Changes - j0ke.net Open Build Service

Changes of Revision 5

[-] [+]	Changed	mysql.spec
@@ -9,7 +9,7 @@ # # norootforbuild -# usedforbuild aaa_base acl attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs file filesystem fillup findutils flex gawk gcc gcc-c++ gdbm gdbm-devel gettext gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libgssapi libmudflap libnscd libstdc++ libstdc++-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline readline-devel rpm sed strace sysvinit tar tcpd tcpd-devel texinfo timezone unzip util-linux vim zlib zlib-devel +# usedforbuild aaa_base acl attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison brp-check-internal bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs file filesystem fillup findutils flex gawk gcc gcc-c++ gdbm gdbm-devel gettext gettext-devel glibc glibc-32bit glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libgssapi libmudflap libnscd libstdc++ libstdc++-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt post-build-checks procinfo procps psmisc pwdutils rcs readline readline-devel rpm sed strace sysvinit tar tcpd tcpd-devel texinfo timezone unzip util-linux vim zlib zlib-devel Name: mysql BuildRequires: gcc-c++ readline-devel tcpd-devel @@ -18,7 +18,7 @@ Requires: mysql-client perl-DBD-mysql AutoReqProv: on Version: 5.0.26 -Release: 16 +Release: 22 Url: http://www.mysql.com Summary: A True Multiuser, Multithreaded SQL Database Server PreReq: /usr/sbin/useradd /usr/sbin/groupadd fileutils %install_info_prereq %fillup_prereq %insserv_prereq @@ -45,6 +45,19 @@ Patch18: %{name}-%{version}-CVE-2007-3780.patch Patch19: %{name}-%{version}-CVE-2007-3781.patch Patch20: %{name}-%{version}-CVE-2007-3782.patch +Patch21: %{name}-%{version}-CVE-2007-2691.patch +Patch22: %{name}-%{version}-CVE-2007-2583.patch +Patch23: %{name}-%{version}-CVE-2007-5925.patch +Patch24: %{name}-%{version}-mybug25082.patch +Patch25: %{name}-%{version}-mybug28551.patch +Patch26: %{name}-%{version}-CVE-2007-2692.patch +Patch27: %{name}-%{version}-CVE-2007-5969.patch +Patch28: %{name}-%{version}-CVE-2007-6304.patch +Patch29: %{name}-%{version}-CVE-2006-7232.patch +Patch30: %{name}-%{version}-CVE-2008-2079.patch +Patch31: %{name}-%{version}-CVE-2008-4097.patch +Patch32: %{name}-%{version}-CVE-2008-3963.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -225,6 +238,19 @@ %patch18 %patch19 %patch20 +%patch21 +%patch22 +%patch23 +%patch24 +%patch25 +%patch26 +%patch27 +%patch28 +%patch29 +%patch30 +%patch31 +%patch32 + # remove unneeded man manpages rm -f man/mysqlman.1 man/safe_mysqld.1 @@ -292,7 +318,7 @@ %endif make %{?jobs:-j%jobs} benchdir=$RPM_BUILD_ROOT/usr/share/sql-bench %if %{?_with_testsuite:1}0 - make test + pushd mysql-test; perl ./mysql-test-run.pl --force; popd %endif } # Build the shared libraries and mysqld-max @@ -556,6 +582,40 @@ %dir %attr(755, mysql, mysql) /usr/share/mysql-test/var %changelog +* Wed Sep 17 2008 - mmarek@suse.cz +- really fixed the privilege bypass with DATA/INDEX DIRECTORY + (bnc#425079, mysql#32167, CVE-2008-4097) +- fixed a crash with empty bit-string literal + (bnc#424795, mysql#35658, CVE-2008-3963) +* Fri May 30 2008 - mmarek@suse.cz +- fixed rcmysql status and rcmysql start to check for the pid file, + not just a mysqld process, which can be an old mysqld instance + that is about to exit (bnc#359522, bnc#332530) +* Fri May 23 2008 - mmarek@suse.cz +- increase timeout in rcmysql stop, should fix failed restarts + (bnc#359522, bnc#332530) +* Tue May 20 2008 - mmarek@suse.cz +- fixed a privilege bypass with DATA/INDEX DIRECTORY + (bnc#387746, mysql#32167, CVE-2008-2079) +- fixed a crash when using EXPLAIN SELECT FROM on the + INFORMATION_SCHEMA table + (bnc#365119, mysql#22413, CVE-2006-7232) +* Thu Jan 17 2008 - mmarek@suse.cz +- make TMPDIR relative to datadir= setting in /etc/my.cnf [#353617] +- add a hint about changing datadir to rcmysql [#285076] +* Wed Jan 02 2008 - mmarek@suse.cz +- fixed view test no to depend on the current year + (updated mybug25359.patch) +* Tue Dec 18 2007 - mmarek@suse.cz +- security fixes [#348003, #347223] + * CVE-2007-5969 / mysql#32111 + * CVE-2007-6304 / mysql#29801 +* Wed Dec 12 2007 - mmarek@suse.cz +- more security fixes from the 5.0.45 release [#344278] + * CVE-2007-2583 / mysql#27513 + * CVE-2007-2691 / mysql#27515 + * CVE-2007-2692 / mysql#27337 (plus a fix for mysql#25082) + * CVE-2007-5925 / mysql#32125 * Thu Aug 23 2007 - mmarek@suse.cz - security fixes from the 5.0.45 release [#292994] * a malformed password packet in the connection protocol could
[-] [+]	Added	mysql-5.0.26-CVE-2006-7232.patch ^
@@ -0,0 +1,66 @@ +http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=cset&REV=4562ca9dDNqbruzRCDiZ2BbQK3PgKw +--- + mysql-test/r/information_schema.result \| 15 +++++++++++++++ + mysql-test/t/information_schema.test \| 13 +++++++++++++ + sql/sql_select.cc \| 2 ++ + 3 files changed, 30 insertions(+) + +--- mysql-test/r/information_schema.result.orig ++++ mysql-test/r/information_schema.result +@@ -1240,3 +1240,18 @@ WHERE table_name=(SELECT MAX(table_name) + FROM information_schema.tables); + table_name + VIEWS ++create view v1 as ++select table_schema as object_schema, ++table_name as object_name, ++table_type as object_type ++from information_schema.tables ++order by object_schema; ++explain select * from v1; ++id select_type table type possible_keys key key_len ref rows Extra ++1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found ++2 DERIVED tables ALL NULL NULL NULL NULL 2 Using filesort ++explain select * from (select table_name from information_schema.tables) as a; ++id select_type table type possible_keys key key_len ref rows Extra ++1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found ++2 DERIVED tables ALL NULL NULL NULL NULL 2 ++drop view v1; +--- mysql-test/t/information_schema.test.orig ++++ mysql-test/t/information_schema.test +@@ -930,4 +930,17 @@ SELECT table_name from information_schem + WHERE table_name=(SELECT MAX(table_name) + FROM information_schema.tables); + ++# ++# Bug#22413: EXPLAIN SELECT FROM view with ORDER BY yield server crash ++# ++create view v1 as ++select table_schema as object_schema, ++ table_name as object_name, ++ table_type as object_type ++from information_schema.tables ++order by object_schema; ++explain select * from v1; ++explain select * from (select table_name from information_schema.tables) as a; ++drop view v1; ++ + # End of 5.0 tests. +--- sql/sql_select.cc.orig ++++ sql/sql_select.cc +@@ -1419,6 +1419,7 @@ JOIN::exec() + TABLE curr_tmp_table= 0; + + if ((curr_join->select_lex->options & OPTION_SCHEMA_TABLE) && ++ !thd->lex->describe && + get_schema_tables_result(curr_join)) + { + DBUG_VOID_RETURN; +@@ -12046,6 +12047,7 @@ create_sort_index(THD thd, JOIN join, + + / Fill schema tables with data before filesort if it's necessary */ + if ((join->select_lex->options & OPTION_SCHEMA_TABLE) && ++ !thd->lex->describe && + get_schema_tables_result(join)) + goto err; +
