From 58e2ca68bb86e6d1e086ab978f4b8d434ffef184 Mon Sep 17 00:00:00 2001 From: Balasubramanian Kandasamy Date: Mon, 29 May 2017 14:52:50 +0530 Subject: [PATCH 01/13] Raise version number after cloning 5.5.57 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 68358acf754..2905c37cc09 100644 --- a/VERSION +++ b/VERSION @@ -1,4 +1,4 @@ MYSQL_VERSION_MAJOR=5 MYSQL_VERSION_MINOR=5 -MYSQL_VERSION_PATCH=57 +MYSQL_VERSION_PATCH=58 MYSQL_VERSION_EXTRA= From def68691ce5a97f6a717fc6d33a4f1d26c063ac6 Mon Sep 17 00:00:00 2001 From: Piotr Obrzut Date: Thu, 1 Jun 2017 15:25:04 +0200 Subject: [PATCH 02/13] Bug#26181622 MSI BUILD FAIL DUE TO DUPLICATED FILE ID Fixed generated mysql_server.wxs not to contain duplicates, or too long ids --- packaging/WiX/create_msi.cmake.in | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/packaging/WiX/create_msi.cmake.in b/packaging/WiX/create_msi.cmake.in index 95cbbb3d437..b306c0c70d3 100644 --- a/packaging/WiX/create_msi.cmake.in +++ b/packaging/WiX/create_msi.cmake.in @@ -218,22 +218,37 @@ MACRO(GENERATE_GUID VarName) OUTPUT_STRIP_TRAILING_WHITESPACE) ENDMACRO() -SET(INC_VAR 0) +# Make sure that WIX identifier created from a path matches all the rules: +# - it is shorter than 72 characters +# - doesn't contain reserver characters ('+', '-' and '/') +# ID_SET contains a global list of all identifiers which are too long. +# Every time we use an identifier which is too long we use its index in +# ID_SET to shorten the name. +SET_PROPERTY(GLOBAL PROPERTY ID_SET) MACRO(MAKE_WIX_IDENTIFIER str varname) STRING(REPLACE "/" "." ${varname} "${str}") + STRING(REPLACE "+" "p" ${varname} "${str}") + STRING(REPLACE "-" "m" ${varname} "${str}") STRING(REGEX REPLACE "[^a-zA-Z_0-9.]" "_" ${varname} "${${varname}}") STRING(LENGTH "${${varname}}" len) + # FIXME: the prefix length has to be controlled better # Identifier should be smaller than 72 character - # We have to cut down the length to 70 chars, since we add 2 char prefix + # We have to cut down the length to 40 chars, since we add prefixes # pretty often - IF(len GREATER 70) - STRING(SUBSTRING "${${varname}}" 0 67 shortstr) - MATH(EXPR INC_VAR ${INC_VAR}+1) - SET(${varname} "${shortstr}${INC_VAR}") + IF(len GREATER 40) + STRING(SUBSTRING "${${varname}}" 0 37 shortstr) + GET_PROPERTY(LOCAL_LIST GLOBAL PROPERTY ID_SET) + LIST(FIND LOCAL_LIST "${${varname}}" STRING_ID) + IF(${STRING_ID} EQUAL -1) + LIST(APPEND LOCAL_LIST "${${varname}}") + SET_PROPERTY(GLOBAL PROPERTY ID_SET "${LOCAL_LIST}") + LIST(LENGTH LOCAL_LIST STRING_ID) + MATH(EXPR STRING_ID "${STRING_ID}-1" ) + ENDIF() + SET(${varname} "${shortstr}${STRING_ID}") ENDIF() ENDMACRO() - FUNCTION(TRAVERSE_FILES dir topdir file file_comp dir_root) FILE(RELATIVE_PATH dir_rel ${topdir} ${dir}) IF(dir_rel) From 1bb43334fc8e349624c2dd168dffb789e1550633 Mon Sep 17 00:00:00 2001 From: Piotr Obrzut Date: Fri, 2 Jun 2017 19:17:30 +0200 Subject: [PATCH 03/13] Bug#26171638 MYSQL 5.5.57 - MSI COMMUNITY PACKAGES NOT GETTING INSTALLED Temporary revert of the VS2008 redist check. --- packaging/WiX/create_msi.cmake.in | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/packaging/WiX/create_msi.cmake.in b/packaging/WiX/create_msi.cmake.in index b306c0c70d3..ae6a5773dce 100644 --- a/packaging/WiX/create_msi.cmake.in +++ b/packaging/WiX/create_msi.cmake.in @@ -218,37 +218,6 @@ MACRO(GENERATE_GUID VarName) OUTPUT_STRIP_TRAILING_WHITESPACE) ENDMACRO() -# Make sure that WIX identifier created from a path matches all the rules: -# - it is shorter than 72 characters -# - doesn't contain reserver characters ('+', '-' and '/') -# ID_SET contains a global list of all identifiers which are too long. -# Every time we use an identifier which is too long we use its index in -# ID_SET to shorten the name. -SET_PROPERTY(GLOBAL PROPERTY ID_SET) -MACRO(MAKE_WIX_IDENTIFIER str varname) - STRING(REPLACE "/" "." ${varname} "${str}") - STRING(REPLACE "+" "p" ${varname} "${str}") - STRING(REPLACE "-" "m" ${varname} "${str}") - STRING(REGEX REPLACE "[^a-zA-Z_0-9.]" "_" ${varname} "${${varname}}") - STRING(LENGTH "${${varname}}" len) - # FIXME: the prefix length has to be controlled better - # Identifier should be smaller than 72 character - # We have to cut down the length to 40 chars, since we add prefixes - # pretty often - IF(len GREATER 40) - STRING(SUBSTRING "${${varname}}" 0 37 shortstr) - GET_PROPERTY(LOCAL_LIST GLOBAL PROPERTY ID_SET) - LIST(FIND LOCAL_LIST "${${varname}}" STRING_ID) - IF(${STRING_ID} EQUAL -1) - LIST(APPEND LOCAL_LIST "${${varname}}") - SET_PROPERTY(GLOBAL PROPERTY ID_SET "${LOCAL_LIST}") - LIST(LENGTH LOCAL_LIST STRING_ID) - MATH(EXPR STRING_ID "${STRING_ID}-1" ) - ENDIF() - SET(${varname} "${shortstr}${STRING_ID}") - ENDIF() -ENDMACRO() - FUNCTION(TRAVERSE_FILES dir topdir file file_comp dir_root) FILE(RELATIVE_PATH dir_rel ${topdir} ${dir}) IF(dir_rel) From b5258c7134398b7b0c7b915c2c6c22e8decba453 Mon Sep 17 00:00:00 2001 From: Piotr Obrzut Date: Mon, 5 Jun 2017 08:09:07 +0200 Subject: [PATCH 04/13] Bug#26171638 MYSQL 5.5.57 - MSI COMMUNITY PACKAGES NOT GETTING INSTALLED Corrected the revert. --- packaging/WiX/create_msi.cmake.in | 31 +++++++++++++++++++++++++++++++ packaging/WiX/mysql_server.wxs.in | 26 -------------------------- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/packaging/WiX/create_msi.cmake.in b/packaging/WiX/create_msi.cmake.in index ae6a5773dce..b306c0c70d3 100644 --- a/packaging/WiX/create_msi.cmake.in +++ b/packaging/WiX/create_msi.cmake.in @@ -218,6 +218,37 @@ MACRO(GENERATE_GUID VarName) OUTPUT_STRIP_TRAILING_WHITESPACE) ENDMACRO() +# Make sure that WIX identifier created from a path matches all the rules: +# - it is shorter than 72 characters +# - doesn't contain reserver characters ('+', '-' and '/') +# ID_SET contains a global list of all identifiers which are too long. +# Every time we use an identifier which is too long we use its index in +# ID_SET to shorten the name. +SET_PROPERTY(GLOBAL PROPERTY ID_SET) +MACRO(MAKE_WIX_IDENTIFIER str varname) + STRING(REPLACE "/" "." ${varname} "${str}") + STRING(REPLACE "+" "p" ${varname} "${str}") + STRING(REPLACE "-" "m" ${varname} "${str}") + STRING(REGEX REPLACE "[^a-zA-Z_0-9.]" "_" ${varname} "${${varname}}") + STRING(LENGTH "${${varname}}" len) + # FIXME: the prefix length has to be controlled better + # Identifier should be smaller than 72 character + # We have to cut down the length to 40 chars, since we add prefixes + # pretty often + IF(len GREATER 40) + STRING(SUBSTRING "${${varname}}" 0 37 shortstr) + GET_PROPERTY(LOCAL_LIST GLOBAL PROPERTY ID_SET) + LIST(FIND LOCAL_LIST "${${varname}}" STRING_ID) + IF(${STRING_ID} EQUAL -1) + LIST(APPEND LOCAL_LIST "${${varname}}") + SET_PROPERTY(GLOBAL PROPERTY ID_SET "${LOCAL_LIST}") + LIST(LENGTH LOCAL_LIST STRING_ID) + MATH(EXPR STRING_ID "${STRING_ID}-1" ) + ENDIF() + SET(${varname} "${shortstr}${STRING_ID}") + ENDIF() +ENDMACRO() + FUNCTION(TRAVERSE_FILES dir topdir file file_comp dir_root) FILE(RELATIVE_PATH dir_rel ${topdir} ${dir}) IF(dir_rel) diff --git a/packaging/WiX/mysql_server.wxs.in b/packaging/WiX/mysql_server.wxs.in index 2092d0ebe3d..3eb81ec532c 100644 --- a/packaging/WiX/mysql_server.wxs.in +++ b/packaging/WiX/mysql_server.wxs.in @@ -61,32 +61,6 @@ - - - - - - - - Installed OR VS08REDISTX64 - - - - - - - Installed OR VS08REDISTX86 - - - From 790770c26438520d3dd139009ce51e3873d5fd9b Mon Sep 17 00:00:00 2001 From: Balasubramanian Kandasamy Date: Fri, 7 Jul 2017 17:43:40 +0530 Subject: [PATCH 05/13] Bug#26400146 - 5.5 AND 5.6 DOCKER PACKAGES MISSING MYSQLCHECK UPGRADE NOT POSSIBLE - Add mysqlcheck tool to docker rpms for upgrade --- packaging/rpm-docker/mysql.spec.