Merge lp:~clint-fewbar/ubuntu/karmic/mysql-dfsg-5.1/mysql-sru-343870 into lp:ubuntu/karmic-security/mysql-dfsg-5.1

Proposed by Clint Byrum on 2010-12-03
Status: Rejected
Rejected by: Martin Pitt on 2011-02-01
Proposed branch: lp:~clint-fewbar/ubuntu/karmic/mysql-dfsg-5.1/mysql-sru-343870
Merge into: lp:ubuntu/karmic-security/mysql-dfsg-5.1
Diff against target: 66 lines (+43/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/00list (+1/-0)
debian/patches/10_fix_segfaults_lp343870.dpatch (+35/-0)
To merge this branch: bzr merge lp:~clint-fewbar/ubuntu/karmic/mysql-dfsg-5.1/mysql-sru-343870
Reviewer Review Type Date Requested Status
Artur Rona (community) 2010-12-03 Approve on 2011-01-11
Ubuntu branches 2010-12-03 Pending
Review via email: mp+42667@code.launchpad.net

Description of the change

Re-submitting this as a merge proposal with karmic-security since that is the latest branch in the archive.

To post a comment you must log in.
Artur Rona (ari-tczew) wrote :

Please fix debian/changelog, it looks pretty horrible.

Improve 'Description' tag:
#Description: Fixes race condition in libmysqlclient. Cherry-pick from upstream.

According to above, please add 'Forwarded' tag:
#Forwarded: not-needed

Short URLs in DEP3 tags:
#Bug: http://bugs.mysql.com/42850
#Bug-Ubuntu: https://launchpad.net/bugs/343870

Rest hashed lines under DEP3 tag can be removed.

Why did you set merge to karmic-security, if in debian/changelog you are targetting to -proposed?

review: Needs Fixing
19. By Clint Byrum on 2010-12-04

* SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
  command
  - debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
    and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
    Add tests to mysql-test/*.
  - CVE-2010-2008
* SECURITY UPDATE: denial of service via joins involving a table with a
  unique SET column
  - debian/patches/60_CVE-2010-3677.dpatch: improve logic in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3677
* SECURITY UPDATE: denial of service via incorrect handling of NULL
  arguments
  - debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3678
* SECURITY UPDATE: denial of service via malformed argument to the BINLOG
  statement
  - debian/patches/60_CVE-2010-3679.dpatch: check lengths in
    sql/sql_binlog.cc. Add tests to mysql-test/*.
  - CVE-2010-3679
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
  nullable columns
  - debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
    storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
    mysql-test/*.
  - CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
  on a table using the HANDLER interface
  - debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
    sql/sql_handler.cc. Add tests to mysql-test/*.
  - CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
  queries
  - debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3682
* SECURITY UPDATE: denial of service and incorrect error handling in
  LOAD DATA INFILE.
  - debian/patches/60_CVE-2010-3683.dpatch: check for errors in
    sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
    Add tests to mysql-test/*.
  - CVE-2010-3683
* SECURITY UPDATE: denial of service via incorrect propagation of type
  errors.
  - debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
    errors in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
    sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
  expression.
  - debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
    Add tests to mysql-test/*.
  - CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
    preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
    structures in sql/item_sum.cc, sql/table.h. Add tests to
    mysql-test/*.
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
    sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
  joins.
  - debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
    sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840
* Use debhelper where possible in rules
* Split binary packages into mysql-base, mysql-client, mysql-doc
* New upstream release

20. By Clint Byrum on 2010-12-04

tidying up DEP-3 headers

Clint Byrum (clint-fewbar) wrote :

The changelog was a mess because I hadn't merged in the latest version from karmic-security. That is done now.

According to http://dep.debian.net/deps/dep3/, Forwarded: not-needed is only meant to document that a patch shouldn't be sent upstream because it is vendor specific. In this case, its obvious from the Origin tag that this came *from* upstream. I've added the optional upstream, prefix to the Origin, which I think does an adequate job of documenting that fact.

The merge is to karmic-security because that is where the latest changes are imported today. I think this is a weakness of UDD actually, and should be looked at. There should simply be a 'latest' branch or something like that, so that this merge proposal isn't nullified by an upload to updates.

Anyway, this way you get a diff that you can apply to the latest archive version and upload to proposed without problems.

Artur, thanks again for all the reviews!

21. By Clint Byrum on 2010-12-04

fixing incorrectly merged changelog

Artur Rona (ari-tczew) wrote :

Now looks good. Could you test build on PPA and karmic chroot? It's FTBFS for me in karmic chroot (pbuilder).

The servers were restarted 230 times
Spent 721.528 of 1134 seconds executing testcases

Failed 1/609 tests, 99.84% were successful.

