diff options
| author | Alexander Nozdrin <alik@sun.com> | 2010-02-03 20:22:58 +0300 |
|---|---|---|
| committer | Alexander Nozdrin <alik@sun.com> | 2010-02-03 20:22:58 +0300 |
| commit | 1a46ff873e282e7b0e00e5d7ed2d8b082f56d60e (patch) | |
| tree | 3be2d65dceed74b20b35b0dd5706d1b3daeddbb6 | |
| parent | defe010c7368bf590bcdd6edd896c16a2febaae2 (diff) | |
| parent | 0a90bfe6c019fd1dc3db3090de969077ac311fb5 (diff) | |
| download | mariadb-git-1a46ff873e282e7b0e00e5d7ed2d8b082f56d60e.tar.gz | |
Manual merge from mysql-5.1-bugteam.
Conflicts:
- configure.in
- mysql-test/include/setup_fake_relay_log.inc
- sql/sql_select.cc
| -rw-r--r-- | configure.in | 22 | ||||
| -rw-r--r-- | mysql-test/include/setup_fake_relay_log.inc | 20 | ||||
| -rw-r--r-- | mysql-test/r/fulltext.result | 8 | ||||
| -rw-r--r-- | mysql-test/r/information_schema.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/fulltext.test | 10 | ||||
| -rw-r--r-- | mysql-test/t/information_schema.test | 27 | ||||
| -rw-r--r-- | sql/sql_select.cc | 18 | ||||
| -rw-r--r-- | sql/sql_show.cc | 8 | ||||
| -rw-r--r-- | win/configure.js | 6 |
9 files changed, 115 insertions, 26 deletions
diff --git a/configure.in b/configure.in index ad4f1e1e8f3..6d385c63bb6 100644 --- a/configure.in +++ b/configure.in @@ -1,17 +1,23 @@ dnl -*- ksh -*- dnl Process this file with autoconf to produce a configure script. -AC_PREREQ(2.52)dnl Minimum Autoconf version required. +# Minimum Autoconf version required. +AC_PREREQ(2.59) -AC_INIT(sql/mysqld.cc) -AC_CANONICAL_SYSTEM -# The Docs Makefile.am parses this line! -# remember to also update version.c in ndb -# +# Remember to also update version.c in ndb. # When changing major version number please also check switch statement # in client/mysqlbinlog.cc:check_master_version(). -AM_INIT_AUTOMAKE(mysql, 5.5.2-m2) -AM_CONFIG_HEADER([include/config.h:config.h.in]) +AC_INIT([MySQL Server], [5.5.2-m2], [], [mysql]) +AC_CONFIG_SRCDIR([sql/mysqld.cc]) +AC_CANONICAL_SYSTEM +# USTAR format gives us the possibility to store longer path names in +# TAR files, the path name is split into two parts, a 155 chacater +# first part and a 100 character second part. +AM_INIT_AUTOMAKE([1.9 tar-ustar]) +LT_INIT +LT_PREREQ([1.5.6]) + +AM_CONFIG_HEADER([include/config.h]) # Request support for automake silent-rules if available. # Default to verbose output. One can use the configure-time diff --git a/mysql-test/include/setup_fake_relay_log.inc b/mysql-test/include/setup_fake_relay_log.inc index b11e6afbeca..9510a557159 100644 --- a/mysql-test/include/setup_fake_relay_log.inc +++ b/mysql-test/include/setup_fake_relay_log.inc @@ -77,12 +77,28 @@ copy_file $fake_relay_log $_fake_relay_log; if (`select convert(@@version_compile_os using latin1) IN ("Win32","Win64","Windows") = 0`) { - eval select './$_fake_filename-fake.000001\n' into dumpfile '$_fake_relay_index'; + -- let $_index_entry= ./$_fake_filename-fake.000001 } if (`select convert(@@version_compile_os using latin1) IN ("Win32","Win64","Windows") != 0`) { - eval select '.\\\\$_fake_filename-fake.000001\n' into dumpfile '$_fake_relay_index'; + -- let $_index_entry= .\\\\$_fake_filename-fake.000001 +} + +if (`SELECT LENGTH(@@secure_file_priv) > 0`) +{ + -- let $_file_priv_dir= `SELECT @@secure_file_priv`; + -- let $_suffix= `SELECT UUID()` + -- let $_tmp_file= $_file_priv_dir/fake-index.$_suffix + + -- eval select '$_index_entry\n' into dumpfile '$_tmp_file' + -- copy_file $_tmp_file $_fake_relay_index + -- remove_file $_tmp_file +} + +if (`SELECT LENGTH(@@secure_file_priv) = 0`) +{ + -- eval select '$_index_entry\n' into dumpfile '$_fake_relay_index' } # Setup replication from existing relay log. diff --git a/mysql-test/r/fulltext.result b/mysql-test/r/fulltext.result index 88088ae11fe..9e05763b9da 100644 --- a/mysql-test/r/fulltext.result +++ b/mysql-test/r/fulltext.result @@ -611,4 +611,12 @@ WHERE t3.a=t1.a AND MATCH(b2) AGAINST('scargill' IN BOOLEAN MODE) count(*) 0 DROP TABLE t1,t2,t3; +# +# Bug #49445: Assertion failed: 0, file .