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packaging/rpm-docker/mysql.spec.in b/packaging/rpm-docker/mysql.spec.in index 497ae395577..cc4e7bc541e 100644 --- a/packaging/rpm-docker/mysql.spec.in +++ b/packaging/rpm-docker/mysql.spec.in @@ -178,7 +178,7 @@ for f in msql2mysql mysqlaccess mysqlaccess.conf mysqlbug mysql_convert_table_fo done for f in innochecksum myisamchk myisam_ftdump myisamlog myisampack \ - mysqlbinlog mysqlcheck mysql_client_test mysql_config_editor \ + mysqlbinlog mysql_client_test mysql_config_editor \ mysqld_multi mysqld_safe mysqldumpslow mysql_embedded mysqlimport \ mysql_plugin mysql_secure_installation mysqlshow mysqlslap mysqltest \ perror replace resolveip resolve_stack_dump; do @@ -232,6 +232,7 @@ rm -r $(readlink var) var %attr(755, root, root) %{_sbindir}/mysqld %attr(755, root, root) %{_bindir}/mysql %attr(755, root, root) %{_bindir}/mysqladmin +%attr(755, root, root) %{_bindir}/mysqlcheck %attr(755, root, root) %{_bindir}/mysqldump %attr(755, root, root) %{_bindir}/mysql_config %attr(755, root, root) %{_bindir}/mysql_install_db From 6a6d5bc98abdd25b32590fea7ef6572ecc355d7e Mon Sep 17 00:00:00 2001 From: Deepa Dixit Date: Tue, 25 Jul 2017 11:49:51 +0530 Subject: [PATCH 06/13] Bug#26161247: MTR: --NOREORDER IS SEARCHING FOR TEST SCRIPT ONLY IN MAIN SUITE Issue: ------ Running MTR with the --no-reorder option by specifying test cases on the command line, without prefixing the suite name results in an error saying the test case was not found in the main suite. This is because MTR looks for the test case only in the main suite, and no other suites. Fix: ---- The fix involves searching for the test in every suite if only the test name is specified. This back-ports two bug fixes: Bug#24967869 and Bug#24365783 Reviewed-by: Pavan Naik RB: 16812 --- mysql-test/lib/mtr_cases.pm | 66 ++++++++++++++++++++++++++++++------- 1 file changed, 54 insertions(+), 12 deletions(-) diff --git a/mysql-test/lib/mtr_cases.pm b/mysql-test/lib/mtr_cases.pm index e8d24eb399f..ce7d4e690c6 100644 --- a/mysql-test/lib/mtr_cases.pm +++ b/mysql-test/lib/mtr_cases.pm @@ -1,5 +1,5 @@ # -*- cperl -*- -# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -143,7 +143,13 @@ sub collect_test_cases ($$$$) { if ( @$opt_cases ) { - # A list of tests was specified on the command line + # A list of tests was specified on the command line. + # Among those, the tests which are not already collected will be + # collected and stored temporarily in an array of hashes pointed + # by the below reference. This array is eventually appeneded to + # the one having all collected test cases. + my $cmdline_cases; + # Check that the tests specified was found # in at least one suite foreach my $test_name_spec ( @$opt_cases ) @@ -162,20 +168,56 @@ sub collect_test_cases ($$$$) { } if ( not $found ) { - $sname= "main" if !$opt_reorder and !$sname; - mtr_error("Could not find '$tname' in '$suites' suite(s)") unless $sname; - # If suite was part of name, find it there, may come with combinations - my @this_case = collect_one_suite($sname, [ $tname ]); - if (@this_case) + if ( $sname ) { - push (@$cases, @this_case); - } - else - { - mtr_error("Could not find '$tname' in '$sname' suite"); + # If suite was part of name, find it there, may come with combinations + my @this_case = collect_one_suite($sname, [ $tname ]); + + # If a test is specified multiple times on the command line, all + # instances of the test need to be picked. Hence, such tests are + # stored in the temporary array instead of adding them to $cases + # directly so that repeated tests are not run only once + if (@this_case) + { + push (@$cmdline_cases, @this_case); + } + else + { + mtr_error("Could not find '$tname' in '$sname' suite"); + } + } + else + { + if ( !$opt_reorder ) + { + # If --no-reorder is passed and if suite was not part of name, + # search in all the suites + foreach my $suite (split(",", $suites)) + { + my @this_case = collect_one_suite($suite, [ $tname ]); + if ( @this_case ) + { + push (@$cmdline_cases, @this_case); + $found= 1; + } + @this_case= collect_one_suite("i_".$suite, [ $tname ]); + if ( @this_case ) + { + push (@$cmdline_cases, @this_case); + $found= 1; + } + } + } + if ( !$found ) + { + mtr_error("Could not find '$tname' in '$suites' suite(s)"); + } } } } + # Add test cases collected in the temporary array to the one + # containing all previously collected test cases + push (@$cases, @$cmdline_cases) if $cmdline_cases; } if ( $opt_reorder && !$quick_collect) From d75f8a174218fd0ada64222d2a538f7aace897bc Mon Sep 17 00:00:00 2001 From: Venkatesh Duggirala Date: Wed, 23 Aug 2017 09:16:12 +0530 Subject: [PATCH 07/13] Bug#24763131 LOCAL-INFILE DEFAULT SHOULD BE DISABLED Problem & Analysis: Slave's Receiver thread, Applier thread and worker threads are created with LOCAL-INFILE option enabled. As the document says https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html, there are some issues if a thread enables local infile. This flag should be enabled with care. But for the above mentioned internal threads, server is enabling it at the time of creation. Fix: Further analysis on the code shows that none of threads really need this flag to be enabled at any time as Slave never executes "LOAD DATA LOCAL INFILE" after reading it from Relay log. Applier thread removes "LOCAL" before start executing the query. --- sql/slave.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/sql/slave.cc b/sql/slave.cc index 1e641ac6d7e..e533bc09b3d 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -2109,7 +2109,6 @@ static int init_slave_thread(THD* thd, SLAVE_THD_TYPE thd_type) thd->slave_thread = 1; thd->enable_slow_log= opt_log_slow_slave_statements; set_slave_thread_options(thd); - thd->client_capabilities = CLIENT_LOCAL_FILES; mysql_mutex_lock(&LOCK_thread_count); thd->thread_id= thd->variables.pseudo_thread_id= thread_id++; mysql_mutex_unlock(&LOCK_thread_count); From ebd96c314953f5c0073ff5846484fd5e438fe0ad Mon Sep 17 00:00:00 2001 From: Tor Didriksen Date: Tue, 15 Aug 2017 13:15:19 +0200 Subject: [PATCH 08/13] Bug#19875294 ASSERTION `SRC' FAILED IN MY_STRNXFRM_UNICODE (SIG 6 -STRINGS/CTYPE-UTF8.C:5151) Backport from 5.7 to 5.5 Field_set::val_str() should return String("", 0, cs) rather than String(NULL, 0, cs) --- mysql-test/r/case.result | 16 ++++++++++++++++ mysql-test/t/case.test | 12 ++++++++++++ sql/field.cc | 12 ++++++------ 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/mysql-test/r/case.result b/mysql-test/r/case.result