commit d7c8654850c040a78018cf1859fda8cf36cc400a
Author: Arkadiusz Miśkiewicz <[email protected]>
Date: Fri Sep 26 19:21:11 2014 +0200
- rel 2; fix for SECURITY bug that allows any user to crash entire server
bug-73834.patch | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mysql.spec | 4 ++-
2 files changed, 98 insertions(+), 1 deletion(-)
---
diff --git a/mysql.spec b/mysql.spec
index cccc6bb..e975802 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -35,7 +35,7 @@ Summary(uk.UTF-8): MySQL - швидкий SQL-сервер
Summary(zh_CN.UTF-8): MySQL数据库服务器
Name: mysql
Version: 5.5.39
-Release: 1
+Release: 2
License: GPL + MySQL FLOSS Exception
Group: Applications/Databases
# Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -62,6 +62,7 @@ Source15: lib%{name}.version
Patch2: %{name}hotcopy-5.0-5.5.patch
Patch3: bug-67402.patch
+Patch4: bug-73834.patch
# from fedora
Patch6: %{name}-system-users.patch
@@ -501,6 +502,7 @@ mv sphinx-*/mysqlse storage/sphinx
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%patch6 -p1
diff --git a/bug-73834.patch b/bug-73834.patch
new file mode 100644
index 0000000..ac741c1
--- /dev/null
+++ b/bug-73834.patch
@@ -0,0 +1,95 @@
+From feac5e02ab298a5c3329ab63ee6db7d9f52bf28d Mon Sep 17 00:00:00 2001
+From: Murthy Narkedimilli <[email protected]>
+Date: Mon, 8 Sep 2014 11:33:55 +0200
+Subject: [PATCH] Adding patch for security bug 19471516
+
+---
+ mysql-test/suite/innodb/r/foreign-keys.result | 16 ++++++++++++++++
+ mysql-test/suite/innodb/t/foreign-keys.test | 26 ++++++++++++++++++++++++++
+ storage/innobase/dict/dict0dict.c | 10 ++++++++++
+ 3 files changed, 52 insertions(+)
+ create mode 100644 mysql-test/suite/innodb/r/foreign-keys.result
+ create mode 100644 mysql-test/suite/innodb/t/foreign-keys.test
+
+diff --git a/mysql-test/suite/innodb/r/foreign-keys.result
b/mysql-test/suite/innodb/r/foreign-keys.result
+new file mode 100644
+index 0000000..be8d27b
+--- /dev/null
++++ b/mysql-test/suite/innodb/r/foreign-keys.result
+@@ -0,0 +1,16 @@
++#
++# Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE
++# ADD FOREIGN KEY
++#
++CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT,
++PRIMARY KEY (`department_id`)) engine=innodb;
++CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT,
++`title_reporter_fk` INT, PRIMARY KEY (`title_id`));
++CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`));
++ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES
++`people` (`people_id`);
++ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people`
++(`people_id`);
++ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people`
++(`people_id`);
++drop table title, department, people;
+diff --git a/mysql-test/suite/innodb/t/foreign-keys.test
b/mysql-test/suite/innodb/t/foreign-keys.test
+new file mode 100644
+index 0000000..45642cf
+--- /dev/null
++++ b/mysql-test/suite/innodb/t/foreign-keys.test
+@@ -0,0 +1,26 @@
++--source include/have_innodb.inc
++--source include/have_debug.inc
++
++--echo #
++--echo # Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE
++--echo # ADD FOREIGN KEY
++--echo #
++
++CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT,
++PRIMARY KEY (`department_id`)) engine=innodb;
++
++CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT,
++`title_reporter_fk` INT, PRIMARY KEY (`title_id`));
++
++CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`));
++
++ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES
++`people` (`people_id`);
++
++ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people`
++(`people_id`);
++
++ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people`
++(`people_id`);
++
++drop table title, department, people;
+diff --git a/storage/innobase/dict/dict0dict.c
b/storage/innobase/dict/dict0dict.c
+index e225966..0e46916 100644
+--- a/storage/innobase/dict/dict0dict.c
++++ b/storage/innobase/dict/dict0dict.c
+@@ -1123,6 +1123,11 @@ dict_table_rename_in_cache(
+ /* The id will be changed. So remove old one */
+ rbt_delete(foreign->foreign_table->foreign_rbt, foreign->id);
+
++ if (foreign->referenced_table) {
++ rbt_delete(foreign->referenced_table->referenced_rbt,
++ foreign->id);
++ }
++
+ if (ut_strlen(foreign->foreign_table_name)
+ < ut_strlen(table->name)) {
+ /* Allocate a longer name buffer;
+@@ -1273,6 +1278,11 @@ dict_table_rename_in_cache(
+ rbt_insert(foreign->foreign_table->foreign_rbt,
+ foreign->id, &foreign);
+
++ if (foreign->referenced_table) {
++ rbt_insert(foreign->referenced_table->referenced_rbt,
++ foreign->id, &foreign);
++ }
++
+ foreign = UT_LIST_GET_NEXT(foreign_list, foreign);
+ }
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/mysql.git/commitdiff/d7c8654850c040a78018cf1859fda8cf36cc400a
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
