5.1.51:
+ Incompatible Change: Previously, if you flushed the logs using FLUSH
+ LOGS or mysqladmin flush-logs and mysqld was writing the error log to
+ a file (for example, if it was started with the --log-error option),
+ it renamed the current log file with the suffix -old, then created a
+ new empty log file. This had the problem that a second log-flushing
+ operation thus caused the original error log file to be lost unless
+ you saved it under a different name. For example, you could use the
+ following commands to save the file:
+ .
+ shell> mysqladmin flush-logs
+ shell> mv host_name.err-old backup-directory
+ .
+ To avoid the preceding file-loss problem, renaming no longer
+ occurs. The server merely closes and reopens the log file. To rename
+ the file, you can do so manually before flushing. Then flushing the
+ logs reopens a new file with the original file name. For example, you
+ can rename the file and create a new one using the following commands:
+ .
+ shell> mv host_name.err host_name.err-old
+ shell> mysqladmin flush-logs
+ shell> mv host_name.err-old backup-directory
+ .
+ (Bug #29751)
+ .
+ References: See also Bug #56821.
+
+ 5.1.55:
+ Incompatible Change: When auto_increment_increment is greater than
+ one, values generated by a bulk insert that reaches the maximum
+ column value could wrap around rather producing an overflow error.
+ .
+ As a consequence of the fix, it is no longer possible for an
+ auto-generated value to be equal to the maximum BIGINT UNSIGNED
+ value. It is still possible to store that value manually, if the
+ column can accept it. (Bug #39828, Bug #11749800)
+
+ 5.1.59:
+ Incompatible Change: Handling of a date-related assertion was
+ modified.
+ .
+ However, a consequence of this change is that several functions
+ become more strict when passed a DATE() function value as their
+ argument and reject incomplete dates with a day part of zero. These
+ functions are affected: CONVERT_TZ(), DATE_ADD(), DATE_SUB(),
+ DAYOFYEAR(), LAST_DAY(), TIMESTAMPDIFF(), TO_DAYS(), TO_SECONDS(),
+ WEEK(), WEEKDAY(), WEEKOFYEAR(), YEARWEEK(). Because this changes
+ date-handling behavior in General Availability-status series (MySQL
+ 5.1 and 5.5), it was reverted in 5.1.62 and 5.5.21. The change is
+ retained in MySQL 5.6.
+ .
+ References: See also Bug #13458237.
+
+ -- Clint Byrum <clint at ubuntu.com> Thu, 01 Mar 2012 23:25:34 -0800
Modified: mysql-5.1/branches/stable-security/debian/changelog
===================================================================
--- mysql-5.1/branches/stable-security/debian/changelog 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/changelog 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,3 +1,20 @@
+mysql-5.1 (5.1.61-1) stable-security; urgency=high
+
+ * SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle.
+ in all versions of MySQL 5.1 earlier than 5.1.61. CVE list is as
+ follows: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101
+ CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115
+ CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484
+ CVE-2012-0485 CVE-2012-0490 CVE-2012-0492. (Closes: #659687)
+ * d/patches/61_CVE* - Removed as the new upstream version carries all of
+ these fixes.
+ * d/patches/99_fix_testsuite_for_installed_env.dpatch: Superseded
+ upstream.
+ * Upstream removed the file file EXCEPTIONS-CLIENT from their tarballs,
+ however the exception is still granted.
+
+ -- Clint Byrum <clint at ubuntu.com> Sat, 03 Mar 2012 08:21:27 -0800
+
mysql-5.1 (5.1.49-3) unstable; urgency=high
* SECURITY UPDATE: denial of service via incorrect propagation of type
Modified: mysql-5.1/branches/stable-security/debian/control
===================================================================
--- mysql-5.1/branches/stable-security/debian/control 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/control 2012-03-03 23:28:40 UTC (rev 2044)
@@ -6,8 +6,8 @@
Build-Depends: libtool (>= 1.4.2-7), procps | hurd, debhelper (>= 7.0.15), file (>= 3.28), libncurses5-dev (>= 5.0-6), perl (>= 5.6.0), libwrap0-dev (>= 7.6-8.3), zlib1g-dev (>= 1:1.1.3-5), libreadline-dev, psmisc, po-debconf, chrpath, automake1.9, doxygen, texlive-latex-base, ghostscript, dpatch, gawk, bison, lsb-release, hardening-wrapper
Standards-Version: 3.9.1
Homepage: http://dev.mysql.com/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-mysql/mysql-dfsg-5.1/
-Vcs-Svn: svn://svn.debian.org/svn/pkg-mysql/mysql-dfsg-5.1/
+Vcs-Browser: http://svn.debian.org/viewvc/pkg-mysql/mysql-5.1/branches/stable-security/
+Vcs-Svn: svn://svn.debian.org/svn/pkg-mysql/mysql-5.1/branches/stable-security/
Package: libmysqlclient16
