[Pkg-mysql-commits] r2249 - in mysql-5.5/branches/wheezy/debian: . patches
James Downing Page
jamespage at moszumanska.debian.org
Fri Jan 17 17:13:58 UTC 2014
tags 711600 pending
thanks
Author: jamespage
Date: 2014-01-17 17:13:58 +0000 (Fri, 17 Jan 2014)
New Revision: 2249
Added:
mysql-5.5/branches/wheezy/debian/NEWS
mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch
mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch
mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch
mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch
Modified:
mysql-5.5/branches/wheezy/debian/changelog
mysql-5.5/branches/wheezy/debian/copyright
mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst
mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch
mysql-5.5/branches/wheezy/debian/patches/series
Log:
releasing package mysql-5.5 version 5.5.33+dfsg-0+wheezy1
Added: mysql-5.5/branches/wheezy/debian/NEWS
===================================================================
--- mysql-5.5/branches/wheezy/debian/NEWS (rev 0)
+++ mysql-5.5/branches/wheezy/debian/NEWS 2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,22 @@
+mysql-5.5 (5.5.33+dfsg-0+wheezy1) wheezy-security; urgency=high
+
+ mysql-server-5.5 ships with the upstream mysql_install_db script which
+ creates a database "test" and sets up permissions that allow anonymous
+ access, without a password, from localhost to the "test" database and
+ any databases starting with "test_" that users might have created
+ after installing mysql-server.
+
+ During the migration of mysql-5.1 to mysql-5.5 in Debian the patches
+ to drop these permissions and the creation of the test databases were
+ not applied. This update resolves this issue for new installations of
+ mysql-server-5.5.
+
+ If you are updating from a previous version of mysql-5.5 it is
+ recommended to check your installation and to drop these privileges
+ and databases manually.
+
+ Further information can be found at the MySQL 5.5 Reference Manual[1].
+
+ [1] http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 14 Dec 2013 22:15:25 +0100
Modified: mysql-5.5/branches/wheezy/debian/changelog
===================================================================
--- mysql-5.5/branches/wheezy/debian/changelog 2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/changelog 2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,5 +1,31 @@
-mysql-5.5 (5.5.31+dfsg-0+wheezy1) UNRELEASED; urgency=high
+mysql-5.5 (5.5.33+dfsg-0+wheezy1) wheezy-security; urgency=high
+ * Non-maintainer upload by the Security Team.
+ * Imported Upstream version 5.5.33+dfsg
+ - Fixes: CVE-2013-5807 CVE-2013-3839 CVE-2013-3812 CVE-2013-3809
+ CVE-2013-3804 CVE-2013-3802 CVE-2013-3793 CVE-2013-3783 CVE-2013-1861
+ * Update copyright years for upstream files
+ * Add patches to disable the test database and anonymous access
+ d/p/33_scripts__mysql_create_system_tables__no_test.patch,
+ d/p/41_scripts__mysql_install_db.sh__no_test.patch,
+ d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1 package,
+ inadvertently dropped in 5.5 transition. This removes the global
+ anonymous access to the database which is a security concern.
+ * CVE-2013-2162: Insecure creation of the credential file debian.cnf.
+ Set umask to 066 before creating debian.cnf file. (Closes: #711600)
+ (LP: #1185573)
+ * Add 73_fix_rpl_deadlock_innodb_test.patch.
+ Fixes failing rpl.rpl_deadlock_innodb test by ignoring warnings.
+ * Disable more test after dropping the test databases
+ plugin_auth, plugin_auth_qa_1 and plugin_auth_qa_2 fail as they need to
+ operate on test_ databases. Some adaption to either the tests or
+ 50_mysql-test__db_test.patch might be further needed.
+ * Add NEWS file to document changes needed to existing databases
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 14 Dec 2013 22:29:18 +0100
+
+mysql-5.5 (5.5.31+dfsg-0+wheezy1) stable-security; urgency=high
+
* New upstream release.
SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532
CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511
@@ -9,7 +35,7 @@
- d/p/debian-mdev382-fixup.patch: dropped, fixed upstream.
* d/control: Updating Vcs-* fields to point at wheezy branch.
- -- Clint Byrum <clint at ubuntu.com> Mon, 06 May 2013 12:22:55 -0700
+ -- Clint Byrum <clint at ubuntu.com> Wed, 08 May 2013 21:33:08 -0700
mysql-5.5 (5.5.30+dfsg-1.1) unstable; urgency=low
Modified: mysql-5.5/branches/wheezy/debian/copyright
===================================================================
--- mysql-5.5/branches/wheezy/debian/copyright 2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/copyright 2014-01-17 17:13:58 UTC (rev 2249)
@@ -127,7 +127,7 @@
© 2010, Oracle and/or its affiliates.
Files: *
-Copyright: 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+Copyright: 2000, 2013, Oracle and/or its affiliates. All rights reserved.
License: GPL-2
Files: debian/*
Modified: mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst
===================================================================
--- mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst 2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/mysql-server-5.5.postinst 2014-01-17 17:13:58 UTC (rev 2249)
@@ -173,7 +173,9 @@
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+ umask 066
cat /dev/null > $dc
+ umask 022
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
Added: mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/33_scripts__mysql_create_system_tables__no_test.patch 2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,27 @@
+Description: drop the passwordless user and test database
+Origin: vendor
+Bug: http://bugs.mysql.com/bug.php?id=6901
+Bug-Debian: http://bugs.debian.org/301741
+From: ch at debian.org
+Last-Update: 2013-12-13
+
+--- a/scripts/mysql_system_tables_data.sql
++++ b/scripts/mysql_system_tables_data.sql
+@@ -31,8 +31,6 @@
+ -- Fill "db" table with default grants for anyone to
+ -- access database 'test' and 'test_%' if "db" table didn't exist
+ CREATE TEMPORARY TABLE tmp_db LIKE db;
+-INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
+-INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');
+ INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0;
+ DROP TABLE tmp_db;
+
+@@ -44,8 +42,6 @@
+ REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','' FROM dual WHERE LOWER( @current_hostname) != 'localhost';
+ REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
+ REPLACE INTO tmp_user VALUES ('::1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
+-INSERT INTO tmp_user (host,user) VALUES ('localhost','');
+-INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost';
+ INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0;
+ DROP TABLE tmp_user;
+
Added: mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/41_scripts__mysql_install_db.sh__no_test.patch 2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,16 @@
+From: ch at debian.org
+Bug: http://bugs.mysql.com/bug.php?id=6901
+
+Index: mysql-5.5-5.5.33+dfsg/scripts/mysql_install_db.sh
+===================================================================
+--- mysql-5.5-5.5.33+dfsg.orig/scripts/mysql_install_db.sh 2013-09-26 18:57:32.730764845 -0700
++++ mysql-5.5-5.5.33+dfsg/scripts/mysql_install_db.sh 2013-09-26 18:57:32.726765077 -0700
+@@ -356,7 +356,7 @@
+ fi
+
+ # Create database directories
+-for dir in $ldata $ldata/mysql $ldata/test
++for dir in $ldata $ldata/mysql
+ do
+ if test ! -d $dir
+ then
Added: mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/50_mysql-test__db_test.patch 2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,17 @@
+From: Christian Hammers <ch at debian.org>
+Description: restores the rights for anybody to connect to the test
+ database so that the test suite can function properly.
+
+--- a/mysql-test/mysql-test-run.pl
++++ b/mysql-test/mysql-test-run.pl
+@@ -3355,6 +3355,10 @@
+ mtr_appendfile_to_file("$sql_dir/mysql_system_tables_data.sql",
+ $bootstrap_sql_file);
+
++ mtr_tofile($bootstrap_sql_file, "-- Debian removed the default privileges on the 'test' database\n");
++ mtr_tofile($bootstrap_sql_file, "INSERT INTO mysql.db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y');\n");
++
++
+ # Add test data for timezone - this is just a subset, on a real
+ # system these tables will be populated either by mysql_tzinfo_to_sql
+ # or by downloading the timezone table package from our website
Modified: mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch 2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/patches/62_disable_tests.patch 2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,13 +1,11 @@
Author: Clint Byrum <clint at ubuntu.com>
Subject: Convenient place to disable tests that are currently failing
Forwarded: not-needed
-Last-Update: 2012-03-07
+Last-Update: 2013-12-14
Reviewed-by: Nicholas Bamber <nicholas at periapt.co.uk>
-Index: mysql-5.5-5.5.31+dfsg/mysql-test/t/disabled.def
-===================================================================
---- mysql-5.5-5.5.31+dfsg.orig/mysql-test/t/disabled.def 2013-03-25 06:14:58.000000000 -0700
-+++ mysql-5.5-5.5.31+dfsg/mysql-test/t/disabled.def 2013-05-05 09:43:53.000000000 -0700
-@@ -15,3 +15,8 @@
+--- a/mysql-test/t/disabled.def
++++ b/mysql-test/t/disabled.def
+@@ -15,3 +15,11 @@
archive-big : Bug#11817185 2011-03-10 Anitha Disabled since this leads to timeout on Solaris Sparc
log_tables-big : Bug#11756699 2010-11-15 mattiasj report already exists
mysql_embedded : Bug#12561297 2011-05-14 Anitha Dependent on PB2 changes - eventum#41836
@@ -16,3 +14,6 @@
+mysqlslap : n/a 2012-04-29 Failed once on kfreebsd
+mysqlhotcopy_isam : n/a 2012-04-29 Olaf van der Spek reported this failure
+mysqlhotcopy_archive : n/a 2012-04-29 Olaf van der Spek reported this failure
++plugin_auth : n/a 2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)
++plugin_auth_qa_1 : n/a 2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)
++plugin_auth_qa_2 : n/a 2013-12-14 Fails if a test\_% database not accessible (33_scripts__mysql_create_system_tables__no_test.patch)
Added: mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch (rev 0)
+++ mysql-5.5/branches/wheezy/debian/patches/73_fix_rpl_deadlock_innodb_test.patch 2014-01-17 17:13:58 UTC (rev 2249)
@@ -0,0 +1,19 @@
+Description: fix failing rpl.rpl_deadlock_innodb test by ignoring warnings
+Origin: vendor, http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/1029971
+Bug: http://bugs.mysql.com/bug.php?id=69458
+Bug: http://bugs.mysql.com/bug.php?id=69455
+
+Index: mysql-5.5-5.5.32.orig/mysql-test/include/mtr_warnings.sql
+===================================================================
+--- mysql-5.5-5.5.32.orig.orig/mysql-test/include/mtr_warnings.sql 2013-06-19 11:26:28.000000000 -0400
++++ mysql-5.5-5.5.32.orig/mysql-test/include/mtr_warnings.sql 2013-07-23 14:49:38.233802237 -0400
+@@ -162,6 +162,9 @@
+ ("InnoDB: Error: in RENAME TABLE table `test`.`t1`"),
+ ("InnoDB: Error: table `test`.`t[123]` does not exist in the InnoDB internal"),
+
++ /* rpl.rpl_deadlock_innodb fails when trying DROP tables */
++ ("InnoDB: Error: table `mysqld.2`.`#sql.*` does not exist in the InnoDB internal"),
++
+ /*
+ BUG#32080 - Excessive warnings on Solaris: setrlimit could not
+ change the size of core files
Modified: mysql-5.5/branches/wheezy/debian/patches/series
===================================================================
--- mysql-5.5/branches/wheezy/debian/patches/series 2014-01-17 17:06:53 UTC (rev 2248)
+++ mysql-5.5/branches/wheezy/debian/patches/series 2014-01-17 17:13:58 UTC (rev 2249)
@@ -1,9 +1,13 @@
1_hurd.patch
+33_scripts__mysql_create_system_tables__no_test.patch
38_scripts__mysqld_safe.sh__signals.patch
+41_scripts__mysql_install_db.sh__no_test.patch
+50_mysql-test__db_test.patch
62_disable_tests.patch
70_mysql_va_list.patch
71_disable_rpl_tests.patch
72_fix_standalone_tests.patch
+73_fix_rpl_deadlock_innodb_test.patch
93_kfreebsd_tests.patch
94_spelling.patch
regex_plus.patch
More information about the Pkg-mysql-commits
mailing list