[Pkg-mysql-commits] r2249 - in mysql-5.5/branches/wheezy/debian: . patches

James Downing Page jamespage at moszumanska.debian.org
Fri Jan 17 17:13:58 UTC 2014


tags 711600 pending
thanks

Author: jamespage
Date: 2014-01-17 17:13:58 +0000 (Fri, 17 Jan 2014)
New Revision: 2249

Added:
   mysql-5.5/branches/wheezy/debian/NEWS
   mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch
   mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch
   mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch
   mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch
Modified:
   mysql-5.5/branches/wheezy/debian/changelog
   mysql-5.5/branches/wheezy/debian/copyright
   mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst
   mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch
   mysql-5.5/branches/wheezy/debian/patches/series
Log:
releasing package mysql-5.5 version 5.5.33+dfsg-0+wheezy1

Added: mysql-5.5/branches/wheezy/debian/NEWS
===================================================================
--- mysql-5.5/branches/wheezy/debian/NEWS	                        (rev 0)
+++ mysql-5.5/branches/wheezy/debian/NEWS	2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,22 @@
+mysql-5.5 (5.5.33+dfsg-0+wheezy1) wheezy-security; urgency=high
+
+  mysql-server-5.5 ships with the upstream mysql_install_db script which
+  creates a database "test" and sets up permissions that allow anonymous
+  access, without a password, from localhost to the "test" database and
+  any databases starting with "test_" that users might have created
+  after installing mysql-server.
+
+  During the migration of mysql-5.1 to mysql-5.5 in Debian the patches
+  to drop these permissions and the creation of the test databases were
+  not applied. This update resolves this issue for new installations of
+  mysql-server-5.5.
+
+  If you are updating from a previous version of mysql-5.5 it is
+  recommended to check your installation and to drop these privileges
+  and databases manually.
+
+  Further information can be found at the MySQL 5.5 Reference Manual[1].
+
+   [1] http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 14 Dec 2013 22:15:25 +0100

Modified: mysql-5.5/branches/wheezy/debian/changelog
===================================================================
--- mysql-5.5/branches/wheezy/debian/changelog	2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/changelog	2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,5 +1,31 @@
-mysql-5.5 (5.5.31+dfsg-0+wheezy1) UNRELEASED; urgency=high
+mysql-5.5 (5.5.33+dfsg-0+wheezy1) wheezy-security; urgency=high
 
+  * Non-maintainer upload by the Security Team.
+  * Imported Upstream version 5.5.33+dfsg
+    - Fixes: CVE-2013-5807 CVE-2013-3839 CVE-2013-3812 CVE-2013-3809
+      CVE-2013-3804 CVE-2013-3802 CVE-2013-3793 CVE-2013-3783 CVE-2013-1861
+  * Update copyright years for upstream files
+  * Add patches to disable the test database and anonymous access
+    d/p/33_scripts__mysql_create_system_tables__no_test.patch,
+    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
+    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1 package,
+    inadvertently dropped in 5.5 transition. This removes the global
+    anonymous access to the database which is a security concern.
+  * CVE-2013-2162: Insecure creation of the credential file debian.cnf.
+    Set umask to 066 before creating debian.cnf file. (Closes: #711600)
+    (LP: #1185573)
+  * Add 73_fix_rpl_deadlock_innodb_test.patch.
+    Fixes failing rpl.rpl_deadlock_innodb test by ignoring warnings.
+  * Disable more test after dropping the test databases
+    plugin_auth, plugin_auth_qa_1 and plugin_auth_qa_2 fail as they need to
+    operate on test_ databases. Some adaption to either the tests or
+    50_mysql-test__db_test.patch might be further needed.
+  * Add NEWS file to document changes needed to existing databases
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 14 Dec 2013 22:29:18 +0100
+
+mysql-5.5 (5.5.31+dfsg-0+wheezy1) stable-security; urgency=high
+
   * New upstream release.
     SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532
     CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511
@@ -9,7 +35,7 @@
     - d/p/debian-mdev382-fixup.patch: dropped, fixed upstream.
   * d/control: Updating Vcs-* fields to point at wheezy branch.
 
