From d14c12cb84e01f0db4c78234283c5364a5f8d5d33f3ba5c83b5ee7767545f762 Mon Sep 17 00:00:00 2001 From: Danilo Spinella Date: Tue, 22 Feb 2022 18:01:43 +0000 Subject: [PATCH] Accepting request 956810 from home:dspinella:branches:server:database - Update to 10.7.3 (bsc#1196016): * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-1073-release-notes https://mariadb.com/kb/en/library/mariadb-1073-changelog https://mariadb.com/kb/en/library/mariadb-1072-release-notes https://mariadb.com/kb/en/library/mariadb-1072-changelog https://mariadb.com/kb/en/library/mariadb-1071-release-notes https://mariadb.com/kb/en/library/mariadb-1071-changelog https://mariadb.com/kb/en/library/mariadb-1070-release-notes https://mariadb.com/kb/en/library/mariadb-1070-changelog * fixes for the following security vulnerabilities: 10.7.3: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 10.7.2: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 10.7.1: none 10.7.0: none - Remove upstreamed patches: * mariadb-10.0.15-logrotate.su.patch * mariadb-10.1.1-mysqld_multi_features.patch - Refresh mariadb-10.2.4-logrotate.patch - Update list of skipped tests - Add bsc1194828.patch to fix build with GCC12, fixes bsc#1194828 - The following issues have already been fixed in this package but weren't OBS-URL: https://build.opensuse.org/request/show/956810 OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=292 --- _constraints | 1 - bsc1194828.patch | 65 ++++++++ mariadb-10.0.15-logrotate-su.patch | 17 -- mariadb-10.1.1-mysqld_multi-features.patch | 179 --------------------- mariadb-10.2.4-logrotate.patch | 2 +- mariadb-10.6.5.tar.gz | 3 - mariadb-10.6.5.tar.gz.asc | 6 - mariadb-10.7.3.tar.gz | 3 + mariadb-10.7.3.tar.gz.asc | 6 + mariadb.changes | 37 +++++ mariadb.spec | 11 +- suse_skipped_tests.list | 10 ++ 12 files changed, 127 insertions(+), 213 deletions(-) create mode 100644 bsc1194828.patch delete mode 100644 mariadb-10.0.15-logrotate-su.patch delete mode 100644 mariadb-10.1.1-mysqld_multi-features.patch delete mode 100644 mariadb-10.6.5.tar.gz delete mode 100644 mariadb-10.6.5.tar.gz.asc create mode 100644 mariadb-10.7.3.tar.gz create mode 100644 mariadb-10.7.3.tar.gz.asc diff --git a/_constraints b/_constraints index ee0637d..524d176 100644 --- a/_constraints +++ b/_constraints @@ -14,7 +14,6 @@ x86_64 aarch64 ppc64le - ppc64 ppc diff --git a/bsc1194828.patch b/bsc1194828.patch new file mode 100644 index 0000000..0d53270 --- /dev/null +++ b/bsc1194828.patch @@ -0,0 +1,65 @@ +From b69191bbb2278fce92b470e8e3abafe048166e39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= +Date: Fri, 18 Feb 2022 16:31:54 +0200 +Subject: [PATCH] MDEV-26645: Fix UB in Item_func_plus and Item_func_minus + +An integer overflow in an expression like a+b or a-b is undefined behavior. +The compiler is allowed to assume that no such overflow is possible, +and optimize away some code accordingly. + +Item_func_plus::int_op(), Item_func_minus::int_op(): Always check +for overflow. + +Depending on the compiler and the compilation options, a test might fail: + +CURRENT_TEST: main.func_math +mysqltest: At line 425: query 'SELECT 9223372036854775807 + 9223372036854775807' succeeded - should have failed with errno 1690... + +A similar bug had been