- 14 Oct, 2011 1 commit
-
-
Tor Didriksen authored
Buffer over-run on all platforms, crash on windows, wrong result on other platforms, when rounding numbers which start with 999999999 and have precision = 9 or 18 or 27 or 36 ... mysql-test/r/type_newdecimal.result: New test cases. mysql-test/t/type_newdecimal.test: New test cases. sql/my_decimal.h: Add sanity checking code, to catch buffer over/under-run. strings/decimal.c: The original initialization of intg1 (add 1 if buf[0] == DIG_MAX) will set p1 to point outside the buffer, and the loop to copy the original value while (buf0 < p0) *(--p1) = *(--p0); will overwrite memory outside the my_decimal object.
-
- 12 Oct, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 06 Oct, 2011 1 commit
-
-
Tatjana Azundris Nuernberg authored
-
- 29 Sep, 2011 1 commit
-
-
Tatjana Azundris Nuernberg authored
Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name 1 - If a user had SHOW VIEW and SELECT privileges on a view and this view was referencing another view, EXPLAIN SELECT on the outer view (that the user had privileges on) could reveal the structure of the underlying "inner" view as well as the number of rows in the underlying tables, even if the user had privileges on none of these referenced objects. This happened because we used DEFINER's UID ("SUID") not just for the view given in EXPLAIN, but also when checking privileges on the underlying views (where we should use the UID of the EXPLAIN's INVOKER instead). We no longer run the EXPLAIN SUID (with DEFINER's privileges). This prevents a possible exploit and makes permissions more orthogonal. 2 - EXPLAIN SELECT would reveal a view's structure even if the user did not have SHOW VIEW privileges for that view, as long as they had SELECT privilege on the underlying tables. Instead of requiring both SHOW VIEW privilege on a view and SELECT privilege on all underlying tables, we were checking for presence of either of them. We now explicitly require SHOW VIEW and SELECT privileges on the view we run EXPLAIN SELECT on, as well as all its underlying views. We also require SELECT on all relevant tables. mysql-test/r/view_grant.result: add extensive tests to illustrate desired behavior and prevent regressions (as always). mysql-test/t/view_grant.test: add extensive tests to illustrate desired behavior and prevent regressions (as always). sql/sql_view.cc: We no longer run the EXPLAIN SUID (with DEFINER's privileges). To achieve this, we use a temporary, SUID-less TABLE_LIST for the views while checking privileges.
-
- 17 Aug, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 22 Jul, 2011 1 commit
-
-
Alexander Nozdrin authored
TOOLS Backport a fix for Bug 57094 from 5.5. The following revision was backported: # revision-id: alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c # parent: bar@mysql.com-20101006121559-am1e05ykeicwnx48 # committer: Alexander Nozdrin <alexander.nozdrin@oracle.com> # branch nick: mysql-5.5-bugteam-bug57094 # timestamp: Wed 2010-10-06 19:06:13 +0400 # message: # Fix for Bug 57094 (Copyright notice incorrect?). # # The fix is to: # - introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place # to specify copyright notice; # - replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE # in programs.
-
- 18 Jul, 2011 1 commit
-
-
Tor Didriksen authored
-
- 15 Jul, 2011 1 commit
-
-
Tor Didriksen authored
The buffer was simply too small. In 5.5 and trunk, the size is 311 + 31, in 5.1 and below, the size is 331 client/sql_string.cc: Increase buffer size in String::set(double, ...) include/m_string.h: Increase FLOATING_POINT_BUFFER mysql-test/r/type_float.result: New test cases. mysql-test/t/type_float.test: New test cases. sql/sql_string.cc: Increase buffer size in String::set(double, ...) sql/unireg.h: Move definition of FLOATING_POINT_BUFFER
-
- 12 Jul, 2011 1 commit
-
-
Luis Soares authored
Follow-up patch that adds the newly added header file to Makefile.am noinst_HEADERS.
-
- 11 Jul, 2011 1 commit
-
-
Luis Soares authored
CLIENT TOOLS The fix is to backport part of revision: - alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c from mysql-5.5. In detail, we add the oracle welcome notice header file proposed in the original patch and include/use it in client/mysqlbinlog.cc, replacing the existing and obsolete notice.
-
- 07 Jul, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 06 Jul, 2011 1 commit
-
-
Sunanda Menon authored
-
- 30 Jun, 2011 2 commits
-
-
Kent Boortz authored
-
Kent Boortz authored
-
- 29 Jun, 2011 1 commit
-
-
Vasil Dimov authored
Update copyright comment in innochecksum.
