rpms/mysql/devel mysql-chain-certs.patch, NONE, 1.1 mysql-missing-string-code.patch, NONE, 1.1 mysql.spec, 1.151, 1.152

Tom Lane tgl at fedoraproject.org
Fri Jun 4 20:46:44 UTC 2010 

Author: tgl

Update of /cvs/pkgs/rpms/mysql/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv29269

Modified Files:
	mysql.spec 
Added Files:
	mysql-chain-certs.patch mysql-missing-string-code.patch 
Log Message:
Fix assorted bugs, see changelog entry

mysql-chain-certs.patch:
 extra/yassl/src/ssl.cpp |    6 +++---
 vio/viosslfactories.c   |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

--- NEW FILE mysql-chain-certs.patch ---
Fix things so that chains of certificates work in the server and client
certificate files.

This only really works for OpenSSL-based builds, as yassl is unable to read
multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
doesn't fix that, but just arranges that the viosslfactories.c patch won't
have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
Fedora builds, I'm not feeling motivated to try to fix yassl for this.

See RH bug #598656.  Filed upstream at http://bugs.mysql.com/bug.php?id=54158


diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c
--- mysql-5.1.47.orig/vio/viosslfactories.c	2010-05-06 11:28:07.000000000 -0400
+++ mysql-5.1.47/vio/viosslfactories.c	2010-05-26 23:23:46.000000000 -0400
@@ -100,7 +100,7 @@
 		       (long) ctx, cert_file, key_file));
   if (cert_file)
   {
-    if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
+    if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
     {
       *error= SSL_INITERR_CERT;
       DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp	2010-05-06 11:24:26.000000000 -0400
+++ mysql-5.1.47/extra/yassl/src/ssl.cpp	2010-05-26 23:29:13.000000000 -0400
@@ -1606,10 +1606,10 @@
     }
 
 
-    int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
+    int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
     {
-        // TDOD:
-        return SSL_SUCCESS;
+        // For the moment, treat like use_certificate_file
+        return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
     }
 
 

mysql-missing-string-code.patch:
 Makefile.am |    1 +
 1 file changed, 1 insertion(+)

--- NEW FILE mysql-missing-string-code.patch ---
Crude workaround for bug #587170.  There are probably better ways ...


diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am
--- mysql-5.1.47.orig/storage/federated/Makefile.am	2010-05-06 11:27:38.000000000 -0400
+++ mysql-5.1.47/storage/federated/Makefile.am	2010-06-04 14:57:36.000000000 -0400
@@ -38,6 +38,7 @@
 ha_federated_la_CXXFLAGS=	$(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
 ha_federated_la_CFLAGS =	$(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
 ha_federated_la_SOURCES =	ha_federated.cc
+ha_federated_la_LIBADD = ../../mysys/string.o
 
 
 EXTRA_LIBRARIES =	libfederated.a


Index: mysql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mysql/devel/mysql.spec,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -p -r1.151 -r1.152
--- mysql.spec	24 May 2010 16:17:16 -0000	1.151
+++ mysql.spec	4 Jun 2010 20:46:44 -0000	1.152
@@ -1,6 +1,6 @@
 Name: mysql
 Version: 5.1.47
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: MySQL client programs and shared libraries
 Group: Applications/Databases
 URL: http://www.mysql.com
@@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch
 Patch10: mysql-strmov.patch
 Patch12: mysql-cve-2008-7247.patch
 Patch13: mysql-expired-certs.patch
+Patch14: mysql-missing-string-code.patch
 Patch15: mysql-lowercase-bug.patch
+Patch16: mysql-chain-certs.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: gperf, perl, readline-devel, openssl-devel
@@ -179,7 +181,9 @@ the MySQL sources.
 %patch10 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 %patch15 -p1
+%patch16 -p1
 
 libtoolize --force
 aclocal
@@ -232,6 +236,7 @@ export CFLAGS CXXFLAGS
 	--with-pic \
 	--with-plugin-innobase \
 	--without-plugin-innodb_plugin \
+	--with-plugin-partition \
 	--enable-local-infile \
 	--enable-largefile \
 	--enable-thread-safe-client \
@@ -569,6 +574,14 @@ fi
 %{_mandir}/man1/mysql_client_test.1*
 
 %changelog
+* Fri Jun  4 2010 Tom Lane <tgl at redhat.com> 5.1.47-2
+- Add back "partition" storage engine
+Resolves: #597390
+- Fix broken "federated" storage engine plugin
+Related: #587170
+- Read all certificates in SSL certificate files, to support chained certs
+Related: #598656
+
 * Mon May 24 2010 Tom Lane <tgl at redhat.com> 5.1.47-1
 - Update to MySQL 5.1.47, for various fixes described at
   http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html

More information about the scm-commits mailing list