From 09a8f8112d7eb37532088cd9ae7ce5911ef5b72f610ca2fd69b2829eb75c98df Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 14 Jun 2016 16:15:45 +0000 Subject: [PATCH] Accepting request 401997 from home:kstreitova:branches:server:database OBS-URL: https://build.opensuse.org/request/show/401997 OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=183 --- configuration-tweaks.tar.bz2 | 4 +-- mariadb-10.0.22.tar.gz | 3 -- mariadb-10.1.14.tar.gz | 3 ++ mariadb.changes | 43 +++++++++++++++++++++++++ mariadb.spec | 62 +++++++++++++++++++++++++++--------- mysql-patches.tar.bz2 | 4 +-- mysql-systemd-helper | 7 ++-- series | 12 +++---- 8 files changed, 106 insertions(+), 32 deletions(-) delete mode 100644 mariadb-10.0.22.tar.gz create mode 100644 mariadb-10.1.14.tar.gz diff --git a/configuration-tweaks.tar.bz2 b/configuration-tweaks.tar.bz2 index d03a9e4..28c79d5 100644 --- a/configuration-tweaks.tar.bz2 +++ b/configuration-tweaks.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1fc4c61b0177a5dcd5da60fff07cbd7efd7259498edacf3a46461d7cdbaa2e6d -size 317 +oid sha256:6454b898e392e90199b2858a4278613518656d07ad8d02d6f86d377418c92316 +size 613 diff --git a/mariadb-10.0.22.tar.gz b/mariadb-10.0.22.tar.gz deleted file mode 100644 index e2cc4ef..0000000 --- a/mariadb-10.0.22.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9e17f4aaccb7069a874555cca254974d0f0103f0ad5e2434acab6aa353dafc7b -size 56252325 diff --git a/mariadb-10.1.14.tar.gz b/mariadb-10.1.14.tar.gz new file mode 100644 index 0000000..49ff47e --- /dev/null +++ b/mariadb-10.1.14.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18e71974a059a268a3f28281599607344d548714ade823d575576121f76ada13 +size 55341017 diff --git a/mariadb.changes b/mariadb.changes index c2f5672..fff1ae2 100644 --- a/mariadb.changes +++ b/mariadb.changes @@ -1,3 +1,46 @@ +------------------------------------------------------------------- +Sun Jun 12 11:25:08 UTC 2016 - kstreitova@suse.com + +- update to 10.1.14 + * What is MariadDB 10.1: + https://mariadb.com/kb/en/mariadb/what-is-mariadb-101/ + * CVEs fixed in 10.1.x branch + CVE-2016-2047, CVE-2016-0668, CVE-2016-0651, CVE-2016-0650, + CVE-2016-0649, CVE-2016-0646, CVE-2016-0644, CVE-2016-0642, + CVE-2016-0641, CVE-2016-0640, CVE-2016-0616, CVE-2016-0610, + CVE-2016-0609, CVE-2016-0608, CVE-2016-0606, CVE-2016-0600, + CVE-2016-0598, CVE-2016-0597, CVE-2016-0596, CVE-2016-0546, + CVE-2016-0505, CVE-2015-7744, CVE-2015-4913, CVE-2015-4895, + CVE-2015-4879, CVE-2015-4870, CVE-2015-4866, CVE-2015-4864, + CVE-2015-4861, CVE-2015-4858, CVE-2015-4836, CVE-2015-4830, + CVE-2015-4826, CVE-2015-4819, CVE-2015-4816, CVE-2015-4815, + CVE-2015-4807, CVE-2015-4802, CVE-2015-4792 + * adjust mysql-patches.tar.bz2 archive for mariadb-101 + * pack new MariaDB 10.1.x files +- remove '%define _rundir' as 13.1 is out of support scope +- temporarily disable OQGraph It seems to need the boost library with + the version not earlier than 1.40 and not later than 1.55 (MDEV-9479) +- add "BuildRequires: systemd-devel" for SLE12, openSUSE 13.2 and + openSUSE Leap in order to enable systemd features during the build of + mariadb-101 for these products. Otherwise we get "Performing Test + HAVE_SYSTEMD - Failed" and systemd files aren't installed. +- re-enable profiling support +- don't remove HandlerSocket plugin [bnc#979524] +- add 'log-error' and 'secure-file-priv' configuration options + (added via configuration-tweaks.tar.bz2) [bsc#963810] + * add '/etc/my.cnf.d/error_log.conf' that specifies + 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error + log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked + up by logrotate. + * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that + 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with + files in the directory specified by 'secure-file-priv' option + (='/var/lib/mysql-files'). +- run 'usermod -g mysql mysql' only if mysql user is not in mysql group. + Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have + '/bin/false' shell set. +- don't delete the log data when migration fails + ------------------------------------------------------------------- Thu May 5 14:31:50 UTC 2016 - dmueller@suse.com diff --git a/mariadb.spec b/mariadb.spec index b349677..624e995 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -25,18 +25,16 @@ %define soname 18 %define preferred 1 %define builtin_plugins partition,csv,heap,aria,pbxt,myisam,myisammrg,xtradb -%define extra_provides mariadb_100 +%define extra_provides mariadb_101 %define with_mandatory_boost 0 -%define build_extras 0 +%define build_extras 1 # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir %{_libexecdir}/tmpfiles.d } -# Remove when 13.1 is out of support scope -%if ! %{defined _rundir} -%define _rundir %{_localstatedir}/run -%endif %if 0%{build_extras} > 0 %define with_jemalloc 1 -%define with_oqgraph 1 +#temporarily disable OQGraph (see MDEV-9479) +#%define with_oqgraph 1 +%define with_oqgraph 0 %define with_cassandra 1 %else %define with_jemalloc 0 @@ -44,7 +42,7 @@ %define with_cassandra 0 %endif Name: mariadb -Version: 10.0.22 +Version: 10.1.14 Release: 0 Summary: Server part of %{pretty_name} License: SUSE-GPL-2.0-with-FLOSS-exception @@ -101,6 +99,10 @@ BuildRequires: tcpd-devel BuildRequires: time BuildRequires: zlib-devel BuildRequires: pkgconfig(systemd) +# Enable systemd features for mariadb-101 on SLE12, openSUSE 13.2 and openSUSE Leap +%if ("%{extra_provides}" == "mariadb_101") && ((0%{?suse_version} == 1315) || (0%{?suse_version} == 1320)) +BuildRequires: systemd-devel +%endif # required by rcmysql Requires: %{name}-client Requires: %{name}-errormessages = %{version} @@ -139,7 +141,8 @@ BuildRequires: boost-devel >= 1.57.0 %if 0%{with_oqgraph} > 0 || 0%{with_cassandra} > 0 BuildRequires: boost-devel %endif -%if 0%{with_jemalloc} > 0 +# Build with jemalloc even for mariadb-100 to enable TokuDB there (bnc#970287) +%if 0%{with_jemalloc} > 0 || "%{extra_provides}" == "mariadb_100" BuildRequires: jemalloc-devel %endif %if 0%{with_oqgraph} > 0 @@ -357,7 +360,7 @@ export CXXFLAGS="$CFLAGS -felide-constructors" %cmake -DWITH_SSL=system \ -DWITH_ASAN=OFF \ -DWITH_LIBWRAP=ON \ - -DENABLED_PROFILING=OFF \ + -DENABLED_PROFILING=ON \ -DENABLE_DEBUG_SYNC=OFF \ -DWITH_PIC=ON \ -DWITH_ZLIB=system \ @@ -450,9 +453,6 @@ install -m 644 build/sql/mysqld.sym %{buildroot}%{_libdir}/mysql/mysqld.sym install -p -m 644 build/Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/ install -p -m 644 build/Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/ -# Remove handler socket client -rm -f %{buildroot}%{_libdir}/mysql/plugin/handlersocket.so - # Remove debug management for keys Mariadb 101+ rm -f %{buildroot}%{_libdir}/mysql/plugin/debug_key_management.so @@ -470,6 +470,13 @@ rm -f %{buildroot}%{_libdir}/mysql/plugin/daemon_example.ini mv %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process %{buildroot}%{_bindir} +# Remove unused services for mariadb_101 +%if "%{extra_provides}" == "mariadb_101" +rm -f %{buildroot}'%{_libexecdir}/systemd/system/mariadb.service' +rm -f %{buildroot}'%{_libexecdir}/systemd/system/mariadb@.service' +rm -f %{buildroot}'%{_libexecdir}/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf' +%endif + # Generate various filelists filelist innochecksum my_print_defaults myisam_ftdump myisamchk myisamlog myisampack mysql_fix_extensions mysql_fix_privilege_tables mysql_ssl_rsa_setup mysql_install_db mysql_secure_installation mysql_upgrade mysqlbug mysqld mysqld_multi mysqld_safe mysqlbinlog mysqldumpslow mysqlmanager mroonga resolve_stack_dump resolveip {m,}aria_chk {m,}aria_dump_log {m,}aria_ftdump {m,}aria_pack {m,}aria_read_log xtstat tokuft_logprint tokuftdump >mysql.files @@ -604,6 +611,9 @@ rm -f '%{buildroot}'%{_datadir}/doc/* 2> /dev/null || true # Unwanted packaged stuff rm -rf '%{buildroot}'%{_datadir}/mysql/{solaris,SELinux} +# Create