fixed earlier in +commit 328edf8560dbf1941ce314fa112e0db05d9f97f1. +--- + sql/item_func.cc | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/sql/item_func.cc b/sql/item_func.cc +index 60efc55d8785c..452bc74cc8215 100644 +--- a/sql/item_func.cc ++++ b/sql/item_func.cc +@@ -1,5 +1,5 @@ + /* Copyright (c) 2000, 2015, Oracle and/or its affiliates. +- Copyright (c) 2009, 2021, MariaDB ++ Copyright (c) 2009, 2022, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -1163,14 +1163,10 @@ longlong Item_func_plus::int_op() + } + } + +-#ifndef WITH_UBSAN +- res= val0 + val1; +-#else + if (res_unsigned) + res= (longlong) ((ulonglong) val0 + (ulonglong) val1); + else +- res= val0+val1; +-#endif /* WITH_UBSAN */ ++ res= val0 + val1; + + return check_integer_overflow(res, res_unsigned); + +@@ -1333,14 +1329,10 @@ longlong Item_func_minus::int_op() + goto err; + } + } +-#ifndef WITH_UBSAN +- res= val0 - val1; +-#else + if (res_unsigned) + res= (longlong) ((ulonglong) val0 - (ulonglong) val1); + else + res= val0 - val1; +-#endif /* WITH_UBSAN */ + + return check_integer_overflow(res, res_unsigned); + diff --git a/mariadb-10.0.15-logrotate-su.patch b/mariadb-10.0.15-logrotate-su.patch deleted file mode 100644 index 7c4a1ab..0000000 --- a/mariadb-10.0.15-logrotate-su.patch +++ /dev/null @@ -1,17 +0,0 @@ -PATCH-P0-SUSE: Fix for logrorate config - -This patch fixes the logrotarte config file for mariadb. -Read more at https://www.novell.com/support/kb/doc.php?id=7005219 - -Index: support-files/mysql-log-rotate.sh -=================================================================== ---- support-files/mysql-log-rotate.sh.orig -+++ support-files/mysql-log-rotate.sh -@@ -20,6 +20,7 @@ - - /var/log/mysql/*.log { - # create 600 mysql mysql -+ su mysql mysql - notifempty - daily - rotate 3 diff --git a/mariadb-10.1.1-mysqld_multi-features.patch b/mariadb-10.1.1-mysqld_multi-features.patch deleted file mode 100644 index 62c975b..0000000 --- a/mariadb-10.1.1-mysqld_multi-features.patch +++ /dev/null @@ -1,179 +0,0 @@ -PATCH-P0-FEATURE-UPSTREAM: Add more functionality to mysqld_multi script - -Adds reload funcionality to mysqld_multi.sh perl script and adds --datadir -support. - -Maintainer: Michal Hrusecky - -Index: scripts/mysqld_multi.sh -=================================================================== ---- scripts/mysqld_multi.sh.orig -+++ scripts/mysqld_multi.sh -@@ -36,6 +36,7 @@ - - use Getopt::Long; - use POSIX qw(strftime getcwd); -+use File::Path qw(mkpath); - - $|=1; - $VER="2.20"; -@@ -162,6 +163,7 @@ sub main - usage() if (!defined($ARGV[0]) || - (!($ARGV[0] =~ m/^start$/i) && - !($ARGV[0] =~ m/^stop$/i) && -+ !($ARGV[0] =~ m/^reload$/i) && - !($ARGV[0] =~ m/^report$/i))); - - if (!$opt_no_log) -@@ -175,7 +177,7 @@ sub main - print strftime "%a %b %e %H:%M:%S %Y", localtime; - print "\n"; - } -- if ($ARGV[0] =~ m/^start$/i) -+ if (($ARGV[0] =~ m/^start$/i) || ($ARGV[0] =~ m/^reload$/i)) - { - if (!defined(($mysqld= my_which($opt_mysqld))) && $opt_verbose) - { -@@ -184,7 +186,11 @@ sub main - print "This is OK, if you are using option \"mysqld=...\" in "; - print "groups [mysqldN] separately for each.