[arch-commits] Commit in percona-server/trunk (2 files)
Christian Hesse
eworm at archlinux.org
Tue Sep 13 07:36:26 UTC 2016
Date: Tuesday, September 13, 2016 @ 07:36:25
Author: eworm
Revision: 189219
upgpkg: percona-server 5.7.14_7-2
fix CVE-2016-6662
MySQL Remote Root Code Execution / Privilege Escalation
http://seclists.org/oss-sec/2016/q3/481
Added:
percona-server/trunk/percona-server-CVE-2016-6662.patch
Modified:
percona-server/trunk/PKGBUILD
------------------------------------+
PKGBUILD | 6 +
percona-server-CVE-2016-6662.patch | 114 +++++++++++++++++++++++++++++++++++
2 files changed, 119 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-09-12 20:35:09 UTC (rev 189218)
+++ PKGBUILD 2016-09-13 07:36:25 UTC (rev 189219)
@@ -7,7 +7,7 @@
_boost_ver=1.59.0
_pkgver=${pkgver/_/-}
_myver=${pkgver/_rel*}
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
# valgrind necessary for bug https://bugs.launchpad.net/percona-server/+bug/1494283
makedepends=('cmake' 'openssl' 'zlib' 'libaio' 'systemd-tools' 'valgrind' 'pam' 'numactl' 'jemalloc')
@@ -15,6 +15,7 @@
url="http://www.percona.com/software/percona-server/"
source=("http://www.percona.com/downloads/Percona-Server-${pkgver%.*_*}/Percona-Server-$_pkgver/source/tarball/percona-server-$_pkgver.tar.gz"
"http://sourceforge.net/projects/boost/files/boost/${_boost_ver}/boost_${_boost_ver//./_}.tar.gz"
+ 'percona-server-CVE-2016-6662.patch'
'my.cnf'
'mysql-user.conf')
@@ -24,6 +25,8 @@
sed 's|${fullhostname}|"archbuild"|' \
-i storage/tokudb/PerconaFT/cmake_modules/TokuSetupCTest.cmake
+
+ patch -Np1 < "${srcdir}/percona-server-CVE-2016-6662.patch"
}
build() {
@@ -165,5 +168,6 @@
sha256sums=('b204ffac56bfc8cf092acca3ce73d63b00450b59f554acd1daeb5a573eec2c1d'
'47f11c8844e579d02691a607fbd32540104a9ac7a2534a8ddaef50daf502baac'
+ '924543feda4c377386a5c20f35302132e204ded5c7e4401bd1ac9f3e12a2f49a'
'ae451839c368f0db25a63bb0a6a890194897a8e74818bd4245140933c29e5f83'
'e638a2657085f15b6728f43c1fd6aa551b27608fbf6b435e33afd3606a0cfb0e')
Added: percona-server-CVE-2016-6662.patch
===================================================================
--- percona-server-CVE-2016-6662.patch (rev 0)
+++ percona-server-CVE-2016-6662.patch 2016-09-13 07:36:25 UTC (rev 189219)
@@ -0,0 +1,114 @@
+diff --git a/mysql-test/suite/sys_vars/r/general_log_file_basic.result b/mysql-test/suite/sys_vars/r/general_log_file_basic.result
+index 30bb0f3..e1fddd8 100644
+--- a/mysql-test/suite/sys_vars/r/general_log_file_basic.result
++++ b/mysql-test/suite/sys_vars/r/general_log_file_basic.result
+@@ -13,6 +13,16 @@ SET @@global.general_log_file = mytest.log;
+ ERROR 42000: Incorrect argument type to variable 'general_log_file'
+ SET @@global.general_log_file = 12;
+ ERROR 42000: Incorrect argument type to variable 'general_log_file'
++SET @@global.general_log_file = 'my.cnf';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf'
++SET @@global.general_log_file = '/tmp/my.cnf';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of '/tmp/my.cnf'
++SET @@global.general_log_file = '.my.cnf';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf'
++SET @@global.general_log_file = 'my.cnf\0foo';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf'
++SET @@global.general_log_file = 'my.ini';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.ini'
+ '#----------------------FN_DYNVARS_004_03------------------------#'
+ SELECT @@global.general_log_file = VARIABLE_VALUE
+ FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES
+diff --git a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result
+index c032a36..503d1c8 100644
+--- a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result
++++ b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result
