[packages/mysql/MYSQL_5_5] - rel 2; fix for SECURITY bug that allows any user to crash entire server

arekm arekm at pld-linux.org
Fri Sep 26 19:21:15 CEST 2014 

commit d7c8654850c040a78018cf1859fda8cf36cc400a
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Sep 26 19:21:11 2014 +0200

    - rel 2; fix for SECURITY bug that allows any user to crash entire server

 bug-73834.patch | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 mysql.spec      |  4 ++-
 2 files changed, 98 insertions(+), 1 deletion(-)
---
diff --git a/mysql.spec b/mysql.spec
index cccc6bb..e975802 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -35,7 +35,7 @@ Summary(uk.UTF-8):	MySQL - швидкий SQL-сервер
 Summary(zh_CN.UTF-8):	MySQL数据库服务器
 Name:		mysql
 Version:	5.5.39
-Release:	1
+Release:	2
 License:	GPL + MySQL FLOSS Exception
 Group:		Applications/Databases
 # Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -62,6 +62,7 @@ Source15:	lib%{name}.version
 
 Patch2:		%{name}hotcopy-5.0-5.5.patch
 Patch3:		bug-67402.patch
+Patch4:		bug-73834.patch
 # from fedora
 Patch6:		%{name}-system-users.patch
 
@@ -501,6 +502,7 @@ mv sphinx-*/mysqlse storage/sphinx
 
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %patch6 -p1
 
diff --git a/bug-73834.patch b/bug-73834.patch
new file mode 100644
index 0000000..ac741c1
--- /dev/null
+++ b/bug-73834.patch
@@ -0,0 +1,95 @@
+From feac5e02ab298a5c3329ab63ee6db7d9f52bf28d Mon Sep 17 00:00:00 2001
+From: Murthy Narkedimilli <murthy.narkedimilli at oracle.com>
+Date: Mon, 8 Sep 2014 11:33:55 +0200
+Subject: [PATCH] Adding patch for security bug 19471516
+
+---
+ mysql-test/suite/innodb/r/foreign-keys.result | 16 ++++++++++++++++
+ mysql-test/suite/innodb/t/foreign-keys.test   | 26 ++++++++++++++++++++++++++
+ storage/innobase/dict/dict0dict.c             | 10 ++++++++++
+ 3 files changed, 52 insertions(+)
+ create mode 100644 mysql-test/suite/innodb/r/foreign-keys.result
+ create mode 100644 mysql-test/suite/innodb/t/foreign-keys.test
+
+diff --git a/mysql-test/suite/innodb/r/foreign-keys.result b/mysql-test/suite/innodb/r/foreign-keys.result
+new file mode 100644
+index 0000000..be8d27b
+--- /dev/null
++++ b/mysql-test/suite/innodb/r/foreign-keys.result
+@@ -0,0 +1,16 @@
++#
++# Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE
++# ADD FOREIGN KEY
++#
++CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT,
++PRIMARY KEY (`department_id`)) engine=innodb;
++CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT,
++`title_reporter_fk` INT, PRIMARY KEY (`title_id`));
++CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`));
++ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES
++`people` (`people_id`);
++ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people`
++(`people_id`);
++ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people`
++(`people_id`);
++drop table title, department, people;
+diff --git a/mysql-test/suite/innodb/t/foreign-keys.test b/mysql-test/suite/innodb/t/foreign-keys.test
+new file mode 100644
+index 0000000..45642cf
+--- /dev/null
++++ b/mysql-test/suite/innodb/t/foreign-keys.test
+@@ -0,0 +1,26 @@
++--source include/have_innodb.inc
++--source include/have_debug.inc
++
++--echo #
++--echo # Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE
++--echo # ADD FOREIGN KEY
++--echo #
++
++CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT,
++PRIMARY KEY (`department_id`)) engine=innodb;
++
++CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT,
++`title_reporter_fk` INT, PRIMARY KEY (`title_id`));
++
++CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`));
++
++ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES
++`people` (`people_id`);
++
++ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people`
++(`people_id`);
++
++ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people`
++(`people_id`);
++
++drop table title, department, people;
+diff --git a/storage/innobase/dict/dict0dict.c b/storage/innobase/dict/dict0dict.c
+index e225966..0e46916 100644
+--- a/storage/innobase/dict/dict0dict.c
++++ b/storage/innobase/dict/dict0dict.c
+@@ -1123,6 +1123,11 @@ dict_table_rename_in_cache(
+ 		/* The id will be changed.  So remove old one */
+ 		rbt_delete(foreign->foreign_table->foreign_rbt, foreign->id);
+ 
++		if (foreign->referenced_table) {
++			rbt_delete(foreign->referenced_table->referenced_rbt,
++				   foreign->id);
++		}
++
+ 		if (ut_strlen(foreign->foreign_table_name)
+ 		    < ut_strlen(table->name)) {
+ 			/* Allocate a longer name buffer;
+@@ -1273,6 +1278,11 @@ dict_table_rename_in_cache(
+ 		rbt_insert(foreign->foreign_table->foreign_rbt,
+ 			   foreign->id, &foreign);
+ 
++		if (foreign->referenced_table) {
++			rbt_insert(foreign->referenced_table->referenced_rbt,
++				   foreign->id, &foreign);
++		}
++
+ 		foreign = UT_LIST_GET_NEXT(foreign_list, foreign);
+ 	}
+ 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/mysql.git/commitdiff/d7c8654850c040a78018cf1859fda8cf36cc400a

More information about the pld-cvs-commit mailing list