Section: libs
Deleted: mysql-5.1/branches/stable-security/debian/libmysqlclient-dev.docs
===================================================================
--- mysql-5.1/branches/stable-security/debian/libmysqlclient-dev.docs 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/libmysqlclient-dev.docs 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1 +0,0 @@
-EXCEPTIONS-CLIENT
Deleted: mysql-5.1/branches/stable-security/debian/libmysqlclient16.docs
===================================================================
--- mysql-5.1/branches/stable-security/debian/libmysqlclient16.docs 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/libmysqlclient16.docs 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1 +0,0 @@
-EXCEPTIONS-CLIENT
Modified: mysql-5.1/branches/stable-security/debian/mysql-client-5.1.docs
===================================================================
--- mysql-5.1/branches/stable-security/debian/mysql-client-5.1.docs 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/mysql-client-5.1.docs 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,3 +1,2 @@
debian/additions/innotop/changelog.innotop
-EXCEPTIONS-CLIENT
README
Deleted: mysql-5.1/branches/stable-security/debian/mysql-server-5.1.docs
===================================================================
--- mysql-5.1/branches/stable-security/debian/mysql-server-5.1.docs 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/mysql-server-5.1.docs 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1 +0,0 @@
-EXCEPTIONS-CLIENT
Modified: mysql-5.1/branches/stable-security/debian/patches/00list
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/00list 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/00list 2012-03-03 23:28:40 UTC (rev 2044)
@@ -7,12 +7,3 @@
41_scripts__mysql_install_db.sh__no_test.dpatch
44_scripts__mysql_config__libs.dpatch
50_mysql-test__db_test.dpatch
-99_fix_testsuite_for_installed_env.dpatch
-61_CVE-2010-3833.dpatch
-61_CVE-2010-3834.dpatch
-61_CVE-2010-3835.dpatch
-61_CVE-2010-3836.dpatch
-61_CVE-2010-3837.dpatch
-61_CVE-2010-3838.dpatch
-61_CVE-2010-3839.dpatch
-61_CVE-2010-3840.dpatch
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3833.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3833.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3833.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,90 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via incorrect propagation of type errors.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.20
-# Bug: http://bugs.mysql.com/bug.php?id=55826
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/suite/innodb/r/innodb_mysql.result mysql-5.1-5.1.49/mysql-test/suite/innodb/r/innodb_mysql.result
---- mysql-5.1-5.1.49~/mysql-test/suite/innodb/r/innodb_mysql.result 2010-07-09 09:05:40.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/suite/innodb/r/innodb_mysql.result 2010-11-08 11:03:09.000000000 -0500
-@@ -2499,4 +2499,17 @@
- id select_type table type possible_keys key key_len ref rows Extra
- 1 SIMPLE t1 range f2,f4 f4 1 NULL 11 Using where
- DROP TABLE t1;
-+#
-+# Bug#55826: create table .. select crashes with when KILL_BAD_DATA
-+# is returned
-+#
-+CREATE TABLE t1(a INT) ENGINE=innodb;
-+INSERT INTO t1 VALUES (0);
-+SET SQL_MODE='STRICT_ALL_TABLES';
-+CREATE TABLE t2
-+SELECT LEAST((SELECT '' FROM t1),NOW()) FROM `t1`;
-+ERROR 22007: Incorrect datetime value: '' for column 'NOW()' at row 1
-+DROP TABLE t1,t2;
-+ERROR 42S02: Unknown table 't2'
-+SET SQL_MODE=DEFAULT;
- End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/suite/innodb/t/innodb_mysql.test mysql-5.1-5.1.49/mysql-test/suite/innodb/t/innodb_mysql.test
---- mysql-5.1-5.1.49~/mysql-test/suite/innodb/t/innodb_mysql.test 2010-07-09 09:05:37.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/suite/innodb/t/innodb_mysql.test 2010-11-08 11:03:09.000000000 -0500
-@@ -737,4 +737,19 @@
-
- DROP TABLE t1;
-
-+--echo #
-+--echo # Bug#55826: create table .. select crashes with when KILL_BAD_DATA
-+--echo # is returned
-+--echo #
-+
-+CREATE TABLE t1(a INT) ENGINE=innodb;
-+INSERT INTO t1 VALUES (0);
-+SET SQL_MODE='STRICT_ALL_TABLES';
-+--error ER_TRUNCATED_WRONG_VALUE
-+CREATE TABLE t2
-+ SELECT LEAST((SELECT '' FROM t1),NOW()) FROM `t1`;
-+DROP TABLE t1,t2;
-+SET SQL_MODE=DEFAULT;
-+
-+
- --echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_func.cc mysql-5.1-5.1.49/sql/item_func.cc
---- mysql-5.1-5.1.49~/sql/item_func.cc 2010-07-09 08:34:56.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/item_func.cc 2010-11-08 11:03:09.000000000 -0500
-@@ -2261,7 +2261,7 @@
- stored to the value pointer, if latter is provided.
