Accepting request 930735 from home:dspinella:branches:server:database

- Update to 10.6.5
  * release notes and changelog:
    https://mariadb.com/kb/en/library/mariadb-1065-release-notes
    https://mariadb.com/kb/en/library/mariadb-1065-changelog
  * fixes for the following security vulnerabilities:
    10.6.5: none
- Not affected by [CVE-2021-35604], bsc#1192497
- Drop upstreamed patch:
  * mariadb-10.2.19-link-and-enable-c++11-atomics.patch

- Use pam macros instead of hardcoding directories, fixes bsc#1191038
- Add fix-pamdir.patch

OBS-URL: https://build.opensuse.org/request/show/930735
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=283

fix-pamdir.patch

@@ -0,0 +1,13 @@
+diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake
+index 877b147bc6e..f025aec78cb 100644
+--- a/cmake/install_layout.cmake
++++ b/cmake/install_layout.cmake
+@@ -163,7 +163,7 @@ SET(INSTALL_UNIX_ADDRDIR_RPM            "${INSTALL_MYSQLDATADIR_RPM}/mysql.sock"
+ SET(INSTALL_SYSTEMD_UNITDIR_RPM         "/usr/lib/systemd/system")
+ SET(INSTALL_SYSTEMD_SYSUSERSDIR_RPM     "/usr/lib/sysusers.d")
+ SET(INSTALL_SYSTEMD_TMPFILESDIR_RPM     "/usr/lib/tmpfiles.d")
+-SET(INSTALL_PAMDIR_RPM                  "/${INSTALL_LIBDIR_RPM}/security")
++SET(INSTALL_PAMDIR_RPM                  "${INSTALL_LIBDIR_RPM}/security")
+ SET(INSTALL_PAMDATADIR_RPM              "/etc/security")
+ 
+ #

mariadb-10.2.19-link-and-enable-c++11-atomics.patch

@@ -1,70 +0,0 @@
-Author: Vicențiu Ciorbaru <vicentiu@mariadb.org>
-Date:   Fri Dec 21 19:14:04 2018 +0200
-
-   Link with libatomic to enable C11 atomics support
-
-   Some architectures (mips) require libatomic to support proper
-   atomic operations. Check first if support is available without
-   linking, otherwise use the library.
-
-Index: mariadb-10.5.9/configure.cmake
-===================================================================
---- mariadb-10.5.9.orig/configure.cmake
-+++ mariadb-10.5.9/configure.cmake
-@@ -862,7 +862,25 @@ int main()
-   long long int *ptr= &var;
-   return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST);
- }"
--HAVE_GCC_C11_ATOMICS)
-+HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC)
-+IF (HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC)
-+  SET(HAVE_GCC_C11_ATOMICS True)
-+ELSE()
-+  SET(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
-+  LIST(APPEND CMAKE_REQUIRED_LIBRARIES "atomic")
-+  CHECK_CXX_SOURCE_COMPILES("
-+  int main()
-+  {
-+    long long int var= 1;
-+    long long int *ptr= &var;
-+    return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST);
-+  }"
-+  HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC)
-+  IF(HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC)
-+    SET(HAVE_GCC_C11_ATOMICS True)
-+  ENDIF()
-+  SET(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES})
-+ENDIF()
- 
- IF(WITH_VALGRIND)
-   SET(HAVE_valgrind 1)
-Index: mariadb-10.5.9/mysys/CMakeLists.txt
-===================================================================
---- mariadb-10.5.9.orig/mysys/CMakeLists.txt
-+++ mariadb-10.5.9/mysys/CMakeLists.txt
-@@ -154,6 +154,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings
-  ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO})
- DTRACE_INSTRUMENT(mysys)
- 
-+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC)
-+  TARGET_LINK_LIBRARIES(mysys atomic)
-+ENDIF()
-+
- IF(HAVE_BFD_H)
-   TARGET_LINK_LIBRARIES(mysys bfd)  
- ENDIF(HAVE_BFD_H)
-Index: mariadb-10.5.9/sql/CMakeLists.txt
-===================================================================
---- mariadb-10.5.9.orig/sql/CMakeLists.txt
-+++ mariadb-10.5.9/sql/CMakeLists.txt
-@@ -222,6 +222,10 @@ ELSE()
-   SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL})
- ENDIF()
- 
-+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC)
-+  TARGET_LINK_LIBRARIES(sql atomic)
-+ENDIF()
-+
- IF(MSVC OR CMAKE_SYSTEM_NAME MATCHES AIX)
-   SET(libs_to_export_symbols sql mysys dbug strings)
-   # Create shared library of already compiled object