- -- Clint Byrum <clint at ubuntu.com>  Mon, 06 May 2013 12:22:55 -0700
+ -- Clint Byrum <clint at ubuntu.com>  Wed, 08 May 2013 21:33:08 -0700
 
 mysql-5.5 (5.5.30+dfsg-1.1) unstable; urgency=low
 

Modified: mysql-5.5/branches/wheezy/debian/copyright
===================================================================
--- mysql-5.5/branches/wheezy/debian/copyright	2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/copyright	2014-01-17 17:13:58 UTC (rev 2249)
@@ -127,7 +127,7 @@
  © 2010, Oracle and/or its affiliates.
 
 Files: *
-Copyright: 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+Copyright: 2000, 2013, Oracle and/or its affiliates. All rights reserved.
 License: GPL-2
 
 Files: debian/*

Modified: mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst
===================================================================
--- mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst	2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst	2014-01-17 17:13:58 UTC (rev 2249)
@@ -173,7 +173,9 @@
     else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
         if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+	umask 066
         cat /dev/null > $dc
+	umask 022
         echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
         echo "[client]"                                                    >>$dc
         echo "host     = localhost"                                        >>$dc

Added: mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch	                        (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch	2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,27 @@
+Description: drop the passwordless user and test database
+Origin: vendor
+Bug: http://bugs.mysql.com/bug.php?id=6901
+Bug-Debian: http://bugs.debian.org/301741
+From: ch at debian.org
+Last-Update: 2013-12-13
+
+--- a/scripts/mysql_system_tables_data.sql
++++ b/scripts/mysql_system_tables_data.sql
+@@ -31,8 +31,6 @@
+ -- Fill "db" table with default grants for anyone to
+ -- access database 'test' and 'test_%' if "db" table didn't exist
+ CREATE TEMPORARY TABLE tmp_db LIKE db;
+-INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
+-INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
+ INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0;
+ DROP TABLE tmp_db;
+ 
+@@ -44,8 +42,6 @@
+ REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','' FROM dual WHERE LOWER( @current_hostname) != 'localhost';
+ REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
+ REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
+-INSERT INTO tmp_user (host,user) VALUES ('localhost','');
+-INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost';
+ INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0;
+ DROP TABLE tmp_user;
+ 

Added: mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch	                        (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch	2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,16 @@
+From: ch at debian.org
+Bug: http://bugs.mysql.com/bug.php?id=6901
+
+Index: mysql-5.5-5.5.33+dfsg/scripts/mysql_install_db.sh
+===================================================================
+--- mysql-5.5-5.5.33+dfsg.orig/scripts/mysql_install_db.sh	2013-09-26 18:57:32.730764845 -0700
++++ mysql-5.5-5.5.33+dfsg/scripts/mysql_install_db.sh	2013-09-26 18:57:32.726765077 -0700
+@@ -356,7 +356,7 @@
+ fi
+ 
+ # Create database directories
+-for dir in $ldata $ldata/mysql $ldata/test
++for dir in $ldata $ldata/mysql
+ do
+   if test ! -d $dir
+   then

Added: mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch	                        (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch	2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,17 @@
+From: Christian Hammers <ch at debian.org>
+Description: restores the rights for anybody to connect to the test
+ database so that the test suite can function properly.
+
+--- a/mysql-test/mysql-test-run.pl
++++ b/mysql-test/mysql-test-run.pl
+@@ -3355,6 +3355,10 @@
+     mtr_appendfile_to_file("$sql_dir/mysql_system_tables_data.sql",
+ 			   $bootstrap_sql_file);
+ 
++    mtr_tofile($bootstrap_sql_file, "-- Debian removed the default privileges on the 'test' database\n");
++    mtr_tofile($bootstrap_sql_file, "INSERT INTO mysql.db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');\n");
++
++
+     # Add test data for timezone - this is just a subset, on a real
+     # system these tables will be populated either by mysql_tzinfo_to_sql
+     # or by downloading the timezone table package from our website

