mariadb: Security fix for CVE-2016-6664akuster/morty-next

Source: https://github.com/MariaDB/server.git
MR: 69290
Type: Security Fix
Disposition: Backport from mariadb-5.5.54~4
ChangeID: 8fcdd6b0ecbb966f4479856efe93a963a7a422f7
Description:

CVE-2016-6664

Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

4 files changed, 768 insertions, 0 deletions

diff --git a/meta-oe/recipes-support/mysql/mariadb.inc b/meta-oe/recipes-support/mysql/mariadb.inc
index f3eb4c77ed..6662f4caf9 100644
--- a/meta-oe/recipes-support/mysql/mariadb.inc
+++ b/meta-oe/recipes-support/mysql/mariadb.inc
@@ -17,6 +17,9 @@ SRC_URI = "http://downloads.mariadb.com/MariaDB/mariadb-${PV}/source/mariadb-${P
            file://fix-a-building-failure.patch \
            file://change-cc-to-cc-version.patch \
            file://0001-disable-ucontext-on-musl.patch \
+           file://CVE-2016-6664_p1.patch \
+           file://CVE-2016-6664_p2.patch \
+           file://CVE-2016-6664_p3.patch \
           "
 SRC_URI[md5sum] = "fca86f1eaed2163b4bdce4f98f472324"
 SRC_URI[sha256sum] = "e142f9459507b97c5848042863b313ce70750118446bb4e35e5c07fe66007293"
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch
new file mode 100644
index 0000000000..e8b0a84ce9
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch
@@ -0,0 +1,277 @@
+From af4f1bd59b38e3172b882107c49b8612537f4f4f Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Tue, 20 Dec 2016 15:17:59 +0100
+Subject: [PATCH 1/3] move check_user/set_user from mysqld.cc to mysys
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#1
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ include/my_sys.h     |  4 +++
+ mysys/CMakeLists.txt |  4 +--
+ mysys/my_setuser.c   | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ sql/mysqld.cc        | 83 +++++++---------------------------------------------
+ 4 files changed, 98 insertions(+), 74 deletions(-)
+ create mode 100644 mysys/my_setuser.c
+
+diff --git a/include/my_sys.h b/include/my_sys.h
+index 7e37fe598bd..756a40c72f6 100644
+--- a/include/my_sys.h
++++ b/include/my_sys.h
+@@ -602,8 +602,12 @@ extern void *my_memmem(const void *haystack, size_t haystacklen,
+ 
+ #ifdef _WIN32
+ extern int      my_access(const char *path, int amode);
++#define my_check_user(A,B) (NULL)
++#define my_set_user(A,B,C) (0)
+ #else
+ #define my_access access
++struct passwd *my_check_user(const char *user, myf MyFlags);
++int my_set_user(const char *user, struct passwd *user_info, myf MyFlags);
+ #endif
+ 
+ extern int check_if_legal_filename(const char *path);
+diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt
+index 06a811f0994..cb86850c2de 100644
+--- a/mysys/CMakeLists.txt
++++ b/mysys/CMakeLists.txt
+@@ -34,7 +34,7 @@ SET(MYSYS_SOURCES  array.c charset-def.c charset.c checksum.c default.c
+ 				rijndael.c sha1.c string.c thr_alarm.c thr_lock.c thr_mutex.c
+ 				thr_rwlock.c tree.c typelib.c base64.c my_memmem.c my_getpagesize.c
+ 				lf_alloc-pin.c lf_dynarray.c lf_hash.c
+-                safemalloc.c my_new.cc
++                                safemalloc.c my_new.cc
+ 				my_atomic.c my_getncpus.c my_safehash.c my_chmod.c my_rnd.c
+                                 my_uuid.c wqueue.c waiting_threads.c ma_dyncol.c
+ 				my_rdtsc.c my_context.c file_logger.c)
+@@ -44,7 +44,7 @@ IF (WIN32)
+ ENDIF()
+ 
+ IF(UNIX)
+- SET (MYSYS_SOURCES ${MYSYS_SOURCES} my_addr_resolve.c)
++ SET (MYSYS_SOURCES ${MYSYS_SOURCES} my_addr_resolve.c my_setuser.c)
+ ENDIF()
+ 
+ IF(HAVE_ALARM)
+diff --git a/mysys/my_setuser.c b/mysys/my_setuser.c
+new file mode 100644
+index 00000000000..1f3e7770d4c
+--- /dev/null
++++ b/mysys/my_setuser.c
+@@ -0,0 +1,81 @@
++#include <my_global.h>
++#include <m_string.h>
++#include <my_sys.h>
++#include <my_pthread.h>
++#ifdef HAVE_PWD_H
++#include <pwd.h>
++#endif
++#ifdef HAVE_GRP_H
