From 60c6254ac8ade7888e3b83208bea9097c1abf01f Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sat, 8 Dec 2012 10:25:10 +0100
Subject: MySQL 5.5.28: sync with rawhide, rebuild for security, use
 with_systemd and with_dtrace macro instead of version test

---
 mysql-cipherspec.patch      |  60 ++++++++++-----------
 mysql-cve-2012-5611.patch   |  81 +++++++++++++++++++++++++++++
 mysql-dh1024.patch          |  63 ++++++++++++++++++++++
 mysql-dubious-exports.patch | 124 ++++++++++++++++++++++----------------------
 mysql-errno.patch           |   8 +--
 mysql-plugin-bool.patch     |  40 +++++++-------
 mysql-readline.patch        |  20 -------
 mysql-s390-tsc.patch        |  18 +++----
 mysql-stack-guard.patch     |  12 ++---
 mysql-string-overflow.patch |  26 +++++-----
 mysql-strmov.patch          |   8 +--
 mysql-va-list.patch         |  14 ++---
 mysql-versioning.patch      |   8 +--
 mysql55.spec                |  64 ++++++++++++++++-------
 14 files changed, 347 insertions(+), 199 deletions(-)
 create mode 100644 mysql-cve-2012-5611.patch
 create mode 100644 mysql-dh1024.patch
 delete mode 100644 mysql-readline.patch

diff --git a/mysql-cipherspec.patch b/mysql-cipherspec.patch
index 18b8fee..5210055 100644
--- a/mysql-cipherspec.patch
+++ b/mysql-cipherspec.patch
@@ -4,10 +4,10 @@ This patch enhances connect command by an option to specify a cipher
 and tests are adjusted to specify the expected cipher explicitly.
 Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
 
-diff -Naur mysql-5.5.27.orig/client/mysqltest.cc mysql-5.5.27/client/mysqltest.cc
---- mysql-5.5.27.orig/client/mysqltest.cc	2012-07-20 13:38:02.000000000 -0400
-+++ mysql-5.5.27/client/mysqltest.cc	2012-08-05 01:01:21.502130550 -0400
-@@ -5458,6 +5458,7 @@
+diff -up mysql-5.5.28/client/mysqltest.cc.p18 mysql-5.5.28/client/mysqltest.cc
+--- mysql-5.5.28/client/mysqltest.cc.p18	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/client/mysqltest.cc	2012-12-06 14:25:46.370001422 +0100
+@@ -5458,6 +5458,7 @@ void do_connect(struct st_command *comma
    my_bool con_ssl= 0, con_compress= 0;
    my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0;
    struct st_connection* con_slot;
@@ -15,7 +15,7 @@ diff -Naur mysql-5.5.27.orig/client/mysqltest.cc mysql-5.5.27/client/mysqltest.c
  
    static DYNAMIC_STRING ds_connection_name;
    static DYNAMIC_STRING ds_host;
-@@ -5548,6 +5549,8 @@
+@@ -5548,6 +5549,8 @@ void do_connect(struct st_command *comma
        con_shm= 1;
      else if (!strncmp(con_options, "CLEARTEXT", 9))
        con_cleartext_enable= 1;
@@ -24,7 +24,7 @@ diff -Naur mysql-5.5.27.orig/client/mysqltest.cc mysql-5.5.27/client/mysqltest.c
      else
        die("Illegal option to connect: %.*s", 
            (int) (end - con_options), con_options);
-@@ -5595,8 +5598,11 @@
+@@ -5595,8 +5598,11 @@ void do_connect(struct st_command *comma
    if (con_ssl)
    {
  #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
@@ -37,10 +37,10 @@ diff -Naur mysql-5.5.27.orig/client/mysqltest.cc mysql-5.5.27/client/mysqltest.c
  #if MYSQL_VERSION_ID >= 50000
      /* Turn on ssl_verify_server_cert only if host is "localhost" */
      opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
-diff -Naur mysql-5.5.27.orig/mysql-test/t/openssl_1.test mysql-5.5.27/mysql-test/t/openssl_1.test
---- mysql-5.5.27.orig/mysql-test/t/openssl_1.test	2012-07-20 13:38:03.000000000 -0400
-+++ mysql-5.5.27/mysql-test/t/openssl_1.test	2012-08-05 01:00:27.798822919 -0400
-@@ -20,13 +20,13 @@
+diff -up mysql-5.5.28/mysql-test/t/openssl_1.test.p18 mysql-5.5.28/mysql-test/t/openssl_1.test
+--- mysql-5.5.28/mysql-test/t/openssl_1.test.p18	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/t/openssl_1.test	2012-12-06 14:25:46.371001424 +0100
+@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@loca
  grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
  flush privileges;
  
@@ -59,7 +59,7 @@ diff -Naur mysql-5.5.27.orig/mysql-test/t/openssl_1.test mysql-5.5.27/mysql-test
  
  connection con1;
  # Check ssl turned on
-@@ -119,7 +119,7 @@
+@@ -125,7 +125,7 @@ drop table t1;
  # verification of servers certificate by setting both ca certificate
  # and ca path to NULL
  #
@@ -68,7 +68,7 @@ diff -Naur mysql-5.5.27.orig/mysql-test/t/openssl_1.test mysql-5.5.27/mysql-test
  --echo End of 5.0 tests
  
  #
-@@ -244,7 +244,7 @@
+@@ -250,7 +250,7 @@ select 'is still running; no cipher requ
  
  GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
  FLUSH PRIVILEGES;
@@ -77,21 +77,9 @@ diff -Naur mysql-5.5.27.orig/mysql-test/t/openssl_1.test mysql-5.5.27/mysql-test
  SHOW STATUS LIKE 'Ssl_cipher';
  disconnect con1;
  connection default;
-diff -Naur mysql-5.5.27.orig/mysql-test/t/ssl.test mysql-5.5.27/mysql-test/t/ssl.test
---- mysql-5.5.27.orig/mysql-test/t/ssl.test	2012-07-20 13:38:03.000000000 -0400
-+++ mysql-5.5.27/mysql-test/t/ssl.test	2012-08-05 01:00:27.800822919 -0400
-@@ -6,7 +6,7 @@
- # Save the initial number of concurrent sessions
- --source include/count_sessions.inc
- 
--connect (ssl_con,localhost,root,,,,,SSL);
-+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
- 
- # Check ssl turned on
- SHOW STATUS LIKE 'Ssl_cipher';
-diff -Naur mysql-5.5.27.orig/mysql-test/t/ssl_8k_key.test mysql-5.5.27/mysql-test/t/ssl_8k_key.test
---- mysql-5.5.27.orig/mysql-test/t/ssl_8k_key.test	2012-07-20 13:38:03.000000000 -0400
-+++ mysql-5.5.27/mysql-test/t/ssl_8k_key.test	2012-08-05 01:00:27.799822918 -0400
+diff -up mysql-5.5.28/mysql-test/t/ssl_8k_key.test.p18 mysql-5.5.28/mysql-test/t/ssl_8k_key.test
+--- mysql-5.5.28/mysql-test/t/ssl_8k_key.test.p18	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/t/ssl_8k_key.test	2012-12-06 14:25:46.371001424 +0100
 @@ -2,7 +2,7 @@
  #
  # Bug#29784 YaSSL assertion failure when reading 8k key.
@@ -101,9 +89,9 @@ diff -Naur mysql-5.5.27.orig/mysql-test/t/ssl_8k_key.test mysql-5.5.27/mysql-tes
  