+@@ -10,6 +10,16 @@ SET @@global.slow_query_log_file = mytest.log;
+ ERROR 42000: Incorrect argument type to variable 'slow_query_log_file'
+ SET @@global.slow_query_log_file = 12;
+ ERROR 42000: Incorrect argument type to variable 'slow_query_log_file'
++SET @@global.slow_query_log_file = 'my.cnf';
++ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of 'my.cnf'
++SET @@global.slow_query_log_file = '/tmp/my.cnf';
++ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of '/tmp/my.cnf'
++SET @@global.general_log_file = '.my.cnf';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf'
++SET @@global.general_log_file = 'my.cnf\0foo';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf'
++SET @@global.general_log_file = 'my.ini';
++ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.ini'
+ '#----------------------FN_DYNVARS_004_03------------------------#'
+ SELECT @@global.slow_query_log_file = VARIABLE_VALUE
+ FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES
+diff --git a/mysql-test/suite/sys_vars/t/general_log_file_basic.test b/mysql-test/suite/sys_vars/t/general_log_file_basic.test
+index 62b2105..2e24f1d 100644
+--- a/mysql-test/suite/sys_vars/t/general_log_file_basic.test
++++ b/mysql-test/suite/sys_vars/t/general_log_file_basic.test
+@@ -59,6 +59,20 @@ SET @@global.general_log_file = mytest.log;
+ --error ER_WRONG_TYPE_FOR_VAR
+ SET @@global.general_log_file = 12;
+
++#
++# MDEV-10465
++#
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = 'my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = '/tmp/my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = '.my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = 'my.cnf\0foo';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = 'my.ini';
++
+
+ --echo '#----------------------FN_DYNVARS_004_03------------------------#'
+ ##############################################################################
+diff --git a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test
+index c91ff45..5f59dc9 100644
+--- a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test
++++ b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test
+@@ -57,6 +57,20 @@ SET @@global.slow_query_log_file = mytest.log;
+ --error ER_WRONG_TYPE_FOR_VAR
+ SET @@global.slow_query_log_file = 12;
+
++#
++# MDEV-10465
++#
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.slow_query_log_file = 'my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.slow_query_log_file = '/tmp/my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = '.my.cnf';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = 'my.cnf\0foo';
++--error ER_WRONG_VALUE_FOR_VAR
++SET @@global.general_log_file = 'my.ini';
++
+ --echo '#----------------------FN_DYNVARS_004_03------------------------#'
+ ##############################################################################
+ # Check if the value in GLOBAL Tables matches values in variable #
+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
+index 9ed27e2..31679c2 100644
+--- a/sql/sys_vars.cc
++++ b/sql/sys_vars.cc
+@@ -4973,6 +4973,17 @@ static bool check_log_path(sys_var *self, THD *thd, set_var *var)
+ return true;
+ }
+
++ static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") };
++ static const LEX_CSTRING my_ini= { STRING_WITH_LEN("my.ini") };
++ if (path_length >= my_cnf.length)
++ {
++ if (strcasecmp(path + path_length - my_cnf.length, my_cnf.str) == 0)
++ return true; // log file name ends with "my.cnf"
++ DBUG_ASSERT(my_cnf.length == my_ini.length);
++ if (strcasecmp(path + path_length - my_ini.length, my_ini.str) == 0)
++ return true; // log file name ends with "my.ini"
++ }
++
+ MY_STAT f_stat;
+
+ if (my_stat(path, &f_stat, MYF(0)))
More information about the arch-commits
mailing list