Update to MySQL 5.0.27, fix a couple minor issues noted in changelog entry.

2006-11-09 23:31:23 +00:00 · 2006-11-09 23:31:23 +00:00 · 148a89c268
commit 148a89c268
parent 081a83a5a9
6 changed files with 156 additions and 5 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-mysql-5.0.22.tar.gz
+mysql-5.0.27.tar.gz
--- a/mysql-bdb-link.patch
+++ b/mysql-bdb-link.patch
@ -0,0 +1,31 @@
+Fix link flags, per RH bug #199368.
+
+Probably no point in filing this upstream, since MySQL AB is dropping BDB
+support; we won't need it ourselves when we move to mysql 5.1.
+
+
+diff -Naur mysql-5.0.27.orig/bdb/dist/Makefile.in mysql-5.0.27/bdb/dist/Makefile.in
+--- mysql-5.0.27.orig/bdb/dist/Makefile.in	2006-10-20 20:22:38.000000000 -0400
+++ mysql-5.0.27/bdb/dist/Makefile.in	2006-11-08 19:25:24.000000000 -0500
+@@ -52,8 +52,9 @@
+ ##################################################
+ CPPFLAGS=	-I$(builddir) -I$(srcdir) -I$(srcdir)/dbinc @CPPFLAGS@
+ CFLAGS=	 	-c $(CPPFLAGS) @CFLAGS@
+LOPTFLAGS=	$(CPPFLAGS) @CFLAGS@
+ CC=		@MAKEFILE_CC@
+-CCLINK=		@MAKEFILE_CCLINK@
+CCLINK=		@MAKEFILE_CCLINK@ $(LOPTFLAGS)
+ 
+ LDFLAGS=	@LDFLAGS@
+ LIBS=		@LIBS@
+@@ -74,8 +75,8 @@
+ ##################################################
+ CXXFLAGS=	-c $(CPPFLAGS) @CXXFLAGS@
+ CXX=		@MAKEFILE_CXX@
+-CXXLINK=	@MAKEFILE_CXXLINK@
+-XSOLINK=	@MAKEFILE_XSOLINK@
+CXXLINK=	@MAKEFILE_CXXLINK@ $(LOPTFLAGS)
+XSOLINK=	@MAKEFILE_XSOLINK@ $(LOPTFLAGS)
+ LIBXSO_LIBS=	@LIBXSO_LIBS@
+ 
+ libcxx=		libdb_cxx.a
--- a/mysql-ssl-bugs.patch
+++ b/mysql-ssl-bugs.patch
@ -0,0 +1,101 @@
+Workarounds for recently-introduced SSL breakage, filed as upstream bugs
+#24121, #24148, and #24157.
+
+I believe the client.c fix is actually correct.
+
+The viossl.c patch is just a crude reversion to the 5.0.22 approach to work
+around brain death in close_connection().  I don't know the mysql code well
+enough to venture changing the locking logic in close_connection(), though.
+
+Also, change openssl_1 test to agree with the test certificate included in the
+distribution.  And in viosslfactories.c, suppress ERR_print_errors_fp which
+gives system-dependent error messages, since that breaks the openssl_1 test
+(which has evidently only been tested with yassl, if at all).
+
+
+diff -Naur mysql-5.0.27.orig/sql-common/client.c mysql-5.0.27/sql-common/client.c
+--- mysql-5.0.27.orig/sql-common/client.c	2006-10-20 20:22:26.000000000 -0400
+++ mysql-5.0.27/sql-common/client.c	2006-11-08 19:20:49.000000000 -0500
+@@ -2949,7 +2949,7 @@
+     mysql->reconnect= *(my_bool *) arg;
+     break;
+   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
+-    if (!arg || test(*(uint*) arg))
+    if (!arg || test(*(my_bool*) arg))
+       mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
+     else
+       mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
+diff -Naur mysql-5.0.27.orig/vio/viossl.c mysql-5.0.27/vio/viossl.c
+--- mysql-5.0.27.orig/vio/viossl.c	2006-10-20 20:23:11.000000000 -0400
+++ mysql-5.0.27/vio/viossl.c	2006-11-09 13:57:32.000000000 -0500
+@@ -119,19 +119,10 @@
+ 
+   if (ssl)
+   {
+-    switch ((r= SSL_shutdown(ssl)))
+-    {
+-    case 1: /* Shutdown successful */
+-      break;
+-    case 0: /* Shutdown not yet finished, call it again */
+-      if ((r= SSL_shutdown(ssl) >= 0))
+-        break;
+-      /* Fallthrough */
+-    default: /* Shutdown failed */
+    r = SSL_shutdown(ssl);
+    if (r < 0)
+       DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %s",
+                                SSL_get_error(ssl, r)));
+-      break;
+-    }
+     SSL_free(ssl);
+     vio->ssl_arg= 0;
+   }
+diff -Naur mysql-5.0.27.orig/mysql-test/r/openssl_1.result mysql-5.0.27/mysql-test/r/openssl_1.result
+--- mysql-5.0.27.orig/mysql-test/r/openssl_1.result	2006-10-20 20:36:44.000000000 -0400
+++ mysql-5.0.27/mysql-test/r/openssl_1.result	2006-11-09 15:11:47.000000000 -0500
+@@ -3,8 +3,8 @@
+ insert into t1 values (5);
+ grant select on test.* to ssl_user1@localhost require SSL;
+ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
+-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+ grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
+ flush privileges;
+ connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
+diff -Naur mysql-5.0.27.orig/mysql-test/t/openssl_1.test mysql-5.0.27/mysql-test/t/openssl_1.test
+--- mysql-5.0.27.orig/mysql-test/t/openssl_1.test	2006-10-20 20:36:43.000000000 -0400
+++ mysql-5.0.27/mysql-test/t/openssl_1.test	2006-11-09 15:10:29.000000000 -0500
+@@ -10,8 +10,8 @@
+ 
+ grant select on test.* to ssl_user1@localhost require SSL;
+ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
+-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+ grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
+ flush privileges;
+ 
+diff -Naur mysql-5.0.27.orig/vio/viosslfactories.c mysql-5.0.27/vio/viosslfactories.c
+--- mysql-5.0.27.orig/vio/viosslfactories.c	2006-10-20 20:22:39.000000000 -0400
+++ mysql-5.0.27/vio/viosslfactories.c	2006-11-09 16:02:14.000000000 -0500
+@@ -88,7 +88,7 @@
+       DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file));
+       /* FIX stderr */
+       fprintf(stderr,"Error when connection to server using SSL:");
+-      ERR_print_errors_fp(stderr);
+      DBUG_EXECUTE("error",ERR_print_errors_fp(stderr););
+       fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
+       fflush(stderr);
+       DBUG_RETURN(1);
+@@ -102,7 +102,7 @@
+       DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file));
+       /* FIX stderr */
+       fprintf(stderr,"Error when connection to server using SSL:");
+-      ERR_print_errors_fp(stderr);
+      DBUG_EXECUTE("error",ERR_print_errors_fp(stderr););
+       fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
+       fflush(stderr);
+       DBUG_RETURN(1);
--- a/mysql.init
+++ b/mysql.init
@ -87,6 +87,7 @@ start(){
 	    if [ $STARTTIMEOUT -eq 0 ]; then
                    echo "Timeout error occurred trying to start MySQL Daemon."
                    action $"Starting $prog: " /bin/false
+                    ret=1
            else
                    action $"Starting $prog: " /bin/true
            fi
--- a/mysql.spec
+++ b/mysql.spec
@ -1,6 +1,6 @@
 Name: mysql
-Version: 5.0.22
-Release: 2.1
+Version: 5.0.27
+Release: 1%{?dist}
 Summary: MySQL client programs and shared libraries.
 License: GPL
 Group: Applications/Databases
@ -24,6 +24,8 @@ Patch5: mysql-no-atomic.patch
 Patch6: mysql-rpl_ddl.patch
 Patch7: mysql-rpl-test.patch
 Patch8: mysql-install-test.patch
+Patch9: mysql-bdb-link.patch
+Patch10: mysql-ssl-bugs.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Prereq: /sbin/ldconfig, /sbin/install-info, grep, fileutils, chkconfig
@ -114,6 +116,8 @@ the MySQL sources.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
+%patch10 -p1