\item_row.cc, line 55 with +# fulltext search and row op +# +CREATE TABLE t1(a CHAR(1),FULLTEXT(a)); +SELECT 1 FROM t1 WHERE MATCH(a) AGAINST ('') AND ROW(a,a) > ROW(1,1); +1 +DROP TABLE t1; End of 5.1 tests diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 04234eb3cc4..2f12d112aff 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1643,6 +1643,28 @@ SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0; TEST_RESULT OK SET TIMESTAMP=DEFAULT; +# +# Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES +# +CREATE DATABASE db1; +USE db1; +CREATE TABLE t1 (id INT); +CREATE USER nonpriv; +USE test; +# connected as nonpriv +# Should return 0 +SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +COUNT(*) +0 +USE INFORMATION_SCHEMA; +# Should return 0 +SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1'; +COUNT(*) +0 +# connected as root +DROP USER nonpriv; +DROP TABLE db1.t1; +DROP DATABASE db1; End of 5.1 tests. create table information_schema.t1 (f1 INT); ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' diff --git a/mysql-test/t/fulltext.test b/mysql-test/t/fulltext.test index 61fa28954cf..c95bc213dec 100644 --- a/mysql-test/t/fulltext.test +++ b/mysql-test/t/fulltext.test @@ -554,4 +554,14 @@ SELECT count(*) FROM t1 WHERE DROP TABLE t1,t2,t3; +--echo # +--echo # Bug #49445: Assertion failed: 0, file .\item_row.cc, line 55 with +--echo # fulltext search and row op +--echo # + +CREATE TABLE t1(a CHAR(1),FULLTEXT(a)); +SELECT 1 FROM t1 WHERE MATCH(a) AGAINST ('') AND ROW(a,a) > ROW(1,1); +DROP TABLE t1; + + --echo End of 5.1 tests diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index 9da7cc1042d..cec93aeb0cb 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -1389,6 +1389,33 @@ SET TIMESTAMP=@@TIMESTAMP + 10000000; SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0; SET TIMESTAMP=DEFAULT; + +--echo # +--echo # Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES +--echo # +CREATE DATABASE db1; +USE db1; +CREATE TABLE t1 (id INT); +CREATE USER nonpriv; +USE test; + +connect (nonpriv_con, localhost, nonpriv,,); +connection nonpriv_con; +--echo # connected as nonpriv +--echo # Should return 0 +SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +USE INFORMATION_SCHEMA; +--echo # Should return 0 +SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1'; + +connection default; +--echo # connected as root +disconnect nonpriv_con; +DROP USER nonpriv; +DROP TABLE db1.t1; +DROP DATABASE db1; + + --echo End of 5.1 tests. # diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 5598cc29a01..7119650a7a6 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -3677,20 +3677,20 @@ add_ft_keys(DYNAMIC_ARRAY *keyuse_array, cond_func=(Item_func_match *)cond; else if (func->arg_count == 2) { - Item_func *arg0=(Item_func *)(func->arguments()[0]), - *arg1=(Item_func *)(func->arguments()[1]); - if (arg1->const_item() && - arg0->type() == Item::FUNC_ITEM && - arg0->functype() == Item_func::FT_FUNC && + Item *arg0=(Item *)(func->arguments()[0]), + *arg1=(Item *)(func->arguments()[1]); + if (arg1->const_item() && arg1->cols() == 1 && + arg0->type() == Item::FUNC_ITEM && + ((Item_func *) arg0)->functype() == Item_func::FT_FUNC && ((functype == Item_func::GE_FUNC && arg1->val_real() > 0) || (functype == Item_func::GT_FUNC && arg1->val_real() >=0))) - cond_func=(Item_func_match *) arg0; + cond_func= (Item_func_match *) arg0; else if (arg0->const_item() && - arg1->type() == Item::FUNC_ITEM && - arg1->functype() == Item_func::FT_FUNC && + arg1->type() == Item::FUNC_ITEM && + ((Item_func *) arg1)->functype() == Item_func::FT_FUNC && ((functype == Item_func::LE_FUNC && arg0->val_real() > 0) || (functype == Item_func::LT_FUNC && arg0->val_real() >=0))) - cond_func=(Item_func_match *) arg1; + cond_func= (Item_func_match *) arg1; } } else if (cond->type() == Item::COND_ITEM) diff --git a/sql/sql_show.cc b/sql/sql_show.cc index aa55b7728e4..389aae87977 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3309,11 +3309,11 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) while ((db_name= it++)) { #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (!check_access(thd,SELECT_ACL, db_name->str, - &thd->col_access, 0, 1, with_i_schema) || + if (!(check_access(thd,SELECT_ACL, db_name->str, + &thd->col_access, 0, 1, with_i_schema) || + (!thd->col_access && check_grant_db(thd, db_name->str))) || sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || - acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) || - !check_grant_db(thd, db_name->str)) + acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0)) #endif { thd->no_warnings_for_error= 1; diff --git a/win/configure.js b/win/configure.js index 07dccb66f83..00a66b32b64 100644 --- a/win/configure.js +++ b/win/configure.js @@ -140,11 +140,11 @@ function GetValue(str, key) function GetVersion(str) { - var key = "AM_INIT_AUTOMAKE(mysql, "; - var pos = str.indexOf(key); //5.0.6-beta) + var key = "AC_INIT([MySQL Server], ["; + var pos = str.indexOf(key); if (pos == -1) return null; pos += key.length; - var end = str.indexOf(")", pos); + var end = str.indexOf("]", pos); if (end == -1) return null; return str.substring(pos, end); } |