-
- RETURN
-- 0 If one of arguments is NULL
-+ 0 If one of arguments is NULL or there was a execution error
- # index of the least/greatest argument
- */
-
-@@ -2275,6 +2275,14 @@
- Item **arg= args + i;
- bool is_null;
- longlong res= get_datetime_value(thd, &arg, 0, datetime_item, &is_null);
-+
-+ /* Check if we need to stop (because of error or KILL) and stop the loop */
-+ if (thd->is_error())
-+ {
-+ null_value= 1;
-+ return 0;
-+ }
-+
- if ((null_value= args[i]->null_value))
- return 0;
- if (i == 0 || (res < min_max ? cmp_sign : -cmp_sign) > 0)
-@@ -2303,6 +2311,12 @@
- if (null_value)
- return 0;
- str_res= args[min_max_idx]->val_str(str);
-+ if (args[min_max_idx]->null_value)
-+ {
-+ // check if the call to val_str() above returns a NULL value
-+ null_value= 1;
-+ return NULL;
-+ }
- str_res->set_charset(collation.collation);
- return str_res;
- }
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3834.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3834.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3834.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,151 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via derived table materializing.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.2.1
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.26
-# Bug: http://bugs.mysql.com/bug.php?id=55568
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/join.result mysql-5.1-5.1.49/mysql-test/r/join.result
---- mysql-5.1-5.1.49~/mysql-test/r/join.result 2010-07-09 09:03:00.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/join.result 2010-11-08 11:03:21.000000000 -0500
-@@ -1184,4 +1184,20 @@
- NULL
- 1
- DROP TABLE t1, t2, mm1;
-+#
-+# Bug #54468: crash after item's print() function when ordering/grouping
-+# by subquery
-+#
-+CREATE TABLE t1(a INT, b INT);
-+INSERT INTO t1 VALUES (), ();
-+SELECT 1 FROM t1
-+GROUP BY
-+GREATEST(t1.a,
-+(SELECT 1 FROM
-+(SELECT t1.b FROM t1,t1 t2
-+ORDER BY t1.a, t1.a LIMIT 1) AS d)
-+);
-+1
-+1
-+DROP TABLE t1;
- End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/join.test mysql-5.1-5.1.49/mysql-test/t/join.test
---- mysql-5.1-5.1.49~/mysql-test/t/join.test 2010-07-09 09:02:30.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/join.test 2010-11-08 11:03:21.000000000 -0500
-@@ -851,4 +851,54 @@
- SELECT t1.a FROM mm1,t1;
- DROP TABLE t1, t2, mm1;
-
-+#--echo #
-+#--echo # Bug #55568: user variable assignments crash server when used within
-+#--echo # query
-+#--echo #
-+#
-+#
-+# This test case is invalidated because of fix of bug 55531
-+# The reason is that {1} is not a valid geometric collection.
-+#
-+#CREATE TABLE t1 (a INT);
-+
-+#INSERT INTO t1 VALUES (0), (1);
-+
-+#let $i=2;
-+#while ($i)
-+#{
-+# SELECT MULTIPOINT(
-+# 1,
-+# (
-+# SELECT MULTIPOINT(
-+# MULTIPOINT(
-+# 1,
-+# (SELECT COUNT(*) FROM (SELECT 1 FROM t1 GROUP BY a,a) d)
-+# )
-+# ) FROM t1
-+# )
-+# ) != COUNT(*) q FROM t1 GROUP BY a;
-+# dec $i;
-+#}
-+#
-+#DROP TABLE t1;
-+
-+--echo #
-+--echo # Bug #54468: crash after item's print() function when ordering/grouping
-+--echo # by subquery
-+--echo #
-+
-+CREATE TABLE t1(a INT, b INT);
-+INSERT INTO t1 VALUES (), ();
-+
-+SELECT 1 FROM t1
-+GROUP BY
-+GREATEST(t1.a,
-+ (SELECT 1 FROM
-+ (SELECT t1.b FROM t1,t1 t2
-+ ORDER BY t1.a, t1.a LIMIT 1) AS d)
-+ );
-+
-+DROP TABLE t1;
-+
- --echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/field.cc mysql-5.1-5.1.49/sql/field.cc
---- mysql-5.1-5.1.49~/sql/field.cc 2010-07-09 08:34:53.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/field.cc 2010-11-08 11:03:21.000000000 -0500
-@@ -1535,7 +1535,7 @@
- }
- else
- field->org_table_name= field->db_name= "";
-- if (orig_table)
-+ if (orig_table && orig_table->alias)
- {
- field->table_name= orig_table->alias;
- field->org_col_name= field_name;
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/sql_select.cc mysql-5.1-5.1.49/sql/sql_select.cc
---- mysql-5.1-5.1.49~/sql/sql_select.cc 2010-07-09 08:34:57.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/sql_select.cc 2010-11-08 11:03:21.000000000 -0500
-@@ -2378,13 +2378,8 @@
-
- cleanup(1);
- /* Cleanup items referencing temporary table columns */
-- if (!tmp_all_fields3.is_empty())
-- {
-- List_iterator_fast<Item> it(tmp_all_fields3);
-- Item *item;
-- while ((item= it++))
-- item->cleanup();
-- }
-+ cleanup_item_list(tmp_all_fields1);
-+ cleanup_item_list(tmp_all_fields3);
- if (exec_tmp_table1)
- free_tmp_table(thd, exec_tmp_table1);
- if (exec_tmp_table2)
-@@ -2395,6 +2390,19 @@
- DBUG_RETURN(error);
- }
-
-+
-+void JOIN::cleanup_item_list(List<Item> &items) const
-+{
-+ if (!items.is_empty())
-+ {
-+ List_iterator_fast<Item> it(items);
-+ Item *item;
-+ while ((item= it++))
-+ item->cleanup();
-+ }
-+}
-+
-+
- /**
- An entry point to single-unit select (a select without UNION).