 libtoolize --force
 aclocal
@ -284,7 +288,6 @@ fi
 %{_bindir}/mysqlbinlog
 %{_bindir}/mysqlcheck
 %{_bindir}/mysqldump
-%{_bindir}/mysqldumpslow
 %{_bindir}/mysqlimport
 %{_bindir}/mysqlshow

@ -348,8 +351,10 @@ fi
 %{_bindir}/mysql_setpermission
 %{_bindir}/mysql_tzinfo_to_sql
 %{_bindir}/mysql_upgrade
+%{_bindir}/mysql_upgrade_shell
 %{_bindir}/mysql_zap
 %{_bindir}/mysqlbug
+%{_bindir}/mysqldumpslow
 %{_bindir}/mysqld_multi
 %{_bindir}/mysqld_safe
 %{_bindir}/mysqlhotcopy
@ -372,6 +377,7 @@ fi
 %{_mandir}/man1/myisam_ftdump.1.gz
 %{_mandir}/man1/mysql.server.1.gz
 %{_mandir}/man1/mysql_config.1.gz
+%{_mandir}/man1/mysql_explain_log.1.gz
 %{_mandir}/man1/mysql_fix_privilege_tables.1*
 %{_mandir}/man1/mysql_upgrade.1*
 %{_mandir}/man1/mysql_zap.1*
@ -387,6 +393,8 @@ fi
 %{_mandir}/man1/perror.1*
 %{_mandir}/man1/replace.1*
 %{_mandir}/man1/safe_mysqld.1*
+%{_mandir}/man8/mysqld.8*
+%{_mandir}/man8/mysqlmanager.8*

 %dir %{_datadir}/mysql
 %{_datadir}/mysql/errmsg.txt
@ -414,6 +422,16 @@ fi
 %attr(-,mysql,mysql) %{_datadir}/mysql-test

 %changelog
+* Wed Nov  8 2006 Tom Lane <tgl@redhat.com> 5.0.27-1
+- Update to MySQL 5.0.27 (see CVE-2006-4031, CVE-2006-4226, CVE-2006-4227)
+Resolves: #202247, #202675, #203427, #203428, #203432, #203434, #208641
+- Fix init script to return status 1 on server start timeout
+Resolves: #203910
+- Move mysqldumpslow from base package to mysql-server
+Resolves: #193559
+- Adjust link options for BDB module
+Resolves: #199368
+
 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 5.0.22-2.1
 - rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-b0533dce52a3147234e588f51affbcab  mysql-5.0.22.tar.gz
+584d423440a9d9c859678e3d4f2690b3  mysql-5.0.27.tar.gz