aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch')
-rw-r--r--meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch430
1 files changed, 430 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
new file mode 100644
index 0000000000..5cfea7a2be
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
@@ -0,0 +1,430 @@
+From e90cb0acd45bf58d36abf78d01d60ed597982835 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Tue, 20 Dec 2016 21:16:23 +0100
+Subject: [PATCH 3/3] Numerous issues in mysqld_safe
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#3
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ .gitignore | 1 +
+ debian/dist/Debian/mariadb-server-5.5.files.in | 1 +
+ debian/dist/Ubuntu/mariadb-server-5.5.files.in | 1 +
+ extra/CMakeLists.txt | 3 +
+ extra/mysqld_safe_helper.c | 77 ++++++++++++++++++
+ scripts/mysqld_safe.sh | 107 ++++++++++---------------
+ support-files/mysql.server.sh | 8 +-
+ 7 files changed, 128 insertions(+), 70 deletions(-)
+ create mode 100644 extra/mysqld_safe_helper.c
+
+diff --git a/.gitignore b/.gitignore
+index c3d50ee335b..9229a6345fc 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -49,6 +49,7 @@ extra/jemalloc/build/
+ extra/jemalloc/tmp/
+ extra/my_print_defaults
+ extra/mysql_waitpid
++extra/mysqld_safe_helper
+ extra/perror
+ extra/replace
+ extra/resolve_stack_dump
+diff --git a/debian/dist/Debian/mariadb-server-5.5.files.in b/debian/dist/Debian/mariadb-server-5.5.files.in
+index c1ea58740e4..47a9887b075 100644
+--- a/debian/dist/Debian/mariadb-server-5.5.files.in
++++ b/debian/dist/Debian/mariadb-server-5.5.files.in
+@@ -32,6 +32,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/debian/dist/Ubuntu/mariadb-server-5.5.files.in b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+index 7f75ccc2303..5182dd76346 100644
+--- a/debian/dist/Ubuntu/mariadb-server-5.5.files.in
++++ b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+@@ -34,6 +34,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/extra/CMakeLists.txt b/extra/CMakeLists.txt
+index f8f71b00743..7f47f878110 100644
+--- a/extra/CMakeLists.txt
++++ b/extra/CMakeLists.txt
+@@ -82,4 +82,7 @@ IF(UNIX)
+
+ MYSQL_ADD_EXECUTABLE(mysql_waitpid mysql_waitpid.c COMPONENT Client)
+ TARGET_LINK_LIBRARIES(mysql_waitpid mysys)
++
++ MYSQL_ADD_EXECUTABLE(mysqld_safe_helper mysqld_safe_helper.c COMPONENT Server)
++ TARGET_LINK_LIBRARIES(mysqld_safe_helper mysys)
+ ENDIF()
+diff --git a/extra/mysqld_safe_helper.c b/extra/mysqld_safe_helper.c
+new file mode 100644
+index 00000000000..09e507c6e1c
+--- /dev/null
++++ b/extra/mysqld_safe_helper.c
+@@ -0,0 +1,77 @@
++#include <my_global.h>
++#include <m_string.h>
++#include <my_sys.h>
++#include <my_pthread.h>
++#ifdef HAVE_PWD_H
++#include <pwd.h>
++#endif
++#include <stdlib.h>
++#include <stdio.h>
++
++void my_exit(int c)
++{
++ my_end(0);
++ exit(c);
++}
++
++void do_usage()
++{
++ printf("Usage:\n"
++ " %s <user> log <filename>\n"
++ " %s <user> exec <command> <args>\n",
++ my_progname, my_progname);
++ my_exit(1);
++}
++
++void do_log(const char *logfile)
++{
++ FILE *f;
++ uchar buf[4096];
++ int size;
++
++ if (!logfile)
