aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSunil Kumar <sukumar@mvista.com>2017-03-28 13:23:31 +0530
committerArmin Kuster <akuster808@gmail.com>2017-11-16 15:36:05 -0800
commit242345d61dfd1546a4371d3ddabdf1cb7baa69c2 (patch)
tree32400dd2ec2324e7c823b9d1f4070491a07ecf0c
parentd3eef0b4716dac147f5f4d1bcdfc49021f698790 (diff)
downloadmeta-openembedded-contrib-akuster/morty-next.tar.gz
meta-openembedded-contrib-akuster/morty-next.tar.bz2
meta-openembedded-contrib-akuster/morty-next.zip
mariadb: Security fix for CVE-2016-6664akuster/morty-next
Source: https://github.com/MariaDB/server.git MR: 69290 Type: Security Fix Disposition: Backport from mariadb-5.5.54~4 ChangeID: 8fcdd6b0ecbb966f4479856efe93a963a7a422f7 Description: CVE-2016-6664 Signed-off-by: Sunil Kumar <sukumar@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/recipes-support/mysql/mariadb.inc3
-rw-r--r--meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch277
-rw-r--r--meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch58
-rw-r--r--meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch430
4 files changed, 768 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/mysql/mariadb.inc b/meta-oe/recipes-support/mysql/mariadb.inc
index f3eb4c77ed..6662f4caf9 100644
--- a/meta-oe/recipes-support/mysql/mariadb.inc
+++ b/meta-oe/recipes-support/mysql/mariadb.inc
@@ -17,6 +17,9 @@ SRC_URI = "http://downloads.mariadb.com/MariaDB/mariadb-${PV}/source/mariadb-${P
file://fix-a-building-failure.patch \
file://change-cc-to-cc-version.patch \
file://0001-disable-ucontext-on-musl.patch \
+ file://CVE-2016-6664_p1.patch \
+ file://CVE-2016-6664_p2.patch \
+ file://CVE-2016-6664_p3.patch \
"
SRC_URI[md5sum] = "fca86f1eaed2163b4bdce4f98f472324"
SRC_URI[sha256sum] = "e142f9459507b97c5848042863b313ce70750118446bb4e35e5c07fe66007293"
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch
new file mode 100644
index 0000000000..e8b0a84ce9
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p1.patch
@@ -0,0 +1,277 @@
+From af4f1bd59b38e3172b882107c49b8612537f4f4f Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Tue, 20 Dec 2016 15:17:59 +0100
+Subject: [PATCH 1/3] move check_user/set_user from mysqld.cc to mysys
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#1
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ include/my_sys.h | 4 +++
+ mysys/CMakeLists.txt | 4 +--
+ mysys/my_setuser.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ sql/mysqld.cc | 83 +++++++---------------------------------------------
+ 4 files changed, 98 insertions(+), 74 deletions(-)
+ create mode 100644 mysys/my_setuser.c
+
+diff --git a/include/my_sys.h b/include/my_sys.h
+index 7e37fe598bd..756a40c72f6 100644
+--- a/include/my_sys.h
++++ b/include/my_sys.h
+@@ -602,8 +602,12 @@ extern void *my_memmem(const void *haystack, size_t haystacklen,
+
+ #ifdef _WIN32
+ extern int my_access(const char *path, int amode);
++#define my_check_user(A,B) (NULL)
++#define my_set_user(A,B,C) (0)
+ #else
+ #define my_access access
++struct passwd *my_check_user(const char *user, myf MyFlags);
++int my_set_user(const char *user, struct passwd *user_info, myf MyFlags);
