From: Date: January 12 2005 11:30pm Subject: bk commit into 4.0 tree (serg:1.2026) List-Archive: http://lists.mysql.com/internals/20600 Message-Id: <20050112223057.97147.qmail@serg.mysql.com> Below is the list of changes that have just been committed into a local 4.0 repository of serg. When serg does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://www.mysql.com/doc/I/n/Installing_source_tree.html ChangeSet 1.2026 05/01/12 23:30:54 serg@stripped +1 -0 Symlink vulnerability fixed. reported by Javier Fernandez-Sanguino Pena and Debian Security Audit Team (http://www.debian.org/security/audit) scripts/mysqlaccess.sh 1.9 05/01/12 23:30:49 serg@stripped +13 -26 Symlink vulnerability fixed. reported by Javier Fernandez-Sanguino Pena and Debian Security Audit Team (http://www.debian.org/security/audit) # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: serg # Host: serg.mylan # Root: /usr/home/serg/Abk/mysql-4.0 --- 1.8/scripts/mysqlaccess.sh Mon Nov 24 17:05:21 2003 +++ 1.9/scripts/mysqlaccess.sh Wed Jan 12 23:30:49 2005 @@ -2,7 +2,7 @@ # **************************** package MySQLaccess; #use strict; -use POSIX qw(tmpnam); +use File::Temp qw(tempfile tmpnam); use Fcntl; BEGIN { @@ -32,7 +32,6 @@ $ACCESS_U_BCK = 'user_backup'; $ACCESS_D_BCK = 'db_backup'; $DIFF = '/usr/bin/diff'; - $TMP_PATH = '/tmp'; #path to writable tmp-directory $MYSQLDUMP = '@bindir@/mysqldump'; #path to mysqldump executable @@ -432,7 +431,7 @@ # no caching on STDOUT $|=1; - $MYSQL_CNF = POSIX::tmpnam(); + $MYSQL_CNF = tmpnam(); %MYSQL_CNF = (client => { }, mysql => { }, mysqldump => { }, @@ -577,8 +576,6 @@ push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL); push(@MySQLaccess::Grant::Error,'not_found_diff') if !(-x $DIFF); push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP); -push(@MySQLaccess::Grant::Error,'not_found_tmp') if !(-d $TMP_PATH); -push(@MySQLaccess::Grant::Error,'write_err_tmp') if !(-w $TMP_PATH); if (@MySQLaccess::Grant::Error) { MySQLaccess::Report::Print_Error_Messages() ; exit 0; @@ -1777,17 +1774,15 @@ @before = sort(@before); @after = sort(@after); - $before = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$"; - $after = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$"; - #$after = "/tmp/t0"; - open(BEFORE,"> $before") || - push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for writing"); - open(AFTER,"> $after") || - push(@MySQLaccess::Report::Errors,"Can't open temporary file $after for writing"); - print BEFORE join("\n",@before); - print AFTER join("\n",@after); - close(BEFORE); - close(AFTER); + ($hb, $before) = tempfile("$MySQLaccess::script.XXXXXX") or + push(@MySQLaccess::Report::Errors,"Can't create temporary file: $!"); + ($ha, $after) = tempfile("$MySQLaccess::script.XXXXXX") or + push(@MySQLaccess::Report::Errors,"Can't create temporary file: $!"); + + print $hb join("\n",@before); + print $ha join("\n",@after); + close $hb; + close $ha; # ---------------------------------- # compute difference @@ -1800,8 +1795,8 @@ # ---------------------------------- # cleanup temp. files - unlink(BEFORE); - unlink(AFTER); + unlink($before); + unlink($after); return \@diffs; } @@ -2316,14 +2311,6 @@ => "The diff program <$MySQLaccess::DIFF> could not be found.\n" ."+ Check your path, or\n" ."+ edit the source of this script to point \$DIFF to the diff program.\n" - ,'not_found_tmp' - => "The temporary directory <$MySQLaccess::TMP_PATH> could not be found.\n" - ."+ create this directory (writeable!), or\n" - ."+ edit the source of this script to point \$TMP_PATH to the right directory.\n" - ,'write_err_tmp' - => "The temporary directory <$MySQLaccess::TMP_PATH> is not writable.\n" - ."+ make this directory writeable!, or\n" - ."+ edit the source of this script to point \$TMP_PATH to another directory.\n" ,'Unrecognized_option' => "Sorry,\n" ."You are using an old version of the mysql-program,\n"