++#include <grp.h>
++#endif
++
++struct passwd *my_check_user(const char *user, myf MyFlags)
++{
++  struct passwd *user_info;
++  uid_t user_id= geteuid();
++  DBUG_ENTER("my_check_user");
++
++  // Don't bother if we aren't superuser
++  if (user_id)
++  {
++    if (user)
++    {
++      /* Don't give a warning, if real user is same as given with --user */
++      user_info= getpwnam(user);
++      if (!user_info || user_id != user_info->pw_uid)
++      {
++        my_errno= EPERM;
++        if (MyFlags & MY_WME)
++          my_printf_error(my_errno, "One can only use the --user switch if "
++                         "running as root", MYF(ME_JUST_WARNING|ME_NOREFRESH));
++      }
++    }
++    DBUG_RETURN(NULL);
++  }
++  if (!user)
++  {
++    if (MyFlags & MY_FAE)
++    {
++      my_errno= EINVAL;
++      my_printf_error(my_errno, "Please consult the Knowledge Base to find "
++                      "out how to run mysqld as root!", MYF(ME_NOREFRESH));
++    }
++    DBUG_RETURN(NULL);
++  }
++  if (!strcmp(user,"root"))
++    DBUG_RETURN(NULL);
++
++  if (!(user_info= getpwnam(user)))
++  {
++    // Allow a numeric uid to be used
++    int err= 0;
++    user_id= my_strtoll10(user, NULL, &err);
++    if (err || !(user_info= getpwuid(user_id)))
++    {
++      my_errno= EINVAL;
++      my_printf_error(my_errno, "Can't change to run as user '%s'.  Please "
++                      "check that the user exists!", MYF(ME_NOREFRESH), user);
++      DBUG_RETURN(NULL);
++    }
++  }
++  DBUG_ASSERT(user_info);
++  DBUG_RETURN(user_info);
++}
++
++int my_set_user(const char *user, struct passwd *user_info, myf MyFlags)
++{
++  DBUG_ENTER("my_set_user");
++
++  DBUG_ASSERT(user_info != 0);
++#ifdef HAVE_INITGROUPS
++  initgroups(user, user_info->pw_gid);
++#endif
++  if (setgid(user_info->pw_gid) == -1 || setuid(user_info->pw_uid) == -1)
++  {
++    my_errno= errno;
++    if (MyFlags & MY_WME)
++      my_error(my_errno, MYF(ME_NOREFRESH));
++    DBUG_RETURN(my_errno);
++  }
++  DBUG_RETURN(0);
++}
+diff --git a/sql/mysqld.cc b/sql/mysqld.cc
+index 3ad7b84829d..dd961ec20f0 100644
+--- a/sql/mysqld.cc
++++ b/sql/mysqld.cc
+@@ -121,10 +121,7 @@ extern "C" {					// Because of SCO 3.2V4.2
+ #include <sysent.h>
+ #endif
+ #ifdef HAVE_PWD_H
+-#include <pwd.h>				// For getpwent
+-#endif
+-#ifdef HAVE_GRP_H
+-#include <grp.h>
++#include <pwd.h>				// For struct passwd
+ #endif
+ #include <my_net.h>
+ 
+@@ -455,9 +452,7 @@ ulong opt_binlog_rows_event_max_size;
+ my_bool opt_master_verify_checksum= 0;
+ my_bool opt_slave_sql_verify_checksum= 1;
+ const char *binlog_format_names[]= {"MIXED", "STATEMENT", "ROW", NullS};
+-#ifdef HAVE_INITGROUPS
+ volatile sig_atomic_t calling_initgroups= 0; /**< Used in SIGSEGV handler. */
+-#endif
+ uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options;
+ uint mysqld_extra_port;
+ uint mysqld_port_timeout;
+@@ -2007,59 +2002,18 @@ static void set_ports()
+ 
+ static struct passwd *check_user(const char *user)
+ {
+-#if !defined(__WIN__)
+-  struct passwd *tmp_user_info;
+-  uid_t user_id= geteuid();
++  myf flags= 0;
++  if (global_system_variables.log_warnings)
++    flags|= MY_WME;
++  if (!opt_bootstrap && !opt_help)
++    flags|= MY_FAE;
+ 
+-  // Don't bother if we aren't superuser
+-  if (user_id)
+-  {
+-    if (user)
+-    {
+-      /* Don't give a warning, if real user is same as given with --user */
+-      /* purecov: begin tested */
+-      tmp_user_info= getpwnam(user);
+-      if ((!tmp_user_info || user_id != tmp_user_info->pw_uid) &&
+-	  global_system_variables.log_warnings)
+-        sql_print_warning(
+-                    "One can only use the --user switch if running as root\n");
+-      /* purecov: end */
+-    }
+-    return NULL;
+-  }
+-  if (!user)
+-  {
+-    if (!opt_bootstrap && !opt_help)
+-    {
