summaryrefslogtreecommitdiff
path: root/dev-db/mariadb/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-11-25 22:39:15 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-11-25 22:39:15 +0000
commitd934827bf44b7cfcf6711964418148fa60877668 (patch)
tree0625f358789b5e015e49db139cc1dbc9be00428f /dev-db/mariadb/files
parent2e34d110f164bf74d55fced27fe0000201b3eec5 (diff)
gentoo resync : 25.11.2020
Diffstat (limited to 'dev-db/mariadb/files')
-rw-r--r--dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch75
-rw-r--r--dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch62
-rw-r--r--dev-db/mariadb/files/my.cnf-5.5149
-rw-r--r--dev-db/mariadb/files/my.cnf-5.6-r1142
4 files changed, 137 insertions, 291 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch
new file mode 100644
index 000000000000..85d378f8232c
--- /dev/null
+++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch
@@ -0,0 +1,75 @@
+https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842
+
+--- a/sql/wsrep_sst.cc
++++ b/sql/wsrep_sst.cc
+@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method,
+ return arg.err;
+ }
+
++/* return true if character can be a part of a filename */
++static bool filename_char(int const c)
++{
++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.');
++}
++
++/* return true if character can be a part of an address string */
++static bool address_char(int const c)
++{
++ return filename_char(c) ||
++ (c == ':') || (c == '[') || (c == ']') || (c == '/');
++}
++
++static bool check_request_str(const char* const str,
++ bool (*check) (int c))
++{
++ for (size_t i(0); str[i] != '\0'; ++i)
++ {
++ if (!check(str[i]))
++ {
++ WSREP_WARN("Illegal character in state transfer request: %i (%c).",
++ str[i], str[i]);
++ return true;
++ }
++ }
++
++ return false;
++}
++
+ wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx,
+ const void* msg, size_t msg_len,
+ const wsrep_gtid_t* current_gtid,
+ const char* state, size_t state_len,
+ bool bypass)
+ {
+- /* This will be reset when sync callback is called.
+- * Should we set wsrep_ready to FALSE here too? */
+-
+- wsrep_config_state->set(WSREP_MEMBER_DONOR);
+-
+ const char* method = (char*)msg;
+ size_t method_len = strlen (method);
++
++ if (check_request_str(method, filename_char))
++ {
++ WSREP_ERROR("Bad SST method name. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ const char* data = method + method_len + 1;
+
++ if (check_request_str(data, address_char))
++ {
++ WSREP_ERROR("Bad SST address string. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ char uuid_str[37];
+ wsrep_uuid_print (&current_gtid->uuid, uuid_str, sizeof(uuid_str));
+
++ /* This will be reset when sync callback is called.
++ * Should we set wsrep_ready to FALSE here too? */
++ wsrep_config_state->set(WSREP_MEMBER_DONOR);
++
+ wsp::env env(NULL);
+ if (env.error())
+ {
diff --git a/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch
new file mode 100644
index 000000000000..9658669c6e61
--- /dev/null
+++ b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch
@@ -0,0 +1,62 @@
+https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842
+
+--- a/sql/wsrep_sst.cc
++++ b/sql/wsrep_sst.cc
+@@ -1822,6 +1822,35 @@ static int sst_donate_other (const char* method,
+ return arg.err;
+ }
+
++/* return true if character can be a part of a filename */
++static bool filename_char(int const c)
++{
++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.');
++}
++
++/* return true if character can be a part of an address string */
++static bool address_char(int const c)
++{
++ return filename_char(c) ||
++ (c == ':') || (c == '[') || (c == ']') || (c == '/');
++}
++
++static bool check_request_str(const char* const str,
++ bool (*check) (int c))
++{
++ for (size_t i(0); str[i] != '\0'; ++i)
++ {
++ if (!check(str[i]))
++ {
++ WSREP_WARN("Illegal character in state transfer request: %i (%c).",
++ str[i], str[i]);
++ return true;
++ }
++ }
++
++ return false;
++}
++
+ int wsrep_sst_donate(const std::string& msg,
+ const wsrep::gtid& current_gtid,
+ const bool bypass)
+@@ -1833,8 +1862,21 @@ int wsrep_sst_donate(const std::string& msg,
+
+ const char* method= msg.data();
+ size_t method_len= strlen (method);
++
++ if (check_request_str(method, filename_char))
++ {
++ WSREP_ERROR("Bad SST method name. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ const char* data= method + method_len + 1;
+
++ if (check_request_str(data, address_char))
++ {
++ WSREP_ERROR("Bad SST address string. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ wsp::env env(NULL);
+ if (env.error())
+ {