+ #endif
+
+ extern int check_if_legal_filename(const char *path);
+diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt
+index 06a811f0994..cb86850c2de 100644
+--- a/mysys/CMakeLists.txt
++++ b/mysys/CMakeLists.txt
+@@ -34,7 +34,7 @@ SET(MYSYS_SOURCES array.c charset-def.c charset.c checksum.c default.c
+ rijndael.c sha1.c string.c thr_alarm.c thr_lock.c thr_mutex.c
+ thr_rwlock.c tree.c typelib.c base64.c my_memmem.c my_getpagesize.c
+ lf_alloc-pin.c lf_dynarray.c lf_hash.c
+- safemalloc.c my_new.cc
++ safemalloc.c my_new.cc
+ my_atomic.c my_getncpus.c my_safehash.c my_chmod.c my_rnd.c
+ my_uuid.c wqueue.c waiting_threads.c ma_dyncol.c
+ my_rdtsc.c my_context.c file_logger.c)
+@@ -44,7 +44,7 @@ IF (WIN32)
+ ENDIF()
+
+ IF(UNIX)
+- SET (MYSYS_SOURCES ${MYSYS_SOURCES} my_addr_resolve.c)
++ SET (MYSYS_SOURCES ${MYSYS_SOURCES} my_addr_resolve.c my_setuser.c)
+ ENDIF()
+
+ IF(HAVE_ALARM)
+diff --git a/mysys/my_setuser.c b/mysys/my_setuser.c
+new file mode 100644
+index 00000000000..1f3e7770d4c
+--- /dev/null
++++ b/mysys/my_setuser.c
+@@ -0,0 +1,81 @@
++#include <my_global.h>
++#include <m_string.h>
++#include <my_sys.h>
++#include <my_pthread.h>
++#ifdef HAVE_PWD_H
++#include <pwd.h>
++#endif
++#ifdef HAVE_GRP_H
++#include <grp.h>
++#endif
++
++struct passwd *my_check_user(const char *user, myf MyFlags)
++{
++ struct passwd *user_info;
++ uid_t user_id= geteuid();
++ DBUG_ENTER("my_check_user");
++
++ // Don't bother if we aren't superuser
++ if (user_id)
++ {
++ if (user)
++ {
++ /* Don't give a warning, if real user is same as given with --user */
++ user_info= getpwnam(user);
++ if (!user_info || user_id != user_info->pw_uid)
++ {
++ my_errno= EPERM;
++ if (MyFlags & MY_WME)
++ my_printf_error(my_errno, "One can only use the --user switch if "
++ "running as root", MYF(ME_JUST_WARNING|ME_NOREFRESH));
++ }
++ }
++ DBUG_RETURN(NULL);
++ }
++ if (!user)
++ {
++ if (MyFlags & MY_FAE)
++ {
++ my_errno= EINVAL;
++ my_printf_error(my_errno, "Please consult the Knowledge Base to find "
++ "out how to run mysqld as root!", MYF(ME_NOREFRESH));
++ }
++ DBUG_RETURN(NULL);
++ }
++ if (!strcmp(user,"root"))
++ DBUG_RETURN(NULL);
++
++ if (!(user_info= getpwnam(user)))
++ {
++ // Allow a numeric uid to be used
++ int err= 0;
++ user_id= my_strtoll10(user, NULL, &err);
++ if (err || !(user_info= getpwuid(user_id)))
++ {
++ my_errno= EINVAL;
++ my_printf_error(my_errno, "Can't change to run as user '%s'. Please "
++ "check that the user exists!", MYF(ME_NOREFRESH), user);
++ DBUG_RETURN(NULL);
++ }
++ }
++ DBUG_ASSERT(user_info);
++ DBUG_RETURN(user_info);
++}
++
++int my_set_user(const char *user, struct passwd *user_info, myf MyFlags)
++{
++ DBUG_ENTER("my_set_user");
++
++ DBUG_ASSERT(user_info != 0);
++#ifdef HAVE_INITGROUPS
++ initgroups(user, user_info->pw_gid);
++#endif
++ if (setgid(user_info->pw_gid) == -1 || setuid(user_info->pw_uid) == -1)
++ {
++ my_errno= errno;
++ if (MyFlags & MY_WME)
++ my_error(my_errno, MYF(ME_NOREFRESH));
++ DBUG_RETURN(my_errno);
++ }
++ DBUG_RETURN(0);
++}
+diff --git a/sql/mysqld.cc b/sql/mysqld.cc
+index 3ad7b84829d..dd961ec20f0 100644
+--- a/sql/mysqld.cc
