rpms/mysql/devel mysql-cve-2008-7247.patch, NONE, 1.1 mysql.spec, 1.141, 1.142
Tom Lane
tgl at fedoraproject.org
Thu Jan 28 20:26:30 UTC 2010
Author: tgl
Update of /cvs/pkgs/rpms/mysql/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24858
Modified Files:
mysql.spec
Added Files:
mysql-cve-2008-7247.patch
Log Message:
Add backported patch for CVE-2008-7247 (upstream bug 39277)
mysql-cve-2008-7247.patch:
sql_table.cc | 44 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 8 deletions(-)
--- NEW FILE mysql-cve-2008-7247.patch ---
Back-ported patch for upstream bug #39277.
diff -Naur mysql-5.1.42.orig/sql/sql_table.cc mysql-5.1.42/sql/sql_table.cc
--- mysql-5.1.42.orig/sql/sql_table.cc 2009-12-16 12:57:30.000000000 -0500
+++ mysql-5.1.42/sql/sql_table.cc 2010-01-28 14:33:52.000000000 -0500
@@ -3892,15 +3892,43 @@
create_info->table_existed= 0; // Mark that table is created
#ifdef HAVE_READLINK
- if (test_if_data_home_dir(create_info->data_file_name))
{
- my_error(ER_WRONG_ARGUMENTS, MYF(0), "DATA DIRECTORY");
- goto unlock_and_end;
- }
- if (test_if_data_home_dir(create_info->index_file_name))
- {
- my_error(ER_WRONG_ARGUMENTS, MYF(0), "INDEX DIRECTORY");
- goto unlock_and_end;
+ size_t dirlen;
+ char dirpath[FN_REFLEN];
+
+ /*
+ data_file_name and index_file_name include the table name without
+ extension. Mostly this does not refer to an existing file. When
+ comparing data_file_name or index_file_name against the data
+ directory, we try to resolve all symbolic links. On some systems,
+ we use realpath(3) for the resolution. This returns ENOENT if the
+ resolved path does not refer to an existing file. my_realpath()
+ does then copy the requested path verbatim, without symlink
+ resolution. Thereafter the comparison can fail even if the
+ requested path is within the data directory. E.g. if symlinks to
+ another file system are used. To make realpath(3) return the
+ resolved path, we strip the table name and compare the directory
+ path only. If the directory doesn't exist either, table creation
+ will fail anyway.
+ */
+ if (create_info->data_file_name)
+ {
+ dirname_part(dirpath, create_info->data_file_name, &dirlen);
+ if (test_if_data_home_dir(dirpath))
+ {
+ my_error(ER_WRONG_ARGUMENTS, MYF(0), "DATA DIRECTORY");
+ goto unlock_and_end;
+ }
+ }
+ if (create_info->index_file_name)
+ {
+ dirname_part(dirpath, create_info->index_file_name, &dirlen);
+ if (test_if_data_home_dir(dirpath))
+ {
+ my_error(ER_WRONG_ARGUMENTS, MYF(0), "INDEX DIRECTORY");
+ goto unlock_and_end;
+ }
+ }
}
#ifdef WITH_PARTITION_STORAGE_ENGINE
Index: mysql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mysql/devel/mysql.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -p -r1.141 -r1.142
--- mysql.spec 26 Jan 2010 18:34:23 -0000 1.141
+++ mysql.spec 28 Jan 2010 20:26:30 -0000 1.142
@@ -1,6 +1,6 @@
Name: mysql
Version: 5.1.42
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
URL: http://www.mysql.com
@@ -37,6 +37,7 @@ Patch8: mysql-setschedparam.patch
Patch9: mysql-ndb-stacksize.patch
Patch10: mysql-strmov.patch
Patch11: mysql-signal-align.patch
+Patch12: mysql-cve-2008-7247.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gperf, perl, readline-devel, openssl-devel
@@ -181,6 +182,7 @@ the MySQL sources.
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
libtoolize --force
aclocal
@@ -666,6 +668,10 @@ fi
%{_mandir}/man1/mysql_client_test.1*
%changelog
+* Thu Jan 28 2010 Tom Lane <tgl at redhat.com> 5.1.42-7
+- Add backported patch for CVE-2008-7247 (upstream bug 39277)
+Related: #543619
+
* Tue Jan 26 2010 Tom Lane <tgl at redhat.com> 5.1.42-6
- Emit explicit error message if user tries to build RPM as root
Related: #558915
More information about the scm-commits
mailing list