[-] [+]	Added	mysql-5.0.26-CVE-2007-2583.patch ^
@@ -0,0 +1,50 @@ +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2392.105.16 +--- + mysql-test/r/func_in.result \| 6 ++++++ + mysql-test/t/func_in.test \| 13 +++++++++++++ + sql/item_cmpfunc.cc \| 3 ++- + 3 files changed, 21 insertions(+), 1 deletion(-) + +--- mysql-test/r/func_in.result.orig ++++ mysql-test/r/func_in.result +@@ -343,3 +343,9 @@ some_id + 1 + 2 + drop table t1; ++CREATE TABLE t1 (id int not null); ++INSERT INTO t1 VALUES (1),(2); ++SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) ); ++id ++DROP TABLE t1; ++End of 5.0 tests +--- mysql-test/t/func_in.test.orig ++++ mysql-test/t/func_in.test +@@ -232,3 +232,16 @@ select some_id from t1 where some_id not + select some_id from t1 where some_id not in(-4,-1,-4); + select some_id from t1 where some_id not in(-4,-1,3423534,2342342); + drop table t1; ++ ++# ++# BUG#27362: IN with a decimal expression that may return NULL ++# ++ ++CREATE TABLE t1 (id int not null); ++INSERT INTO t1 VALUES (1),(2); ++ ++SELECT id FROM t1 WHERE id IN(4564, (SELECT IF(1=0,1,1/0)) ); ++ ++DROP TABLE t1; ++ ++--echo End of 5.0 tests +--- sql/item_cmpfunc.cc.orig ++++ sql/item_cmpfunc.cc +@@ -2134,7 +2134,8 @@ void in_decimal::set(uint pos, Item ite + dec->len= DECIMAL_BUFF_LENGTH; + dec->fix_buffer_pointer(); + my_decimal res= item->val_decimal(dec); +- if (res != dec) ++ /* if item->val_decimal() is evaluated to NULL then res == 0 */ ++ if (!item->null_value && res != dec) + my_decimal2decimal(res, dec); + } +
[-] [+]	Added	mysql-5.0.26-CVE-2007-2691.patch ^
@@ -0,0 +1,70 @@ +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.1616.3025.1 +--- + mysql-test/r/grant.result \| 11 +++++++++++ + mysql-test/t/grant.test \| 23 ++++++++++++++++++++++- + sql/sql_parse.cc \| 2 +- + 3 files changed, 34 insertions(+), 2 deletions(-) + +--- mysql-test/r/grant.result.orig ++++ mysql-test/r/grant.result +@@ -657,6 +657,17 @@ delete from mysql.db where user='mysqlte + delete from mysql.tables_priv where user='mysqltest1'; + flush privileges; + drop database mysqltest; ++create database db27515; ++use db27515; ++create table t1 (a int); ++grant alter on db27515.t1 to user27515@localhost; ++grant insert, create on db27515.t2 to user27515@localhost; ++rename table t1 to t2; ++ERROR 42000: DROP command denied to user 'user27515'@'localhost' for table 't1' ++revoke all privileges, grant option from user27515@localhost; ++drop user user27515@localhost; ++drop database db27515; ++End of 4.1 tests + use test; + create table t1 (a int); + create table t2 as select * from mysql.user where user=''; +--- mysql-test/t/grant.test.orig ++++ mysql-test/t/grant.test +@@ -541,7 +541,28 @@ delete from mysql.tables_priv where user + flush privileges; + drop database mysqltest; + +-# End of 4.1 tests ++# ++# Bug #27515: DROP previlege is not required for RENAME TABLE ++# ++connection master; ++create database db27515; ++use db27515; ++create table t1 (a int); ++grant alter on db27515.t1 to user27515@localhost; ++grant insert, create on db27515.t2 to user27515@localhost; ++ ++connect (conn27515, localhost, user27515, , db27515); ++connection conn27515; ++--error 1142 ++rename table t1 to t2; ++disconnect conn27515; ++ ++connection master; ++revoke all privileges, grant option from user27515@localhost; ++drop user user27515@localhost; ++drop database db27515; ++ ++--echo End of 4.1 tests + + # + # Bug #16297 In memory grant tables not flushed when users's hostname is "" +--- sql/sql_parse.cc.orig ++++ sql/sql_parse.cc +@@ -3146,7 +3146,7 @@ end_with_restore_list: + */ + old_list= table[0]; + new_list= table->next_local[0]; +- if (check_grant(thd, ALTER_ACL, &old_list, 0, 1, 0) \|\| ++ if (check_grant(thd, ALTER_ACL \| DROP_ACL, &old_list, 0, 1, 0) \|\| + (!test_all_bits(table->next_local->grant.privilege, + INSERT_ACL \| CREATE_ACL) && + check_grant(thd, INSERT_ACL \| CREATE_ACL, &new_list, 0, 1, 0)))
[-] [+]	Added	mysql-5.0.26-CVE-2007-2692.patch ^
@@ -0,0 +1,545 @@ +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2410.5.12 +--- + mysql-test/r/grant.result \| 75 ++++++++++++++++++++ + mysql-test/t/grant.test \| 144 +++++++++++++++++++++++++++++++++++++++ + sql/mysql_priv.h \| 2 + sql/sql_db.cc \| 43 +++++------ + sql/sql_parse.cc \| 167 +++++++++++++++++++++++++++++++++------------- + sql/sql_show.cc \| 2 + 6 files changed, 362 insertions(+), 71 deletions(-) + +--- mysql-test/r/grant.result.orig ++++ mysql-test/r/grant.result +@@ -1000,4 +1000,79 @@ f1 f2 + DROP DATABASE db27878; + use test; + DROP TABLE t1; ++DROP DATABASE IF EXISTS mysqltest1; ++DROP DATABASE IF EXISTS mysqltest2; ++CREATE DATABASE mysqltest1; ++CREATE DATABASE mysqltest2; ++GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost; ++GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost; ++CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER ++SELECT 1; ++ ++---> connection: bug27337_con1 ++CREATE TABLE t1(c INT); ++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1' ++CALL mysqltest1.p1(); ++1 ++1 ++CREATE TABLE t1(c INT); ++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1' ++ ++---> connection: bug27337_con2 ++CREATE TABLE t1(c INT); ++ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1' ++SHOW TABLES; ++Tables_in_mysqltest2 ++ ++---> connection: default ++DROP DATABASE mysqltest1; ++DROP DATABASE mysqltest2; ++DROP USER mysqltest_1@localhost; ++DROP DATABASE IF EXISTS mysqltest1; ++DROP DATABASE IF EXISTS mysqltest2; ++CREATE DATABASE mysqltest1; ++CREATE DATABASE mysqltest2; ++CREATE TABLE mysqltest1.t1(c INT); ++CREATE TABLE mysqltest2.t2(c INT); ++GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost; ++GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost; ++ ++---> connection: bug27337_con1 ++SHOW TABLES FROM mysqltest1; ++Tables_in_mysqltest1 ++t1 ++PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1'; ++EXECUTE stmt1; ++Tables_in_mysqltest1 ++t1 ++ ++---> connection: bug27337_con2 ++SHOW COLUMNS FROM mysqltest2.t2; ++Field Type Null Key Default Extra ++c int(11) YES NULL ++PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2'; ++EXECUTE stmt2; ++Field Type Null Key Default Extra ++c int(11) YES NULL ++ ++---> connection: default ++REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost; ++REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost; ++ ++---> connection: bug27337_con1 ++SHOW TABLES FROM mysqltest1; ++ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1' ++EXECUTE stmt1; ++ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1' ++ ++---> connection: bug27337_con2 ++SHOW COLUMNS FROM mysqltest2.t2; ++ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2' ++EXECUTE stmt2; ++ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2' ++ ++---> connection: default ++DROP DATABASE mysqltest1; ++DROP DATABASE mysqltest2; ++DROP USER mysqltest_1@localhost; + End of 5.0 tests +--- mysql-test/t/grant.test.orig ++++ mysql-test/t/grant.test +@@ -911,4 +911,148 @@ DROP DATABASE db27878; + use test; + DROP TABLE t1; + ++# ++# BUG#27337: Privileges are not restored properly. ++# ++# Actually, the patch for this bugs fixes two problems. So, here are two test ++# cases. ++ ++# Test case 1: privileges are not restored properly after calling a stored ++# routine defined with SQL SECURITY INVOKER clause. ++ ++# Prepare. ++ ++--disable_warnings ++DROP DATABASE IF EXISTS mysqltest1; ++DROP DATABASE IF EXISTS mysqltest2; ++--enable_warnings ++ ++CREATE DATABASE mysqltest1; ++CREATE DATABASE mysqltest2; ++ ++GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost; ++GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost; ++ ++CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER ++ SELECT 1; ++ ++# Test. ++ ++--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest2) ++--echo ++--echo ---> connection: bug27337_con1 ++ ++--error ER_TABLEACCESS_DENIED_ERROR ++CREATE TABLE t1(c INT); ++ ++CALL mysqltest1.p1(); ++ ++--error ER_TABLEACCESS_DENIED_ERROR ++CREATE TABLE t1(c INT); ++ ++--disconnect bug27337_con1 ++ ++--connect (bug27337_con2,localhost,mysqltest_1,,mysqltest2) ++--echo ++--echo ---> connection: bug27337_con2 ++ ++--error ER_TABLEACCESS_DENIED_ERROR ++CREATE TABLE t1(c INT); ++ ++SHOW TABLES; ++ ++# Cleanup. ++ ++--connection default ++--echo ++--echo ---> connection: default ++ ++--disconnect bug27337_con2 ++ ++DROP DATABASE mysqltest1; ++DROP DATABASE mysqltest2; ++ ++DROP USER mysqltest_1@localhost; ++ ++# Test case 2: priveleges are not checked properly for prepared statements. ++ ++# Prepare. ++ ++--disable_warnings ++DROP DATABASE IF EXISTS mysqltest1; ++DROP DATABASE IF EXISTS mysqltest2; ++--enable_warnings ++ ++CREATE DATABASE mysqltest1; ++CREATE DATABASE mysqltest2; ++ ++CREATE TABLE mysqltest1.t1(c INT); ++CREATE TABLE mysqltest2.t2(c INT); ++ ++GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost; ++GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost; ++ ++# Test. ++ ++--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest1) ++--echo ++--echo ---> connection: bug27337_con1 ++ ++SHOW TABLES FROM mysqltest1; ++ ++PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1'; ++ ++EXECUTE stmt1; ++ ++--connect (bug27337_con2,localhost,mysqltest_2,,mysqltest2) ++--echo ++--echo ---> connection: bug27337_con2 ++ ++SHOW COLUMNS FROM mysqltest2.t2; ++ ++PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2'; ++
[-] [+]	Added	mysql-5.0.26-CVE-2007-5925.patch ^
@@ -0,0 +1,110 @@ +from http://mysql.bkbits.net:8080/mysql-5.1/?PAGE=gnupatch&REV=1.2632 +--- + innobase/include/db0err.h \| 5 ++++ + innobase/include/page0cur.h \| 1 + sql/ha_innodb.cc \| 45 ++++++++++++++++++++++++++++++++++++-------- + 3 files changed, 43 insertions(+), 8 deletions(-) + +--- sql/ha_innodb.cc.orig ++++ sql/ha_innodb.cc +@@ -522,6 +522,9 @@ convert_error_code_to_mysql( + } + + return(HA_ERR_LOCK_TABLE_FULL); ++ } else if (error == DB_UNSUPPORTED) { ++ ++ return(HA_ERR_UNSUPPORTED); + } else { + return(-1); // Unknown error + } +@@ -3679,11 +3682,22 @@ convert_search_mode_to_innobase( + and comparison of non-latin1 char type fields in + innobase_mysql_cmp() to get PAGE_CUR_LE_OR_EXTENDS to + work correctly. / +- +- default: assert(0); ++ case HA_READ_MBR_CONTAIN: ++ case HA_READ_MBR_INTERSECT: ++ case HA_READ_MBR_WITHIN: ++ case HA_READ_MBR_DISJOINT: ++ case HA_READ_MBR_EQUAL: ++ my_error(ER_TABLE_CANT_HANDLE_SPKEYS, MYF(0)); ++ return(PAGE_CUR_UNSUPP); ++ / do not use "default:" in order to produce a gcc warning: ++ enumeration value '...' not handled in switch ++ (if -Wswitch or -Wall is used) ++ / + } + +- return(0); ++ my_error(ER_CHECK_NOT_IMPLEMENTED, MYF(0), "this functionality"); ++ ++ return(PAGE_CUR_UNSUPP); + } + + / +@@ -3821,11 +3835,18 @@ ha_innobase::index_read( + + last_match_mode = (uint) match_mode; + +- innodb_srv_conc_enter_innodb(prebuilt->trx); ++ if (mode != PAGE_CUR_UNSUPP) { + +- ret = row_search_for_mysql((byte) buf, mode, prebuilt, match_mode, 0); ++ innodb_srv_conc_enter_innodb(prebuilt->trx); + +- innodb_srv_conc_exit_innodb(prebuilt->trx); ++ ret = row_search_for_mysql((byte) buf, mode, prebuilt, ++ match_mode, 0); ++ ++ innodb_srv_conc_exit_innodb(prebuilt->trx); ++ } else { ++ ++ ret = DB_UNSUPPORTED; ++ } + + if (ret == DB_SUCCESS) { + error = 0; +@@ -5126,8 +5147,16 @@ ha_innobase::records_in_range( + mode2 = convert_search_mode_to_innobase(max_key ? max_key->flag : + HA_READ_KEY_EXACT); + +- n_rows = btr_estimate_n_rows_in_range(index, range_start, +- mode1, range_end, mode2); ++ if (mode1 != PAGE_CUR_UNSUPP && mode2 != PAGE_CUR_UNSUPP) { ++ ++ n_rows = btr_estimate_n_rows_in_range(index, range_start, ++ mode1, range_end, ++ mode2); ++ } else { ++ ++ n_rows = 0; ++ } ++ + dtuple_free_for_mysql(heap1); + dtuple_free_for_mysql(heap2); + +--- innobase/include/page0cur.h.orig ++++ innobase/include/page0cur.h +@@ -22,6 +22,7 @@ Created 10/4/1994 Heikki Tuuri + + /* Page cursor search modes; the values must be in this order! / + ++#define PAGE_CUR_UNSUPP 0 + #define PAGE_CUR_G 1 + #define PAGE_CUR_GE 2 + #define PAGE_CUR_L 3 +--- innobase/include/db0err.h.orig ++++ innobase/include/db0err.h +@@ -57,6 +57,11 @@ Created 5/24/1996 Heikki Tuuri + buffer pool (for big transactions, + InnoDB stores the lock structs in the + buffer pool) / ++#define DB_UNSUPPORTED 48 /* when InnoDB sees any artefact or ++ a feature that it can't recoginize or ++ work with e.g., FT indexes created by ++ a later version of the engine. / ++ + + / The following are partial failure codes */ + #define DB_FAIL 1000
[-] [+]	Added	mysql-5.0.26-CVE-2007-5969.patch ^
