1. 10 Nov, 2016 1 commit
  2. 03 Nov, 2016 1 commit
  3. 27 Oct, 2016 3 commits
  4. 17 Oct, 2016 2 commits
  5. 14 Oct, 2016 1 commit
  6. 13 Oct, 2016 6 commits
  7. 29 Sep, 2016 1 commit
  8. 28 Sep, 2016 3 commits
  9. 27 Sep, 2016 1 commit
  10. 26 Sep, 2016 5 commits
  11. 24 Sep, 2016 1 commit
  12. 13 Sep, 2016 1 commit
  13. 12 Sep, 2016 4 commits
  14. 11 Sep, 2016 1 commit
  15. 02 Sep, 2016 1 commit
  16. 26 Aug, 2016 1 commit
  17. 25 Aug, 2016 4 commits
    • Sivert Sorumgard's avatar
      Bug#24388753: PRIVILEGE ESCALATION USING MYSQLD_SAFE · 48bd8b16
      Sivert Sorumgard authored
      [This is the 5.5/5.6 version of the bugfix].
      
      The problem was that it was possible to write log files ending
      in .ini/.cnf that later could be parsed as an options file.
      This made it possible for users to specify startup options
      without the permissions to do so.
      
      This patch fixes the problem by disallowing general query log
      and slow query log to be written to files ending in .ini and .cnf.
      48bd8b16
    • Jon Olav Hauglid's avatar
      Bug#24388746: PRIVILEGE ESCALATION AND RACE CONDITION USING CREATE TABLE · 4e547386
      Jon Olav Hauglid authored
      During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD)
      is created. When repair finishes, this file is renamed to the original
      .MYD file. The problem was that during this rename, we copied the
      stats from the old file to the new file with chmod/chown. If a user
      managed to replace the temporary file before chmod/chown was executed,
      it was possible to get an arbitrary file with the privileges of the
      mysql user.
      
      This patch fixes the problem by not copying stats from the old
      file to the new file. This is not needed as the new file was
      created with the correct stats. This fix only changes server
      behavior - external utilities such as myisamchk still does
      chmod/chown.
      
      No test case provided since the problem involves synchronization
      with file system operations.
      4e547386
    • Terje Rosten's avatar
      Bug#24464380 PRIVILEGE ESCALATION USING MYSQLD_SAFE · 684a165f
      Terje Rosten authored
      Argument to malloc-lib must be included in restricted list of
      directories, symlink guards added, and mysqld and mysqld-version
      options restricted to command line only. Don't redirect errors to
      stderr.
      684a165f
    • Monty's avatar
      DEV-10595 MariaDB daemon leaks memory with specific query · ee97274c
      Monty authored
      The issue was that in some extreme cases when doing GROUP BY,
      buffers for temporary blobs where not properly cleared.
      ee97274c
  18. 19 Aug, 2016 1 commit
  19. 17 Aug, 2016 1 commit
    • Sergey Vojtovich's avatar
      MDEV-10424 - Assertion `ticket == __null' failed in MDL_request::set_type · 723488bb
      Sergey Vojtovich authored
      Reexecution of prepared "ANALYZE TABLE merge_table, table" may miss to
      reinitialize "table" for subsequent execution and trigger assertion failure.
      
      This happens because MERGE engine may adjust table->next_global chain, which
      gets cleared by close_thread_tables()/ha_myisammrg::detach_children() later.
      Since reinitilization iterates next_global chain, it won't see tables following
      merge table.
      
      Fixed by appending saved next_global chain after merge children.
      723488bb
  20. 11 Aug, 2016 1 commit