- chown --no-dereference instead of chown to improve security

- fix build for ppc64 using -mminimal-toc OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=129
2013-08-12 12:34:46 +00:00 · 2013-08-12 12:34:46 +00:00 · 45b9473e1f
commit 45b9473e1f
parent 9cefabf9c7
5 changed files with 21 additions and 12 deletions
--- a/build.inc
+++ b/build.inc
@ -4,9 +4,12 @@
 %define socketpath /var/run/mysql
 %endif
 %if 0%{?suse_version} > 1140
-export WARN_DIS="$WARN_DIS -Wno-unused-but-set-variable -fno-strict-aliasing -Wno-unused-parameter "
+export EXTRA_FLAGS=" -Wno-unused-but-set-variable -fno-strict-aliasing -Wno-unused-parameter "
 %endif
-export CFLAGS="$RPM_OPT_FLAGS -DPIC -fPIC -DFORCE_INIT_OF_VARS $WARN_DIS "
+%ifarch ppc64
+export EXTRA_FLAGS=" -mminimal-toc "
+%endif
+export CFLAGS="$RPM_OPT_FLAGS -DPIC -fPIC -DFORCE_INIT_OF_VARS $EXTRA_FLAGS "
 export CXXFLAGS="$CFLAGS -fno-exceptions -fno-rtti"

 %if 0%{use_cmake} < 1
--- a/configuration-tweaks.tar.bz2
+++ b/configuration-tweaks.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:219b058d331b9ac48e9ee207888ea60adc3e086733e7cda68592a04951bfb30e
-size 317
+oid sha256:5e1d7b3da204d4812554888639fd49101b3a2d87c41bac802df35cf794ef088c
+size 312
--- a/mariadb.changes
+++ b/mariadb.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug 12 14:32:51 CEST 2013 - mhrusecky@suse.cz
+
+- chown --no-dereference instead of chown to improve security
+- fix build for ppc64 using -mminimal-toc
+
 -------------------------------------------------------------------
 Mon Aug 12 12:25:16 CEST 2013 - mhrusecky@suse.cz

--- a/mysql-patches.tar.bz2
+++ b/mysql-patches.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8d8547e5bd6984bdbff29f6f6f1bfa78a18353a9389c5f47a708d8c52f07fe53
-size 13345
+oid sha256:3c9a38335384fb99e0ac76488a2dd72cefa8fbca5f9f2b191c2348ecc64d6b0b
+size 13306
--- a/rc.mysql-multi
+++ b/rc.mysql-multi
@ -273,7 +273,7 @@ else

 	parse_arguments `$print_defaults $defaults mysqld mysql_server`
 	mkdir -m 755 -p /var/run/mysql
-	chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql
+	chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /var/run/mysql
 	export TEMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`"

 	# Safeguard (relative paths, core dumps..)
@ -292,7 +292,7 @@ else
 			rm -rf "$TEMPDIR"
 		fi
 		TEMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`"
-		[ -z "$TEMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR"
+		[ -z "$TEMPDIR" ] || chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR"
 		[ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
 			echo "Can't create secure $TEMPDIR"
 			rc_failed; rc_status -v; rc_exit;
@ -331,7 +331,7 @@ else
 				mkdir -p "$log_dir"
 			fi
 			chmod 770 "$log_dir"
-			chown -R mysql:mysql "$log_dir"
+			chown -R --no-dereference mysql:mysql "$log_dir"
 		done

 		MYSQLVER="`mysqld --version | sed 's|.*Ver\ *\([^\ ]*\)\.[0-9]\+[\-\ ].*|\1|'`"
@ -418,7 +418,7 @@ else
 			# reloads privileges tables, so we can get lock out
 			for cmd in "/usr/bin/mysql_upgrade"                  \
 			           "/usr/bin/mysql_upgrade"; do
-			[ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected"
+			[ -z "$protected" ] || chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$protected"
 			[ "`ls -ld "$protected" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
 				echo "Can't create secure $protected" | tee -a "$log_upgrade"
 				touch /var/lib/mysql/.run-mysql_upgrade
@ -481,12 +481,12 @@ else
 			rm -rf "$protected"
 			# Fix ownerships and permissions for $datadir
 			chmod 750 "$datadir"
-			chown -R "$mysql_daemon_user:$mysql_daemon_group" "$datadir"
+			chown -R --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$datadir"
 			rm -f /var/adm/update-messages/mysql-*
 			rm -f /var/lib/mysql/.run-mysql_upgrade
 			rm -f /var/lib/mysql/.force_upgrade
 			rm -f "$datadir"/{update-stamp-*,mysql/stamp-4.1} # used in the past
-			chown "$mysql_daemon_user:$mysql_daemon_group" "$log_upgrade"
+			chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$log_upgrade"
 			chmod 640 "$log_upgrade"
 		fi