+-      sql_print_error("Fatal error: Please consult the Knowledge Base "
+-                      "to find out how to run mysqld as root!\n");
+-      unireg_abort(1);
+-    }
+-    return NULL;
+-  }
+-  /* purecov: begin tested */
+-  if (!strcmp(user,"root"))
+-    return NULL;                        // Avoid problem with dynamic libraries
++  struct passwd *tmp_user_info= my_check_user(user, MYF(flags));
+ 
+-  if (!(tmp_user_info= getpwnam(user)))
+-  {
+-    // Allow a numeric uid to be used
+-    const char *pos;
+-    for (pos= user; my_isdigit(mysqld_charset,*pos); pos++) ;
+-    if (*pos)                                   // Not numeric id
+-      goto err;
+-    if (!(tmp_user_info= getpwuid(atoi(user))))
+-      goto err;
+-  }
++  if (!tmp_user_info && my_errno==EINVAL && (flags & MY_FAE))
++    unireg_abort(1);
+ 
+   return tmp_user_info;
+-  /* purecov: end */
+-
+-err:
+-  sql_print_error("Fatal error: Can't change to run as user '%s' ;  Please check that the user exists!\n",user);
+-  unireg_abort(1);
+-#endif
+-  return NULL;
+ }
+ 
+ static inline void allow_coredumps()
+@@ -2076,10 +2030,6 @@ static inline void allow_coredumps()
+ 
+ static void set_user(const char *user, struct passwd *user_info_arg)
+ {
+-  /* purecov: begin tested */
+-#if !defined(__WIN__)
+-  DBUG_ASSERT(user_info_arg != 0);
+-#ifdef HAVE_INITGROUPS
+   /*
+     We can get a SIGSEGV when calling initgroups() on some systems when NSS
+     is configured to use LDAP and the server is statically linked.  We set
+@@ -2087,22 +2037,11 @@ static void set_user(const char *user, struct passwd *user_info_arg)
+     output a specific message to help the user resolve this problem.
+   */
+   calling_initgroups= 1;
+-  initgroups((char*) user, user_info_arg->pw_gid);
++  int res= my_set_user(user, user_info_arg, MYF(MY_WME));
+   calling_initgroups= 0;
+-#endif
+-  if (setgid(user_info_arg->pw_gid) == -1)
+-  {
+-    sql_perror("setgid");
+-    unireg_abort(1);
+-  }
+-  if (setuid(user_info_arg->pw_uid) == -1)
+-  {
+-    sql_perror("setuid");
++  if (res)
+     unireg_abort(1);
+-  }
+   allow_coredumps();
+-#endif
+-  /* purecov: end */
+ }
+ 
+ 
+-- 
+2.11.1
+
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch
new file mode 100644
index 0000000000..3c466185b4
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch
@@ -0,0 +1,58 @@
+From 7e4faa6aa71e84193a3fd9a40cfa6fca0c52d496 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 29 Sep 2016 10:16:24 +0200
+Subject: [PATCH 2/3] mysqld_safe: close stdout and stderr
+
+when they're not needed anymore. Helps when
+daemonizing it from mysql.init
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#2
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ scripts/mysqld_safe.sh        | 6 +++++-
+ support-files/mysql.server.sh | 2 +-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
+index 7f18abb3dc2..7cadce725d1 100644
+--- a/scripts/mysqld_safe.sh
++++ b/scripts/mysqld_safe.sh
+@@ -620,6 +620,10 @@ else
+   logging=syslog
+ fi
+ 
++# close stdout and stderr, everything goes to $logging now
++exec 1>&-
++exec 2>&-
++
+ USER_OPTION=""
+ if test -w / -o "$USER" = "root"
+ then
+@@ -650,7 +654,7 @@ if [ ! -d $mysql_unix_port_dir ]
+ then
+   if ! `mkdir -p $mysql_unix_port_dir`
+   then
+-    echo "Fatal error Can't create database directory '$mysql_unix_port'"
++    log_error "Fatal error Can't create database directory '$mysql_unix_port'"
+     exit 1
+   fi
+   chown $user $mysql_unix_port_dir
+diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh
+index e5c8814f930..d4fff33af13 100644
+--- a/support-files/mysql.server.sh
++++ b/support-files/mysql.server.sh
+@@ -308,7 +308,7 @@ case "$mode" in
+     then
+       # Give extra arguments to mysqld with the my.cnf file. This script
+       # may be overwritten at next upgrade.