\n\n"; - } -- start_mysqlds(); -+ if ($ARGV[0] =~ m/^start$/i) { -+ start_mysqlds(); -+ } elsif ($ARGV[0] =~ m/^reload$/i) { -+ reload_mysqlds(); -+ } - } - else - { -@@ -344,6 +350,39 @@ sub start_mysqlds() - - for ($j = 0, $tmp= ""; defined($options[$j]); $j++) - { -+ if ("--datadir=" eq substr($options[$j], 0, 10)) { -+ $datadir = $options[$j]; -+ $datadir =~ s/\-\-datadir\=//; -+ eval { mkpath($datadir) }; -+ if ($@) { -+ print "FATAL ERROR: Cannot create data directory $datadir: $!\n"; -+ exit(1); -+ } -+ if (! -d $datadir."/mysql") { -+ if (-w $datadir) { -+ print "\n\nInstalling new database in $datadir\n\n"; -+ $install_cmd="@bindir@/mysql_install_db "; -+ $install_cmd.="--user=mysql "; -+ $install_cmd.="--datadir=$datadir"; -+ system($install_cmd); -+ } else { -+ print "\n"; -+ print "FATAL ERROR: Tried to create mysqld under group [$groups[$i]],\n"; -+ print "but the data directory is not writable.\n"; -+ print "data directory used: $datadir\n"; -+ exit(1); -+ } -+ } -+ -+ if (! -d $datadir."/mysql") { -+ print "\n"; -+ print "FATAL ERROR: Tried to start mysqld under group [$groups[$i]],\n"; -+ print "but no data directory was found or could be created.\n"; -+ print "data directory used: $datadir\n"; -+ exit(1); -+ } -+ } -+ - if ("--mysqladmin=" eq substr($options[$j], 0, 13)) - { - # catch this and ignore -@@ -408,6 +447,58 @@ sub start_mysqlds() - } - - #### -+#### reload multiple servers -+#### -+ -+sub reload_mysqlds() -+{ -+ my (@groups, $com, $tmp, $i, @options, $j); -+ -+ if (!$opt_no_log) -+ { -+ w2log("\nReloading MySQL servers\n","$opt_log",0,0); -+ } -+ else -+ { -+ print "\nReloading MySQL servers\n"; -+ } -+ @groups = &find_groups($groupids); -+ for ($i = 0; defined($groups[$i]); $i++) -+ { -+ $mysqld_server = $mysqld; -+ @options = defaults_for_group($groups[$i]); -+ -+ for ($j = 0, $tmp= ""; defined($options[$j]); $j++) -+ { -+ if ("--mysqladmin=" eq substr($options[$j], 0, 13)) -+ { -+ # catch this and ignore -+ } -+ elsif ("--mysqld=" eq substr($options[$j], 0, 9)) -+ { -+ $options[$j] =~ s/\-\-mysqld\=//; -+ $mysqld_server = $options[$j]; -+ } -+ elsif ("--pid-file=" eq substr($options[$j], 0, 11)) -+ { -+ $options[$j] =~ s/\-\-pid-file\=//; -+ $pid_file = $options[$j]; -+ } -+ } -+ $com = "killproc -p $pid_file -HUP $mysqld_server"; -+ system($com); -+ -+ $com = "touch $pid_file"; -+ system($com); -+ } -+ if (!$i && !$opt_no_log) -+ { -+ w2log("No MySQL servers to be reloaded (check your GNRs)", -+ "$opt_log", 0, 0); -+ } -+} -+ -+### - #### stop multiple servers - #### - -@@ -770,7 +861,7 @@ sub usage - $my_progname version $VER by Jani Tolonen - - Description: --$my_progname can be used to start, or stop any number of separate -+$my_progname can be used to start, reload, or stop any number of separate - mysqld processes running in different TCP/IP ports and UNIX sockets. - - $my_progname can read group [mysqld_multi] from my.cnf file. You may -@@ -788,16 +879,16 @@ integer starting from 1. These groups sh - [mysqld] group, but with those port, socket and any other options - that are to be used with each separate mysqld process. The number - in the group name has another function; it can be used for starting, --stopping, or reporting any specific mysqld server. -+reloading, stopping, or reporting any specific mysqld server. - --Usage: $my_progname [OPTIONS] {start|stop|report} [GNR,GNR,GNR...] --or $my_progname [OPTIONS] {start|stop|report} [GNR-GNR,GNR,GNR-GNR,...] -+Usage: $my_progname [OPTIONS] {start|reload|stop|report} [GNR,GNR,GNR...] -+or $my_progname [OPTIONS] {start|reload|stop|report} [GNR-GNR,GNR,GNR-GNR,...] - --The GNR means the group number. You can start, stop or report any GNR, -+The GNR means the group number. You can start, reload, stop or report any GNR, - or several of them at the same time. (See --example) The GNRs list can - be comma separated or a dash combined. The latter means that all the - GNRs between GNR1-GNR2 will be affected. Without GNR argument all the --groups found will either be started, stopped, or reported. Note that -+groups found will either be started, reloaded, stopped, or reported. Note that - syntax for specifying GNRs must appear without spaces. - - Options: diff --git a/mariadb-10.2.4-logrotate.patch b/mariadb-10.2.4-logrotate.patch index 1781c7d..9910515 100644 --- a/mariadb-10.2.4-logrotate.patch +++ b/mariadb-10.2.4-logrotate.patch @@ -16,8 +16,8 @@ Index: support-files/mysql-log-rotate.sh -@localstatedir@/mysqld.log { +/var/log/mysql/*.log { # create 600 mysql mysql + su mysql mysql notifempty - daily @@ -32,6 +32,14 @@ then @bindir@/mysqladmin --local flush-error-log \ diff --git a/mariadb-10.6.5.tar.gz b/mariadb-10.6.5.tar.gz deleted file mode 100644 index 1f68d01..0000000 --- a/mariadb-10.6.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e0be040428d9a42a8bb4bd221b567ff2522cd6fa8906386273da4f03c5c20a8f -size 85061860 diff --git a/mariadb-10.6.5.tar.gz.asc b/mariadb-10.6.5.tar.gz.asc deleted file mode 100644 index 27490c4..0000000 --- a/mariadb-10.6.5.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYYa3ZQAKCRDLywgqG7lD -29TDAKD3wgRjflos8GdRwZauFsIEl09CYACfa5P42KFydGP2yfnmwQs8csnNsZ8= -=o4QB ------END PGP SIGNATURE----- diff --git a/mariadb-10.7.3.tar.gz b/mariadb-10.7.3.tar.gz new file mode 100644 index 0000000..59e26df --- /dev/null +++ b/mariadb-10.7.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:da286919ffc9c913282202349709b6ba4ebcd342815e8dae0aa6b6bd8f515cd4 +size 86043006 diff --git a/mariadb-10.7.3.tar.gz.asc b/mariadb-10.7.3.tar.gz.asc new file mode 100644 index 0000000..322594d --- /dev/null +++ b/mariadb-10.7.3.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYgb2EAAKCRDLywgqG7lD +279xAKC5kHZ+FJJ4BRRskU8p3peeWH5OIACg7Ju1GgkBRYnnEI2lgB3t43cMvhk= +=k2G9 +-----END PGP SIGNATURE----- diff --git a/mariadb.changes b/mariadb.changes index 5084930..13e669b 100644 --- a/mariadb.changes +++ b/mariadb.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Wed Feb 16 09:59:08 UTC 2022 - Danilo Spinella + +- Update to 10.7.3 (bsc#1196016): + * release notes and changelog: + https://mariadb.com/kb/en/library/mariadb-1073-release-notes + https://mariadb.com/kb/en/library/mariadb-1073-changelog + https://mariadb.com/kb/en/library/mariadb-1072-release-notes + https://mariadb.com/kb/en/library/mariadb-1072-changelog + https://mariadb.com/kb/en/library/mariadb-1071-release-notes + https://mariadb.com/kb/en/library/mariadb-1071-changelog + https://mariadb.com/kb/en/library/mariadb-1070-release-notes + https://mariadb.com/kb/en/library/mariadb-1070-changelog + * fixes for the following