Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-commit (770 mails)

< Previous Next >
commit mysql
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Tue, 03 Jun 2008 16:29:05 +0200
  • Message-id: <20080603142905.ADD936780BB@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package mysql
checked in at Tue Jun 3 16:29:05 CEST 2008.


--------
--- mysql/mysql.changes 2008-04-10 12:59:32.000000000 +0200
+++ /mounts/work_src_done/STABLE/mysql/mysql.changes 2008-05-30
15:36:00.000000000 +0200
@@ -1,0 +2,19 @@
+Fri May 30 15:35:17 CEST 2008 - mmarek@xxxxxxx
+
+- fix a race in rcmysql restart between the old mysql removing it's
+ pid file and exiting - use checkproc -p (bnc#359522, bnc#332530,
+ #395710)
+
+-------------------------------------------------------------------
+Thu May 22 22:02:23 CEST 2008 - mmarek@xxxxxxx
+
+- increase timeout in rcmysql stop, should fix failed restarts
+ (bnc#359522, bnc#332530)
+
+-------------------------------------------------------------------
+Mon May 19 15:02:38 CEST 2008 - mmarek@xxxxxxx
+
+- fixed a privilege bypass with DATA/INDEX DIRECTORY
+ (bnc#387746, mysql#32167, CVE-2008-2079)
+
+-------------------------------------------------------------------



Old:
----
minmem

New:
----
mysql-5.0.51a-CVE-2008-2079.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mysql.spec ++++++
--- /var/tmp/diff_new_pack.B32685/_old 2008-06-03 16:26:28.000000000 +0200
+++ /var/tmp/diff_new_pack.B32685/_new 2008-06-03 16:26:28.000000000 +0200
@@ -16,7 +16,7 @@
License: GPL v2 only
Group: Productivity/Databases/Servers
Version: 5.0.51a
-Release: 14
+Release: 25
# required by rcmysql
Requires: mysql-client = %{version}
Url: http://www.mysql.com
@@ -42,6 +42,7 @@
Patch16: mybug30069.patch
Patch19: mysql-5.0.51-mybug25359.patch
Patch21: mysql-5.0.51-mybug33050.patch
+Patch22: mysql-5.0.51a-CVE-2008-2079.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build

%description
@@ -259,6 +260,7 @@
%patch16
%patch19
%patch21
+%patch22
# remove unneeded man manpages
rm man/mysqlman.1 man/safe_mysqld.1 man/mysql.server.1 man/make_win_*.1
rm man/mysqlmanager-pwgen.1 man/mysqlmanagerc.1
@@ -576,6 +578,16 @@
%files tools -f mysql-tools.files

%changelog
+* Fri May 30 2008 mmarek@xxxxxxx
+- fix a race in rcmysql restart between the old mysql removing it's
+ pid file and exiting - use checkproc -p (bnc#359522, bnc#332530,
+ [#395710])
+* Fri May 23 2008 mmarek@xxxxxxx
+- increase timeout in rcmysql stop, should fix failed restarts
+ (bnc#359522, bnc#332530)
+* Mon May 19 2008 mmarek@xxxxxxx
+- fixed a privilege bypass with DATA/INDEX DIRECTORY
+ (bnc#387746, mysql#32167, CVE-2008-2079)
* Thu Apr 10 2008 ro@xxxxxxx
- added baselibs.conf file to build xxbit packages
for multilib support


++++++ mysql-5.0.51a-CVE-2008-2079.patch ++++++
From:
http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d674xBscPm_ztIMnZI3dj2r7IQ
http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7d8f2Z15kczRJRewvyFNHM6lheA
http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c7e6a0CyEvUOiqbdlN1JWAu7pcsA
http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47c80109fGl7Wudvu2CM0pXMSbzYNg
http://mysql.bkbits.net:8080/mysql-5.0/?PAGE=cset&REV=47cbdacaZc2nF4NS9WyTkT_6nTPp_Q
---
mysql-test/r/symlink.result | 77 ++++++++++++++++----------------
mysql-test/t/symlink.test | 104 ++++++++++++++++++++++++--------------------
sql/mysql_priv.h | 1
sql/mysqld.cc | 8 ++-
sql/sql_parse.cc | 60 +++++++++++++++++++++++++
5 files changed, 163 insertions(+), 87 deletions(-)

