commit mysql-community-server for openSUSE:Factory

Thu, 03 Dec 2015 04:32:33 -0800 

Hello community,

here is the log from the commit of package mysql-community-server for 
openSUSE:Factory checked in at 2015-12-03 13:31:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mysql-community-server (Old)
 and      /work/SRC/openSUSE:Factory/.mysql-community-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mysql-community-server"

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/mysql-community-server/mysql-community-server.changes
    2015-09-02 00:36:23.000000000 +0200
+++ 
/work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-community-server.changes
       2015-12-03 13:31:53.000000000 +0100
@@ -1,0 +2,22 @@
+Mon Nov 30 11:50:34 UTC 2015 - kstreit...@suse.com
+
+- update to 5.6.27
+  * changes:
+    http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
+  * fixed CVEs:
+    CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789,
+    CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800,
+    CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819,
+    CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,
+    CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,
+    CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,
+    CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,
+    CVE-2015-4913
+  * fix [bnc#951391]
+- add mysql-community-server-5.6.26-enforce_ssl.patch to fix MySQL lack
+  of SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*]
+  implies that the ssl connection is required. The mysql client will
+  now print an error if ssl is required, but the server can not handle
+  a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152].
+
+-------------------------------------------------------------------

Old:
----
  mysql-5.6.26.tar.gz

New:
----
  mysql-5.6.27.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mysql-community-server.spec ++++++
--- /var/tmp/diff_new_pack.95lfys/_old  2015-12-03 13:31:56.000000000 +0100
+++ /var/tmp/diff_new_pack.95lfys/_new  2015-12-03 13:31:56.000000000 +0100
@@ -44,7 +44,7 @@
 %define with_cassandra 0
 %endif
 Name:           mysql-community-server
-Version:        5.6.26
+Version:        5.6.27
 Release:        0
 Summary:        Server part of %{pretty_name}
 License:        SUSE-GPL-2.0-with-FLOSS-exception
@@ -127,8 +127,8 @@
 Obsoletes:      %{extra_provides}-debug-version < %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
-# On mariadb we want readline5 and on mysql we use libedit from system
-%if "%{name}" == "mariadb"
+# On mariadb we want readline5 (except for SLE12) and on mysql we use libedit 
from system
+%if ("%{name}" == "mariadb" ) && ! (( 0%{?suse_version} == 1315 ) && ( ! 
0%{?is_opensuse} ))
 BuildRequires:  readline5-devel
 %else
 BuildRequires:  libedit-devel

++++++ configuration-tweaks.tar.bz2 ++++++

++++++ mysql-5.6.26.tar.gz -> mysql-5.6.27.tar.gz ++++++
/work/SRC/openSUSE:Factory/mysql-community-server/mysql-5.6.26.tar.gz 
/work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-5.6.27.tar.gz 
differ: char 5, line 1

++++++ mysql-patches.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch 
new/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch
--- 
old/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch 
    1970-01-01 01:00:00.000000000 +0100
+++ 
new/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch 
    2015-10-05 20:41:09.000000000 +0200
@@ -0,0 +1,66 @@
+PATCH-P1-FIX: fix MySQL lack of SSL enforcement
+BUGS: bnc#924663, bnc#928962, CVE-2015-3152
+
+Maintainer: Kristyna Streitova <kstreit...@suse.com>
+
+From 4ef74979969ac9339d0d42c11a6f26632e6776f1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicen...@mariadb.org>
+Date: Tue, 9 Jun 2015 14:08:44 +0300
+Subject: [PATCH] MDEV-7937: Enforce SSL when --ssl client option is used
+
+Using --ssl-verify-server-cert and --ssl[-*] implies that
+the ssl connection is required. The mysql client will now print an error if ssl
+is required, but the server can not handle a ssl connection.
+---
+ sql-common/client.c | 23 +++++++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+Index: mysql-5.6.26/sql-common/client.c
+===================================================================
+--- mysql-5.6.26.orig/sql-common/client.c
++++ mysql-5.6.26/sql-common/client.c
+@@ -1742,6 +1742,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__
+     mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath) +
+     mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher)
+     ? 1 : 0;
++  mysql->options.use_ssl = TRUE;
+ #endif
+     DBUG_RETURN(result);
+ }
+@@ -2600,12 +2601,6 @@ static int send_client_reply_packet(MCPV
+     mysql->client_flag|= CLIENT_MULTI_RESULTS;
+ 
+ #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
+-  if (mysql->options.ssl_key || mysql->options.ssl_cert ||
+-      mysql->options.ssl_ca || mysql->options.ssl_capath ||
+-      mysql->options.ssl_cipher ||
+-      (mysql->options.extension && mysql->options.extension->ssl_crl) || 
+-      (mysql->options.extension && mysql->options.extension->ssl_crlpath))
+-    mysql->options.use_ssl= 1;
+   if (mysql->options.use_ssl)
+     mysql->client_flag|= CLIENT_SSL;
+ #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/
+@@ -2639,6 +2634,23 @@ static int send_client_reply_packet(MCPV
+     end= buff+5;
+   }
+ #ifdef HAVE_OPENSSL
++
++  /*
++     If client uses ssl and client also has to verify the server
++     certificate, a ssl connection is required.
++     If the server does not support ssl, we abort the connection.
++  */
++  if (mysql->options.use_ssl &&
++      (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
++      !(mysql->server_capabilities & CLIENT_SSL))
++  {
++    set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
++                             ER(CR_SSL_CONNECTION_ERROR),
++                             "SSL is required, but the server does not "
++                             "support it");
++    goto error;
++  }
++
+   if (mysql->client_flag & CLIENT_SSL)
+   {
+     /* Do the SSL layering. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/mysql-patches/tools/gettar.sh 
new/mysql-patches/tools/gettar.sh
--- old/mysql-patches/tools/gettar.sh   2015-06-16 13:03:35.000000000 +0200
+++ new/mysql-patches/tools/gettar.sh   2015-10-13 17:20:20.000000000 +0200
@@ -53,7 +53,7 @@
 
 TO_PACK="./tools ./README ./MAINTAINERS"
 
-echo "Will create tarball from following patches:"
+echo "Will create tarball from the following patches:"
 while read patch; do
    patch="`echo "$patch" | sed -e 's|^[[:blank:]]*||' -e 
's|[[:blank:]]*#.*||'`"
    [ -z "$patch" ] && continue
@@ -63,7 +63,7 @@
       exit 1
    fi
    TO_PACK="$TO_PACK ./$NAME/$patch"
-   echo " * $patch"
+   echo "    $patch"
 done << EOF
 `echo "$series" | while read serie; do
    cat "$serie"

++++++ series ++++++
--- /var/tmp/diff_new_pack.95lfys/_old  2015-12-03 13:31:56.000000000 +0100
+++ /var/tmp/diff_new_pack.95lfys/_new  2015-12-03 13:31:56.000000000 +0100
@@ -11,3 +11,4 @@
 mysql-community-server-5.6.12-srv_buf_size.patch
 mysql-community-server-5.6.12-logrotate-su.patch
 mysql-community-server-5.6.24-static_library.patch
+mysql-community-server-5.6.26-enforce_ssl.patch

Reply via email to