security vulnerabilities: + 10.7.3: CVE-2021-46665 + CVE-2021-46664 + CVE-2021-46661 + CVE-2021-46668 + CVE-2021-46663 + 10.7.2: CVE-2022-24052 + CVE-2022-24051 + CVE-2022-24050 + CVE-2022-24048 + CVE-2021-46659, bsc#1195339 + 10.7.1: none + 10.7.0: none +- Remove upstreamed patches: + * mariadb-10.0.15-logrotate.su.patch + * mariadb-10.1.1-mysqld_multi_features.patch +- Refresh mariadb-10.2.4-logrotate.patch +- Update list of skipped tests +- Add bsc1194828.patch to fix build with GCC12, fixes bsc#1194828 +- The following issues have already been fixed in this package but weren't + previously mentioned in the changes file: + CVE-2021-46658, bsc#1195334 + CVE-2021-46657, bsc#1195325 + ------------------------------------------------------------------- Thu Dec 30 12:01:56 UTC 2021 - Danilo Spinella diff --git a/mariadb.spec b/mariadb.spec index f647ca4..8d7f858 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -1,7 +1,7 @@ # # spec file for package mariadb # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,7 +52,7 @@ # Build with cracklib plugin when cracklib-dict-full >= 2.9.0 is available %define with_cracklib_plugin 0 Name: mariadb -Version: 10.6.5 +Version: 10.7.3 Release: 0 Summary: Server part of MariaDB License: SUSE-GPL-2.0-with-FLOSS-exception @@ -75,13 +75,13 @@ Source50: suse_skipped_tests.list Source51: mariadb-rpmlintrc Source52: series Patch1: mariadb-10.2.4-logrotate.patch -Patch2: mariadb-10.1.1-mysqld_multi-features.patch -Patch3: mariadb-10.0.15-logrotate-su.patch Patch4: mariadb-10.2.4-fortify-and-O.patch Patch6: mariadb-10.4.12-harden_setuid.patch Patch7: mariadb-10.4.12-fix-install-db.patch Patch9: func_math_tests_MDEV-26645.diff Patch10: fix-pamdir.patch +# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1194828 MDEV-26645 +Patch11: bsc1194828.patch # needed for bison SQL parser and wsrep API BuildRequires: bison BuildRequires: cmake @@ -137,6 +137,7 @@ BuildRequires: perl(Test::More) BuildRequires: perl(Time::HiRes) # Do not ever switch away from BuildRequires: pkgconfig(libsystemd); BuildRequires systemd/systemd-devel causes build cycles BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(fmt) #!BuildIgnore: user(mysql) # Required by rcmysql Requires: %{name}-client @@ -354,8 +355,6 @@ PAM module. # Remove JAR files from the tarball (used for testing from the source) find . -name "*.jar" -type f -exec rm --verbose -f {} \; %patch1 -%patch2 -%patch3 %patch4 %patch6 -p1 %patch7 -p1 diff --git a/suse_skipped_tests.list b/suse_skipped_tests.list index f6ca42a..2668871 100644 --- a/suse_skipped_tests.list +++ b/suse_skipped_tests.list @@ -70,3 +70,13 @@ main.upgrade_MDEV-23102-2 : since 10.5.8 - x86_64 main.mysql_upgrade_to_100502 : since 10.5.8 - x86_64 sys_vars.profiling_history_size_basic : since 10.5.8 - x86_64 sys_vars.old_alter_table_basic : since 10.5.8 - x86_64 + +roles.acl_statistics : since 10.7.3 - x86_64 +main.stat_tables_innodb : since 10.7.3 - x86_64 +main.stat_tables : since 10.7.3 - x86_64 +plugins.feedback_plugin_load : since 10.7.3 - x86_64 +main.explain_non_select : since 10.7.3 - x86_64 +main.selectivity_no_engine : since 10.7.3 - x86_64 +main.mysql_upgrade : since 10.7.3 - x86_64 +perfschema.privilege_table_io : since 10.7.3 - x86_64 +