index 40d900a0389..be712114a29 100644 --- a/mysql-test/r/case.result +++ b/mysql-test/r/case.result @@ -220,3 +220,19 @@ a d 3 11120436154190595086 drop table t1, t2; End of 5.0 tests +# +# Bug#19875294 ASSERTION `SRC' FAILED IN MY_STRNXFRM_UNICODE +# (SIG 6 -STRINGS/CTYPE-UTF8.C:5151) +# +set @@sql_mode=''; +CREATE TABLE t1(c1 SET('','')CHARACTER SET ucs2) engine=innodb; +Warnings: +Note 1291 Column 'c1' has duplicated value '' in SET +INSERT INTO t1 VALUES(990101.102); +Warnings: +Warning 1265 Data truncated for column 'c1' at row 1 +SELECT COALESCE(c1)FROM t1 ORDER BY 1; +COALESCE(c1) + +DROP TABLE t1; +set @@sql_mode=default; diff --git a/mysql-test/t/case.test b/mysql-test/t/case.test index e1c807fe32b..c2d8f44e953 100644 --- a/mysql-test/t/case.test +++ b/mysql-test/t/case.test @@ -173,3 +173,15 @@ select t1.a, (case t1.a when 0 then 0 else t1.b end) d from t1 drop table t1, t2; --echo End of 5.0 tests + +--echo # +--echo # Bug#19875294 ASSERTION `SRC' FAILED IN MY_STRNXFRM_UNICODE +--echo # (SIG 6 -STRINGS/CTYPE-UTF8.C:5151) +--echo # + +set @@sql_mode=''; +CREATE TABLE t1(c1 SET('','')CHARACTER SET ucs2) engine=innodb; +INSERT INTO t1 VALUES(990101.102); +SELECT COALESCE(c1)FROM t1 ORDER BY 1; +DROP TABLE t1; +set @@sql_mode=default; diff --git a/sql/field.cc b/sql/field.cc index 15571afefb8..e98c17fabae 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -8257,13 +8257,13 @@ String *Field_set::val_str(String *val_buffer, ulonglong tmp=(ulonglong) Field_enum::val_int(); uint bitnr=0; + /* + Some callers expect *val_buffer to contain the result, + so we assign to it, rather than doing 'return &empty_set_string. + */ + *val_buffer= empty_set_string; if (tmp == 0) { - /* - Some callers expect *val_buffer to contain the result, - so we assign to it, rather than doing 'return &empty_set_string. - */ - *val_buffer= empty_set_string; return val_buffer; } From be901b60ae59c93848c829d1b0b2cb523ab8692e Mon Sep 17 00:00:00 2001 From: Nisha Gopalakrishnan Date: Wed, 16 Aug 2017 13:58:25 +0530 Subject: [PATCH 09/13] Bug#26390632: CREATE TABLE CAN CAUSE MYSQL TO EXIT. Analysis ======== CREATE TABLE of InnoDB table with a partition name which exceeds the path limit can cause the server to exit. During the preparation of the partition name, there was no check to identify whether the complete path name for partition exceeds the max supported path length, causing the server to exit during subsequent processing. Fix === During the preparation of partition name, check and report an error if the partition path name exceeds the maximum path name limit. This is a 5.5 patch. --- sql/ha_partition.cc | 150 +++++++++++++++++++++++--------------- sql/sql_partition.cc | 169 +++++++++++++++++++++++++++---------------- sql/sql_partition.h | 6 +- 3 files changed, 200 insertions(+), 125 deletions(-) diff --git a/sql/ha_partition.cc b/sql/ha_partition.cc index aadac36e2ee..414f9d52536 100644 --- a/sql/ha_partition.cc +++ b/sql/ha_partition.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -624,7 +624,7 @@ int ha_partition::create(const char *name, TABLE *table_arg, int ha_partition::drop_partitions(const char *path) { List_iterator part_it(m_part_info->partitions); - char part_name_buff[FN_REFLEN]; + char part_name_buff[FN_REFLEN + 1]; uint num_parts= m_part_info->partitions.elements; uint num_subparts= m_part_info->num_subparts; uint i= 0; @@ -657,9 +657,12 @@ int ha_partition::drop_partitions(const char *path) { partition_element *sub_elem= sub_it++; part= i * num_subparts + j; - create_subpartition_name(part_name_buff, path, - part_elem->partition_name, - sub_elem->partition_name, name_variant); + if ((ret_error= create_subpartition_name(part_name_buff, path, + part_elem->partition_name, + sub_elem->partition_name, + name_variant))) + error= ret_error; + file= m_file[part]; DBUG_PRINT("info", ("Drop subpartition %s", part_name_buff)); if ((ret_error= file->ha_delete_table(part_name_buff))) @@ -670,9 +673,11 @@ int ha_partition::drop_partitions(const char *path) } else { - create_partition_name(part_name_buff, path, - part_elem->partition_name, name_variant, - TRUE); + if ((ret_error= create_partition_name(part_name_buff, path, + part_elem->partition_name, + name_variant, TRUE))) + error= ret_error; + file= m_file[i]; DBUG_PRINT("info", ("Drop partition %s", part_name_buff)); if ((ret_error= file->ha_delete_table(part_name_buff))) @@ -714,8 +719,8 @@ int ha_partition::rename_partitions(const char *path) { List_iterator part_it(m_part_info->partitions); List_iterator temp_it(m_part_info->temp_partitions); - char part_name_buff[FN_REFLEN]; - char norm_name_buff[FN_REFLEN]; + char part_name_buff[FN_REFLEN + 1]; + char norm_name_buff[FN_REFLEN + 1]; uint num_parts= m_part_info->partitions.elements; uint part_count= 0; uint num_subparts= m_part_info->num_subparts; @@ -757,10 +762,11 @@ int ha_partition::rename_partitions(const char *path) { sub_elem= sub_it++; file= m_reorged_file[part_count++]; - create_subpartition_name(norm_name_buff, path, - part_elem->partition_name, - sub_elem->partition_name, - NORMAL_PART_NAME); + if ((ret_error= create_subpartition_name(norm_name_buff, path, + part_elem->partition_name, + sub_elem->partition_name, + NORMAL_PART_NAME))) + error= ret_error; DBUG_PRINT("info", ("Delete subpartition %s", norm_name_buff)); if ((ret_error= file->ha_delete_table(norm_name_buff))) error= ret_error; @@ -773,9 +779,11 @@ int ha_partition::rename_partitions(const char *path) else { file= m_reorged_file[part_count++]; - create_partition_name(norm_name_buff, path, - part_elem->partition_name, NORMAL_PART_NAME, - TRUE); + if ((ret_error= create_partition_name(norm_name_buff, path, + part_elem->partition_name, + NORMAL_PART_NAME, TRUE))) + error= ret_error; + DBUG_PRINT("info", ("Delete partition %s", norm_name_buff)); if ((ret_error= file->ha_delete_table(norm_name_buff))) error= ret_error; @@ -825,10 +833,12 @@ int ha_partition::rename_partitions(const char *path) { sub_elem= sub_it++; part= i * num_subparts + j; - create_subpartition_name(norm_name_buff, path, - part_elem->partition_name, - sub_elem->partition_name, - NORMAL_PART_NAME); + if ((ret_error= create_subpartition_name(norm_name_buff, path, + part_elem->partition_name, + sub_elem->partition_name, + NORMAL_PART_NAME))) + error= ret_error; + if (part_elem->part_state == PART_IS_CHANGED) { file= m_reorged_file[part_count++]; @@ -840,10 +850,12 @@ int ha_partition::rename_partitions(const char *path) (void) sync_ddl_log(); } file= m_new_file[part]; - create_subpartition_name(part_name_buff, path, - part_elem->partition_name, - sub_elem->partition_name, - TEMP_PART_NAME); + if ((ret_error= create_subpartition_name(part_name_buff, path, + part_elem->partition_name, + sub_elem->partition_name, + TEMP_PART_NAME))) + error= ret_error; + DBUG_PRINT("info", ("Rename subpartition from %s to %s", part_name_buff, norm_name_buff)); if ((ret_error= file->ha_rename_table(part_name_buff, @@ -857,9 +869,11 @@ int ha_partition::rename_partitions(const char *path) } else { - create_partition_name(norm_name_buff, path, - part_elem->partition_name, NORMAL_PART_NAME, - TRUE); + if ((ret_error= create_partition_name(norm_name_buff, path, + part_elem->partition_name, + NORMAL_PART_NAME, TRUE))) + error= ret_error; + if (part_elem->part_state == PART_IS_CHANGED) { file= m_reorged_file[part_count++]; @@ -871,9 +885,11 @@ int ha_partition::rename_partitions(const char *path) (void) sync_ddl_log(); } file= m_new_file[i]; - create_partition_name(part_name_buff, path, - part_elem->partition_name, TEMP_PART_NAME, - TRUE); + if ((ret_error= create_partition_name(part_name_buff, path, + part_elem->partition_name, + TEMP_PART_NAME, TRUE))) + error= ret_error; + DBUG_PRINT("info", ("Rename partition from %s to %s", part_name_buff, norm_name_buff)); if ((ret_error= file->ha_rename_table(part_name_buff, @@ -1477,7 +1493,7 @@ int ha_partition::change_partitions(HA_CREATE_INFO *create_info, { List_iterator part_it(m_part_info->partitions); List_iterator t_it(m_part_info->temp_partitions); - char part_name_buff[FN_REFLEN]; + char part_name_buff[FN_REFLEN + 1]; uint num_parts= m_part_info->partitions.elements; uint num_subparts= m_part_info->num_subparts; uint i= 0; @@ -1687,10 +1703,15 @@ int ha_partition::change_partitions(HA_CREATE_INFO *create_info, do { partition_element *sub_elem= sub_it++; - create_subpartition_name(part_name_buff, path, - part_elem->partition_name, - sub_elem->partition_name, - name_variant); + if ((error= create_subpartition_name(part_name_buff, path, + part_elem->partition_name, + sub_elem->partition_name, + name_variant))) + { + cleanup_new_partition(part_count); + DBUG_RETURN(error); + } + part= i * num_subparts + j; DBUG_PRINT("info", ("Add subpartition %s", part_name_buff)); if ((error= prepare_new_partition(table, create_info, @@ -1708,9 +1729,14 @@ int ha_partition::change_partitions(HA_CREATE_INFO *create_info, } else { - create_partition_name(part_name_buff, path, - part_elem->partition_name, name_variant, - TRUE); + if ((error= create_partition_name(part_name_buff, path, + part_elem->partition_name, + name_variant, TRUE))) + { + cleanup_new_partition(part_count); + DBUG_RETURN(error); + } + DBUG_PRINT("info", ("Add partition %s", part_name_buff)); if ((error= prepare_new_partition(table, create_info, new_file_array[i], @@ -1967,8 +1993,8 @@ int ha_partition::del_ren_cre_table(const char *from, { int save_error= 0; int error= HA_ERR_INTERNAL_ERROR; - char from_buff[FN_REFLEN], to_buff[FN_REFLEN], from_lc_buff[FN_REFLEN], - to_lc_buff[FN_REFLEN], buff[FN_REFLEN]; + char from_buff[FN_REFLEN + 1], to_buff[FN_REFLEN + 1], from_lc_buff[FN_REFLEN + 1], + to_lc_buff[FN_REFLEN + 1], buff[FN_REFLEN + 1]; char *name_buffer_ptr; const char *from_path; const char *to_path= NULL; @@ -2015,13 +2041,16 @@ int ha_partition::del_ren_cre_table(const char *from, i= 0; do { - create_partition_name(from_buff, from_path, name_buffer_ptr, - NORMAL_PART_NAME, FALSE); + if ((error= create_partition_name(from_buff, from_path, name_buffer_ptr, + NORMAL_PART_NAME, FALSE))) + DBUG_RETURN(error); if (to != NULL) { // Rename branch - create_partition_name(to_buff, to_path, name_buffer_ptr, - NORMAL_PART_NAME, FALSE); + if ((error= create_partition_name(to_buff, to_path, name_buffer_ptr, + NORMAL_PART_NAME, FALSE))) + DBUG_RETURN(error); + error= (*file)->ha_rename_table(from_buff, to_buff); if (error) goto rename_error; @@ -2066,9 +2095,9 @@ create_error: name_buffer_ptr= m_name_buffer_ptr; for (abort_file= file, file= m_file; file < abort_file; file++) { - create_partition_name(from_buff, from_path, name_buffer_ptr, NORMAL_PART_NAME, - FALSE); - (void) (*file)->ha_delete_table((const char*) from_buff); + if (!create_partition_name(from_buff, from_path, name_buffer_ptr, NORMAL_PART_NAME, + FALSE)) + (void) (*file)->ha_delete_table((const char*) from_buff); name_buffer_ptr= strend(name_buffer_ptr) + 1; } DBUG_RETURN(error); @@ -2077,12 +2106,12 @@ rename_error: for (abort_file= file, file= m_file; file < abort_file; file++) { /* Revert the rename, back from 'to' to the original 'from' */ - create_partition_name(from_buff, from_path, name_buffer_ptr, - NORMAL_PART_NAME, FALSE); - create_partition_name(to_buff, to_path, name_buffer_ptr, - NORMAL_PART_NAME, FALSE); - /* Ignore error here */ - (void) (*file)->ha_rename_table(to_buff, from_buff); + if (!create_partition_name(from_buff, from_path, name_buffer_ptr, + NORMAL_PART_NAME, FALSE)) + if (!create_partition_name(to_buff, to_path, name_buffer_ptr, + NORMAL_PART_NAME, FALSE)) + /* Ignore error here */ + (void) (*file)->ha_rename_table(to_buff, from_buff); name_buffer_ptr= strend(name_buffer_ptr) + 1; } DBUG_RETURN(error); @@ -2707,7 +2736,7 @@ int ha_partition::open(const char *name, int mode, uint test_if_locked) char *name_buffer_ptr; int error= HA_ERR_INITIALIZATION; handler **file; - char name_buff[FN_REFLEN]; + char name_buff[FN_REFLEN + 1]; bool is_not_tmp_table= (table_share->tmp_table == NO_TMP_TABLE); ulonglong check_table_flags; DBUG_ENTER("ha_partition::open"); @@ -2777,8 +2806,10 @@ int ha_partition::open(const char *name, int mode, uint test_if_locked) file= m_is_clone_of->m_file; for (i= 0; i < m_tot_parts; i++) { - create_partition_name(name_buff, name, name_buffer_ptr, NORMAL_PART_NAME, - FALSE); + if ((error= create_partition_name(name_buff, name, name_buffer_ptr, + NORMAL_PART_NAME, FALSE))) + goto err_handler; + if (!(m_file[i]= file[i]->clone(name_buff, m_clone_mem_root))) { error= HA_ERR_INITIALIZATION; @@ -2793,8 +2824,9 @@ int ha_partition::open(const char *name, int mode, uint test_if_locked) file= m_file; do { - create_partition_name(name_buff, name, name_buffer_ptr, NORMAL_PART_NAME, - FALSE); + if ((error= create_partition_name(name_buff, name, name_buffer_ptr, + NORMAL_PART_NAME, FALSE))) + goto err_handler; if ((error= (*file)->ha_open(table, name_buff, mode, test_if_locked))) goto err_handler; m_num_locks+= (*file)->lock_count(); diff --git a/sql/sql_partition.cc b/sql/sql_partition.cc index 5358535e9f9..65d4da0f2f6 100644 --- a/sql/sql_partition.cc +++ b/sql/sql_partition.cc @@ -1,4 +1,4 @@ -/* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -5958,8 +5958,8 @@ static bool write_log_changed_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, DDL_LOG_ENTRY ddl_log_entry; partition_info *part_info= lpt->part_info; DDL_LOG_MEMORY_ENTRY *log_entry; - char tmp_path[FN_REFLEN]; - char normal_path[FN_REFLEN]; + char tmp_path[FN_REFLEN + 1]; + char normal_path[FN_REFLEN + 1]; List_iterator part_it(part_info->partitions); uint temp_partitions= part_info->temp_partitions.elements; uint num_elements= part_info->partitions.elements; @@ -5983,14 +5983,18 @@ static bool write_log_changed_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, ddl_log_entry.next_entry= *next_entry; ddl_log_entry.handler_name= ha_resolve_storage_engine_name(sub_elem->engine_type); - create_subpartition_name(tmp_path, path, - part_elem->partition_name, - sub_elem->partition_name, - TEMP_PART_NAME); - create_subpartition_name(normal_path, path, - part_elem->partition_name, - sub_elem->partition_name, - NORMAL_PART_NAME); + if (create_subpartition_name(tmp_path, path, + part_elem->partition_name, + sub_elem->partition_name, + TEMP_PART_NAME)) + DBUG_RETURN(TRUE); + + if (create_subpartition_name(normal_path, path, + part_elem->partition_name, + sub_elem->partition_name, + NORMAL_PART_NAME)) + DBUG_RETURN(TRUE); + ddl_log_entry.name= normal_path; ddl_log_entry.from_name= tmp_path; if (part_elem->part_state == PART_IS_CHANGED) @@ -6011,12 +6015,13 @@ static bool write_log_changed_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, ddl_log_entry.next_entry= *next_entry; ddl_log_entry.handler_name= ha_resolve_storage_engine_name(part_elem->engine_type); - create_partition_name(tmp_path, path, - part_elem->partition_name, - TEMP_PART_NAME, TRUE); - create_partition_name(normal_path, path, - part_elem->partition_name, - NORMAL_PART_NAME, TRUE); + if ((create_partition_name(tmp_path, path, part_elem->partition_name, + TEMP_PART_NAME, TRUE)) || + (create_partition_name(normal_path, path, + part_elem->partition_name, + NORMAL_PART_NAME, TRUE))) + DBUG_RETURN(TRUE); + ddl_log_entry.name= normal_path; ddl_log_entry.from_name= tmp_path; if (part_elem->part_state == PART_IS_CHANGED) @@ -6055,7 +6060,7 @@ static bool write_log_dropped_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, DDL_LOG_ENTRY ddl_log_entry; partition_info *part_info= lpt->part_info; DDL_LOG_MEMORY_ENTRY *log_entry; - char tmp_path[FN_LEN]; + char tmp_path[FN_REFLEN + 1]; List_iterator part_it(part_info->partitions); List_iterator temp_it(part_info->temp_partitions); uint num_temp_partitions= part_info->temp_partitions.elements; @@ -6094,10 +6099,12 @@ static bool write_log_dropped_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, ddl_log_entry.next_entry= *next_entry; ddl_log_entry.handler_name= ha_resolve_storage_engine_name(sub_elem->engine_type); - create_subpartition_name(tmp_path, path, - part_elem->partition_name, - sub_elem->partition_name, - name_variant); + if (create_subpartition_name(tmp_path, path, + part_elem->partition_name, + sub_elem->partition_name, + name_variant)) + DBUG_RETURN(TRUE); + ddl_log_entry.name= tmp_path; if (write_ddl_log_entry(&ddl_log_entry, &log_entry)) { @@ -6113,9 +6120,10 @@ static bool write_log_dropped_partitions(ALTER_PARTITION_PARAM_TYPE *lpt, ddl_log_entry.next_entry= *next_entry; ddl_log_entry.handler_name= ha_resolve_storage_engine_name(part_elem->engine_type); - create_partition_name(tmp_path, path, - part_elem->partition_name, - name_variant, TRUE); + if ((create_partition_name(tmp_path, path, part_elem->partition_name, + name_variant, TRUE))) + DBUG_RETURN(TRUE); + ddl_log_entry.name= tmp_path; if (write_ddl_log_entry(&ddl_log_entry, &log_entry)) { @@ -8194,29 +8202,28 @@ static uint32 get_next_subpartition_via_walking(PARTITION_ITERATOR *part_iter) } -/* - Create partition names +/** + Create partition names. This method is used to calculate the + partition name, service routine to the del_ren_cre_table method. + The output buffer size should be FN_REFLEN + 1(terminating '\0'). - SYNOPSIS - create_partition_name() - out:out Created partition name string - in1 First part - in2 Second part - name_variant Normal, temporary or renamed partition name + @param [out] out Created partition name string + @param in1 First part + @param in2 Second part + @param in3 Third part + @param name_variant Normal, temporary or renamed partition name + @param translate Flag to determine whether to convert a table name + to it its corresponding filename. - RETURN VALUE - NONE - - DESCRIPTION - This method is used to calculate the partition name, service routine to - the del_ren_cre_table method. + @retval true Error. + @retval false Success. */ -void create_partition_name(char *out, const char *in1, +bool create_partition_name(char *out, const char *in1, const char *in2, uint name_variant, bool translate) { - char transl_part_name[FN_REFLEN]; + char transl_part_name[FN_REFLEN + 1]; const char *transl_part; if (translate) @@ -8226,35 +8233,50 @@ void create_partition_name(char *out, const char *in1, } else transl_part= in2; + + // Check if the path name for partition exceeds maximum path length. if (name_variant == NORMAL_PART_NAME) - strxmov(out, in1, "#P#", transl_part, NullS); + { + if ((strlen(in1) + strlen(transl_part) + 3) > FN_REFLEN) + { + my_error(ER_PATH_LENGTH, MYF(0), in2); + return true; + } + } + else + if ((strlen(in1) + strlen(transl_part) + 8) > FN_REFLEN) + { + my_error(ER_PATH_LENGTH, MYF(0), in2); + return true; + } + + if (name_variant == NORMAL_PART_NAME) + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part, NullS); else if (name_variant == TEMP_PART_NAME) - strxmov(out, in1, "#P#", transl_part, "#TMP#", NullS); + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part, "#TMP#", NullS); else if (name_variant == RENAMED_PART_NAME) - strxmov(out, in1, "#P#", transl_part, "#REN#", NullS); + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part, "#REN#", NullS); + + return false; } -/* - Create subpartition name +/** + Create subpartition name. This method is used to calculate the + subpartition name, service routine to the del_ren_cre_table method. + The output buffer size should be FN_REFLEN + 1(terminating '\0'). - SYNOPSIS - create_subpartition_name() - out:out Created partition name string - in1 First part - in2 Second part - in3 Third part - name_variant Normal, temporary or renamed partition name + @param [out] out Created partition name string + @param in1 First part + @param in2 Second part + @param in3 Third part + @param name_variant Normal, temporary or renamed partition name - RETURN VALUE - NONE - - DESCRIPTION - This method is used to calculate the subpartition name, service routine to - the del_ren_cre_table method. + @retval true Error. + @retval false Success. */ -void create_subpartition_name(char *out, const char *in1, +bool create_subpartition_name(char *out, const char *in1, const char *in2, const char *in3, uint name_variant) { @@ -8262,15 +8284,36 @@ void create_subpartition_name(char *out, const char *in1, tablename_to_filename(in2, transl_part_name, FN_REFLEN); tablename_to_filename(in3, transl_subpart_name, FN_REFLEN); + + // Check if the path name for subpartition exceeds maximum path length. if (name_variant == NORMAL_PART_NAME) - strxmov(out, in1, "#P#", transl_part_name, + { + if ((strlen(in1) + strlen(transl_part_name) + + strlen(transl_subpart_name) + 7) > FN_REFLEN) + { + my_error(ER_PATH_LENGTH, MYF(0), in3); + return true; + } + } + else + if ((strlen(in1) + strlen(transl_part_name) + + strlen(transl_subpart_name) + 12) > FN_REFLEN) + { + my_error(ER_PATH_LENGTH, MYF(0), in3); + return true; + } + + if (name_variant == NORMAL_PART_NAME) + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part_name, "#SP#", transl_subpart_name, NullS); else if (name_variant == TEMP_PART_NAME) - strxmov(out, in1, "#P#", transl_part_name, + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part_name, "#SP#", transl_subpart_name, "#TMP#", NullS); else if (name_variant == RENAMED_PART_NAME) - strxmov(out, in1, "#P#", transl_part_name, + strxnmov(out, FN_REFLEN, in1, "#P#", transl_part_name, "#SP#", transl_subpart_name, "#REN#", NullS); + + return false; } uint get_partition_field_store_length(Field *field) diff --git a/sql/sql_partition.h b/sql/sql_partition.h index f232eaa0629..cfaab903f04 100644 --- a/sql/sql_partition.h +++ b/sql/sql_partition.h @@ -1,7 +1,7 @@ #ifndef SQL_PARTITION_INCLUDED #define SQL_PARTITION_INCLUDED -/* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -272,10 +272,10 @@ char *generate_partition_syntax(partition_info *part_info, const char *current_comment_start); #endif -void create_partition_name(char *out, const char *in1, +bool create_partition_name(char *out, const char *in1, const char *in2, uint name_variant, bool translate); -void create_subpartition_name(char *out, const char *in1, +bool create_subpartition_name(char *out, const char *in1, const char *in2, const char *in3, uint name_variant); From f2f6025a445d9a799ccce27bc9124c3a63c28764 Mon Sep 17 00:00:00 2001 From: Arun Kuruvila Date: Thu, 24 Aug 2017 14:19:38 +0530 Subject: [PATCH 10/13] Bug#26482173: TLS CIPHER NEGOTIATION INCORRECTLY MATCHES ON LAST BYTE ONLY (YASSL) Description:- TLS cipher negociation happens incorrectly leading to the use of a different Analysis:- YaSSL based MySQL server will compare only the last byte of each cipher sent in the Client Hello message. This can cause TLS connections to fail, due to the server picking a cipher which the client doesn't actually support. Fix:- A fix for detecting cipher suites with non leading zeros is included as YaSSL only supports cipher suites with leading zeros. --- extra/yassl/README | 8 ++ extra/yassl/certs/ca-cert.pem | 96 ++++++++++++------------ extra/yassl/certs/client-cert.pem | 99 ++++++++++++------------ extra/yassl/certs/server-cert.pem | 120 +++++++++++++++--------------- extra/yassl/include/openssl/ssl.h | 4 +- extra/yassl/src/yassl_imp.cpp | 6 +- extra/yassl/src/yassl_int.cpp | 13 +++- 7 files changed, 182 insertions(+), 164 deletions(-) diff --git a/extra/yassl/README b/extra/yassl/README index a3d4f60f561..de1bf5132aa 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,14 @@ before calling SSL_new(); *** end Note *** +yaSSL Release notes, version 2.4.4 (8/8/2017) + This release of yaSSL fixes an interop issue. A fix for detecting cipher + suites with non leading zeros is included as yaSSL only supports cipher + suites with leading zeros. Thanks for the report from Security Innovation + and Oracle. + + Users interoping with other SSL stacks should update. + yaSSL Release notes, version 2.4.2 (9/22/2016) This release of yaSSL fixes a medium security vulnerability. A fix for potential AES side channel leaks is included that a local user monitoring diff --git a/extra/yassl/certs/ca-cert.pem b/extra/yassl/certs/ca-cert.pem index 7e64eb47961..8b34ea43dd2 100644 --- a/extra/yassl/certs/ca-cert.pem +++ b/extra/yassl/certs/ca-cert.pem @@ -1,40 +1,13 @@ ------BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G -A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 -dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D -mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx -i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J -XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc -/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI -/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU -J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 -aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf -+n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH -7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 -DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB -VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq -Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== ------END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - 9a:41:47:cd:a1:14:62:8c - Signature Algorithm: sha1WithRSAEncryption + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 11 03:20:08 2014 GMT - Not After : Apr 6 03:20:08 2017 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -65,23 +38,50 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9A:41:47:CD:A1:14:62:8C + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: - fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: - f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: - 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: - 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: - ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: - c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: - b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: - 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: - 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: - 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: - e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: - 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: - bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: - b2:b3:03:d8 + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-cert.pem b/extra/yassl/certs/client-cert.pem index 38330d5380e..9262ad60991 100644 --- a/extra/yassl/certs/client-cert.pem +++ b/extra/yassl/certs/client-cert.pem @@ -2,13 +2,13 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - b6:63:af:8f:5d:62:57:a0 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + b9:bc:90:ed:ad:aa:0a:8c + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 11 17:39:44 2014 GMT - Not After : Apr 6 17:39:44 2017 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -37,51 +37,52 @@ Certificate: 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 - DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:B6:63:AF:8F:5D:62:57:A0 + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B9:BC:90:ED:AD:AA:0A:8C X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 85:10:90:c5:5d:de:25:8c:f2:57:7b:2d:14:1c:05:f9:71:63: - 40:b0:e3:c1:c1:2e:13:2a:7a:b7:d6:24:58:87:eb:03:fb:0d: - af:e0:f4:d0:c8:bc:51:36:10:4f:79:cc:4f:66:7d:af:99:cb: - 7b:ce:68:94:c6:36:aa:42:6e:8c:78:5b:b2:85:ca:d1:e1:a8: - 31:d1:81:d9:f9:c1:a3:9e:34:43:ef:0a:79:7d:3e:83:61:fc: - 14:5c:d1:dd:bc:0e:d7:51:b7:71:6e:41:7e:8b:2c:5a:9a:cb: - 77:4b:6a:f5:06:ff:02:af:1e:e6:63:4f:bc:44:d9:3f:56:9e: - 09:9c:43:f9:55:21:32:46:82:09:86:a9:7b:74:1c:9e:5a:2a: - bf:03:79:91:cb:f2:29:7f:c9:15:82:89:b9:53:cd:7e:07:90: - a9:5d:76:e1:19:5e:0d:58:b8:59:d5:0d:df:23:ab:6b:63:76: - 19:9e:9c:df:b0:57:49:6c:d0:86:97:c3:6c:3c:fa:e0:56:c2: - 1b:e3:a1:42:1a:58:62:85:9d:74:19:83:08:af:59:90:f8:99: - bd:67:d3:4a:ea:0e:c9:ca:61:8a:0d:8a:42:cc:90:e9:2e:c2: - 54:73:7f:5e:af:8d:e2:32:cb:45:20:d6:19:4d:5b:77:31:cc: - 0f:2d:c0:7e + Signature Algorithm: sha256WithRSAEncryption + 33:85:08:b4:58:0e:a2:00:03:74:de:77:fb:d1:2b:76:9c:97: + 90:20:21:a2:e8:2e:22:50:26:04:76:ba:5b:47:79:e5:52:f7: + c4:0d:79:ff:62:3f:05:7c:c3:08:6c:e0:b7:81:d0:ce:c6:c9: + 46:b9:8e:4b:5f:56:79:4b:13:b6:d1:6b:66:4b:ce:00:0d:e3: + 76:5e:fb:cb:b5:5d:12:31:05:f1:bb:39:f6:86:90:ca:92:56: + a4:a0:75:21:b6:1d:4c:96:c3:45:eb:5a:91:94:32:d3:59:b8: + c9:73:1f:03:a9:81:63:e0:43:c0:1e:c8:65:be:3b:a7:53:c3: + 