summaryrefslogtreecommitdiff
path: root/extra
Commit message (Collapse)AuthorAgeFilesLines
* Bug #24740291: YASSL UPDATE TO 2.4.2Robert Golebiowski2016-09-2711-122/+274
|
* Bug#21977380 - POSSIBLE BUFFER OVERFLOW ISSUESShishir Jaiswal2016-05-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DESCRIPTION =========== Buffer overflow is reported in a lot of code sections spanning across server, client programs, Regex libraries etc. If not handled appropriately, they can cause abnormal behaviour. ANALYSIS ======== The reported casea are the ones which are likely to result in SEGFAULT, MEMORY LEAK etc. FIX === - sprintf() has been replaced by my_snprintf() to avoid buffer overflow. - my_free() is done after checking if the pointer isn't NULL already and setting it to NULL thereafter at few places. - Buffer is ensured to be large enough to hold the data. - 'unsigned int' (aka 'uint') is replaced with 'size_t' to avoid wraparound. - Memory is freed (if not done so) after its alloced and used. - Inserted assert() for size check in InnoDb memcached code (from 5.6 onwards) - Other minor changes
* Bug #22738607: YASSL FUNCTION X509_NAME_GET_INDEX_BY_NID IS NOT WORKING AS ↵mysql-5.5.49Yashwant Sahu2016-02-269-28/+80
| | | | EXPECTED.
* Description: yaSSL was only handling the cases of zero orV S Murthy Sidagam2016-01-046-15/+40
| | | | | | | | | | | | | one leading zeros for the key agreement instead of potentially any number. There is about 1 in 50,000 connections to fail when using DHE cipher suites. The second problem was the case where a server would send a public value shorter than the prime value, causing about 1 in 128 client connections to fail, and also caused the yaSSL client to read off the end of memory. All client side DHE cipher suite users should update. Note: The patch is received from YaSSL people
* Updated yassl to yassl-2.3.8Robert Golebiowski2015-09-186-3/+31
|
* Bug #21025377 CAN'T CONNECT TO SSL ENABLED SERVER FIRST 30 SEC AFTERRobert Golebiowski2015-09-183-2/+9
| | | | | | INITIAL STARTUP Updated yassl to yassl-2.3.7e
* Bug #20774956: THREAD_POOL.THREAD_POOL_CONNECT HANGS WHEN RUN ON ARobert Golebiowski2015-07-083-2/+7
| | | | | | | | | | | | YASSL-COMPILED SERVER/CLIENT Description: thread_pool.thread_pool_connect hangs when the server and client are compiled with yaSSL. Bug-fix: Test thread_pool.thread_pool_connect was temporary disabled for yaSSL. However, now that yaSSL is fixed it runs OK. The bug was introduced by one of the yaSSL updates. set_current was not working for i == 0. Now this is fixed. YASSL is updated to 2.3.7d
* Bug #21025377 CAN'T CONNECT TO SSL ENABLED SERVER FIRST 30 SEC AFTERRobert Golebiowski2015-07-083-2/+12
| | | | | | | | | | | | | INITIAL STARTUP Description: By using mysql_ssl_rsa_setup to get SSL enabled server (after running mysqld --initialize) server don't answer properly to "mysqladmin ping" first 30 secs after startup. Bug-fix: YASSL validated certificate date to the minute but should have to the second. This is why the ssl on the server side was not up right away after new certs were created with mysql_ssl_rsa_setup. The fix for that was submitted by Todd. YASSL was updated to 2.3.7c.