+-      $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null &
++      $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args &
+       wait_for_ready; return_value=$?
+ 
+       # Make lock for RedHat / SuSE
+-- 
+2.11.1
+
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
new file mode 100644
index 0000000000..5cfea7a2be
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
@@ -0,0 +1,430 @@
+From e90cb0acd45bf58d36abf78d01d60ed597982835 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Tue, 20 Dec 2016 21:16:23 +0100
+Subject: [PATCH 3/3] Numerous issues in mysqld_safe
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#3
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ .gitignore                                     |   1 +
+ debian/dist/Debian/mariadb-server-5.5.files.in |   1 +
+ debian/dist/Ubuntu/mariadb-server-5.5.files.in |   1 +
+ extra/CMakeLists.txt                           |   3 +
+ extra/mysqld_safe_helper.c                     |  77 ++++++++++++++++++
+ scripts/mysqld_safe.sh                         | 107 ++++++++++---------------
+ support-files/mysql.server.sh                  |   8 +-
+ 7 files changed, 128 insertions(+), 70 deletions(-)
+ create mode 100644 extra/mysqld_safe_helper.c
+
+diff --git a/.gitignore b/.gitignore
+index c3d50ee335b..9229a6345fc 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -49,6 +49,7 @@ extra/jemalloc/build/
+ extra/jemalloc/tmp/
+ extra/my_print_defaults
+ extra/mysql_waitpid
++extra/mysqld_safe_helper
+ extra/perror
+ extra/replace
+ extra/resolve_stack_dump
+diff --git a/debian/dist/Debian/mariadb-server-5.5.files.in b/debian/dist/Debian/mariadb-server-5.5.files.in
+index c1ea58740e4..47a9887b075 100644
+--- a/debian/dist/Debian/mariadb-server-5.5.files.in
++++ b/debian/dist/Debian/mariadb-server-5.5.files.in
+@@ -32,6 +32,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/debian/dist/Ubuntu/mariadb-server-5.5.files.in b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+index 7f75ccc2303..5182dd76346 100644
+--- a/debian/dist/Ubuntu/mariadb-server-5.5.files.in
++++ b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+@@ -34,6 +34,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/extra/CMakeLists.txt b/extra/CMakeLists.txt
+index f8f71b00743..7f47f878110 100644
+--- a/extra/CMakeLists.txt
++++ b/extra/CMakeLists.txt
+@@ -82,4 +82,7 @@ IF(UNIX)
+ 
+   MYSQL_ADD_EXECUTABLE(mysql_waitpid mysql_waitpid.c COMPONENT Client)
+   TARGET_LINK_LIBRARIES(mysql_waitpid mysys)
++
++  MYSQL_ADD_EXECUTABLE(mysqld_safe_helper mysqld_safe_helper.c COMPONENT Server)
++  TARGET_LINK_LIBRARIES(mysqld_safe_helper mysys)
+ ENDIF()
+diff --git a/extra/mysqld_safe_helper.c b/extra/mysqld_safe_helper.c
+new file mode 100644
+index 00000000000..09e507c6e1c
+--- /dev/null
++++ b/extra/mysqld_safe_helper.c
+@@ -0,0 +1,77 @@
++#include <my_global.h>
++#include <m_string.h>
++#include <my_sys.h>
++#include <my_pthread.h>
++#ifdef HAVE_PWD_H
++#include <pwd.h>
++#endif
++#include <stdlib.h>
++#include <stdio.h>
++
++void my_exit(int c)
++{
++  my_end(0);
++  exit(c);
++}
++
++void do_usage()
++{
++  printf("Usage:\n"
++         "  %s <user> log  <filename>\n"
++         "  %s <user> exec <command> <args>\n",
++         my_progname, my_progname);
++  my_exit(1);
++}
++
++void do_log(const char *logfile)
++{
++  FILE *f;
++  uchar buf[4096];
++  int size;