++ do_usage();
++
++ f= my_fopen(logfile, O_WRONLY|O_APPEND|O_CREAT, MYF(MY_WME));
++ if (!f)
++ my_exit(1);
++
++ while ((size= my_fread(stdin, buf, sizeof(buf), MYF(MY_WME))) > 0)
++ if ((int)my_fwrite(f, buf, size, MYF(MY_WME)) != size)
++ my_exit(1);
++
++ my_fclose(f, MYF(0));
++ my_exit(0);
++}
++
++void do_exec(char *args[])
++{
++ if (!args[0])
++ do_usage();
++
++ my_end(0);
++ execvp(args[0], args);
++}
++
++int main(int argc, char *argv[])
++{
++ struct passwd *user_info;
++ MY_INIT(argv[0]);
++
++ if (argc < 3)
++ do_usage(argv[0]);
++
++ user_info= my_check_user(argv[1], MYF(0));
++ if (user_info ? my_set_user(argv[1], user_info, MYF(MY_WME))
++ : my_errno == EINVAL)
++ my_exit(1);
++
++ if (strcmp(argv[2], "log") == 0)
++ do_log(argv[3]);
++
++ if (strcmp(argv[2], "exec") == 0)
++ do_exec(argv+3);
++
++ my_end(0);
++ return 1;
++}
+diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
+index 7cadce725d1..059263fad51 100644
+--- a/scripts/mysqld_safe.sh
++++ b/scripts/mysqld_safe.sh
+@@ -20,6 +20,7 @@ mysqld_ld_preload=
+ mysqld_ld_library_path=
+ flush_caches=0
+ numa_interleave=0
++unsafe_my_cnf=0
+
+ # Initial logging status: error log is not open, and not using syslog
+ logging=init
+@@ -128,6 +129,18 @@ my_which ()
+ return $ret # Success
+ }
+
++find_in_bin() {
++ if test -x "$MY_BASEDIR_VERSION/bin/$1"
++ then
++ echo "$MY_BASEDIR_VERSION/bin/$1"
++ elif test -x "@bindir@/$1"
++ then
++ echo "@bindir@/$1"
++ else
++ echo "$1"
++ fi
++}
++
+ log_generic () {
+ priority="$1"
+ shift
+@@ -136,7 +149,7 @@ log_generic () {
+ echo "$msg"
+ case $logging in
+ init) ;; # Just echo the message, don't save it anywhere
+- file) echo "$msg" >> "$err_log" ;;
++ file) echo "$msg" | "$helper" "$user" log "$err_log" ;;
+ syslog) logger -t "$syslog_tag_mysqld_safe" -p "$priority" "$*" ;;
+ *)
+ echo "Internal program error (non-fatal):" \
+@@ -156,7 +169,7 @@ log_notice () {
+ eval_log_error () {
+ cmd="$1"
+ case $logging in
+- file) cmd="$cmd >> "`shell_quote_string "$err_log"`" 2>&1" ;;
++ file) cmd="$cmd 2>&1 | "`shell_quote_string "$helper"`" $user log "`shell_quote_string "$err_log"` ;;
+ syslog)
+ # mysqld often prefixes its messages with a timestamp, which is
+ # redundant when logging to syslog (which adds its own timestamp)
+@@ -190,6 +203,13 @@ shell_quote_string() {
+ echo "$1" | sed -e 's,\([^a-zA-Z0-9/_.=-]\),\\\1,g'
+ }
+
++check_executable_location() {
++ if test "$unsafe_my_cnf" = 1 -a "$unrecognized_handling" != collect; then
++ log_error "Cannot accept $1 from a config file, when my.cnf is in the datadir"
++ exit 1
++ fi
++}
++
+ parse_arguments() {
+ for arg do
+ # the parameter after "=", or the whole $arg if no match
+@@ -200,7 +220,6 @@ parse_arguments() {
+ optname_subst=`echo "$optname" | sed 's/_/-/g'`
+ arg=`echo $arg | sed "s/^$optname/$optname_subst/"`
+ case "$arg" in
+- --crash-script=*) CRASH_SCRIPT="$val" ;;
+ # these get passed explicitly to mysqld
+ --basedir=*) MY_BASEDIR_VERSION="$val" ;;
+ --datadir=*|--data=*) DATADIR="$val" ;;
+@@ -220,12 +239,14 @@ parse_arguments() {
+
+ # mysqld_safe-specific options - must be set in my.cnf ([mysqld_safe])!
