summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mysql-chain-certs.patch41
-rw-r--r--mysql-missing-string-code.patch14
-rw-r--r--mysql-plugin-bug.patch20
-rw-r--r--mysql.spec39
4 files changed, 101 insertions, 13 deletions
diff --git a/mysql-chain-certs.patch b/mysql-chain-certs.patch
new file mode 100644
index 0000000..3b20a28
--- /dev/null
+++ b/mysql-chain-certs.patch
@@ -0,0 +1,41 @@
+Fix things so that chains of certificates work in the server and client
+certificate files.
+
+This only really works for OpenSSL-based builds, as yassl is unable to read
+multiple certificates from a file. The patch below to yassl/src/ssl.cpp
+doesn't fix that, but just arranges that the viosslfactories.c patch won't
+have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
+Fedora builds, I'm not feeling motivated to try to fix yassl for this.
+
+See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
+
+
+diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c
+--- mysql-5.1.47.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400
++++ mysql-5.1.47/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400
+@@ -100,7 +100,7 @@
+ (long) ctx, cert_file, key_file));
+ if (cert_file)
+ {
+- if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
++ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
+ {
+ *error= SSL_INITERR_CERT;
+ DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
+diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
+--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400
++++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400
+@@ -1606,10 +1606,10 @@
+ }
+
+
+- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
++ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
+ {
+- // TDOD:
+- return SSL_SUCCESS;
++ // For the moment, treat like use_certificate_file
++ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
+ }
+
+
diff --git a/mysql-missing-string-code.patch b/mysql-missing-string-code.patch
new file mode 100644
index 0000000..d251f81
--- /dev/null
+++ b/mysql-missing-string-code.patch
@@ -0,0 +1,14 @@
+Crude workaround for bug #587170. There are probably better ways ...
+
+
+diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am
+--- mysql-5.1.47.orig/storage/federated/Makefile.am 2010-05-06 11:27:38.000000000 -0400
++++ mysql-5.1.47/storage/federated/Makefile.am 2010-06-04 14:57:36.000000000 -0400
+@@ -38,6 +38,7 @@
+ ha_federated_la_CXXFLAGS= $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
+ ha_federated_la_CFLAGS = $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
+ ha_federated_la_SOURCES = ha_federated.cc
++ha_federated_la_LIBADD = ../../mysys/string.o
+
+
+ EXTRA_LIBRARIES = libfederated.a
diff --git a/mysql-plugin-bug.patch b/mysql-plugin-bug.patch
index 856a9d4..cbbaf77 100644
--- a/mysql-plugin-bug.patch
+++ b/mysql-plugin-bug.patch
@@ -1,9 +1,21 @@
---- mysql-5.1.47/mysql-test/t/disabled.def.orig 2010-05-06 17:58:11.000000000 +0200
-+++ mysql-5.1.47/mysql-test/t/disabled.def 2010-05-21 07:12:00.270542964 +0200
-@@ -13,3 +13,6 @@
+The plugin_load test fails on PPC64 (maybe not always, but at least in the
+several tries I've made so far). It doesn't fail on x86, x86_64, or ppc,
+at least not in a similarly small number of tries. My best theory at the
+moment is that the test itself is wrong. Reported upstream at
+http://bugs.mysql.com/bug.php?id=42144
+
+For the moment, just disable this test.
+
+Also, disable the outfile_loaddata test, which as of 5.1.38 is giving
+platform-dependent results, with the "expected" results being arguably the
+wrong ones. This is upstream at http://bugs.mysql.com/bug.php?id=46895
+
+--- mysql-5.1.48/mysql-test/t/disabled.def.orig 2010-06-03 18:17:34.000000000 +0200
++++ mysql-5.1.48/mysql-test/t/disabled.def 2010-06-17 17:34:14.301366397 +0200
+@@ -12,3 +12,6 @@
+ kill : Bug#37780 2008-12-03 HHunger need some changes to be robust enough for pushbuild.
query_cache_28249 : Bug#43861 2009-03-25 main.query_cache_28249 fails sporadically
partition_innodb_plugin : Bug#53307 2010-04-30 VasilDimov valgrind warnings
- ps_3innodb : Bug#53309 2010-04-30 VasilDimov valgrind warnings
+#
+plugin_load : gives wrong answer on PPC64
+outfile_loaddata : gives different results on different platforms
diff --git a/mysql.spec b/mysql.spec
index ce59331..06b8729 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -1,5 +1,5 @@
Name: mysql
-Version: 5.1.47
+Version: 5.1.48
Release: 1%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
@@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch
Patch10: mysql-strmov.patch
Patch12: mysql-cve-2008-7247.patch
Patch13: mysql-expired-certs.patch
+Patch14: mysql-missing-string-code.patch
Patch15: mysql-lowercase-bug.patch
+Patch16: mysql-chain-certs.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -182,7 +184,9 @@ the MySQL sources.
%patch10 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
%patch15 -p1
+%patch16 -p1
libtoolize --force
@@ -243,11 +247,6 @@ export CFLAGS CXXFLAGS
--without-example-storage-engine \
--without-plugin-daemon_example \
--without-plugin-ftexample \
-%ifarch ppc64
-%if 0%{?fedora} <= 10
- --without-plugin-innodb_plugin \
-%endif
-%endif
--enable-local-infile \
--enable-largefile \
--enable-thread-safe-client \
@@ -386,15 +385,16 @@ echo -e "\nWARNING : This MySQL RPM is not an official Fedora build and it"
echo -e "overrides the official one. Don't file bugs on Fedora Project."
echo -e "Use dedicated forums http://forums.famillecollet.com/\n"
-%if %{?fedora}%{!?fedora:99} <= 10
+%if %{?fedora}%{!?fedora:99} <= 11
echo -e "WARNING : Fedora %{fedora} is now EOL :"
echo -e "You should consider upgrading to a supported release.\n"
%endif
%pre server
-/usr/sbin/useradd -M -o -r -d /var/lib/mysql -s /bin/bash \
- -c "MySQL Server" -u 27 mysql > /dev/null 2>&1 || :
+/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || :
+/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \
+ -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :
%post libs
/sbin/ldconfig
@@ -606,6 +606,27 @@ fi
%changelog
+* Thu Jun 17 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.48-1
+- sync with rawhide
+- Update to MySQL 5.1.48 Community Server GA
+
+* Fri Jun 4 2010 Tom Lane <tgl@redhat.com> 5.1.47-2
+- Add back "partition" storage engine
+Resolves: #597390
+- Fix broken "federated" storage engine plugin
+Related: #587170
+- Read all certificates in SSL certificate files, to support chained certs
+Related: #598656
+
+* Mon May 24 2010 Tom Lane <tgl@redhat.com> 5.1.47-1
+- Update to MySQL 5.1.47, for various fixes described at
+ http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
+ including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
+Resolves: #592862
+Resolves: #583717
+- Create mysql group explicitly in pre-server script, to ensure correct GID
+Related: #594155
+
* Fri May 21 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.47-1
- Update to MySQL 5.1.47 Community Server GA