44:ff:b3:fb:47:84:a8:b6:9d:00:d5:6b:ae:87:f8:bb:35:b2: + 6c:66:0b:11:ee:6f:fe:12:ed:59:79:f1:3e:f2:d3:61:27:8b: + 95:7e:99:75:8d:a4:9f:34:85:f1:25:4d:48:1e:9b:6b:70:f6: + 66:cc:56:b1:a3:02:52:8a:7c:aa:af:07:da:97:c6:0c:a5:8f: + ed:cb:f5:d8:04:5d:97:0a:5d:5a:2b:49:f5:bd:93:e5:23:9b: + 99:b5:0c:ff:0c:7e:38:82:b2:6e:ab:8a:c9:a7:45:ab:d6:d7: + 93:35:70:07:7e:c8:3d:a5:fe:33:8f:d9:85:c0:c7:5a:02:e4: + 7c:d6:35:9e -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJALZjr49dYlegMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD -VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G -A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3 -dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNDA3MTExNzM5NDRaFw0xNzA0MDYxNzM5NDRaMIGUMQswCQYDVQQGEwJVUzEQ -MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s -ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns -LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am -NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/ -Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7 -9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX -11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l -TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB -+TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU -M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM -MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAtmOvj11iV6AwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAhRCQxV3eJYzyV3stFBwF+XFj -QLDjwcEuEyp6t9YkWIfrA/sNr+D00Mi8UTYQT3nMT2Z9r5nLe85olMY2qkJujHhb -soXK0eGoMdGB2fnBo540Q+8KeX0+g2H8FFzR3bwO11G3cW5BfossWprLd0tq9Qb/ -Aq8e5mNPvETZP1aeCZxD+VUhMkaCCYape3QcnloqvwN5kcvyKX/JFYKJuVPNfgeQ -qV124RleDVi4WdUN3yOra2N2GZ6c37BXSWzQhpfDbDz64FbCG+OhQhpYYoWddBmD -CK9ZkPiZvWfTSuoOycphig2KQsyQ6S7CVHN/Xq+N4jLLRSDWGU1bdzHMDy3Afg== +MIIEyjCCA7KgAwIBAgIJALm8kO2tqgqMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG +A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw +FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20wHhcNMTYwODExMjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBnjELMAkG +A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT +BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45 +pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs +StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW +kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF +dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj +mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/ +wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR +xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh +MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96 +ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu +Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW +EGluZm9Ad29sZnNzbC5jb22CCQC5vJDtraoKjDAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAzhQi0WA6iAAN03nf70St2nJeQICGi6C4iUCYEdrpbR3nl +UvfEDXn/Yj8FfMMIbOC3gdDOxslGuY5LX1Z5SxO20WtmS84ADeN2XvvLtV0SMQXx +uzn2hpDKklakoHUhth1MlsNF61qRlDLTWbjJcx8DqYFj4EPAHshlvjunU8NE/7P7 +R4Sotp0A1Wuuh/i7NbJsZgsR7m/+Eu1ZefE+8tNhJ4uVfpl1jaSfNIXxJU1IHptr +cPZmzFaxowJSinyqrwfal8YMpY/ty/XYBF2XCl1aK0n1vZPlI5uZtQz/DH44grJu +q4rJp0Wr1teTNXAHfsg9pf4zj9mFwMdaAuR81jWe -----END CERTIFICATE----- diff --git a/extra/yassl/certs/server-cert.pem b/extra/yassl/certs/server-cert.pem index f56cba9de70..5504c822fae 100644 --- a/extra/yassl/certs/server-cert.pem +++ b/extra/yassl/certs/server-cert.pem @@ -2,11 +2,11 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 11 17:20:14 2014 GMT - Not After : Apr 6 17:20:14 2017 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -37,32 +37,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9A:41:47:CD:A1:14:62:8C + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 3d:8c:70:05:5b:62:4b:bf:6c:b6:48:61:01:10:1d:5e:05:ba: - 55:94:2c:ae:59:6f:97:80:5d:6c:86:ec:9a:eb:15:45:44:e4: - 56:f8:75:ca:8a:45:32:f4:c7:e1:fa:f2:98:1c:91:d3:3f:e8: - 0e:c9:1b:fa:e1:79:99:67:0e:0d:6b:8a:ec:1a:2c:59:c4:34: - 04:8d:39:77:cd:b5:e9:60:5b:82:bf:34:ce:ed:c6:4f:3f:b4: - 5c:4d:8a:b4:f4:0a:04:12:a0:56:c1:e1:33:37:a1:54:87:48: - e9:81:c2:0f:8f:6f:d3:52:4c:4c:32:4c:6b:9f:3a:04:8f:77: - 5d:ad:dc:3d:2b:f2:c9:df:3c:60:5d:d8:fc:86:72:7c:3d:d0: - 84:4b:8c:df:26:43:fe:c0:cc:5b:e1:36:b3:3d:32:28:a3:ef: - 0c:20:d6:b1:50:39:d6:67:a9:8b:84:bc:92:34:eb:19:23:e8: - 10:8f:ea:bd:18:8c:93:27:3c:74:75:8e:58:04:fa:2a:74:44: - 7d:fc:4d:39:df:54:17:ba:78:e1:5d:6a:70:d3:7c:a2:80:81: - e6:19:51:91:c3:44:51:ec:bb:88:a9:53:e1:d7:a9:8c:28:f4: - 21:1c:42:51:09:b4:12:6d:a0:d6:25:09:85:c6:2a:0c:af:a7: - 58:e6:52:8b + Signature Algorithm: sha256WithRSAEncryption + 51:fe:2a:df:07:7e:43:ca:66:8d:15:c4:2b:db:57:b2:06:6d: + 0d:90:66:ff:a5:24:9c:14:ef:81:f2:a4:ab:99:a9:6a:49:20: + a5:d2:71:e7:1c:3c:99:07:c7:47:fc:e8:96:b4:f5:42:30:ce: + 39:01:4b:d1:c2:e8:bc:95:84:87:ce:55:5d:97:9f:cf:78:f3: + 56:9b:a5:08:6d:ac:f6:a5:5c:c4:ef:3e:2a:39:a6:48:26:29: + 7b:2d:e0:cd:a6:8c:57:48:0b:bb:31:32:c2:bf:d9:43:4c:47: + 25:18:81:a8:c9:33:82:41:9b:ba:61:86:d7:84:93:17:24:25: + 36:ca:4d:63:6b:4f:95:79:d8:60:e0:1e:f5:ac:c1:8a:a1:b1: + 7e:85:8e:87:20:2f:08:31:ad:5e:c6:4a:c8:61:f4:9e:07:1e: + a2:22:ed:73:7c:85:ee:fa:62:dc:50:36:aa:fd:c7:9d:aa:18: + 04:fb:ea:cc:2c:68:9b:b3:a9:c2:96:d8:c1:cc:5a:7e:f7:0d: + 9e:08:e0:9d:29:8b:84:46:8f:d3:91:6a:b5:b8:7a:5c:cc:4f: + 55:01:b8:9a:48:a0:94:43:ca:25:47:52:0a:f7:f4:be:b0:d1: + 71:6d:a5:52:4a:65:50:b2:ad:4e:1d:e0:6c:01:d8:fb:43:80: + e6:e4:0c:37 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz -bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx -MTcyMDE0WhcNMTcwNDA2MTcyMDE0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwODEx +MjAwNzM3WhcNMTkwNTA4MjAwNzM3WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP @@ -76,24 +76,24 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN -AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAPYxwBVtiS79stkhhARAdXgW6VZQsrllvl4BdbIbs -musVRUTkVvh1yopFMvTH4frymByR0z/oDskb+uF5mWcODWuK7BosWcQ0BI05d821 -6WBbgr80zu3GTz+0XE2KtPQKBBKgVsHhMzehVIdI6YHCD49v01JMTDJMa586BI93 -Xa3cPSvyyd88YF3Y/IZyfD3QhEuM3yZD/sDMW+E2sz0yKKPvDCDWsVA51mepi4S8 -kjTrGSPoEI/qvRiMkyc8dHWOWAT6KnREffxNOd9UF7p44V1qcNN8ooCB5hlRkcNE -Uey7iKlT4depjCj0IRxCUQm0Em2g1iUJhcYqDK+nWOZSiw== +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAQEAUf4q3wd+Q8pmjRXEK9tXsgZtDZBm/6UknBTvgfKk +q5mpakkgpdJx5xw8mQfHR/zolrT1QjDOOQFL0cLovJWEh85VXZefz3jzVpulCG2s +9qVcxO8+KjmmSCYpey3gzaaMV0gLuzEywr/ZQ0xHJRiBqMkzgkGbumGG14STFyQl +NspNY2tPlXnYYOAe9azBiqGxfoWOhyAvCDGtXsZKyGH0ngceoiLtc3yF7vpi3FA2 +qv3HnaoYBPvqzCxom7OpwpbYwcxafvcNngjgnSmLhEaP05Fqtbh6XMxPVQG4mkig +lEPKJUdSCvf0vrDRcW2lUkplULKtTh3gbAHY+0OA5uQMNw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - 9a:41:47:cd:a1:14:62:8c - Signature Algorithm: sha1WithRSAEncryption + b7:b6:90:33:66:1b:6b:23 + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Jul 11 03:20:08 2014 GMT - Not After : Apr 6 03:20:08 2017 GMT + Not Before: Aug 11 20:07:37 2016 GMT + Not After : May 8 20:07:37 2019 GMT Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -124,32 +124,32 @@ Certificate: X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com - serial:9A:41:47:CD:A1:14:62:8C + serial:B7:B6:90:33:66:1B:6B:23 X509v3 Basic Constraints: CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: - fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: - f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: - 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: - 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: - ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: - c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: - b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: - 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: - 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: - 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: - e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: - 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: - bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: - b2:b3:03:d8 + Signature Algorithm: sha256WithRSAEncryption + 0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88: + 3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9: + 8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed: + 1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69: + 35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23: + fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09: + fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce: + fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b: + e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3: + bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66: + da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae: + 26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f: + 1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6: + 50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c: + 55:a3:77:76 -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe -Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ +Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI @@ -163,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t -MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD -VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf -+n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH -7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 -DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB -VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq -Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI +Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U +uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO +BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z +v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j +Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg== -----END CERTIFICATE----- diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 0609dfc0592..0cce783de35 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. This program is free software; you can redistribute it and/or modify @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.4.2" +#define YASSL_VERSION "2.4.4" #if defined(__cplusplus) diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index f190761604d..c5892388eaf 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1578,6 +1578,10 @@ void ServerHello::Process(input_buffer& input, SSL& ssl) ssl.SetError(badVersion_error); return; } + if (cipher_suite_[0] != 0x00) { + ssl.SetError(unknown_cipher); + return; + } ssl.set_pending(cipher_suite_[1]); ssl.set_random(random_, server_end); if (id_len_) diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index f041850f85f..34a1c3b73a2 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1399,12 +1399,17 @@ void SSL::matchSuite(const opaque* peer, uint length) // start with best, if a match we are good, Ciphers are at odd index // since all SSL and TLS ciphers have 0x00 first byte for (uint i = 1; i < secure_.get_parms().suites_size_; i += 2) - for (uint j = 1; j < length; j+= 2) - if (secure_.use_parms().suites_[i] == peer[j]) { + for (uint j = 0; (j + 1) < length; j+= 2) { + if (peer[j] != 0x00) { + continue; // only 0x00 first byte supported + } + + if (secure_.use_parms().suites_[i] == peer[j + 1]) { secure_.use_parms().suite_[0] = 0x00; - secure_.use_parms().suite_[1] = peer[j]; + secure_.use_parms().suite_[1] = peer[j + 1]; return; } + } SetError(match_error); } From f7316aa0c9a3909fc7498e7b95d5d3af044a7e21 Mon Sep 17 00:00:00 2001 From: Ajo Robert Date: Thu, 24 Aug 2017 17:03:21 +0530 Subject: [PATCH 11/13] Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST, COL), NAME_CONST('NAME', NULL)) Backport of Bug#19143243 fix. NAME_CONST item can return NULL_ITEM type in case of incorrect arguments. NULL_ITEM has special processing in Item_func_in function. In Item_func_in::fix_length_and_dec an array of possible comparators is created. Since NAME_CONST function has NULL_ITEM type, corresponding array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE. ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(), so the NULL_ITEM is attempted compared with an empty comparator. The fix is to disable the caching of Item_name_const item. --- sql/item.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sql/item.h b/sql/item.h index 8caa2bc5f9f..9f4e1d24424 100644 --- a/sql/item.h +++ b/sql/item.h @@ -1,7 +1,7 @@ #ifndef ITEM_INCLUDED #define ITEM_INCLUDED -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1552,6 +1552,12 @@ public: return TRUE; } + virtual bool cache_const_expr_analyzer(uchar **arg) + { + // Item_name_const always wraps a literal, so there is no need to cache it. + return false; + } + int save_in_field(Field *field, bool no_conversions) { return value_item->save_in_field(field, no_conversions); From 5ac61b2af0cf37eeed5050a91819d6d273f037a5 Mon Sep 17 00:00:00 2001 From: Anushree Prakash B Date: Fri, 8 Sep 2017 18:29:07 +0530 Subject: [PATCH 12/13] Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH DESCRIPTION: =========== The bug is related to incorrect parsing of SQL queries when typed in on the CLI. The incorrect parsing can result in unexpected results. ANALYSIS: ======== The scenarios mainly happens for identifier names with a typical combination of backslashes and backticks. The incorrect parsing can either result in executing additional queries or can result in query truncation. This can impact mysqldump as well. FIX: === The fix makes sure that such identifier names are correctly parsed and a proper query is sent to the server for execution. (cherry picked from commit 31a372aa1c2b93dc75267d1f05a7f7fca6080dc0) --- client/mysql.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/client/mysql.cc b/client/mysql.cc index d09499c120a..715d74f18b2 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -2119,7 +2119,10 @@ static bool add_line(String &buffer,char *line,char *in_string, if (*in_string || inchar == 'N') // \N is short for NULL { // Don't allow commands in string *out++='\\'; - *out++= (char) inchar; + if ((inchar == '`') && (*in_string == inchar)) + pos--; + else + *out++= (char) inchar; continue; } if ((com=find_command(NullS,(char) inchar)))