[-]
[+]
|
Changed |
mysql.spec
|
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2006-7232.patch
^
|
@@ -0,0 +1,66 @@
+http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=cset&REV=4562ca9dDNqbruzRCDiZ2BbQK3PgKw
+---
+ mysql-test/r/information_schema.result | 15 +++++++++++++++
+ mysql-test/t/information_schema.test | 13 +++++++++++++
+ sql/sql_select.cc | 2 ++
+ 3 files changed, 30 insertions(+)
+
+--- mysql-test/r/information_schema.result.orig
++++ mysql-test/r/information_schema.result
+@@ -1240,3 +1240,18 @@ WHERE table_name=(SELECT MAX(table_name)
+ FROM information_schema.tables);
+ table_name
+ VIEWS
++create view v1 as
++select table_schema as object_schema,
++table_name as object_name,
++table_type as object_type
++from information_schema.tables
++order by object_schema;
++explain select * from v1;
++id select_type table type possible_keys key key_len ref rows Extra
++1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found
++2 DERIVED tables ALL NULL NULL NULL NULL 2 Using filesort
++explain select * from (select table_name from information_schema.tables) as a;
++id select_type table type possible_keys key key_len ref rows Extra
++1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found
++2 DERIVED tables ALL NULL NULL NULL NULL 2
++drop view v1;
+--- mysql-test/t/information_schema.test.orig
++++ mysql-test/t/information_schema.test
+@@ -930,4 +930,17 @@ SELECT table_name from information_schem
+ WHERE table_name=(SELECT MAX(table_name)
+ FROM information_schema.tables);
+
++#
++# Bug#22413: EXPLAIN SELECT FROM view with ORDER BY yield server crash
++#
++create view v1 as
++select table_schema as object_schema,
++ table_name as object_name,
++ table_type as object_type
++from information_schema.tables
++order by object_schema;
++explain select * from v1;
++explain select * from (select table_name from information_schema.tables) as a;
++drop view v1;
++
+ # End of 5.0 tests.
+--- sql/sql_select.cc.orig
++++ sql/sql_select.cc
+@@ -1419,6 +1419,7 @@ JOIN::exec()
+ TABLE *curr_tmp_table= 0;
+
+ if ((curr_join->select_lex->options & OPTION_SCHEMA_TABLE) &&
++ !thd->lex->describe &&
+ get_schema_tables_result(curr_join))
+ {
+ DBUG_VOID_RETURN;
+@@ -12046,6 +12047,7 @@ create_sort_index(THD *thd, JOIN *join,
+
+ /* Fill schema tables with data before filesort if it's necessary */
+ if ((join->select_lex->options & OPTION_SCHEMA_TABLE) &&
++ !thd->lex->describe &&
+ get_schema_tables_result(join))
+ goto err;
+
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-2583.patch
^
|
@@ -0,0 +1,50 @@
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2392.105.16
+---
+ mysql-test/r/func_in.result | 6 ++++++
+ mysql-test/t/func_in.test | 13 +++++++++++++
+ sql/item_cmpfunc.cc | 3 ++-
+ 3 files changed, 21 insertions(+), 1 deletion(-)
+
+--- mysql-test/r/func_in.result.orig
++++ mysql-test/r/func_in.result
+@@ -343,3 +343,9 @@ some_id
+ 1
+ 2
+ drop table t1;
++CREATE TABLE t1 (id int not null);
++INSERT INTO t1 VALUES (1),(2);
++SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
++id
++DROP TABLE t1;
++End of 5.0 tests
+--- mysql-test/t/func_in.test.orig
++++ mysql-test/t/func_in.test
+@@ -232,3 +232,16 @@ select some_id from t1 where some_id not
+ select some_id from t1 where some_id not in(-4,-1,-4);
+ select some_id from t1 where some_id not in(-4,-1,3423534,2342342);
+ drop table t1;
++
++#
++# BUG#27362: IN with a decimal expression that may return NULL
++#
++
++CREATE TABLE t1 (id int not null);
++INSERT INTO t1 VALUES (1),(2);
++
++SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) );
++
++DROP TABLE t1;
++
++--echo End of 5.0 tests
+--- sql/item_cmpfunc.cc.orig
++++ sql/item_cmpfunc.cc
+@@ -2134,7 +2134,8 @@ void in_decimal::set(uint pos, Item *ite
+ dec->len= DECIMAL_BUFF_LENGTH;
+ dec->fix_buffer_pointer();
+ my_decimal *res= item->val_decimal(dec);
+- if (res != dec)
++ /* if item->val_decimal() is evaluated to NULL then res == 0 */
++ if (!item->null_value && res != dec)
+ my_decimal2decimal(res, dec);
+ }
+
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-2691.patch
^
|
@@ -0,0 +1,70 @@
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.1616.3025.1
+---
+ mysql-test/r/grant.result | 11 +++++++++++
+ mysql-test/t/grant.test | 23 ++++++++++++++++++++++-
+ sql/sql_parse.cc | 2 +-
+ 3 files changed, 34 insertions(+), 2 deletions(-)
+
+--- mysql-test/r/grant.result.orig
++++ mysql-test/r/grant.result
+@@ -657,6 +657,17 @@ delete from mysql.db where user='mysqlte
+ delete from mysql.tables_priv where user='mysqltest1';
+ flush privileges;
+ drop database mysqltest;
++create database db27515;
++use db27515;
++create table t1 (a int);
++grant alter on db27515.t1 to user27515@localhost;
++grant insert, create on db27515.t2 to user27515@localhost;
++rename table t1 to t2;
++ERROR 42000: DROP command denied to user 'user27515'@'localhost' for table 't1'
++revoke all privileges, grant option from user27515@localhost;
++drop user user27515@localhost;
++drop database db27515;
++End of 4.1 tests
+ use test;
+ create table t1 (a int);
+ create table t2 as select * from mysql.user where user='';
+--- mysql-test/t/grant.test.orig
++++ mysql-test/t/grant.test
+@@ -541,7 +541,28 @@ delete from mysql.tables_priv where user
+ flush privileges;
+ drop database mysqltest;
+
+-# End of 4.1 tests
++#
++# Bug #27515: DROP previlege is not required for RENAME TABLE
++#
++connection master;
++create database db27515;
++use db27515;
++create table t1 (a int);
++grant alter on db27515.t1 to user27515@localhost;
++grant insert, create on db27515.t2 to user27515@localhost;
++
++connect (conn27515, localhost, user27515, , db27515);
++connection conn27515;
++--error 1142
++rename table t1 to t2;
