1. 04 May, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · 0f26a053
      Georgi Kodinov authored
      This is the 5.1 merge and extension of the fix.
      The server was happily accepting paths in table name in all places a table
      name is accepted (e.g. a SELECT). This allowed all users that have some 
      privilege over some database to read all tables in all databases in all
      mysql server instances that the server file system has access to.
      Fixed by :
      1. making sure no path elements are allowed in quoted table name when
      constructing the path (note that the path symbols are still valid in table names
      when they're properly escaped by the server).
      2. checking the #mysql50# prefixed names the same way they're checked for
      path elements in mysql-5.0.
      0f26a053
  2. 03 May, 2010 3 commits
    • Kristofer Pettersson's avatar
      Automerge · 83fb8a77
      Kristofer Pettersson authored
      83fb8a77
    • Kristofer Pettersson's avatar
      Bug#50373 --secure-file-priv="" · 5b6ebdf0
      Kristofer Pettersson authored
      Iterative patch improvement. Previously committed patch
      caused wrong result on Windows. The previous patch also
      broke secure_file_priv for symlinks since not all file
      paths which must be compared against this variable are
      normalized using the same norm.
      
      The server variable opt_secure_file_priv wasn't
      normalized properly and caused the operations
      LOAD DATA INFILE .. INTO TABLE ..
      and
      SELECT load_file(..)
      to do different interpretations of the 
      --secure-file-priv option.
           
      The patch moves code to the server initialization
      routines so that the path always is normalized
      once and only once.
            
      It was also intended that setting the option
      to an empty string should be equal to 
      lifting all previously set restrictions. This
      is also fixed by this patch.
      5b6ebdf0
    • Georgi Kodinov's avatar
      Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · 6ae9c701
      Georgi Kodinov authored
      The server was not checking the supplied to COM_FIELD_LIST table name
      for validity and compliance to acceptable table names standards.
      Fixed by checking the table name for compliance similar to how it's 
      normally checked by the parser and returning an error message if 
      it's not compliant.
      6ae9c701
  3. 01 May, 2010 1 commit
  4. 30 Apr, 2010 3 commits
    • Alexey Kopytov's avatar
      Automerge. · 0f5afe5d
      Alexey Kopytov authored
      0f5afe5d
    • Alexey Kopytov's avatar
      Bug #48419: another explain crash.. · 96366e11
      Alexey Kopytov authored
      WHERE predicates containing references to empty tables in a
      subquery were handled incorrectly by the optimizer when
      executing EXPLAIN. As a result, the optimizer could try to
      evaluate such predicates rather than just stop with
      "Impossible WHERE noticed after reading const tables" as 
      it would do in a non-subquery case. This led to valgrind 
      errors and crashes.
      
      Fixed the code checking the above condition so that subqueries
      are not excluded and hence are handled in the same way as top
      level SELECTs.
      96366e11
    • Vasil Dimov's avatar
      Disable innodb.innodb, main.ps_3innodb and main.partition_innodb_plugin · 8e6e1634
      Vasil Dimov authored
      mysql-tests because those emit (spurious?) valgrind warnings.
      8e6e1634
  5. 29 Apr, 2010 7 commits
  6. 28 Apr, 2010 5 commits
    • Vasil Dimov's avatar
      Bug#53046 dict_update_statistics_low can still be run concurrently · 792ea1f6
      Vasil Dimov authored
      on same table
      
      Followup to vasil.dimov@oracle.com-20100428102033-dt3caf531rs3lidr :
      
      Add more asserions, which I forgot.
      792ea1f6
    • Vasil Dimov's avatar
      Revert the fix of Bug#38996 Race condition in ANALYZE TABLE · 7cf27d38
      Vasil Dimov authored
      This is branches/zip@r6032 in SVN and _is part_ of
      revid:svn-v4:16c675df-0fcb-4bc9-8058-dcc011a37293:branches/zip:6113
      in BZR.
      
      This is being reverted because now the code is serialized directly on
      index->stat_n_diff_key_vals[] as the fix for
      Bug#53046 dict_update_statistics_low can still be run concurrently on same table
      goes.
      7cf27d38
    • Vasil Dimov's avatar
      Followup to vasil.dimov@oracle.com-20100428084627-wtrmc66wqvjsdgj7: · 1a489632
      Vasil Dimov authored
      Address Marko's suggestions wrt the fix of
      Bug#53046 dict_update_statistics_low can still be run concurrently
      on same table
      1a489632
    • Vasil Dimov's avatar
      Fix Bug#53046 dict_update_statistics_low can still be run concurrently · 90fa66ab
      Vasil Dimov authored
      on same table
      
      Protect dict_index_t::stat_n_diff_key_vals[] with an array of
      mutexes.
      
      Testing: tested all code paths under UNIV_SYNC_DEBUG
      for the one in dict_print() one has to enable the InnoDB table monitor:
      CREATE TABLE innodb_table_monitor (a int) ENGINE=INNODB;
      90fa66ab
    • Marko Makela's avatar
      Merge r6103 from InnoDB Plugin to the built-in InnoDB to fix Bug #53202: · 831f2c9c
      Marko Makela authored
        ------------------------------------------------------------------------
        r6103 | marko | 2009-10-26 15:46:18 +0200 (Mon, 26 Oct 2009) | 4 lines
        Changed paths:
           M /branches/zip/row/row0ins.c
      
        branches/zip: row_ins_alloc_sys_fields(): Zero out the system columns
        DB_TRX_ID, DB_ROLL_PTR and DB_ROW_ID, in order to avoid harmless
        Valgrind warnings about uninitialized data.  (The warnings were
        harmless, because the fields would be initialized at a later stage.)
        ------------------------------------------------------------------------
      831f2c9c
  7. 27 Apr, 2010 6 commits
  8. 26 Apr, 2010 8 commits
  9. 22 Apr, 2010 2 commits
  10. 21 Apr, 2010 4 commits