the directory specified in 'secure-file-priv' option +mkdir -p '%{buildroot}'/var/lib/mysql-files + %check cd build @@ -631,14 +641,18 @@ cd mysql-test getent group mysql >/dev/null || groupadd -r mysql getent passwd mysql >/dev/null || useradd -r -o -g mysql -u 60 -c "MySQL database admin" \ -s /bin/false -d %{_localstatedir}/lib/mysql mysql -usermod -g mysql -s /bin/false mysql +# if mysql user is not in mysql group or if mysql user doesn't have '/bin/false' shell set, do so +id -Gn mysql | grep '\bmysql\b' &>/dev/null || usermod -g mysql mysql +getent passwd mysql | cut -d: -f7 | grep '\b/bin/false\b' &>/dev/null || usermod -s /bin/false mysql exit 0 %pre getent group mysql >/dev/null || groupadd -r mysql getent passwd mysql >/dev/null || useradd -r -o -g mysql -u 60 -c "MySQL database admin" \ -s /bin/false -d %{_localstatedir}/lib/mysql mysql -usermod -g mysql -s /bin/false mysql +# if mysql user is not in mysql group or if mysql user doesn't have '/bin/false' shell set, do so +id -Gn mysql | grep '\bmysql\b' &>/dev/null || usermod -g mysql mysql +getent passwd mysql | cut -d: -f7 | grep '\b/bin/false\b' &>/dev/null || usermod -s /bin/false mysql %service_add_pre mysql.service mysql@.service mysql.target mysql@default.service @@ -751,6 +765,24 @@ rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} %dir %{_libdir}/mysql/plugin %{_libdir}/mysql/plugin/[!d]*.so %ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} +%dir %attr(0750, mysql, mysql) /var/lib/mysql-files +# Pack files for mariadb_101 +%if "%{extra_provides}" == "mariadb_101" +%{_bindir}/galera_new_cluster +%{_bindir}/mariadb-service-convert +%dir %{_datadir}/mysql/policy +%dir %{_datadir}/mysql/policy/apparmor +%{_datadir}/mysql/policy/apparmor/README +%{_datadir}/mysql/policy/apparmor/usr.sbin.mysqld* +%dir %{_datadir}/mysql/policy/selinux +%{_datadir}/mysql/policy/selinux/README +%{_datadir}/mysql/policy/selinux/mariadb-server.* +%dir %{_datadir}/mysql/systemd +%{_datadir}/mysql/systemd/mariadb.service +%{_datadir}/mysql/systemd/mariadb@.service +%{_datadir}/mysql/systemd/use_galera_new_cluster.conf +%endif + %files errormessages -f errormessages.files %defattr(-, root, root) diff --git a/mysql-patches.tar.bz2 b/mysql-patches.tar.bz2 index 0189f31..587ba50 100644 --- a/mysql-patches.tar.bz2 +++ b/mysql-patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:919be0b46bad078177bfdd8b377d3226dd3bcba171b68dc6237a12ddef040a57 -size 13956 +oid sha256:a9d2a8bb07b80054bc9bd3c87a2711ce262d90e83ec58b005a54b63af7139f96 +size 11977 diff --git a/mysql-systemd-helper b/mysql-systemd-helper index 47e1e0e..088892e 100644 --- a/mysql-systemd-helper +++ b/mysql-systemd-helper @@ -124,8 +124,11 @@ mysql_upgrade() { # Cleanup echo "Final cleanup" - rm -rf "$protected" "/var/run/mysql/protecteddir.$INSTANCE" - [[ -z "$up_ok" ]] || die "Something failed during upgrade, please check logs" + if [[ -z "$up_ok" ]]; then + rm -rf "$protected" "/var/run/mysql/protecteddir.$INSTANCE" + else + die "Something failed during upgrade, please check logs" + fi fi } diff --git a/series b/series index 6fe8cb6..0da9f05 100644 --- a/series +++ b/series @@ -1,15 +1,11 @@ mysql-community-server-5.1.45-multi-configuration.patch mysql-community-server-5.1.46-logrotate.patch mariadb-5.5.28-install_db-quiet.patch -mariadb-10.0.15-mysqld_multi-features.patch +mariadb-10.1.1-mysqld_multi-features.patch mariadb-5.2.3-cnf.patch mysql-community-server-5.5.6-safe-process-in-bin.patch -mariadb-10.0.17-group.patch -mariadb-10.0.5-deharcode-libdir.patch -mariadb-10.0.15-fortify-and-O.patch +mariadb-10.1.4-group.patch +mariadb-10.1.12-deharcode-libdir.patch mariadb-10.0.15-logrotate-su.patch -mariadb-10.0.15-covscan-signexpr.patch -mariadb-10.0.10-string-overflow.patch -mariadb-10.0.20-tabxml-bufferoverflowstrncat.patch +mariadb-10.1.12-fortify-and-O.patch mariadb-10.0.21-mysql-test_main_bootstrap.patch -mariadb-10.0.22-fix_build_denabled_profiling_off.patch