@@ -0,0 +1,77 @@ +From http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2521.73.2 +--- + mysql-test/r/symlink.result \| 6 ++++++ + mysql-test/t/symlink.test \| 12 ++++++++++++ + mysys/my_symlink2.c \| 11 ++++++++++- + 3 files changed, 28 insertions(+), 1 deletion(-) + +--- mysql-test/r/symlink.result.orig ++++ mysql-test/r/symlink.result +@@ -99,6 +99,12 @@ t1 CREATE TABLE `t1` ( + `b` int(11) default NULL + ) ENGINE=MyISAM DEFAULT CHARSET=latin1 + drop table t1; ++CREATE TABLE t1(a INT) ++DATA DIRECTORY='TEST_DIR/master-data/mysql' ++INDEX DIRECTORY='TEST_DIR/master-data/mysql'; ++RENAME TABLE t1 TO user; ++ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17) ++DROP TABLE t1; + show create table t1; + Table Create Table + t1 CREATE TABLE `t1` ( +--- mysql-test/t/symlink.test.orig ++++ mysql-test/t/symlink.test +@@ -125,6 +125,18 @@ show create table t1; + drop table t1; + + # ++# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE ++# ++--replace_result $MYSQLTEST_VARDIR TEST_DIR ++eval CREATE TABLE t1(a INT) ++DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql' ++INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'; ++--replace_result $MYSQLTEST_VARDIR TEST_DIR ++--error 1 ++RENAME TABLE t1 TO user; ++DROP TABLE t1; ++ ++# + # Test specifying DATA DIRECTORY that is the same as what would normally + # have been chosen. (Bug #8707) + # +--- mysys/my_symlink2.c.orig ++++ mysys/my_symlink2.c +@@ -125,6 +125,7 @@ int my_rename_with_symlink(const char f + int was_symlink= (!my_disable_symlinks && + !my_readlink(link_name, from, MYF(0))); + int result=0; ++ int name_is_different; + DBUG_ENTER("my_rename_with_symlink"); + + if (!was_symlink) +@@ -133,6 +134,14 @@ int my_rename_with_symlink(const char f + /* Change filename that symlink pointed to / + strmov(tmp_name, to); + fn_same(tmp_name,link_name,1); / Copy dir / ++ name_is_different= strcmp(link_name, tmp_name); ++ if (name_is_different && !access(tmp_name, F_OK)) ++ { ++ my_errno= EEXIST; ++ if (MyFlags & MY_WME) ++ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST); ++ DBUG_RETURN(1); ++ } + + / Create new symlink / + if (my_symlink(tmp_name, to, MyFlags)) +@@ -144,7 +153,7 @@ int my_rename_with_symlink(const char f + the same basename and different directories. + / + +- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags)) ++ if (name_is_different && my_rename(link_name, tmp_name, MyFlags)) + { + int save_errno=my_errno; + my_delete(to, MyFlags); / Remove created symlink */
[-] [+]	Added	mysql-5.0.26-CVE-2007-6304.patch ^
@@ -0,0 +1,21 @@ +From http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2521.28.4 +--- + sql/ha_federated.cc \| 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- sql/ha_federated.cc.orig ++++ sql/ha_federated.cc +@@ -2419,7 +2419,12 @@ void ha_federated::info(uint flag) + status_query_string.length(0); + + result= mysql_store_result(mysql); +- if (!result) ++ ++ /* ++ We're going to use fields num. 4, 12 and 13 of the resultset, ++ so make sure we have these fields. ++ */ ++ if (!result \|\| (mysql_num_fields(result) < 14)) + goto error; + + if (!mysql_num_rows(result))
[-] [+]	Added	mysql-5.0.26-CVE-2008-2079.patch ^
@@ -0,0 +1,244 @@ +From: +http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d674xBscPm_ztIMnZI3dj2r7IQ +http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d8f2Z15kczRJRewvyFNHM6lheA +http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7e6a0CyEvUOiqbdlN1JWAu7pcsA +http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c80109fGl7Wudvu2CM0pXMSbzYNg +http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47cbdacaZc2nF4NS9WyTkT_6nTPp_Q +--- + mysql-test/r/symlink.result \| 35 +++++++++++++++++++------ + mysql-test/t/symlink.test \| 49 +++++++++++++++++++++++++++++------ + sql/mysql_priv.h \| 1 + sql/mysqld.cc \| 4 ++ + sql/sql_parse.cc \| 60 ++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 131 insertions(+), 18 deletions(-) + +--- mysql-test/r/symlink.result.orig ++++ mysql-test/r/symlink.result +@@ -100,20 +100,37 @@ t1 CREATE TABLE `t1` ( + ) ENGINE=MyISAM DEFAULT CHARSET=latin1 + drop table t1; + CREATE TABLE t1(a INT) +-DATA DIRECTORY='TEST_DIR/master-data/mysql' +-INDEX DIRECTORY='TEST_DIR/master-data/mysql'; +-RENAME TABLE t1 TO user; +-ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17) +-DROP TABLE t1; ++DATA DIRECTORY='TEST_DIR/tmp' ++INDEX DIRECTORY='TEST_DIR/tmp'; ++ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17) ++CREATE TABLE t2(a INT) ++DATA DIRECTORY='TEST_DIR/tmp' ++INDEX DIRECTORY='TEST_DIR/tmp'; ++RENAME TABLE t2 TO t1; ++ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17) ++DROP TABLE t2; + show create table t1; + Table Create Table + t1 CREATE TABLE `t1` ( +- `i` int(11) default NULL +-) ENGINE=MyISAM DEFAULT CHARSET=latin1 ++ `c` char(10) default NULL ++) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/' + drop table t1; + show create table t1; + Table Create Table + t1 CREATE TABLE `t1` ( +- `i` int(11) default NULL +-) ENGINE=MyISAM DEFAULT CHARSET=latin1 ++ `c` char(10) default NULL ++) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/' + drop table t1; ++CREATE TABLE t1(a INT) ++DATA DIRECTORY='TEST_DIR/var/master-data/test'; ++Got one of the listed errors ++CREATE TABLE t1(a INT) ++DATA DIRECTORY='TEST_DIR/var/master-data/'; ++Got one of the listed errors ++CREATE TABLE t1(a INT) ++INDEX DIRECTORY='TEST_DIR/var/master-data'; ++Got one of the listed errors ++CREATE TABLE t1(a INT) ++INDEX DIRECTORY='TEST_DIR/var/master-data_var'; ++Got one of the listed errors ++End of 4.1 tests +--- mysql-test/t/symlink.test.orig ++++ mysql-test/t/symlink.test +@@ -127,28 +127,59 @@ drop table t1; + # + # BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE + # ++--exec touch $MYSQLTEST_VARDIR/tmp/t1.MYI + --replace_result $MYSQLTEST_VARDIR TEST_DIR ++--error 1 + eval CREATE TABLE t1(a INT) +-DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql' +-INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'; ++DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp' ++INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp'; ++--replace_result $MYSQLTEST_VARDIR TEST_DIR ++eval CREATE TABLE t2(a INT) ++DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp' ++INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp'; + --replace_result $MYSQLTEST_VARDIR TEST_DIR + --error 1 +-RENAME TABLE t1 TO user; +-DROP TABLE t1; ++RENAME TABLE t2 TO t1; ++DROP TABLE t2; ++--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI + + # +-# Test specifying DATA DIRECTORY that is the same as what would normally +-# have been chosen. (Bug #8707) ++# CREATE TABLE with DATA DIRECTORY option + # ++# Protect ourselves from data left in tmp/ by a previos possibly failed ++# test ++--system rm -f $MYSQLTEST_VARDIR/tmp/t1.