++++ b/sql/mysqld.cc
+@@ -121,10 +121,7 @@ extern "C" { // Because of SCO 3.2V4.2
+ #include <sysent.h>
+ #endif
+ #ifdef HAVE_PWD_H
+-#include <pwd.h> // For getpwent
+-#endif
+-#ifdef HAVE_GRP_H
+-#include <grp.h>
++#include <pwd.h> // For struct passwd
+ #endif
+ #include <my_net.h>
+
+@@ -455,9 +452,7 @@ ulong opt_binlog_rows_event_max_size;
+ my_bool opt_master_verify_checksum= 0;
+ my_bool opt_slave_sql_verify_checksum= 1;
+ const char *binlog_format_names[]= {"MIXED", "STATEMENT", "ROW", NullS};
+-#ifdef HAVE_INITGROUPS
+ volatile sig_atomic_t calling_initgroups= 0; /**< Used in SIGSEGV handler. */
+-#endif
+ uint mysqld_port, test_flags, select_errors, dropping_tables, ha_open_options;
+ uint mysqld_extra_port;
+ uint mysqld_port_timeout;
+@@ -2007,59 +2002,18 @@ static void set_ports()
+
+ static struct passwd *check_user(const char *user)
+ {
+-#if !defined(__WIN__)
+- struct passwd *tmp_user_info;
+- uid_t user_id= geteuid();
++ myf flags= 0;
++ if (global_system_variables.log_warnings)
++ flags|= MY_WME;
++ if (!opt_bootstrap && !opt_help)
++ flags|= MY_FAE;
+
+- // Don't bother if we aren't superuser
+- if (user_id)
+- {
+- if (user)
+- {
+- /* Don't give a warning, if real user is same as given with --user */
+- /* purecov: begin tested */
+- tmp_user_info= getpwnam(user);
+- if ((!tmp_user_info || user_id != tmp_user_info->pw_uid) &&
+- global_system_variables.log_warnings)
+- sql_print_warning(
+- "One can only use the --user switch if running as root\n");
+- /* purecov: end */
+- }
+- return NULL;
+- }
+- if (!user)
+- {
+- if (!opt_bootstrap && !opt_help)
+- {
+- sql_print_error("Fatal error: Please consult the Knowledge Base "
+- "to find out how to run mysqld as root!\n");
+- unireg_abort(1);
+- }
+- return NULL;
+- }
+- /* purecov: begin tested */
+- if (!strcmp(user,"root"))
+- return NULL; // Avoid problem with dynamic libraries
++ struct passwd *tmp_user_info= my_check_user(user, MYF(flags));
+
+- if (!(tmp_user_info= getpwnam(user)))
+- {
+- // Allow a numeric uid to be used
+- const char *pos;
+- for (pos= user; my_isdigit(mysqld_charset,*pos); pos++) ;
+- if (*pos) // Not numeric id
+- goto err;
+- if (!(tmp_user_info= getpwuid(atoi(user))))
+- goto err;
+- }
++ if (!tmp_user_info && my_errno==EINVAL && (flags & MY_FAE))
++ unireg_abort(1);
+
+ return tmp_user_info;
+- /* purecov: end */
+-
+-err:
+- sql_print_error("Fatal error: Can't change to run as user '%s' ; Please check that the user exists!\n",user);
+- unireg_abort(1);
+-#endif
+- return NULL;
+ }
+
+ static inline void allow_coredumps()
+@@ -2076,10 +2030,6 @@ static inline void allow_coredumps()
+
+ static void set_user(const char *user, struct passwd *user_info_arg)
+ {
+- /* purecov: begin tested */
+-#if !defined(__WIN__)
+- DBUG_ASSERT(user_info_arg != 0);
+-#ifdef HAVE_INITGROUPS
+ /*
+ We can get a SIGSEGV when calling initgroups() on some systems when NSS
+ is configured to use LDAP and the server is statically linked. We set
+@@ -2087,22 +2037,11 @@ static void set_user(const char *user, struct passwd *user_info_arg)
+ output a specific message to help the user resolve this problem.