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/sql_select.h mysql-5.1-5.1.49/sql/sql_select.h
---- mysql-5.1-5.1.49~/sql/sql_select.h 2010-07-09 08:34:56.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/sql_select.h 2010-11-08 11:03:21.000000000 -0500
-@@ -577,6 +577,7 @@
- */
- bool implicit_grouping;
- bool make_simple_join(JOIN *join, TABLE *tmp_table);
-+ void cleanup_item_list(List<Item> &items) const;
- };
-
-
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3835.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3835.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3835.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,86 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via user-variable assignment expression.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.18
-# Bug: http://bugs.mysql.com/bug.php?id=55564
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/user_var.result mysql-5.1-5.1.49/mysql-test/r/user_var.result
---- mysql-5.1-5.1.49~/mysql-test/r/user_var.result 2010-07-09 09:03:13.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/user_var.result 2010-11-08 11:03:36.000000000 -0500
-@@ -430,4 +430,21 @@
- INSERT INTO t1 VALUES (1);
- INSERT INTO t1 VALUES (1);
- DROP TABLE t1;
-+CREATE TABLE t1(a INT);
-+INSERT INTO t1 VALUES (0),(0);
-+# BUG#55615 : should not crash
-+SELECT (@a:=(SELECT @a:=1 FROM t1 LIMIT 1)) AND COUNT(1) FROM t1 GROUP BY @a;
-+(@a:=(SELECT @a:=1 FROM t1 LIMIT 1)) AND COUNT(1)
-+1
-+1
-+# BUG#55564 : should not crash
-+SELECT IF(
-+ at v:=LEAST((SELECT 1 FROM t1 t2 LEFT JOIN t1 ON (@v) GROUP BY t1.a), a),
-+count(*), 1)
-+FROM t1 GROUP BY a LIMIT 1;
-+IF(
-+ at v:=LEAST((SELECT 1 FROM t1 t2 LEFT JOIN t1 ON (@v) GROUP BY t1.a), a),
-+count(*), 1)
-+1
-+DROP TABLE t1;
- End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/user_var.test mysql-5.1-5.1.49/mysql-test/t/user_var.test
---- mysql-5.1-5.1.49~/mysql-test/t/user_var.test 2010-07-09 09:02:46.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/user_var.test 2010-11-08 11:03:36.000000000 -0500
-@@ -328,4 +328,22 @@
- INSERT INTO t1 VALUES (1);
- DROP TABLE t1;
-
-+#
-+# Bug #55615: debug assertion after using variable in assignment and
-+# referred to
-+# Bug #55564: crash with user variables, assignments, joins...
-+#
-+
-+CREATE TABLE t1(a INT);
-+INSERT INTO t1 VALUES (0),(0);
-+--echo # BUG#55615 : should not crash
-+SELECT (@a:=(SELECT @a:=1 FROM t1 LIMIT 1)) AND COUNT(1) FROM t1 GROUP BY @a;
-+--echo # BUG#55564 : should not crash
-+SELECT IF(
-+ @v:=LEAST((SELECT 1 FROM t1 t2 LEFT JOIN t1 ON (@v) GROUP BY t1.a), a),
-+ count(*), 1)
-+FROM t1 GROUP BY a LIMIT 1;
-+
-+DROP TABLE t1;
-+
- --echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_func.cc mysql-5.1-5.1.49/sql/item_func.cc
---- mysql-5.1-5.1.49~/sql/item_func.cc 2010-11-08 11:03:31.000000000 -0500
-+++ mysql-5.1-5.1.49/sql/item_func.cc 2010-11-08 11:03:36.000000000 -0500
-@@ -4275,6 +4275,14 @@
- return entry->val_int(&null_value);
- }
-
-+bool Item_func_set_user_var::val_bool_result()
-+{
-+ DBUG_ASSERT(fixed == 1);
-+ check(TRUE);
-+ update(); // Store expression
-+ return entry->val_int(&null_value) != 0;
-+}
-+
- String *Item_func_set_user_var::str_result(String *str)
- {
- DBUG_ASSERT(fixed == 1);
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_func.h mysql-5.1-5.1.49/sql/item_func.h
---- mysql-5.1-5.1.49~/sql/item_func.h 2010-07-09 08:35:10.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/item_func.h 2010-11-08 11:03:36.000000000 -0500
-@@ -1353,6 +1353,7 @@
- my_decimal *val_decimal(my_decimal *);
- double val_result();
- longlong val_int_result();
-+ bool val_bool_result();
- String *str_result(String *str);
- my_decimal *val_decimal_result(my_decimal *);
- bool is_null_result();
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3836.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3836.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3836.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,70 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via pre-evaluation of LIKE
-# predicates during view preparation.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3452.1.22
-# Bug: http://bugs.mysql.com/bug.php?id=54568
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/subselect4.result mysql-5.1-5.1.49/mysql-test/r/subselect4.result
---- mysql-5.1-5.1.49~/mysql-test/r/subselect4.result 2010-07-09 09:03:11.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/subselect4.result 2010-11-08 11:03:53.000000000 -0500
-@@ -59,3 +59,24 @@
- (SELECT 1 FROM t1,t2 WHERE t2.b > t3.b)
- DROP TABLE t1,t2,t3;
- End of 5.0 tests.