--- mysql-test/r/symlink.result.orig
+++ mysql-test/r/symlink.result
@@ -100,23 +100,15 @@ t1 CREATE TABLE `t1` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
CREATE TABLE t1(a INT)
-DATA DIRECTORY='TEST_DIR/master-data/mysql'
-INDEX DIRECTORY='TEST_DIR/master-data/mysql';
-RENAME TABLE t1 TO user;
-ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI'
(Errcode: 17)
-DROP TABLE t1;
-show create table t1;
-Table Create Table
-t1 CREATE TABLE `t1` (
- `i` int(11) default NULL
-) ENGINE=MyISAM DEFAULT CHARSET=latin1
-drop table t1;
-show create table t1;
-Table Create Table
-t1 CREATE TABLE `t1` (
- `i` int(11) default NULL
-) ENGINE=MyISAM DEFAULT CHARSET=latin1
-drop table t1;
+DATA DIRECTORY='TEST_DIR/tmp'
+INDEX DIRECTORY='TEST_DIR/tmp';
+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
+CREATE TABLE t2(a INT)
+DATA DIRECTORY='TEST_DIR/tmp'
+INDEX DIRECTORY='TEST_DIR/tmp';
+RENAME TABLE t2 TO t1;
+ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
+DROP TABLE t2;
show create table t1;
Table Create Table
t1 CREATE TEMPORARY TABLE `t1` (
@@ -138,27 +130,38 @@ select * from t1;
a
42
drop table t1;
+execute stmt;
+show create table t1;
+Table Create Table
+t1 CREATE TABLE `t1` (
+ `c` char(10) default NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
+drop table t1;
+execute stmt;
+show create table t1;
+Table Create Table
+t1 CREATE TABLE `t1` (
+ `c` char(10) default NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
+drop table t1;
+deallocate prepare stmt;
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/var/master-data/test';
+Got one of the listed errors
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/var/master-data/';
+Got one of the listed errors
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='TEST_DIR/var/master-data';
+Got one of the listed errors
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='TEST_DIR/var/master-data_var';
+Got one of the listed errors
End of 4.1 tests
-CREATE DATABASE db1;
-CREATE DATABASE db2;
-USE db2;
-INSERT INTO db2.t1 VALUES (1);
-SELECT * FROM db2.t1;
-b
-1
-RESET QUERY CACHE;
-USE db1;
SET SESSION keep_files_on_create = TRUE;
CREATE TABLE t1 (a INT) ENGINE MYISAM;
-ERROR HY000: Can't create/write to file './db1/t1.MYD' (Errcode: 17)
-CREATE TABLE t3 (a INT) Engine=MyISAM;
-INSERT INTO t3 VALUES (1),(2),(3);
-TRUNCATE TABLE t3;
-SELECT * from t3;
-a
-SET SESSION keep_files_on_create = DEFAULT;
-DROP TABLE db2.t1, db1.t3;
-DROP DATABASE db1;
-DROP DATABASE db2;
-USE test;
+ERROR HY000: Can't create/write to file './test/t1.MYD' (Errcode: 17)
+SET SESSION keep_files_on_create = FALSE;
+CREATE TABLE t1 (a INT) ENGINE MYISAM;
+DROP TABLE t1;
End of 5.0 tests
--- mysql-test/t/symlink.test.orig
+++ mysql-test/t/symlink.test
@@ -127,29 +127,22 @@ drop table t1;
#
# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
#
+--write_file $MYSQLTEST_VARDIR/tmp/t1.MYI
+EOF
--replace_result $MYSQLTEST_VARDIR TEST_DIR
+--error 1
eval CREATE TABLE t1(a INT)
-DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
-INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
+--replace_result $MYSQLTEST_VARDIR TEST_DIR
+eval CREATE TABLE t2(a INT)
+DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
+INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
--replace_result $MYSQLTEST_VARDIR TEST_DIR
--error 1
-RENAME TABLE t1 TO user;
-DROP TABLE t1;
-
-#
-# Test specifying DATA DIRECTORY that is the same as what would normally
-# have been chosen. (Bug #8707)
-#
-disable_query_log;
-eval create table t1 (i int) data directory =
"$MYSQLTEST_VARDIR/master-data/test/";
-enable_query_log;
-show create table t1;
-drop table t1;
-disable_query_log;
-eval create table t1 (i int) index directory =
"$MYSQLTEST_VARDIR/master-data/test/";
-enable_query_log;
-show create table t1;
-drop table t1;
+RENAME TABLE t2 TO t1;
+DROP TABLE t2;
+--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI

#
# Bug#8706 - temporary table with data directory option fails
@@ -188,44 +181,61 @@ connection default;
select * from t1;
drop table t1;