* + disable_query_log; +-eval create table t1 (i int) data directory = "$MYSQLTEST_VARDIR/master-data/test/"; ++eval create table t1 (c char(10)) data directory='$MYSQLTEST_VARDIR/tmp'; + enable_query_log; ++--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR + show create table t1; + drop table t1; + disable_query_log; +-eval create table t1 (i int) index directory = "$MYSQLTEST_VARDIR/master-data/test/"; ++eval create table t1 (c char(10)) data directory='$MYSQLTEST_VARDIR/tmp'; + enable_query_log; ++--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR + show create table t1; + drop table t1; + +-# End of 4.1 tests ++# ++# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY ++# ++--replace_result $MYSQL_TEST_DIR TEST_DIR ++--error 1,1210 ++eval CREATE TABLE t1(a INT) ++DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test'; ++--replace_result $MYSQL_TEST_DIR TEST_DIR ++--error 1,1210 ++eval CREATE TABLE t1(a INT) ++DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/'; ++--replace_result $MYSQL_TEST_DIR TEST_DIR ++--error 1,1210 ++eval CREATE TABLE t1(a INT) ++INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data'; ++--replace_result $MYSQL_TEST_DIR TEST_DIR ++--error 1,1210 ++eval CREATE TABLE t1(a INT) ++INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data_var'; ++ ++--echo End of 4.1 tests +--- sql/mysql_priv.h.orig ++++ sql/mysql_priv.h +@@ -1170,6 +1170,7 @@ void my_dbopt_free(void); + extern time_t start_time; + extern char mysql_data_home,server_version[SERVER_VERSION_LENGTH], + mysql_real_data_home[], opt_mysql_tmpdir, mysql_charsets_dir[], ++ mysql_unpacked_real_data_home[], + def_ft_boolean_syntax[sizeof(ft_boolean_syntax)]; + #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list)) + extern MY_TMPDIR mysql_tmpdir_list; +--- sql/mysqld.cc.orig ++++ sql/mysqld.cc +@@ -435,6 +435,7 @@ char log_error_file[FN_REFLEN], glob_hos + char mysql_real_data_home[FN_REFLEN], + language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN], + opt_init_file, opt_tc_log_file, ++ mysql_unpacked_real_data_home[FN_REFLEN], + def_ft_boolean_syntax[sizeof(ft_boolean_syntax)]; + + const key_map key_map_empty(0); +@@ -7311,6 +7312,9 @@ static void fix_paths(void) + pos[1]= 0; + } + convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS); ++ (void) fn_format(buff, mysql_real_data_home, "", "", ++ (MY_RETURN_REAL_PATH\|MY_RESOLVE_SYMLINKS)); ++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff); + convert_dirname(language,language,NullS); + (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir + (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home); +--- sql/sql_parse.cc.orig ++++ sql/sql_parse.cc +@@ -77,6 +77,7 @@ static void remove_escape(char name); + static bool append_file_to_dir(THD thd, const char *filename_ptr, + const char table_name); + static bool check_show_create_table_access(THD thd, TABLE_LIST table); ++static bool test_if_data_home_dir(const char dir); + + const char any_db="any"; // Special symbol for check_access + +@@ -2869,6 +2870,20 @@ mysql_execute_command(THD thd) + #ifndef HAVE_READLINK + lex->create_info.data_file_name=lex->create_info.index_file_name=0; + #else ++ ++ if (test_if_data_home_dir(lex->create_info.data_file_name)) ++ { ++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY"); ++ res= -1; ++ break; ++ } ++ if (test_if_data_home_dir(lex->create_info.index_file_name)) ++ { ++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY"); ++ res= -1; ++ break; ++ } ++ + / Fix names if symlinked tables / + if (append_file_to_dir(thd, &lex->create_info.data_file_name, + create_table->table_name) \|\| +@@ -7705,3 +7720,48 @@ bool check_string_length(LEX_STRING str + + return TRUE; + }
[-] [+]	Added	mysql-5.0.26-CVE-2008-3963.patch ^
@@ -0,0 +1,120 @@ +--- + mysql-test/r/varbinary.result \| 31 +++++++++++++++++++++++++++++++ + mysql-test/t/varbinary.test \| 28 ++++++++++++++++++++++++++++ + sql/item.cc \| 29 ++++++++++++++++++----------- + 3 files changed, 77 insertions(+), 11 deletions(-) + +--- mysql-test/r/varbinary.result.orig ++++ mysql-test/r/varbinary.result +@@ -26,3 +26,34 @@ select x,xx from t1; + x xx + 1 2 + drop table t1; ++select 0b01000001; ++0b01000001 ++A ++select 0x41; ++0x41 ++A ++select b'01000001'; ++b'01000001' ++A ++select x'41', 0+x'41'; ++x'41' 0+x'41' ++A 65 ++select N'abc', length(N'abc'); ++abc length(N'abc') ++abc 3 ++select N'', length(N''); ++ length(N'') ++ 0 ++select '', length(''); ++ length('') ++ 0 ++select b'', 0+b''; ++b'' 0+b'' ++ 0 ++select x'', 0+x''; ++x'' 0+x'' ++ 0 ++select 0x; ++ERROR 42S22: Unknown column '0x' in 'field list' ++select 0b; ++ERROR 42S22: Unknown column '0b' in 'field list' +--- mysql-test/t/varbinary.test.orig ++++ mysql-test/t/varbinary.test +@@ -36,4 +36,32 @@ create table t1 select 1 as x, 2 as xx; + select x,xx from t1; + drop table t1; + ++# ++# Bug#35658 (An empty binary value leads to mysqld crash) ++# ++ ++select 0b01000001; ++ ++select 0x41; ++ ++select b'01000001'; ++ ++select x'41', 0+x'41'; ++ ++select N'abc', length(N'abc'); ++ ++select N'', length(N''); ++ ++select '', length(''); ++ ++select b'', 0+b''; ++ ++select x'', 0+x''; ++ ++--error ER_BAD_FIELD_ERROR ++select 0x; ++ ++--error ER_BAD_FIELD_ERROR ++select 0b; ++ + # End of 4.1 tests +--- sql/item.cc.orig ++++ sql/item.cc +@@ -4517,21 +4517,28 @@ Item_bin_string::Item_bin_string(const c + if (!ptr) + return; + str_value.set(ptr, max_length, &my_charset_bin); +- ptr+= max_length - 1; +- ptr[1]= 0; // Set end null for string +- for (; end >= str; end--) ++ ++ if (max_length > 0) + { +- if (power == 256) ++ ptr+= max_length - 1; ++ ptr[1]= 0; // Set end null for string ++ for (; end >= str; end--) + { +- power= 1; +- ptr--= bits; +- bits= 0; ++ if (power == 256) ++ { ++ power= 1; ++ ptr--= bits; ++ bits= 0; ++ } ++ if (end == '1') ++ bits\|= power; ++ power<<= 1; + } +- if (end == '1') +- bits\|= power; +- power<<= 1; ++ ptr= (char) bits; + } +- ptr= (char) bits; ++ else ++ ptr[0]= 0; ++ + collation.set(&my_charset_bin, DERIVATION_COERCIBLE); + fixed= 1; + }
[-] [+]	Added	mysql-5.0.26-CVE-2008-4097.patch ^