  ##  This test file is for testing encrypted communication only, not other
  ##  encryption routines that the SSL library happens to provide!
-diff -Naur mysql-5.5.27.orig/mysql-test/t/ssl_compress.test mysql-5.5.27/mysql-test/t/ssl_compress.test
---- mysql-5.5.27.orig/mysql-test/t/ssl_compress.test	2012-07-20 13:38:03.000000000 -0400
-+++ mysql-5.5.27/mysql-test/t/ssl_compress.test	2012-08-05 01:00:27.799822918 -0400
+diff -up mysql-5.5.28/mysql-test/t/ssl_compress.test.p18 mysql-5.5.28/mysql-test/t/ssl_compress.test
+--- mysql-5.5.28/mysql-test/t/ssl_compress.test.p18	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/t/ssl_compress.test	2012-12-06 14:25:46.371001424 +0100
 @@ -7,7 +7,7 @@
  # Save the initial number of concurrent sessions
  --source include/count_sessions.inc
@@ -113,3 +101,15 @@ diff -Naur mysql-5.5.27.orig/mysql-test/t/ssl_compress.test mysql-5.5.27/mysql-t
  
  # Check ssl turned on
  SHOW STATUS LIKE 'Ssl_cipher';
+diff -up mysql-5.5.28/mysql-test/t/ssl.test.p18 mysql-5.5.28/mysql-test/t/ssl.test
+--- mysql-5.5.28/mysql-test/t/ssl.test.p18	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/t/ssl.test	2012-12-06 14:25:46.371001424 +0100
+@@ -6,7 +6,7 @@
+ # Save the initial number of concurrent sessions
+ --source include/count_sessions.inc
+ 
+-connect (ssl_con,localhost,root,,,,,SSL);
++connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+ 
+ # Check ssl turned on
+ SHOW STATUS LIKE 'Ssl_cipher';
diff --git a/mysql-cve-2012-5611.patch b/mysql-cve-2012-5611.patch
new file mode 100644
index 0000000..45f414b
--- /dev/null
+++ b/mysql-cve-2012-5611.patch
@@ -0,0 +1,81 @@
+Back-ported patch for CVE-2012-5611 --- see
+http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.17
+
+
+diff -Naur mysql-5.5.28.orig/mysql-test/r/information_schema.result mysql-5.5.28/mysql-test/r/information_schema.result
+--- mysql-5.5.28.orig/mysql-test/r/information_schema.result	2012-08-29 04:50:47.000000000 -0400
++++ mysql-5.5.28/mysql-test/r/information_schema.result	2012-12-05 10:33:56.906738492 -0500
+@@ -1712,6 +1712,10 @@
+ length(CAST(b AS CHAR))
+ 20
+ DROP TABLE ubig;
++grant usage on *.* to mysqltest_1@localhost;
++select 1 from information_schema.tables where table_schema=repeat('a', 2000);
++1
++drop user mysqltest_1@localhost;
+ End of 5.1 tests.
+ #
+ # Additional test for WL#3726 "DDL locking for all metadata objects"
+diff -Naur mysql-5.5.28.orig/mysql-test/t/information_schema.test mysql-5.5.28/mysql-test/t/information_schema.test
+--- mysql-5.5.28.orig/mysql-test/t/information_schema.test	2012-08-29 04:50:47.000000000 -0400
++++ mysql-5.5.28/mysql-test/t/information_schema.test	2012-12-05 10:33:56.908738590 -0500
+@@ -1444,6 +1444,13 @@
+ 
+ DROP TABLE ubig;
+ 
++grant usage on *.* to mysqltest_1@localhost;
++connect (con1, localhost, mysqltest_1,,);
++connection con1;
++select 1 from information_schema.tables where table_schema=repeat('a', 2000);
++connection default;
++disconnect con1;
++drop user mysqltest_1@localhost;
+ 
+ --echo End of 5.1 tests.
+ 
+diff -Naur mysql-5.5.28.orig/sql/sql_acl.cc mysql-5.5.28/sql/sql_acl.cc
+--- mysql-5.5.28.orig/sql/sql_acl.cc	2012-08-29 04:50:46.000000000 -0400
++++ mysql-5.5.28/sql/sql_acl.cc	2012-12-05 10:35:47.608766346 -0500
+@@ -1573,14 +1573,20 @@
+   acl_entry *entry;
+   DBUG_ENTER("acl_get");
+ 
+-  mysql_mutex_lock(&acl_cache->lock);
+-  end=strmov((tmp_db=strmov(strmov(key, ip ? ip : "")+1,user)+1),db);
++  tmp_db= strmov(strmov(key, ip ? ip : "") + 1, user) + 1;
++  end= strnmov(tmp_db, db, key + sizeof(key) - tmp_db);
++
++  if (end >= key + sizeof(key)) // db name was truncated
++    DBUG_RETURN(0);             // no privileges for an invalid db name
++
+   if (lower_case_table_names)
+   {
+     my_casedn_str(files_charset_info, tmp_db);
+     db=tmp_db;
+   }
+   key_length= (size_t) (end-key);
++
++  mysql_mutex_lock(&acl_cache->lock);
+   if (!db_is_pattern && (entry=(acl_entry*) acl_cache->search((uchar*) key,
+                                                               key_length)))
+   {
+@@ -4902,11 +4908,17 @@
+ bool check_grant_db(THD *thd,const char *db)
+ {
+   Security_context *sctx= thd->security_ctx;
+-  char helping [NAME_LEN+USERNAME_LENGTH+2];
++  char helping [NAME_LEN+USERNAME_LENGTH+2], *end;
+   uint len;
+   bool error= TRUE;
+ 
+-  len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1;
++  end= strmov(helping, sctx->priv_user) + 1;
++  end= strnmov(end, db, helping + sizeof(helping) - end);
++
++  if (end >= helping + sizeof(helping)) // db name was truncated
++    return 1;                           // no privileges for an invalid db name
++
++  len= (uint) (end - helping) + 1;
+ 
+   mysql_rwlock_rdlock(&LOCK_grant);
+ 
diff --git a/mysql-dh1024.patch b/mysql-dh1024.patch
new file mode 100644
index 0000000..620ee0b
--- /dev/null
+++ b/mysql-dh1024.patch
@@ -0,0 +1,63 @@
+Change the DH key length from 512 to 1024 bits to meet minimum requirements
+of FIPS 140-2.  (In principle we could use the larger size only when FIPS
+mode is on, but it doesn't seem worth the trouble.)
+
+The new parameter value was generated using "openssl dhparam -C 1024".
+
+
+diff -Naur mysql-5.5.28.orig/vio/viosslfactories.c mysql-5.5.28/vio/viosslfactories.c
+--- mysql-5.5.28.orig/vio/viosslfactories.c	2012-08-29 04:50:46.000000000 -0400
++++ mysql-5.5.28/vio/viosslfactories.c	2012-11-15 11:19:38.575701435 -0500
+@@ -20,27 +20,32 @@
+ static my_bool     ssl_algorithms_added    = FALSE;
+ static my_bool     ssl_error_strings_loaded= FALSE;
+ 
+-static unsigned char dh512_p[]=
++static unsigned char dh1024_p[]=
+ {
+-  0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+-  0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+-  0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+-  0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+-  0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+-  0x47,0x74,0xE8,0x33,
++  0xBF,0x5C,0xFA,0xD1,0xDD,0xBB,0xB3,0x0A,0x58,0x29,0x05,0xF5,
++  0x7D,0x64,0xB2,0xE1,0xCE,0xE8,0xE0,0xE1,0x7A,0xB6,0xBC,0x5B,
++  0x21,0x56,0xDF,0x2C,0x82,0x60,0xDC,0x31,0xCA,0x1E,0x02,0xFE,
++  0xC4,0xE7,0x24,0x63,0x31,0xE4,0x67,0x1C,0x0B,0xFF,0x86,0x12,
++  0x0D,0x2E,0xE6,0x35,0x0A,0x07,0x4F,0xE7,0x3F,0xDE,0xFE,0xF0,
++  0x13,0x1C,0xA2,0x2B,0xF4,0xEE,0x2C,0x90,0x10,0x57,0x6B,0x2B,
++  0xB9,0x1E,0x1B,0x47,0xB0,0x25,0xBF,0x45,0x86,0xDA,0x87,0x35,
++  0x2C,0xF5,0x6A,0x41,0xA2,0x57,0xD8,0x16,0x5E,0x82,0x91,0x99,
++  0x33,0xA0,0x8B,0x9D,0x34,0xCE,0x03,0x01,0x80,0x32,0x07,0x3B,
++  0xF2,0x93,0xFC,0x3A,0x25,0xEC,0xB3,0xED,0x5C,0x4E,0x57,0xF2,
++  0x3C,0x2E,0x0D,0xB1,0x59,0xA2,0x08,0x93,
+ };
+ 
+-static unsigned char dh512_g[]={
++static unsigned char dh1024_g[]={
+   0x02,
+ };
+ 
+-static DH *get_dh512(void)
++static DH *get_dh1024(void)
+ {
+   DH *dh;
+   if ((dh=DH_new()))
+   {
+-    dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+-    dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++    dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++    dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+     if (! dh->p || ! dh->g)
+     {
+       DH_free(dh);
+@@ -255,7 +260,7 @@
+   }
+ 
+   /* DH stuff */
+-  dh=get_dh512();
++  dh=get_dh1024();
+   SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
+   DH_free(dh);
+ 
diff --git a/mysql-dubious-exports.patch b/mysql-dubious-exports.patch
index 0ccb412..4a88d1d 100644
--- a/mysql-dubious-exports.patch
+++ b/mysql-dubious-exports.patch
@@ -9,10 +9,10 @@ It doesn't seem worth trying to get rid of all the internal symbols exposed
 by mysql.h, but these two are relatively easy to get rid of.
 