-+#
-+# Bug#54568: create view cause Assertion failed: 0,
-+# file .\item_subselect.cc, line 836
-+#
-+EXPLAIN SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+id select_type table type possible_keys key key_len ref rows Extra
-+1 PRIMARY NULL NULL NULL NULL NULL NULL NULL No tables used
-+Warnings:
-+Note 1249 Select 2 was reduced during optimization
-+DESCRIBE SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+id select_type table type possible_keys key key_len ref rows Extra
-+1 PRIMARY NULL NULL NULL NULL NULL NULL NULL No tables used
-+Warnings:
-+Note 1249 Select 2 was reduced during optimization
-+# None of the below should crash
-+CREATE VIEW v1 AS SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+CREATE VIEW v2 AS SELECT 1 LIKE '%' ESCAPE ( 1 IN ( SELECT 1 ) );
-+DROP VIEW v1, v2;
-+#
-+# End of 5.1 tests.
-+#
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/subselect4.test mysql-5.1-5.1.49/mysql-test/t/subselect4.test
---- mysql-5.1-5.1.49~/mysql-test/t/subselect4.test 2010-07-09 09:02:43.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/subselect4.test 2010-11-08 11:03:53.000000000 -0500
-@@ -62,3 +62,19 @@
- DROP TABLE t1,t2,t3;
-
- --echo End of 5.0 tests.
-+
-+--echo #
-+--echo # Bug#54568: create view cause Assertion failed: 0,
-+--echo # file .\item_subselect.cc, line 836
-+--echo #
-+EXPLAIN SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+DESCRIBE SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+--echo # None of the below should crash
-+CREATE VIEW v1 AS SELECT 1 LIKE ( 1 IN ( SELECT 1 ) );
-+CREATE VIEW v2 AS SELECT 1 LIKE '%' ESCAPE ( 1 IN ( SELECT 1 ) );
-+DROP VIEW v1, v2;
-+
-+
-+--echo #
-+--echo # End of 5.1 tests.
-+--echo #
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_cmpfunc.cc mysql-5.1-5.1.49/sql/item_cmpfunc.cc
---- mysql-5.1-5.1.49~/sql/item_cmpfunc.cc 2010-07-09 08:34:57.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/item_cmpfunc.cc 2010-11-08 11:03:53.000000000 -0500
-@@ -4606,7 +4606,7 @@
- return TRUE;
- }
-
-- if (escape_item->const_item())
-+ if (escape_item->const_item() && !thd->lex->view_prepare_mode)
- {
- /* If we are on execution stage */
- String *escape_str= escape_item->val_str(&cmp.value1);
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3837.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3837.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3837.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,120 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via use of GROUP_CONCAT() and
-# WITH ROLLUP together
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.7
-# Bug: http://bugs.mysql.com/bug.php?id=54476
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/func_gconcat.result mysql-5.1-5.1.49/mysql-test/r/func_gconcat.result
---- mysql-5.1-5.1.49~/mysql-test/r/func_gconcat.result 2010-07-09 09:02:55.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/func_gconcat.result 2010-11-08 11:04:05.000000000 -0500
-@@ -995,6 +995,7 @@
- 1
- 1
- DROP TABLE t1;
-+End of 5.0 tests
- #
- # Bug #52397: another crash with explain extended and group_concat
- #
-@@ -1010,4 +1011,22 @@
- Warnings:
- Note 1003 select 1 AS `1` from (select group_concat(`test`.`t1`.`a` order by `test`.`t1`.`a` ASC separator ',') AS `GROUP_CONCAT(t1.a ORDER BY t1.a ASC)` from `test`.`t1` `t2` join `test`.`t1` group by `test`.`t1`.`a`) `d`
- DROP TABLE t1;
--End of 5.0 tests
-+#
-+# Bug #54476: crash when group_concat and 'with rollup' in prepared statements
-+#
-+CREATE TABLE t1 (a INT);
-+INSERT INTO t1 VALUES (1), (2);
-+PREPARE stmt FROM "SELECT GROUP_CONCAT(t1.a ORDER BY t1.a) FROM t1 JOIN t1 t2 GROUP BY t1.a WITH ROLLUP";
-+EXECUTE stmt;
-+GROUP_CONCAT(t1.a ORDER BY t1.a)
-+1,1
-+2,2
-+1,1,2,2
-+EXECUTE stmt;
-+GROUP_CONCAT(t1.a ORDER BY t1.a)
-+1,1
-+2,2
-+1,1,2,2
-+DEALLOCATE PREPARE stmt;
-+DROP TABLE t1;
-+End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/func_gconcat.test mysql-5.1-5.1.49/mysql-test/t/func_gconcat.test
