| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
scripts/mysql_system_tables.sql:
Removed DEFAULT from a blob definition as this can cause problems.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This came with the upgrade from yassl 2.3.0 to 2.3.4 -
ssl tests started to hang on Windows. Comparing and removing changes
I've got to this:
void input_buffer::set_current(uint i)
{
- if (i)
- check(i - 1, size_);
- current_ = i;
+ if (error_ == 0 && i && check(i - 1, size_) == 0)
+ current_ = i;
+ else
+ error_ = -1;
}
in 2.3.0 i==0 was only used to avoid the check, in 2.3.4 it's an error.
but there are places in the code that do set_current(0) and others that
do, like, { before=get_current(); ...; set_current(before); } - and the
initial value of current_ is 0.
So, I suspect that set_current(0) should not be an error, but it should
only skip the check().
|
| |\ \
| |/ |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
LIES ABOUT SUITE_LEN_
and
Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT COMP_LEN_
Description : Updating yaSSL to version 2.3.4.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | | |
~40% bugfixed(*) applied
~40$ bugfixed reverted (incorrect or we're not buggy)
~20% bugfixed applied, despite us being not buggy
(*) only changes in the server code, e.g. not cmakefiles
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
IN
SSL_CTX_LOAD_VERIFY_
LOCATIONS()
and
OFF-BY-ONE PROBLEM IN
VOID CERTDECODER::
GETDATE(DATETYPE DT)
IN ASN.CPP
Description : Fixes corner cases in yassl code.
Refer to bug page for details.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | | |
to copyright header.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Problem:
It was reported that on Debian and KFreeBSD platforms, i386 architecture
machines certain SSL tests are failing. main.ssl_connect rpl.rpl_heartbeat_ssl
rpl.rpl_ssl1 rpl.rpl_ssl main.ssl_cipher, main.func_encrypt were the tests that
were reportedly failing (crashing). The reason for the crashes are said to be
due to the assembly code of yaSSL.
Solution:
There was initially a workaround suggested i.e., to enable
-DTAOCRYPT_DISABLE_X86ASM flag which would prevent the crash, but at an expense
of 4X reduction of speed. Since this was unacceptable, the fix was the
functions using assembly, now input variables from the function call using
extended inline assembly on GCC instead of relying on direct assembly code.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
WITH SSL ENABLED
Problem:
It was reported that MySQL community utilities cannot connect to a MySQL
Enterprise 5.6.x server with SSL configured. We can reproduce the issue
when we try to connect an MySQL Enterprise Server with a MySQL Client with
--ssl-ca parameter enabled.
We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
Solution:
The root cause of the problem was determined to be the difference in handling
of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
has not been specified.On the other hand yaSSL doesn't send any certificate and
since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
The issue was resolved by yaSSL adding capability to send blank certificate when
any of the parameter is missing.
|
| |\ \ \ |
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/
| | | |
| | | | |
(without few incorrect bugfixes and with 1250 files where only a copyright year was changed)
|
| | | | | |
|
| |\ \ \ \
| |/ / / |
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/ |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | | |
(without InnoDB - all InnoDB changes were ignored)
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/ |
|
| | | | |\ |
|
| | | | | | |
|
| | | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | | |
TLS AND DTLS RECORD PROTOCOLS
Description: Merge from 5.1.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
TLS AND DTLS RECORD PROTOCOLS
Description: In yassl, decryption phase in TLS protocol
depends on type of padding. This patch
removes this dependancy and makes error
generation/decryption process independent
of padding type.
|
| |\ \ \ \ \
| |/ / / / |
|
| | |\ \ \ \
| | |/ / / |
|
| | | |\ \ \
| | | |/ / |
|
| | | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | | |
DOPROCESSREPLY()
Description: Merge from 5.1 to 5.5
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
DOPROCESSREPLY()
Description: Function DoProcessReply() calls function
decrypt_message() in a while loop without
performing a check on available buffer
space. This can cause buffer overflow and
crash the server. This patch is fix provided
by Sawtooth to resolve the issue.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Description: Updated yassl to version 2.2.2
|
| |\ \ \ \ \
| |/ / / / |
|
| | |/ / / |
|
| |\ \ \ \
| |/ / / |
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | | |
CONNECTIONS IF SPE
Merged from mysql-5.1 to mysql-5.5
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Problem: Valgrind reports errors when an invalid certificate is used on the
client.
Solution: Updated yaSSL to version 2.2.2.
|
| | | | |
| | | |
| | | |
| | | | |
Added missing system tables used in 5.6
|
| |/ / / |
|
| |\ \ \ |
|
| | |\ \ \
| | | |/
| | |/| |
|
| |\ \ \ \
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
mysql-test/suite/innodb/t/group_commit_crash.test:
remove autoincrement to avoid rbr being used for insert ... select
mysql-test/suite/innodb/t/group_commit_crash_no_optimize_thread.test:
remove autoincrement to avoid rbr being used for insert ... select
mysys/my_addr_resolve.c:
a pointer to a buffer is returned to the caller -> the buffer cannot be on the stack
mysys/stacktrace.c:
my_vsnprintf() is ok here, in 5.5
|
| | |\ \ \
| | | |/
| | |/|
| | | |
| | | | |
Also, take a syntax fix (C++ style comment in C file) in client/mysqldump.c.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to pick up some new security fixes that are in it.
Patch provided by Georgi Kodinov.
|