@@ -0,0 +1,412 @@ +--- + include/my_sys.h \| 1 + include/myisam.h \| 4 +++ + myisam/mi_check.c \| 6 ++--- + myisam/mi_open.c \| 42 +++++++++++++++++++++++++++++++++-------- + myisam/mi_static.c \| 9 ++++++++ + myisam/myisamchk.c \| 2 - + myisam/myisamdef.h \| 4 ++- + mysql-test/t/symlink.test \| 4 +-- + mysys/my_symlink.c \| 47 +++++++++++++++++++++++----------------------- + sql/mysql_priv.h \| 3 ++ + sql/mysqld.cc \| 11 +++++++--- + sql/sql_parse.cc \| 33 +++++++++++++++++++------------- + 12 files changed, 112 insertions(+), 54 deletions(-) + +--- include/my_sys.h.orig ++++ include/my_sys.h +@@ -564,6 +564,7 @@ extern int my_close(File Filedes,myf MyF + extern File my_dup(File file, myf MyFlags); + extern int my_mkdir(const char dir, int Flags, myf MyFlags); + extern int my_readlink(char to, const char filename, myf MyFlags); ++extern int my_is_symlink(const char filename); + extern int my_realpath(char to, const char filename, myf MyFlags); + extern File my_create_with_symlink(const char linkname, const char filename, + int createflags, int access_flags, +--- include/myisam.h.orig ++++ include/myisam.h +@@ -268,6 +268,10 @@ extern my_bool myisam_flush,myisam_delay + extern my_off_t myisam_max_temp_length; + extern ulong myisam_bulk_insert_tree_size, myisam_data_pointer_size; + ++/* usually used to check if a symlink points into the mysql data home / ++/ which is normally forbidden / ++extern int (myisam_test_invalid_symlink)(const char filename); ++ + / Prototypes for myisam-functions / + + extern int mi_close(struct st_myisam_info file); +--- myisam/mi_check.c.orig ++++ myisam/mi_check.c +@@ -1534,7 +1534,7 @@ err: + DATA_TMP_EXT, share->base.raid_chunks, + (param->testflag & T_BACKUP_DATA ? + MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) \|\| +- mi_open_datafile(info,share,-1)) ++ mi_open_datafile(info,share,name,-1)) + got_error=1; + } + } +@@ -2311,7 +2311,7 @@ err: + DATA_TMP_EXT, share->base.raid_chunks, + (param->testflag & T_BACKUP_DATA ? + MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) \|\| +- mi_open_datafile(info,share,-1)) ++ mi_open_datafile(info,share,name,-1)) + got_error=1; + } + } +@@ -2732,7 +2732,7 @@ err: + DATA_TMP_EXT, share->base.raid_chunks, + (param->testflag & T_BACKUP_DATA ? + MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) \|\| +- mi_open_datafile(info,share,-1)) ++ mi_open_datafile(info,share,name,-1)) + got_error=1; + } + } +--- myisam/mi_open.c.orig ++++ myisam/mi_open.c +@@ -75,7 +75,7 @@ MI_INFO test_if_reopen(char filename) + + MI_INFO mi_open(const char name, int mode, uint open_flags) + { +- int lock_error,kfile,open_mode,save_errno,have_rtree=0; ++ int lock_error,kfile,open_mode,save_errno,have_rtree=0, realpath_err; + uint i,j,len,errpos,head_length,base_pos,offset,info_length,keys, + key_parts,unique_key_parts,fulltext_keys,uniques; + char name_buff[FN_REFLEN], org_name[FN_REFLEN], index_name[FN_REFLEN], +@@ -95,7 +95,16 @@ MI_INFO mi_open(const char name, int m + head_length=sizeof(share_buff.state.header); + bzero((byte) &info,sizeof(info)); + +- my_realpath(name_buff, fn_format(org_name,name,"",MI_NAME_IEXT,4),MYF(0)); ++ realpath_err= my_realpath(name_buff, ++ fn_format(org_name,name,"",MI_NAME_IEXT,4),MYF(0)); ++ if (my_is_symlink(org_name) && ++ (realpath_err \|\| (myisam_test_invalid_symlink)(name_buff))) ++ { ++ my_errno= HA_WRONG_CREATE_OPTION; ++ DBUG_RETURN (NULL); ++ } ++ ++ + pthread_mutex_lock(&THR_LOCK_myisam); + if (!(old_info=test_if_reopen(name_buff))) + { +@@ -443,7 +452,7 @@ MI_INFO mi_open(const char name, int m + lock_error=1; /* Database unlocked / + } + +- if (mi_open_datafile(&info, share, -1)) ++ if (mi_open_datafile(&info, share, name, -1)) + goto err; + errpos=5; + +@@ -513,7 +522,7 @@ MI_INFO mi_open(const char name, int m + my_errno=EACCES; / Can't open in write mode / + goto err; + } +- if (mi_open_datafile(&info, share, old_info->dfile)) ++ if (mi_open_datafile(&info, share, name, old_info->dfile)) + goto err; + errpos=5; + have_rtree= old_info->rtree_recursion_state != NULL; +@@ -1158,12 +1167,30 @@ The argument file_to_dup is here for the + exist a dup()-like call that would give us two different file descriptors. + ***********************************************************************/ + +-int mi_open_datafile(MI_INFO info, MYISAM_SHARE share, File file_to_dup __attribute__((unused))) ++int mi_open_datafile(MI_INFO info, MYISAM_SHARE share, const char org_name, ++ File file_to_dup __attribute__((unused))) + { ++ char data_name= share->data_file_name; ++ char real_data_name[FN_REFLEN]; ++ ++ if (org_name) ++ { ++ fn_format(real_data_name,org_name,"",MI_NAME_DEXT,4); ++ if (my_is_symlink(real_data_name)) ++ { ++ if (my_realpath(real_data_name, real_data_name, MYF(0)) \|\| ++ (myisam_test_invalid_symlink)(real_data_name)) ++ { ++ my_errno= HA_WRONG_CREATE_OPTION; ++ return 1; ++ } ++ data_name= real_data_name; ++ } ++ } + #ifdef USE_RAID + if (share->base.raid_type) + { +- info->dfile=my_raid_open(share->data_file_name, ++ info->dfile=my_raid_open(data_name, + share->mode \| O_SHARE, + share->base.raid_type, + share->base.raid_chunks, +@@ -1172,8 +1199,7 @@ int mi_open_datafile(MI_INFO info, MYIS + } + else + #endif +- info->dfile=my_open(share->data_file_name, share->mode \| O_SHARE, +- MYF(MY_WME)); ++ info->dfile=my_open(data_name, share->mode \| O_SHARE, MYF(MY_WME)); + return info->dfile >= 0 ? 0 : 1; + } + +--- myisam/mi_static.c.orig ++++ myisam/mi_static.c +@@ -42,6 +42,15 @@ my_off_t myisam_max_temp_length= MAX_FIL + ulong myisam_bulk_insert_tree_size=81921024; + ulong myisam_data_pointer_size=4; + ++ ++static int always_valid(const char filename) ++{ ++ return 0; ++} ++ ++int (myisam_test_invalid_symlink)(const char filename)= always_valid; ++ ++ + / + read_vec[] is used for converting between P_READ_KEY.. and SEARCH_ + Position is , == , >= , <= , > , < +--- myisam/myisamchk.c.orig ++++ myisam/myisamchk.c +@@ -1039,7 +1039,7 @@ static int myisamchk(MI_CHECK param, my + error\|=change_to_newfile(filename,MI_NAME_DEXT,DATA_TMP_EXT, + raid_chunks, + MYF(0)); +- if (mi_open_datafile(info,info->s, -1)) ++ if (mi_open_datafile(info,info->s, NULL, -1)) + error=1; + param->out_flag&= ~O_NEW_DATA; / We are using new datafile / + param->read_cache.file=info->dfile; +--- myisam/myisamdef.h.orig ++++ myisam/myisamdef.h +@@ -722,7 +722,9 @@ void mi_disable_non_unique_index(MI_INFO + + extern MI_INFO test_if_reopen(char filename); + my_bool check_table_is_closed(const char name, const char where); +-int mi_open_datafile(MI_INFO info, MYISAM_SHARE share, File file_to_dup); ++int mi_open_datafile(MI_INFO info, MYISAM_SHARE share, const char orn_name, ++ File file_to_dup); ++ + int mi_open_keyfile(MYISAM_SHARE share); + void mi_setup_functions(register MYISAM_SHARE share); +
[-] [+]	Added	mysql-5.0.26-mybug25082.patch ^