++
++  if (!logfile)
++    do_usage();
++
++  f= my_fopen(logfile, O_WRONLY|O_APPEND|O_CREAT, MYF(MY_WME));
++  if (!f)
++    my_exit(1);
++
++  while ((size= my_fread(stdin, buf, sizeof(buf), MYF(MY_WME))) > 0)
++    if ((int)my_fwrite(f, buf, size, MYF(MY_WME)) != size)
++      my_exit(1);
++
++  my_fclose(f, MYF(0));
++  my_exit(0);
++}
++
++void do_exec(char *args[])
++{
++  if (!args[0])
++    do_usage();
++
++  my_end(0);
++  execvp(args[0], args);
++}
++
++int main(int argc, char *argv[])
++{
++  struct passwd *user_info;
++  MY_INIT(argv[0]);
++
++  if (argc < 3)
++    do_usage(argv[0]);
++
++  user_info= my_check_user(argv[1], MYF(0));
++  if (user_info ? my_set_user(argv[1], user_info, MYF(MY_WME))
++                : my_errno == EINVAL)
++    my_exit(1);
++
++  if (strcmp(argv[2], "log") == 0)
++    do_log(argv[3]);
++
++  if (strcmp(argv[2], "exec") == 0)
++    do_exec(argv+3);
++
++  my_end(0);
++  return 1;
++}
+diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
+index 7cadce725d1..059263fad51 100644
+--- a/scripts/mysqld_safe.sh
++++ b/scripts/mysqld_safe.sh
+@@ -20,6 +20,7 @@ mysqld_ld_preload=
+ mysqld_ld_library_path=
+ flush_caches=0
+ numa_interleave=0
++unsafe_my_cnf=0
+ 
+ # Initial logging status: error log is not open, and not using syslog
+ logging=init
+@@ -128,6 +129,18 @@ my_which ()
+   return $ret  # Success
+ }
+ 
++find_in_bin() {
++  if test -x "$MY_BASEDIR_VERSION/bin/$1"
++  then
++    echo "$MY_BASEDIR_VERSION/bin/$1"
++  elif test -x "@bindir@/$1"
++  then
++    echo "@bindir@/$1"
++  else
++    echo "$1"
++  fi
++}
++
+ log_generic () {
+   priority="$1"
+   shift
+@@ -136,7 +149,7 @@ log_generic () {
+   echo "$msg"
+   case $logging in
+     init) ;;  # Just echo the message, don't save it anywhere
+-    file) echo "$msg" >> "$err_log" ;;
++    file) echo "$msg" | "$helper" "$user" log "$err_log" ;;
+     syslog) logger -t "$syslog_tag_mysqld_safe" -p "$priority" "$*" ;;
+     *)
+       echo "Internal program error (non-fatal):" \
+@@ -156,7 +169,7 @@ log_notice () {
+ eval_log_error () {
+   cmd="$1"
+   case $logging in
+-    file) cmd="$cmd >> "`shell_quote_string "$err_log"`" 2>&1" ;;
++    file) cmd="$cmd 2>&1 | "`shell_quote_string "$helper"`" $user log "`shell_quote_string "$err_log"` ;;
+     syslog)
+       # mysqld often prefixes its messages with a timestamp, which is
+       # redundant when logging to syslog (which adds its own timestamp)
+@@ -190,6 +203,13 @@ shell_quote_string() {
+   echo "$1" | sed -e 's,\([^a-zA-Z0-9/_.=-]\),\\\1,g'
+ }
+ 
++check_executable_location() {
++  if test "$unsafe_my_cnf" = 1 -a "$unrecognized_handling" != collect; then
++    log_error "Cannot accept $1 from a config file, when my.cnf is in the datadir"
++    exit 1
++  fi
++}
++
+ parse_arguments() {
+   for arg do
+     # the parameter after "=", or the whole $arg if no match
+@@ -200,7 +220,6 @@ parse_arguments() {
+     optname_subst=`echo "$optname" | sed 's/_/-/g'`
+     arg=`echo $arg | sed "s/^$optname/$optname_subst/"`
+     case "$arg" in
+-      --crash-script=*) CRASH_SCRIPT="$val" ;;
+       # these get passed explicitly to mysqld
+       --basedir=*) MY_BASEDIR_VERSION="$val" ;;
+       --datadir=*|--data=*) DATADIR="$val" ;;
+@@ -220,12 +239,14 @@ parse_arguments() {
+ 
+       # mysqld_safe-specific options - must be set in my.cnf ([mysqld_safe])!
