diff options
-rw-r--r-- | mysql-cve-2012-5611.patch | 81 | ||||
-rw-r--r-- | mysql55.spec | 10 |
2 files changed, 6 insertions, 85 deletions
diff --git a/mysql-cve-2012-5611.patch b/mysql-cve-2012-5611.patch deleted file mode 100644 index 45f414b..0000000 --- a/mysql-cve-2012-5611.patch +++ /dev/null @@ -1,81 +0,0 @@ -Back-ported patch for CVE-2012-5611 --- see -http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.17 - - -diff -Naur mysql-5.5.28.orig/mysql-test/r/information_schema.result mysql-5.5.28/mysql-test/r/information_schema.result ---- mysql-5.5.28.orig/mysql-test/r/information_schema.result 2012-08-29 04:50:47.000000000 -0400 -+++ mysql-5.5.28/mysql-test/r/information_schema.result 2012-12-05 10:33:56.906738492 -0500 -@@ -1712,6 +1712,10 @@ - length(CAST(b AS CHAR)) - 20 - DROP TABLE ubig; -+grant usage on *.* to mysqltest_1@localhost; -+select 1 from information_schema.tables where table_schema=repeat('a', 2000); -+1 -+drop user mysqltest_1@localhost; - End of 5.1 tests. - # - # Additional test for WL#3726 "DDL locking for all metadata objects" -diff -Naur mysql-5.5.28.orig/mysql-test/t/information_schema.test mysql-5.5.28/mysql-test/t/information_schema.test ---- mysql-5.5.28.orig/mysql-test/t/information_schema.test 2012-08-29 04:50:47.000000000 -0400 -+++ mysql-5.5.28/mysql-test/t/information_schema.test 2012-12-05 10:33:56.908738590 -0500 -@@ -1444,6 +1444,13 @@ - - DROP TABLE ubig; - -+grant usage on *.* to mysqltest_1@localhost; -+connect (con1, localhost, mysqltest_1,,); -+connection con1; -+select 1 from information_schema.tables where table_schema=repeat('a', 2000); -+connection default; -+disconnect con1; -+drop user mysqltest_1@localhost; - - --echo End of 5.1 tests. - -diff -Naur mysql-5.5.28.orig/sql/sql_acl.cc mysql-5.5.28/sql/sql_acl.cc ---- mysql-5.5.28.orig/sql/sql_acl.cc 2012-08-29 04:50:46.000000000 -0400 -+++ mysql-5.5.28/sql/sql_acl.cc 2012-12-05 10:35:47.608766346 -0500 -@@ -1573,14 +1573,20 @@ - acl_entry *entry; - DBUG_ENTER("acl_get"); - -- mysql_mutex_lock(&acl_cache->lock); -- end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db); -+ tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1; -+ end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db); -+ -+ if (end >= key + sizeof(key)) // db name was truncated -+ DBUG_RETURN(0); // no privileges for an invalid db name -+ - if (lower_case_table_names) - { - my_casedn_str(files_charset_info, tmp_db); - db=tmp_db; - } - key_length= (size_t) (end-key); -+ -+ mysql_mutex_lock(&acl_cache->lock); - if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key, - key_length))) - { -@@ -4902,11 +4908,17 @@ - bool check_grant_db(THD *thd,const char *db) - { - Security_context *sctx= thd->security_ctx; -- char helping [NAME_LEN+USERNAME_LENGTH+2]; -+ char helping [NAME_LEN+USERNAME_LENGTH+2], *end; - uint len; - bool error= TRUE; - -- len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; -+ end= strmov(helping, sctx->priv_user) + 1; -+ end= strnmov(end, db, helping + sizeof(helping) - end); -+ -+ if (end >= helping + sizeof(helping)) // db name was truncated -+ return 1; // no privileges for an invalid db name -+ -+ len= (uint) (end - helping) + 1; - - mysql_rwlock_rdlock(&LOCK_grant); - diff --git a/mysql55.spec b/mysql55.spec index 3cfc528..c560e02 100644 --- a/mysql55.spec +++ b/mysql55.spec @@ -10,8 +10,8 @@ %endif Name: mysql -Version: 5.5.28 -Release: 3%{?dist} +Version: 5.5.29 +Release: 1%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases @@ -70,7 +70,6 @@ Patch18: mysql-cipherspec.patch Patch19: mysql-file-contents.patch Patch20: mysql-string-overflow.patch Patch21: mysql-dh1024.patch -Patch22: mysql-cve-2012-5611.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: gperf @@ -254,7 +253,6 @@ rm -f Docs/mysql.info %patch19 -p1 %patch20 -p1 %patch21 -p1 -%patch22 -p1 # workaround for upstream bug #56342 rm -f mysql-test/t/ssl_8k_key-master.opt @@ -814,6 +812,10 @@ fi %{_mandir}/man1/mysql_client_test.1* %changelog +* Fri Dec 28 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.5.29-1 +- update to MySQL 5.5.29 Community Server GA + http://dev.mysql.com/doc/refman/5.5/en/news-5-5-29.html + * Sat Dec 8 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.5.28-3 - sync with rawhide, rebuild for security - use with_systemd and with_dtrace macro instead of version test |