Failing test(s): main.func_in

The log files in var/log may give you some hint of what went wrong.

If you want to report this error, please read first the documentation
at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html

mysql-test-run: *** ERROR: there were failing test cases
make[2]: *** [test-ns] Error 1
make[2]: Leaving directory `/tmp/buildd/mysql-dfsg-5.1-5.1.37/builddir'
make[1]: *** [test-force] Error 2
make[1]: Leaving directory `/tmp/buildd/mysql-dfsg-5.1-5.1.37/builddir'
make: *** [build-stamp] Error 1
dpkg-buildpackage: error: debian/rules build gave error exit status 2
E: Failed autobuilding of package

Artur Rona (ari-tczew) wrote :

OK, I sent your patch to my PPA and it built fine, so I have last issues:

- debian/changelog: Description is too short, I suggest to use:

 * debian/patches/10_fix_segfaults_lp343870.dpatch:
   - Fixes race condition in libmysqlclient.
     Cherry-pick from upstream. (LP: #343870)

Please add also dot at the end of sentence in tag Description.

review: Needs Fixing
Artur Rona (ari-tczew) wrote :

Pleae also resubmit branch against karmic-updates.

review: Resubmit
22. By Clint Byrum on 2011-01-11

debian/patches/10_fix_segfaults_lp343870.dpatch: fixes race
condition in libmysqlclient. Cherry pick from upstream. (LP: #343870)

Clint Byrum (clint-fewbar) wrote :

Pushed requested fixes back up.

Proposing against karmic-updates instead of karmic-security would lose the security fixes and cause a conflict for anybody trying to merge this patch into the package that is in the archive now.

Artur Rona (ari-tczew) wrote :

OK now looks good, built fine on PPA. Please any core-dev for upload it.

review: Approve
Micah Gersten (micahg) wrote :

FTR, this should actually be proposed against karmic-proposed, but that apparently doesn't exist, so this branch won't technically be "merged".

Artur Rona (ari-tczew) wrote :

@Micah, debian/changelog says karmic-proposed. You're right, it can't go automatically. Sponsor should manually upload it to archive, without bzr.

Martin Pitt (pitti) wrote :

See comment on bug report. At this point this isn't an appropriate karmic bug fix IMHO.

Unmerged revisions

22. By Clint Byrum on 2011-01-11

debian/patches/10_fix_segfaults_lp343870.dpatch: fixes race
condition in libmysqlclient. Cherry pick from upstream. (LP: #343870)

21. By Clint Byrum on 2010-12-04

fixing incorrectly merged changelog

20. By Clint Byrum on 2010-12-04

tidying up DEP-3 headers

19. By Clint Byrum on 2010-12-04

* SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
  command
  - debian/patches/60_CVE-2010-2008.dpatch: correctly filter prefixes
    and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
    Add tests to mysql-test/*.
  - CVE-2010-2008
* SECURITY UPDATE: denial of service via joins involving a table with a
  unique SET column
  - debian/patches/60_CVE-2010-3677.dpatch: improve logic in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3677
* SECURITY UPDATE: denial of service via incorrect handling of NULL
  arguments
  - debian/patches/60_CVE-2010-3678.dpatch: make sure items are valid in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3678
* SECURITY UPDATE: denial of service via malformed argument to the BINLOG
  statement
  - debian/patches/60_CVE-2010-3679.dpatch: check lengths in
    sql/sql_binlog.cc. Add tests to mysql-test/*.
  - CVE-2010-3679
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
  nullable columns
  - debian/patches/60_CVE-2010-3680.dpatch: check for null datatype in
    storage/{innobase,innodb_plugin}/handler/ha_innodb.cc. Add tests to
    mysql-test/*.
  - CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
  on a table using the HANDLER interface
  - debian/patches/60_CVE-2010-3681.dpatch: check for the same index in
    sql/sql_handler.cc. Add tests to mysql-test/*.
  - CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
  queries
  - debian/patches/60_CVE-2010-3682.dpatch: improve conditional in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3682
* SECURITY UPDATE: denial of service and incorrect error handling in
  LOAD DATA INFILE.
  - debian/patches/60_CVE-2010-3683.dpatch: check for errors in
    sql/sql_load.cc. Don't print error on server in sql/net_serv.cc.
    Add tests to mysql-test/*.
  - CVE-2010-3683
* SECURITY UPDATE: denial of service via incorrect propagation of type
  errors.
  - debian/patches/60_CVE-2010-3833.dpatch: properly check for execution
    errors in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/60_CVE-2010-3834.dpatch: handle temporary tables in
    sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
  expression.
  - debian/patches/60_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
    Add tests to mysql-test/*.
  - CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/60_CVE-2010-3836.dpatch: make sure we're not in view
    preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/60_CVE-2010-3837.dpatch: create a copy of the order
    structures in sql/item_sum.cc, sql/table.h. Add tests to
    mysql-test/*.
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/60_CVE-2010-3838.dpatch: handle REAL_RESULT in
    sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
  joins.
  - debian/patches/60_CVE-2010-3839.dpatch: fix nesting in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/60_CVE-2010-3840.dpatch: improve data handling in
    sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840
* Use debhelper where possible in rules
* Split binary packages into mysql-base, mysql-client, mysql-doc
* New upstream release