 
-diff -Naur mysql-5.5.14.orig/client/mysqladmin.cc mysql-5.5.14/client/mysqladmin.cc
---- mysql-5.5.14.orig/client/mysqladmin.cc	2011-06-21 12:42:41.000000000 -0400
-+++ mysql-5.5.14/client/mysqladmin.cc	2011-07-12 12:19:59.578066771 -0400
-@@ -20,6 +20,7 @@
+diff -up mysql-5.5.28/client/mysqladmin.cc.p8 mysql-5.5.28/client/mysqladmin.cc
+--- mysql-5.5.28/client/mysqladmin.cc.p8	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/client/mysqladmin.cc	2012-12-06 14:16:14.598520859 +0100
+@@ -21,6 +21,7 @@
  #include <my_pthread.h>				/* because of signal()	*/
  #include <sys/stat.h>
  #include <mysql.h>
@@ -20,7 +20,7 @@ diff -Naur mysql-5.5.14.orig/client/mysqladmin.cc mysql-5.5.14/client/mysqladmin
  #include <sql_common.h>
  #include <welcome_copyright_notice.h>           /* ORACLE_WELCOME_COPYRIGHT_NOTICE */
  
-@@ -975,9 +976,9 @@
+@@ -989,9 +990,9 @@ static int execute_commands(MYSQL *mysql
            }
          }
          if (old)
@@ -32,10 +32,10 @@ diff -Naur mysql-5.5.14.orig/client/mysqladmin.cc mysql-5.5.14/client/mysqladmin
        }
        else
  	crypted_pw[0]=0;			/* No password */
-diff -Naur mysql-5.5.14.orig/include/errmsg.h mysql-5.5.14/include/errmsg.h
---- mysql-5.5.14.orig/include/errmsg.h	2011-06-21 12:42:39.000000000 -0400
-+++ mysql-5.5.14/include/errmsg.h	2011-07-12 11:55:29.194204015 -0400
-@@ -24,6 +24,7 @@
+diff -up mysql-5.5.28/include/errmsg.h.p8 mysql-5.5.28/include/errmsg.h
+--- mysql-5.5.28/include/errmsg.h.p8	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/errmsg.h	2012-12-06 14:16:14.598520859 +0100
+@@ -24,6 +24,7 @@ extern "C" {
  #endif
  void	init_client_errs(void);
  void	finish_client_errs(void);
@@ -43,31 +43,36 @@ diff -Naur mysql-5.5.14.orig/include/errmsg.h mysql-5.5.14/include/errmsg.h
  extern const char *client_errors[];	/* Error messages */
  #ifdef	__cplusplus
  }
-diff -Naur mysql-5.5.14.orig/include/my_sys.h mysql-5.5.14/include/my_sys.h
---- mysql-5.5.14.orig/include/my_sys.h	2011-06-21 12:42:39.000000000 -0400
-+++ mysql-5.5.14/include/my_sys.h	2011-07-12 11:55:29.195231427 -0400
-@@ -223,6 +223,7 @@
+diff -up mysql-5.5.28/include/mysql_com.h.p8 mysql-5.5.28/include/mysql_com.h
+--- mysql-5.5.28/include/mysql_com.h.p8	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/mysql_com.h	2012-12-06 14:16:14.599520860 +0100
+@@ -452,6 +452,7 @@ my_bool	my_net_init(NET *net, Vio* vio);
+ void	my_net_local_init(NET *net);
+ void	net_end(NET *net);
+   void	net_clear(NET *net, my_bool clear_buffer);
++#define net_realloc mysql_net_realloc		/* namespace sanity */
+ my_bool net_realloc(NET *net, size_t length);
+ my_bool	net_flush(NET *net);
+ my_bool	my_net_write(NET *net,const unsigned char *packet, size_t len);
+@@ -533,14 +534,12 @@ double my_rnd(struct rand_struct *);
+ void create_random_string(char *to, unsigned int length, struct rand_struct *rand_st);
  
