diff --git a/build.inc b/build.inc index 7ed6fff..ab744fd 100644 --- a/build.inc +++ b/build.inc @@ -4,9 +4,12 @@ %define socketpath /var/run/mysql %endif %if 0%{?suse_version} > 1140 -export WARN_DIS="$WARN_DIS -Wno-unused-but-set-variable -fno-strict-aliasing -Wno-unused-parameter " +export EXTRA_FLAGS=" -Wno-unused-but-set-variable -fno-strict-aliasing -Wno-unused-parameter " %endif -export CFLAGS="$RPM_OPT_FLAGS -DPIC -fPIC -DFORCE_INIT_OF_VARS $WARN_DIS " +%ifarch ppc64 +export EXTRA_FLAGS=" -mminimal-toc " +%endif +export CFLAGS="$RPM_OPT_FLAGS -DPIC -fPIC -DFORCE_INIT_OF_VARS $EXTRA_FLAGS " export CXXFLAGS="$CFLAGS -fno-exceptions -fno-rtti" %if 0%{use_cmake} < 1 diff --git a/configuration-tweaks.tar.bz2 b/configuration-tweaks.tar.bz2 index 72e06a7..a1cbf17 100644 --- a/configuration-tweaks.tar.bz2 +++ b/configuration-tweaks.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:219b058d331b9ac48e9ee207888ea60adc3e086733e7cda68592a04951bfb30e -size 317 +oid sha256:5e1d7b3da204d4812554888639fd49101b3a2d87c41bac802df35cf794ef088c +size 312 diff --git a/mariadb.changes b/mariadb.changes index 6cbd665..797fd95 100644 --- a/mariadb.changes +++ b/mariadb.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Aug 12 14:32:51 CEST 2013 - mhrusecky@suse.cz + +- chown --no-dereference instead of chown to improve security +- fix build for ppc64 using -mminimal-toc + ------------------------------------------------------------------- Mon Aug 12 12:25:16 CEST 2013 - mhrusecky@suse.cz diff --git a/mysql-patches.tar.bz2 b/mysql-patches.tar.bz2 index 1e20803..698b3be 100644 --- a/mysql-patches.tar.bz2 +++ b/mysql-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8d8547e5bd6984bdbff29f6f6f1bfa78a18353a9389c5f47a708d8c52f07fe53 -size 13345 +oid sha256:3c9a38335384fb99e0ac76488a2dd72cefa8fbca5f9f2b191c2348ecc64d6b0b +size 13306 diff --git a/rc.mysql-multi b/rc.mysql-multi index 9e56712..72cf61f 100644 --- a/rc.mysql-multi +++ b/rc.mysql-multi @@ -273,7 +273,7 @@ else parse_arguments `$print_defaults $defaults mysqld mysql_server` mkdir -m 755 -p /var/run/mysql - chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql + chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /var/run/mysql export TEMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`" # Safeguard (relative paths, core dumps..) @@ -292,7 +292,7 @@ else rm -rf "$TEMPDIR" fi TEMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`" - [ -z "$TEMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR" + [ -z "$TEMPDIR" ] || chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR" [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { echo "Can't create secure $TEMPDIR" rc_failed; rc_status -v; rc_exit; @@ -331,7 +331,7 @@ else mkdir -p "$log_dir" fi chmod 770 "$log_dir" - chown -R mysql:mysql "$log_dir" + chown -R --no-dereference mysql:mysql "$log_dir" done MYSQLVER="`mysqld --version | sed 's|.*Ver\ *\([^\ ]*\)\.[0-9]\+[\-\ ].*|\1|'`" @@ -418,7 +418,7 @@ else # reloads privileges tables, so we can get lock out for cmd in "/usr/bin/mysql_upgrade" \ "/usr/bin/mysql_upgrade"; do - [ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected" + [ -z "$protected" ] || chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$protected" [ "`ls -ld "$protected" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { echo "Can't create secure $protected" | tee -a "$log_upgrade" touch /var/lib/mysql/.run-mysql_upgrade @@ -481,12 +481,12 @@ else rm -rf "$protected" # Fix ownerships and permissions for $datadir chmod 750 "$datadir" - chown -R "$mysql_daemon_user:$mysql_daemon_group" "$datadir" + chown -R --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$datadir" rm -f /var/adm/update-messages/mysql-* rm -f /var/lib/mysql/.run-mysql_upgrade rm -f /var/lib/mysql/.force_upgrade rm -f "$datadir"/{update-stamp-*,mysql/stamp-4.1} # used in the past - chown "$mysql_daemon_user:$mysql_daemon_group" "$log_upgrade" + chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" "$log_upgrade" chmod 640 "$log_upgrade" fi