++disconnect conn27515;
++
++connection master;
++revoke all privileges, grant option from user27515@localhost;
++drop user user27515@localhost;
++drop database db27515;
++
++--echo End of 4.1 tests
+
+ #
+ # Bug #16297 In memory grant tables not flushed when users's hostname is ""
+--- sql/sql_parse.cc.orig
++++ sql/sql_parse.cc
+@@ -3146,7 +3146,7 @@ end_with_restore_list:
+ */
+ old_list= table[0];
+ new_list= table->next_local[0];
+- if (check_grant(thd, ALTER_ACL, &old_list, 0, 1, 0) ||
++ if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, 1, 0) ||
+ (!test_all_bits(table->next_local->grant.privilege,
+ INSERT_ACL | CREATE_ACL) &&
+ check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0)))
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-2692.patch
^
|
@@ -0,0 +1,545 @@
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2410.5.12
+---
+ mysql-test/r/grant.result | 75 ++++++++++++++++++++
+ mysql-test/t/grant.test | 144 +++++++++++++++++++++++++++++++++++++++
+ sql/mysql_priv.h | 2
+ sql/sql_db.cc | 43 +++++------
+ sql/sql_parse.cc | 167 +++++++++++++++++++++++++++++++++-------------
+ sql/sql_show.cc | 2
+ 6 files changed, 362 insertions(+), 71 deletions(-)
+
+--- mysql-test/r/grant.result.orig
++++ mysql-test/r/grant.result
+@@ -1000,4 +1000,79 @@ f1 f2
+ DROP DATABASE db27878;
+ use test;
+ DROP TABLE t1;
++DROP DATABASE IF EXISTS mysqltest1;
++DROP DATABASE IF EXISTS mysqltest2;
++CREATE DATABASE mysqltest1;
++CREATE DATABASE mysqltest2;
++GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
++GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;
++CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
++SELECT 1;
++
++---> connection: bug27337_con1
++CREATE TABLE t1(c INT);
++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
++CALL mysqltest1.p1();
++1
++1
++CREATE TABLE t1(c INT);
++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
++
++---> connection: bug27337_con2
++CREATE TABLE t1(c INT);
++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
++SHOW TABLES;
++Tables_in_mysqltest2
++
++---> connection: default
++DROP DATABASE mysqltest1;
++DROP DATABASE mysqltest2;
++DROP USER mysqltest_1@localhost;
++DROP DATABASE IF EXISTS mysqltest1;
++DROP DATABASE IF EXISTS mysqltest2;
++CREATE DATABASE mysqltest1;
++CREATE DATABASE mysqltest2;
++CREATE TABLE mysqltest1.t1(c INT);
++CREATE TABLE mysqltest2.t2(c INT);
++GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
++GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;
++
++---> connection: bug27337_con1
++SHOW TABLES FROM mysqltest1;
++Tables_in_mysqltest1
++t1
++PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';
++EXECUTE stmt1;
++Tables_in_mysqltest1
++t1
++
++---> connection: bug27337_con2
++SHOW COLUMNS FROM mysqltest2.t2;
++Field Type Null Key Default Extra
++c int(11) YES NULL
++PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';
++EXECUTE stmt2;
++Field Type Null Key Default Extra
++c int(11) YES NULL
++
++---> connection: default
++REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost;
++REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost;
++
++---> connection: bug27337_con1
++SHOW TABLES FROM mysqltest1;
++ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
++EXECUTE stmt1;
++ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
++
++---> connection: bug27337_con2
++SHOW COLUMNS FROM mysqltest2.t2;
++ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
++EXECUTE stmt2;
++ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
++
++---> connection: default
++DROP DATABASE mysqltest1;
++DROP DATABASE mysqltest2;
++DROP USER mysqltest_1@localhost;
+ End of 5.0 tests
+--- mysql-test/t/grant.test.orig
++++ mysql-test/t/grant.test
+@@ -911,4 +911,148 @@ DROP DATABASE db27878;
+ use test;
+ DROP TABLE t1;
+
++#
++# BUG#27337: Privileges are not restored properly.
++#
++# Actually, the patch for this bugs fixes two problems. So, here are two test
++# cases.
++
++# Test case 1: privileges are not restored properly after calling a stored
++# routine defined with SQL SECURITY INVOKER clause.
++
++# Prepare.
++
++--disable_warnings
++DROP DATABASE IF EXISTS mysqltest1;
++DROP DATABASE IF EXISTS mysqltest2;
++--enable_warnings
++
++CREATE DATABASE mysqltest1;
++CREATE DATABASE mysqltest2;
++
++GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
++GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;
++
++CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
++ SELECT 1;
++
++# Test.
++
++--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest2)
++--echo
++--echo ---> connection: bug27337_con1
++
++--error ER_TABLEACCESS_DENIED_ERROR
++CREATE TABLE t1(c INT);
++
++CALL mysqltest1.p1();
++
++--error ER_TABLEACCESS_DENIED_ERROR
++CREATE TABLE t1(c INT);
++
++--disconnect bug27337_con1
++
++--connect (bug27337_con2,localhost,mysqltest_1,,mysqltest2)
++--echo
++--echo ---> connection: bug27337_con2
++
++--error ER_TABLEACCESS_DENIED_ERROR
++CREATE TABLE t1(c INT);
++
++SHOW TABLES;
++
++# Cleanup.
++
++--connection default
++--echo
++--echo ---> connection: default
++
++--disconnect bug27337_con2
++
++DROP DATABASE mysqltest1;
++DROP DATABASE mysqltest2;
++
++DROP USER mysqltest_1@localhost;
++
++# Test case 2: priveleges are not checked properly for prepared statements.
++
++# Prepare.
++
++--disable_warnings
++DROP DATABASE IF EXISTS mysqltest1;
++DROP DATABASE IF EXISTS mysqltest2;
++--enable_warnings
++
++CREATE DATABASE mysqltest1;
++CREATE DATABASE mysqltest2;
++
++CREATE TABLE mysqltest1.t1(c INT);
++CREATE TABLE mysqltest2.t2(c INT);
++
++GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
++GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;
++
++# Test.