@@ -0,0 +1,568 @@ +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2410.5.7 +--- + mysql-test/r/sp.result \| 15 ++ + mysql-test/t/sp.test \| 40 ++++++ + sql/mysql_priv.h \| 3 + sql/sp.cc \| 8 - + sql/sp_head.cc \| 2 + sql/sql_db.cc \| 326 ++++++++++++++++++++++++++++++++----------------- + sql/sql_parse.cc \| 16 +- + 7 files changed, 287 insertions(+), 123 deletions(-) + +--- mysql-test/r/sp.result.orig ++++ mysql-test/r/sp.result +@@ -5457,4 +5457,19 @@ CAD + CHF + DROP FUNCTION bug21493\| + DROP TABLE t3,t4\| ++DROP DATABASE IF EXISTS mysqltest1\| ++DROP DATABASE IF EXISTS mysqltest2\| ++CREATE DATABASE mysqltest1\| ++CREATE DATABASE mysqltest2\| ++CREATE PROCEDURE mysqltest1.p1() ++DROP DATABASE mysqltest2\| ++use mysqltest2\| ++CALL mysqltest1.p1()\| ++Warnings: ++Note 1049 Unknown database 'mysqltest2' ++SELECT DATABASE()\| ++DATABASE() ++NULL ++DROP DATABASE mysqltest1\| ++use test\| + drop table t1,t2; +--- mysql-test/t/sp.test.orig ++++ mysql-test/t/sp.test +@@ -6389,6 +6389,46 @@ SELECT bug21493(Member_ID) FROM t3\| + DROP FUNCTION bug21493\| + DROP TABLE t3,t4\| + ++ ++# ++# BUG#25082: Default database change on trigger execution breaks replication. ++# ++# As it turned out, this bug has actually two bugs. So, here we have two test ++# cases -- one in sp.test, the other in sp-security.test. ++# ++ ++# ++# Test case 1: error on dropping the current database. ++# ++ ++# Prepare. ++ ++--disable_warnings ++DROP DATABASE IF EXISTS mysqltest1\| ++DROP DATABASE IF EXISTS mysqltest2\| ++--enable_warnings ++ ++CREATE DATABASE mysqltest1\| ++CREATE DATABASE mysqltest2\| ++ ++# Test. ++ ++CREATE PROCEDURE mysqltest1.p1() ++ DROP DATABASE mysqltest2\| ++ ++use mysqltest2\| ++ ++CALL mysqltest1.p1()\| ++ ++SELECT DATABASE()\| ++ ++# Cleanup. ++ ++DROP DATABASE mysqltest1\| ++ ++use test\| ++ ++ + # + # BUG#NNNN: New bug synopsis + # +--- sql/mysql_priv.h.orig ++++ sql/mysql_priv.h +@@ -648,7 +648,8 @@ int quick_rm_table(enum db_type base,con + const char table_name); + void close_cached_table(THD thd, TABLE table); + bool mysql_rename_tables(THD thd, TABLE_LIST table_list); +-bool mysql_change_db(THD thd,const char name,bool no_access_check); ++bool mysql_change_db(THD thd, const LEX_STRING new_db_name, ++ bool force_switch); + void mysql_parse(THD thd,char inBuf,uint length); + bool mysql_test_parse_for_slave(THD thd,char inBuf,uint length); + bool is_update_query(enum enum_sql_command command); +--- sql/sp.cc.orig ++++ sql/sp.cc +@@ -461,14 +461,14 @@ db_load_routine(THD thd, int type, sp_n + { + sp_head sp= newlex.sphead; + +- if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1))) ++ if (dbchanged && (ret= mysql_change_db(thd, &old_db, TRUE))) + goto end; + delete sp; + ret= SP_PARSE_ERROR; + } + else + { +- if (dbchanged && (ret= mysql_change_db(thd, old_db.str, 1))) ++ if (dbchanged && (ret= mysql_change_db(thd, &old_db, TRUE))) + goto end; + sphp= newlex.sphead; + (sphp)->set_definer(&definer_user_name, &definer_host_name); +@@ -649,7 +649,7 @@ db_create_routine(THD thd, int type, sp + done: + close_thread_tables(thd); + if (dbchanged) +- (void) mysql_change_db(thd, old_db.str, 1); ++ (void) mysql_change_db(thd, &old_db, 1); + DBUG_RETURN(ret); + } + +@@ -1902,7 +1902,7 @@ sp_use_new_db(THD thd, LEX_STRING new_d + DBUG_RETURN(0); + } + +- ret= mysql_change_db(thd, new_db.str, no_access_check); ++ ret= mysql_change_db(thd, &new_db, no_access_check); + + dbchangedp= ret == 0; + DBUG_RETURN(ret); +--- sql/sp_head.cc.orig ++++ sql/sp_head.cc +@@ -1148,7 +1148,7 @@ sp_head::execute(THD thd) + (It would generate an error from mysql_change_db() when old_db=="") + / + if (! thd->killed) +- err_status\|= mysql_change_db(thd, old_db.str, 1); ++ err_status\|= mysql_change_db(thd, &old_db, TRUE); + } + m_flags&= ~IS_INVOKED; + DBUG_PRINT("info", +--- sql/sql_db.cc.orig ++++ sql/sql_db.cc +@@ -1122,154 +1122,256 @@ err: + } + + +-/* +- Change the current database. +- +- SYNOPSIS +- mysql_change_db() +- thd thread handle +- name database name +- no_access_check if TRUE, don't do access check. In this +- case name may be "" +- +- DESCRIPTION +- Check that the database name corresponds to a valid and +- existent database, check access rights (unless called with +- no_access_check), and set the current database. This function +- is called to change the current database upon user request +- (COM_CHANGE_DB command) or temporarily, to execute a stored +- routine. +- +- NOTES +- This function is not the only way to switch the database that +- is currently employed. When the replication slave thread +- switches the database before executing a query, it calls +- thd->set_db directly. However, if the query, in turn, uses +- a stored routine, the stored routine will use this function, +- even if it's run on the slave. +- +- This function allocates the name of the database on the system +- heap: this is necessary to be able to uniformly change the +- database from any module of the server. Up to 5.0 different +- modules were using different memory to store the name of the +- database, and this led to memory corruption: a stack pointer +- set by Stored Procedures was used by replication after the +- stack address was long gone. +- +- This function does not send anything, including error +- messages, to the client. If that should be sent to the client, +- call net_send_error after this function. ++/** ++ @brief Internal implementation: switch current database to a valid one. + +- RETURN VALUES +- 0 OK +- 1 error ++ @param thd Thread context. ++ @param new_db_name Name of the database to switch to. The function will ++ take ownership of the name (the caller must not free ++ the allocated memory). If the name is NULL, we're ++ going to switch to NULL db. ++ @param new_db_access Privileges of the new database. ++ @param new_db_charset Character set of the new database. + */
[-] [+]	Changed	mysql-5.0.26-mybug25359.patch ^
@@ -1,9 +1,35 @@ -# Happy new year! ---- mysql-test/r/view.result +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=cset&REV=470c7c3dmHaBDp-NdmxANOfKT5pj3g +--- +# mysql-test/r/view.result \| 23 ++++++++++++----------- +# mysql-test/t/view.test \| 13 +++++++------ +# 2 files changed, 19 insertions(+), 17 deletions(-) +# +--- mysql-test/r/view.result.orig +++ mysql-test/r/view.result -@@ -2686,12 +2686,12 @@ - v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(now()) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75) - SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75; +@@ -2673,25 +2673,26 @@ CREATE TABLE t1( + fName varchar(25) NOT NULL, + lName varchar(25) NOT NULL, + DOB date NOT NULL, ++test_date date NOT NULL, + uID int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY); +-INSERT INTO t1(fName, lName, DOB) VALUES +-('Hank', 'Hill', '1964-09-29'), +-('Tom', 'Adams', '1908-02-14'), +-('Homer', 'Simpson', '1968-03-05'); ++INSERT INTO t1(fName, lName, DOB, test_date) VALUES ++('Hank', 'Hill', '1964-09-29', '2007-01-01'), ++('Tom', 'Adams', '1908-02-14', '2007-01-01'), ++('Homer', 'Simpson', '1968-03-05', '2007-01-01'); + CREATE VIEW v1 AS +-SELECT (year(now())-year(DOB)) AS Age ++SELECT (year(test_date)-year(DOB)) AS Age + FROM t1 HAVING Age < 75; + SHOW CREATE VIEW v1; + View Create View +-v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(now()) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75) +-SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75; ++v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select (year(`t1`.