diff --git a/fix-pamdir.patch b/fix-pamdir.patch new file mode 100644 index 0000000..7d83020 --- /dev/null +++ b/fix-pamdir.patch @@ -0,0 +1,13 @@ +diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake +index 877b147bc6e..f025aec78cb 100644 +--- a/cmake/install_layout.cmake ++++ b/cmake/install_layout.cmake +@@ -163,7 +163,7 @@ SET(INSTALL_UNIX_ADDRDIR_RPM "${INSTALL_MYSQLDATADIR_RPM}/mysql.sock" + SET(INSTALL_SYSTEMD_UNITDIR_RPM "/usr/lib/systemd/system") + SET(INSTALL_SYSTEMD_SYSUSERSDIR_RPM "/usr/lib/sysusers.d") + SET(INSTALL_SYSTEMD_TMPFILESDIR_RPM "/usr/lib/tmpfiles.d") +-SET(INSTALL_PAMDIR_RPM "/${INSTALL_LIBDIR_RPM}/security") ++SET(INSTALL_PAMDIR_RPM "${INSTALL_LIBDIR_RPM}/security") + SET(INSTALL_PAMDATADIR_RPM "/etc/security") + + # diff --git a/mariadb-10.2.19-link-and-enable-c++11-atomics.patch b/mariadb-10.2.19-link-and-enable-c++11-atomics.patch deleted file mode 100644 index 9a3dd98..0000000 --- a/mariadb-10.2.19-link-and-enable-c++11-atomics.patch +++ /dev/null @@ -1,70 +0,0 @@ -Author: Vicențiu Ciorbaru -Date: Fri Dec 21 19:14:04 2018 +0200 - - Link with libatomic to enable C11 atomics support - - Some architectures (mips) require libatomic to support proper - atomic operations. Check first if support is available without - linking, otherwise use the library. - -Index: mariadb-10.5.9/configure.cmake -=================================================================== ---- mariadb-10.5.9.orig/configure.cmake -+++ mariadb-10.5.9/configure.cmake -@@ -862,7 +862,25 @@ int main() - long long int *ptr= &var; - return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); - }" --HAVE_GCC_C11_ATOMICS) -+HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+IF (HAVE_GCC_C11_ATOMICS_WITHOUT_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ELSE() -+ SET(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES}) -+ LIST(APPEND CMAKE_REQUIRED_LIBRARIES "atomic") -+ CHECK_CXX_SOURCE_COMPILES(" -+ int main() -+ { -+ long long int var= 1; -+ long long int *ptr= &var; -+ return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); -+ }" -+ HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ IF(HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ SET(HAVE_GCC_C11_ATOMICS True) -+ ENDIF() -+ SET(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES}) -+ENDIF() - - IF(WITH_VALGRIND) - SET(HAVE_valgrind 1) -Index: mariadb-10.5.9/mysys/CMakeLists.txt -=================================================================== ---- mariadb-10.5.9.orig/mysys/CMakeLists.txt -+++ mariadb-10.5.9/mysys/CMakeLists.txt -@@ -154,6 +154,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings - ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO}) - DTRACE_INSTRUMENT(mysys) - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(mysys atomic) -+ENDIF() -+ - IF(HAVE_BFD_H) - TARGET_LINK_LIBRARIES(mysys bfd) - ENDIF(HAVE_BFD_H) -Index: mariadb-10.5.9/sql/CMakeLists.txt -=================================================================== ---- mariadb-10.5.9.orig/sql/CMakeLists.txt -+++ mariadb-10.5.9/sql/CMakeLists.txt -@@ -222,6 +222,10 @@ ELSE() - SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL}) - ENDIF() - -+IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) -+ TARGET_LINK_LIBRARIES(sql atomic) -+ENDIF() -+ - IF(MSVC OR CMAKE_SYSTEM_NAME MATCHES AIX) - SET(libs_to_export_symbols sql mysys dbug strings) - # Create shared library of already compiled object diff --git a/mariadb-10.6.4.tar.gz b/mariadb-10.6.4.tar.gz deleted file mode 100644 index d5af57a..0000000 --- a/mariadb-10.6.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:75bf9b147a95d38160d01a73b098d50a1960563b46d16a235971fff64d99643c -size 84947143 diff --git a/mariadb-10.6.4.tar.gz.asc b/mariadb-10.6.4.tar.gz.asc deleted file mode 100644 index 0e71941..0000000 --- a/mariadb-10.6.4.