diff --git a/mysql-chain-certs.patch b/mysql-chain-certs.patch new file mode 100644 index 0000000..3b20a28 --- /dev/null +++ b/mysql-chain-certs.patch @@ -0,0 +1,41 @@ +Fix things so that chains of certificates work in the server and client +certificate files. + +This only really works for OpenSSL-based builds, as yassl is unable to read +multiple certificates from a file. The patch below to yassl/src/ssl.cpp +doesn't fix that, but just arranges that the viosslfactories.c patch won't +have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ +Fedora builds, I'm not feeling motivated to try to fix yassl for this. + +See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 + + +diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c +--- mysql-5.1.47.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400 ++++ mysql-5.1.47/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400 +@@ -100,7 +100,7 @@ + (long) ctx, cert_file, key_file)); + if (cert_file) + { +- if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) ++ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) + { + *error= SSL_INITERR_CERT; + DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); +diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp +--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400 ++++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400 +@@ -1606,10 +1606,10 @@ + } + + +- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*) ++ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) + { +- // TDOD: +- return SSL_SUCCESS; ++ // For the moment, treat like use_certificate_file ++ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert); + } + + diff --git a/mysql-missing-string-code.patch b/mysql-missing-string-code.patch new file mode 100644 index 0000000..d251f81 --- /dev/null +++ b/mysql-missing-string-code.patch @@ -0,0 +1,14 @@ +Crude workaround for bug #587170. There are probably better ways ... + + +diff -Naur mysql-5.1.47.orig/storage/federated/Makefile.am mysql-5.1.47/storage/federated/Makefile.am +--- mysql-5.1.47.orig/storage/federated/Makefile.am 2010-05-06 11:27:38.000000000 -0400 ++++ mysql-5.1.47/storage/federated/Makefile.am 2010-06-04 14:57:36.000000000 -0400 +@@ -38,6 +38,7 @@ + ha_federated_la_CXXFLAGS= $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN + ha_federated_la_CFLAGS = $(AM_CFLAGS) -DMYSQL_DYNAMIC_PLUGIN + ha_federated_la_SOURCES = ha_federated.cc ++ha_federated_la_LIBADD = ../../mysys/string.o + + + EXTRA_LIBRARIES = libfederated.a diff --git a/mysql.spec b/mysql.spec index ef02a2b..7f4de09 100644 --- a/mysql.spec +++ b/mysql.spec @@ -1,6 +1,6 @@ Name: mysql Version: 5.1.47 -Release: 1%{?dist} +Release: 2%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases URL: http://www.mysql.com @@ -41,7 +41,9 @@ Patch9: mysql-no-docs.patch Patch10: mysql-strmov.patch Patch12: mysql-cve-2008-7247.patch Patch13: mysql-expired-certs.patch +Patch14: mysql-missing-string-code.patch Patch15: mysql-lowercase-bug.patch +Patch16: mysql-chain-certs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: gperf, perl, readline-devel, openssl-devel @@ -179,7 +181,9 @@ the MySQL sources. %patch10 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %patch15 -p1 +%patch16 -p1 libtoolize --force aclocal @@ -232,6 +236,7 @@ export CFLAGS CXXFLAGS --with-pic \ --with-plugin-innobase \ --without-plugin-innodb_plugin \ + --with-plugin-partition \ --enable-local-infile \ --enable-largefile \ --enable-thread-safe-client \ @@ -569,6 +574,14 @@ fi %{_mandir}/man1/mysql_client_test.1* %changelog +* Fri Jun 4 2010 Tom Lane 5.1.47-2 +- Add back "partition" storage engine +Resolves: #597390 +- Fix broken "federated" storage engine plugin +Related: #587170 +- Read all certificates in SSL certificate files, to support chained certs +Related: #598656 + * Mon May 24 2010 Tom Lane 5.1.47-1 - Update to MySQL 5.1.47, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html