* Bug #20168526 YASSL: CORRUPT SSL-KEY CRASHES CLIENTRobert Golebiowski2015-07-085-2/+38
| | | | | | | | | | Affects at least 5.6 and 5.7. In customer case, the "client" happened to be a replication slave, therefore his server crashed. Bug-fix: The bug was in yassl. Todd Ouska has provided us with the patch. (cherry picked from commit 42ffa91aad898b02f0793b669ffd04f5c178ce39)
* Bug#20201864 : UPGRADE TO YASSL 2.3.7Harin Vadodaria2014-12-3011-20/+342
| | | | | | | Upgrading YaSSL from 2.3.5 to 2.3.7 Reviewed-by : Kristofer Pettersson <kristofer.pettersson@oracle.com> Reviewed-by : Vamsikrishna Bhagi <vamsikrishna.bhagi@oracle.com>
* Bug #16581605: REPLACE.EXE UTILITY IS BROKEN IN 5.5Arun Kuruvila2014-10-211-2/+2
| | | | | | | | | | | | | | | Description:- Replace, the string replacement utility fails on the windows platform. Analysis:- The utility takes files and multiple string pairs as input. In the windows platform, the utility maps the standard input incorrectly (Considers 0 as the fd for standard input instead of 2048 on windows). Hence when the input file is supplied to the utility due to the incorrect mapping, a bad file descriptor error is generated causing the utility to exit with an error. Fix:- "my_fileno()" is used for getting the correct file despscriptor for standard input.
* Bug#19695101 UPGRADE YASSL TO 2.3.5Kristofer Pettersson2014-09-293-2/+11
|
* Bug#19370676 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENTHarin Vadodaria2014-08-2338-438/+717
| | | | | | | | LIES ABOUT SUITE_LEN_ and Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT LIES ABOUT COMP_LEN_ Description : Updating yaSSL to version 2.3.4.
* Bug#17201924 and Bug#18178997 : YASSL:MISSING CLOSEDIR()Harin Vadodaria2014-05-222-6/+9
| | | | | | | | | | | | | | IN SSL_CTX_LOAD_VERIFY_ LOCATIONS() and OFF-BY-ONE PROBLEM IN VOID CERTDECODER:: GETDATE(DATETYPE DT) IN ASN.CPP Description : Fixes corner cases in yassl code. Refer to bug page for details.
* Backport from trunk:Tor Didriksen2014-05-072-4/+2
| | | | | | | | | | | | | | | | Bug#18187290 ISSUE WITH BUILDING MYSQL USING CMAKE 2.8.12 We want to upgrade to VS2013 on Windows. In order to do this, we need to upgrade to cmake 2.8.12 This has introduced some incompatibilities for .pdb files, and "make install" no longer works. To reproduce: cmake --build . --target package --config debug The fix: Rather than installing .pdb files for static libraries, we use the /Z7 flag to store symbolic debugging information in the .obj files.
* Updated/added copyright header. Added line "use is subject to license terms" Murthy Narkedimilli2014-02-1757-0/+57
| | | | to copyright header.
* Bug#14211271 ISSUES WITH SSL ON DEBIAN WHEEZY I386 AND KFREEBSD-I386Anirudh Mangipudi2014-02-0615-183/+294
| | | | | | | | | | | | | | | Problem: It was reported that on Debian and KFreeBSD platforms, i386 architecture machines certain SSL tests are failing. main.ssl_connect rpl.rpl_heartbeat_ssl rpl.rpl_ssl1 rpl.rpl_ssl main.ssl_cipher, main.func_encrypt were the tests that were reportedly failing (crashing). The reason for the crashes are said to be due to the assembly code of yaSSL. Solution: There was initially a workaround suggested i.e., to enable -DTAOCRYPT_DISABLE_X86ASM flag which would prevent the crash, but at an expense of 4X reduction of speed. Since this was unacceptable, the fix was the functions using assembly, now input variables from the function call using extended inline assembly on GCC instead of relying on direct assembly code.
* Bug#16715064 MYSQL COMMUNITY UTILITIES CANNOT CONNECT TO MYSQL ENTERPRISEAnirudh Mangipudi2014-01-0816-237/+514
| | | | | | | | | | | | | | | | | | WITH SSL ENABLED Problem: It was reported that MySQL community utilities cannot connect to a MySQL Enterprise 5.6.x server with SSL configured. We can reproduce the issue when we try to connect an MySQL Enterprise Server with a MySQL Client with --ssl-ca parameter enabled. We get an ERROR 2026 (HY000): SSL connection error: unknown error number. Solution: The root cause of the problem was determined to be the difference in handling of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key) has not been specified.On the other hand yaSSL doesn't send any certificate and since OpenSSL does not expect this behaviour it returns an Unknown SSL error. The issue was resolved by yaSSL adding capability to send blank certificate when any of the parameter is missing.