+ */
+ calling_initgroups= 1;
+- initgroups((char*) user, user_info_arg->pw_gid);
++ int res= my_set_user(user, user_info_arg, MYF(MY_WME));
+ calling_initgroups= 0;
+-#endif
+- if (setgid(user_info_arg->pw_gid) == -1)
+- {
+- sql_perror("setgid");
+- unireg_abort(1);
+- }
+- if (setuid(user_info_arg->pw_uid) == -1)
+- {
+- sql_perror("setuid");
++ if (res)
+ unireg_abort(1);
+- }
+ allow_coredumps();
+-#endif
+- /* purecov: end */
+ }
+
+
+--
+2.11.1
+
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch
new file mode 100644
index 0000000000..3c466185b4
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p2.patch
@@ -0,0 +1,58 @@
+From 7e4faa6aa71e84193a3fd9a40cfa6fca0c52d496 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 29 Sep 2016 10:16:24 +0200
+Subject: [PATCH 2/3] mysqld_safe: close stdout and stderr
+
+when they're not needed anymore. Helps when
+daemonizing it from mysql.init
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#2
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ scripts/mysqld_safe.sh | 6 +++++-
+ support-files/mysql.server.sh | 2 +-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
+index 7f18abb3dc2..7cadce725d1 100644
+--- a/scripts/mysqld_safe.sh
++++ b/scripts/mysqld_safe.sh
+@@ -620,6 +620,10 @@ else
+ logging=syslog
+ fi
+
++# close stdout and stderr, everything goes to $logging now
++exec 1>&-
++exec 2>&-
++
+ USER_OPTION=""
+ if test -w / -o "$USER" = "root"
+ then
+@@ -650,7 +654,7 @@ if [ ! -d $mysql_unix_port_dir ]
+ then
+ if ! `mkdir -p $mysql_unix_port_dir`
+ then
+- echo "Fatal error Can't create database directory '$mysql_unix_port'"
++ log_error "Fatal error Can't create database directory '$mysql_unix_port'"
+ exit 1
+ fi
+ chown $user $mysql_unix_port_dir
+diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh
+index e5c8814f930..d4fff33af13 100644
+--- a/support-files/mysql.server.sh
++++ b/support-files/mysql.server.sh
+@@ -308,7 +308,7 @@ case "$mode" in
+ then
+ # Give extra arguments to mysqld with the my.cnf file. This script
+ # may be overwritten at next upgrade.
+- $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null &
++ $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args &
+ wait_for_ready; return_value=$?