Modified: mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch	2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch	2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,13 +1,11 @@
 Author: Clint Byrum <clint at ubuntu.com>
 Subject: Convenient place to disable tests that are currently failing
 Forwarded: not-needed
-Last-Update: 2012-03-07
+Last-Update: 2013-12-14
 Reviewed-by: Nicholas Bamber <nicholas at periapt.co.uk>
-Index: mysql-5.5-5.5.31+dfsg/mysql-test/t/disabled.def
-===================================================================
---- mysql-5.5-5.5.31+dfsg.orig/mysql-test/t/disabled.def	2013-03-25 06:14:58.000000000 -0700
-+++ mysql-5.5-5.5.31+dfsg/mysql-test/t/disabled.def	2013-05-05 09:43:53.000000000 -0700
-@@ -15,3 +15,8 @@
+--- a/mysql-test/t/disabled.def
++++ b/mysql-test/t/disabled.def
+@@ -15,3 +15,11 @@
  archive-big              : Bug#11817185 2011-03-10 Anitha Disabled since this leads to timeout on Solaris Sparc
  log_tables-big           : Bug#11756699 2010-11-15 mattiasj report already exists
  mysql_embedded           : Bug#12561297 2011-05-14 Anitha Dependent on PB2 changes - eventum#41836
@@ -16,3 +14,6 @@
 +mysqlslap		 : n/a	2012-04-29 Failed once on kfreebsd
 +mysqlhotcopy_isam	 : n/a  2012-04-29 Olaf van der Spek reported this failure
 +mysqlhotcopy_archive	 : n/a  2012-04-29 Olaf van der Spek reported this failure
++plugin_auth              : n/a  2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)
++plugin_auth_qa_1         : n/a  2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)
++plugin_auth_qa_2         : n/a  2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)

Added: mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch	                        (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch	2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,19 @@
+Description: fix failing rpl.rpl_deadlock_innodb test by ignoring warnings
+Origin: vendor, http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/1029971
+Bug: http://bugs.mysql.com/bug.php?id=69458
+Bug: http://bugs.mysql.com/bug.php?id=69455
+
+Index: mysql-5.5-5.5.32.orig/mysql-test/include/mtr_warnings.sql
+===================================================================
+--- mysql-5.5-5.5.32.orig.orig/mysql-test/include/mtr_warnings.sql	2013-06-19 11:26:28.000000000 -0400
++++ mysql-5.5-5.5.32.orig/mysql-test/include/mtr_warnings.sql	2013-07-23 14:49:38.233802237 -0400
+@@ -162,6 +162,9 @@
+  ("InnoDB: Error: in RENAME TABLE table `test`.`t1`"),
+  ("InnoDB: Error: table `test`.`t[123]` does not exist in the InnoDB internal"),
+ 
++ /* rpl.rpl_deadlock_innodb fails when trying DROP tables */
++ ("InnoDB: Error: table `mysqld.2`.`#sql.*` does not exist in the InnoDB internal"),
++
+  /*
+    BUG#32080 - Excessive warnings on Solaris: setrlimit could not
+    change the size of core files

Modified: mysql-5.5/branches/wheezy/debian/patches/series
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/series	2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/patches/series	2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,9 +1,13 @@
 1_hurd.patch
+33_scripts__mysql_create_system_tables__no_test.patch
 38_scripts__mysqld_safe.sh__signals.patch
+41_scripts__mysql_install_db.sh__no_test.patch
+50_mysql-test__db_test.patch
 62_disable_tests.patch
 70_mysql_va_list.patch
 71_disable_rpl_tests.patch
 72_fix_standalone_tests.patch
+73_fix_rpl_deadlock_innodb_test.patch
 93_kfreebsd_tests.patch
 94_spelling.patch
 regex_plus.patch




More information about the Pkg-mysql-commits mailing list