- /* charsets */
- #define MY_ALL_CHARSETS_SIZE 2048
-+#define default_charset_info mysql_default_charset_info	/* namespace sanity */
- extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *default_charset_info;
- extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *all_charsets[MY_ALL_CHARSETS_SIZE];
- extern CHARSET_INFO compiled_charsets[];
-@@ -900,6 +901,9 @@
- extern uint get_collation_number(const char *name);
- extern const char *get_charset_name(uint cs_number);
+ void hash_password(unsigned long *to, const char *password, unsigned int password_len);
+-void make_scrambled_password_323(char *to, const char *password);
+ void scramble_323(char *to, const char *message, const char *password);
+ my_bool check_scramble_323(const unsigned char *reply, const char *message,
+                            unsigned long *salt);
+ void get_salt_from_password_323(unsigned long *res, const char *password);
+ void make_password_from_salt_323(char *to, const unsigned long *salt);
  
-+#define get_charset mysql_get_charset		/* namespace sanity */
-+#define get_charset_by_csname mysql_get_charset_by_csname
-+
- extern CHARSET_INFO *get_charset(uint cs_number, myf flags);
- extern CHARSET_INFO *get_charset_by_name(const char *cs_name, myf flags);
- extern CHARSET_INFO *get_charset_by_csname(const char *cs_name,
-diff -Naur mysql-5.5.14.orig/include/mysql.h.pp mysql-5.5.14/include/mysql.h.pp
---- mysql-5.5.14.orig/include/mysql.h.pp	2011-06-21 12:42:39.000000000 -0400
-+++ mysql-5.5.14/include/mysql.h.pp	2011-07-12 11:58:43.662068564 -0400
-@@ -86,7 +86,7 @@
+-void make_scrambled_password(char *to, const char *password);
+ void scramble(char *to, const char *message, const char *password);
+ my_bool check_scramble(const unsigned char *reply, const char *message,
+                        const unsigned char *hash_stage2);
+diff -up mysql-5.5.28/include/mysql.h.pp.p8 mysql-5.5.28/include/mysql.h.pp
+--- mysql-5.5.28/include/mysql.h.pp.p8	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/mysql.h.pp	2012-12-06 14:16:14.598520859 +0100
+@@ -86,7 +86,7 @@ my_bool my_net_init(NET *net, Vio* vio);
  void my_net_local_init(NET *net);
  void net_end(NET *net);
    void net_clear(NET *net, my_bool clear_buffer);
@@ -76,7 +81,7 @@ diff -Naur mysql-5.5.14.orig/include/mysql.h.pp mysql-5.5.14/include/mysql.h.pp
  my_bool net_flush(NET *net);
  my_bool my_net_write(NET *net,const unsigned char *packet, size_t len);
  my_bool net_write_command(NET *net,unsigned char command,
-@@ -128,13 +128,11 @@
+@@ -128,13 +128,11 @@ void randominit(struct rand_struct *, un
  double my_rnd(struct rand_struct *);
  void create_random_string(char *to, unsigned int length, struct rand_struct *rand_st);
  void hash_password(unsigned long *to, const char *password, unsigned int password_len);
@@ -90,36 +95,31 @@ diff -Naur mysql-5.5.14.orig/include/mysql.h.pp mysql-5.5.14/include/mysql.h.pp
  void scramble(char *to, const char *message, const char *password);
  my_bool check_scramble(const unsigned char *reply, const char *message,
                         const unsigned char *hash_stage2);
-diff -Naur mysql-5.5.14.orig/include/mysql_com.h mysql-5.5.14/include/mysql_com.h
---- mysql-5.5.14.orig/include/mysql_com.h	2011-06-21 12:42:39.000000000 -0400
-+++ mysql-5.5.14/include/mysql_com.h	2011-07-12 11:58:52.166065391 -0400
-@@ -452,6 +452,7 @@
- void	my_net_local_init(NET *net);
- void	net_end(NET *net);
-   void	net_clear(NET *net, my_bool clear_buffer);
-+#define net_realloc mysql_net_realloc		/* namespace sanity */
- my_bool net_realloc(NET *net, size_t length);
- my_bool	net_flush(NET *net);
- my_bool	my_net_write(NET *net,const unsigned char *packet, size_t len);
-@@ -533,14 +534,12 @@
- void create_random_string(char *to, unsigned int length, struct rand_struct *rand_st);
+diff -up mysql-5.5.28/include/my_sys.h.p8 mysql-5.5.28/include/my_sys.h
+--- mysql-5.5.28/include/my_sys.h.p8	2012-12-06 14:09:15.218170154 +0100
++++ mysql-5.5.28/include/my_sys.h	2012-12-06 14:16:14.598520859 +0100
+@@ -218,6 +218,7 @@ extern uint    my_large_page_size;
  
- void hash_password(unsigned long *to, const char *password, unsigned int password_len);
--void make_scrambled_password_323(char *to, const char *password);
- void scramble_323(char *to, const char *message, const char *password);
- my_bool check_scramble_323(const unsigned char *reply, const char *message,
-                            unsigned long *salt);
- void get_salt_from_password_323(unsigned long *res, const char *password);
- void make_password_from_salt_323(char *to, const unsigned long *salt);
+ /* charsets */
+ #define MY_ALL_CHARSETS_SIZE 2048
++#define default_charset_info mysql_default_charset_info	/* namespace sanity */
+ extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *default_charset_info;
+ extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *all_charsets[MY_ALL_CHARSETS_SIZE];
+ extern CHARSET_INFO compiled_charsets[];
+@@ -895,6 +896,9 @@ extern uint get_charset_number(const cha
+ extern uint get_collation_number(const char *name);
+ extern const char *get_charset_name(uint cs_number);
  
--void make_scrambled_password(char *to, const char *password);
- void scramble(char *to, const char *message, const char *password);
- my_bool check_scramble(const unsigned char *reply, const char *message,
-                        const unsigned char *hash_stage2);
-diff -Naur mysql-5.5.14.orig/sql/password.c mysql-5.5.14/sql/password.c
---- mysql-5.5.14.orig/sql/password.c	2011-06-21 12:42:40.000000000 -0400
-+++ mysql-5.5.14/sql/password.c	2011-07-12 11:59:29.194068612 -0400
-@@ -154,23 +154,6 @@
++#define get_charset mysql_get_charset		/* namespace sanity */
++#define get_charset_by_csname mysql_get_charset_by_csname
++
+ extern CHARSET_INFO *get_charset(uint cs_number, myf flags);
+ extern CHARSET_INFO *get_charset_by_name(const char *cs_name, myf flags);
+ extern CHARSET_INFO *get_charset_by_csname(const char *cs_name,
+diff -up mysql-5.5.28/sql/password.c.p8 mysql-5.5.28/sql/password.c
+--- mysql-5.5.28/sql/password.c.p8	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql/password.c	2012-12-06 14:16:14.599520860 +0100
+@@ -155,23 +155,6 @@ void my_make_scrambled_password_323(char
  
  
  /*
@@ -143,7 +143,7 @@ diff -Naur mysql-5.5.14.orig/sql/password.c mysql-5.5.14/sql/password.c
      Scramble string with password.
      Used in pre 4.1 authentication phase.
    SYNOPSIS
-@@ -433,23 +416,6 @@
+@@ -434,23 +417,6 @@ void my_make_scrambled_password(char *to
    
  
  /*
diff --git a/mysql-errno.patch b/mysql-errno.patch
index 93e61de..ce9d7a1 100644
--- a/mysql-errno.patch
+++ b/mysql-errno.patch
@@ -1,10 +1,10 @@
 "extern int errno" is just a really bad idea.
 