---echo End of 4.1 tests
-
#
-# Bug #29325: create table overwrites .MYD file of other table (datadir)
+# CREATE TABLE with DATA DIRECTORY option
#
-
-CREATE DATABASE db1;
-CREATE DATABASE db2;
-
-USE db2;
+# Protect ourselves from data left in tmp/ by a previos possibly failed
+# test
+--system rm -f $MYSQLTEST_VARDIR/tmp/t1.*
--disable_query_log
-eval CREATE TABLE t1 (b INT) ENGINE MYISAM
-DATA DIRECTORY = '$MYSQLTEST_VARDIR/master-data/db1/';
+eval prepare stmt from "create table t1 (c char(10)) data
directory='$MYSQLTEST_VARDIR/tmp'";
--enable_query_log
+execute stmt;
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+show create table t1;
+drop table t1;
+execute stmt;
+--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR
+show create table t1;
+drop table t1;
+deallocate prepare stmt;

-INSERT INTO db2.t1 VALUES (1);
-SELECT * FROM db2.t1;
-RESET QUERY CACHE;
+#
+# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
+#
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1,1210
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test';
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1,1210
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/';
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1,1210
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data';
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1,1210
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data_var';

-USE db1;
+--echo End of 4.1 tests

-#no warning from create table
+#
+# Bug #29325: create table overwrites .MYD file of other table (datadir)
+#
SET SESSION keep_files_on_create = TRUE;
+--write_file $MYSQLTEST_VARDIR/master-data/test/t1.MYD
+EOF
--disable_abort_on_error
+--error 1
CREATE TABLE t1 (a INT) ENGINE MYISAM;
+--error 0,1
+--remove_file $MYSQLTEST_VARDIR/master-data/test/t1.MYD;
--enable_abort_on_error
-
-CREATE TABLE t3 (a INT) Engine=MyISAM;
-INSERT INTO t3 VALUES (1),(2),(3);
-TRUNCATE TABLE t3;
-SELECT * from t3;
-
-SET SESSION keep_files_on_create = DEFAULT;
-
-DROP TABLE db2.t1, db1.t3;
-DROP DATABASE db1;
-DROP DATABASE db2;
-USE test;
-
+SET SESSION keep_files_on_create = FALSE;
+CREATE TABLE t1 (a INT) ENGINE MYISAM;
+DROP TABLE t1;

--echo End of 5.0 tests
--- sql/mysql_priv.h.orig
+++ sql/mysql_priv.h
@@ -1255,6 +1255,7 @@ void my_dbopt_free(void);
extern time_t server_start_time, flush_status_time;
extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
+ mysql_unpacked_real_data_home[],
def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
#define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
extern MY_TMPDIR mysql_tmpdir_list;
--- sql/mysqld.cc.orig
+++ sql/mysqld.cc
@@ -453,14 +453,13 @@ char log_error_file[FN_REFLEN], glob_hos
char mysql_real_data_home[FN_REFLEN],
language[FN_REFLEN], reg_ext[FN_EXTLEN], mysql_charsets_dir[FN_REFLEN],
*opt_init_file, *opt_tc_log_file,
+ mysql_unpacked_real_data_home[FN_REFLEN],
def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
-
+char *mysql_data_home= mysql_real_data_home;
const key_map key_map_empty(0);
key_map key_map_full(0); // Will be initialized later

const char *opt_date_time_formats[3];
-
-char *mysql_data_home= mysql_real_data_home;
char server_version[SERVER_VERSION_LENGTH];
char *mysqld_unix_port, *opt_mysql_tmpdir;
const char **errmesg; /* Error messages */
@@ -7565,6 +7564,9 @@ static void fix_paths(void)
pos[1]= 0;
}
convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
+ (void) fn_format(buff, mysql_real_data_home, "", "",
+ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
convert_dirname(language,language,NullS);
(void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
(void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
--- sql/sql_parse.cc.orig
+++ sql/sql_parse.cc
@@ -76,6 +76,7 @@ static void remove_escape(char *name);
static bool append_file_to_dir(THD *thd, const char **filename_ptr,
const char *table_name);
static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
+static bool test_if_data_home_dir(const char *dir);

const char *any_db="*any*"; // Special symbol for check_access

@@ -3001,6 +3002,20 @@ mysql_execute_command(THD *thd)
"INDEX DIRECTORY option ignored");
create_info.data_file_name= create_info.index_file_name= NULL;
#else
+
+ if (test_if_data_home_dir(lex->create_info.data_file_name))
+ {
+ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
+ res= -1;
+ break;
+ }
+ if (test_if_data_home_dir(lex->create_info.index_file_name))
+ {
+ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
+ res= -1;
+ break;
+ }
+
/* Fix names if symlinked tables */
if (append_file_to_dir(thd, &create_info.data_file_name,
create_table->table_name) ||
@@ -7843,3 +7858,48 @@ bool check_string_length(LEX_STRING *str