* Updated/added copyright headersMurthy Narkedimilli2014-01-067-7/+7
|
* Bug 13878021 - WINDOWS PACKAGE THAT INCLUDES .PDB FILES FOR INTERMEDIATE ↵Sreedhar.S2013-10-092-0/+10
| | | | LIBRARIES USED
* Merge from mysql-5.1 to mysql-5.5Jon Olav Hauglid2013-05-161-1/+19
|\
| * Bug#16807394: PREVENT NEW ERROR MESSAGES FROM BEING ADDED TO 5.5Jon Olav Hauglid2013-05-161-1/+19
| | | | | | | | | | | | | | | | | | In order to keep error message numbers stable between GA releases, we can not now add a new error message to 5.1/5.5 as this message would get a number now used in 5.6. This patch enforces this by adding a 5.1/5.5 specific check when processing the error message file. If a new error message is added, building will abort and report an error.
| * Correcting the permissions of executable files.Murthy Narkedimilli2013-03-206-0/+0
| |
| * Bug 16395495 - OLD FSF ADDRESS IN GPL HEADERMurthy Narkedimilli2013-03-1917-19/+19
| |
* | Correcting the permissions of the executable files.Murthy Narkedimilli2013-03-206-0/+0
| |
* | Fix for Bug 16395495 - OLD FSF ADDRESS IN GPL HEADERMurthy Narkedimilli2013-03-199-11/+11
| |
* | Updated/added copyright headersMurthy Narkedimilli2013-02-2672-84/+74
|\ \ | |/
| * Updated/added copyright headers.Murthy Narkedimilli2013-02-2577-89/+77
| |
* | Bug#16218104: MYSQL YASSL - LUCKY THIRTEEN: BREAKING THEHarin Vadodaria2013-02-155-25/+215
|\ \ | |/ | | | | | | TLS AND DTLS RECORD PROTOCOLS Description: Merge from 5.1.
| * Bug#16218104: MYSQL YASSL - LUCKY THIRTEEN: BREAKING THEHarin Vadodaria2013-02-155-25/+215
| | | | | | | | | | | | | | | | | | TLS AND DTLS RECORD PROTOCOLS Description: In yassl, decryption phase in TLS protocol depends on type of padding. This patch removes this dependancy and makes error generation/decryption process independent of padding type.
* | Bug#15965288: BUFFER OVERFLOW IN YASSL FUNCTIONHarin Vadodaria2012-12-131-1/+7
|\ \ | |/ | | | | | | DOPROCESSREPLY() Description: Merge from 5.1 to 5.5
| * Bug#15965288: BUFFER OVERFLOW IN YASSL FUNCTIONHarin Vadodaria2012-12-131-1/+7
| | | | | | | | | | | | | | | | | | | | DOPROCESSREPLY() Description: Function DoProcessReply() calls function decrypt_message() in a while loop without performing a check on available buffer space. This can cause buffer overflow and crash the server. This patch is fix provided by Sawtooth to resolve the issue.
| * Bug#15883127: PORT FIX FOR BUG #13904906 TO MYSQL 5.1Harin Vadodaria2012-11-2116-35/+74
| | | | | | Description: Updated yassl to version 2.2.2
* | Bug #13115401: -SSL-KEY VALUE IS NOT VALIDATED AND IT ALLOWS INSECURE Venkata Sidagam2012-08-111-1/+1
|\ \ | |/ | | | | | | CONNECTIONS IF SPE Merged from mysql-5.1 to mysql-5.5
| * Bug #13115401: -SSL-KEY VALUE IS NOT VALIDATED AND IT ALLOWS INSECURE Venkata Sidagam2012-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONNECTIONS IF SPE Problem description: -ssl-key value is not validated, you can assign any bogus text to --ssl-key and it is not verified that it exists, and more importantly, it allows the client to connect to mysqld. Fix: Added proper validations checks for --ssl-key. Note: 1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections listed below and the details are : http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl and REQUIRE SSL section of http://dev.mysql.com/doc/refman/5.6/en/grant.html 2) Client having with option '--ssl', should able to get ssl connection. This will be implemented as part of separate fix in 5.6 and trunk.
