diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
tree | 0625f358789b5e015e49db139cc1dbc9be00428f /dev-db/mariadb/files | |
parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) |
gentoo resync : 25.11.2020
Diffstat (limited to 'dev-db/mariadb/files')
-rw-r--r-- | dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch | 75 | ||||
-rw-r--r-- | dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch | 62 | ||||
-rw-r--r-- | dev-db/mariadb/files/my.cnf-5.5 | 149 | ||||
-rw-r--r-- | dev-db/mariadb/files/my.cnf-5.6-r1 | 142 |
4 files changed, 137 insertions, 291 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch new file mode 100644 index 000000000000..85d378f8232c --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch @@ -0,0 +1,75 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, + const void* msg, size_t msg_len, + const wsrep_gtid_t* current_gtid, + const char* state, size_t state_len, + bool bypass) + { +- /* This will be reset when sync callback is called. +- * Should we set wsrep_ready to FALSE here too? */ +- +- wsrep_config_state->set(WSREP_MEMBER_DONOR); +- + const char* method = (char*)msg; + size_t method_len = strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data = method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + char uuid_str[37]; + wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); + ++ /* This will be reset when sync callback is called. ++ * Should we set wsrep_ready to FALSE here too? */ ++ wsrep_config_state->set(WSREP_MEMBER_DONOR); ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch new file mode 100644 index 000000000000..9658669c6e61 --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch @@ -0,0 +1,62 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1822,6 +1822,35 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + int wsrep_sst_donate(const std::string& msg, + const wsrep::gtid& current_gtid, + const bool bypass) +@@ -1833,8 +1862,21 @@ int wsrep_sst_donate(const std::string& msg, + + const char* method= msg.data(); + size_t method_len= strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data= method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/dev-db/mariadb/files/my.cnf-5.5 b/dev-db/mariadb/files/my.cnf-5.5 deleted file mode 100644 index 289af8a24d0d..000000000000 --- a/dev-db/mariadb/files/my.cnf-5.5 +++ /dev/null @@ -1,149 +0,0 @@ -# @GENTOO_PORTAGE_EPREFIX@/etc/mysql/my.cnf: The global mysql configuration file. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock - -[mysql] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqladmin] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlcheck] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqldump] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlimport] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlshow] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[myisamchk] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets - -[myisampack] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets - -# use [safe_mysqld] with mysql-3 -[mysqld_safe] -err-log = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysql.err - -# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations -[mysqld] -character-set-server = utf8 -user = mysql -port = 3306 -socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock -pid-file = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.pid -log-error = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysqld.err -basedir = @GENTOO_PORTAGE_EPREFIX@/usr -datadir = @DATADIR@ -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 1M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -lc_messages_dir = @GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb -#Set this to your desired error message language -lc_messages = en_US - -# security: -# using "localhost" in connects uses sockets by default -# skip-networking -bind-address = 127.0.0.1 - -log-bin -server-id = 1 - -# point the following paths to different dedicated disks -tmpdir = @GENTOO_PORTAGE_EPREFIX@/tmp/ -#log-update = @GENTOO_PORTAGE_EPREFIX@/path-to-dedicated-directory/hostname - -# you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue -# #tail -f @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.trace -# this will show you *exactly* what's happening in your server ;) - -#log = @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql -#gdb -#debug = d:t:i:o,/tmp/mysqld.trace -#one-thread - -# the following is the InnoDB configuration -# if you wish to disable innodb instead -# uncomment just the next line -#skip-innodb -# -# the rest of the innodb config follows: -# don't eat too much memory, we're trying to be safe on 64Mb boxes -# you might want to bump this up a bit on boxes with more RAM -innodb_buffer_pool_size = 16M -# this is the default, increase it if you have lots of tables -innodb_additional_mem_pool_size = 2M -# -# i'd like to use @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/innodb, but that is seen as a database :-( -# and upstream wants things to be under @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/, so that's the route -# we have to take for the moment -#innodb_data_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -#innodb_log_arch_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -#innodb_log_group_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -# you may wish to change this size to be more suitable for your system -# the max is there to avoid run-away growth on your machine -innodb_data_file_path = ibdata1:10M:autoextend:max:128M -# we keep this at around 25% of of innodb_buffer_pool_size -# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) -innodb_log_file_size = 5M -# this is the default, increase it if you have very large transactions going on -innodb_log_buffer_size = 8M -# this is the default and won't hurt you -# you shouldn't need to tweak it -innodb_log_files_in_group=2 -# see the innodb config docs, the other options are not always safe -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_file_per_table - -# Uncomment this to get FEDERATED engine support -#plugin-load=federated=ha_federated.so -loose-federated - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -# uncomment the next directive if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer_size = 2M -write_buffer_size = 2M - -[mysqlhotcopy] -interactive-timeout - -[mariadb] diff --git a/dev-db/mariadb/files/my.cnf-5.6-r1 b/dev-db/mariadb/files/my.cnf-5.6-r1 deleted file mode 100644 index cde5312a5687..000000000000 --- a/dev-db/mariadb/files/my.cnf-5.6-r1 +++ /dev/null @@ -1,142 +0,0 @@ -# @GENTOO_PORTAGE_EPREFIX@/etc/mysql/my.cnf: The global mysql configuration file. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock - -[mysql] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqladmin] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlcheck] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqldump] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlimport] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlshow] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets -default-character-set=utf8 - -[myisamchk] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets - -[myisampack] -character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets - -# use [safe_mysqld] with mysql-3 -[mysqld_safe] -err-log = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysql.err - -# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations -[mysqld] -character-set-server = utf8 -user = mysql -port = 3306 -socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock -pid-file = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.pid -log-error = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysqld.err -basedir = @GENTOO_PORTAGE_EPREFIX@/usr -datadir = @DATADIR@ -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 4M -table_open_cache = 400 -sort_buffer_size = 512K -net_buffer_length = 16K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -lc_messages_dir = @GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb -#Set this to your desired error message language -lc_messages = en_US - -# security: -# using "localhost" in connects uses sockets by default -# skip-networking -bind-address = 127.0.0.1 - -log-bin -server-id = 1 - -# point the following paths to different dedicated disks -tmpdir = @GENTOO_PORTAGE_EPREFIX@/tmp/ -#log-update = @GENTOO_PORTAGE_EPREFIX@/path-to-dedicated-directory/hostname - -# you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue -# #tail -f @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.trace -# this will show you *exactly* what's happening in your server ;) - -#log = @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql -#gdb -#debug = d:t:i:o,/tmp/mysqld.trace -#one-thread - -# the rest of the innodb config follows: -# don't eat too much memory, we're trying to be safe on 64Mb boxes -# you might want to bump this up a bit on boxes with more RAM -innodb_buffer_pool_size = 128M -# -# i'd like to use @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/innodb, but that is seen as a database :-( -# and upstream wants things to be under @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/, so that's the route -# we have to take for the moment -#innodb_data_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -#innodb_log_arch_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -#innodb_log_group_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/ -# you may wish to change this size to be more suitable for your system -# the max is there to avoid run-away growth on your machine -innodb_data_file_path = ibdata1:10M:autoextend:max:128M -# we keep this at around 25% of of innodb_buffer_pool_size -# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) -innodb_log_file_size = 48M -# this is the default, increase it if you have very large transactions going on -innodb_log_buffer_size = 8M -# this is the default and won't hurt you -# you shouldn't need to tweak it -innodb_log_files_in_group=2 -# see the innodb config docs, the other options are not always safe -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_file_per_table - -# Uncomment this to get FEDERATED engine support -#plugin-load=federated=ha_federated.so -loose-federated - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -# uncomment the next directive if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer_size = 2M -write_buffer_size = 2M - -[mysqlhotcopy] -interactive-timeout - -[mariadb] |