test_if_data_home_dir fixed to look into real path.
Checks added to mi_open for symlinks into data home directory.
per-file messages:
include/my_sys.h
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
my_is_symlink interface added
include/myisam.h
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
myisam_test_invalid_symlink interface added
myisam/mi_check.c
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
mi_open_datafile calls modified
myisam/mi_open.c
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
code added to mi_open to check for symlinks into data home directory.
mi_open_datafile now accepts 'original' file path to check if it's
an allowed symlink.
myisam/mi_static.c
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
myisam_test_invlaid_symlink defined
myisam/myisamchk.c
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
mi_open_datafile call modified
myisam/myisamdef.h
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
mi_open_datafile interface modified - 'real_path' parameter added
mysql-test/r/symlink.test
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
error codes corrected as some patch now rejected pointing inside datahome
mysql-test/r/symlink.result
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
error messages corrected in the result
mysys/my_symlink.c
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
my_is_symlink() implementsd
my_realpath() now returns the 'realpath' even if a file isn't a symlink
sql/mysql_priv.h
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
test_if_data_home_dir interface
sql/mysqld.cc
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
myisam_test_invalid_symlik set with the 'test_if_data_home_dir'
sql/sql_parse.cc
Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
error messages corrected
test_if_data_home_dir code fixed
added new function test_if_data_home_dir() which checks that
path does not contain mysql data home directory.
Using of mysql data home directory in
DATA DIRECTORY & INDEX DIRECTORY is disallowed.
RENAME TABLE against a table with DATA/INDEX DIRECTORY overwrites
the file to which the symlink points.
This is security issue, because it is possible to create a table with
some name in some non-system database and set DATA/INDEX DIRECTORY
to mysql system database. Renaming this table to one of mysql system
tables (e.g. user, host) would overwrite the system table.
Return an error when the file to which the symlink points exist.
- When this bug was corrected it changed the behavior
for data/index directory in the myisam test case.
- This patch moves the OS depending tests to a non-windows
test file.
Fixed problem with char > 128 in QUOTE() function. (Bug #1868)
Disable creation of symlinks if my_disable_symlink is set
Fixed searching of TEXT with end space. (Bug #1651)
Fixed caching bug in multi-table-update where same table was used twice. (Bug #1711)
Fixed problem with UNIX_TIMESTAMP() for timestamps close to 0. (Bug #1998)
Fixed timestamp.test
Cleaned up (and disabled part of) date/time/datetime format patch. One can't anymore change default read/write date/time/formats.
This is becasue the non standard datetime formats can't be compared as strings and MySQL does still a lot of datetime comparisons as strings
Changed flag argument to str_to_TIME() and get_date() from bool to uint
Removed THD from str_to_xxxx functions and Item class.
Fixed core dump when doing --print-defaults
Move some common string functions to strfunc.cc
Dates as strings are now of type my_charset_bin instead of default_charset()
Introduce IDENT_QUOTED to not have to create an extra copy of simple identifiers (all chars < 128)
Removed xxx_FORMAT_TYPE enums and replaced them with the old TIMESTAMP_xxx enums
Renamed some TIMESTAMP_xxx enums to more appropriate names
Use defines instead of integers for date/time/datetime string lengths
Added to build system and use the new my_strtoll10() function.
Fixed error number handling bug in mysqltest.
Fixed that error number from insert delayed is reported correctly.
merged new vio code with old violite code.