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYQopBAAKCRDLywgqG7lD -24bAAKCqBjQZ7Flzd3ouZq/qRiRWRPTp9wCgt+9X7OjhIUqmEEN3ZLmcEXzwaXU= -=MnrN ------END PGP SIGNATURE----- diff --git a/mariadb-10.6.5.tar.gz b/mariadb-10.6.5.tar.gz new file mode 100644 index 0000000..1f68d01 --- /dev/null +++ b/mariadb-10.6.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e0be040428d9a42a8bb4bd221b567ff2522cd6fa8906386273da4f03c5c20a8f +size 85061860 diff --git a/mariadb-10.6.5.tar.gz.asc b/mariadb-10.6.5.tar.gz.asc new file mode 100644 index 0000000..27490c4 --- /dev/null +++ b/mariadb-10.6.5.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYYa3ZQAKCRDLywgqG7lD +29TDAKD3wgRjflos8GdRwZauFsIEl09CYACfa5P42KFydGP2yfnmwQs8csnNsZ8= +=o4QB +-----END PGP SIGNATURE----- diff --git a/mariadb.changes b/mariadb.changes index 800f9a2..8aed92f 100644 --- a/mariadb.changes +++ b/mariadb.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Nov 9 08:34:26 UTC 2021 - Danilo Spinella + +- Update to 10.6.5 + * release notes and changelog: + https://mariadb.com/kb/en/library/mariadb-1065-release-notes + https://mariadb.com/kb/en/library/mariadb-1065-changelog + * fixes for the following security vulnerabilities: + 10.6.5: none +- Not affected by [CVE-2021-35604], bsc#1192497 +- Drop upstreamed patch: + * mariadb-10.2.19-link-and-enable-c++11-atomics.patch + +------------------------------------------------------------------- +Mon Nov 8 15:36:39 UTC 2021 - Danilo Spinella + +- Use pam macros instead of hardcoding directories, fixes bsc#1191038 +- Add fix-pamdir.patch + ------------------------------------------------------------------- Sun Oct 31 08:27:25 UTC 2021 - Christian Boltz diff --git a/mariadb.spec b/mariadb.spec index d5c2744..819b418 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -50,7 +50,7 @@ # Build with cracklib plugin when cracklib-dict-full >= 2.9.0 is available %define with_cracklib_plugin 0 Name: mariadb -Version: 10.6.4 +Version: 10.6.5 Release: 0 Summary: Server part of MariaDB License: SUSE-GPL-2.0-with-FLOSS-exception @@ -76,11 +76,11 @@ Patch1: mariadb-10.2.4-logrotate.patch Patch2: mariadb-10.1.1-mysqld_multi-features.patch Patch3: mariadb-10.0.15-logrotate-su.patch Patch4: mariadb-10.2.4-fortify-and-O.patch -Patch5: mariadb-10.2.19-link-and-enable-c++11-atomics.patch Patch6: mariadb-10.4.12-harden_setuid.patch Patch7: mariadb-10.4.12-fix-install-db.patch Patch8: harden_mariadb.service.patch Patch9: func_math_tests_MDEV-26645.diff +Patch10: fix-pamdir.patch # needed for bison SQL parser and wsrep API BuildRequires: bison BuildRequires: cmake @@ -363,7 +363,6 @@ find . -name "*.jar" -type f -exec rm --verbose -f {} \; %patch2 %patch3 %patch4 -%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 @@ -372,6 +371,10 @@ find . -name "*.jar" -type f -exec rm --verbose -f {} \; %patch9 %endif %endif +# usrmerge has only been applied to TW +%if 0%{?suse_version} > 1500 +%patch10 -p1 +%endif cp %{_sourcedir}/suse-test-run . @@ -857,7 +860,7 @@ exit 0 %if %{with galera} %exclude %{_sysconfdir}/my.cnf.d/50-galera.cnf %endif -%config(noreplace) %{_sysconfdir}/security/user_map.conf +%config(noreplace) %{_pam_secconfdir}/user_map.conf %config %{_sysconfdir}/logrotate.d/%{name} %doc %{_defaultdocdir}/%{name} %dir %{_libexecdir}/mysql @@ -888,7 +891,7 @@ exit 0 %if 0%{with_cracklib_plugin} > 0 %exclude %{_libdir}/mysql/plugin/cracklib_password_check.so %endif -/%{_lib}/security/pam_user_map.so +%{_pam_moduledir}/pam_user_map.so %dir %attr(0750, root, mysql) %{_libdir}/mysql/plugin/auth_pam_tool_dir %verify(not mode) %attr(4755,root,root) %{_libdir}/mysql/plugin/auth_pam_tool_dir/auth_pam_tool %ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-something