Accepting request 956810 from home:dspinella:branches:server:database

- Update to 10.7.3 (bsc#1196016): * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-1073-release-notes https://mariadb.com/kb/en/library/mariadb-1073-changelog https://mariadb.com/kb/en/library/mariadb-1072-release-notes https://mariadb.com/kb/en/library/mariadb-1072-changelog https://mariadb.com/kb/en/library/mariadb-1071-release-notes https://mariadb.com/kb/en/library/mariadb-1071-changelog https://mariadb.com/kb/en/library/mariadb-1070-release-notes https://mariadb.com/kb/en/library/mariadb-1070-changelog * fixes for the following security vulnerabilities: 10.7.3: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 10.7.2: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 10.7.1: none 10.7.0: none - Remove upstreamed patches: * mariadb-10.0.15-logrotate.su.patch * mariadb-10.1.1-mysqld_multi_features.patch - Refresh mariadb-10.2.4-logrotate.patch - Update list of skipped tests - Add bsc1194828.patch to fix build with GCC12, fixes bsc#1194828 - The following issues have already been fixed in this package but weren't OBS-URL: https://build.opensuse.org/request/show/956810 OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=292
2022-02-22 18:01:43 +00:00 · 2022-02-22 18:01:43 +00:00 · d14c12cb84
commit d14c12cb84
parent 1f0d240ace
12 changed files with 127 additions and 213 deletions
--- a/1
+++ b/1
@ -14,7 +14,6 @@
      <arch>x86_64</arch>
      <arch>aarch64</arch>
      <arch>ppc64le</arch>
-      <arch>ppc64</arch>
      <arch>ppc</arch>
    </conditions>
    <hardware>
--- a/bsc1194828.patch
+++ b/bsc1194828.patch
@ -0,0 +1,65 @@
+From b69191bbb2278fce92b470e8e3abafe048166e39 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= <marko.makela@mariadb.com>
+Date: Fri, 18 Feb 2022 16:31:54 +0200
+Subject: [PATCH] MDEV-26645: Fix UB in Item_func_plus and Item_func_minus
+
+An integer overflow in an expression like a+b or a-b is undefined behavior.
+The compiler is allowed to assume that no such overflow is possible,
+and optimize away some code accordingly.
+
+Item_func_plus::int_op(), Item_func_minus::int_op(): Always check
+for overflow.
+
+Depending on the compiler and the compilation options, a test might fail:
+
+CURRENT_TEST: main.func_math
+mysqltest: At line 425: query 'SELECT 9223372036854775807 + 9223372036854775807' succeeded - should have failed with errno 1690...
+
+A similar bug had been fixed earlier in
+commit 328edf8560dbf1941ce314fa112e0db05d9f97f1.
+---
+ sql/item_func.cc | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/sql/item_func.cc b/sql/item_func.cc
+index 60efc55d8785c..452bc74cc8215 100644
+--- a/sql/item_func.cc
+++ b/sql/item_func.cc
+@@ -1,5 +1,5 @@
+ /* Copyright (c) 2000, 2015, Oracle and/or its affiliates.
+-   Copyright (c) 2009, 2021, MariaDB
+   Copyright (c) 2009, 2022, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -1163,14 +1163,10 @@ longlong Item_func_plus::int_op()
+     }
+   }
+ 
+-#ifndef WITH_UBSAN
+-  res= val0 + val1;
+-#else
+   if (res_unsigned)
+     res= (longlong) ((ulonglong) val0 + (ulonglong) val1);
+   else
+-    res= val0+val1;
+-#endif /* WITH_UBSAN */
+    res= val0 + val1;
+ 
+   return check_integer_overflow(res, res_unsigned);
+ 
+@@ -1333,14 +1329,10 @@ longlong Item_func_minus::int_op()
+         goto err;
+     }
+   }
+-#ifndef WITH_UBSAN
+-  res= val0 - val1;
+-#else
+   if (res_unsigned)
+     res= (longlong) ((ulonglong) val0 - (ulonglong) val1);
+   else
+     res= val0 - val1;
+-#endif /* WITH_UBSAN */
+ 
+   return check_integer_overflow(res, res_unsigned);
+ 
--- a/mariadb-10.0.15-logrotate-su.patch
+++ b/mariadb-10.0.15-logrotate-su.patch
@ -1,17 +0,0 @@
-PATCH-P0-SUSE: Fix for logrorate config
-
-This patch fixes the logrotarte config file for mariadb.
