1. 11 May, 2010 1 commit
  2. 10 May, 2010 4 commits
  3. 05 May, 2010 16 commits
  4. 04 May, 2010 12 commits
  5. 03 May, 2010 5 commits
    • Kristofer Pettersson's avatar
      Automerge · 95e712b0
      Kristofer Pettersson authored
      95e712b0
    • Kristofer Pettersson's avatar
      Bug#50373 --secure-file-priv="" · 5dd5d705
      Kristofer Pettersson authored
      Iterative patch improvement. Previously committed patch
      caused wrong result on Windows. The previous patch also
      broke secure_file_priv for symlinks since not all file
      paths which must be compared against this variable are
      normalized using the same norm.
      
      The server variable opt_secure_file_priv wasn't
      normalized properly and caused the operations
      LOAD DATA INFILE .. INTO TABLE ..
      and
      SELECT load_file(..)
      to do different interpretations of the 
      --secure-file-priv option.
           
      The patch moves code to the server initialization
      routines so that the path always is normalized
      once and only once.
            
      It was also intended that setting the option
      to an empty string should be equal to 
      lifting all previously set restrictions. This
      is also fixed by this patch.
      
      
      mysql-test/r/loaddata.result:
        * Removed test code which will currently break the much used --mem feature of mtr.
      mysql-test/t/loaddata.test:
        * Removed test code which will currently break the much used --mem feature of mtr.
      sql/item_strfunc.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      sql/mysql_priv.h:
        * Added signature for is_secure_file_path()
      sql/mysqld.cc:
        * New function for checking if a path compatible with the secure path restriction.
        * Added initialization of the opt_secure_file_priv variable.
      sql/sql_class.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      sql/sql_load.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      5dd5d705
    • Georgi Kodinov's avatar
      Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · f63608ea
      Georgi Kodinov authored
      The server was not checking the supplied to COM_FIELD_LIST table name
      for validity and compliance to acceptable table names standards.
      Fixed by checking the table name for compliance similar to how it's 
      normally checked by the parser and returning an error message if 
      it's not compliant.
      f63608ea
    • Marko Mäkelä's avatar
      buf_zip_decompress(): Allow BUF_NO_CHECKSUM_MAGIC as the stamped checksum. · 7c4e538d
      Marko Mäkelä authored
      buf_page_get_gen(): Assert that buf_zip_decompress() succeeds.
      Callers are not prepared for a NULL return value. (Bug #53248)
      7c4e538d
    • unknown's avatar
      Raise version number after cloning 5.0.91 · 1f3305f6
      unknown authored
      1f3305f6
  6. 01 May, 2010 2 commits