rpms/mysql/F-12 mysql-cve-2010-2008.patch, NONE, 1.1 mysql.spec, 1.146, 1.147
Tom Lane
tgl at fedoraproject.org
Wed Jul 14 23:01:25 UTC 2010
Author: tgl
Update of /cvs/pkgs/rpms/mysql/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv26924
Modified Files:
mysql.spec
Added Files:
mysql-cve-2010-2008.patch
Log Message:
Add backported patch for CVE-2010-2008
mysql-cve-2010-2008.patch:
mysql-test/r/renamedb.result | 2 +-
mysql-test/r/upgrade.result | 28 ++++++++++++++++++++++++++++
mysql-test/t/renamedb.test | 2 +-
mysql-test/t/upgrade.test | 34 ++++++++++++++++++++++++++++++++++
sql/mysql_priv.h | 1 +
sql/sql_table.cc | 23 ++++++++++++++++++++---
sql/table.cc | 34 ++++++++++------------------------
7 files changed, 95 insertions(+), 29 deletions(-)
--- NEW FILE mysql-cve-2010-2008.patch ---
Back-ported patch for upstream bug #53804.
diff -Naur mysql-5.1.47.orig/mysql-test/r/renamedb.result mysql-5.1.47/mysql-test/r/renamedb.result
--- mysql-5.1.47.orig/mysql-test/r/renamedb.result 2010-05-06 11:58:59.000000000 -0400
+++ mysql-5.1.47/mysql-test/r/renamedb.result 2010-07-14 15:39:42.734086069 -0400
@@ -7,6 +7,6 @@
ALTER DATABASE `#mysql51#not-yet` UPGRADE DATA DIRECTORY NAME;
ERROR HY000: Incorrect usage of ALTER DATABASE UPGRADE DATA DIRECTORY NAME and name
ALTER DATABASE `#mysql50#` UPGRADE DATA DIRECTORY NAME;
-ERROR HY000: Incorrect usage of ALTER DATABASE UPGRADE DATA DIRECTORY NAME and name
+ERROR 42000: Incorrect database name '#mysql50#'
ALTER DATABASE `#mysql50#upgrade-me` UPGRADE DATA DIRECTORY NAME;
ERROR 42000: Unknown database '#mysql50#upgrade-me'
diff -Naur mysql-5.1.47.orig/mysql-test/r/upgrade.result mysql-5.1.47/mysql-test/r/upgrade.result
--- mysql-5.1.47.orig/mysql-test/r/upgrade.result 2010-05-06 11:59:05.000000000 -0400
+++ mysql-5.1.47/mysql-test/r/upgrade.result 2010-07-14 15:39:34.364211204 -0400
@@ -112,3 +112,31 @@
f1
drop database `a-b-c`;
use test;
+# End of 5.0 tests
+#
+# Bug #53804: serious flaws in the alter database .. upgrade data
+# directory name command
+#
+ALTER DATABASE `#mysql50#:` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Unknown database '#mysql50#:'
+ALTER DATABASE `#mysql50#.` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#.'
+ALTER DATABASE `#mysql50#../` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#../'
+ALTER DATABASE `#mysql50#../..` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#../..'
+ALTER DATABASE `#mysql50#../../` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#../../'
+ALTER DATABASE `#mysql50#./blablabla` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#./blablabla'
+ALTER DATABASE `#mysql50#../blablabla` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#../blablabla'
+ALTER DATABASE `#mysql50#/` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#/'
+ALTER DATABASE `#mysql50#/.` UPGRADE DATA DIRECTORY NAME;
+ERROR 42000: Incorrect database name '#mysql50#/.'
+USE `#mysql50#.`;
+ERROR 42000: Incorrect database name '#mysql50#.'