-Read more at https://www.novell.com/support/kb/doc.php?id=7005219
-
-Index: support-files/mysql-log-rotate.sh
-===================================================================
--- support-files/mysql-log-rotate.sh.orig
-+++ support-files/mysql-log-rotate.sh
-@@ -20,6 +20,7 @@
- 
- /var/log/mysql/*.log {
-         # create 600 mysql mysql
-+        su mysql mysql
-         notifempty
-         daily
-         rotate 3
--- a/mariadb-10.1.1-mysqld_multi-features.patch
+++ b/mariadb-10.1.1-mysqld_multi-features.patch
@ -1,179 +0,0 @@
-PATCH-P0-FEATURE-UPSTREAM: Add more functionality to mysqld_multi script
-
-Adds reload funcionality to mysqld_multi.sh perl script and adds --datadir
-support.
-
-Maintainer: Michal Hrusecky <Michal.Hrusecky@opensuse.org>
-
-Index: scripts/mysqld_multi.sh
-===================================================================
--- scripts/mysqld_multi.sh.orig
-+++ scripts/mysqld_multi.sh
-@@ -36,6 +36,7 @@
- 
- use Getopt::Long;
- use POSIX qw(strftime getcwd);
-+use File::Path qw(mkpath);
- 
- $|=1;
- $VER="2.20";
-@@ -162,6 +163,7 @@ sub main
-   usage() if (!defined($ARGV[0]) ||
- 	      (!($ARGV[0] =~ m/^start$/i) &&
- 	       !($ARGV[0] =~ m/^stop$/i) &&
-+	       !($ARGV[0] =~ m/^reload$/i) &&
- 	       !($ARGV[0] =~ m/^report$/i)));
- 
-   if (!$opt_no_log)
-@@ -175,7 +177,7 @@ sub main
-     print strftime "%a %b %e %H:%M:%S %Y", localtime;
-     print "\n";
-   }
-  if ($ARGV[0] =~ m/^start$/i)
-+  if (($ARGV[0] =~ m/^start$/i) || ($ARGV[0] =~ m/^reload$/i))
-   {
-     if (!defined(($mysqld= my_which($opt_mysqld))) && $opt_verbose)
-     {
-@@ -184,7 +186,11 @@ sub main
-       print "This is OK, if you are using option \"mysqld=...\" in ";
-       print "groups [mysqldN] separately for each.\n\n";
-     }
-    start_mysqlds();
-+    if ($ARGV[0] =~ m/^start$/i) {
-+      start_mysqlds();
-+    } elsif ($ARGV[0] =~ m/^reload$/i) {
-+      reload_mysqlds();
-+    }
-   }
-   else
-   {
-@@ -344,6 +350,39 @@ sub start_mysqlds()
- 
-     for ($j = 0, $tmp= ""; defined($options[$j]); $j++)
-     {
-+      if ("--datadir=" eq substr($options[$j], 0, 10)) {
-+        $datadir = $options[$j];
-+        $datadir =~ s/\-\-datadir\=//;
-+        eval { mkpath($datadir) };
-+        if ($@) {
-+          print "FATAL ERROR: Cannot create data directory $datadir: $!\n";
-+          exit(1);
-+        }
-+        if (! -d $datadir."/mysql") {
-+          if (-w $datadir) {
-+            print "\n\nInstalling new database in $datadir\n\n";
-+            $install_cmd="@bindir@/mysql_install_db ";
-+            $install_cmd.="--user=mysql ";
-+            $install_cmd.="--datadir=$datadir";
-+            system($install_cmd);
-+          } else {
-+            print "\n";
-+            print "FATAL ERROR: Tried to create mysqld under group [$groups[$i]],\n";
-+            print "but the data directory is not writable.\n";
-+            print "data directory used: $datadir\n";
-+            exit(1);
-+          }
-+        }
-+
-+        if (! -d $datadir."/mysql") {
-+          print "\n";
-+          print "FATAL ERROR: Tried to start mysqld under group [$groups[$i]],\n";
-+          print "but no data directory was found or could be created.\n";
