1. 02 Mar, 2012 1 commit
  2. 28 Feb, 2012 1 commit
  3. 17 Feb, 2012 1 commit
  4. 15 Feb, 2012 1 commit
  5. 10 Feb, 2012 2 commits
  6. 06 Feb, 2012 1 commit
  7. 30 Jan, 2012 1 commit
  8. 12 Jan, 2012 1 commit
  9. 11 Jan, 2012 1 commit
  10. 16 Dec, 2011 3 commits
  11. 14 Dec, 2011 1 commit
  12. 12 Dec, 2011 1 commit
    • Mattias Jonsson's avatar
      Bug#12361113: CRASH WHEN "LOAD INDEX INTO CACHE" WITH TOO · 15827382
      Mattias Jonsson authored
      SMALL KEY CACHE
      
      The server crashed on division by zero because the key cache was not
      initialized and the block length was 0 which was used in a division.
      
      The fix was to not allow CACHE INDEX if the key cache was not initiallized.
      Thus never try LOAD INDEX INTO CACHE for an uninitialized key cache.
      
      Also added some windows files/directories to .bzrignore.
      15827382
  13. 14 Oct, 2011 1 commit
    • Tor Didriksen's avatar
      Bug#12563865 ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0 · d23912da
      Tor Didriksen authored
      Buffer over-run on all platforms, crash on windows, wrong result on other platforms,
      when rounding numbers which start with 999999999 and have
      precision = 9 or 18 or 27 or 36 ...
      
      
      mysql-test/r/type_newdecimal.result:
        New test cases.
      mysql-test/t/type_newdecimal.test:
        New test cases.
      sql/my_decimal.h:
        Add sanity checking code, to catch buffer over/under-run.
      strings/decimal.c:
        The original initialization of intg1 (add 1 if buf[0] == DIG_MAX)
        will set p1 to point outside the buffer, and the loop to copy the original value
            while (buf0 < p0)
              *(--p1) = *(--p0);
        will overwrite memory outside the my_decimal object.
      d23912da
  14. 12 Oct, 2011 1 commit
  15. 06 Oct, 2011 1 commit
  16. 29 Sep, 2011 1 commit
    • Tatjana Azundris Nuernberg's avatar
      Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows /... · b5d40c01
      Tatjana Azundris Nuernberg authored
      Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name
      
      1 - If a user had SHOW VIEW and SELECT privileges on a view and
      this view was referencing another view, EXPLAIN SELECT on the outer
      view (that the user had privileges on) could reveal the structure
      of the underlying "inner" view as well as the number of rows in
      the underlying tables, even if the user had privileges on none of
      these referenced objects.
      
      This happened because we used DEFINER's UID ("SUID") not just for
      the view given in EXPLAIN, but also when checking privileges on
      the underlying views (where we should use the UID of the EXPLAIN's
      INVOKER instead).
      
      We no longer run the EXPLAIN SUID (with DEFINER's privileges).
      This prevents a possible exploit and makes permissions more
      orthogonal.
      
      2 - EXPLAIN SELECT would reveal a view's structure even if the user
      did not have SHOW VIEW privileges for that view, as long as they
      had SELECT privilege on the underlying tables.
      
      Instead of requiring both SHOW VIEW privilege on a view and SELECT
      privilege on all underlying tables, we were checking for presence
      of either of them.
      
      We now explicitly require SHOW VIEW and SELECT privileges on
      the view we run EXPLAIN SELECT on, as well as all its
      underlying views. We also require SELECT on all relevant
      tables. 
      
      
      mysql-test/r/view_grant.result:
        add extensive tests to illustrate desired behavior and
        prevent regressions (as always).
      mysql-test/t/view_grant.test:
        add extensive tests to illustrate desired behavior and
        prevent regressions (as always).
      sql/sql_view.cc:
        We no longer run the EXPLAIN SUID (with DEFINER's privileges).
        To achieve this, we use a temporary, SUID-less TABLE_LIST for
        the views while checking privileges.
      b5d40c01
  17. 17 Aug, 2011 1 commit
  18. 22 Jul, 2011 1 commit
    • Alexander Nozdrin's avatar
      For for Bug#12696072: FIX OUTDATED COPYRIGHT NOTICES IN RUNTIME RELATED CLIENT · 9c1aebb3
      Alexander Nozdrin authored
      TOOLS
      
      Backport a fix for Bug 57094 from 5.5.
      The following revision was backported:
      
      # revision-id: alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
      # parent: bar@mysql.com-20101006121559-am1e05ykeicwnx48
      # committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
      # branch nick: mysql-5.5-bugteam-bug57094
      # timestamp: Wed 2010-10-06 19:06:13 +0400
      # message:
      #   Fix for Bug 57094 (Copyright notice incorrect?).
      #   
      #   The fix is to:
      #     - introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
      #       to specify copyright notice;
      #     - replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
      #       in programs.
      9c1aebb3
  19. 18 Jul, 2011 1 commit
  20. 15 Jul, 2011 1 commit
    • Tor Didriksen's avatar
      Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL · 276b5de0
      Tor Didriksen authored
      The buffer was simply too small.
      In 5.5 and trunk, the size is 311 + 31,
      in 5.1 and below, the size is 331
      
      
      client/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      include/m_string.h:
        Increase FLOATING_POINT_BUFFER
      mysql-test/r/type_float.result:
        New test cases.
      mysql-test/t/type_float.test:
        New test cases.
      sql/sql_string.cc:
        Increase buffer size in String::set(double, ...)
      sql/unireg.h:
        Move definition of FLOATING_POINT_BUFFER
      276b5de0
  21. 12 Jul, 2011 1 commit
    • Luis Soares's avatar
      BUG#12695969 · 34d33506
      Luis Soares authored
      Follow-up patch that adds the newly added header file to
      Makefile.am noinst_HEADERS.
      34d33506
  22. 11 Jul, 2011 1 commit
    • Luis Soares's avatar
      BUG#12695969: FIX OUTDATED COPYRIGHT NOTICES IN REPLACTION · fac2ec36
      Luis Soares authored
      CLIENT TOOLS
            
      The fix is to backport part of revision:
              
        - alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
            
      from mysql-5.5. In detail, we add the oracle welcome notice
      header file proposed in the original patch and include/use it
      in client/mysqlbinlog.cc, replacing the existing and obsolete
      notice.
      fac2ec36
  23. 07 Jul, 2011 1 commit
  24. 06 Jul, 2011 1 commit
  25. 30 Jun, 2011 2 commits
  26. 29 Jun, 2011 1 commit
  27. 16 Jun, 2011 1 commit
  28. 10 Jun, 2011 2 commits
  29. 10 May, 2011 1 commit
  30. 06 May, 2011 1 commit
  31. 05 May, 2011 1 commit
  32. 04 May, 2011 3 commits
    • Georgi Kodinov's avatar
      Addendum to bug #11764517 : don't create links for --mem directory, move the --vardir instead. · e99ee88d
      Georgi Kodinov authored
      The new --secure-file-priv checks dereference any symlinks in the paths and compare the 
      resolved paths.
      Thus the 5.0 test suite must do as the 5.1 and up and avoid using symlinks.
      e99ee88d
    • Tor Didriksen's avatar
      Bug#12329653 - EXPLAIN, UNION, PREPARED STATEMENT, CRASH, SQL_FULL_GROUP_BY · ab3c7688
      Tor Didriksen authored
      The query was re-written *after* we had tagged it with NON_AGG_FIELD_USED.
      Remove the flag before continuing.
      
      
      mysql-test/r/explain.result:
        Update test case for Bug#48295.
      mysql-test/r/subselect.result:
        New test case.
      mysql-test/t/explain.test:
        Update test case for Bug#48295.
      mysql-test/t/subselect.test:
        New test case.
      sql/item.cc:
        Use accessor functions for non_agg_field_used/agg_func_used.
      sql/item_subselect.cc:
        Remove non_agg_field_used when we rewrite query '1 < some (...)' => '1 < max(...)'
      sql/item_sum.cc:
        Use accessor functions for non_agg_field_used/agg_func_used.
      sql/mysql_priv.h:
        Remove unused #defines.
      sql/sql_lex.cc:
        Initialize new member variables.
      sql/sql_lex.h:
        Replace full_group_by_flag with two boolean flags,
        and itroduce accessors for manipulating them.
      sql/sql_select.cc:
        Use accessor functions for non_agg_field_used/agg_func_used.
      ab3c7688
    • Georgi Kodinov's avatar
  33. 28 Apr, 2011 1 commit
    • Georgi Kodinov's avatar
      Bug #11764517: 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV · aa30a77d
      Georgi Kodinov authored
        USING '..' ON WINDOWS
      
      Backport of the fix to 5.0 (to be null-merged to 5.1).
      Moved the test into the main test suite. 
      Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
      are now properly recognized by secure_file_priv.
      Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
      that are checked against secure_file_priv in a correct way similarly to 5.1 
      by the extended is_secure_file_path() backport before the comparison.
      Added an extensive test with all the variants of upper/lower case, 
      slash/backslash and case sensitivity.
      Added few comments to the code.
      aa30a77d