+ --core-file-size=*) core_file_size="$val" ;;
+- --ledir=*) ledir="$val" ;;
+- --malloc-lib=*) set_malloc_lib "$val" ;;
+- --mysqld=*) MYSQLD="$val" ;;
++ --ledir=*) check_executable_location "$arg" ; ledir="$val" ;;
++ --malloc-lib=*) check_executable_location "$arg"; set_malloc_lib "$val" ;;
++ --crash-script=*) check_executable_location "$arg"; crash_script="$val" ;;
++ --mysqld=*) check_executable_location "$arg"; MYSQLD="$val" ;;
+ --mysqld-version=*)
+ if test -n "$val"
+ then
++ check_executable_location "$arg"
+ MYSQLD="mysqld-$val"
+ PLUGIN_VARIANT="/$val"
+ else
+@@ -385,15 +406,8 @@ set_malloc_lib() {
+ # First, try to find BASEDIR and ledir (where mysqld is)
+ #
+
+-if echo '@pkgdatadir@' | grep '^@prefix@' > /dev/null
+-then
+- relpkgdata=`echo '@pkgdatadir@' | sed -e 's,^@prefix@,,' -e 's,^/,,' -e 's,^,./,'`
+-else
+- # pkgdatadir is not relative to prefix
+- relpkgdata='@pkgdatadir@'
+-fi
+-
+-MY_PWD=`pwd`
++MY_PWD=`dirname $0`
++MY_PWD=`cd "$MY_PWD"/.. && pwd`
+ # Check for the directories we would expect from a binary release install
+ if test -n "$MY_BASEDIR_VERSION" -a -d "$MY_BASEDIR_VERSION"
+ then
+@@ -409,16 +423,16 @@ then
+ else
+ ledir="$MY_BASEDIR_VERSION/bin"
+ fi
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/bin/mysqld"
++elif test -x "$MY_PWD/bin/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where bin, share and data are
+ ledir="$MY_PWD/bin" # Where mysqld is
+ # Check for the directories we would expect from a source install
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/libexec/mysqld"
++elif test -x "$MY_PWD/libexec/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where libexec, share and var are
+ ledir="$MY_PWD/libexec" # Where mysqld is
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/sbin/mysqld"
++elif test -x "$MY_PWD/sbin/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where sbin, share and var are
+ ledir="$MY_PWD/sbin" # Where mysqld is
+@@ -428,6 +442,8 @@ else
+ ledir='@libexecdir@'
+ fi
+
++helper=`find_in_bin mysqld_safe_helper`
++print_defaults=`find_in_bin my_print_defaults`
+
+ #
+ # Second, try to find the data directory
+@@ -465,6 +481,7 @@ IGNORING $DATADIR/my.cnf"
+ log_error "WARNING: Found $DATADIR/my.cnf
+ The data directory is a deprecated location for my.cnf, please move it to
+ $MY_BASEDIR_VERSION/my.cnf"
++ unsafe_my_cnf=1
+ MYSQL_HOME=$DATADIR
+ else
+ MYSQL_HOME=$MY_BASEDIR_VERSION
+@@ -472,34 +489,15 @@ $MY_BASEDIR_VERSION/my.cnf"
+ fi
+ export MYSQL_HOME
+
+-
+-# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
+-# and then merge with the command line arguments
+-if test -x "$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-then
+- print_defaults="$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-elif test -x `dirname $0`/my_print_defaults
+-then
+- print_defaults="`dirname $0`/my_print_defaults"
+-elif test -x ./bin/my_print_defaults
+-then
+- print_defaults="./bin/my_print_defaults"
+-elif test -x @bindir@/my_print_defaults
+-then
+- print_defaults="@bindir@/my_print_defaults"
+-elif test -x @bindir@/mysql_print_defaults
+-then
+- print_defaults="@bindir@/mysql_print_defaults"
+-else
+- print_defaults="my_print_defaults"
+-fi
+-
+ append_arg_to_args () {
+ args="$args "`shell_quote_string "$1"`
+ }
+
+ args=
+
++# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
++# and then merge with the command line arguments
++
+ SET_USER=2
+ parse_arguments `$print_defaults $defaults --loose-verbose --mysqld`
+ if test $SET_USER -eq 2
+@@ -603,11 +601,6 @@ then
+ log_notice "Logging to '$err_log'."
