From c37876b36c90210e93bb2912ff7af802f97af554 Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Sat, 29 Apr 2017 18:54:07 +0000 Subject: databases/mariadb55-server: Update to 5.5.55 - Security and bugfix update to 5.5.55 - Fix up patches - Remove CVE-2017-3302 patch (now included) - Add upstream patch for WITHOUT_SERVER issue MFH: 2017Q2 Security: d9e01c35-2531-11e7-b291-b499baebfeaf Security: CVE-2017-3308 Security: CVE-2017-3309 Security: CVE-2017-3313 Security: CVE-2017-3453 Security: CVE-2017-3456 Security: CVE-2017-3464 --- .../mariadb55-client/files/patch-CMakeLists.txt | 16 +- .../mariadb55-client/files/patch-CVE-2017-3302 | 124 ------------- databases/mariadb55-client/files/patch-MDEV-12230 | 205 +++++++++++++++++++++ 3 files changed, 213 insertions(+), 132 deletions(-) delete mode 100644 databases/mariadb55-client/files/patch-CVE-2017-3302 create mode 100644 databases/mariadb55-client/files/patch-MDEV-12230 (limited to 'databases/mariadb55-client') diff --git a/databases/mariadb55-client/files/patch-CMakeLists.txt b/databases/mariadb55-client/files/patch-CMakeLists.txt index c290e0ed6ecc..ded5ff508152 100644 --- a/databases/mariadb55-client/files/patch-CMakeLists.txt +++ b/databases/mariadb55-client/files/patch-CMakeLists.txt @@ -1,6 +1,6 @@ ---- CMakeLists.txt.orig 2014-10-08 15:19:53.000000000 +0200 -+++ CMakeLists.txt 2014-10-17 21:36:43.000000000 +0200 -@@ -411,28 +411,8 @@ +--- CMakeLists.txt.orig 2017-04-11 22:03:13.000000000 +0200 ++++ CMakeLists.txt 2017-04-18 10:11:38.582817000 +0200 +@@ -393,28 +393,8 @@ ADD_SUBDIRECTORY(client) ADD_SUBDIRECTORY(extra) ADD_SUBDIRECTORY(libservices) ADD_SUBDIRECTORY(scripts) @@ -29,7 +29,7 @@ IF(UNIX) ADD_SUBDIRECTORY(man) ENDIF() -@@ -444,7 +424,6 @@ +@@ -426,7 +406,6 @@ IF(WIN32) ADD_SUBDIRECTORY(win/upgrade_wizard) ADD_SUBDIRECTORY(win/packaging) ENDIF() @@ -37,15 +37,15 @@ CONFIGURE_FILE(config.h.cmake ${CMAKE_BINARY_DIR}/include/my_config.h) CONFIGURE_FILE(config.h.cmake ${CMAKE_BINARY_DIR}/include/config.h) -@@ -477,6 +456,7 @@ +@@ -460,6 +439,7 @@ ADD_CUSTOM_TARGET(INFO_BIN ALL WORKING_DIRECTORY ${CMAKE_BINARY_DIR} ) +IF(FALSE) - INSTALL_DOCUMENTATION(README COPYING COPYING.LESSER EXCEPTIONS-CLIENT - COMPONENT Readme) + INSTALL_DOCUMENTATION(README COPYING EXCEPTIONS-CLIENT COMPONENT Readme) -@@ -487,6 +467,7 @@ + # MDEV-6526 these files are not installed anymore +@@ -469,6 +449,7 @@ INSTALL_DOCUMENTATION(README COPYING EXC IF(UNIX) INSTALL_DOCUMENTATION(Docs/INSTALL-BINARY COMPONENT Readme) ENDIF() diff --git a/databases/mariadb55-client/files/patch-CVE-2017-3302 b/databases/mariadb55-client/files/patch-CVE-2017-3302 deleted file mode 100644 index 87d08f1d8f93..000000000000 --- a/databases/mariadb55-client/files/patch-CVE-2017-3302 +++ /dev/null @@ -1,124 +0,0 @@ -From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 -From: Sergei Golubchik -Date: Thu, 16 Feb 2017 11:32:47 +0100 -Subject: [PATCH] MDEV-11933 Wrong usage of linked list in - mysql_prune_stmt_list - -mysql_prune_stmt_list() was walking the list following -element->next pointers, but inside the loop it was invoking -list_add(element) that modified element->next. So, mysql_prune_stmt_list() -failed to visit and reset all elements, and some of them were left -with pointers to invalid MYSQL. ---- - sql-common/client.c | 11 ++--------- - tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- - 2 files changed, 50 insertions(+), 11 deletions(-) - -diff --git a/sql-common/client.c b/sql-common/client.c -index c2e0cc3..b348afc 100644 ---- sql-common/client.c.orig -+++ sql-common/client.c -@@ -1,5 +1,5 @@ - /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. -- Copyright (c) 2009, 2016, MariaDB -+ Copyright (c) 2009, 2017, MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) - static void mysql_prune_stmt_list(MYSQL *mysql) - { - LIST *element= mysql->stmts; -- LIST *pruned_list= 0; -- - for (; element; element= element->next) - { - MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; -@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) - stmt->last_errno= CR_SERVER_LOST; - strmov(stmt->last_error, ER(CR_SERVER_LOST)); - strmov(stmt->sqlstate, unknown_sqlstate); -- } -- else -- { -- pruned_list= list_add(pruned_list, element); -+ mysql->stmts= list_delete(mysql->stmts, element); - } - } -- -- mysql->stmts= pruned_list; - } - - -diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c -index 446018e..f62545d 100644 ---- tests/mysql_client_test.c.orig -+++ tests/mysql_client_test.c -@@ -1,5 +1,5 @@ --/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. -- Copyright (c) 2008, 2012, Monty Program Ab -+/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. -+ Copyright (c) 2008, 2017, MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -19031,6 +19031,49 @@ static void test_mdev4326() - myquery(rc); - } - -+ -+/** -+ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() -+*/ -+static void test_bug17512527() -+{ -+ MYSQL *conn; -+ MYSQL_STMT *stmt1, *stmt2; -+ unsigned long thread_id; -+ char query[MAX_TEST_QUERY_LENGTH]; -+ int rc; -+ -+ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); -+ -+ stmt1 = mysql_stmt_init(conn); -+ check_stmt(stmt1); -+ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); -+ check_execute(stmt1, rc); -+ -+ stmt2 = mysql_stmt_init(conn); -+ check_stmt(stmt2); -+ -+ thread_id= mysql_thread_id(conn); -+ sprintf(query, "KILL %lu", thread_id); -+ if (thread_query(query)) -+ exit(1); -+ -+ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); -+ check_execute(stmt2, rc); -+ -+ rc= mysql_stmt_execute(stmt1); -+ check_execute_r(stmt1, rc); -+ -+ rc= mysql_stmt_execute(stmt2); -+ check_execute(stmt2, rc); -+ -+ mysql_close(conn); -+ -+ mysql_stmt_close(stmt2); -+ mysql_stmt_close(stmt1); -+} -+ -+ - static struct my_tests_st my_tests[]= { - { "disable_query_logs", disable_query_logs }, - { "test_view_sp_list_fields", test_view_sp_list_fields }, -@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { - { "test_bug13001491", test_bug13001491 }, - { "test_mdev4326", test_mdev4326 }, - { "test_ps_sp_out_params", test_ps_sp_out_params }, -+#ifndef _WIN32 -+ { "test_bug17512527", test_bug17512527}, -+#endif - { 0, 0 } - }; - diff --git a/databases/mariadb55-client/files/patch-MDEV-12230 b/databases/mariadb55-client/files/patch-MDEV-12230 new file mode 100644 index 000000000000..1a7b2b48347f --- /dev/null +++ b/databases/mariadb55-client/files/patch-MDEV-12230 @@ -0,0 +1,205 @@ +From 4fe65ca33a6012ec60c665f6eeb5ff08969fb267 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Tue, 18 Apr 2017 12:35:05 +0200 +Subject: [PATCH] =?UTF-8?q?MDEV-12230=20include/my=5Fsys.h:600:43:=20error?= + =?UTF-8?q?:=20unknown=20type=20name=20=E2=80=98PSI=5Ffile=5Fkey=E2=80=99"?= + =?UTF-8?q?=20when=20-DWITHOUT=5FSERVER=3D1?