new file mode 100644

@@ -0,0 +1,117 @@

+diff --git a/sql/auth/auth_common.h b/sql/auth/auth_common.h

+index b8a24ed1..023cf06e 100644

+--- a/sql/auth/auth_common.h

+@@ -620,7 +620,8 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list);

+ bool set_and_validate_user_attributes(THD *thd,

+                                       LEX_USER *Str,

+                                       ulong &what_to_set,

+-                                      bool is_privileged_user);

++                                      bool is_privileged_user,

++                                      const char * cmd);

+ 

+ /* sql_auth_cache */

+ int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr);

+diff --git a/sql/auth/sql_authorization.cc b/sql/auth/sql_authorization.cc

+index ef5aeb33..910216d9 100644

+--- a/sql/auth/sql_authorization.cc

+@@ -1321,7 +1321,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,

+     }

+ 

+     if (set_and_validate_user_attributes(thd, Str, what_to_set,

+-                                         is_privileged_user))

++                                         is_privileged_user,

++                                         revoke_grant?"REVOKE":"GRANT"))

+     {

+       result= TRUE;

+       continue;

+@@ -1636,7 +1637,8 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,

+     }

+ 

+     if (set_and_validate_user_attributes(thd, Str, what_to_set,

+-                                         is_privileged_user))

++                                         is_privileged_user,

++                                         revoke_grant?"REVOKE":"GRANT"))

+     {

+       result= TRUE;

+       continue;

+@@ -1887,7 +1889,8 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,

+     }

+ 

+     if (set_and_validate_user_attributes(thd, Str, what_to_set,

+-                                         is_privileged_user))

++                                         is_privileged_user,

++                                         revoke_grant?"REVOKE":"GRANT"))

+     {

+       result= TRUE;

+       continue;

+diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc

+index bb8f5dc8..f1fdca64 100644

+--- a/sql/auth/sql_user.cc

+@@ -396,6 +396,7 @@ err:

+   @param what_to_set  User attributes

+   @param is_privileged_user     Whether caller has CREATE_USER_ACL

+                                 or UPDATE_ACL over mysql.*

++  @param cmd          Command information

+ 

+   @retval 0 ok

+   @retval 1 ERROR;

+@@ -404,7 +405,8 @@ err:

+ bool set_and_validate_user_attributes(THD *thd,

+                                       LEX_USER *Str,

+                                       ulong &what_to_set,

+-                                      bool is_privileged_user)

++                                      bool is_privileged_user,

++                                      const char * cmd)

+ {

+   bool user_exists= false;

+   ACL_USER *acl_user;

+@@ -573,6 +575,17 @@ bool set_and_validate_user_attributes(THD *thd,

+                                              inbuflen))

+     {

+       plugin_unlock(0, plugin);

++

++      /*

++        generate_authentication_string may return error status

++        without setting actual error.

++      */

++      if (!thd->is_error())

++      {

++        String error_user;

++        append_user(thd, &error_user, Str, FALSE, FALSE);

++        my_error(ER_CANNOT_USER, MYF(0), cmd, error_user.c_ptr_safe());

++      }

+       return(1);

+     }

+     if (buflen)

+@@ -758,7 +771,8 @@ bool change_password(THD *thd, const char *host, const char *user,

+       thd->slave_thread)

+     combo->uses_identified_by_clause= false;

+     

+-  if (set_and_validate_user_attributes(thd, combo, what_to_set, true))

++  if (set_and_validate_user_attributes(thd, combo, what_to_set,

++                                       true, "SET PASSWORD"))

+   {

+     result= 1;

+     mysql_mutex_unlock(&acl_cache->lock);

+@@ -1389,7 +1403,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool if_not_exists)

+       result= TRUE;

+       continue;

+     }

+-    if (set_and_validate_user_attributes(thd, user_name, what_to_update, true))

++    if (set_and_validate_user_attributes(thd, user_name, what_to_update,

++                                         true, "CREATE USER"))

+     {

+       result= TRUE;

+       continue;

+@@ -1897,7 +1912,7 @@ bool mysql_alter_user(THD *thd, List <LEX_USER> &list, bool if_exists)

+       continue;

+     }

+     if (set_and_validate_user_attributes(thd, user_from, what_to_alter,

+-                                         is_privileged_user))

++                                         is_privileged_user, "ALTER USER"))

+     {

+       result= true;

+       continue;

@@ -1,7 +1,7 @@

 Summary:        MySQL.

 Name:           mysql

 Version:        5.7.20

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        GPLv2

 Group:          Applications/Databases

 Vendor:         VMware, Inc.

@@ -9,6 +9,7 @@ Distribution:   Photon

 Url:            http://www.mysql.com

 Source0:        https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-boost-%{version}.tar.gz

 %define         sha1 mysql-boost=1fcbaea0d75d71a8a868f518b5b0afaaa18c5cda

+Patch0:         Fix-CVE-2018-2696.patch

 BuildRequires:  cmake

 BuildRequires:  openssl-devel

@@ -27,6 +28,7 @@ Development headers for developing applications linking to maridb

 %prep

 %setup -q %{name}-boost-%{version}

+%patch0 -p1

 %build

 cmake . \

@@ -66,6 +68,8 @@ make test

 %{_libdir}/pkgconfig/mysqlclient.pc

 %changelog

+*   Thu Jan 25 2018 Divya Thaluru <dthaluru@vmware.com> 5.7.20-2

+-   Added patch for CVE-2018-2696

 *   Wed Oct 25 2017 Xiaolin Li <xiaolinl@vmware.com> 5.7.20-1

 -   Update to version 5.7.20

 *   Fri Oct 13 2017 Alexey Makhalov <amakhalov@vmware.com> 5.7.18-3