++
++--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest1)
++--echo
++--echo ---> connection: bug27337_con1
++
++SHOW TABLES FROM mysqltest1;
++
++PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';
++
++EXECUTE stmt1;
++
++--connect (bug27337_con2,localhost,mysqltest_2,,mysqltest2)
++--echo
++--echo ---> connection: bug27337_con2
++
++SHOW COLUMNS FROM mysqltest2.t2;
++
++PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';
++
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-5925.patch
^
|
@@ -0,0 +1,110 @@
+from http://mysql.bkbits.net:8080/mysql-5.1/?PAGE=gnupatch&REV=1.2632
+---
+ innobase/include/db0err.h | 5 ++++
+ innobase/include/page0cur.h | 1
+ sql/ha_innodb.cc | 45 ++++++++++++++++++++++++++++++++++++--------
+ 3 files changed, 43 insertions(+), 8 deletions(-)
+
+--- sql/ha_innodb.cc.orig
++++ sql/ha_innodb.cc
+@@ -522,6 +522,9 @@ convert_error_code_to_mysql(
+ }
+
+ return(HA_ERR_LOCK_TABLE_FULL);
++ } else if (error == DB_UNSUPPORTED) {
++
++ return(HA_ERR_UNSUPPORTED);
+ } else {
+ return(-1); // Unknown error
+ }
+@@ -3679,11 +3682,22 @@ convert_search_mode_to_innobase(
+ and comparison of non-latin1 char type fields in
+ innobase_mysql_cmp() to get PAGE_CUR_LE_OR_EXTENDS to
+ work correctly. */
+-
+- default: assert(0);
++ case HA_READ_MBR_CONTAIN:
++ case HA_READ_MBR_INTERSECT:
++ case HA_READ_MBR_WITHIN:
++ case HA_READ_MBR_DISJOINT:
++ case HA_READ_MBR_EQUAL:
++ my_error(ER_TABLE_CANT_HANDLE_SPKEYS, MYF(0));
++ return(PAGE_CUR_UNSUPP);
++ /* do not use "default:" in order to produce a gcc warning:
++ enumeration value '...' not handled in switch
++ (if -Wswitch or -Wall is used)
++ */
+ }
+
+- return(0);
++ my_error(ER_CHECK_NOT_IMPLEMENTED, MYF(0), "this functionality");
++
++ return(PAGE_CUR_UNSUPP);
+ }
+
+ /*
+@@ -3821,11 +3835,18 @@ ha_innobase::index_read(
+
+ last_match_mode = (uint) match_mode;
+
+- innodb_srv_conc_enter_innodb(prebuilt->trx);
++ if (mode != PAGE_CUR_UNSUPP) {
+
+- ret = row_search_for_mysql((byte*) buf, mode, prebuilt, match_mode, 0);
++ innodb_srv_conc_enter_innodb(prebuilt->trx);
+
+- innodb_srv_conc_exit_innodb(prebuilt->trx);
++ ret = row_search_for_mysql((byte*) buf, mode, prebuilt,
++ match_mode, 0);
++
++ innodb_srv_conc_exit_innodb(prebuilt->trx);
++ } else {
++
++ ret = DB_UNSUPPORTED;
++ }
+
+ if (ret == DB_SUCCESS) {
+ error = 0;
+@@ -5126,8 +5147,16 @@ ha_innobase::records_in_range(
+ mode2 = convert_search_mode_to_innobase(max_key ? max_key->flag :
+ HA_READ_KEY_EXACT);
+
+- n_rows = btr_estimate_n_rows_in_range(index, range_start,
+- mode1, range_end, mode2);
++ if (mode1 != PAGE_CUR_UNSUPP && mode2 != PAGE_CUR_UNSUPP) {
++
++ n_rows = btr_estimate_n_rows_in_range(index, range_start,
++ mode1, range_end,
++ mode2);
++ } else {
++
++ n_rows = 0;
++ }
++
+ dtuple_free_for_mysql(heap1);
+ dtuple_free_for_mysql(heap2);
+
+--- innobase/include/page0cur.h.orig
++++ innobase/include/page0cur.h
+@@ -22,6 +22,7 @@ Created 10/4/1994 Heikki Tuuri
+
+ /* Page cursor search modes; the values must be in this order! */
+
++#define PAGE_CUR_UNSUPP 0
+ #define PAGE_CUR_G 1
+ #define PAGE_CUR_GE 2
+ #define PAGE_CUR_L 3
+--- innobase/include/db0err.h.orig
++++ innobase/include/db0err.h
+@@ -57,6 +57,11 @@ Created 5/24/1996 Heikki Tuuri
+ buffer pool (for big transactions,
+ InnoDB stores the lock structs in the
+ buffer pool) */
++#define DB_UNSUPPORTED 48 /* when InnoDB sees any artefact or
++ a feature that it can't recoginize or
++ work with e.g., FT indexes created by
++ a later version of the engine. */
++
+
+ /* The following are partial failure codes */
+ #define DB_FAIL 1000
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-5969.patch
^
|
@@ -0,0 +1,77 @@
+From http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2521.73.2
+---
+ mysql-test/r/symlink.result | 6 ++++++
+ mysql-test/t/symlink.test | 12 ++++++++++++
+ mysys/my_symlink2.c | 11 ++++++++++-
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+--- mysql-test/r/symlink.result.orig
++++ mysql-test/r/symlink.result
+@@ -99,6 +99,12 @@ t1 CREATE TABLE `t1` (
+ `b` int(11) default NULL
+ ) ENGINE=MyISAM DEFAULT CHARSET=latin1
+ drop table t1;
++CREATE TABLE t1(a INT)
++DATA DIRECTORY='TEST_DIR/master-data/mysql'
++INDEX DIRECTORY='TEST_DIR/master-data/mysql';
++RENAME TABLE t1 TO user;
++ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
++DROP TABLE t1;
+ show create table t1;
+ Table Create Table
+ t1 CREATE TABLE `t1` (
+--- mysql-test/t/symlink.test.orig
++++ mysql-test/t/symlink.test
+@@ -125,6 +125,18 @@ show create table t1;
+ drop table t1;
+
+ #
++# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
++#
++--replace_result $MYSQLTEST_VARDIR TEST_DIR
++eval CREATE TABLE t1(a INT)
++DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
++INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
++--replace_result $MYSQLTEST_VARDIR TEST_DIR
++--error 1
++RENAME TABLE t1 TO user;
++DROP TABLE t1;
++
++#
+ # Test specifying DATA DIRECTORY that is the same as what would normally
+ # have been chosen. (Bug #8707)
+ #
+--- mysys/my_symlink2.c.orig
++++ mysys/my_symlink2.c
+@@ -125,6 +125,7 @@ int my_rename_with_symlink(const char *f
+ int was_symlink= (!my_disable_symlinks &&
+ !my_readlink(link_name, from, MYF(0)));
+ int result=0;
++ int name_is_different;
+ DBUG_ENTER("my_rename_with_symlink");
+
+ if (!was_symlink)
+@@ -133,6 +134,14 @@ int my_rename_with_symlink(const char *f
+ /* Change filename that symlink pointed to */
+ strmov(tmp_name, to);
+ fn_same(tmp_name,link_name,1); /* Copy dir */
++ name_is_different= strcmp(link_name, tmp_name);
++ if (name_is_different && !access(tmp_name, F_OK))
++ {
++ my_errno= EEXIST;
++ if (MyFlags & MY_WME)
++ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST);
++ DBUG_RETURN(1);
++ }
+
+ /* Create new symlink */
+ if (my_symlink(tmp_name, to, MyFlags))
+@@ -144,7 +153,7 @@ int my_rename_with_symlink(const char *f
+ the same basename and different directories.
+ */
+
+- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags))
++ if (name_is_different && my_rename(link_name, tmp_name, MyFlags))
+ {
+ int save_errno=my_errno;
+ my_delete(to, MyFlags); /* Remove created symlink */
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2007-6304.patch
^
|
@@ -0,0 +1,21 @@
+From http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2521.28.4
+---
+ sql/ha_federated.cc | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- sql/ha_federated.cc.orig
++++ sql/ha_federated.cc
+@@ -2419,7 +2419,12 @@ void ha_federated::info(uint flag)
+ status_query_string.length(0);
+
+ result= mysql_store_result(mysql);
+- if (!result)
++
++ /*
++ We're going to use fields num. 4, 12 and 13 of the resultset,
++ so make sure we have these fields.