18. By Clint Byrum on 2010-12-03

Fixing changelog and adding DEP3 headers to patch

17. By Clint Byrum on 2010-09-14

debian/patches/10_fix_segfaults_lp343870.dpatch: fixes (LP: #343870)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-11-09 08:42:37 +0000
3+++ debian/changelog 2011-01-11 17:45:06 +0000
4@@ -1,3 +1,10 @@
5+mysql-dfsg-5.1 (5.1.37-1ubuntu5.6) karmic-proposed; urgency=low
6+
7+ * debian/patches/10_fix_segfaults_lp343870.dpatch: fixes race
8+ condition in libmysqlclient. Cherry pick from upstream. (LP: #343870)
9+
10+ -- Clint Byrum <clint@ubuntu.com> Tue, 11 Jan 2011 09:38:47 -0800
11+
12 mysql-dfsg-5.1 (5.1.37-1ubuntu5.5) karmic-security; urgency=low
13
14 * SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
15
16=== modified file 'debian/patches/00list'
17--- debian/patches/00list 2010-11-09 08:42:37 +0000
18+++ debian/patches/00list 2011-01-11 17:45:06 +0000
19@@ -1,6 +1,7 @@
20 01_MAKEFILES__Docs_Images_Makefile.in.dpatch
21 01_MAKEFILES__Docs_Makefile.in.dpatch
22 02_no_builtin_ndbcluster_plugin.dpatch
23+10_fix_segfaults_lp343870.dpatch
24 33_scripts__mysql_create_system_tables__no_test.dpatch
25 38_scripts__mysqld_safe.sh__signals.dpatch
26 41_scripts__mysql_install_db.sh__no_test.dpatch
27
28=== added file 'debian/patches/10_fix_segfaults_lp343870.dpatch'
29--- debian/patches/10_fix_segfaults_lp343870.dpatch 1970-01-01 00:00:00 +0000
30+++ debian/patches/10_fix_segfaults_lp343870.dpatch 2011-01-11 17:45:06 +0000
31@@ -0,0 +1,35 @@
32+#! /bin/sh /usr/share/dpatch/dpatch-run
33+#From: Clint Byrum <clint@ubuntu.com>
34+#Description: Fixes race condition in libmysqlclient. Cherry-pick from upstream.
35+#Bug: http://bugs.mysql.com/42850
36+#Bug-Ubuntu: https://launchpad.net/bugs/343870
37+#Origin: upstream, http://lists.mysql.com/commits/84841
38+#
39+
40+@DPATCH@
41+#At file:///home/msvensson/mysql/5.1-bugteam/ based on revid:li-bing.song@stripped-v40rklb7g178tjza
42+#
43+# From http://lists.mysql.com/commits/84841
44+#
45+# 3139 Magnus BlÄudd 2009-09-28 [merge]
46+# Merge bug#42850 to 5.1
47+#
48+# modified:
49+# mysys/my_thr_init.c
50+=== modified file 'mysys/my_thr_init.c'
51+--- a/mysys/my_thr_init.c 2008-12-04 18:41:53 +0000
52++++ b/mysys/my_thr_init.c 2009-09-28 12:40:45 +0000
53+@@ -108,10 +108,11 @@ my_bool my_thread_global_init(void)
54+ pthread_attr_t dummy_thread_attr;
55+
56+ pthread_attr_init(&dummy_thread_attr);
57+- pthread_attr_setdetachstate(&dummy_thread_attr, PTHREAD_CREATE_DETACHED);
58++ pthread_attr_setdetachstate(&dummy_thread_attr, PTHREAD_CREATE_JOINABLE);
59+
60+- pthread_create(&dummy_thread,&dummy_thread_attr,
61+- nptl_pthread_exit_hack_handler, NULL);
62++ if (pthread_create(&dummy_thread,&dummy_thread_attr,
63++ nptl_pthread_exit_hack_handler, NULL) == 0)
64++ (void)pthread_join(dummy_thread, NULL);
65+ }
66+ #endif /* TARGET_OS_LINUX */

Subscribers

People subscribed via source and target branches

to all changes: