From cb1a1f67a6e82b3e29234be0546538ee5ce2cc2d Mon Sep 17 00:00:00 2001
From: root <jmrenouard@gmail.com>
Date: Tue, 15 Mar 2016 10:43:46 +0100
Subject: [PATCH 1/3] Update CVE database

---
 build/updateCVElist.pl | 17 +++++++++--------
 vulnerabilities.csv    |  3 +++
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl
index 4652a02..c122be9 100644
--- a/build/updateCVElist.pl
+++ b/build/updateCVElist.pl
@@ -40,17 +40,16 @@ $mech->add_handler("response_redirect" => sub { print '#'x80,"\nREDIRECT RESPONS
 my $url = 'http://cve.mitre.org/data/downloads/allitems.csv';
 my $resp;
 
-unless (-f 'cve.csv')
-{
-    $resp=$mech->get($url); 
-    $mech->save_content( "cve.csv" );
-}
+unlink ('cve.csv') if (-f 'cve.csv');
+
+$resp=$mech->get($url); 
+$mech->save_content( "cve.csv" );
 
 my $f=File::Util->new('readlimit' => 100000000, 'use_flock'=>'false');
 my(@lines) = $f->load_file('cve.csv', '--as-lines');
 my @versions;
 my $temp;
-unlink 'vulnerabilities.csv' if -f 'vulnerabilities.csv';
+unlink '../vulnerabilities.csv' if -f '../vulnerabilities.csv';
 foreach my $line (@lines) {
 	if ($line =~ /(mysql|mariadb)/i 
             and $line =~ /server/i
@@ -67,9 +66,11 @@ foreach my $line (@lines) {
             my @nb=split('\.', $vers);
             #print $vers."\n".Dumper @nb;
             #exit 0;
-            $f->write_file('file' => 'vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append');
+            $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append');
         }
 	}
 }
 
-exit(0);
\ No newline at end of file
+unlink ('cve.csv') if (-f 'cve.csv');
+
+exit(0);
diff --git a/vulnerabilities.csv b/vulnerabilities.csv
index 779855a..8b1c533 100644
--- a/vulnerabilities.csv
+++ b/vulnerabilities.csv
@@ -417,3 +417,6 @@
 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)";
 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)";
 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)";
+5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)";
+10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)";
+10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)";

From c0be38eb89b274fbacf319a9ae4463b8e5222634 Mon Sep 17 00:00:00 2001
From: root <jmrenouard@gmail.com>
Date: Wed, 16 Mar 2016 16:53:30 +0100
Subject: [PATCH 2/3] Query cache should be disabled #159

---
 mysqltuner.pl | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/mysqltuner.pl b/mysqltuner.pl
index cc4a152..631bae0 100755
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# mysqltuner.pl - Version 1.6.5
+# mysqltuner.pl - Version 1.6.6
 # High Performance MySQL Tuning Script
 # Copyright (C) 2006-2015 Major Hayden - major@mhtx.net
 #
@@ -51,7 +51,7 @@ use Data::Dumper;
 $Data::Dumper::Pair = " : ";
 
 # Set up a few variables for use in the script
-my $tunerversion = "1.6.5";
+my $tunerversion = "1.6.6";
 my ( @adjvars, @generalrec );
 
 # Set defaults
@@ -1884,6 +1884,15 @@ sub mysql_stats {
         push( @generalrec,
             "Upgrade MySQL to version 4+ to utilize query caching" );
     }
+    elsif (mysql_version_ge(5,6))
+    {
+      if ( $myvar{'query_cache_type'} ne "OFF" ) {
+        badprint "Query cache should be disabled by default due to mutex contention.";
+        push( @adjvars, "query_cache_type (=0)" );
+      } else {
+        goodprint "Query cache is disabled by default due to mutex contention.";
+      }
+    }
     elsif ( $myvar{'query_cache_size'} < 1 ) {
         badprint "Query cache is disabled";
         push( @adjvars, "query_cache_size (>= 8M)" );
@@ -3001,7 +3010,7 @@ __END__
 