---- mysql-5.1-5.1.49~/mysql-test/t/func_gconcat.test 2010-07-09 09:02:26.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/func_gconcat.test 2010-11-08 11:04:05.000000000 -0500
-@@ -708,6 +708,7 @@
-
- DROP TABLE t1;
-
-+--echo End of 5.0 tests
-
- --echo #
- --echo # Bug #52397: another crash with explain extended and group_concat
-@@ -719,5 +720,18 @@
- t1 t2, t1 GROUP BY t1.a) AS d;
- DROP TABLE t1;
-
-+--echo #
-+--echo # Bug #54476: crash when group_concat and 'with rollup' in prepared statements
-+--echo #
-+
-+CREATE TABLE t1 (a INT);
-+INSERT INTO t1 VALUES (1), (2);
-
----echo End of 5.0 tests
-+PREPARE stmt FROM "SELECT GROUP_CONCAT(t1.a ORDER BY t1.a) FROM t1 JOIN t1 t2 GROUP BY t1.a WITH ROLLUP";
-+EXECUTE stmt;
-+EXECUTE stmt;
-+
-+DEALLOCATE PREPARE stmt;
-+DROP TABLE t1;
-+
-+--echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_sum.cc mysql-5.1-5.1.49/sql/item_sum.cc
---- mysql-5.1-5.1.49~/sql/item_sum.cc 2010-07-09 08:34:53.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/item_sum.cc 2010-11-08 11:04:05.000000000 -0500
-@@ -3034,7 +3034,6 @@
- tree(item->tree),
- unique_filter(item->unique_filter),
- table(item->table),
-- order(item->order),
- context(item->context),
- arg_count_order(item->arg_count_order),
- arg_count_field(item->arg_count_field),
-@@ -3047,6 +3046,24 @@
- {
- quick_group= item->quick_group;
- result.set_charset(collation.collation);
-+
-+ /*
-+ Since the ORDER structures pointed to by the elements of the 'order' array
-+ may be modified in find_order_in_list() called from
-+ Item_func_group_concat::setup(), create a copy of those structures so that
-+ such modifications done in this object would not have any effect on the
-+ object being copied.
-+ */
-+ ORDER *tmp;
-+ if (!(order= (ORDER **) thd->alloc(sizeof(ORDER *) * arg_count_order +
-+ sizeof(ORDER) * arg_count_order)))
-+ return;
-+ tmp= (ORDER *)(order + arg_count_order);
-+ for (uint i= 0; i < arg_count_order; i++, tmp++)
-+ {
-+ memcpy(tmp, item->order[i], sizeof(ORDER));
-+ order[i]= tmp;
-+ }
- }
-
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/table.h mysql-5.1-5.1.49/sql/table.h
---- mysql-5.1-5.1.49~/sql/table.h 2010-07-09 08:34:54.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/table.h 2010-11-08 11:04:05.000000000 -0500
-@@ -55,7 +55,6 @@
- struct st_order *next;
- Item **item; /* Point at item in select fields */
- Item *item_ptr; /* Storage for initial item */
-- Item **item_copy; /* For SPs; the original item ptr */
- int counter; /* position in SELECT list, correct
- only if counter_used is true*/
- bool asc; /* true if ascending */
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3838.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3838.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3838.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,61 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via longblob and union or update with subquery.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.1.8
-# Bug: http://bugs.mysql.com/bug.php?id=54461
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/func_misc.result mysql-5.1-5.1.49/mysql-test/r/func_misc.result
---- mysql-5.1-5.1.49~/mysql-test/r/func_misc.result 2010-07-09 09:02:55.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/func_misc.result 2010-11-08 11:04:23.000000000 -0500
-@@ -336,4 +336,19 @@
- select connection_id() > 0;
- connection_id() > 0
- 1
-+#
-+# Bug #54461: crash with longblob and union or update with subquery
-+#
-+CREATE TABLE t1 (a INT, b LONGBLOB);
-+INSERT INTO t1 VALUES (1, '2'), (2, '3'), (3, '2');
-+SELECT DISTINCT LEAST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1;
-+LEAST(a, (SELECT b FROM t1 LIMIT 1))
-+1
-+2
-+SELECT DISTINCT GREATEST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1;
-+GREATEST(a, (SELECT b FROM t1 LIMIT 1))
-+2
-+3
-+1
-+DROP TABLE t1;
- End of tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/func_misc.test mysql-5.1-5.1.49/mysql-test/t/func_misc.test
