diff --git a/.gitignore b/.gitignore index 9d44e79..2042478 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mysql-5.6.32.tar.gz +SOURCES/mysql-5.6.34.tar.gz diff --git a/.rh-mysql56-mysql.metadata b/.rh-mysql56-mysql.metadata index bee4805..4cef1e5 100644 --- a/.rh-mysql56-mysql.metadata +++ b/.rh-mysql56-mysql.metadata @@ -1 +1 @@ -8a36b375389fedc691eba2ef6905a95c94f30d4c SOURCES/mysql-5.6.32.tar.gz +b352b44385668f0d327d3f275f33f660d85497b3 SOURCES/mysql-5.6.34.tar.gz diff --git a/SOURCES/mysql-cipherspec.patch b/SOURCES/mysql-cipherspec.patch index b0c5b09..a350a21 100644 --- a/SOURCES/mysql-cipherspec.patch +++ b/SOURCES/mysql-cipherspec.patch @@ -152,3 +152,48 @@ index 2cb4c0d..feaa0e7 100644 # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; +--- mysql-5.6.33/mysql-test/t/ssl_ca.test~ 2016-08-26 13:22:35.000000000 +0200 ++++ mysql-5.6.33/mysql-test/t/ssl_ca.test 2016-09-19 11:57:00.921940616 +0200 +@@ -7,10 +7,10 @@ + + --echo # try to connect with wrong '--ssl-ca' path : should fail + --error 1 +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 + + --echo # try to connect with correct '--ssl-ca' path : should connect +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" + + --echo # + --echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY +@@ -21,12 +21,12 @@ + + --echo # try to connect with '--ssl-ca' option using tilde home directoy + --echo # path substitution : should connect +---exec $MYSQL --ssl-ca=$mysql_test_dir_path/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$mysql_test_dir_path/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" + + --echo # try to connect with '--ssl-key' option using tilde home directoy + --echo # path substitution : should connect +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$mysql_test_dir_path/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$mysql_test_dir_path/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" + + --echo # try to connect with '--ssl-cert' option using tilde home directoy + --echo # path substitution : should connect +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$mysql_test_dir_path/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$mysql_test_dir_path/std_data/crl-client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" +--- mysql-5.6.33/mysql-test/t/ssl_crl.test~ 2016-08-26 13:22:35.000000000 +0200 ++++ mysql-5.6.33/mysql-test/t/ssl_crl.test 2016-09-19 11:53:23.177566131 +0200 +@@ -32,9 +32,9 @@ + --echo # try to connect with '--ssl-crl' option using tilde home directoy + --echo # path substitution : should connect + --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$mysql_test_dir_path/std_data/crl-client-revoked.crl -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$mysql_test_dir_path/std_data/crl-client-revoked.crl --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'Ssl_cipher'" + + --echo # try to connect with '--ssl-crlpath' option using tilde home directoy + --echo # path substitution : should connect + --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$mysql_test_dir_path/std_data/crldir test -e "SHOW STATUS LIKE 'Ssl_cipher'" ++--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$mysql_test_dir_path/std_data/crldir --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW STATUS LIKE 