+       --core-file-size=*) core_file_size="$val" ;;
+-      --ledir=*) ledir="$val" ;;
+-      --malloc-lib=*) set_malloc_lib "$val" ;;
+-      --mysqld=*) MYSQLD="$val" ;;
++      --ledir=*) check_executable_location "$arg" ; ledir="$val" ;;
++      --malloc-lib=*) check_executable_location "$arg"; set_malloc_lib "$val" ;;
++      --crash-script=*) check_executable_location "$arg"; crash_script="$val" ;;
++      --mysqld=*) check_executable_location "$arg"; MYSQLD="$val" ;;
+       --mysqld-version=*)
+         if test -n "$val"
+         then
++          check_executable_location "$arg"
+           MYSQLD="mysqld-$val"
+           PLUGIN_VARIANT="/$val"
+         else
+@@ -385,15 +406,8 @@ set_malloc_lib() {
+ # First, try to find BASEDIR and ledir (where mysqld is)
+ #
+ 
+-if echo '@pkgdatadir@' | grep '^@prefix@' > /dev/null
+-then
+-  relpkgdata=`echo '@pkgdatadir@' | sed -e 's,^@prefix@,,' -e 's,^/,,' -e 's,^,./,'`
+-else
+-  # pkgdatadir is not relative to prefix
+-  relpkgdata='@pkgdatadir@'
+-fi
+-
+-MY_PWD=`pwd`
++MY_PWD=`dirname $0`
++MY_PWD=`cd "$MY_PWD"/.. && pwd`
+ # Check for the directories we would expect from a binary release install
+ if test -n "$MY_BASEDIR_VERSION" -a -d "$MY_BASEDIR_VERSION"
+ then
+@@ -409,16 +423,16 @@ then
+   else
+     ledir="$MY_BASEDIR_VERSION/bin"
+   fi
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/bin/mysqld"
++elif test -x "$MY_PWD/bin/mysqld"
+ then
+   MY_BASEDIR_VERSION="$MY_PWD"		# Where bin, share and data are
+   ledir="$MY_PWD/bin"			# Where mysqld is
+ # Check for the directories we would expect from a source install
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/libexec/mysqld"
++elif test -x "$MY_PWD/libexec/mysqld"
+ then
+   MY_BASEDIR_VERSION="$MY_PWD"		# Where libexec, share and var are
+   ledir="$MY_PWD/libexec"		# Where mysqld is
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/sbin/mysqld"
++elif test -x "$MY_PWD/sbin/mysqld"
+ then
+   MY_BASEDIR_VERSION="$MY_PWD"		# Where sbin, share and var are
+   ledir="$MY_PWD/sbin"			# Where mysqld is
+@@ -428,6 +442,8 @@ else
+   ledir='@libexecdir@'
+ fi
+ 
++helper=`find_in_bin mysqld_safe_helper`
++print_defaults=`find_in_bin my_print_defaults`
+ 
+ #
+ # Second, try to find the data directory
+@@ -465,6 +481,7 @@ IGNORING $DATADIR/my.cnf"
+     log_error "WARNING: Found $DATADIR/my.cnf
+ The data directory is a deprecated location for my.cnf, please move it to
+ $MY_BASEDIR_VERSION/my.cnf"
++    unsafe_my_cnf=1
+     MYSQL_HOME=$DATADIR
+   else
+     MYSQL_HOME=$MY_BASEDIR_VERSION
+@@ -472,34 +489,15 @@ $MY_BASEDIR_VERSION/my.cnf"
+ fi
+ export MYSQL_HOME
+ 
+-
+-# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
+-# and then merge with the command line arguments
+-if test -x "$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-then
+-  print_defaults="$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-elif test -x `dirname $0`/my_print_defaults
+-then
+-  print_defaults="`dirname $0`/my_print_defaults"
+-elif test -x ./bin/my_print_defaults
+-then
+-  print_defaults="./bin/my_print_defaults"
+-elif test -x @bindir@/my_print_defaults
+-then
+-  print_defaults="@bindir@/my_print_defaults"
+-elif test -x @bindir@/mysql_print_defaults
+-then
+-  print_defaults="@bindir@/mysql_print_defaults"
+-else
+-  print_defaults="my_print_defaults"
+-fi
+-
+ append_arg_to_args () {
+   args="$args "`shell_quote_string "$1"`
+ }
+ 
+ args=
+ 
++# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
++# and then merge with the command line arguments
++
+ SET_USER=2
+ parse_arguments `$print_defaults $defaults --loose-verbose --mysqld`
+ if test $SET_USER -eq 2
+@@ -603,11 +601,6 @@ then
+   log_notice "Logging to '$err_log'."
