List:Commits« Previous MessageNext Message »
From:paul Date:April 17 2008 7:11pm
Subject:svn commit - mysqldoc@docsrva: r10520 - in trunk: . dynamic-docs/changelog it/refman-5.1 pt/refman-5.1 refman-5.1 refman-6.0
View as plain text  
Author: paul
Date: 2008-04-17 19:11:39 +0200 (Thu, 17 Apr 2008)
New Revision: 10520

Log:
 r30818@arctic:  paul | 2008-04-17 12:11:44 -0500
 Document bugfixes:
 Bug#29605: --local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response
 Bug#34053: normal users can enable innodb_monitor logging


Modified:
   trunk/dynamic-docs/changelog/mysqld-1.xml
   trunk/it/refman-5.1/se-innodb-core.xml
   trunk/pt/refman-5.1/se-innodb-core.xml
   trunk/refman-5.1/se-innodb-core.xml
   trunk/refman-6.0/se-innodb-core.xml

Property changes on: trunk
___________________________________________________________________
Name: svk:merge
   - 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:35828
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:30781
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:30781
   + 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:35828
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:30781
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:30818


Modified: trunk/dynamic-docs/changelog/mysqld-1.xml
===================================================================
--- trunk/dynamic-docs/changelog/mysqld-1.xml	2008-04-17 15:00:58 UTC (rev 10519)
+++ trunk/dynamic-docs/changelog/mysqld-1.xml	2008-04-17 17:11:39 UTC (rev 10520)
Changed blocks: 1, Lines Added: 80, Lines Deleted: 0; 2395 bytes

@@ -16691,4 +16691,84 @@
 
   </logentry>
 
+  <logentry entrytype="bug">
+
+    <tags>
+      <highlight type="securityfix"/>
+      <manual type="LOAD DATA LOCAL INFILE"/>
+      <manual type="FETCH LOCAL FILE"/>
+    </tags>
+
+    <bugs>
+      <fixes bugid="29605"/>
+    </bugs>
+
+    <versions>
+      <version ver="5.1.24"/>
+      <version ver="6.0.5"/>
+    </versions>
+
+    <message>
+
+      <para>
+        A client that connects to a malicious server could be tricked by
+        the server into sending files from the client host to the
+        server. This occurs because the
+        <literal>libmysqlclient</literal> client library would respond
+        to a <literal>FETCH LOCAL FILE</literal> request from the server
+        even if the request is sent for statements from the client other
+        than <literal>LOAD DATA LOCAL INFILE</literal>. The client
+        library has been modified to respond to a <literal>FETCH LOCAL
+        FILE</literal> request from the server only if is is sent in
+        response to a <literal>LOAD DATA LOCAL INFILE</literal>
+        statement from the client.
+      </para>
+
+      <para>
+        The client library now also checks whether
+        <literal>CLIENT_LOCAL_FILE</literal> is set and refuses to send
+        a local file if not.
+      </para>
+
+      <note>
+        <para>
+          Binary distributions ship with the
+          <literal>local-infile</literal> capability enabled.
+          Applications that do not use this functionality should disable
+          it to be safe.
+        </para>
+      </note>
+
+    </message>
+
+  </logentry>
+
+  <logentry entrytype="feature">
+
+    <tags>
+      <manual type="InnoDB monitors"/>
+    </tags>
+
+    <bugs>
+      <fixes bugid="34053"/>
+    </bugs>
+
+    <versions>
+      <version ver="5.1.24"/>
+      <version ver="6.0.5"/>
+    </versions>
+
+    <message>
+
+      <para>
+        The <literal>PROCESS</literal> privilege now is required to
+        start or stop the InnoDB monitor tables (see
+        linkend="innodb-monitor"/>). Previously, no privilege was
+        required.
+      </para>
+
+    </message>
+
+  </logentry>
+
 </changelog>


Modified: trunk/it/refman-5.1/se-innodb-core.xml
===================================================================
--- trunk/it/refman-5.1/se-innodb-core.xml	2008-04-17 15:00:58 UTC (rev 10519)
+++ trunk/it/refman-5.1/se-innodb-core.xml	2008-04-17 17:11:39 UTC (rev 10520)
Changed blocks: 1, Lines Added: 6, Lines Deleted: 0; 586 bytes

@@ -6141,6 +6141,12 @@
       </para>
 
       <para>
+        As of MySQL 5.1.24, the <literal>PROCESS</literal> privilege is
+        required to start or stop the <literal>InnoDB</literal> monitor
+        tables.
+      </para>
+
+      <para>
         A sample of <literal>InnoDB</literal> Monitor output:
       </para>
 


Modified: trunk/pt/refman-5.1/se-innodb-core.xml
===================================================================
--- trunk/pt/refman-5.1/se-innodb-core.xml	2008-04-17 15:00:58 UTC (rev 10519)
+++ trunk/pt/refman-5.1/se-innodb-core.xml	2008-04-17 17:11:39 UTC (rev 10520)
Changed blocks: 1, Lines Added: 6, Lines Deleted: 0; 586 bytes

@@ -6141,6 +6141,12 @@
       </para>
 
       <para>
+        As of MySQL 5.1.24, the <literal>PROCESS</literal> privilege is
+        required to start or stop the <literal>InnoDB</literal> monitor
+        tables.
+      </para>
+
+      <para>
         A sample of <literal>InnoDB</literal> Monitor output:
       </para>
 


Modified: trunk/refman-5.1/se-innodb-core.xml
===================================================================
--- trunk/refman-5.1/se-innodb-core.xml	2008-04-17 15:00:58 UTC (rev 10519)
+++ trunk/refman-5.1/se-innodb-core.xml	2008-04-17 17:11:39 UTC (rev 10520)
Changed blocks: 1, Lines Added: 6, Lines Deleted: 0; 577 bytes

@@ -6038,6 +6038,12 @@
       </para>
 
       <para>
+        As of MySQL 5.1.24, the <literal>PROCESS</literal> privilege is
+        required to start or stop the <literal>InnoDB</literal> monitor
+        tables.
+      </para>
+
+      <para>
         A sample of <literal>InnoDB</literal> Monitor output:
       </para>
 


Modified: trunk/refman-6.0/se-innodb-core.xml
===================================================================
--- trunk/refman-6.0/se-innodb-core.xml	2008-04-17 15:00:58 UTC (rev 10519)
+++ trunk/refman-6.0/se-innodb-core.xml	2008-04-17 17:11:39 UTC (rev 10520)
Changed blocks: 1, Lines Added: 6, Lines Deleted: 0; 576 bytes

@@ -5985,6 +5985,12 @@
       </para>
 
       <para>
+        As of MySQL 6.0.5, the <literal>PROCESS</literal> privilege is
+        required to start or stop the <literal>InnoDB</literal> monitor
+        tables.
+      </para>
+
+      <para>
         A sample of <literal>InnoDB</literal> Monitor output:
       </para>
Thread
svn commit - mysqldoc@docsrva: r10520 - in trunk: . dynamic-docs/changelog it/refman-5.1 pt/refman-5.1 refman-5.1 refman-6.0paul17 Apr