'Ssl_cipher'" diff --git a/SOURCES/mysql-log-fifo.patch b/SOURCES/mysql-log-fifo.patch index 30f28b2..656751b 100644 --- a/SOURCES/mysql-log-fifo.patch +++ b/SOURCES/mysql-log-fifo.patch @@ -13,9 +13,9 @@ Date: Fri Apr 24 21:41:00 2015 +0200 RHBZ: #1219496 -diff -up mysql-5.6.24/mysql-test/r/log_errchk.result.logfifo mysql-5.6.24/mysql-test/r/log_errchk.result ---- mysql-5.6.24/mysql-test/r/log_errchk.result.logfifo 2015-03-25 17:34:52.000000000 +0100 -+++ mysql-5.6.24/mysql-test/r/log_errchk.result 2015-05-07 16:06:04.280715628 +0200 +diff -rup mysql-5.6.33.orig/mysql-test/r/log_errchk.result mysql-5.6.33/mysql-test/r/log_errchk.result +--- mysql-5.6.33.orig/mysql-test/r/log_errchk.result 2016-08-26 13:22:35.000000000 +0200 ++++ mysql-5.6.33/mysql-test/r/log_errchk.result 2016-10-06 16:13:15.102478779 +0200 @@ -1,5 +1,4 @@ -call mtr.add_suppression("Could not open"); -# Case 1: Setting fife file to general_log_file and slow_query_log_file @@ -30,9 +30,9 @@ diff -up mysql-5.6.24/mysql-test/r/log_errchk.result.logfifo mysql-5.6.24/mysql- +call mtr.add_suppression("Could not open .* for logging \\(error 6\\)"); +call mtr.add_suppression("File '.*' not found \\(Errcode: 6\\)"); Setting fifo file as general log file and slow query log failed. -diff -up mysql-5.6.24/mysql-test/t/log_errchk.test.logfifo mysql-5.6.24/mysql-test/t/log_errchk.test ---- mysql-5.6.24/mysql-test/t/log_errchk.test.logfifo 2015-03-25 17:34:52.000000000 +0100 -+++ mysql-5.6.24/mysql-test/t/log_errchk.test 2015-05-07 16:05:16.904547519 +0200 +diff -rup mysql-5.6.33.orig/mysql-test/t/log_errchk.test mysql-5.6.33/mysql-test/t/log_errchk.test +--- mysql-5.6.33.orig/mysql-test/t/log_errchk.test 2016-08-26 13:22:35.000000000 +0200 ++++ mysql-5.6.33/mysql-test/t/log_errchk.test 2016-10-06 16:16:23.130667809 +0200 @@ -7,8 +7,8 @@ # Bug#14757009 : WHEN THE GENERAL_LOG IS A SOCKET AND THE READER GOES AWAY, # MYSQL QUITS WORKING. @@ -73,10 +73,10 @@ diff -up mysql-5.6.24/mysql-test/t/log_errchk.test.logfifo mysql-5.6.24/mysql-te open(FILE, "$file") or die("Unable to open $file: $!\n"); my $count = 0; while () { -diff -up mysql-5.6.24/sql/log.cc.logfifo mysql-5.6.24/sql/log.cc ---- mysql-5.6.24/sql/log.cc.logfifo 2015-03-25 17:34:53.000000000 +0100 -+++ mysql-5.6.24/sql/log.cc 2015-05-07 16:03:06.967086459 +0200 -@@ -1526,6 +1526,7 @@ bool MYSQL_LOG::open( +diff -rup mysql-5.6.33.orig/sql/log.cc mysql-5.6.33/sql/log.cc +--- mysql-5.6.33.orig/sql/log.cc 2016-08-26 13:22:35.000000000 +0200 ++++ mysql-5.6.33/sql/log.cc 2016-10-06 16:44:57.683152679 +0200 +@@ -1598,6 +1598,7 @@ bool MYSQL_LOG::open( MY_STAT f_stat; File file= -1; my_off_t pos= 0; @@ -84,7 +84,7 @@ diff -up mysql-5.6.24/sql/log.cc.logfifo mysql-5.6.24/sql/log.cc int open_flags= O_CREAT | O_BINARY; DBUG_ENTER("MYSQL_LOG::open"); DBUG_PRINT("enter", ("log_type: %d", (int) log_type_arg)); -@@ -1543,15 +1544,17 @@ bool MYSQL_LOG::open( +@@ -1615,15 +1616,17 @@ bool MYSQL_LOG::open( DBUG_EVALUATE_IF("fault_injection_init_name", log_type == LOG_BIN, 0)) goto err; @@ -105,9 +105,9 @@ diff -up mysql-5.6.24/sql/log.cc.logfifo mysql-5.6.24/sql/log.cc db[0]= 0; #ifdef HAVE_PSI_INTERFACE -@@ -1564,7 +1567,9 @@ bool MYSQL_LOG::open( - MYF(MY_WME | ME_WAITTANG))) < 0) +@@ -1648,7 +1651,9 @@ bool MYSQL_LOG::open( goto err; + #endif // _WIN32 - if ((pos= mysql_file_tell(file, MYF(MY_WME))) == MY_FILEPOS_ERROR) + if (is_fifo) @@ -116,7 +116,7 @@ diff -up mysql-5.6.24/sql/log.cc.logfifo mysql-5.6.24/sql/log.cc { if (my_errno == ESPIPE) pos= 0; -@@ -1681,7 +1686,7 @@ void MYSQL_LOG::close(uint exiting) +@@ -1756,7 +1761,7 @@ void MYSQL_LOG::close(uint exiting) { end_io_cache(&log_file); diff --git a/SOURCES/mysql-prepare-db-dir.sh b/SOURCES/mysql-prepare-db-dir.sh index 563f644..1c84f18 100644 --- a/SOURCES/mysql-prepare-db-dir.sh +++ b/SOURCES/mysql-prepare-db-dir.sh @@ -36,7 +36,12 @@ else fi # Set up the errlogfile with appropriate permissions -touch "$errlogfile" +if [ ! -e "$errlogfile" -a ! -L "$errlogfile" ]; then + touch "$errlogfile" + chown "$myuser:$mygroup" "$errlogfile" + chmod 0640 "$errlogfile" +fi +su - $myuser -s /bin/bash -c "touch '$errlogfile'" ret=$? # Provide some advice if the log file cannot be touched if [ $ret -ne 0 ] ; then @@ -51,39 +56,29 @@ if [ $ret -ne 0 ] ; then echo "The daemon will be run under $myuser:$mygroup" exit 1 fi -chown "$myuser:$mygroup" "$errlogfile" -chmod 0640 "$errlogfile" [ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile" -# Make the data directory -if [ ! -d "$datadir/mysql" ] ; then - # First, make sure $datadir is there with correct permissions - # (note: if it's not, and we're not root, this'll fail ...) - if [ ! -e "$datadir" -a ! -h "$datadir" ] - then - mkdir -p "$datadir" || exit 1 - fi +# Make sure $datadir is there with correct permissions +if [ ! -e "$datadir" -a ! -L "$datadir" ]; then + mkdir -p "$datadir" || exit 1 chown "$myuser:$mygroup" "$datadir" chmod 0755 "$datadir" - [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" +fi +[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" +if [ ! -d "$datadir/mysql" ] ; then # Now create the database echo "Initializing @NICE_PROJECT_NAME@ database" - @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" + su - $myuser -s /bin/bash -c "@bindir@/mysql_install_db --rpm --datadir='$datadir' --user='$myuser'" ret=$? if [ $ret -ne 0 ] ; then echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2 echo "Perhaps @sysconfdir@/my.cnf is misconfigured." >&2 - # Clean up any partially-created database files - if [ ! -e "$datadir/mysql/user.frm" ] ; then - rm -rf "$datadir"/* - fi + echo "Note, that you may need to clean up any partially-created database files in $datadir" >&2 exit $ret fi # upgrade does not need to be run on a fresh datadir - echo "@VERSION@" >"$datadir/mysql_upgrade_info" - # In case we're running as root, make sure files are owned properly - chown -R "$myuser:$mygroup" "$datadir" + su - $myuser -s /bin/bash -c "echo '@VERSION@' > '$datadir/mysql_upgrade_info'" fi exit 0 diff --git a/SPECS/mysql.spec b/SPECS/mysql.spec index 2bad14a..7ed2fba 100644 --- a/SPECS/mysql.spec +++ b/SPECS/mysql.spec @@ -10,6 +10,9 @@ # --nocheck is not possible (e.g. in koji build) %{!?runselftest:%global runselftest 1} +# Set this to 1 to see which tests fail +%global check_testsuite 0 + # set to 1 to enable %global with_shared_lib_major_hack 0 @@ -107,8 +110,8 @@ %endif Name: %{?scl_prefix}mysql -Version: 5.6.32 -Release: 1%{?with_debug:.debug}%{?dist} +Version: 5.6.34 +Release: 2%{?with_debug:.debug}%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases URL: http://www.mysql.com @@ -182,6 +185,7 @@ BuildRequires: perl(File::Temp) BuildRequires: perl(Data::Dumper) BuildRequires: perl(Getopt::Long) BuildRequires: perl(IPC::Open3) +BuildRequires: perl(JSON) BuildRequires: perl(Socket) BuildRequires: perl(Sys::Hostname) BuildRequires: perl(Test::More) @@ -413,6 +417,7 @@ Requires: perl(File::Temp) Requires: perl(Data::Dumper) Requires: perl(Getopt::Long) Requires: perl(IPC::Open3) +Requires: perl(JSON) Requires: perl(Socket) Requires: perl(Sys::Hostname) Requires: perl(Test::More) @@ -541,6 +546,7 @@ cmake .. \ -DINSTALL_MANDIR=share/man \ -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ -DINSTALL_MYSQLTESTDIR=share/mysql-test \ + -DINSTALL_SECURE_FILE_PRIVDIR="%{_localstatedir}/lib/mysql-files" \ -DINSTALL_PLUGINDIR="%{_lib}/mysql/plugin" \ -DINSTALL_SBINDIR=libexec \ -DINSTALL_SCRIPTDIR=bin \ @@ -551,6 +557,7 @@ cmake .. \ -DENABLED_LOCAL_INFILE=ON \ -DENABLE_DTRACE=ON \ -DWITH_INNODB_MEMCACHED=ON \ + -DWITH_SYMVER16=ON \ -DWITH_EMBEDDED_SERVER=ON \ -DWITH_EMBEDDED_SHARED_LIBRARY=ON \ -DWITH_EDITLINE=bundled \ @@ -597,6 +604,7 @@ touch %{buildroot}%{logfile} mkdir -p %{buildroot}%{pidfiledir} install -p -m 0755 -d %{buildroot}%{dbdatadir} +install -p -m 0750 -d %{buildroot}%{_localstatedir}/lib/mysql-files # create directory for socket %{?scl:install -p -m 0755 -d %{buildroot}/var/lib/mysql} @@ -757,10 +765,14 @@ cp ../../mysql-test/%{skiplist} . export MTR_BUILD_THREAD=%{__isa_bits} ./mtr \ --mem --parallel=auto --force --retry=0 \ - --skip-test-list=%{skiplist} \ - --mysqld=--binlog-format=mixed \ + --mysqld=--binlog-format=mixed --skip-rpl \ --suite-timeout=720 --testcase-timeout=30 \ - --clean-vardir + --clean-vardir \ +%if %{check_testsuite} + --max-test-fail=0 || : +%else + --skip-test-list=%{skiplist} +%endif rm -rf var/* $(readlink var) popd popd @@ -874,7 +886,6 @@ fi %files libs %{_libdir}/mysql/libmysqlclient*.so.* %{!?scl:%config(noreplace) %{_sysconfdir}/ld.so.conf.d/*} - %endif %if %{with config} @@ -949,6 +960,7 @@ fi %{_bindir}/resolveip %config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf + %{_libexecdir}/mysqld %if %{with init_systemd} && 0%{?scl:1} %{_libexecdir}/mysqld_safe-scl-helper @@ -1011,6 +1023,7 @@ fi %{?scl:%attr(0755,mysql,mysql) %dir /var/lib/mysql} %attr(0755,mysql,mysql) %dir %{pidfiledir} %attr(0755,mysql,mysql) %dir %{_localstatedir}/lib/mysql +%attr(0750,mysql,mysql) %dir %{_localstatedir}/lib/mysql-files %attr(0750,mysql,mysql) %dir %{logfiledir} %attr(0640,mysql,mysql) %config %ghost %verify(not md5 size mtime) %{logfile} %config(noreplace) %{logrotateddir}/%{daemon_name} @@ -1056,6 +1069,20 @@ fi %endif %changelog +* Thu Nov 03 2016 Honza Horak - 5.6.34-2 +- Use correct dir for mysql-files + Related: #1384962 + +* Tue Oct 25 2016 Honza Horak - 5.6.34-1 +- Update to MySQL 5.6.34, which contains various security fixes + (https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html) + Related: #1384962 + +* Thu Oct 6 2016 Jakub Dorňák - 5.6.33-1 +- Update to MySQL 5.6.33, which contains various security fixes + (https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html) + Resolves: #1384962 + * Wed Jul 20 2016 Jakub Dorňák - 5.6.32-1 - Update to MySQL 5.6.32, which contains various security fixes (http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html)