diff --git a/dev-db/mariadb/files/my.cnf-5.5 b/dev-db/mariadb/files/my.cnf-5.5
deleted file mode 100644
index 289af8a24d0d..000000000000
--- a/dev-db/mariadb/files/my.cnf-5.5
+++ /dev/null
@@ -1,149 +0,0 @@
-# @GENTOO_PORTAGE_EPREFIX@/etc/mysql/my.cnf: The global mysql configuration file.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password = your_password
-port = 3306
-socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock
-
-[mysql]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqladmin]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlcheck]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqldump]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlimport]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlshow]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[myisamchk]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-
-[myisampack]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-
-# use [safe_mysqld] with mysql-3
-[mysqld_safe]
-err-log = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysql.err
-
-# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
-[mysqld]
-character-set-server = utf8
-user = mysql
-port = 3306
-socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock
-pid-file = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.pid
-log-error = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysqld.err
-basedir = @GENTOO_PORTAGE_EPREFIX@/usr
-datadir = @DATADIR@
-skip-external-locking
-key_buffer_size = 16M
-max_allowed_packet = 1M
-table_open_cache = 64
-sort_buffer_size = 512K
-net_buffer_length = 8K
-read_buffer_size = 256K
-read_rnd_buffer_size = 512K
-myisam_sort_buffer_size = 8M
-lc_messages_dir = @GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb
-#Set this to your desired error message language
-lc_messages = en_US
-
-# security:
-# using "localhost" in connects uses sockets by default
-# skip-networking
-bind-address = 127.0.0.1
-
-log-bin
-server-id = 1
-
-# point the following paths to different dedicated disks
-tmpdir = @GENTOO_PORTAGE_EPREFIX@/tmp/
-#log-update = @GENTOO_PORTAGE_EPREFIX@/path-to-dedicated-directory/hostname
-
-# you need the debug USE flag enabled to use the following directives,
-# if needed, uncomment them, start the server and issue
-# #tail -f @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.trace
-# this will show you *exactly* what's happening in your server ;)
-
-#log = @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql
-#gdb
-#debug = d:t:i:o,/tmp/mysqld.trace
-#one-thread
-
-# the following is the InnoDB configuration
-# if you wish to disable innodb instead
-# uncomment just the next line
-#skip-innodb
-#
-# the rest of the innodb config follows:
-# don't eat too much memory, we're trying to be safe on 64Mb boxes
-# you might want to bump this up a bit on boxes with more RAM
-innodb_buffer_pool_size = 16M
-# this is the default, increase it if you have lots of tables
-innodb_additional_mem_pool_size = 2M
-#
-# i'd like to use @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/innodb, but that is seen as a database :-(
-# and upstream wants things to be under @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/, so that's the route
-# we have to take for the moment
-#innodb_data_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-#innodb_log_arch_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-#innodb_log_group_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-# you may wish to change this size to be more suitable for your system
-# the max is there to avoid run-away growth on your machine
-innodb_data_file_path = ibdata1:10M:autoextend:max:128M
-# we keep this at around 25% of of innodb_buffer_pool_size
-# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
-innodb_log_file_size = 5M
-# this is the default, increase it if you have very large transactions going on
-innodb_log_buffer_size = 8M
-# this is the default and won't hurt you
-# you shouldn't need to tweak it
-innodb_log_files_in_group=2
-# see the innodb config docs, the other options are not always safe
-innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_file_per_table
-
-# Uncomment this to get FEDERATED engine support
-#plugin-load=federated=ha_federated.so
-loose-federated
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-# uncomment the next directive if you are not familiar with SQL
-#safe-updates
-
-[isamchk]
-key_buffer_size = 20M
-sort_buffer_size = 20M
-read_buffer = 2M
-write_buffer = 2M
-
-[myisamchk]
-key_buffer_size = 20M
-sort_buffer_size = 20M
-read_buffer_size = 2M