---- mysql-5.1-5.1.49~/mysql-test/t/func_misc.test 2010-07-09 09:02:27.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/func_misc.test 2010-11-08 11:04:23.000000000 -0500
-@@ -467,4 +467,16 @@
-
- select connection_id() > 0;
-
-+--echo #
-+--echo # Bug #54461: crash with longblob and union or update with subquery
-+--echo #
-+
-+CREATE TABLE t1 (a INT, b LONGBLOB);
-+INSERT INTO t1 VALUES (1, '2'), (2, '3'), (3, '2');
-+
-+SELECT DISTINCT LEAST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1;
-+SELECT DISTINCT GREATEST(a, (SELECT b FROM t1 LIMIT 1)) FROM t1 UNION SELECT 1;
-+
-+DROP TABLE t1;
-+
- --echo End of tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/item_func.cc mysql-5.1-5.1.49/sql/item_func.cc
---- mysql-5.1-5.1.49~/sql/item_func.cc 2010-11-08 11:04:19.000000000 -0500
-+++ mysql-5.1-5.1.49/sql/item_func.cc 2010-11-08 11:04:23.000000000 -0500
-@@ -2243,6 +2243,8 @@
- max_length= my_decimal_precision_to_length_no_truncation(max_int_part +
- decimals, decimals,
- unsigned_flag);
-+ else if (cmp_type == REAL_RESULT)
-+ max_length= float_length(decimals);
- cached_field_type= agg_field_type(args, arg_count);
- }
-
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3839.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3839.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3839.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,77 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fixdenial of service via certain queries with nested joins.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3461.3.1
-# Bug: http://bugs.mysql.com/bug.php?id=53544
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/join.result mysql-5.1-5.1.49/mysql-test/r/join.result
---- mysql-5.1-5.1.49~/mysql-test/r/join.result 2010-11-08 11:04:33.000000000 -0500
-+++ mysql-5.1-5.1.49/mysql-test/r/join.result 2010-11-08 11:05:51.000000000 -0500
-@@ -1200,4 +1200,24 @@
- 1
- 1
- DROP TABLE t1;
-+#
-+# Bug #53544: Server hangs during JOIN query in stored procedure called
-+# twice in a row
-+#
-+CREATE TABLE t1(c INT);
-+INSERT INTO t1 VALUES (1), (2);
-+PREPARE stmt FROM "SELECT t2.c AS f1 FROM t1 LEFT JOIN
-+ t1 t2 ON t1.c=t2.c RIGHT JOIN
-+ t1 t3 ON t1.c=t3.c
-+ GROUP BY f1;";
-+EXECUTE stmt;
-+f1
-+1
-+2
-+EXECUTE stmt;
-+f1
-+1
-+2
-+DEALLOCATE PREPARE stmt;
-+DROP TABLE t1;
- End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/join.test mysql-5.1-5.1.49/mysql-test/t/join.test
---- mysql-5.1-5.1.49~/mysql-test/t/join.test 2010-11-08 11:04:33.000000000 -0500
-+++ mysql-5.1-5.1.49/mysql-test/t/join.test 2010-11-08 11:05:10.000000000 -0500
-@@ -901,4 +901,24 @@
-
- DROP TABLE t1;
-
-+--echo #
-+--echo # Bug #53544: Server hangs during JOIN query in stored procedure called
-+--echo # twice in a row
-+--echo #
-+
-+CREATE TABLE t1(c INT);
-+
-+INSERT INTO t1 VALUES (1), (2);
-+
-+PREPARE stmt FROM "SELECT t2.c AS f1 FROM t1 LEFT JOIN
-+ t1 t2 ON t1.c=t2.c RIGHT JOIN
-+ t1 t3 ON t1.c=t3.c
-+ GROUP BY f1;";
-+
-+EXECUTE stmt;
-+EXECUTE stmt;
-+
-+DEALLOCATE PREPARE stmt;
-+DROP TABLE t1;
-+
- --echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/sql_select.cc mysql-5.1-5.1.49/sql/sql_select.cc
---- mysql-5.1-5.1.49~/sql/sql_select.cc 2010-11-08 11:04:33.000000000 -0500
-+++ mysql-5.1-5.1.49/sql/sql_select.cc 2010-11-08 11:05:10.000000000 -0500
-@@ -8883,10 +8883,10 @@
-
- /* Flatten nested joins that can be flattened. */
- TABLE_LIST *right_neighbor= NULL;
-- bool fix_name_res= FALSE;
- li.rewind();
- while ((table= li++))
- {
-+ bool fix_name_res= FALSE;
- nested_join= table->nested_join;
- if (nested_join && !table->on_expr)
- {
Deleted: mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3840.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3840.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/61_CVE-2010-3840.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,62 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-# Description: fix denial of service via PolyFromWKB() function and improper data.
