lp:ubuntu/karmic-security/mysql-dfsg-5.1
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/mysql-dfsg-5.1
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 17. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via UPGRADE DATA DIRECTORY NAME
command
- debian/patches/ 60_CVE- 2010-2008. dpatch: correctly filter prefixes
and paths in sql/table.cc, sql/sql_table.cc, sql/mysql_priv.h.
Add tests to mysql-test/*.
- CVE-2010-2008
* SECURITY UPDATE: denial of service via joins involving a table with a
unique SET column
- debian/patches/ 60_CVE- 2010-3677. dpatch: improve logic in
sql/item_cmpfunc. cc. Add tests to mysql-test/*.
- CVE-2010-3677
* SECURITY UPDATE: denial of service via incorrect handling of NULL
arguments
- debian/patches/ 60_CVE- 2010-3678. dpatch: make sure items are valid in
sql/item_cmpfunc. cc. Add tests to mysql-test/*.
- CVE-2010-3678
* SECURITY UPDATE: denial of service via malformed argument to the BINLOG
statement
- debian/patches/ 60_CVE- 2010-3679. dpatch: check lengths in
sql/sql_binlog. cc. Add tests to mysql-test/*.
- CVE-2010-3679
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
nullable columns
- debian/patches/ 60_CVE- 2010-3680. dpatch: check for null datatype in
storage/{innobase, innodb_ plugin} /handler/ ha_innodb. cc. Add tests to
mysql-test/*.
- CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
on a table using the HANDLER interface
- debian/patches/ 60_CVE- 2010-3681. dpatch: check for the same index in
sql/sql_handler. cc. Add tests to mysql-test/*.
- CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
queries
- debian/patches/ 60_CVE- 2010-3682. dpatch: improve conditional in
sql/sql_select. cc. Add tests to mysql-test/*.
- CVE-2010-3682
* SECURITY UPDATE: denial of service and incorrect error handling in
LOAD DATA INFILE.
- debian/patches/ 60_CVE- 2010-3683. dpatch: check for errors in
sql/sql_load. cc. Don't print error on server in sql/net_serv.cc.
Add tests to mysql-test/*.
- CVE-2010-3683
* SECURITY UPDATE: denial of service via incorrect propagation of type
errors.
- debian/patches/ 60_CVE- 2010-3833. dpatch: properly check for execution
errors in sql/item_func.cc. Add tests to mysql-test/*.
- CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
- debian/patches/ 60_CVE- 2010-3834. dpatch: handle temporary tables in
sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
- CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
expression.
- debian/patches/ 60_CVE- 2010-3835. dpatch: fix logic in sql/item_func.*,
Add tests to mysql-test/*.
- CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
predicates during view preparation.
- debian/patches/ 60_CVE- 2010-3836. dpatch: make sure we're not in view
preparation mode in sql/item_cmpfunc. cc. Add tests to mysql-test/*.
- CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
WITH ROLLUP together.
- debian/patches/ 60_CVE- 2010-3837. dpatch: create a copy of the order
structures in sql/item_sum.cc, sql/table.h. Add tests to
mysql-test/*.
- CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
with subquery.
- debian/patches/ 60_CVE- 2010-3838. dpatch: handle REAL_RESULT in
sql/item_func. cc. Add tests to mysql-test/*.
- CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
joins.
- debian/patches/ 60_CVE- 2010-3839. dpatch: fix nesting in
sql/sql_select. cc. Add tests to mysql-test/*.
- CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
improper data.
- debian/patches/ 60_CVE- 2010-3840. dpatch: improve data handling in
sql/spatial.cc. Add tests to mysql-test/*.
- CVE-2010-3840 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: missing privilege check when uninstalling plugins
- debian/patches/ 56_CVE- 2010-1621. dpatch: check access rights in
sql/sql_plugin. cc, added tests to mysql-test/*.
- CVE-2010-1621
* SECURITY UPDATE: privilege check bypass via crafted table name argument
to COM_FIELD_LIST
- debian/patches/ 59_CVE- 2010-1848. dpatch: check for path chars in
sql/table.cc, sql/sql_yacc.yy, sql/sql_yacc.cc, sql/sql_table.cc,
sql/sql_parse. cc, sql/partition_ info.cc, sql/mysql_priv.h. Add tests
to tests/mysql_client_ test.c and mysql-test/*.
- CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
- debian/patches/ 58_CVE- 2010-1849. dpatch: handle big packets in
sql/sql_connect. cc, include/ mysql_com. h, sql/net_serv.cc.
- CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
argument to COM_FIELD_LIST
- debian/patches/ 57_CVE- 2010-1850. dpatch: check table name length in
sql/sql_parse. cc.
- CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
- debian/patches/ 60_CVE- 2010-1626. dpatch: check for symlinks in
storage/myisam/ mi_delete_ table.c, add tests to mysql-test/*.
- CVE-2010-1626 - 15. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via certain SELECT statements with
subqueries and statements that use the GeomFromWKB function
- debian/patches/ 51_CVE- 2009-4019. dpatch: return proper errors in
sql/sql_class. cc, handle errors in sql/sql_select.cc, set correct
null_value in sql/item_geofunc. cc, add tests to mysql-test/*.
- CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
of the mysql_unpacked_real_data_ home value
- debian/patches/ 52_CVE- 2009-4030. dpatch: fix initialization order in
sql/mysqld.cc.
- CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
- debian/patches/ 53_CVE- 2009-4484. dpatch: validate lengths in
extra/yassl/taocrypt/ src/asn. *.
- CVE-2009-4484
* SECURITY UPDATE: access restriction bypass via symlink
- debian/patches/ 54_CVE- 2008-7247. dpatch: improve symlink handling in
sql/sql_table. cc.
- CVE-2008-7247
* debian/patches/ 55_ssl_ test_certs. dpatch: update certificates in the
test suite as they are expired. The new certs expire 2015-01-28. - 14. By Mario Limonciello
-
* additions/my.cnf:
- Set thread_stack size to 192K rather than 128K. 128K is only useful on
systems with < 64M RAM and causes stack overrides with some SQL commands
See http://dev.mysql. com/doc/ refman/ 5.1/en/ server- system- variables. html
for more details.
(LP: #426919) - 13. By Mathias Gug
-
[ Brian Murray ]
* install apport hook for the source package rather than mysql-server-5.1
binary package (LP: #420805).[ Mathias Gug ]
* Make mysql-server-core-5. 1 provide mysql-server-core. (LP: #418342)
* Don't upgrade if there is an ndb management node configured.
(LP: #413792). - 12. By Dave Walker
-
debian/
patches/ 38_scripts_ _mysqld_ safe.sh_ _signals. dpatch: wait in the
SIGHUP trap to avoid killing an existing mysqld process when a HUP signal
is sent to mysqld_safe. Based on Mathias Gug's fix from 5.0 series.
(LP: #418396) - 10. By Mathias Gug
-
[ Mathias Gug ]
* Merge from debian unstable and 5.0, remaining changes:
- debian/control:
+ Properly upgrade libmysqlclient16-dev packages to
libmysqlclient-dev:
* Make libmysqlclient16-dev a transitional package depending on
libmysqlclient -dev.
* Make libmysqlclient-dev replace libmysqlclient16-dev.
+ Don't provide a libmysqlclient15-dev package as long as there are
packages still build-depending on libmysqlclient15-dev and
mysql-dsfg-5. 0 is in the archive.
+ Lower mailx from a Recommends to a Suggests to avoid pulling in
a full MTA on all installs of mysql-server. (LP: #259477)
- debian/rules:
+ added -fno-strict-aliasing to CFLAGS to get around mysql testsuite
build failures.
- debian/additions/ debian- start.inc. sh: support ANSI mode (LP: #310211)
- Add AppArmor profile:
- debian/apparmor- profile: apparmor profile.
- debian/rules, debian/mysql-server- 5.1.files: install apparmor profile.
- debian/mysql-server- 5.1.dirs: add etc/apparmor. d/force- complain
- debian/mysql-server- 5.1.postrm: remove symlink in force-complain/ on
purge.
- debian/mysql-server- 5.1.README. Debian: add apparmor documentation.
- debian/additions/ my.cnf: Add warning about apparmor. (LP: #201799)
- debian/mysql-server- 5.1.postinst: reload apparmor profiles.
- debian/additions/ my.cnf: remove language option. Error message files are
located in a different directory in MySQL 5.0. Setting the language
option to use /usr/share/mysql/english breaks 5.0. Both 5.0 and 5.1
use a default value that works. (LP: #316974)
- debian/mysql-server- 5.1.mysql. init:
+ Clearly indicate that we do not support running multiple instances
of mysqld by duplicating the init script.
(closes: #314785, #324834, #435165, #444216)
+ Properly parameterize all existing references to the mysql config
file (/etc/mysql/my.cnf) .
- debian/mysql-server- 5.1.postinst: Clear out the second password
when setting up mysql. (LP: #344816)
- mysql-server-core-5. 1 package for files needed by Akonadi:
+ debian/control: create mysql-server-core-5. 1 package.
+ debian/mysql-server- core-5. 1.files, debian/ mysql-server- 5.1.files:
move core mysqld files to mysql-server-core-5. 1 package.