+
+ # Make lock for RedHat / SuSE
+--
+2.11.1
+
diff --git a/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
new file mode 100644
index 0000000000..5cfea7a2be
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/CVE-2016-6664_p3.patch
@@ -0,0 +1,430 @@
+From e90cb0acd45bf58d36abf78d01d60ed597982835 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Tue, 20 Dec 2016 21:16:23 +0100
+Subject: [PATCH 3/3] Numerous issues in mysqld_safe
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-6664 patch#3
+
+Signed-off-by: Sunil Kumar <sukumar@mvista.com>
+---
+ .gitignore | 1 +
+ debian/dist/Debian/mariadb-server-5.5.files.in | 1 +
+ debian/dist/Ubuntu/mariadb-server-5.5.files.in | 1 +
+ extra/CMakeLists.txt | 3 +
+ extra/mysqld_safe_helper.c | 77 ++++++++++++++++++
+ scripts/mysqld_safe.sh | 107 ++++++++++---------------
+ support-files/mysql.server.sh | 8 +-
+ 7 files changed, 128 insertions(+), 70 deletions(-)
+ create mode 100644 extra/mysqld_safe_helper.c
+
+diff --git a/.gitignore b/.gitignore
+index c3d50ee335b..9229a6345fc 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -49,6 +49,7 @@ extra/jemalloc/build/
+ extra/jemalloc/tmp/
+ extra/my_print_defaults
+ extra/mysql_waitpid
++extra/mysqld_safe_helper
+ extra/perror
+ extra/replace
+ extra/resolve_stack_dump
+diff --git a/debian/dist/Debian/mariadb-server-5.5.files.in b/debian/dist/Debian/mariadb-server-5.5.files.in
+index c1ea58740e4..47a9887b075 100644
+--- a/debian/dist/Debian/mariadb-server-5.5.files.in
++++ b/debian/dist/Debian/mariadb-server-5.5.files.in
+@@ -32,6 +32,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/debian/dist/Ubuntu/mariadb-server-5.5.files.in b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+index 7f75ccc2303..5182dd76346 100644
+--- a/debian/dist/Ubuntu/mariadb-server-5.5.files.in
++++ b/debian/dist/Ubuntu/mariadb-server-5.5.files.in
+@@ -34,6 +34,7 @@ usr/bin/mysql_zap
+ usr/bin/mysqlbinlog
+ usr/bin/mysqld_multi
+ usr/bin/mysqld_safe
++usr/bin/mysqld_safe_helper
+ usr/bin/mysqlhotcopy
+ usr/bin/perror
+ usr/bin/replace
+diff --git a/extra/CMakeLists.txt b/extra/CMakeLists.txt
+index f8f71b00743..7f47f878110 100644
+--- a/extra/CMakeLists.txt
++++ b/extra/CMakeLists.txt
+@@ -82,4 +82,7 @@ IF(UNIX)
+
+ MYSQL_ADD_EXECUTABLE(mysql_waitpid mysql_waitpid.c COMPONENT Client)
+ TARGET_LINK_LIBRARIES(mysql_waitpid mysys)
++
++ MYSQL_ADD_EXECUTABLE(mysqld_safe_helper mysqld_safe_helper.c COMPONENT Server)
++ TARGET_LINK_LIBRARIES(mysqld_safe_helper mysys)
+ ENDIF()
+diff --git a/extra/mysqld_safe_helper.c b/extra/mysqld_safe_helper.c
+new file mode 100644
+index 00000000000..09e507c6e1c
+--- /dev/null
++++ b/extra/mysqld_safe_helper.c
+@@ -0,0 +1,77 @@
++#include <my_global.h>
++#include <m_string.h>
++#include <my_sys.h>
++#include <my_pthread.h>
++#ifdef HAVE_PWD_H
++#include <pwd.h>
++#endif
++#include <stdlib.h>
++#include <stdio.h>
++
++void my_exit(int c)
++{
++ my_end(0);
++ exit(c);
++}
++
++void do_usage()
++{
++ printf("Usage:\n"
++ " %s <user> log <filename>\n"
++ " %s <user> exec <command> <args>\n",
++ my_progname, my_progname);
++ my_exit(1);
++}
++
++void do_log(const char *logfile)
++{
++ FILE *f;
++ uchar buf[4096];
