Imported from /home/gentoo/distfiles/mysql-extras-20070415.tar.bz2.mysql-extras-20070415

4 files changed, 147 insertions, 1 deletions

diff --git a/000_index.txt b/000_index.txt
index 52243e1..ef48fe2 100644
--- a/000_index.txt
+++ b/000_index.txt
@@ -219,6 +219,13 @@
 @@ Fix bug #128713
 @@ dev-db/mysql: Query Logging Bypass Vulnerability (CVE-2006-0903)
 
+@patch 202_all_embedded-library-compile-5.0.38.patch
+@ver 5.00.38.00 to 5.00.99.99
+@pn mysql
+@pn mysql-community
+@pn mysql-slotted
+@@ Compile fix for USE=embedded
+
 @patch 400_all_mysqld-safe-sh-4.0.27.patch
 @ver 4.00.00.00 to 4.00.99.99
 @pn mysql
@@ -270,7 +277,7 @@
 @@ with lower priviledges
 
 @patch 702_all_trigger-rename-fail-as-root-5.0.34.patch
-@ver 5.00.34.00 to 5.00.99.99
+@ver 5.00.34.00 to 5.00.34.99
 @pn mysql
 @pn mysql-community
 @pn mysql-slotted
@@ -302,3 +309,18 @@
 @pn mysql-slotted
 @@ the view.test is year dependant
 