return TRUE;
}
+
+
+/*
+ Check if path does not contain mysql data home directory
+
+ SYNOPSIS
+ test_if_data_home_dir()
+ dir directory
+ conv_home_dir converted data home directory
+ home_dir_len converted data home directory length
+
+ RETURN VALUES
+ 0 ok
+ 1 error
+*/
+
+static bool test_if_data_home_dir(const char *dir)
+{
+ char path[FN_REFLEN], conv_path[FN_REFLEN];
+ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
+ DBUG_ENTER("test_if_data_home_dir");
+
+ if (!dir)
+ DBUG_RETURN(0);
+
+ (void) fn_format(path, dir, "", "",
+ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+ dir_len= unpack_dirname(conv_path, dir);
+
+ if (home_dir_len <= dir_len)
+ {
+ if (lower_case_file_system)
+ {
+ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
+ home_dir_len,
+ (const uchar*) mysql_unpacked_real_data_home,
+ home_dir_len))
+ DBUG_RETURN(1);
+ }
+ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
+ DBUG_RETURN(1);
+ }
+ DBUG_RETURN(0);
+}
+

++++++ rc.mysql ++++++
--- mysql/rc.mysql 2007-08-21 10:24:42.000000000 +0200
+++ /mounts/work_src_done/STABLE/mysql/rc.mysql 2008-05-30 15:30:49.000000000
+0200
@@ -103,7 +103,7 @@

# Don't run killproc -TERM, as it could send a SIGKILL as well, possibly
# resulting in database corruption. Run kill -TERM manually instead, wait
-# approximately 60 seconds and fail if mysql doesn't respond. This will at
+# approximately 300 seconds and fail if mysql doesn't respond. This will at
# least prevent the SIGKILL when doing 'rcmysql stop' manually. During system
# shutdown, we are out of luck...
# See https://bugzilla.novell.com/show_bug.cgi?id=223209
@@ -122,7 +122,7 @@
kill -STOP "$pid"
kill -TERM "$pid" || return 4 # suboptimal
kill -CONT "$pid"
- for i in `seq 600`; do
+ for i in `seq 3000`; do
# mysqld removes its pid file
test -e "$pid_file" || return 0
LC_ALL=C sleep 0.1
@@ -147,7 +147,7 @@
case "$1" in
start)
# exit gracefully, if we are already running
- checkproc $MYSQLD && echo -n "Starting service MySQL " && \
+ $0 status >/dev/null && echo -n "Starting service MySQL " && \
rc_status -v && rc_exit

# Test, if safe_mysqld actually exists
@@ -315,7 +315,7 @@
# 3 - service not running

# NOTE: checkproc returns LSB compliant status values.
- checkproc $MYSQLD
+ checkproc -p $pid_file $MYSQLD
rc_status -v
;;


++++++ rc.mysql-multi ++++++
--- mysql/rc.mysql-multi 2008-03-13 15:57:57.000000000 +0100
+++ /mounts/work_src_done/STABLE/mysql/rc.mysql-multi 2008-05-30
15:32:49.000000000 +0200
@@ -73,7 +73,7 @@

# Don't run killproc -TERM, as it could send a SIGKILL as well, possibly
# resulting in database corruption. Run kill -TERM manually instead, wait
-# approximately 60 seconds and fail if mysql doesn't respond. This will at
+# approximately 300 seconds and fail if mysql doesn't respond. This will at
# least prevent the SIGKILL when doing 'rcmysql stop' manually. During system
# shutdown, we are out of luck...
# See https://bugzilla.novell.com/show_bug.cgi?id=223209
@@ -92,7 +92,7 @@
kill -STOP "$pid"
kill -TERM "$pid" || return 4 # suboptimal
kill -CONT "$pid"
- for i in `seq 600`; do
+ for i in `seq 3000`; do
# mysqld removes its pid file
test -e "$pid_file" || return 0
LC_ALL=C sleep 0.1
@@ -167,19 +167,6 @@
;;

status)
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Status has a slightly different for the status command:
- # 0 - service running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running
-
- # NOTE: checkproc returns LSB compliant status values.
- # echo -n "Checking for service MySQL: "
- # checkproc $MYSQLD
-
STATUS=$(mysqld_multi report)
echo -n "$STATUS"
# Set the status for rc_status
@@ -242,7 +229,7 @@
case "$1" in
start)
# exit gracefully, if we are already running
- checkproc $MYSQLD && echo -n "Starting service MySQL " && \
+ $0 status >/dev/null && echo -n "Starting service MySQL " && \
rc_status -v && rc_exit

# Test, if safe_mysqld actually exists
@@ -410,7 +397,7 @@
# 3 - service not running

# NOTE: checkproc returns LSB compliant status values.
- checkproc $MYSQLD
+ checkproc -p $pid_file $MYSQLD
rc_status -v
;;






++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages