Fix assorted bugs, see changelog entry
This commit is contained in:
parent
aab815016f
commit
d74716e594
41
mysql-chain-certs.patch
Normal file
41
mysql-chain-certs.patch
Normal file
@ -0,0 +1,41 @@
|
||||
Fix things so that chains of certificates work in the server and client
|
||||
certificate files.
|
||||
|
||||
This only really works for OpenSSL-based builds, as yassl is unable to read
|
||||
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
|
||||
doesn't fix that, but just arranges that the viosslfactories.c patch won't
|
||||
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
|
||||
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
|
||||
|
||||
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
|
||||
|
||||
|
||||
diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c
|
||||
--- mysql-5.1.47.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400
|
||||
+++ mysql-5.1.47/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400
|
||||
@@ -100,7 +100,7 @@
|
||||
(long) ctx, cert_file, key_file));
|
||||
if (cert_file)
|
||||
{
|
||||
- if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
|
||||
+ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
|
||||
{
|
||||
*error= SSL_INITERR_CERT;
|
||||
DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
|
||||
diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
|
||||
--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400
|
||||
+++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400
|
||||
@@ -1606,10 +1606,10 @@
|
||||
}
|
||||
|
||||
|
||||
- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
|
||||
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
|
||||
{
|
||||
- // TDOD:
|
||||
- return SSL_SUCCESS;
|
||||
+ // For the moment, treat like use_certificate_file
|
||||
+ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
|
||||
}
|
||||
|
||||
|
14
mysql-missing-string-code.patch
Normal file
14
mysql-missing-string-code.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Crude workaround for bug #587170. There are probably better ways ...
|
||||
|
||||
|
||||
diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am
|
||||
--- mysql-5.1.47.orig/storage/federated/Makefile.am 2010-05-06 11:27:38.000000000 -0400
|
||||
+++ mysql-5.1.47/storage/federated/Makefile.am 2010-06-04 14:57:36.000000000 -0400
|
||||
@@ -38,6 +38,7 @@
|
||||
ha_federated_la_CXXFLAGS= $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
|
||||
ha_federated_la_CFLAGS = $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN
|
||||
ha_federated_la_SOURCES = ha_federated.cc
|
||||
+ha_federated_la_LIBADD = ../../mysys/string.o
|
||||
|
||||
|
||||
EXTRA_LIBRARIES = libfederated.a
|
15
mysql.spec
15
mysql.spec
@ -1,6 +1,6 @@
|
||||
Name: mysql
|
||||
Version: 5.1.47
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: MySQL client programs and shared libraries
|
||||
Group: Applications/Databases
|
||||
URL: http://www.mysql.com
|
||||
@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch
|
||||
Patch10: mysql-strmov.patch
|
||||
Patch12: mysql-cve-2008-7247.patch
|
||||
Patch13: mysql-expired-certs.patch
|
||||
Patch14: mysql-missing-string-code.patch
|
||||
Patch15: mysql-lowercase-bug.patch
|
||||
Patch16: mysql-chain-certs.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
BuildRequires: gperf, perl, readline-devel, openssl-devel
|
||||
@ -179,7 +181,9 @@ the MySQL sources.
|
||||
%patch10 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
|
||||
libtoolize --force
|
||||
aclocal
|
||||
@ -232,6 +236,7 @@ export CFLAGS CXXFLAGS
|
||||
--with-pic \
|
||||
--with-plugin-innobase \
|
||||
--without-plugin-innodb_plugin \
|
||||
--with-plugin-partition \
|
||||
--enable-local-infile \
|
||||
--enable-largefile \
|
||||
--enable-thread-safe-client \
|
||||
@ -569,6 +574,14 @@ fi
|
||||
%{_mandir}/man1/mysql_client_test.1*
|
||||
|
||||
%changelog
|
||||
* Fri Jun 4 2010 Tom Lane <tgl@redhat.com> 5.1.47-2
|
||||
- Add back "partition" storage engine
|
||||
Resolves: #597390
|
||||
- Fix broken "federated" storage engine plugin
|
||||
Related: #587170
|
||||
- Read all certificates in SSL certificate files, to support chained certs
|
||||
Related: #598656
|
||||
|
||||
* Mon May 24 2010 Tom Lane <tgl@redhat.com> 5.1.47-1
|
||||
- Update to MySQL 5.1.47, for various fixes described at
|
||||
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
|
||||
|
Loading…
Reference in New Issue
Block a user