-# Origin: upstream, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3452.1.42
-# Bug: http://bugs.mysql.com/bug.php?id=51875
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/r/gis.result mysql-5.1-5.1.49/mysql-test/r/gis.result
---- mysql-5.1-5.1.49~/mysql-test/r/gis.result 2010-07-09 09:02:56.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/r/gis.result 2010-11-08 11:07:09.000000000 -0500
-@@ -1057,4 +1057,11 @@
- SELECT Polygon(12345123,'');
- Polygon(12345123,'')
- NULL
-+#
-+# BUG#51875: crash when loading data into geometry function polyfromwkb
-+#
-+SET @a=0x00000000030000000100000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440;
-+SET @a=POLYFROMWKB(@a);
-+SET @a=0x00000000030000000000000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440;
-+SET @a=POLYFROMWKB(@a);
- End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/mysql-test/t/gis.test mysql-5.1-5.1.49/mysql-test/t/gis.test
---- mysql-5.1-5.1.49~/mysql-test/t/gis.test 2010-07-09 09:02:27.000000000 -0400
-+++ mysql-5.1-5.1.49/mysql-test/t/gis.test 2010-11-08 11:07:09.000000000 -0500
-@@ -722,4 +722,14 @@
- SELECT Polygon(1234512,'');
- SELECT Polygon(12345123,'');
-
-+
-+--echo #
-+--echo # BUG#51875: crash when loading data into geometry function polyfromwkb
-+--echo #
-+SET @a=0x00000000030000000100000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440;
-+SET @a=POLYFROMWKB(@a);
-+SET @a=0x00000000030000000000000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440;
-+SET @a=POLYFROMWKB(@a);
-+
-+
- --echo End of 5.1 tests
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' mysql-5.1-5.1.49~/sql/spatial.cc mysql-5.1-5.1.49/sql/spatial.cc
---- mysql-5.1-5.1.49~/sql/spatial.cc 2010-07-09 08:35:15.000000000 -0400
-+++ mysql-5.1-5.1.49/sql/spatial.cc 2010-11-08 11:07:09.000000000 -0500
-@@ -522,7 +522,7 @@
- n_points= wkb_get_uint(wkb, bo);
- proper_length= 4 + n_points * POINT_DATA_SIZE;
-
-- if (len < proper_length || res->reserve(proper_length))
-+ if (!n_points || len < proper_length || res->reserve(proper_length))
- return 0;
-
- res->q_append(n_points);
-@@ -740,7 +740,9 @@
- if (len < 4)
- return 0;
-
-- n_linear_rings= wkb_get_uint(wkb, bo);
-+ if (!(n_linear_rings= wkb_get_uint(wkb, bo)))
-+ return 0;
-+
- if (res->reserve(4, 512))
- return 0;
- wkb+= 4;
Deleted: mysql-5.1/branches/stable-security/debian/patches/99_fix_testsuite_for_installed_env.dpatch
===================================================================
--- mysql-5.1/branches/stable-security/debian/patches/99_fix_testsuite_for_installed_env.dpatch 2012-03-02 06:39:40 UTC (rev 2043)
+++ mysql-5.1/branches/stable-security/debian/patches/99_fix_testsuite_for_installed_env.dpatch 2012-03-03 23:28:40 UTC (rev 2044)
@@ -1,36 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 99_fix_testsuite_for_installed_env.dpatch by Steve Beattie <sbeattie at ubuntu.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fix the mysql testsuite to work in the installed locations
-
- at DPATCH@
-diff -urNad mysql-5.1-5.1.49~/mysql-test/lib/My/ConfigFactory.pm mysql-5.1-5.1.49/mysql-test/lib/My/ConfigFactory.pm
---- mysql-5.1-5.1.49~/mysql-test/lib/My/ConfigFactory.pm 2010-07-09 05:34:55.000000000 -0700
-+++ mysql-5.1-5.1.49/mysql-test/lib/My/ConfigFactory.pm 2010-08-12 16:40:07.000000000 -0700
-@@ -140,10 +140,13 @@
- return $vardir;
- }
-
-+my @std_data_prefixes=("mysql-test", "lib/mysql-testsuite");
-+
- sub fix_std_data {
- my ($self, $config, $group_name, $group)= @_;
- my $basedir= $self->get_basedir($group);
-- return "$basedir/mysql-test/std_data";
-+ return my_find_dir($self->get_basedir($group),
-+ \@std_data_prefixes, "std_data");
- }
-
- sub ssl_supported {
-diff -urNad mysql-5.1-5.1.49~/mysql-test/lib/mtr_cases.pm mysql-5.1-5.1.49/mysql-test/lib/mtr_cases.pm
---- mysql-5.1-5.1.49~/mysql-test/lib/mtr_cases.pm 2010-07-09 05:34:53.000000000 -0700
-+++ mysql-5.1-5.1.49/mysql-test/lib/mtr_cases.pm 2010-08-12 16:34:10.000000000 -0700
-@@ -268,6 +268,7 @@
- {
- $suitedir= my_find_dir($::basedir,
- ["mysql-test/suite",
-+ "lib/mysql-testsuite/suite",
- "mysql-test",
- # Look in storage engine specific suite dirs
- "storage/*/mysql-test-suites"
More information about the Pkg-mysql-commits
mailing list