+USE `#mysql50#../blablabla`;
+ERROR 42000: Incorrect database name '#mysql50#../blablabla'
+# End of 5.1 tests
diff -Naur mysql-5.1.47.orig/mysql-test/t/renamedb.test mysql-5.1.47/mysql-test/t/renamedb.test
--- mysql-5.1.47.orig/mysql-test/t/renamedb.test 2010-05-06 11:58:29.000000000 -0400
+++ mysql-5.1.47/mysql-test/t/renamedb.test 2010-07-14 15:39:42.734086069 -0400
@@ -44,7 +44,7 @@
--error ER_WRONG_USAGE
ALTER DATABASE `#mysql51#not-yet` UPGRADE DATA DIRECTORY NAME;
---error ER_WRONG_USAGE
+--error ER_WRONG_DB_NAME
ALTER DATABASE `#mysql50#` UPGRADE DATA DIRECTORY NAME;
--error ER_BAD_DB_ERROR
diff -Naur mysql-5.1.47.orig/mysql-test/t/upgrade.test mysql-5.1.47/mysql-test/t/upgrade.test
--- mysql-5.1.47.orig/mysql-test/t/upgrade.test 2010-05-06 11:58:35.000000000 -0400
+++ mysql-5.1.47/mysql-test/t/upgrade.test 2010-07-14 15:39:34.365211074 -0400
@@ -137,3 +137,37 @@
--enable_ps_protocol
drop database `a-b-c`;
use test;
+
+--echo # End of 5.0 tests
+
+--echo #
+--echo # Bug #53804: serious flaws in the alter database .. upgrade data
+--echo # directory name command
+--echo #
+
+--error ER_BAD_DB_ERROR
+ALTER DATABASE `#mysql50#:` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#.` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#../` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#../..` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#../../` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#./blablabla` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#../blablabla` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#/` UPGRADE DATA DIRECTORY NAME;
+--error ER_WRONG_DB_NAME
+ALTER DATABASE `#mysql50#/.` UPGRADE DATA DIRECTORY NAME;
+
+--error ER_WRONG_DB_NAME
+USE `#mysql50#.`;
+--error ER_WRONG_DB_NAME
+USE `#mysql50#../blablabla`;
+
+--echo # End of 5.1 tests
+
diff -Naur mysql-5.1.47.orig/sql/mysql_priv.h mysql-5.1.47/sql/mysql_priv.h
--- mysql-5.1.47.orig/sql/mysql_priv.h 2010-05-06 11:27:29.000000000 -0400
+++ mysql-5.1.47/sql/mysql_priv.h 2010-07-14 15:39:34.367027655 -0400
@@ -2293,6 +2293,7 @@
uint filename_to_tablename(const char *from, char *to, uint to_length);
uint tablename_to_filename(const char *from, char *to, uint to_length);
uint check_n_cut_mysql50_prefix(const char *from, char *to, uint to_length);
+bool check_mysql50_prefix(const char *name);
#endif /* MYSQL_SERVER || INNODB_COMPATIBILITY_HOOKS */
#ifdef MYSQL_SERVER
uint build_table_filename(char *buff, size_t bufflen, const char *db,
diff -Naur mysql-5.1.47.orig/sql/sql_table.cc mysql-5.1.47/sql/sql_table.cc
--- mysql-5.1.47.orig/sql/sql_table.cc 2010-05-06 11:27:36.000000000 -0400
+++ mysql-5.1.47/sql/sql_table.cc 2010-07-14 15:39:34.371148726 -0400
@@ -392,6 +392,25 @@
/**
+ Check if given string begins with "#mysql50#" prefix
+
+ @param name string to check cut
+
+ @retval
+ FALSE no prefix found
+ @retval
+ TRUE prefix found
+*/
+
+bool check_mysql50_prefix(const char *name)
+{
+ return (name[0] == '#' &&
+ !strncmp(name, MYSQL50_TABLE_NAME_PREFIX,
+ MYSQL50_TABLE_NAME_PREFIX_LENGTH));
+}
+
+
+/**
Check if given string begins with "#mysql50#" prefix, cut it if so.