+@patch 706_all_fix-nullpointer-dos.patch
+@ver 5.00.26.00 to 5.00.99.99
+@ver 5.01.00.00 to 5.02.09.99
+@pn mysql
+@pn mysql-community
+@pn mysql-slotted
+@@ Fix gentoo bug 171934
+
+@patch 707_all_fix-nullpointer-dos-testcase.patch
+@ver 5.00.26.00 to 5.00.99.99
+@ver 5.01.00.00 to 5.02.09.99
+@pn mysql
+@pn mysql-community
+@pn mysql-slotted
+@@ Testcase for fix to gentoo bug 171934 (upstream bug #27513)
diff --git a/202_all_embedded-library-compile-5.0.38.patch b/202_all_embedded-library-compile-5.0.38.patch
new file mode 100644
index 0000000..e486614
--- /dev/null
+++ b/202_all_embedded-library-compile-5.0.38.patch
@@ -0,0 +1,26 @@
+diff -Nuar --exclude '*~' mysql.old/libmysqld/sql_parse.cc mysql/libmysqld/sql_parse.cc
+--- mysql.old/libmysqld/sql_parse.cc	2007-03-20 11:12:46.000000000 -0800
++++ mysql/libmysqld/sql_parse.cc	2007-04-15 01:25:22.240914696 -0700
+@@ -5405,9 +5405,7 @@
+ {
+   uint found=0;
+   ulong found_access=0;
+-#ifndef EMBEDDED_LIBRARY
+   TABLE_LIST *org_tables= tables;
+-#endif
+   TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table();
+   Security_context *sctx= thd->security_ctx, *backup_ctx= thd->security_ctx;
+   /*
+diff -Nuar --exclude '*~' mysql.old/sql/sql_parse.cc mysql/sql/sql_parse.cc
+--- mysql.old/sql/sql_parse.cc	2007-03-20 11:12:46.000000000 -0800
++++ mysql/sql/sql_parse.cc	2007-04-15 01:25:15.065857026 -0700
+@@ -5405,9 +5405,7 @@
+ {
+   uint found=0;
+   ulong found_access=0;
+-#ifndef EMBEDDED_LIBRARY
+   TABLE_LIST *org_tables= tables;
+-#endif
+   TABLE_LIST *first_not_own_table= thd->lex->first_not_own_table();
+   Security_context *sctx= thd->security_ctx, *backup_ctx= thd->security_ctx;
+   /*
diff --git a/706_all_fix-nullpointer-dos.patch b/706_all_fix-nullpointer-dos.patch
new file mode 100644
index 0000000..1511768
--- /dev/null
+++ b/706_all_fix-nullpointer-dos.patch
@@ -0,0 +1,27 @@
+Gentoo bug #171934
+MySQL bug #27513
+
+diff -Naur mysql-5.0.38/libmysqld/item_cmpfunc.cc mysql-5.0.38-patched/libmysqld/item_cmpfunc.cc
+--- mysql-5.0.38/libmysqld/item_cmpfunc.cc	2007-03-20 20:12:46.000000000 +0100
++++ mysql-5.0.38-patched/libmysqld/item_cmpfunc.cc	2007-04-12 20:41:32.000000000 +0200
+@@ -2423,7 +2423,7 @@
+   dec->len= DECIMAL_BUFF_LENGTH;
+   dec->fix_buffer_pointer();
+   my_decimal *res= item->val_decimal(dec);
+-  if (res != dec)
++  if (!item->null_value && res != dec)
+     my_decimal2decimal(res, dec);
+ }
+ 
+diff -Naur mysql-5.0.38/sql/item_cmpfunc.cc mysql-5.0.38-patched/sql/item_cmpfunc.cc
+--- mysql-5.0.38/sql/item_cmpfunc.cc	2007-03-20 20:12:46.000000000 +0100
++++ mysql-5.0.38-patched/sql/item_cmpfunc.cc	2007-04-12 20:41:36.000000000 +0200
+@@ -2423,7 +2423,7 @@
+   dec->len= DECIMAL_BUFF_LENGTH;
+   dec->fix_buffer_pointer();
+   my_decimal *res= item->val_decimal(dec);
+-  if (res != dec)
++  if (!item->null_value && res != dec)
+     my_decimal2decimal(res, dec);
+ }
+ 
diff --git a/707_all_fix-nullpointer-dos-testcase.patch b/707_all_fix-nullpointer-dos-testcase.patch
new file mode 100644
index 0000000..fd5f374
--- /dev/null
+++ b/707_all_fix-nullpointer-dos-testcase.patch
@@ -0,0 +1,71 @@
+From: kgeorge
+Date: April 3 2007 5:01pm
+Subject: bk commit into 5.0 tree (gkodinov:1.2432) BUG#27513
+
+Below is the list of changes that have just been committed into a local
+5.0 repository of kgeorge. When kgeorge does a push these changes will
+be propagated to the main repository and, within 24 hours after the
+push, to the public repository.
+For information on how to access the public repository
+see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
+
+ChangeSet@stripped, 2007-04-03 18:00:57+03:00, gkodinov@stripped +2 -0
+  Bug #27513: test case added to make sure this 
+  crash bug doesn't reappear.
+
+  mysql-test/r/errors.result@stripped, 2007-04-03 18:00:55+03:00, gkodinov@stripped +18 -0
+    Bug #27513: test case
+
+  mysql-test/t/errors.test@stripped, 2007-04-03 18:00:55+03:00, gkodinov@stripped +11 -0
+    Bug #27513: test case
+
+# This is a BitKeeper patch.  What follows are the unified diffs for the
+# set of deltas contained in the patch.  The rest of the patch, the part
+# that BitKeeper cares about, is below these diffs.
+# User:	gkodinov
+# Host:	magare.gmz
+# Root:	/home/kgeorge/mysql/work/B27513-5.0-opt
+
+--- 1.9/mysql-test/r/errors.result	2005-08-12 18:04:47 +03:00
++++ 1.10/mysql-test/r/errors.result	2007-04-03 18:00:55 +03:00
+@@ -28,3 +28,21 @@ ERROR 42000: Display width out of range 
+ set sql_mode='traditional';
+ create table t1 (a varchar(66000));
+ ERROR 42000: Column length too big for column 'a' (max = 65535); use BLOB or TEXT instead
++CREATE TABLE t1 (a INT);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++a
++Warnings:
++Error	1365	Division by 0
++INSERT INTO t1 VALUES(1);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++a
++1
++Warnings:
++Error	1365	Division by 0
++INSERT INTO t1 VALUES(2),(3);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++a
++1
++Warnings:
++Error	1365	Division by 0
++DROP TABLE t1;
+
+--- 1.15/mysql-test/t/errors.test	2005-08-12 18:04:48 +03:00
++++ 1.16/mysql-test/t/errors.test	2007-04-03 18:00:55 +03:00
+@@ -41,4 +41,15 @@ set sql_mode='traditional';
+ --error 1074
+ create table t1 (a varchar(66000));
+ 
++#
++# Bug #27513: mysql 5.0.x + NULL pointer DoS
++#
++CREATE TABLE t1 (a INT);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++INSERT INTO t1 VALUES(1);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++INSERT INTO t1 VALUES(2),(3);
++SELECT a FROM t1 WHERE a IN(1, (SELECT IF(1=0,1,2/0)));
++DROP TABLE t1;
++
+ # End of 5.0 tests