[packages/mysql] - rel 6; back to 5.5 behaviour of secure_auth

arekm arekm at pld-linux.org
Fri Nov 29 11:18:17 CET 2013 

commit 610a5a467da5ed3fd04eac5ecacffdb1a8257b74
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Nov 29 11:18:11 2013 +0100

    - rel 6; back to 5.5 behaviour of secure_auth

 mysql-no-default-secure-auth.patch | 98 ++++++++++++++++++++++++++++++++++++++
 mysql.spec                         |  4 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
---
diff --git a/mysql.spec b/mysql.spec
index a480a51..0ad5dfe 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -35,7 +35,7 @@ Summary(uk.UTF-8):	MySQL - швидкий SQL-сервер
 Summary(zh_CN.UTF-8):	MySQL数据库服务器
 Name:		mysql
 Version:	5.6.14
-Release:	5
+Release:	6
 License:	GPL + MySQL FLOSS Exception
 Group:		Applications/Databases
 # Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -60,6 +60,7 @@ Source14:	my.cnf
 Patch1:		%{name}-versioning.patch
 Patch2:		%{name}hotcopy-5.0-5.5.patch
 Patch3:		bug-67402.patch
+Patch4:		mysql-no-default-secure-auth.patch
 # from fedora
 Patch6:		%{name}-system-users.patch
 
@@ -493,6 +494,7 @@ mv sphinx-*/mysqlse storage/sphinx
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %patch6 -p1
 
diff --git a/mysql-no-default-secure-auth.patch b/mysql-no-default-secure-auth.patch
new file mode 100644
index 0000000..26cf10c
--- /dev/null
+++ b/mysql-no-default-secure-auth.patch
@@ -0,0 +1,98 @@
+--- Percona-Server-5.6.14-rel62.0/client/mysql.cc~	2013-10-22 09:42:41.000000000 +0200
++++ Percona-Server-5.6.14-rel62.0/client/mysql.cc	2013-11-23 13:20:56.986861400 +0100
+@@ -152,7 +152,7 @@
+ 	       vertical=0, line_numbers=1, column_names=1,opt_html=0,
+                opt_xml=0,opt_nopager=1, opt_outfile=0, named_cmds= 0,
+ 	       tty_password= 0, opt_nobeep=0, opt_reconnect=1,
+-	       opt_secure_auth= TRUE,
++	       opt_secure_auth= 0,
+                default_pager_set= 0, opt_sigint_ignore= 0,
+                auto_vertical_output= 0,
+                show_warnings= 0, executing_query= 0, interrupted_query= 0,
+--- Percona-Server-5.6.14-rel62.0/client/mysql.cc~	2013-11-23 14:34:06.000000000 +0100
++++ Percona-Server-5.6.14-rel62.0/client/mysql.cc	2013-11-23 15:25:56.195617871 +0100
+@@ -1737,7 +1737,7 @@
+    1, ULONG_MAX, 0, 1, 0},
+   {"secure-auth", OPT_SECURE_AUTH, "Refuse client connecting to server if it"
+     " uses old (pre-4.1.1) protocol.", &opt_secure_auth,
+-    &opt_secure_auth, 0, GET_BOOL, NO_ARG, 1, 0, 0, 0, 0, 0},
++    &opt_secure_auth, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
+   {"server-arg", OPT_SERVER_ARG, "Send embedded server this as a parameter.",
+    0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
+   {"show-warnings", OPT_SHOW_WARNINGS, "Show warnings after every statement.",
+--- Percona-Server-5.6.14-rel62.0/sql/sys_vars.cc~	2013-11-23 15:30:45.000000000 +0100
++++ Percona-Server-5.6.14-rel62.0/sql/sys_vars.cc	2013-11-23 15:30:50.922370696 +0100
+@@ -2655,9 +2655,7 @@
+        "Disallow authentication for accounts that have old (pre-4.1) "
+        "passwords",
+        GLOBAL_VAR(opt_secure_auth), CMD_LINE(OPT_ARG, OPT_SECURE_AUTH),
+-       DEFAULT(TRUE),
+-       NO_MUTEX_GUARD, NOT_IN_BINLOG,
+-       ON_CHECK(on_check_opt_secure_auth)
++       DEFAULT(FALSE)
+        );
+ 
+ static Sys_var_charptr Sys_secure_file_priv(
+MySQL 5.6.11 does not allow pre-4.1.1 password hashes although the server is
+started with "skip-secure-auth option" (secure-auth mode disabled), this patch
+enables this feature again, it's a mysql_init() backport from MySQL 5.6.10.
+
+mysql> SHOW VARIABLES LIKE 'secure_auth' ;
++---------------+-------+
+| Variable_name | Value |
++---------------+-------+
+| secure_auth   | OFF   |
++---------------+-------+
+
+$ mysql -uexample -pexample test
+ERROR 2049 (HY000): Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)
+
+This bug has been also reported by Jørgen Thomsen: http://bugs.mysql.com/bug.php?id=69027
+
+Santi Saez 2013-04-22 / powerstack.org
+
+diff -urN mysql-5.6.11.orig/sql-common/client.c mysql-5.6.11/sql-common/client.c
+--- mysql-5.6.11.orig/sql-common/client.c	2013-04-05 14:27:18.000000000 +0200
++++ mysql-5.6.11/sql-common/client.c		2013-04-22 23:11:45.754001616 +0200
+@@ -4747,27 +4747,10 @@
+ 
+   if (mysql->passwd[0])
+   {
+-    /*
+-       If --secure-auth option is used, throw an error.
+-       Note that, we do not need to check for CLIENT_SECURE_CONNECTION
+-       capability of server. If server is not capable of handling secure
+-       connections, we would have raised error before reaching here.
+-
+-       TODO: Change following code to access MYSQL structure through
+-       client-side plugin service.
+-    */
+-    if (mysql->options.secure_auth)
+-    {
+-      set_mysql_error(mysql, CR_SECURE_AUTH, unknown_sqlstate);
++    char scrambled[SCRAMBLE_LENGTH_323 + 1];
++    scramble_323(scrambled, (char*)pkt, mysql->passwd);
++    if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1))
+       DBUG_RETURN(CR_ERROR);
+-    }
+-    else
+-    {
+-      char scrambled[SCRAMBLE_LENGTH_323 + 1];
+-      scramble_323(scrambled, (char*)pkt, mysql->passwd);
+-      if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH_323 + 1))
+-        DBUG_RETURN(CR_ERROR);
+-    }
+   }
+   else
+     if (vio->write_packet(vio, 0, 0)) /* no password */
+--- Percona-Server-5.6.14-rel62.0/sql-common/client.c~	2013-11-29 10:48:02.000000000 +0100
++++ Percona-Server-5.6.14-rel62.0/sql-common/client.c	2013-11-29 11:02:32.121352484 +0100
+@@ -1697,7 +1697,7 @@
+   */
+   mysql->reconnect= 0;
+  
+-  mysql->options.secure_auth= TRUE;
++  mysql->options.secure_auth= 0;
+ 
+   return mysql;
+ }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/mysql.git/commitdiff/610a5a467da5ed3fd04eac5ecacffdb1a8257b74

More information about the pld-cvs-commit mailing list