+   logging=file
+ 
+-  if [ ! -f "$err_log" ]; then                  # if error log already exists,
+-    touch "$err_log"                            # we just append. otherwise,
+-    chmod "$fmode" "$err_log"                   # fix the permissions here!
+-  fi
+-
+ else
+   if [ -n "$syslog_tag" ]
+   then
+@@ -620,10 +613,6 @@ else
+   logging=syslog
+ fi
+ 
+-# close stdout and stderr, everything goes to $logging now
+-exec 1>&-
+-exec 2>&-
+-
+ USER_OPTION=""
+ if test -w / -o "$USER" = "root"
+ then
+@@ -631,11 +620,6 @@ then
+   then
+     USER_OPTION="--user=$user"
+   fi
+-  # Change the err log to the right user, if it is in use
+-  if [ $want_syslog -eq 0 ]; then
+-    touch "$err_log"
+-    chown $user "$err_log"
+-  fi
+   if test -n "$open_files"
+   then
+     ulimit -n $open_files
+@@ -879,6 +863,10 @@ max_fast_restarts=5
+ # flag whether a usable sleep command exists
+ have_sleep=1
+ 
++# close stdout and stderr, everything goes to $logging now
++exec 1>&-
++exec 2>&-
++
+ while true
+ do
+   rm -f "$pid_file"	# Some extra safety
+@@ -886,13 +874,6 @@ do
+   start_time=`date +%M%S`
+ 
+   eval_log_error "$cmd"
+-
+-  if [ $want_syslog -eq 0 -a ! -f "$err_log" ]; then
+-    touch "$err_log"                    # hypothetical: log was renamed but not
+-    chown $user "$err_log"              # flushed yet. we'd recreate it with
+-    chmod "$fmode" "$err_log"           # wrong owner next time we log, so set
+-  fi                                    # it up correctly while we can!
+-
+   end_time=`date +%M%S`
+ 
+   if test ! -f "$pid_file"		# This is removed if normal shutdown
+@@ -956,9 +937,9 @@ do
+     done
+   fi
+   log_notice "mysqld restarted"
+-  if test -n "$CRASH_SCRIPT"
++  if test -n "$crash_script"
+   then
+-    crash_script_output=`$CRASH_SCRIPT 2>&1`
++    crash_script_output=`$crash_script 2>&1`
+     log_error "$crash_script_output"
+   fi
+ done
+diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh
+index 8fb217e4136..c77d3a26168 100644
+--- a/support-files/mysql.server.sh
++++ b/support-files/mysql.server.sh
+@@ -157,15 +157,9 @@ parse_server_arguments() {
+ 
+ # Get arguments from the my.cnf file,
+ # the only group, which is read from now on is [mysqld]
+-if test -x ./bin/my_print_defaults
+-then
+-  print_defaults="./bin/my_print_defaults"
+-elif test -x $bindir/my_print_defaults
++if test -x $bindir/my_print_defaults
+ then
+   print_defaults="$bindir/my_print_defaults"
+-elif test -x $bindir/mysql_print_defaults
+-then
+-  print_defaults="$bindir/mysql_print_defaults"
+ else
+   # Try to find basedir in /etc/my.cnf
+   conf=/etc/my.cnf
+-- 
+2.11.1
+