++ int size;
++
++ if (!logfile)
++ do_usage();
++
++ f= my_fopen(logfile, O_WRONLY|O_APPEND|O_CREAT, MYF(MY_WME));
++ if (!f)
++ my_exit(1);
++
++ while ((size= my_fread(stdin, buf, sizeof(buf), MYF(MY_WME))) > 0)
++ if ((int)my_fwrite(f, buf, size, MYF(MY_WME)) != size)
++ my_exit(1);
++
++ my_fclose(f, MYF(0));
++ my_exit(0);
++}
++
++void do_exec(char *args[])
++{
++ if (!args[0])
++ do_usage();
++
++ my_end(0);
++ execvp(args[0], args);
++}
++
++int main(int argc, char *argv[])
++{
++ struct passwd *user_info;
++ MY_INIT(argv[0]);
++
++ if (argc < 3)
++ do_usage(argv[0]);
++
++ user_info= my_check_user(argv[1], MYF(0));
++ if (user_info ? my_set_user(argv[1], user_info, MYF(MY_WME))
++ : my_errno == EINVAL)
++ my_exit(1);
++
++ if (strcmp(argv[2], "log") == 0)
++ do_log(argv[3]);
++
++ if (strcmp(argv[2], "exec") == 0)
++ do_exec(argv+3);
++
++ my_end(0);
++ return 1;
++}
+diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
+index 7cadce725d1..059263fad51 100644
+--- a/scripts/mysqld_safe.sh
++++ b/scripts/mysqld_safe.sh
+@@ -20,6 +20,7 @@ mysqld_ld_preload=
+ mysqld_ld_library_path=
+ flush_caches=0
+ numa_interleave=0
++unsafe_my_cnf=0
+
+ # Initial logging status: error log is not open, and not using syslog
+ logging=init
+@@ -128,6 +129,18 @@ my_which ()
+ return $ret # Success
+ }
+
++find_in_bin() {
++ if test -x "$MY_BASEDIR_VERSION/bin/$1"
++ then
++ echo "$MY_BASEDIR_VERSION/bin/$1"
++ elif test -x "@bindir@/$1"
++ then
++ echo "@bindir@/$1"
++ else
++ echo "$1"
++ fi
++}
++
+ log_generic () {
+ priority="$1"
+ shift
+@@ -136,7 +149,7 @@ log_generic () {
+ echo "$msg"
+ case $logging in
+ init) ;; # Just echo the message, don't save it anywhere
+- file) echo "$msg" >> "$err_log" ;;
++ file) echo "$msg" | "$helper" "$user" log "$err_log" ;;
+ syslog) logger -t "$syslog_tag_mysqld_safe" -p "$priority" "$*" ;;
+ *)
+ echo "Internal program error (non-fatal):" \
+@@ -156,7 +169,7 @@ log_notice () {
+ eval_log_error () {
+ cmd="$1"
+ case $logging in
+- file) cmd="$cmd >> "`shell_quote_string "$err_log"`" 2>&1" ;;
++ file) cmd="$cmd 2>&1 | "`shell_quote_string "$helper"`" $user log "`shell_quote_string "$err_log"` ;;
+ syslog)
+ # mysqld often prefixes its messages with a timestamp, which is
+ # redundant when logging to syslog (which adds its own timestamp)
+@@ -190,6 +203,13 @@ shell_quote_string() {
+ echo "$1" | sed -e 's,\([^a-zA-Z0-9/_.=-]\),\\\1,g'
+ }
+
++check_executable_location() {
++ if test "$unsafe_my_cnf" = 1 -a "$unrecognized_handling" != collect; then
++ log_error "Cannot accept $1 from a config file, when my.cnf is in the datadir"
++ exit 1
++ fi
++}
++
+ parse_arguments() {
+ for arg do
+ # the parameter after "=", or the whole $arg if no match
+@@ -200,7 +220,6 @@ parse_arguments() {
+ optname_subst=`echo "$optname" | sed 's/_/-/g'`
+ arg=`echo $arg | sed "s/^$optname/$optname_subst/"`
+ case "$arg" in
+- --crash-script=*) CRASH_SCRIPT="$val" ;;
+ # these get passed explicitly to mysqld
+ --basedir=*) MY_BASEDIR_VERSION="$val" ;;
+ --datadir=*|--data=*) DATADIR="$val" ;;
+@@ -220,12 +239,14 @@ parse_arguments() {
+
+ # mysqld_safe-specific options - must be set in my.cnf ([mysqld_safe])!