-+          print "data directory used: $datadir\n";
-+          exit(1);
-+        }
-+      }
-+
-       if ("--mysqladmin=" eq substr($options[$j], 0, 13))
-       {
- 	# catch this and ignore
-@@ -408,6 +447,58 @@ sub start_mysqlds()
- }
- 
- ####
-+#### reload multiple servers
-+####
-+
-+sub reload_mysqlds()
-+{
-+  my (@groups, $com, $tmp, $i, @options, $j);
-+
-+  if (!$opt_no_log)
-+  {
-+    w2log("\nReloading MySQL servers\n","$opt_log",0,0);
-+  }
-+  else
-+  {
-+    print "\nReloading MySQL servers\n";
-+  }
-+  @groups = &find_groups($groupids);
-+  for ($i = 0; defined($groups[$i]); $i++)
-+  {
-+    $mysqld_server = $mysqld;
-+    @options = defaults_for_group($groups[$i]);
-+
-+    for ($j = 0, $tmp= ""; defined($options[$j]); $j++)
-+    {
-+      if ("--mysqladmin=" eq substr($options[$j], 0, 13))
-+      {
-+        # catch this and ignore
-+      }
-+      elsif ("--mysqld=" eq substr($options[$j], 0, 9))
-+      {
-+        $options[$j] =~ s/\-\-mysqld\=//;
-+        $mysqld_server = $options[$j];
-+      }
-+      elsif ("--pid-file=" eq substr($options[$j], 0, 11))
-+      {
-+        $options[$j] =~ s/\-\-pid-file\=//;
-+        $pid_file = $options[$j];
-+      }
-+    }
-+    $com = "killproc -p $pid_file -HUP $mysqld_server";
-+    system($com);
-+
-+    $com = "touch $pid_file";
-+    system($com);
-+  }
-+  if (!$i && !$opt_no_log)
-+  {
-+    w2log("No MySQL servers to be reloaded (check your GNRs)",
-+         "$opt_log", 0, 0);
-+  }
-+}
-+
-+###
- #### stop multiple servers
- ####
- 
-@@ -770,7 +861,7 @@ sub usage
- $my_progname version $VER by Jani Tolonen
- 
- Description:
-$my_progname can be used to start, or stop any number of separate
-+$my_progname can be used to start, reload, or stop any number of separate
- mysqld processes running in different TCP/IP ports and UNIX sockets.
- 
- $my_progname can read group [mysqld_multi] from my.cnf file. You may
-@@ -788,16 +879,16 @@ integer starting from 1. These groups sh
- [mysqld] group, but with those port, socket and any other options
- that are to be used with each separate mysqld process. The number
- in the group name has another function; it can be used for starting,
-stopping, or reporting any specific mysqld server.
-+reloading, stopping, or reporting any specific mysqld server.
- 
-Usage: $my_progname [OPTIONS] {start|stop|report} [GNR,GNR,GNR...]
-or     $my_progname [OPTIONS] {start|stop|report} [GNR-GNR,GNR,GNR-GNR,...]
-+Usage: $my_progname [OPTIONS] {start|reload|stop|report} [GNR,GNR,GNR...]
-+or     $my_progname [OPTIONS] {start|reload|stop|report} [GNR-GNR,GNR,GNR-GNR,...]
- 
-The GNR means the group number. You can start, stop or report any GNR,
-+The GNR means the group number. You can start, reload, stop or report any GNR,
- or several of them at the same time. (See --example) The GNRs list can
- be comma separated or a dash combined. The latter means that all the
- GNRs between GNR1-GNR2 will be affected. Without GNR argument all the
-groups found will either be started, stopped, or reported. Note that
-+groups found will either be started, reloaded, stopped, or reported. Note that
- syntax for specifying GNRs must appear without spaces.