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry-pick 2c2bd8c155 (MDEV-12261 build failure without P_S) from 10.0 +--- + include/my_sys.h | 3 +-- + include/mysql/psi/mysql_file.h | 47 ++++++++++++++++++++++++++++++++++++++++ + mysys/my_symlink2.c | 14 +++++------- + sql/handler.cc | 2 +- + sql/sql_db.cc | 4 ++-- + storage/maria/ma_delete_table.c | 4 ++-- + storage/myisam/mi_delete_table.c | 4 ++-- + 7 files changed, 61 insertions(+), 17 deletions(-) + +diff --git a/include/my_sys.h b/include/my_sys.h +index 10551e1..2794068 100644 +--- include/my_sys.h.orig ++++ include/my_sys.h +@@ -580,8 +580,7 @@ extern File my_create_with_symlink(const char *linkname, const char *filename, + myf MyFlags); + extern int my_rename_with_symlink(const char *from,const char *to,myf MyFlags); + extern int my_symlink(const char *content, const char *linkname, myf MyFlags); +-extern int my_handler_delete_with_symlink(PSI_file_key key, const char *name, +- const char *ext, myf sync_dir); ++extern int my_handler_delete_with_symlink(const char *filename, myf sync_dir); + + extern size_t my_read(File Filedes,uchar *Buffer,size_t Count,myf MyFlags); + extern size_t my_pread(File Filedes,uchar *Buffer,size_t Count,my_off_t offset, +diff --git a/include/mysql/psi/mysql_file.h b/include/mysql/psi/mysql_file.h +index 4a0f3fd..aa3ed7e 100644 +--- include/mysql/psi/mysql_file.h.orig ++++ include/mysql/psi/mysql_file.h +@@ -435,6 +435,20 @@ + #endif + + /** ++ @def mysql_file_delete_with_symlink(K, P1, P2, P3) ++ Instrumented delete with symbolic link. ++ @c mysql_file_delete_with_symlink is a replacement ++ for @c my_handler_delete_with_symlink. ++*/ ++#ifdef HAVE_PSI_INTERFACE ++ #define mysql_file_delete_with_symlink(K, P1, P2, P3) \ ++ inline_mysql_file_delete_with_symlink(K, __FILE__, __LINE__, P1, P2, P3) ++#else ++ #define mysql_file_delete_with_symlink(K, P1, P2, P3) \ ++ inline_mysql_file_delete_with_symlink(P1, P2, P3) ++#endif ++ ++/** + @def mysql_file_rename_with_symlink(K, P1, P2, P3) + Instrumented rename with symbolic link. + @c mysql_file_rename_with_symlink is a replacement +@@ -1305,6 +1319,7 @@ inline_mysql_file_rename( + return result; + } + ++ + static inline File + inline_mysql_file_create_with_symlink( + #ifdef HAVE_PSI_INTERFACE +@@ -1335,6 +1350,38 @@ inline_mysql_file_create_with_symlink( + } + + static inline int ++inline_mysql_file_delete_with_symlink( ++#ifdef HAVE_PSI_INTERFACE ++ PSI_file_key key, const char *src_file, uint src_line, ++#endif ++ const char *name, const char *ext, myf flags) ++{ ++ int result; ++ char fullname[FN_REFLEN]; ++#ifdef HAVE_PSI_INTERFACE ++ struct PSI_file_locker *locker= NULL; ++ PSI_file_locker_state state; ++#endif ++ fn_format(fullname, name, "", ext, MY_UNPACK_FILENAME | MY_APPEND_EXT); ++#ifdef HAVE_PSI_INTERFACE ++ if (likely(PSI_server != NULL)) ++ { ++ locker= PSI_server->get_thread_file_name_locker(&state, key, PSI_FILE_DELETE, ++ fullname, &locker); ++ if (likely(locker != NULL)) ++ PSI_server->start_file_wait(locker, (size_t) 0, src_file, src_line); ++ } ++#endif ++ result= my_handler_delete_with_symlink(fullname, flags); ++#ifdef HAVE_PSI_INTERFACE ++ if (likely(locker != NULL)) ++ PSI_server->end_file_wait(locker, (size_t) 0); ++#endif ++ return result; ++} ++ ++ ++static inline int + inline_mysql_file_rename_with_symlink( + #ifdef HAVE_PSI_INTERFACE + PSI_file_key key, const char *src_file, uint src_line, +diff --git a/mysys/my_symlink2.c b/mysys/my_symlink2.c +index 5fe7b8f..c851468 100644 +--- mysys/my_symlink2.c.orig ++++ mysys/my_symlink2.c +@@ -170,22 +170,20 @@ int my_rename_with_symlink(const char *from, const char *to, myf MyFlags) + in this case both the symlink and the symlinked file are deleted, + but only if the symlinked file is not in the datadir. + */ +-int my_handler_delete_with_symlink(PSI_file_key key, const char *name, +- const char *ext, myf sync_dir) ++int my_handler_delete_with_symlink(const char *filename, myf sync_dir) + { +- char orig[FN_REFLEN], real[FN_REFLEN]; ++ char real[FN_REFLEN]; + int res= 0; + DBUG_ENTER("my_handler_delete_with_symlink"); + +- fn_format(orig, name, "", ext, MY_UNPACK_FILENAME | MY_APPEND_EXT); +- if (my_is_symlink(orig)) ++ if (my_is_symlink(filename)) + { + /* + Delete the symlinked file only if the symlink is not + pointing into datadir. + */ +- if (!