+ --core-file-size=*) core_file_size="$val" ;;
+- --ledir=*) ledir="$val" ;;
+- --malloc-lib=*) set_malloc_lib "$val" ;;
+- --mysqld=*) MYSQLD="$val" ;;
++ --ledir=*) check_executable_location "$arg" ; ledir="$val" ;;
++ --malloc-lib=*) check_executable_location "$arg"; set_malloc_lib "$val" ;;
++ --crash-script=*) check_executable_location "$arg"; crash_script="$val" ;;
++ --mysqld=*) check_executable_location "$arg"; MYSQLD="$val" ;;
+ --mysqld-version=*)
+ if test -n "$val"
+ then
++ check_executable_location "$arg"
+ MYSQLD="mysqld-$val"
+ PLUGIN_VARIANT="/$val"
+ else
+@@ -385,15 +406,8 @@ set_malloc_lib() {
+ # First, try to find BASEDIR and ledir (where mysqld is)
+ #
+
+-if echo '@pkgdatadir@' | grep '^@prefix@' > /dev/null
+-then
+- relpkgdata=`echo '@pkgdatadir@' | sed -e 's,^@prefix@,,' -e 's,^/,,' -e 's,^,./,'`
+-else
+- # pkgdatadir is not relative to prefix
+- relpkgdata='@pkgdatadir@'
+-fi
+-
+-MY_PWD=`pwd`
++MY_PWD=`dirname $0`
++MY_PWD=`cd "$MY_PWD"/.. && pwd`
+ # Check for the directories we would expect from a binary release install
+ if test -n "$MY_BASEDIR_VERSION" -a -d "$MY_BASEDIR_VERSION"
+ then
+@@ -409,16 +423,16 @@ then
+ else
+ ledir="$MY_BASEDIR_VERSION/bin"
+ fi
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/bin/mysqld"
++elif test -x "$MY_PWD/bin/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where bin, share and data are
+ ledir="$MY_PWD/bin" # Where mysqld is
+ # Check for the directories we would expect from a source install
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/libexec/mysqld"
++elif test -x "$MY_PWD/libexec/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where libexec, share and var are
+ ledir="$MY_PWD/libexec" # Where mysqld is
+-elif test -f "$relpkgdata"/english/errmsg.sys -a -x "$MY_PWD/sbin/mysqld"
++elif test -x "$MY_PWD/sbin/mysqld"
+ then
+ MY_BASEDIR_VERSION="$MY_PWD" # Where sbin, share and var are
+ ledir="$MY_PWD/sbin" # Where mysqld is
+@@ -428,6 +442,8 @@ else
+ ledir='@libexecdir@'
+ fi
+
++helper=`find_in_bin mysqld_safe_helper`
++print_defaults=`find_in_bin my_print_defaults`
+
+ #
+ # Second, try to find the data directory
+@@ -465,6 +481,7 @@ IGNORING $DATADIR/my.cnf"
+ log_error "WARNING: Found $DATADIR/my.cnf
+ The data directory is a deprecated location for my.cnf, please move it to
+ $MY_BASEDIR_VERSION/my.cnf"
++ unsafe_my_cnf=1
+ MYSQL_HOME=$DATADIR
+ else
+ MYSQL_HOME=$MY_BASEDIR_VERSION
+@@ -472,34 +489,15 @@ $MY_BASEDIR_VERSION/my.cnf"
+ fi
+ export MYSQL_HOME
+
+-
+-# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
+-# and then merge with the command line arguments
+-if test -x "$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-then
+- print_defaults="$MY_BASEDIR_VERSION/bin/my_print_defaults"
+-elif test -x `dirname $0`/my_print_defaults
+-then
+- print_defaults="`dirname $0`/my_print_defaults"
+-elif test -x ./bin/my_print_defaults
+-then
+- print_defaults="./bin/my_print_defaults"
+-elif test -x @bindir@/my_print_defaults
+-then
+- print_defaults="@bindir@/my_print_defaults"
+-elif test -x @bindir@/mysql_print_defaults
+-then
+- print_defaults="@bindir@/mysql_print_defaults"
+-else
+- print_defaults="my_print_defaults"
+-fi
+-
+ append_arg_to_args () {
+ args="$args "`shell_quote_string "$1"`
+ }
+
+ args=
+
++# Get first arguments from the my.cnf file, groups [mysqld] and [mysqld_safe]
++# and then merge with the command line arguments
++
+ SET_USER=2
+ parse_arguments `$print_defaults $defaults --loose-verbose --mysqld`
+ if test $SET_USER -eq 2
+@@ -603,11 +601,6 @@ then
+ log_notice "Logging to '$err_log'."