-write_buffer_size = 2M
-
-[mysqlhotcopy]
-interactive-timeout
-
-[mariadb]
diff --git a/dev-db/mariadb/files/my.cnf-5.6-r1 b/dev-db/mariadb/files/my.cnf-5.6-r1
deleted file mode 100644
index cde5312a5687..000000000000
--- a/dev-db/mariadb/files/my.cnf-5.6-r1
+++ /dev/null
@@ -1,142 +0,0 @@
-# @GENTOO_PORTAGE_EPREFIX@/etc/mysql/my.cnf: The global mysql configuration file.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password = your_password
-port = 3306
-socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock
-
-[mysql]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqladmin]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlcheck]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqldump]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlimport]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[mysqlshow]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-default-character-set=utf8
-
-[myisamchk]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-
-[myisampack]
-character-sets-dir=@GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb/charsets
-
-# use [safe_mysqld] with mysql-3
-[mysqld_safe]
-err-log = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysql.err
-
-# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
-[mysqld]
-character-set-server = utf8
-user = mysql
-port = 3306
-socket = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.sock
-pid-file = @GENTOO_PORTAGE_EPREFIX@/var/run/mysqld/mysqld.pid
-log-error = @GENTOO_PORTAGE_EPREFIX@/var/log/mysql/mysqld.err
-basedir = @GENTOO_PORTAGE_EPREFIX@/usr
-datadir = @DATADIR@
-skip-external-locking
-key_buffer_size = 16M
-max_allowed_packet = 4M
-table_open_cache = 400
-sort_buffer_size = 512K
-net_buffer_length = 16K
-read_buffer_size = 256K
-read_rnd_buffer_size = 512K
-myisam_sort_buffer_size = 8M
-lc_messages_dir = @GENTOO_PORTAGE_EPREFIX@/usr/share/mariadb
-#Set this to your desired error message language
-lc_messages = en_US
-
-# security:
-# using "localhost" in connects uses sockets by default
-# skip-networking
-bind-address = 127.0.0.1
-
-log-bin
-server-id = 1
-
-# point the following paths to different dedicated disks
-tmpdir = @GENTOO_PORTAGE_EPREFIX@/tmp/
-#log-update = @GENTOO_PORTAGE_EPREFIX@/path-to-dedicated-directory/hostname
-
-# you need the debug USE flag enabled to use the following directives,
-# if needed, uncomment them, start the server and issue
-# #tail -f @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.trace
-# this will show you *exactly* what's happening in your server ;)
-
-#log = @GENTOO_PORTAGE_EPREFIX@/tmp/mysqld.sql
-#gdb
-#debug = d:t:i:o,/tmp/mysqld.trace
-#one-thread
-
-# the rest of the innodb config follows:
-# don't eat too much memory, we're trying to be safe on 64Mb boxes
-# you might want to bump this up a bit on boxes with more RAM
-innodb_buffer_pool_size = 128M
-#
-# i'd like to use @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/innodb, but that is seen as a database :-(
-# and upstream wants things to be under @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/, so that's the route
-# we have to take for the moment
-#innodb_data_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-#innodb_log_arch_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-#innodb_log_group_home_dir = @GENTOO_PORTAGE_EPREFIX@/var/lib/mysql/
-# you may wish to change this size to be more suitable for your system
-# the max is there to avoid run-away growth on your machine
-innodb_data_file_path = ibdata1:10M:autoextend:max:128M
-# we keep this at around 25% of of innodb_buffer_pool_size
-# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
-innodb_log_file_size = 48M
-# this is the default, increase it if you have very large transactions going on
-innodb_log_buffer_size = 8M
-# this is the default and won't hurt you
-# you shouldn't need to tweak it
-innodb_log_files_in_group=2
-# see the innodb config docs, the other options are not always safe
-innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_file_per_table
-
-# Uncomment this to get FEDERATED engine support
-#plugin-load=federated=ha_federated.so
-loose-federated
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-# uncomment the next directive if you are not familiar with SQL
-#safe-updates
-
-[isamchk]
-key_buffer_size = 20M
-sort_buffer_size = 20M
-read_buffer = 2M
-write_buffer = 2M
-
-[myisamchk]
-key_buffer_size = 20M
-sort_buffer_size = 20M
-read_buffer_size = 2M
-write_buffer_size = 2M
-
-[mysqlhotcopy]
-interactive-timeout
-
-[mariadb]
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:19:22 +0000