@param from string to check and cut
@@ -406,9 +425,7 @@
uint check_n_cut_mysql50_prefix(const char *from, char *to, uint to_length)
{
- if (from[0] == '#' &&
- !strncmp(from, MYSQL50_TABLE_NAME_PREFIX,
- MYSQL50_TABLE_NAME_PREFIX_LENGTH))
+ if (check_mysql50_prefix(from))
return (uint) (strmake(to, from + MYSQL50_TABLE_NAME_PREFIX_LENGTH,
to_length - 1) - to);
return 0;
diff -Naur mysql-5.1.47.orig/sql/table.cc mysql-5.1.47/sql/table.cc
--- mysql-5.1.47.orig/sql/table.cc 2010-05-06 11:27:36.000000000 -0400
+++ mysql-5.1.47/sql/table.cc 2010-07-14 15:39:34.374148964 -0400
@@ -2701,44 +2701,30 @@
{
char *name= org_name->str;
uint name_length= org_name->length;
+ bool check_for_path_chars;
if (!name_length || name_length > NAME_LEN)
return 1;
+ if ((check_for_path_chars= check_mysql50_prefix(name)))
+ {
+ name+= MYSQL50_TABLE_NAME_PREFIX_LENGTH;
+ name_length-= MYSQL50_TABLE_NAME_PREFIX_LENGTH;
+ }
+
if (lower_case_table_names && name != any_db)
my_casedn_str(files_charset_info, name);
-#if defined(USE_MB) && defined(USE_MB_IDENT)
- if (use_mb(system_charset_info))
- {
- name_length= 0;
- bool last_char_is_space= TRUE;
- char *end= name + org_name->length;
- while (name < end)
- {
- int len;
- last_char_is_space= my_isspace(system_charset_info, *name);
- len= my_ismbchar(system_charset_info, name, end);
- if (!len)
- len= 1;
- name+= len;
- name_length++;
- }
- return (last_char_is_space || name_length > NAME_CHAR_LEN);
- }
- else
-#endif
- return ((org_name->str[org_name->length - 1] != ' ') ||
- (name_length > NAME_CHAR_LEN)); /* purecov: inspected */
+ return check_table_name(name, name_length, check_for_path_chars);
}
+
/*
Allow anything as a table name, as long as it doesn't contain an
' ' at the end
returns 1 on error
*/
-
bool check_table_name(const char *name, uint length, bool check_for_path_chars)
{
uint name_length= 0; // name length in symbols
@@ -2766,10 +2752,10 @@
continue;
}
}
+#endif
if (check_for_path_chars &&
(*name == '/' || *name == '\\' || *name == '~' || *name == FN_EXTCHAR))
return 1;
-#endif
name++;
name_length++;
}
Index: mysql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mysql/F-12/mysql.spec,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147
--- mysql.spec 14 Jul 2010 15:27:09 -0000 1.146
+++ mysql.spec 14 Jul 2010 23:01:24 -0000 1.147
@@ -1,6 +1,6 @@
Name: mysql
Version: 5.1.47
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
URL: http://www.mysql.com
@@ -47,6 +47,7 @@ Patch12: mysql-cve-2008-7247.patch
Patch13: mysql-expired-certs.patch
Patch15: mysql-no-docs.patch
Patch16: mysql-lowercase-bug.patch
+Patch17: mysql-cve-2010-2008.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gperf, perl, readline-devel, openssl-devel
@@ -195,6 +196,7 @@ the MySQL sources.
%patch13 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
libtoolize --force
aclocal
@@ -671,6 +673,10 @@ fi
%{_mandir}/man1/mysql_client_test.1*
%changelog
+* Wed Jul 14 2010 Tom Lane <tgl at redhat.com> 5.1.47-2
+- Add backported patch for CVE-2010-2008 (upstream bug 53804)
+Related: #614214
+
* Mon May 24 2010 Tom Lane <tgl at redhat.com> 5.1.47-1
- Update to MySQL 5.1.47, for various fixes described at
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
More information about the scm-commits
mailing list