* debian/libmysqlclient1 6.symbols. amd64: remove amd64 symbols as it has
not been correctly generated in Debian.
* Add Apport hook: (LP: #354188)
- debian/mysql-server- 5.1.py: apport package hook.
- debian/mysql-server- 5.1.files, debian/rules: install apport package
hook.
* debian/additions/ my.cnf:
- drop old_password option.
- fix commented logging options to use general_log and general_log_file.
* Dropped - accepted in Debian:
- debian/mysql-server- 5.1.config:
+ ask for MySQL root password at priority high instead of medium so
that the password prompt is seen on a default install. (LP: #319843)
+ don't ask for root password when upgrading from a 5.0 install. - 9. By Mathias Gug
-
* Merge from debian experimental (and 5.0 from main), remaining changes:
- debian/mysql-server- 5.1.config:
+ ask for MySQL root password at priority high instead of medium so
that the password prompt is seen on a default install. (LP: #319843)
+ don't ask for root password when upgrading from a 5.0 install.
- debian/control:
+ Make libmysqlclient16-dev a transitional package depending on
libmysqlclient-dev.
+ Make libmysqlclient-dev conflict with libmysqlclient15-dev.
+ Don't build mysql-server, mysql-client, mysql-common and
libmysqlclient15- dev binary packages since they're still provided
by mysql-dfsg-5.0.
+ Make mysql-{client, server} -5.1 packages conflict and
replace mysql-{client, server} -5.0, but not provide
mysql-{client, server} .
+ Depend on a specific version of mysql-common rather than the src
version of mysql-dfsg-5.1 since mysql-common is currently part of
mysql-dfsg-5. 0.
+ Lower mailx from a Recommends to a Suggests to avoid pulling in
a full MTA on all installs of mysql-server. (LP: #259477)
- debian/rules:
+ added -fno-strict-aliasing to CFLAGS to get around mysql testsuite
build failures.
+ install mysql-test and sql-bench to /usr/share/mysql/ rather than
/usr/.
- debian/additions/ debian- start.inc. sh: support ANSI mode (LP: #310211)
- Add AppArmor profile:
- debian/apparmor- profile: apparmor profile.
- debian/rules, debian/mysql-server- 5.0.files: install apparmor profile.
- debian/mysql-server- 5.0.dirs: add etc/apparmor. d/force- complain
- debian/mysql-server- 5.0.postrm: remove symlink in force-complain/ on
purge.
- debian/mysql-server- 5.1.README. Debian: add apparmor documentation.
- debian/additions/ my.cnf: Add warning about apparmor. (LP: #201799)
- debian/mysql-server- 5.1.postinst: reload apparmor profiles.
- debian/additions/ my.cnf: remove language option. Error message files are
located in a different directory in MySQL 5.0. Setting the language
option to use /usr/share/mysql/english breaks 5.0. Both 5.0 and 5.1
use a default value that works. (LP: #316974)
- debian/mysql-server- 5.1.mysql. init:
+ Clearly indicate that we do not support running multiple instances
of mysqld by duplicating the init script.
(closes: #314785, #324834, #435165, #444216)
+ Properly parameterize all existing references to the mysql config
file (/etc/mysql/my.cnf) .
- debian/mysql-server- 5.0.postinst: Clear out the second password
when setting up mysql. (LP: #344816)
- mysql-server-core-5. 1 package for files needed by Akonadi:
+ debian/control: create mysql-server-core-5. 1 package.
+ debian/mysql-server- core-5. 1.files, debian/ mysql-server- 5.1.files:
move core mysqld files to mysql-server-core-5. 1 package.
- Don't package sql-bench and mysql-test file.
* Dropped changes:
- debian/patches/ 92_ssl_ test_cert. dpatch: certificate expiration in
test suite (LP: #323755). Included upstream.
* Dropped from 5.0:
- apparmor profile:
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6. All version
of apparmor-profile (>hardy) are higher than this version.
- debian/mysql-server- 5.0.preinst: create symlink for force-complain/
on pre-feisty upgrades, upgrades where apparmor-profiles profile is
unchanged (ie non-enforcing) and upgrades where the profile
doesn't exist. Support for pre-hardy upgrades is no longer needed.
* debian/mysql-server- 5.1.postinst: fix debian-sys-maint user creation. - 8. By Mathias Gug
-
* Support upgrades from 5.0 to 5.1: (LP: #319848).
- debian/mysql-server- 5.1.config: don't ask for root password when
upgrading from a 5.0 install.
- debian/control: mysql-server-5.1 conflicts and replaces
mysql-server- core-5. 0.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/mysql-dfsg-5.1