+ logging=file
+
+- if [ ! -f "$err_log" ]; then # if error log already exists,
+- touch "$err_log" # we just append. otherwise,
+- chmod "$fmode" "$err_log" # fix the permissions here!
+- fi
+-
+ else
+ if [ -n "$syslog_tag" ]
+ then
+@@ -620,10 +613,6 @@ else
+ logging=syslog
+ fi
+
+-# close stdout and stderr, everything goes to $logging now
+-exec 1>&-
+-exec 2>&-
+-
+ USER_OPTION=""
+ if test -w / -o "$USER" = "root"
+ then
+@@ -631,11 +620,6 @@ then
+ then
+ USER_OPTION="--user=$user"
+ fi
+- # Change the err log to the right user, if it is in use
+- if [ $want_syslog -eq 0 ]; then
+- touch "$err_log"
+- chown $user "$err_log"
+- fi
+ if test -n "$open_files"
+ then
+ ulimit -n $open_files
+@@ -879,6 +863,10 @@ max_fast_restarts=5
+ # flag whether a usable sleep command exists
+ have_sleep=1
+
++# close stdout and stderr, everything goes to $logging now
++exec 1>&-
++exec 2>&-
++
+ while true
+ do
+ rm -f "$pid_file" # Some extra safety
+@@ -886,13 +874,6 @@ do
+ start_time=`date +%M%S`
+
+ eval_log_error "$cmd"
+-
+- if [ $want_syslog -eq 0 -a ! -f "$err_log" ]; then
+- touch "$err_log" # hypothetical: log was renamed but not
+- chown $user "$err_log" # flushed yet. we'd recreate it with
+- chmod "$fmode" "$err_log" # wrong owner next time we log, so set
+- fi # it up correctly while we can!
+-
+ end_time=`date +%M%S`
+
+ if test ! -f "$pid_file" # This is removed if normal shutdown
+@@ -956,9 +937,9 @@ do
+ done
+ fi
+ log_notice "mysqld restarted"
+- if test -n "$CRASH_SCRIPT"
++ if test -n "$crash_script"
+ then
+- crash_script_output=`$CRASH_SCRIPT 2>&1`
++ crash_script_output=`$crash_script 2>&1`
+ log_error "$crash_script_output"
+ fi
+ done
+diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh
+index 8fb217e4136..c77d3a26168 100644
+--- a/support-files/mysql.server.sh
++++ b/support-files/mysql.server.sh
+@@ -157,15 +157,9 @@ parse_server_arguments() {
+
+ # Get arguments from the my.cnf file,
+ # the only group, which is read from now on is [mysqld]
+-if test -x ./bin/my_print_defaults
+-then
+- print_defaults="./bin/my_print_defaults"
+-elif test -x $bindir/my_print_defaults
++if test -x $bindir/my_print_defaults
+ then
+ print_defaults="$bindir/my_print_defaults"
+-elif test -x $bindir/mysql_print_defaults
+-then
+- print_defaults="$bindir/mysql_print_defaults"
+ else
+ # Try to find basedir in /etc/my.cnf
+ conf=/etc/my.cnf
+--
+2.11.1
+