1. 20 Sep, 2007 1 commit
    • unknown's avatar
      Bug#29908: A user can gain additional access through the ALTER VIEW. · 1cb6dc2b
      unknown authored
      Non-definer of a view was allowed to alter that view. Due to this the alterer
      can elevate his access rights to access rights of the view definer and thus
      modify data which he wasn't allowed to modify. A view defined with
      SQL SECURITY INVOKER can't be used directly for access rights elevation.
      But a user can first alter the view SQL code and then alter the view to 
      SQL SECURITY DEFINER and thus elevate his access rights. Due to this
      altering a view with SQL SECURITY INVOKER is also prohibited.
      
      Now the mysql_create_view function allows ALTER VIEW only to the view
      definer or a super user. 
      
      
      mysql-test/t/view_grant.test:
        Added a test case for the bug#29908: A user can gain additional access through the
        ALTER VIEW.
        A test case was adjusted after fixfing bug#29908.
      mysql-test/r/view_grant.result:
        Added a test case for the bug#29908: A user can gain additional access through the
        ALTER VIEW.
      sql/sql_view.cc:
        Bug#29908: A user can gain additional access through the ALTER VIEW.
        Now the mysql_create_view function allows ALTER VIEW only to the view
        definer or a super user.
      1cb6dc2b
  2. 13 Sep, 2007 1 commit
  3. 12 Sep, 2007 2 commits
  4. 11 Sep, 2007 1 commit
  5. 10 Sep, 2007 3 commits
  6. 06 Sep, 2007 1 commit
  7. 04 Sep, 2007 2 commits
  8. 03 Sep, 2007 8 commits
  9. 31 Aug, 2007 2 commits
    • unknown's avatar
      Merge gleb.loc:/home/uchum/work/bk/5.0-opt-30126 · b25b8cbc
      unknown authored
      into  gleb.loc:/home/uchum/work/bk/5.0-opt
      
      
      b25b8cbc
    • unknown's avatar
      Fixed bug #30126. · ff149b71
      unknown authored
      When dumping database from a 4.x server, the mysqldump client
      inserted a delimiter sign inside special commentaries of the form:
        /*!... CREATE DATABASE IF NOT EXISTS ... ;*/
      During restoration that dump file was splitten by delimiter signs on
      the client side, and the rest of some commentary strings was prepended
      to following statements.
      
      The 4x_server_emul test case option has been added for use with the
      DBUG_EXECUTE_IF debugging macro. This option affects debug server
      builds only to emulate particular behavior of a 4.x server for
      the mysqldump client testing. Non-debugging builds are not affected.
      
      
      mysql-test/r/mysqldump-compat.result:
        Added test case for bug #30126.
      mysql-test/t/mysqldump-compat.opt:
        Added test case for bug #30126.
      mysql-test/t/mysqldump-compat.test:
        Added test case for bug #30126.
      sql/sql_parse.cc:
        Fixed bug #30126.
        The mysqldump client uses the "SHOW CREATE DATABASE" query to
        obtain the "CREATE DATABASE" statement from that database.
        The 4.x server doesn't recognise that query, and mysqldump
        forms the "CREATE DATABASE" statement from scratch.
        That statement was formed incorrectly.
        
        To enforce the mysqldump client to create that statement from
        scratch, debugging code has been added to the mysql_execute_command
        function: in tcase of the --loose-debug=d,4x_server_emul option,
        the server returns parse error to client to emulate old behaviour.
        
        The 4x_server_emul test case option has been added for use with the
        DBUG_EXECUTE_IF debugging macro. This option affects debug server
        builds only to emulate particular behavior of a 4.x server for
        the mysqldump client testing. Non-debugging builds are not affected.
      client/mysqldump.c:
        Fixed bug #30126.
        The init_dumping_tables function has been modified to output semicolon
        outside of commentaries.
      ff149b71
  10. 30 Aug, 2007 5 commits
    • unknown's avatar
      Merge weblab.(none):/home/marcsql/TREE/mysql-5.0-base · 3f9be28c
      unknown authored
      into  weblab.(none):/home/marcsql/TREE/mysql-5.0-runtime
      
      
      sql/item_cmpfunc.h:
        Auto merged
      sql/sql_lex.cc:
        Auto merged
      3f9be28c
    • unknown's avatar
      Bug#28587 SELECT is blocked by INSERT waiting on read lock, even with low_priority_updates · bccbd5c4
      unknown authored
      The problem is that a SELECT on one thread is blocked by INSERT ... ON
      DUPLICATE KEY UPDATE on another thread even when low_priority_updates is
      activated.
      
      The solution is to possibly downgrade the lock type to the setting of
      low_priority_updates if the INSERT cannot be concurrent.
      
      
      sql/sql_insert.cc:
        Possibly downgrade lock type to the the setting of low_priority_updates if
        if the INSERT cannot be concurrent.
      bccbd5c4
    • unknown's avatar
      Merge malff@bk-internal.mysql.com:/home/bk/mysql-5.0-runtime · 672c421b
      unknown authored
      into  weblab.(none):/home/marcsql/TREE/mysql-5.0-28779-b
      
      
      672c421b
    • unknown's avatar
      Use double quotes instead of single ones which make the test fail on Windows.... · aef135da
      unknown authored
      Use double quotes instead of single ones which make the test fail on Windows. This is for bug #30164.
      
      
      mysql-test/t/mysql.test:
        Use double quotes instead of single ones which make the test fail on Windows.
      aef135da
    • unknown's avatar
      Bug #30164: Using client side macro inside server side comments generates broken queries · bb986a24
      unknown authored
        
      Problem:
        
      In cases when a client-side macro appears inside a server-side comment, the add_line() function in mysql.cc discarded all characters until the next delimiter to remove macro arguments from the query string. This resulted in broken queries being sent to the server when the next delimiter character appeared past the comment's boundaries, because the comment closing sequence ('*/') was discarded.
        
      Fix:
        
      If a client-side macro appears inside a server-side comment, discard all characters in the comment after the macro (that is, until the end of the comment rather than the next delimiter).
      This is a minimal fix to allow only simple cases used by the mysqlbinlog utility. Limitations that are worth documenting:
        
      - Nested server-side and/or client-side comments are not supported by mysql.cc
      - Using client-side macros in multi-line server-side comments is not supported
      - All characters after a client-side macro in a server-side comment will be omitted from the query string (and thus, will not be sent to server).
      
      
      client/mysql.cc:
        If a client-side macro appears inside a server-side comment, discard all characters in the comment after the macro.
      mysql-test/r/mysql.result:
        Added a test case for bug #30164.
      mysql-test/t/mysql.test:
        Added a test case for bug #30164.
      bb986a24
  11. 29 Aug, 2007 14 commits