 
-diff -Naur mysql-5.5.8.orig/include/my_sys.h mysql-5.5.8/include/my_sys.h
---- mysql-5.5.8.orig/include/my_sys.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/my_sys.h	2010-12-20 21:20:12.622190325 -0500
-@@ -201,13 +201,8 @@
+diff -up mysql-5.5.28/include/my_sys.h.p1 mysql-5.5.28/include/my_sys.h
+--- mysql-5.5.28/include/my_sys.h.p1	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/my_sys.h	2012-12-06 14:09:15.218170154 +0100
+@@ -197,13 +197,8 @@ extern void my_large_free(uchar *ptr);
  #define my_afree(PTR) my_free(PTR)
  #endif /* HAVE_ALLOCA */
  
diff --git a/mysql-plugin-bool.patch b/mysql-plugin-bool.patch
index a8458f4..abea580 100644
--- a/mysql-plugin-bool.patch
+++ b/mysql-plugin-bool.patch
@@ -4,22 +4,10 @@ machines where char is unsigned print "255" instead.  Filed upstream at
 http://bugs.mysql.com/bug.php?id=59905
 
 
-diff -Naur mysql-5.5.8.orig/sql/sql_plugin.cc mysql-5.5.8/sql/sql_plugin.cc
---- mysql-5.5.8.orig/sql/sql_plugin.cc	2010-12-03 12:58:26.000000000 -0500
-+++ mysql-5.5.8/sql/sql_plugin.cc	2011-02-01 20:34:10.218305349 -0500
-@@ -2024,7 +2024,7 @@
-       goto err;
-     result= (int) tmp;
-   }
--  *(my_bool *) save= -result;
-+  *(my_bool *) save= result ? true : false;
-   return 0;
- err:
-   return 1;
-diff -Naur mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result mysql-5.5.8/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result
---- mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result	2010-12-03 12:58:25.000000000 -0500
-+++ mysql-5.5.8/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result	2011-02-01 21:53:20.006302245 -0500
-@@ -45,7 +45,7 @@
+diff -up mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result.p10 mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result
+--- mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result.p10	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_basic.result	2012-12-06 14:20:53.078755855 +0100
+@@ -45,7 +45,7 @@ set session rpl_semi_sync_master_enabled
  ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL
  select @@global.rpl_semi_sync_master_enabled;
  @@global.rpl_semi_sync_master_enabled
@@ -28,10 +16,10 @@ diff -Naur mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_ena
  select @@session.rpl_semi_sync_master_enabled;
  ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable
  show global variables like 'rpl_semi_sync_master_enabled';
-diff -Naur mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result mysql-5.5.8/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result
---- mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result	2010-12-03 12:58:26.000000000 -0500
-+++ mysql-5.5.8/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result	2011-02-01 21:53:59.689249491 -0500
-@@ -45,7 +45,7 @@
+diff -up mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result.p10 mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result
+--- mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result.p10	2012-08-29 10:50:47.000000000 +0200
++++ mysql-5.5.28/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_basic.result	2012-12-06 14:20:53.078755855 +0100
+@@ -45,7 +45,7 @@ set session rpl_semi_sync_slave_enabled=
  ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL
  select @@global.rpl_semi_sync_slave_enabled;
  @@global.rpl_semi_sync_slave_enabled
@@ -40,3 +28,15 @@ diff -Naur mysql-5.5.8.orig/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enab
  select @@session.rpl_semi_sync_slave_enabled;
  ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable
  show global variables like 'rpl_semi_sync_slave_enabled';
+diff -up mysql-5.5.28/sql/sql_plugin.cc.p10 mysql-5.5.28/sql/sql_plugin.cc
+--- mysql-5.5.28/sql/sql_plugin.cc.p10	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql/sql_plugin.cc	2012-12-06 14:20:53.078755855 +0100
+@@ -2094,7 +2094,7 @@ static int check_func_bool(THD *thd, str
+       goto err;
+     result= (int) tmp;
+   }
+-  *(my_bool *) save= -result;
++  *(my_bool *) save= result ? true : false;
+   return 0;
+ err:
+   return 1;
diff --git a/mysql-readline.patch b/mysql-readline.patch
deleted file mode 100644
index 9636913..0000000
--- a/mysql-readline.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- mysql-5.5.8/cmake/readline.cmake.readline	2010-12-03 18:58:26.000000000 +0100
-+++ mysql-5.5.8/cmake/readline.cmake	2010-12-22 23:11:19.641789020 +0100
-@@ -139,7 +139,7 @@
- 
-   IF(${name}_LIBRARY AND ${name}_INCLUDE_DIR)
-     SET(SYSTEM_READLINE_FOUND 1)
--    SET(CMAKE_REQUIRED_LIBRARIES ${${name}_LIBRARY})
-+    SET(CMAKE_REQUIRED_LIBRARIES ${${name}_LIBRARY} ncurses)
-     CHECK_CXX_SOURCE_COMPILES("
-     #include <stdio.h>
-     #include <readline/readline.h>
-@@ -172,7 +172,7 @@
-     ${name}_USE_NEW_READLINE_INTERFACE)
-     
-     IF(${name}_USE_LIBEDIT_INTERFACE  OR ${name}_USE_NEW_READLINE_INTERFACE)
--      SET(READLINE_LIBRARY ${${name}_LIBRARY})
-+      SET(READLINE_LIBRARY ${${name}_LIBRARY} ncurses)
-       SET(READLINE_INCLUDE_DIR ${${name}_INCLUDE_DIR})
-       SET(HAVE_HIST_ENTRY ${${name}_HAVE_HIST_ENTRY})
-       SET(USE_LIBEDIT_INTERFACE ${${name}_USE_LIBEDIT_INTERFACE})
diff --git a/mysql-s390-tsc.patch b/mysql-s390-tsc.patch
index 00811a4..f995266 100644
--- a/mysql-s390-tsc.patch
+++ b/mysql-s390-tsc.patch
@@ -2,10 +2,10 @@ Support s390/s390x in performance schema's cycle-counting functions.
 Filed upstream at http://bugs.mysql.com/bug.php?id=59953
 
