update to mysql 5.1.48

4 files changed, 101 insertions, 13 deletions

diff --git a/mysql-chain-certs.patch b/mysql-chain-certs.patch
new file mode 100644
index 0000000..3b20a28
--- /dev/null
+++ b/mysql-chain-certs.patch
@@ -0,0 +1,41 @@
+Fix things so that chains of certificates work in the server and client
+certificate files.
+
+This only really works for OpenSSL-based builds, as yassl is unable to read
+multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
+doesn't fix that, but just arranges that the viosslfactories.c patch won't
+have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
+Fedora builds, I'm not feeling motivated to try to fix yassl for this.
+
+See RH bug #598656.  Filed upstream at http://bugs.mysql.com/bug.php?id=54158
+
+
+diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c
+--- mysql-5.1.47.orig/vio/viosslfactories.c	2010-05-06 11:28:07.000000000 -0400
++++ mysql-5.1.47/vio/viosslfactories.c	2010-05-26 23:23:46.000000000 -0400
+@@ -100,7 +100,7 @@
+ 		       (long) ctx, cert_file, key_file));
+   if (cert_file)
+   {
+-    if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
++    if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
+     {
+       *error= SSL_INITERR_CERT;
+       DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
+diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
+--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp	2010-05-06 11:24:26.000000000 -0400
++++ mysql-5.1.47/extra/yassl/src/ssl.cpp	2010-05-26 23:29:13.000000000 -0400
+@@ -1606,10 +1606,10 @@
+     }
+ 
+ 
+-    int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
++    int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
+     {
+-        // TDOD:
+-        return SSL_SUCCESS;
++        // For the moment, treat like use_certificate_file
++        return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
+     }
+ 
+ 
diff --git a/mysql-missing-string-code.patch b/mysql-missing-string-code.patch
new file mode 100644
index 0000000..d251f81
--- /dev/null
+++ b/mysql-missing-string-code.patch
@@ -0,0 +1,14 @@
+Crude workaround for bug #587170.  There are probably better ways ...
+
+
+diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am
+--- mysql-5.1.47.orig/storage/federated/Makefile.am	2010-05-06 11:27:38.000000000 -0400
++++ mysql-5.1.47/storage/federated/Makefile.am	2010-06-04 14:57:36.000000000 -0400
+@@ -38,6 +38,7 @@
+ ha_federated_la_CXXFLAGS=	$(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
+ ha_federated_la_CFLAGS =	$(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
+ ha_federated_la_SOURCES =	ha_federated.cc
++ha_federated_la_LIBADD = ../../mysys/string.o
+ 
+ 
+ EXTRA_LIBRARIES =	libfederated.a
diff --git a/mysql-plugin-bug.patch b/mysql-plugin-bug.patch
index 856a9d4..cbbaf77 100644
--- a/mysql-plugin-bug.patch
+++ b/mysql-plugin-bug.patch
@@ -1,9 +1,21 @@
---- mysql-5.1.47/mysql-test/t/disabled.def.orig	2010-05-06 17:58:11.000000000 +0200
-+++ mysql-5.1.47/mysql-test/t/disabled.def	2010-05-21 07:12:00.270542964 +0200
-@@ -13,3 +13,6 @@
+The plugin_load test fails on PPC64 (maybe not always, but at least in the
+several tries I've made so far).  It doesn't fail on x86, x86_64, or ppc,
+at least not in a similarly small number of tries.  My best theory at the
+moment is that the test itself is wrong.  Reported upstream at
+http://bugs.mysql.com/bug.php?id=42144
+
+For the moment, just disable this test.
+
+Also, disable the outfile_loaddata test, which as of 5.1.38 is giving
+platform-dependent results, with the "expected" results being arguably the
+wrong ones.  This is upstream at http://bugs.mysql.com/bug.php?id=46895
+
+--- mysql-5.1.48/mysql-test/t/disabled.def.orig	2010-06-03 18:17:34.000000000 +0200
++++ mysql-5.1.48/mysql-test/t/disabled.def	2010-06-17 17:34:14.301366397 +0200
+@@ -12,3 +12,6 @@
+ kill                     : Bug#37780 2008-12-03 HHunger need some changes to be robust enough for pushbuild.
  query_cache_28249        : Bug#43861 2009-03-25 main.query_cache_28249 fails sporadically
  partition_innodb_plugin  : Bug#53307 2010-04-30 VasilDimov valgrind warnings
- ps_3innodb               : Bug#53309 2010-04-30 VasilDimov valgrind warnings
 +#
 +plugin_load         : gives wrong answer on PPC64
 +outfile_loaddata    : gives different results on different platforms
diff --git a/mysql.spec b/mysql.spec
index ce59331..06b8729 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -1,5 +1,5 @@
 Name: mysql
-Version: 5.1.47
+Version: 5.1.48
 Release: 1%{?dist}
 Summary: MySQL client programs and shared libraries
 Group: Applications/Databases
@@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch
 Patch10: mysql-strmov.patch
 Patch12: mysql-cve-2008-7247.patch
 Patch13: mysql-expired-certs.patch
+Patch14: mysql-missing-string-code.patch
 Patch15: mysql-lowercase-bug.patch
+Patch16: mysql-chain-certs.patch
 
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -182,7 +184,9 @@ the MySQL sources.
 %patch10 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 %patch15 -p1
+%patch16 -p1
 
 
 libtoolize --force
@@ -243,11 +247,6 @@ export CFLAGS CXXFLAGS
 	--without-example-storage-engine \
 	--without-plugin-daemon_example \
 	--without-plugin-ftexample \
-%ifarch ppc64
-%if 0%{?fedora} <= 10
-	--without-plugin-innodb_plugin \
-%endif
-%endif
 	--enable-local-infile \
 	--enable-largefile \
 	--enable-thread-safe-client \
@@ -386,15 +385,16 @@ echo -e "\nWARNING : This MySQL RPM is not an official Fedora build and it"
 echo -e "overrides the official one. Don't file bugs on Fedora Project."
 echo -e "Use dedicated forums http://forums.famillecollet.com/\n"
 
-%if %{?fedora}%{!?fedora:99} <= 10
+%if %{?fedora}%{!?fedora:99} <= 11
 echo -e "WARNING : Fedora %{fedora} is now EOL :"
 echo -e "You should consider upgrading to a supported release.\n"
 %endif
 
 
 %pre server
-/usr/sbin/useradd -M -o -r -d /var/lib/mysql -s /bin/bash \
-	-c "MySQL Server" -u 27 mysql > /dev/null 2>&1 || :
+/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || :
+/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \
+	-c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :
 
 %post libs
 /sbin/ldconfig
@@ -606,6 +606,27 @@ fi
 
 
 %changelog
+* Thu Jun 17 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.48-1
+- sync with rawhide
+- Update to MySQL 5.1.48 Community Server GA
+
+* Fri Jun  4 2010 Tom Lane <tgl@redhat.com> 5.1.47-2
+- Add back "partition" storage engine
+Resolves: #597390
+- Fix broken "federated" storage engine plugin
+Related: #587170
+- Read all certificates in SSL certificate files, to support chained certs
+Related: #598656
+
+* Mon May 24 2010 Tom Lane <tgl@redhat.com> 5.1.47-1
+- Update to MySQL 5.1.47, for various fixes described at
+  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
+  including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
+Resolves: #592862
+Resolves: #583717
+- Create mysql group explicitly in pre-server script, to ensure correct GID
+Related: #594155
+
 * Fri May 21 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.47-1
 - Update to MySQL 5.1.47 Community Server GA