diff options
| -rw-r--r-- | mysql-chain-certs.patch | 41 | ||||
| -rw-r--r-- | mysql-missing-string-code.patch | 14 | ||||
| -rw-r--r-- | mysql-plugin-bug.patch | 20 | ||||
| -rw-r--r-- | mysql.spec | 39 |
4 files changed, 101 insertions, 13 deletions
diff --git a/mysql-chain-certs.patch b/mysql-chain-certs.patch new file mode 100644 index 0000000..3b20a28 --- /dev/null +++ b/mysql-chain-certs.patch @@ -0,0 +1,41 @@ +Fix things so that chains of certificates work in the server and client +certificate files. + +This only really works for OpenSSL-based builds, as yassl is unable to read +multiple certificates from a file. The patch below to yassl/src/ssl.cpp +doesn't fix that, but just arranges that the viosslfactories.c patch won't +have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ +Fedora builds, I'm not feeling motivated to try to fix yassl for this. + +See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 + + +diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c +--- mysql-5.1.47.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400 ++++ mysql-5.1.47/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400 +@@ -100,7 +100,7 @@ + (long) ctx, cert_file, key_file)); + if (cert_file) + { +- if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) ++ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) + { + *error= SSL_INITERR_CERT; + DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); +diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp +--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400 ++++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400 +@@ -1606,10 +1606,10 @@ + } + + +- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*) ++ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) + { +- // TDOD: +- return SSL_SUCCESS; ++ // For the moment, treat like use_certificate_file ++ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert); + } + + diff --git a/mysql-missing-string-code.patch b/mysql-missing-string-code.patch new file mode 100644 index 0000000..d251f81 --- /dev/null +++ b/mysql-missing-string-code.patch @@ -0,0 +1,14 @@ +Crude workaround for bug #587170. There are probably better ways ... + + +diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am +--- mysql-5.1.47.orig/storage/federated/Makefile.am 2010-05-06 11:27:38.000000000 -0400 ++++ mysql-5.1.47/storage/federated/Makefile.am 2010-06-04 14:57:36.000000000 -0400 +@@ -38,6 +38,7 @@ + ha_federated_la_CXXFLAGS= $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN + ha_federated_la_CFLAGS = $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN + ha_federated_la_SOURCES = ha_federated.cc ++ha_federated_la_LIBADD = ../../mysys/string.o + + + EXTRA_LIBRARIES = libfederated.a diff --git a/mysql-plugin-bug.patch b/mysql-plugin-bug.patch index 856a9d4..cbbaf77 100644 --- a/mysql-plugin-bug.patch +++ b/mysql-plugin-bug.patch @@ -1,9 +1,21 @@ ---- mysql-5.1.47/mysql-test/t/disabled.def.orig 2010-05-06 17:58:11.000000000 +0200 -+++ mysql-5.1.47/mysql-test/t/disabled.def 2010-05-21 07:12:00.270542964 +0200 -@@ -13,3 +13,6 @@ +The plugin_load test fails on PPC64 (maybe not always, but at least in the +several tries I've made so far). It doesn't fail on x86, x86_64, or ppc, +at least not in a similarly small number of tries. My best theory at the +moment is that the test itself is wrong. Reported upstream at +http://bugs.mysql.com/bug.php?id=42144 + +For the moment, just disable this test. + +Also, disable the outfile_loaddata test, which as of 5.1.38 is giving +platform-dependent results, with the "expected" results being arguably the +wrong ones. This is upstream at http://bugs.mysql.com/bug.php?id=46895 + +--- mysql-5.1.48/mysql-test/t/disabled.def.orig 2010-06-03 18:17:34.000000000 +0200 ++++ mysql-5.1.48/mysql-test/t/disabled.def 2010-06-17 17:34:14.301366397 +0200 +@@ -12,3 +12,6 @@ + kill : Bug#37780 2008-12-03 HHunger need some changes to be robust enough for pushbuild. query_cache_28249 : Bug#43861 2009-03-25 main.query_cache_28249 fails sporadically partition_innodb_plugin : Bug#53307 2010-04-30 VasilDimov valgrind warnings - ps_3innodb : Bug#53309 2010-04-30 VasilDimov valgrind warnings +# +plugin_load : gives wrong answer on PPC64 +outfile_loaddata : gives different results on different platforms @@ -1,5 +1,5 @@ Name: mysql -Version: 5.1.47 +Version: 5.1.48 Release: 1%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases @@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch Patch10: mysql-strmov.patch Patch12: mysql-cve-2008-7247.patch Patch13: mysql-expired-certs.patch +Patch14: mysql-missing-string-code.patch Patch15: mysql-lowercase-bug.patch +Patch16: mysql-chain-certs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -182,7 +184,9 @@ the MySQL sources. %patch10 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %patch15 -p1 +%patch16 -p1 libtoolize --force @@ -243,11 +247,6 @@ export CFLAGS CXXFLAGS --without-example-storage-engine \ --without-plugin-daemon_example \ --without-plugin-ftexample \ -%ifarch ppc64 -%if 0%{?fedora} <= 10 - --without-plugin-innodb_plugin \ -%endif -%endif --enable-local-infile \ --enable-largefile \ --enable-thread-safe-client \ @@ -386,15 +385,16 @@ echo -e "\nWARNING : This MySQL RPM is not an official Fedora build and it" echo -e "overrides the official one. Don't file bugs on Fedora Project." echo -e "Use dedicated forums http://forums.famillecollet.com/\n" -%if %{?fedora}%{!?fedora:99} <= 10 +%if %{?fedora}%{!?fedora:99} <= 11 echo -e "WARNING : Fedora %{fedora} is now EOL :" echo -e "You should consider upgrading to a supported release.\n" %endif %pre server -/usr/sbin/useradd -M -o -r -d /var/lib/mysql -s /bin/bash \ - -c "MySQL Server" -u 27 mysql > /dev/null 2>&1 || : +/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \ + -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || : %post libs /sbin/ldconfig @@ -606,6 +606,27 @@ fi %changelog +* Thu Jun 17 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.48-1 +- sync with rawhide +- Update to MySQL 5.1.48 Community Server GA + +* Fri Jun 4 2010 Tom Lane <tgl@redhat.com> 5.1.47-2 +- Add back "partition" storage engine +Resolves: #597390 +- Fix broken "federated" storage engine plugin +Related: #587170 +- Read all certificates in SSL certificate files, to support chained certs +Related: #598656 + +* Mon May 24 2010 Tom Lane <tgl@redhat.com> 5.1.47-1 +- Update to MySQL 5.1.47, for various fixes described at + http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html + including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850 +Resolves: #592862 +Resolves: #583717 +- Create mysql group explicitly in pre-server script, to ensure correct GID +Related: #594155 + * Fri May 21 2010 Remi Collet <RPMS@FamilleCollet.com> - 5.1.47-1 - Update to MySQL 5.1.47 Community Server GA |