mariadb-10.6.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:75bf9b147a95d38160d01a73b098d50a1960563b46d16a235971fff64d99643c
-size 84947143

mariadb-10.6.4.tar.gz.asc

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYQopBAAKCRDLywgqG7lD
-24bAAKCqBjQZ7Flzd3ouZq/qRiRWRPTp9wCgt+9X7OjhIUqmEEN3ZLmcEXzwaXU=
-=MnrN
------END PGP SIGNATURE-----

mariadb-10.6.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e0be040428d9a42a8bb4bd221b567ff2522cd6fa8906386273da4f03c5c20a8f
+size 85061860

mariadb-10.6.5.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYYa3ZQAKCRDLywgqG7lD
+29TDAKD3wgRjflos8GdRwZauFsIEl09CYACfa5P42KFydGP2yfnmwQs8csnNsZ8=
+=o4QB
+-----END PGP SIGNATURE-----

mariadb.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Nov  9 08:34:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 10.6.5
+  * release notes and changelog:
+    https://mariadb.com/kb/en/library/mariadb-1065-release-notes
+    https://mariadb.com/kb/en/library/mariadb-1065-changelog
+  * fixes for the following security vulnerabilities:
+    10.6.5: none
+- Not affected by [CVE-2021-35604], bsc#1192497
+- Drop upstreamed patch:
+  * mariadb-10.2.19-link-and-enable-c++11-atomics.patch
+
+-------------------------------------------------------------------
+Mon Nov  8 15:36:39 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Use pam macros instead of hardcoding directories, fixes bsc#1191038
+- Add fix-pamdir.patch
+
 -------------------------------------------------------------------
 Sun Oct 31 08:27:25 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
 

mariadb.spec

@@ -50,7 +50,7 @@
 # Build with cracklib plugin when cracklib-dict-full >= 2.9.0 is available
 %define with_cracklib_plugin 0
 Name:           mariadb
-Version:        10.6.4
+Version:        10.6.5
 Release:        0
 Summary:        Server part of MariaDB
 License:        SUSE-GPL-2.0-with-FLOSS-exception
@@ -76,11 +76,11 @@ Patch1:         mariadb-10.2.4-logrotate.patch
 Patch2:         mariadb-10.1.1-mysqld_multi-features.patch
 Patch3:         mariadb-10.0.15-logrotate-su.patch
 Patch4:         mariadb-10.2.4-fortify-and-O.patch
-Patch5:         mariadb-10.2.19-link-and-enable-c++11-atomics.patch
 Patch6:         mariadb-10.4.12-harden_setuid.patch
 Patch7:         mariadb-10.4.12-fix-install-db.patch
 Patch8:	harden_mariadb.service.patch
 Patch9:         func_math_tests_MDEV-26645.diff
+Patch10:        fix-pamdir.patch
 # needed for bison SQL parser and wsrep API
 BuildRequires:  bison
 BuildRequires:  cmake
@@ -363,7 +363,6 @@ find . -name "*.jar" -type f -exec rm --verbose -f {} \;
 %patch2
 %patch3
 %patch4
-%patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
@@ -372,6 +371,10 @@ find . -name "*.jar" -type f -exec rm --verbose -f {} \;
 %patch9
 %endif
 %endif
+# usrmerge has only been applied to TW
+%if 0%{?suse_version} > 1500
+%patch10 -p1
+%endif
 
 cp %{_sourcedir}/suse-test-run .
 
@@ -857,7 +860,7 @@ exit 0
 %if %{with galera}
 %exclude %{_sysconfdir}/my.cnf.d/50-galera.cnf
 %endif
-%config(noreplace) %{_sysconfdir}/security/user_map.conf
+%config(noreplace) %{_pam_secconfdir}/user_map.conf
 %config %{_sysconfdir}/logrotate.d/%{name}
 %doc %{_defaultdocdir}/%{name}
 %dir %{_libexecdir}/mysql
@@ -888,7 +891,7 @@ exit 0
 %if 0%{with_cracklib_plugin} > 0
 %exclude %{_libdir}/mysql/plugin/cracklib_password_check.so
 %endif
-/%{_lib}/security/pam_user_map.so
+%{_pam_moduledir}/pam_user_map.so
 %dir %attr(0750, root, mysql) %{_libdir}/mysql/plugin/auth_pam_tool_dir
 %verify(not mode) %attr(4755,root,root) %{_libdir}/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
 %ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something