From 96f2393ce0e4c6fa856ac3f62e28fd54fa8c498e Mon Sep 17 00:00:00 2001 From: Julien Muchembled <jm@nexedi.com> Date: Wed, 12 Oct 2011 17:27:01 +0200 Subject: [PATCH] mysql: remove default anonymous access that was breaking socket connection --- component/mariadb/buildout.cfg | 10 +++++++ .../mysql_create_system_tables__no_test.patch | 26 +++++++++++++++++++ component/mysql-5.1/buildout.cfg | 8 ++++++ .../mysql_create_system_tables__no_test.patch | 26 +++++++++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 component/mariadb/mysql_create_system_tables__no_test.patch create mode 100644 component/mysql-5.1/mysql_create_system_tables__no_test.patch diff --git a/component/mariadb/buildout.cfg b/component/mariadb/buildout.cfg index 73e4c8719..65ef00cda 100644 --- a/component/mariadb/buildout.cfg +++ b/component/mariadb/buildout.cfg @@ -12,6 +12,13 @@ extends = parts = mariadb +[mariadb-no_test-patch] +recipe = hexagonit.recipe.download +url = ${:_profile_base_location_}/${:filename} +md5sum = 22b0ef8baec5efc182e10d233c6f14ca +filename = mysql_create_system_tables__no_test.patch +download-only = true + [mariadb] recipe = hexagonit.recipe.cmmi version = 5.3.1-beta @@ -36,6 +43,9 @@ configure-options = --with-ssl --with-zlib-dir=${zlib:location} +patch-options = -p0 +patches = + ${mariadb-no_test-patch:location}/${mariadb-no_test-patch:filename} environment = CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib diff --git a/component/mariadb/mysql_create_system_tables__no_test.patch b/component/mariadb/mysql_create_system_tables__no_test.patch new file mode 100644 index 000000000..31f5d0ab1 --- /dev/null +++ b/component/mariadb/mysql_create_system_tables__no_test.patch @@ -0,0 +1,26 @@ +# 33_scripts__mysql_create_system_tables__no_test.dpatch by <ch@debian.org> + +A user with no password prevents a normal user from login under certain +circumstances as it is checked first. +See http://bugs.debian.org/301741 +and http://bugs.mysql.com/bug.php?id=6901 + +--- scripts/mysql_system_tables_data.sql 2008-12-04 22:59:44.000000000 +0100 ++++ scripts/mysql_system_tables_data.sql 2008-12-04 23:00:07.000000000 +0100 +@@ -11,8 +11,6 @@ + -- Fill "db" table with default grants for anyone to + -- access database 'test' and 'test_%' if "db" table didn't exist + CREATE TEMPORARY TABLE tmp_db LIKE db; +-INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y'); +-INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y'); + INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0; + DROP TABLE tmp_db; + +@@ -24,7 +22,5 @@ + INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'',''); + REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','' FROM dual WHERE LOWER( @current_hostname) != 'localhost'; + REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'',''); +-INSERT INTO tmp_user (host,user) VALUES ('localhost',''); +-INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost'; + INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; + DROP TABLE tmp_user; diff --git a/component/mysql-5.1/buildout.cfg b/component/mysql-5.1/buildout.cfg index 5c912b79d..02538bbcb 100644 --- a/component/mysql-5.1/buildout.cfg +++ b/component/mysql-5.1/buildout.cfg @@ -21,6 +21,13 @@ md5sum = eefcd08c400c58d3e89542ab482a8429 filename = mysql-5.1-sphinx-2.0.1-beta.diff download-only = true +[mysql-5.1-no_test-patch] +recipe = hexagonit.recipe.download +url = ${:_profile_base_location_}/${:filename} +md5sum = 22b0ef8baec5efc182e10d233c6f14ca +filename = mysql_create_system_tables__no_test.patch +download-only = true + [mysql-5.1] recipe = hexagonit.recipe.cmmi version = 5.1.58 @@ -60,6 +67,7 @@ make-options = patch-options = -p0 patches = ${mysql-5.1-sphinx-patch:location}/${mysql-5.1-sphinx-patch:filename} + ${mysql-5.1-no_test-patch:location}/${mysql-5.1-no_test-patch:filename} environment = PATH =${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${bison:location}/bin:${flex:location}/bin:%(PATH)s CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include diff --git a/component/mysql-5.1/mysql_create_system_tables__no_test.patch b/component/mysql-5.1/mysql_create_system_tables__no_test.patch new file mode 100644 index 000000000..0087e1758 --- /dev/null +++ b/component/mysql-5.1/mysql_create_system_tables__no_test.patch @@ -0,0 +1,26 @@ +# 33_scripts__mysql_create_system_tables__no_test.dpatch by <ch@debian.org> + +A user with no password prevents a normal user from login under certain +circumstances as it is checked first. +See http://bugs.debian.org/301741 +and http://bugs.mysql.com/bug.php?id=6901 + +--- scripts/mysql_system_tables_data.sql 2008-12-04 22:59:44.000000000 +0100 ++++ scripts/mysql_system_tables_data.sql 2008-12-04 23:00:07.000000000 +0100 +@@ -11,8 +11,6 @@ + -- Fill "db" table with default grants for anyone to + -- access database 'test' and 'test_%' if "db" table didn't exist + CREATE TEMPORARY TABLE tmp_db LIKE db; +-INSERT INTO tmp_db VALUES ('%','test','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y'); +-INSERT INTO tmp_db VALUES ('%','test\_%','','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y','Y','Y','Y','N','N','Y','Y'); + INSERT INTO db SELECT * FROM tmp_db WHERE @had_db_table=0; + DROP TABLE tmp_db; + +@@ -24,7 +22,5 @@ + INSERT INTO tmp_user VALUES ('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0); + REPLACE INTO tmp_user SELECT @current_hostname,'root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0 FROM dual WHERE LOWER( @current_hostname) != 'localhost'; + REPLACE INTO tmp_user VALUES ('127.0.0.1','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0); +-INSERT INTO tmp_user (host,user) VALUES ('localhost',''); +-INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE LOWER(@current_hostname ) != 'localhost'; + INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; + DROP TABLE tmp_user; -- 2.30.9