`test_date`) - year(`t1`.`DOB`)) AS `Age` from `t1` having (`Age` < 75) ++SELECT (year(test_date)-year(DOB)) AS Age FROM t1 HAVING Age < 75; Age -42 -38 @@ -18,3 +44,32 @@ DROP VIEW v1; DROP TABLE t1; CREATE TABLE t1 (id int NOT NULL PRIMARY KEY, a char(6) DEFAULT 'xxx'); +--- mysql-test/t/view.test.orig ++++ mysql-test/t/view.test +@@ -2548,19 +2548,20 @@ CREATE TABLE t1( + fName varchar(25) NOT NULL, + lName varchar(25) NOT NULL, + DOB date NOT NULL, ++ test_date date NOT NULL, + uID int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY); + +-INSERT INTO t1(fName, lName, DOB) VALUES +- ('Hank', 'Hill', '1964-09-29'), +- ('Tom', 'Adams', '1908-02-14'), +- ('Homer', 'Simpson', '1968-03-05'); ++INSERT INTO t1(fName, lName, DOB, test_date) VALUES ++ ('Hank', 'Hill', '1964-09-29', '2007-01-01'), ++ ('Tom', 'Adams', '1908-02-14', '2007-01-01'), ++ ('Homer', 'Simpson', '1968-03-05', '2007-01-01'); + + CREATE VIEW v1 AS +- SELECT (year(now())-year(DOB)) AS Age ++ SELECT (year(test_date)-year(DOB)) AS Age + FROM t1 HAVING Age < 75; + SHOW CREATE VIEW v1; + +-SELECT (year(now())-year(DOB)) AS Age FROM t1 HAVING Age < 75; ++SELECT (year(test_date)-year(DOB)) AS Age FROM t1 HAVING Age < 75; + SELECT * FROM v1; + + DROP VIEW v1;
[-] [+]	Added	mysql-5.0.26-mybug28551.patch ^
@@ -0,0 +1,85 @@ +from http://mysql.bkbits.net:8080/mysql-5.0-community/?PAGE=gnupatch&REV=1.2463.213.1 +needed to fix a regression instroduced by fix for mysql#25082 +--- + mysql-test/r/sp.result \| 7 +++++++ + mysql-test/t/sp.test \| 14 ++++++++++++++ + sql/sp.cc \| 12 ++++-------- + sql/sql_db.cc \| 8 ++++---- + 4 files changed, 29 insertions(+), 12 deletions(-) + +--- mysql-test/r/sp.result.orig ++++ mysql-test/r/sp.result +@@ -5472,4 +5472,11 @@ DATABASE() + NULL + DROP DATABASE mysqltest1\| + use test\| ++drop database if exists mysqltest_db1\| ++create database mysqltest_db1\| ++create procedure mysqltest_db1.sp_bug28551() begin end\| ++call mysqltest_db1.sp_bug28551()\| ++show warnings\| ++Level Code Message ++drop database mysqltest_db1\| + drop table t1,t2; +--- mysql-test/t/sp.test.orig ++++ mysql-test/t/sp.test +@@ -6430,6 +6430,20 @@ use test\| + + + # ++# Bug#28551 "The warning 'No database selected' is reported when calling ++# stored procedures" ++# ++--disable_warnings ++drop database if exists mysqltest_db1\| ++--enable_warnings ++create database mysqltest_db1\| ++create procedure mysqltest_db1.sp_bug28551() begin end\| ++call mysqltest_db1.sp_bug28551()\| ++show warnings\| ++drop database mysqltest_db1\| ++ ++ ++# + # BUG#NNNN: New bug synopsis + # + #--disable_warnings +--- sql/sp.cc.orig ++++ sql/sp.cc +@@ -1874,15 +1874,11 @@ sp_use_new_db(THD thd, LEX_STRING new_d + DBUG_PRINT("enter", ("newdb: %s", new_db.str)); + + / +- Set new_db to an empty string if it's NULL, because mysql_change_db +- requires a non-NULL argument. +- new_db.str can be NULL only if we're restoring the old database after +- execution of a stored procedure and there were no current database +- selected. The stored procedure itself must always have its database +- initialized. ++ A stored routine always belongs to some database. The ++ old database (old_db) might be NULL, but to restore the ++ old database we will use mysql_change_db. + / +- if (new_db.str == NULL) +- new_db.str= empty_c_string; ++ DBUG_ASSERT(new_db.str && new_db.length); + + if (thd->db) + { +--- sql/sql_db.cc.orig ++++ sql/sql_db.cc +@@ -1236,10 +1236,10 @@ bool mysql_change_db(THD thd, const LEX + { + if (force_switch) + { +- push_warning_printf(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, +- ER_NO_DB_ERROR, ER(ER_NO_DB_ERROR)); +- +- /* Change db to NULL. / ++ / ++ This can only happen when we restore the old db in THD after ++ execution of a routine is complete. Change db to NULL. ++ */ + + mysql_change_db_impl(thd, NULL, 0, thd->variables.collation_server); +
[-] [+]	Changed	rc.mysql ^
@@ -60,6 +60,8 @@ # The following section has been taken from # the original MySQL init script +# Note: If you want to change these variables, you'll make your life easier +# if you do so in /etc/my.cnf, which is preserved during upgrades basedir=/usr datadir=/var/lib/mysql mysql_daemon_user=mysql @@ -67,7 +69,6 @@ pid_file=/var/lib/mysql/mysqld.pid socket=/var/lib/mysql/mysql.sock MYADMIN=/usr/bin/mysqladmin -export TMPDIR=/var/lib/mysql/.tmp if test -z "$basedir" then basedir=/usr @@ -101,7 +102,7 @@ # Don't run killproc -TERM, as it could send a SIGKILL as well, possibly # resulting in database corruption. Run kill -TERM manually instead, wait -# approximately 60 seconds and fail if mysql doesn't respond. This will at +# approximately 300 seconds and fail if mysql doesn't respond. This will at # least prevent the SIGKILL when doing 'rcmysql stop' manually. During system # shutdown, we are out of luck... # See https://bugzilla.novell.com/show_bug.cgi?id=223209 @@ -120,7 +121,7 @@ kill -STOP "$pid" kill -TERM "$pid" \|\| return 4 # suboptimal kill -CONT "$pid" - for i in `seq 600`; do + for i in `seq 3000`; do # mysqld removes its pid file test -e "$pid_file" \|\| return 0 LC_ALL=C sleep 0.1 @@ -168,6 +169,12 @@ fi parse_arguments `$print_defaults $defaults mysqld mysql_server` +export TMPDIR=$datadir/.tmp +if ! test -d "$TMPDIR"; then + mkdir "$TMPDIR" + chown mysql:mysql "$TMPDIR" + chmod 755 "$TMPDIR" +fi # Safeguard (relative paths, core dumps..) cd $basedir @@ -175,7 +182,7 @@ case "$1" in start) # exit gracefully, if we are already running - checkproc $MYSQLD && echo -n "Starting service MySQL " && \ + $0 status >/dev/null && echo -n "Starting service MySQL " && \ rc_status -v && rc_exit # Test, if safe_mysqld actually exists @@ -296,17 +303,19 @@ check\|status) echo -n "Checking for service MySQL: " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Status has a slightly different for the status command: - # 0 - service running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running - - # NOTE: checkproc returns LSB compliant status values. - checkproc $MYSQLD + # NOTE: not using checkproc, because it wrongly returns success when + # the pid file does not exist (fixed in 10.3 and newer) + if ! [ -f $pid_file ]; then + # not running + rc_failed 3 + elif [ -s $pid_file -a -d /proc/$(<$pid_file) ]; then + # running + : + else + # stale pid file + rc_failed 1 + #rm -f $pid_file + fi rc_status -v ;;