(my_realpath(real, orig, MYF(0)) || mysys_test_invalid_symlink(real))) +- res= mysql_file_delete(key, real, MYF(MY_NOSYMLINKS | MY_WME | sync_dir)); ++ if (!(my_realpath(real, filename, MYF(0)) || mysys_test_invalid_symlink(real))) ++ res= my_delete(real, MYF(MY_NOSYMLINKS | sync_dir)); + } +- DBUG_RETURN(mysql_file_delete(key, orig, MYF(MY_WME | sync_dir)) || res); ++ DBUG_RETURN(my_delete(filename, MYF(sync_dir)) || res); + } +diff --git a/sql/handler.cc b/sql/handler.cc +index 2ae144a..dc40e34 100644 +--- sql/handler.cc.orig ++++ sql/handler.cc +@@ -3381,7 +3381,7 @@ int handler::delete_table(const char *name) + + for (const char **ext=bas_ext(); *ext ; ext++) + { +- if (my_handler_delete_with_symlink(key_file_misc, name, *ext, 0)) ++ if (mysql_file_delete_with_symlink(key_file_misc, name, *ext, 0)) + { + if (my_errno != ENOENT) + { +diff --git a/sql/sql_db.cc b/sql/sql_db.cc +index 7bb4f0f..580590b 100644 +--- sql/sql_db.cc.orig ++++ sql/sql_db.cc +@@ -1085,7 +1085,7 @@ static bool find_db_tables_and_rm_known_files(THD *thd, MY_DIR *dirp, + We ignore ENOENT error in order to skip files that was deleted + by concurrently running statement like REPAIR TABLE ... + */ +- if (my_handler_delete_with_symlink(key_file_misc, filePath, "", MYF(0)) && ++ if (mysql_file_delete_with_symlink(key_file_misc, filePath, "", MYF(0)) && + my_errno != ENOENT) + { + my_error(EE_DELETE, MYF(0), filePath, my_errno); +@@ -1206,7 +1206,7 @@ long mysql_rm_arc_files(THD *thd, MY_DIR *dirp, const char *org_path) + continue; + } + strxmov(filePath, org_path, "/", file->name, NullS); +- if (my_handler_delete_with_symlink(key_file_misc, filePath, "", MYF(MY_WME))) ++ if (mysql_file_delete_with_symlink(key_file_misc, filePath, "", MYF(MY_WME))) + { + goto err; + } +diff --git a/storage/maria/ma_delete_table.c b/storage/maria/ma_delete_table.c +index c4bcd5b..f80ec13 100644 +--- storage/maria/ma_delete_table.c.orig ++++ storage/maria/ma_delete_table.c +@@ -86,8 +86,8 @@ int maria_delete_table_files(const char *name, myf sync_dir) + { + DBUG_ENTER("maria_delete_table_files"); + +- if (my_handler_delete_with_symlink(key_file_kfile, name, MARIA_NAME_IEXT, sync_dir) || +- my_handler_delete_with_symlink(key_file_dfile, name, MARIA_NAME_DEXT, sync_dir)) ++ if (mysql_file_delete_with_symlink(key_file_kfile, name, MARIA_NAME_IEXT, sync_dir) || ++ mysql_file_delete_with_symlink(key_file_dfile, name, MARIA_NAME_DEXT, sync_dir)) + DBUG_RETURN(my_errno); + DBUG_RETURN(0); + } +diff --git a/storage/myisam/mi_delete_table.c b/storage/myisam/mi_delete_table.c +index ebedfbd..ca395ff 100644 +--- storage/myisam/mi_delete_table.c.orig ++++ storage/myisam/mi_delete_table.c +@@ -28,8 +28,8 @@ int mi_delete_table(const char *name) + check_table_is_closed(name,"delete"); + #endif + +- if (my_handler_delete_with_symlink(mi_key_file_kfile, name, MI_NAME_IEXT, 0) || +- my_handler_delete_with_symlink(mi_key_file_dfile, name, MI_NAME_DEXT, 0)) ++ if (mysql_file_delete_with_symlink(mi_key_file_kfile, name, MI_NAME_IEXT, 0) || ++ mysql_file_delete_with_symlink(mi_key_file_dfile, name, MI_NAME_DEXT, 0)) + DBUG_RETURN(my_errno); + DBUG_RETURN(0); + } -- cgit v1.2.3