* | Merge of patch for Bug#13928675 from mysql-5.1.Nirbhay Choubey2012-08-071-2/+3
|\ \ | |/
| * Bug#13928675 MYSQL CLIENT COPYRIGHT NOTICE MUSTNirbhay Choubey2012-08-071-2/+3
| | | | | | | | | | | | | | | | | | | | SHOW 2012 INSTEAD OF 2011 * Added a new macro to hold the current year : COPYRIGHT_NOTICE_CURRENT_YEAR * Modified ORACLE_WELCOME_COPYRIGHT_NOTICE macro to take the initial year as parameter and pick current year from the above mentioned macro.
* | Bug#14068244: INCOMPATIBILITY BETWEEN LIBMYSQLCLIENT/LIBMYSQLCLIENT_RHarin Vadodaria2012-08-071-37/+0
|\ \ | |/ | | | | | | AND LIBCRYPTO Description: Merge from 5.1 to 5.5
| * Bug#14068244: INCOMPATIBILITY BETWEEN LIBMYSQLCLIENT/LIBMYSQLCLIENT_RHarin Vadodaria2012-08-072-38/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AND LIBCRYPTO Problem: libmysqlclient_r exports symbols from yaSSL library which conflict with openSSL symbols. This issue is related to symbols used by CURL library and are defined in taocrypt. Taocrypt has dummy implementation of these functions. Due to this when a program which uses libcurl library functions is compiled using libmysqlclient_r and libcurl, it hits segmentation fault in execution phase. Solution: MySQL should not be exporting such symbols. However, these functions are not used by MySQL code at all. So avoid compiling them in the first place.
* | Bug#13904906: YASSL PRE-AUTH CRASH WITH 5.1.62, 5.5.22Harin Vadodaria2012-07-2416-35/+74
| | | | | | | | | | | | Problem: Valgrind reports errors when an invalid certificate is used on the client. Solution: Updated yaSSL to version 2.2.2.
* | merge 5.1->5.5Georgi Kodinov2012-05-151-0/+4
|\ \ | |/
| * Bug #11761822: yassl rejects valid certificate which openssl acceptsGeorgi Kodinov2012-05-151-0/+4
| | | | | | | | | | Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this particular certificate. Added a test case with the certificate itself.
* | Further upmerge the yaSSL upgrade (to 2.2.0) from MySQL 5.1 to 5.5.Joerg Bruehe2012-03-027-17/+67
|\ \ | |/ | | | | Also, take a syntax fix (C++ style comment in C file) in client/mysqldump.c.
| * Upmerge the yaSSL upgrade (to 2.2.0) from MySQL 5.0 to 5.1.Joerg Bruehe2012-03-027-17/+67
| |\
| | * Further upgrade the yaSSL library to version 2.2.0Joerg Bruehe2012-03-027-17/+67
| | | | | | | | | | | | | | | | | | to pick up some new security fixes that are in it. Patch provided by Georgi Kodinov.
* | | merge mysql-5.1-security->mysql-5.5-securityGeorgi Kodinov2012-02-1394-797/+1958
|\ \ \ | |/ /
| * | merge from 5.0-securityGeorgi Kodinov2012-02-1395-796/+1955
| |\ \ | | |/
| | * Bug #13706828: UPGRADE YASSL FROM 1.7.2 TO 2.1.4Georgi Kodinov2012-02-1095-797/+1956
| | | | | | | | | | | | | | | | | | | | | $SUBJ$ 1. Took a diff between the previous base version and the mysql sources. 2. Added the new 2.1.4 base version. 3. Reviewed and re-applied the diff from step #1.
| | * Bug#13706621 : UNIFY THE YASSL VERSIONS THAT WE USE BY BACKPORTING 5.1 Georgi Kodinov2012-02-1026-260/+372
| | | | | | | | | | | | | | | | | | | | | AND 5.5 YASSL FIXES. Took the 5.5 yassl code and applied it to the 5.0 codebase, keeping the compilation files.
| * | Bug#13706621 : UNIFY THE YASSL VERSIONS THAT WE USE BY BACKPORTING 5.1 Georgi Kodinov2012-02-1031-134/+93
| | | | | | | | | | | | | | | | | | | | | AND 5.5 YASSL FIXES. Took the 5.5 yassl directory and moved it to the 5.1 tree, while preserving the makefiles.
View Lorry Controller Status