++ */
++ if (!result || (mysql_num_fields(result) < 14))
+ goto error;
+
+ if (!mysql_num_rows(result))
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2008-2079.patch
^
|
@@ -0,0 +1,244 @@
+From:
+http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d674xBscPm_ztIMnZI3dj2r7IQ
+http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d8f2Z15kczRJRewvyFNHM6lheA
+http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7e6a0CyEvUOiqbdlN1JWAu7pcsA
+http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c80109fGl7Wudvu2CM0pXMSbzYNg
+http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47cbdacaZc2nF4NS9WyTkT_6nTPp_Q
+---
+ mysql-test/r/symlink.result | 35 +++++++++++++++++++------
+ mysql-test/t/symlink.test | 49 +++++++++++++++++++++++++++++------
+ sql/mysql_priv.h | 1
+ sql/mysqld.cc | 4 ++
+ sql/sql_parse.cc | 60 ++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 131 insertions(+), 18 deletions(-)
+
+--- mysql-test/r/symlink.result.orig
++++ mysql-test/r/symlink.result
+@@ -100,20 +100,37 @@ t1 CREATE TABLE `t1` (
+ ) ENGINE=MyISAM DEFAULT CHARSET=latin1
+ drop table t1;
+ CREATE TABLE t1(a INT)
+-DATA DIRECTORY='TEST_DIR/master-data/mysql'
+-INDEX DIRECTORY='TEST_DIR/master-data/mysql';
+-RENAME TABLE t1 TO user;
+-ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
+-DROP TABLE t1;
++DATA DIRECTORY='TEST_DIR/tmp'
++INDEX DIRECTORY='TEST_DIR/tmp';
++ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
++CREATE TABLE t2(a INT)
++DATA DIRECTORY='TEST_DIR/tmp'
++INDEX DIRECTORY='TEST_DIR/tmp';
++RENAME TABLE t2 TO t1;
++ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
++DROP TABLE t2;
+ show create table t1;
+ Table Create Table
+ t1 CREATE TABLE `t1` (
+- `i` int(11) default NULL
+-) ENGINE=MyISAM DEFAULT CHARSET=latin1
++ `c` char(10) default NULL
++) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
+ drop table t1;
+ show create table t1;
+ Table Create Table
+ t1 CREATE TABLE `t1` (
+- `i` int(11) default NULL
+-) ENGINE=MyISAM DEFAULT CHARSET=latin1
++ `c` char(10) default NULL
++) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
+ drop table t1;
++CREATE TABLE t1(a INT)
++DATA DIRECTORY='TEST_DIR/var/master-data/test';
++Got one of the listed errors
++CREATE TABLE t1(a INT)
++DATA DIRECTORY='TEST_DIR/var/master-data/';
++Got one of the listed errors
++CREATE TABLE t1(a INT)
++INDEX DIRECTORY='TEST_DIR/var/master-data';
++Got one of the listed errors
++CREATE TABLE t1(a INT)
++INDEX DIRECTORY='TEST_DIR/var/master-data_var';
++Got one of the listed errors
++End of 4.1 tests
+--- mysql-test/t/symlink.test.orig
++++ mysql-test/t/symlink.test
+@@ -127,28 +127,59 @@ drop table t1;
+ #
+ # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
+ #
++--exec touch $MYSQLTEST_VARDIR/tmp/t1.MYI
+ --replace_result $MYSQLTEST_VARDIR TEST_DIR
++--error 1
+ eval CREATE TABLE t1(a INT)
+-DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
+-INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
++DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
++INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
++--replace_result $MYSQLTEST_VARDIR TEST_DIR
++eval CREATE TABLE t2(a INT)
++DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
++INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
+ --replace_result $MYSQLTEST_VARDIR TEST_DIR
+ --error 1
+-RENAME TABLE t1 TO user;
+-DROP TABLE t1;
++RENAME TABLE t2 TO t1;
++DROP TABLE t2;
++--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI
+
+ #
+-# Test specifying DATA DIRECTORY that is the same as what would normally
+-# have been chosen. (Bug #8707)
++# CREATE TABLE with DATA DIRECTORY option
+ #
++# Protect ourselves from data left in tmp/ by a previos possibly failed
++# test
++--system rm -f $MYSQLTEST_VARDIR/tmp/t1.*
+ disable_query_log;
+-eval create table t1 (i int) data directory = "$MYSQLTEST_VARDIR/master-data/test/";
++eval create table t1 (c char(10)) data directory='$MYSQLTEST_VARDIR/tmp';
+ enable_query_log;
++--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+ show create table t1;
+ drop table t1;
+ disable_query_log;
+-eval create table t1 (i int) index directory = "$MYSQLTEST_VARDIR/master-data/test/";
++eval create table t1 (c char(10)) data directory='$MYSQLTEST_VARDIR/tmp';
+ enable_query_log;
++--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+ show create table t1;
+ drop table t1;
+
+-# End of 4.1 tests
++#
++# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
++#
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++--error 1,1210
++eval CREATE TABLE t1(a INT)
++DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test';
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++--error 1,1210
++eval CREATE TABLE t1(a INT)
++DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/';
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++--error 1,1210
++eval CREATE TABLE t1(a INT)
++INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data';
++--replace_result $MYSQL_TEST_DIR TEST_DIR
++--error 1,1210
++eval CREATE TABLE t1(a INT)
++INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data_var';
++
++--echo End of 4.1 tests
+--- sql/mysql_priv.h.orig
++++ sql/mysql_priv.h
+@@ -1170,6 +1170,7 @@ void my_dbopt_free(void);
+ extern time_t start_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++ mysql_unpacked_real_data_home[],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
+--- sql/mysqld.cc.orig
++++ sql/mysqld.cc
+@@ -435,6 +435,7 @@ char log_error_file[FN_REFLEN], glob_hos
+ char mysql_real_data_home[FN_REFLEN],
+ language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
+ *opt_init_file, *opt_tc_log_file,
++ mysql_unpacked_real_data_home[FN_REFLEN],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+
+ const key_map key_map_empty(0);
+@@ -7311,6 +7312,9 @@ static void fix_paths(void)
+ pos[1]= 0;
+ }
+ convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++ (void) fn_format(buff, mysql_real_data_home, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+ convert_dirname(language,language,NullS);
+ (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+ (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
+--- sql/sql_parse.cc.orig
++++ sql/sql_parse.cc
+@@ -77,6 +77,7 @@ static void remove_escape(char *name);
+ static bool append_file_to_dir(THD *thd, const char **filename_ptr,
+ const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
++static bool test_if_data_home_dir(const char *dir);
+
+ const char *any_db="*any*"; // Special symbol for check_access
+
+@@ -2869,6 +2870,20 @@ mysql_execute_command(THD *thd)
+ #ifndef HAVE_READLINK
+ lex->create_info.data_file_name=lex->create_info.index_file_name=0;
+ #else
++
++ if (test_if_data_home_dir(lex->create_info.data_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++ res= -1;
++ break;
++ }
++ if (test_if_data_home_dir(lex->create_info.index_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++ res= -1;
++ break;
++ }
++
+ /* Fix names if symlinked tables */
+ if (append_file_to_dir(thd, &lex->create_info.data_file_name,
+ create_table->table_name) ||
+@@ -7705,3 +7720,48 @@ bool check_string_length(LEX_STRING *str
+
+ return TRUE;
+ }
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2008-3963.patch
^
|
@@ -0,0 +1,120 @@
+---
+ mysql-test/r/varbinary.result | 31 +++++++++++++++++++++++++++++++
+ mysql-test/t/varbinary.test | 28 ++++++++++++++++++++++++++++
+ sql/item.cc | 29 ++++++++++++++++++-----------
+ 3 files changed, 77 insertions(+), 11 deletions(-)
+
+--- mysql-test/r/varbinary.result.orig
++++ mysql-test/r/varbinary.result
+@@ -26,3 +26,34 @@ select x,xx from t1;
+ x xx
+ 1 2
+ drop table t1;
++select 0b01000001;
++0b01000001
++A
++select 0x41;
++0x41
++A
++select b'01000001';
++b'01000001'
++A
++select x'41', 0+x'41';
++x'41' 0+x'41'
++A 65
++select N'abc', length(N'abc');
++abc length(N'abc')
++abc 3
++select N'', length(N'');
++ length(N'')
++ 0
++select '', length('');
++ length('')
++ 0
++select b'', 0+b'';
++b'' 0+b''
++ 0
++select x'', 0+x'';
++x'' 0+x''
++ 0
++select 0x;
++ERROR 42S22: Unknown column '0x' in 'field list'
++select 0b;
++ERROR 42S22: Unknown column '0b' in 'field list'
+--- mysql-test/t/varbinary.test.orig
++++ mysql-test/t/varbinary.test
+@@ -36,4 +36,32 @@ create table t1 select 1 as x, 2 as xx;
+ select x,xx from t1;
+ drop table t1;
+
++#
++# Bug#35658 (An empty binary value leads to mysqld crash)
++#
++
++select 0b01000001;
++
++select 0x41;
++
++select b'01000001';
++
++select x'41', 0+x'41';
++
++select N'abc', length(N'abc');
++
++select N'', length(N'');
++
++select '', length('');
++
++select b'', 0+b'';
++
++select x'', 0+x'';
++
++--error ER_BAD_FIELD_ERROR
++select 0x;
++
++--error ER_BAD_FIELD_ERROR
++select 0b;
++
+ # End of 4.1 tests
+--- sql/item.cc.orig
++++ sql/item.cc
+@@ -4517,21 +4517,28 @@ Item_bin_string::Item_bin_string(const c
+ if (!ptr)
+ return;
+ str_value.set(ptr, max_length, &my_charset_bin);
+- ptr+= max_length - 1;
+- ptr[1]= 0; // Set end null for string
+- for (; end >= str; end--)
++
++ if (max_length > 0)
+ {
+- if (power == 256)
++ ptr+= max_length - 1;
++ ptr[1]= 0; // Set end null for string
++ for (; end >= str; end--)
+ {
+- power= 1;
+- *ptr--= bits;
+- bits= 0;
++ if (power == 256)
++ {
++ power= 1;
++ *ptr--= bits;
++ bits= 0;
++ }
++ if (*end == '1')
++ bits|= power;
++ power<<= 1;
+ }
+- if (*end == '1')
+- bits|= power;
+- power<<= 1;
++ *ptr= (char) bits;
+ }
+- *ptr= (char) bits;
++ else
++ ptr[0]= 0;
++
+ collation.set(&my_charset_bin, DERIVATION_COERCIBLE);
+ fixed= 1;
+ }
|
[-]
[+]
|
Added |
mysql-5.0.26-CVE-2008-4097.patch
^
|
@@ -0,0 +1,412 @@
+---
+ include/my_sys.h | 1
+ include/myisam.h | 4 +++
+ myisam/mi_check.c | 6 ++---
+ myisam/mi_open.c | 42 +++++++++++++++++++++++++++++++++--------
+ myisam/mi_static.c | 9 ++++++++
+ myisam/myisamchk.c | 2 -
+ myisam/myisamdef.h | 4 ++-
+ mysql-test/t/symlink.test | 4 +--
+ mysys/my_symlink.c | 47 +++++++++++++++++++++++-----------------------
+ sql/mysql_priv.h | 3 ++
+ sql/mysqld.cc | 11 +++++++---
+ sql/sql_parse.cc | 33 +++++++++++++++++++-------------
+ 12 files changed, 112 insertions(+), 54 deletions(-)
+
+--- include/my_sys.h.orig
++++ include/my_sys.h
+@@ -564,6 +564,7 @@ extern int my_close(File Filedes,myf MyF
+ extern File my_dup(File file, myf MyFlags);
+ extern int my_mkdir(const char *dir, int Flags, myf MyFlags);
+ extern int my_readlink(char *to, const char *filename, myf MyFlags);
++extern int my_is_symlink(const char *filename);
+ extern int my_realpath(char *to, const char *filename, myf MyFlags);
+ extern File my_create_with_symlink(const char *linkname, const char *filename,
+ int createflags, int access_flags,
+--- include/myisam.h.orig
++++ include/myisam.h
+@@ -268,6 +268,10 @@ extern my_bool myisam_flush,myisam_delay
+ extern my_off_t myisam_max_temp_length;
+ extern ulong myisam_bulk_insert_tree_size, myisam_data_pointer_size;
+
++/* usually used to check if a symlink points into the mysql data home */
++/* which is normally forbidden */
++extern int (*myisam_test_invalid_symlink)(const char *filename);
++
+ /* Prototypes for myisam-functions */
+
+ extern int mi_close(struct st_myisam_info *file);
+--- myisam/mi_check.c.orig
++++ myisam/mi_check.c
+@@ -1534,7 +1534,7 @@ err:
+ DATA_TMP_EXT, share->base.raid_chunks,
+ (param->testflag & T_BACKUP_DATA ?
+ MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) ||
+- mi_open_datafile(info,share,-1))
++ mi_open_datafile(info,share,name,-1))
+ got_error=1;
+ }
+ }
+@@ -2311,7 +2311,7 @@ err:
+ DATA_TMP_EXT, share->base.raid_chunks,
+ (param->testflag & T_BACKUP_DATA ?
+ MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) ||
+- mi_open_datafile(info,share,-1))
++ mi_open_datafile(info,share,name,-1))
+ got_error=1;
+ }
+ }
+@@ -2732,7 +2732,7 @@ err:
+ DATA_TMP_EXT, share->base.raid_chunks,
+ (param->testflag & T_BACKUP_DATA ?
+ MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) ||
+- mi_open_datafile(info,share,-1))
++ mi_open_datafile(info,share,name,-1))
+ got_error=1;
+ }
+ }
+--- myisam/mi_open.c.orig
++++ myisam/mi_open.c
+@@ -75,7 +75,7 @@ MI_INFO *test_if_reopen(char *filename)
+
+ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
+ {
+- int lock_error,kfile,open_mode,save_errno,have_rtree=0;
++ int lock_error,kfile,open_mode,save_errno,have_rtree=0, realpath_err;
+ uint i,j,len,errpos,head_length,base_pos,offset,info_length,keys,
+ key_parts,unique_key_parts,fulltext_keys,uniques;
+ char name_buff[FN_REFLEN], org_name[FN_REFLEN], index_name[FN_REFLEN],
+@@ -95,7 +95,16 @@ MI_INFO *mi_open(const char *name, int m
+ head_length=sizeof(share_buff.state.header);
+ bzero((byte*) &info,sizeof(info));
+
+- my_realpath(name_buff, fn_format(org_name,name,"",MI_NAME_IEXT,4),MYF(0));
++ realpath_err= my_realpath(name_buff,
++ fn_format(org_name,name,"",MI_NAME_IEXT,4),MYF(0));
++ if (my_is_symlink(org_name) &&
++ (realpath_err || (*myisam_test_invalid_symlink)(name_buff)))
++ {
++ my_errno= HA_WRONG_CREATE_OPTION;
++ DBUG_RETURN (NULL);
++ }
++
++
+ pthread_mutex_lock(&THR_LOCK_myisam);
+ if (!(old_info=test_if_reopen(name_buff)))
+ {
+@@ -443,7 +452,7 @@ MI_INFO *mi_open(const char *name, int m
+ lock_error=1; /* Database unlocked */
+ }
+
+- if (mi_open_datafile(&info, share, -1))
++ if (mi_open_datafile(&info, share, name, -1))
+ goto err;
+ errpos=5;
+
+@@ -513,7 +522,7 @@ MI_INFO *mi_open(const char *name, int m
+ my_errno=EACCES; /* Can't open in write mode */
+ goto err;
+ }
+- if (mi_open_datafile(&info, share, old_info->dfile))
++ if (mi_open_datafile(&info, share, name, old_info->dfile))
+ goto err;
+ errpos=5;
+ have_rtree= old_info->rtree_recursion_state != NULL;
+@@ -1158,12 +1167,30 @@ The argument file_to_dup is here for the
+ exist a dup()-like call that would give us two different file descriptors.
+ *************************************************************************/
+
+-int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, File file_to_dup __attribute__((unused)))
++int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, const char *org_name,
++ File file_to_dup __attribute__((unused)))
+ {
++ char *data_name= share->data_file_name;
++ char real_data_name[FN_REFLEN];
++
++ if (org_name)
++ {
++ fn_format(real_data_name,org_name,"",MI_NAME_DEXT,4);
++ if (my_is_symlink(real_data_name))
++ {
++ if (my_realpath(real_data_name, real_data_name, MYF(0)) ||
++ (*myisam_test_invalid_symlink)(real_data_name))
++ {
++ my_errno= HA_WRONG_CREATE_OPTION;
++ return 1;
++ }
++ data_name= real_data_name;
++ }
++ }
+ #ifdef USE_RAID
+ if (share->base.raid_type)
+ {
+- info->dfile=my_raid_open(share->data_file_name,
++ info->dfile=my_raid_open(data_name,
+ share->mode | O_SHARE,
+ share->base.raid_type,
+ share->base.raid_chunks,
+@@ -1172,8 +1199,7 @@ int mi_open_datafile(MI_INFO *info, MYIS
+ }
+ else
+ #endif
+- info->dfile=my_open(share->data_file_name, share->mode | O_SHARE,
+- MYF(MY_WME));
++ info->dfile=my_open(data_name, share->mode | O_SHARE, MYF(MY_WME));
+ return info->dfile >= 0 ? 0 : 1;
+ }
+
+--- myisam/mi_static.c.orig
++++ myisam/mi_static.c
+@@ -42,6 +42,15 @@ my_off_t myisam_max_temp_length= MAX_FIL
+ ulong myisam_bulk_insert_tree_size=8192*1024;
+ ulong myisam_data_pointer_size=4;
+
++
++static int always_valid(const char *filename)
++{
++ return 0;
++}
++
++int (*myisam_test_invalid_symlink)(const char *filename)= always_valid;
++
++
+ /*
+ read_vec[] is used for converting between P_READ_KEY.. and SEARCH_
+ Position is , == , >= , <= , > , <
+--- myisam/myisamchk.c.orig
++++ myisam/myisamchk.c
+@@ -1039,7 +1039,7 @@ static int myisamchk(MI_CHECK *param, my
+ error|=change_to_newfile(filename,MI_NAME_DEXT,DATA_TMP_EXT,
+ raid_chunks,
+ MYF(0));
+- if (mi_open_datafile(info,info->s, -1))
++ if (mi_open_datafile(info,info->s, NULL, -1))
+ error=1;
+ param->out_flag&= ~O_NEW_DATA; /* We are using new datafile */
+ param->read_cache.file=info->dfile;
+--- myisam/myisamdef.h.orig
++++ myisam/myisamdef.h
+@@ -722,7 +722,9 @@ void mi_disable_non_unique_index(MI_INFO
+
+ extern MI_INFO *test_if_reopen(char *filename);
+ my_bool check_table_is_closed(const char *name, const char *where);
+-int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, File file_to_dup);
++int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, const char *orn_name,
++ File file_to_dup);
++
+ int mi_open_keyfile(MYISAM_SHARE *share);
+ void mi_setup_functions(register MYISAM_SHARE *share);
+
|
[-]
[+]
|
Added |
mysql-5.0.26-mybug25082.patch
^
|
@@ -0,0 +1,568 @@
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2410.5.7
+---
+ mysql-test/r/sp.result | 15 ++
+ mysql-test/t/sp.test | 40 ++++++
+ sql/mysql_priv.h | 3
+ sql/sp.cc | 8 -
+ sql/sp_head.cc | 2
+ sql/sql_db.cc | 326 ++++++++++++++++++++++++++++++++-----------------
+ sql/sql_parse.cc | 16 +-
+ 7 files changed, 287 insertions(+), 123 deletions(-)
+
+--- mysql-test/r/sp.result.orig
++++ mysql-test/r/sp.result
+@@ -5457,4 +5457,19 @@ CAD
+ CHF
+ DROP FUNCTION bug21493|
+ DROP TABLE t3,t4|
++DROP DATABASE IF EXISTS mysqltest1|
++DROP DATABASE IF EXISTS mysqltest2|
++CREATE DATABASE mysqltest1|
++CREATE DATABASE mysqltest2|
++CREATE PROCEDURE mysqltest1.p1()
++DROP DATABASE mysqltest2|
++use mysqltest2|
++CALL mysqltest1.p1()|
++Warnings:
++Note 1049 Unknown database 'mysqltest2'
++SELECT DATABASE()|
++DATABASE()
++NULL
++DROP DATABASE mysqltest1|
++use test|
+ drop table t1,t2;
+--- mysql-test/t/sp.test.orig
++++ mysql-test/t/sp.test
+@@ -6389,6 +6389,46 @@ SELECT bug21493(Member_ID) FROM t3|
+ DROP FUNCTION bug21493|
+ DROP TABLE t3,t4|
+
++
++#
++# BUG#25082: Default database change on trigger execution breaks replication.
++#
++# As it turned out, this bug has actually two bugs. So, here we have two test
++# cases -- one in sp.test, the other in sp-security.test.
++#
++
++#
++# Test case 1: error on dropping the current database.
++#
++
++# Prepare.
++
++--disable_warnings
++DROP DATABASE IF EXISTS mysqltest1|
++DROP DATABASE IF EXISTS mysqltest2|
++--enable_warnings
++
++CREATE DATABASE mysqltest1|
++CREATE DATABASE mysqltest2|
++
++# Test.
++
++CREATE PROCEDURE mysqltest1.p1()
++ DROP DATABASE mysqltest2|
++
++use mysqltest2|
++
++CALL mysqltest1.p1()|
++
++SELECT DATABASE()|
++
++# Cleanup.