 =head1 NAME
 
- MySQLTuner 1.6.5 - MySQL High Performance Tuning Script
+ MySQLTuner 1.6.6 - MySQL High Performance Tuning Script
 
 =head1 IMPORTANT USAGE GUIDELINES
 

From f3805a1eba4498a23cefad68e1aab4e018629d8d Mon Sep 17 00:00:00 2001
From: root <jmrenouard@gmail.com>
Date: Wed, 16 Mar 2016 18:40:44 +0100
Subject: [PATCH 3/3] Changing engine list after 5.5

---
 mysqltuner.pl | 37 ++++++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/mysqltuner.pl b/mysqltuner.pl
index 631bae0..e0012b7 100755
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@@ -1114,7 +1114,20 @@ sub check_storage_engines {
 "\n-------- Storage Engine Statistics -------------------------------------------";
 
     my $engines;
-    if ( mysql_version_ge( 5, 1, 5 ) ) {
+    if ( mysql_version_ge( 5, 5 ) ) {
+        my @engineresults = select_array
+"SELECT ENGINE,SUPPORT FROM information_schema.ENGINES ORDER BY ENGINE ASC";
+        foreach my $line (@engineresults) {
+            my ( $engine, $engineenabled );
+            ( $engine, $engineenabled ) = $line =~ /([a-zA-Z_]*)\s+([a-zA-Z]+)/;
+            $result{'Engine'}{$engine}{'Enabled'} = $engineenabled;
+            $engines .=
+              ( $engineenabled eq "YES" || $engineenabled eq "DEFAULT" )
+              ? greenwrap "+" . $engine . " "
+              : redwrap "-" . $engine . " ";
+        }
+    }
+    elsif ( mysql_version_ge( 5, 1, 5 ) ) {
         my @engineresults = select_array
 "SELECT ENGINE,SUPPORT FROM information_schema.ENGINES WHERE ENGINE NOT IN ('performance_schema','MyISAM','MERGE','MEMORY') ORDER BY ENGINE ASC";
         foreach my $line (@engineresults) {
@@ -1149,10 +1162,6 @@ sub check_storage_engines {
           ( defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES" )
           ? greenwrap "+ISAM "
           : redwrap "-ISAM ";
-        $engines .=
-          ( defined $myvar{'have_aria'} && $myvar{'have_aria'} eq "YES" )
-          ? greenwrap "+Aria "
-          : redwrap "-Aria ";
         $engines .=
           ( defined $myvar{'have_ndbcluster'}
               && $myvar{'have_ndbcluster'} eq "YES" )
@@ -2347,6 +2356,19 @@ sub mariadb_threadpool {
     infoprint "ThreadPool stat is enabled.";
 }
 
+# Recommendations for Performance Schema
+sub mysqsl_pfs {
+    prettyprint
+"\n-------- Performance schema --------------------------------------------------";
+
+    # Performance Schema
+     unless ( defined($myvar{'performance_schema'}) and $myvar{'performance_schema'} eq 'ON' ) {
+      infoprint "Performance schema is disabled.";
+     }
+    
+    infoprint "Performance schema is enabled.";
+}
+
 # Recommendations for Ariadb
 sub mariadb_ariadb {
     prettyprint
@@ -2986,10 +3008,11 @@ security_recommendations;    # Display some security recommendations
 cve_recommendations;         # Display related CVE
 calculations;                # Calculate everything we need
 mysql_stats;                 # Print the server stats
-mysql_myisam;                # Print MyISAM stats
-mysql_innodb;                # Print InnoDB stats
+mysqsl_pfs                   # Print Performance schema info
 mariadb_threadpool;          # Print MaraiDB ThreadPool stats
+mysql_myisam;                # Print MyISAM stats
 mariadb_ariadb;              # Print MaraiDB AriaDB stats
+mysql_innodb;                # Print InnoDB stats
 mariadb_tokudb;              # Print MaraiDB TokuDB stats
 mariadb_galera;              # Print MaraiDB Galera Cluster stats
 get_replication_status;      # Print replication info