 
-diff -Naur mysql-5.5.8.orig/include/my_rdtsc.h mysql-5.5.8/include/my_rdtsc.h
---- mysql-5.5.8.orig/include/my_rdtsc.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/my_rdtsc.h	2011-02-04 11:16:45.431459913 -0500
-@@ -124,6 +124,7 @@
+diff -up mysql-5.5.28/include/my_rdtsc.h.p11 mysql-5.5.28/include/my_rdtsc.h
+--- mysql-5.5.28/include/my_rdtsc.h.p11	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/my_rdtsc.h	2012-12-06 14:22:13.651823354 +0100
+@@ -125,6 +125,7 @@ C_MODE_END
  #define MY_TIMER_ROUTINE_MACH_ABSOLUTE_TIME      25
  #define MY_TIMER_ROUTINE_GETSYSTEMTIMEASFILETIME 26
  #define MY_TIMER_ROUTINE_ASM_SUNPRO_X86_64       27
@@ -13,10 +13,10 @@ diff -Naur mysql-5.5.8.orig/include/my_rdtsc.h mysql-5.5.8/include/my_rdtsc.h
  
  #endif
  
-diff -Naur mysql-5.5.8.orig/mysys/my_rdtsc.c mysql-5.5.8/mysys/my_rdtsc.c
---- mysql-5.5.8.orig/mysys/my_rdtsc.c	2010-12-03 12:58:26.000000000 -0500
-+++ mysql-5.5.8/mysys/my_rdtsc.c	2011-02-04 11:16:45.432465577 -0500
-@@ -224,6 +224,13 @@
+diff -up mysql-5.5.28/mysys/my_rdtsc.c.p11 mysql-5.5.28/mysys/my_rdtsc.c
+--- mysql-5.5.28/mysys/my_rdtsc.c.p11	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/mysys/my_rdtsc.c	2012-12-06 14:22:13.672823375 +0100
+@@ -224,6 +224,13 @@ ulonglong my_timer_cycles(void)
      clock_gettime(CLOCK_SGI_CYCLE, &tp);
      return (ulonglong) tp.tv_sec * 1000000000 + (ulonglong) tp.tv_nsec;
    }
@@ -30,7 +30,7 @@ diff -Naur mysql-5.5.8.orig/mysys/my_rdtsc.c mysql-5.5.8/mysys/my_rdtsc.c
  #elif defined(HAVE_SYS_TIMES_H) && defined(HAVE_GETHRTIME)
    /* gethrtime may appear as either cycle or nanosecond counter */
    return (ulonglong) gethrtime();
-@@ -533,6 +540,8 @@
+@@ -533,6 +540,8 @@ void my_timer_init(MY_TIMER_INFO *mti)
    mti->cycles.routine= MY_TIMER_ROUTINE_ASM_GCC_SPARC32;
  #elif defined(__sgi) && defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_SGI_CYCLE)
    mti->cycles.routine= MY_TIMER_ROUTINE_SGI_CYCLE;
diff --git a/mysql-stack-guard.patch b/mysql-stack-guard.patch
index 0634560..c01c1a7 100644
--- a/mysql-stack-guard.patch
+++ b/mysql-stack-guard.patch
@@ -8,10 +8,10 @@ mysqld.cc; is it important to fix any of the others?
 Filed upstream at http://bugs.mysql.com/bug.php?id=35019
 
 
-diff -Naur mysql-5.5.8.orig/sql/mysqld.cc mysql-5.5.8/sql/mysqld.cc
---- mysql-5.5.8.orig/sql/mysqld.cc	2010-12-03 12:58:26.000000000 -0500
-+++ mysql-5.5.8/sql/mysqld.cc	2010-12-20 22:01:08.939186906 -0500
-@@ -2602,6 +2602,70 @@
+diff -up mysql-5.5.28/sql/mysqld.cc.p5 mysql-5.5.28/sql/mysqld.cc
+--- mysql-5.5.28/sql/mysqld.cc.p5	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql/mysqld.cc	2012-12-06 14:13:59.765407494 +0100
+@@ -2599,6 +2599,70 @@ static void init_signals(void)
  }
  
  
@@ -82,7 +82,7 @@ diff -Naur mysql-5.5.8.orig/sql/mysqld.cc mysql-5.5.8/sql/mysqld.cc
  static void start_signal_handler(void)
  {
    int error;
-@@ -2612,15 +2676,7 @@
+@@ -2609,15 +2673,7 @@ static void start_signal_handler(void)
  #if !defined(HAVE_DEC_3_2_THREADS)
    pthread_attr_setscope(&thr_attr,PTHREAD_SCOPE_SYSTEM);
    (void) pthread_attr_setdetachstate(&thr_attr,PTHREAD_CREATE_DETACHED);
@@ -99,7 +99,7 @@ diff -Naur mysql-5.5.8.orig/sql/mysqld.cc mysql-5.5.8/sql/mysqld.cc
  #endif
  
    mysql_mutex_lock(&LOCK_thread_count);
-@@ -4361,36 +4417,8 @@
+@@ -4398,36 +4454,8 @@ int mysqld_main(int argc, char **argv)
      unireg_abort(1);				// Will do exit
  
    init_signals();
diff --git a/mysql-string-overflow.patch b/mysql-string-overflow.patch
index eaa11e8..eaa40f6 100644
--- a/mysql-string-overflow.patch
+++ b/mysql-string-overflow.patch
@@ -1,4 +1,4 @@
-These issues were found by Coverity static analysis tool, for more info 
+These issues were found by Coverity static analysis tool, for more info
 see messages by particular fixes (messages belong to 5.1.61).
 
 Filed upstream at http://bugs.mysql.com/bug.php?id=64631
@@ -7,10 +7,10 @@ Filed upstream at http://bugs.mysql.com/bug.php?id=64631
 Error: BUFFER_SIZE_WARNING:
 /builddir/build/BUILD/mysql-5.1.61/sql/sql_prepare.cc:2749: buffer_size_warning: Calling strncpy with a maximum size argument of 512 bytes on destination array "this->stmt->last_error" of size 512 bytes might leave the destination string unterminated.
 