++
++DROP DATABASE mysqltest1|
++
++use test|
++
++
+ #
+ # BUG#NNNN: New bug synopsis
+ #
+--- sql/mysql_priv.h.orig
++++ sql/mysql_priv.h
+@@ -648,7 +648,8 @@ int quick_rm_table(enum db_type base,con
+ const char *table_name);
+ void close_cached_table(THD *thd, TABLE *table);
+ bool mysql_rename_tables(THD *thd, TABLE_LIST *table_list);
+-bool mysql_change_db(THD *thd,const char *name,bool no_access_check);
++bool mysql_change_db(THD *thd, const LEX_STRING *new_db_name,
++ bool force_switch);
+ void mysql_parse(THD *thd,char *inBuf,uint length);
+ bool mysql_test_parse_for_slave(THD *thd,char *inBuf,uint length);
+ bool is_update_query(enum enum_sql_command command);
+--- sql/sp.cc.orig
++++ sql/sp.cc
+@@ -461,14 +461,14 @@ db_load_routine(THD *thd, int type, sp_n
+ {
+ sp_head *sp= newlex.sphead;
+
+- if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1)))
++ if (dbchanged && (ret= mysql_change_db(thd, &old_db, TRUE)))
+ goto end;
+ delete sp;
+ ret= SP_PARSE_ERROR;
+ }
+ else
+ {
+- if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1)))
++ if (dbchanged && (ret= mysql_change_db(thd, &old_db, TRUE)))
+ goto end;
+ *sphp= newlex.sphead;
+ (*sphp)->set_definer(&definer_user_name, &definer_host_name);
+@@ -649,7 +649,7 @@ db_create_routine(THD *thd, int type, sp
+ done:
+ close_thread_tables(thd);
+ if (dbchanged)
+- (void) mysql_change_db(thd, old_db.str, 1);
++ (void) mysql_change_db(thd, &old_db, 1);
+ DBUG_RETURN(ret);
+ }
+
+@@ -1902,7 +1902,7 @@ sp_use_new_db(THD *thd, LEX_STRING new_d
+ DBUG_RETURN(0);
+ }
+
+- ret= mysql_change_db(thd, new_db.str, no_access_check);
++ ret= mysql_change_db(thd, &new_db, no_access_check);
+
+ *dbchangedp= ret == 0;
+ DBUG_RETURN(ret);
+--- sql/sp_head.cc.orig
++++ sql/sp_head.cc
+@@ -1148,7 +1148,7 @@ sp_head::execute(THD *thd)
+ (It would generate an error from mysql_change_db() when old_db=="")
+ */
+ if (! thd->killed)
+- err_status|= mysql_change_db(thd, old_db.str, 1);
++ err_status|= mysql_change_db(thd, &old_db, TRUE);
+ }
+ m_flags&= ~IS_INVOKED;
+ DBUG_PRINT("info",
+--- sql/sql_db.cc.orig
++++ sql/sql_db.cc
+@@ -1122,154 +1122,256 @@ err:
+ }
+
+
+-/*
+- Change the current database.
+-
+- SYNOPSIS
+- mysql_change_db()
+- thd thread handle
+- name database name
+- no_access_check if TRUE, don't do access check. In this
+- case name may be ""
+-
+- DESCRIPTION
+- Check that the database name corresponds to a valid and
+- existent database, check access rights (unless called with
+- no_access_check), and set the current database. This function
+- is called to change the current database upon user request
+- (COM_CHANGE_DB command) or temporarily, to execute a stored
+- routine.
+-
+- NOTES
+- This function is not the only way to switch the database that
+- is currently employed. When the replication slave thread
+- switches the database before executing a query, it calls
+- thd->set_db directly. However, if the query, in turn, uses
+- a stored routine, the stored routine will use this function,
+- even if it's run on the slave.
+-
+- This function allocates the name of the database on the system
+- heap: this is necessary to be able to uniformly change the
+- database from any module of the server. Up to 5.0 different
+- modules were using different memory to store the name of the
+- database, and this led to memory corruption: a stack pointer
+- set by Stored Procedures was used by replication after the
+- stack address was long gone.
+-
+- This function does not send anything, including error
+- messages, to the client. If that should be sent to the client,
+- call net_send_error after this function.
++/**
++ @brief Internal implementation: switch current database to a valid one.
+
+- RETURN VALUES
+- 0 OK
+- 1 error
++ @param thd Thread context.
++ @param new_db_name Name of the database to switch to. The function will
++ take ownership of the name (the caller must not free
++ the allocated memory). If the name is NULL, we're
++ going to switch to NULL db.
++ @param new_db_access Privileges of the new database.
++ @param new_db_charset Character set of the new database.
+ */
|
[-]
[+]
|
Changed |
mysql-5.0.26-mybug25359.patch
^
|
@@ -1,9 +1,35 @@
-# Happy new year!
---- mysql-test/r/view.result
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=cset&REV=470c7c3dmHaBDp-NdmxANOfKT5pj3g
+---
+# mysql-test/r/view.result | 23 ++++++++++++-----------
+# mysql-test/t/view.test | 13 +++++++------
+# 2 files changed, 19 insertions(+), 17 deletions(-)
+#
+--- mysql-test/r/view.result.orig
+++ mysql-test/r/view.result
-@@ -2686,12 +2686,12 @@
- v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(now()) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75)
- SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75;
+@@ -2673,25 +2673,26 @@ CREATE TABLE t1(
+ fName varchar(25) NOT NULL,
+ lName varchar(25) NOT NULL,
+ DOB date NOT NULL,
++test_date date NOT NULL,
+ uID int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY);
+-INSERT INTO t1(fName, lName, DOB) VALUES
+-('Hank', 'Hill', '1964-09-29'),
+-('Tom', 'Adams', '1908-02-14'),
+-('Homer', 'Simpson', '1968-03-05');
++INSERT INTO t1(fName, lName, DOB, test_date) VALUES
++('Hank', 'Hill', '1964-09-29', '2007-01-01'),
++('Tom', 'Adams', '1908-02-14', '2007-01-01'),
++('Homer', 'Simpson', '1968-03-05', '2007-01-01');
+ CREATE VIEW v1 AS
+-SELECT (year(now())-year(DOB)) AS Age
++SELECT (year(test_date)-year(DOB)) AS Age
+ FROM t1 HAVING Age < 75;
+ SHOW CREATE VIEW v1;
+ View Create View
+-v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(now()) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75)
+-SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75;
++v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(`t1`.`test_date`) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75)
++SELECT (year(test_date)-year(DOB)) AS Age FROM t1 HAVING Age < 75;
Age
-42
-38
@@ -18,3 +44,32 @@
DROP VIEW v1;
DROP TABLE t1;
CREATE TABLE t1 (id int NOT NULL PRIMARY KEY, a char(6) DEFAULT 'xxx');
+--- mysql-test/t/view.test.orig