+ logging=file
+
+- if [ ! -f "$err_log" ]; then # if error log already exists,
+- touch "$err_log" # we just append. otherwise,
+- chmod "$fmode" "$err_log" # fix the permissions here!
+- fi
+-
+ else
+ if [ -n "$syslog_tag" ]
+ then
+@@ -620,10 +613,6 @@ else
+ logging=syslog
+ fi
+
+-# close stdout and stderr, everything goes to $logging now
+-exec 1>&-
+-exec 2>&-
+-
+ USER_OPTION=""
+ if test -w / -o "$USER" = "root"
+ then
+@@ -631,11 +620,6 @@ then
+ then
+ USER_OPTION="--user=$user"
+ fi
+- # Change the err log to the right user, if it is in use
+- if [ $want_syslog -eq 0 ]; then
+- touch "$err_log"
+- chown $user "$err_log"
+- fi
+ if test -n "$open_files"
+ then
+ ulimit -n $open_files
+@@ -879,6 +863,10 @@ max_fast_restarts=5
+ # flag whether a usable sleep command exists
+ have_sleep=1
+
++# close stdout and stderr, everything goes to $logging now
++exec 1>&-
++exec 2>&-
++
+ while true
+ do
+ rm -f "$pid_file" # Some extra safety
+@@ -886,13 +874,6 @@ do
+ start_time=`date +%M%S`
+
+ eval_log_error "$cmd"
+-
+- if [ $want_syslog -eq 0 -a ! -f "$err_log" ]; then
+- touch "$err_log" # hypothetical: log was renamed but not
+- chown $user "$err_log" # flushed yet. we'd recreate it with
+- chmod "$fmode" "$err_log" # wrong owner next time we log, so set
+- fi # it up correctly while we can!
+-
+ end_time=`date +%M%S`
+
+ if test ! -f "$pid_file" # This is removed if normal shutdown
+@@ -956,9 +937,9 @@ do
+ done
+ fi
+ log_notice "mysqld restarted"
+- if test -n "$CRASH_SCRIPT"
++ if test -n "$crash_script"
+ then
+- crash_script_output=`$CRASH_SCRIPT 2>&1`
++ crash_script_output=`$crash_script 2>&1`
+ log_error "$crash_script_output"
+ fi
+ done
+diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh
+index 8fb217e4136..c77d3a26168 100644
+--- a/support-files/mysql.server.sh
++++ b/support-files/mysql.server.sh
+@@ -157,15 +157,9 @@ parse_server_arguments() {
+
+ # Get arguments from the my.cnf file,
+ # the only group, which is read from now on is [mysqld]
+-if test -x ./bin/my_print_defaults
+-then
+- print_defaults="./bin/my_print_defaults"
+-elif test -x $bindir/my_print_defaults
++if test -x $bindir/my_print_defaults
+ then
+ print_defaults="$bindir/my_print_defaults"
+-elif test -x $bindir/mysql_print_defaults
+-then
+- print_defaults="$bindir/mysql_print_defaults"
+ else
+ # Try to find basedir in /etc/my.cnf
+ conf=/etc/my.cnf
+--
+2.11.1
+