-diff -Naur mysql-5.5.23.orig/sql/sql_prepare.cc mysql-5.5.23/sql/sql_prepare.cc
---- mysql-5.5.23.orig/sql/sql_prepare.cc	2012-03-29 15:07:12.000000000 -0400
-+++ mysql-5.5.23/sql/sql_prepare.cc	2012-04-27 22:19:09.196076848 -0400
-@@ -2871,7 +2871,7 @@
+diff -up mysql-5.5.28/sql/sql_prepare.cc.p20 mysql-5.5.28/sql/sql_prepare.cc
+--- mysql-5.5.28/sql/sql_prepare.cc.p20	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql/sql_prepare.cc	2012-12-06 14:27:28.647087401 +0100
+@@ -2879,7 +2879,7 @@ void mysql_stmt_get_longdata(THD *thd, c
    {
      stmt->state= Query_arena::STMT_ERROR;
      stmt->last_errno= thd->stmt_da->sql_errno();
@@ -25,10 +25,10 @@ Error: STRING_OVERFLOW:
 /builddir/build/BUILD/mysql-5.1.61/sql/sql_trigger.cc:2194: fixed_size_dest: You might overrun the 512 byte fixed-size string "this->m_parse_error_message" by copying "error_message" without checking the length.
 /builddir/build/BUILD/mysql-5.1.61/sql/sql_trigger.cc:2194: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
 
-diff -Naur mysql-5.5.23.orig/sql/sql_trigger.cc mysql-5.5.23/sql/sql_trigger.cc
---- mysql-5.5.23.orig/sql/sql_trigger.cc	2012-03-29 15:07:12.000000000 -0400
-+++ mysql-5.5.23/sql/sql_trigger.cc	2012-04-27 22:19:09.198076947 -0400
-@@ -2260,7 +2260,7 @@
+diff -up mysql-5.5.28/sql/sql_trigger.cc.p20 mysql-5.5.28/sql/sql_trigger.cc
+--- mysql-5.5.28/sql/sql_trigger.cc.p20	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql/sql_trigger.cc	2012-12-06 14:27:28.648087398 +0100
+@@ -2260,7 +2260,7 @@ void Table_triggers_list::mark_fields_us
  void Table_triggers_list::set_parse_error_message(char *error_message)
  {
    m_has_unparseable_trigger= true;
@@ -43,10 +43,10 @@ Error: STRING_OVERFLOW:
 /builddir/build/BUILD/mysql-5.1.61/storage/innodb_plugin/handler/ha_innodb.cc:6544: fixed_size_dest: You might overrun the 512 byte fixed-size string "name2" by copying "name" without checking the length.
 /builddir/build/BUILD/mysql-5.1.61/storage/innodb_plugin/handler/ha_innodb.cc:6544: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
 
-diff -Naur mysql-5.5.23.orig/storage/innobase/handler/ha_innodb.cc mysql-5.5.23/storage/innobase/handler/ha_innodb.cc
---- mysql-5.5.23.orig/storage/innobase/handler/ha_innodb.cc	2012-03-29 15:07:11.000000000 -0400
-+++ mysql-5.5.23/storage/innobase/handler/ha_innodb.cc	2012-04-27 22:19:09.201077088 -0400
-@@ -7023,7 +7023,7 @@
+diff -up mysql-5.5.28/storage/innobase/handler/ha_innodb.cc.p20 mysql-5.5.28/storage/innobase/handler/ha_innodb.cc
+--- mysql-5.5.28/storage/innobase/handler/ha_innodb.cc.p20	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/storage/innobase/handler/ha_innodb.cc	2012-12-06 14:27:28.653087416 +0100
+@@ -7054,7 +7054,7 @@ ha_innobase::create(
  
  	ut_a(strlen(name) < sizeof(name2));
  
diff --git a/mysql-strmov.patch b/mysql-strmov.patch
index 3d8ccec..2a78619 100644
--- a/mysql-strmov.patch
+++ b/mysql-strmov.patch
@@ -13,10 +13,10 @@ of any real performance gain from optimizing these calls.  So I'm keeping
 this patch.
 
 
-diff -Naur mysql-5.5.8.orig/include/m_string.h mysql-5.5.8/include/m_string.h
---- mysql-5.5.8.orig/include/m_string.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/m_string.h	2010-12-20 21:39:13.905186372 -0500
-@@ -74,15 +74,6 @@
+diff -up mysql-5.5.28/include/m_string.h.p2 mysql-5.5.28/include/m_string.h
+--- mysql-5.5.28/include/m_string.h.p2	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/include/m_string.h	2012-12-06 14:12:31.225333542 +0100
+@@ -77,15 +77,6 @@ extern "C" {
  extern void *(*my_str_malloc)(size_t);
  extern void (*my_str_free)(void *);
  
diff --git a/mysql-va-list.patch b/mysql-va-list.patch
index a76d0eb..552457c 100644
--- a/mysql-va-list.patch
+++ b/mysql-va-list.patch
@@ -4,10 +4,10 @@ which is not required by the C spec, and is not true on ARM for instance.
 Per bug #744707.
 
 
-diff -Naur mysql-5.5.16.orig/sql-common/client_plugin.c mysql-5.5.16/sql-common/client_plugin.c
---- mysql-5.5.16.orig/sql-common/client_plugin.c	2011-09-09 11:56:39.000000000 -0400
-+++ mysql-5.5.16/sql-common/client_plugin.c	2011-10-16 23:00:00.708799138 -0400
-@@ -228,11 +228,13 @@
+diff -up mysql-5.5.28/sql-common/client_plugin.c.p12 mysql-5.5.28/sql-common/client_plugin.c
+--- mysql-5.5.28/sql-common/client_plugin.c.p12	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/sql-common/client_plugin.c	2012-12-06 14:22:54.494857607 +0100
+@@ -233,11 +233,13 @@ int mysql_client_plugin_init()
  {
    MYSQL mysql;
    struct st_mysql_client_plugin **builtin;
@@ -21,7 +21,7 @@ diff -Naur mysql-5.5.16.orig/sql-common/client_plugin.c mysql-5.5.16/sql-common/
  
    pthread_mutex_init(&LOCK_load_client_plugin, MY_MUTEX_INIT_SLOW);
    init_alloc_root(&mem_root, 128, 128);
-@@ -244,7 +246,7 @@
+@@ -249,7 +251,7 @@ int mysql_client_plugin_init()
    pthread_mutex_lock(&LOCK_load_client_plugin);
  
    for (builtin= mysql_client_builtins; *builtin; builtin++)
@@ -30,7 +30,7 @@ diff -Naur mysql-5.5.16.orig/sql-common/client_plugin.c mysql-5.5.16/sql-common/
  
    pthread_mutex_unlock(&LOCK_load_client_plugin);
  
-@@ -288,9 +290,13 @@
+@@ -293,9 +295,13 @@ struct st_mysql_client_plugin *
  mysql_client_register_plugin(MYSQL *mysql,
                               struct st_mysql_client_plugin *plugin)
  {
@@ -44,7 +44,7 @@ diff -Naur mysql-5.5.16.orig/sql-common/client_plugin.c mysql-5.5.16/sql-common/
    pthread_mutex_lock(&LOCK_load_client_plugin);
  
    /* make sure the plugin wasn't loaded meanwhile */
-@@ -302,7 +308,7 @@
+@@ -307,7 +313,7 @@ mysql_client_register_plugin(MYSQL *mysq
      plugin= NULL;
    }
    else
diff --git a/mysql-versioning.patch b/mysql-versioning.patch
index aaaa828..6374b6c 100644
--- a/mysql-versioning.patch
+++ b/mysql-versioning.patch
@@ -4,10 +4,10 @@ forgotten the issue entirely.  So we now maintain our own list of exported
 symbols and jam it into the build with this hack.
 
 
-diff -Naur mysql-5.5.8.orig/libmysql/CMakeLists.txt mysql-5.5.8/libmysql/CMakeLists.txt
---- mysql-5.5.8.orig/libmysql/CMakeLists.txt	2010-12-03 12:58:26.000000000 -0500
-+++ mysql-5.5.8/libmysql/CMakeLists.txt	2010-12-21 21:00:07.135311386 -0500
-@@ -197,7 +197,7 @@
+diff -up mysql-5.5.28/libmysql/CMakeLists.txt.p7 mysql-5.5.28/libmysql/CMakeLists.txt
+--- mysql-5.5.28/libmysql/CMakeLists.txt.p7	2012-08-29 10:50:46.000000000 +0200
++++ mysql-5.5.28/libmysql/CMakeLists.txt	2012-12-06 14:15:03.905461517 +0100
+@@ -209,7 +209,7 @@ IF(NOT DISABLE_SHARED)
          SET(libmysql_link_flags)
        ENDIF()
        SET_TARGET_PROPERTIES(libmysql PROPERTIES LINK_FLAGS 
diff --git a/mysql55.spec b/mysql55.spec
index 5968be4..9d7d7a4 100644
--- a/mysql55.spec
+++ b/mysql55.spec
@@ -1,6 +1,17 @@
+%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
+%global with_systemd 1
+%else
+%global with_systemd 0
+%endif
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%global with_dtrace 1
+%else
+%global with_dtrace 0
+%endif
+
 Name: mysql
 Version: 5.5.28
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 Summary: MySQL client programs and shared libraries
 Group: Applications/Databases
@@ -58,21 +69,21 @@ Patch17: mysql-plugin-test.patch
 Patch18: mysql-cipherspec.patch
 Patch19: mysql-file-contents.patch
 Patch20: mysql-string-overflow.patch
-
-# RC patch for backports
-Patch21: mysql-readline.patch
+Patch21: mysql-dh1024.patch
+Patch22: mysql-cve-2012-5611.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: gperf, perl, readline-devel, openssl-devel
+BuildRequires: gperf
+BuildRequires: perl, readline-devel, openssl-devel
 BuildRequires: gcc-c++, cmake, ncurses-devel, zlib-devel, libaio-devel
-%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%if %{with_dtrace}
 BuildRequires: systemtap-sdt-devel >= 1.3
 %endif
 # make test requires time and ps
 BuildRequires: time procps
 # Socket and Time::HiRes are needed to run regression tests
 BuildRequires: perl(Socket), perl(Time::HiRes)
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 BuildRequires: systemd-units
 %endif
 
@@ -125,7 +136,7 @@ Requires: sh-utils
 Requires(pre): /usr/sbin/useradd
 Requires(post): chkconfig
 Requires(preun): chkconfig
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 # We require this to be present for %%{_prefix}/lib/tmpfiles.d
 Requires: systemd-units
 # Make sure it's there when scriptlets run, too
@@ -237,9 +248,8 @@ rm -f Docs/mysql.info
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
-
-# Remi specific patches
-%patch21 -p1 -b .readline
+%patch21 -p1
+%patch22 -p1
 
 # workaround for upstream bug #56342
 rm -f mysql-test/t/ssl_8k_key-master.opt
@@ -302,7 +312,7 @@ cmake . -DBUILD_CONFIG=mysql_release \
 	-DMYSQL_DATADIR="/var/lib/mysql" \
 	-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
 	-DENABLED_LOCAL_INFILE=ON \
-%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%if %{with_dtrace}
 	-DENABLE_DTRACE=ON \
 %endif
 	-DWITH_EMBEDDED_SERVER=ON \
@@ -322,7 +332,7 @@ ar -x ../libmysqld.a
 rm -f sql_binlog.cc.o rpl_utility.cc.o
 gcc $CFLAGS $LDFLAGS -shared -Wl,-soname,libmysqld.so.0 -o libmysqld.so.0.0.1 \
 	*.o \
-%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%if %{with_dtrace}
 	../../probes_mysql.o \
 %endif
 	-lpthread -laio -lcrypt -lssl -lcrypto -lz -lrt -lstdc++ -ldl -lm -lc
@@ -412,11 +422,11 @@ install -m 0755 -d $RPM_BUILD_ROOT/var/lib/mysql
 
 mkdir -p $RPM_BUILD_ROOT/etc
 install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/my.cnf
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 sed -i -e '/user=mysql/d' $RPM_BUILD_ROOT/etc/my.cnf
 %endif
 
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 # install systemd unit files and scripts for handling server startup
 mkdir -p ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_unitdir}/
@@ -537,7 +547,7 @@ echo -e "You should consider upgrading to a supported release.\n"
 %else
 if [ $1 = 1 ]; then
     # Initial installation
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
     /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 %else
     /sbin/chkconfig --add mysqld
@@ -551,7 +561,7 @@ fi
 # We can tell if a SysV version of mysql was previously installed by
 # checking to see if the initscript is present.
 %triggerun server -- mysql-server
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 if [ -f /etc/rc.d/init.d/mysqld ]; then
     # Save the current service runlevel info
     # User must manually run systemd-sysv-convert --apply mysqld
@@ -570,7 +580,7 @@ fi
 %else
 if [ $1 = 0 ]; then
     # Package removal, not upgrade
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
     /bin/systemctl --no-reload disable mysqld.service >/dev/null 2>&1 || :
     /bin/systemctl stop mysqld.service >/dev/null 2>&1 || :
 %else
@@ -589,7 +599,7 @@ fi
 %if 0%{?systemd_postun_with_restart:1}
 %systemd_postun_with_restart mysqld.service
 %else
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 if [ $1 -ge 1 ]; then
     # Package upgrade, not uninstall
@@ -751,7 +761,7 @@ fi
 %{_datadir}/mysql/my-*.cnf
 %{_datadir}/mysql/config.*.ini
 
-%if 0%{?fedora} >= 15
+%if %{with_systemd}
 %{_unitdir}/mysqld.service
 %{_libexecdir}/mysqld-prepare-db-dir
 %{_libexecdir}/mysqld-wait-ready
@@ -799,6 +809,20 @@ fi
 %{_mandir}/man1/mysql_client_test.1*
 
 %changelog
+* Sat Dec  8 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.5.28-3
+- sync with rawhide, rebuild for security
+- use with_systemd and with_dtrace macro instead of version test
+
+* Thu Dec  6 2012 Honza Horak <hhorak@redhat.com> 5.5.28-3
+- Rebase patches to not leave backup files when not applied smoothly
+
+* Wed Dec  5 2012 Tom Lane <tgl@redhat.com> 5.5.28-2
+- Add patch for CVE-2012-5611
+Resolves: #883642
+- Widen DH key length from 512 to 1024 bits to meet minimum requirements
+  of FIPS 140-2
+Related: #877124
+
 * Sat Sep 29 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.5.28-2
 - sync with rawhide
 
-- 
cgit