++++ mysql-test/t/view.test
+@@ -2548,19 +2548,20 @@ CREATE TABLE t1(
+ fName varchar(25) NOT NULL,
+ lName varchar(25) NOT NULL,
+ DOB date NOT NULL,
++ test_date date NOT NULL,
+ uID int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY);
+
+-INSERT INTO t1(fName, lName, DOB) VALUES
+- ('Hank', 'Hill', '1964-09-29'),
+- ('Tom', 'Adams', '1908-02-14'),
+- ('Homer', 'Simpson', '1968-03-05');
++INSERT INTO t1(fName, lName, DOB, test_date) VALUES
++ ('Hank', 'Hill', '1964-09-29', '2007-01-01'),
++ ('Tom', 'Adams', '1908-02-14', '2007-01-01'),
++ ('Homer', 'Simpson', '1968-03-05', '2007-01-01');
+
+ CREATE VIEW v1 AS
+- SELECT (year(now())-year(DOB)) AS Age
++ SELECT (year(test_date)-year(DOB)) AS Age
+ FROM t1 HAVING Age < 75;
+ SHOW CREATE VIEW v1;
+
+-SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75;
++SELECT (year(test_date)-year(DOB)) AS Age FROM t1 HAVING Age < 75;
+ SELECT * FROM v1;
+
+ DROP VIEW v1;
|
[-]
[+]
|
Added |
mysql-5.0.26-mybug28551.patch
^
|
@@ -0,0 +1,85 @@
+from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2463.213.1
+needed to fix a regression instroduced by fix for mysql#25082
+---
+ mysql-test/r/sp.result | 7 +++++++
+ mysql-test/t/sp.test | 14 ++++++++++++++
+ sql/sp.cc | 12 ++++--------
+ sql/sql_db.cc | 8 ++++----
+ 4 files changed, 29 insertions(+), 12 deletions(-)
+
+--- mysql-test/r/sp.result.orig
++++ mysql-test/r/sp.result
+@@ -5472,4 +5472,11 @@ DATABASE()
+ NULL
+ DROP DATABASE mysqltest1|
+ use test|
++drop database if exists mysqltest_db1|
++create database mysqltest_db1|
++create procedure mysqltest_db1.sp_bug28551() begin end|
++call mysqltest_db1.sp_bug28551()|
++show warnings|
++Level Code Message
++drop database mysqltest_db1|
+ drop table t1,t2;
+--- mysql-test/t/sp.test.orig
++++ mysql-test/t/sp.test
+@@ -6430,6 +6430,20 @@ use test|
+
+
+ #
++# Bug#28551 "The warning 'No database selected' is reported when calling
++# stored procedures"
++#
++--disable_warnings
++drop database if exists mysqltest_db1|
++--enable_warnings
++create database mysqltest_db1|
++create procedure mysqltest_db1.sp_bug28551() begin end|
++call mysqltest_db1.sp_bug28551()|
++show warnings|
++drop database mysqltest_db1|
++
++
++#
+ # BUG#NNNN: New bug synopsis
+ #
+ #--disable_warnings
+--- sql/sp.cc.orig
++++ sql/sp.cc
+@@ -1874,15 +1874,11 @@ sp_use_new_db(THD *thd, LEX_STRING new_d
+ DBUG_PRINT("enter", ("newdb: %s", new_db.str));
+
+ /*
+- Set new_db to an empty string if it's NULL, because mysql_change_db
+- requires a non-NULL argument.
+- new_db.str can be NULL only if we're restoring the old database after
+- execution of a stored procedure and there were no current database
+- selected. The stored procedure itself must always have its database
+- initialized.
++ A stored routine always belongs to some database. The
++ old database (old_db) might be NULL, but to restore the
++ old database we will use mysql_change_db.
+ */
+- if (new_db.str == NULL)
+- new_db.str= empty_c_string;
++ DBUG_ASSERT(new_db.str && new_db.length);
+
+ if (thd->db)
+ {
+--- sql/sql_db.cc.orig
++++ sql/sql_db.cc
+@@ -1236,10 +1236,10 @@ bool mysql_change_db(THD *thd, const LEX
+ {
+ if (force_switch)
+ {
+- push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE,
+- ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR));
+-
+- /* Change db to NULL. */
++ /*
++ This can only happen when we restore the old db in THD after
++ execution of a routine is complete. Change db to NULL.
++ */
+
+ mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server);
+
|
[-]
[+]
|
Changed |
rc.mysql
^
|
@@ -60,6 +60,8 @@
# The following section has been taken from
# the original MySQL init script
+# Note: If you want to change these variables, you'll make your life easier
+# if you do so in /etc/my.cnf, which is preserved during upgrades
basedir=/usr
datadir=/var/lib/mysql
mysql_daemon_user=mysql
@@ -67,7 +69,6 @@
pid_file=/var/lib/mysql/mysqld.pid
socket=/var/lib/mysql/mysql.sock
MYADMIN=/usr/bin/mysqladmin
-export TMPDIR=/var/lib/mysql/.tmp
if test -z "$basedir"
then
basedir=/usr
@@ -101,7 +102,7 @@
# Don't run killproc -TERM, as it could send a SIGKILL as well, possibly
# resulting in database corruption. Run kill -TERM manually instead, wait
-# approximately 60 seconds and fail if mysql doesn't respond. This will at
+# approximately 300 seconds and fail if mysql doesn't respond. This will at
# least prevent the SIGKILL when doing 'rcmysql stop' manually. During system
# shutdown, we are out of luck...
# See https://bugzilla.novell.com/show_bug.cgi?id=223209
@@ -120,7 +121,7 @@
kill -STOP "$pid"
kill -TERM "$pid" || return 4 # suboptimal
kill -CONT "$pid"
- for i in `seq 600`; do
+ for i in `seq 3000`; do
# mysqld removes its pid file
test -e "$pid_file" || return 0
LC_ALL=C sleep 0.1
@@ -168,6 +169,12 @@
fi
parse_arguments `$print_defaults $defaults mysqld mysql_server`
+export TMPDIR=$datadir/.tmp
+if ! test -d "$TMPDIR"; then
+ mkdir "$TMPDIR"
+ chown mysql:mysql "$TMPDIR"
+ chmod 755 "$TMPDIR"
+fi
# Safeguard (relative paths, core dumps..)
cd $basedir
@@ -175,7 +182,7 @@
case "$1" in
start)
# exit gracefully, if we are already running
- checkproc $MYSQLD && echo -n "Starting service MySQL " && \
+ $0 status >/dev/null && echo -n "Starting service MySQL " && \
rc_status -v && rc_exit
# Test, if safe_mysqld actually exists
@@ -296,17 +303,19 @@
check|status)
echo -n "Checking for service MySQL: "
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Status has a slightly different for the status command:
- # 0 - service running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running
-
- # NOTE: checkproc returns LSB compliant status values.
- checkproc $MYSQLD
+ # NOTE: not using checkproc, because it wrongly returns success when
+ # the pid file does not exist (fixed in 10.3 and newer)
+ if ! [ -f $pid_file ]; then
+ # not running
+ rc_failed 3
+ elif [ -s $pid_file -a -d /proc/$(<$pid_file) ]; then
+ # running
+ :
+ else
+ # stale pid file
+ rc_failed 1
+ #rm -f $pid_file
+ fi
rc_status -v
;;
|