-
- 16 Jun, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 10 Jun, 2011 2 commits
-
-
Karen Langford authored
-
Sunanda Menon authored
-
- 10 May, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 06 May, 2011 1 commit
-
-
Sunanda Menon authored
-
- 05 May, 2011 1 commit
-
-
Georgi Kodinov authored
patch so that it can later be compared with patchs with expanded symlinks
-
- 04 May, 2011 3 commits
-
-
Georgi Kodinov authored
The new --secure-file-priv checks dereference any symlinks in the paths and compare the resolved paths. Thus the 5.0 test suite must do as the 5.1 and up and avoid using symlinks.
-
Tor Didriksen authored
The query was re-written *after* we had tagged it with NON_AGG_FIELD_USED. Remove the flag before continuing. mysql-test/r/explain.result: Update test case for Bug#48295. mysql-test/r/subselect.result: New test case. mysql-test/t/explain.test: Update test case for Bug#48295. mysql-test/t/subselect.test: New test case. sql/item.cc: Use accessor functions for non_agg_field_used/agg_func_used. sql/item_subselect.cc: Remove non_agg_field_used when we rewrite query '1 < some (...)' => '1 < max(...)' sql/item_sum.cc: Use accessor functions for non_agg_field_used/agg_func_used. sql/mysql_priv.h: Remove unused #defines. sql/sql_lex.cc: Initialize new member variables. sql/sql_lex.h: Replace full_group_by_flag with two boolean flags, and itroduce accessors for manipulating them. sql/sql_select.cc: Use accessor functions for non_agg_field_used/agg_func_used.
-
Georgi Kodinov authored
-
- 28 Apr, 2011 1 commit
-
-
Georgi Kodinov authored
USING '..' ON WINDOWS Backport of the fix to 5.0 (to be null-merged to 5.1). Moved the test into the main test suite. Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks are now properly recognized by secure_file_priv. Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE that are checked against secure_file_priv in a correct way similarly to 5.1 by the extended is_secure_file_path() backport before the comparison. Added an extensive test with all the variants of upper/lower case, slash/backslash and case sensitivity. Added few comments to the code.
-
- 18 Apr, 2011 1 commit
-
-
Georgi Kodinov authored
The 5.0 fix. Removed unreferenced files and the directory that has them.
-
- 13 Apr, 2011 1 commit
-
-
Jon Olav Hauglid authored
DEFINITION OF ANY ROUTINE. This follow-up patch removes SHOW PROCEDURE CODE from the test case as this command is only available on debug versions of the server and therefore caused the test to fail on release builds.
-
- 11 Apr, 2011 6 commits
-
-
Jon Olav Hauglid authored
DEFINITION OF ANY ROUTINE. The problem was that having the SELECT privilege any column of the mysql.proc table by mistake allowed the user to see the definition of all routines (using SHOW CREATE PROCEDURE/FUNCTION and SHOW PROCEDURE/FUNCTION CODE). This patch fixes the problem by making sure that those commands are only allowed if the user has the SELECT privilege on the mysql.proc table itself. Test case added to sp-security.test.
-
Alexander Nozdrin authored
-
Alexander Nozdrin authored
-
Alexander Nozdrin authored
-
Alexander Nozdrin authored
-
Sunanda Menon authored
-
- 07 Apr, 2011 1 commit
-
-
Georgi Kodinov authored
-
- 22 Mar, 2011 2 commits
-
-
Magne Mahre authored
Didn't build on Solaris.
-
Magne Mahre authored
The LGPL license is used in some legacy code, and to adhere to current licensing polity, we remove those files that are no longer used, and reorganize the remaining LGPL code so it will be GPL licensed from now on. Note: This patch only removed LGPL licensed files in MySQL 5.0, and is the first of a set of patches to remove LGPL from all trees. (See Bug# 11840513 for details) include/my_compare.h: Mostly code moved in from my_handler include/my_global.h: AIX-only code. Function used to be in my_port.c Inlining instead. libmysql/Makefile.shared: my_gethostbyname and my_port is removed myisam/mi_check.c: ha_find_null is moved from my_handler and made static.
-
- 21 Mar, 2011 3 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
Ramil Kalimullin authored
-
- 16 Mar, 2011 1 commit
-
-
Kent Boortz authored
-