- 
- Options:
--- a/mariadb-10.2.4-logrotate.patch
+++ b/mariadb-10.2.4-logrotate.patch
@ -16,8 +16,8 @@ Index: support-files/mysql-log-rotate.sh
 -@localstatedir@/mysqld.log {
 +/var/log/mysql/*.log {
         # create 600 mysql mysql
+         su mysql mysql
         notifempty
-         daily
@@ -32,6 +32,14 @@
 	then
 	   @bindir@/mysqladmin --local flush-error-log \
--- a/mariadb-10.6.5.tar.gz
+++ b/mariadb-10.6.5.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0be040428d9a42a8bb4bd221b567ff2522cd6fa8906386273da4f03c5c20a8f
-size 85061860
--- a/mariadb-10.6.5.tar.gz.asc
+++ b/mariadb-10.6.5.tar.gz.asc
@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYYa3ZQAKCRDLywgqG7lD
-29TDAKD3wgRjflos8GdRwZauFsIEl09CYACfa5P42KFydGP2yfnmwQs8csnNsZ8=
-=o4QB
-----END PGP SIGNATURE-----
--- a/mariadb-10.7.3.tar.gz
+++ b/mariadb-10.7.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:da286919ffc9c913282202349709b6ba4ebcd342815e8dae0aa6b6bd8f515cd4
+size 86043006
--- a/mariadb-10.7.3.tar.gz.asc
+++ b/mariadb-10.7.3.tar.gz.asc
@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQZk2nlQEvV/H0v5DvLywgqG7lD2wUCYgb2EAAKCRDLywgqG7lD
+279xAKC5kHZ+FJJ4BRRskU8p3peeWH5OIACg7Ju1GgkBRYnnEI2lgB3t43cMvhk=
+=k2G9
+-----END PGP SIGNATURE-----
--- a/mariadb.changes
+++ b/mariadb.changes
@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Wed Feb 16 09:59:08 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 10.7.3 (bsc#1196016):
+  * release notes and changelog:
+    https://mariadb.com/kb/en/library/mariadb-1073-release-notes
+    https://mariadb.com/kb/en/library/mariadb-1073-changelog
+    https://mariadb.com/kb/en/library/mariadb-1072-release-notes
+    https://mariadb.com/kb/en/library/mariadb-1072-changelog
+    https://mariadb.com/kb/en/library/mariadb-1071-release-notes
+    https://mariadb.com/kb/en/library/mariadb-1071-changelog
+    https://mariadb.com/kb/en/library/mariadb-1070-release-notes
+    https://mariadb.com/kb/en/library/mariadb-1070-changelog
+  * fixes for the following security vulnerabilities:
+    10.7.3: CVE-2021-46665
+            CVE-2021-46664
+            CVE-2021-46661
+            CVE-2021-46668
+            CVE-2021-46663 
+    10.7.2: CVE-2022-24052
+            CVE-2022-24051
+            CVE-2022-24050
+            CVE-2022-24048
+            CVE-2021-46659, bsc#1195339
+    10.7.1: none
+    10.7.0: none
+- Remove upstreamed patches:
+  * mariadb-10.0.15-logrotate.su.patch
+  * mariadb-10.1.1-mysqld_multi_features.patch
+- Refresh mariadb-10.2.4-logrotate.patch
+- Update list of skipped tests
+- Add bsc1194828.patch to fix build with GCC12, fixes bsc#1194828
+- The following issues have already been fixed in this package but weren't
+  previously mentioned in the changes file:
+  CVE-2021-46658, bsc#1195334
+  CVE-2021-46657, bsc#1195325
+
 -------------------------------------------------------------------
 Thu Dec 30 12:01:56 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

--- a/mariadb.spec
+++ b/mariadb.spec
@ -1,7 +1,7 @@
 #
 # spec file for package mariadb
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -52,7 +52,7 @@
 # Build with cracklib plugin when cracklib-dict-full >= 2.9.0 is available
 %define with_cracklib_plugin 0
 Name:           mariadb
-Version:        10.6.5
+Version:        10.7.3
 Release:        0
 Summary:        Server part of MariaDB
 License:        SUSE-GPL-2.0-with-FLOSS-exception
@ -75,13 +75,13 @@ Source50:       suse_skipped_tests.list
 Source51:       mariadb-rpmlintrc
 Source52:       series
 Patch1:         mariadb-10.2.4-logrotate.patch
-Patch2:         mariadb-10.1.1-mysqld_multi-features.patch
-Patch3:         mariadb-10.0.15-logrotate-su.patch
 Patch4:         mariadb-10.2.4-fortify-and-O.patch
 Patch6:         mariadb-10.4.12-harden_setuid.patch
 Patch7:         mariadb-10.4.12-fix-install-db.patch
 Patch9:         func_math_tests_MDEV-26645.diff
 Patch10:        fix-pamdir.patch
+# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1194828 MDEV-26645
+Patch11:        bsc1194828.patch
 # needed for bison SQL parser and wsrep API
 BuildRequires:  bison
 BuildRequires:  cmake
@ -137,6 +137,7 @@ BuildRequires:  perl(Test::More)
 BuildRequires:  perl(Time::HiRes)
 # Do not ever switch away from BuildRequires: pkgconfig(libsystemd); BuildRequires systemd/systemd-devel causes build cycles
 BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(fmt)
 #!BuildIgnore:  user(mysql)
 # Required by rcmysql
 Requires:       %{name}-client
@ -354,8 +355,6 @@ PAM module.
 # Remove JAR files from the tarball (used for testing from the source)
 find . -name "*.jar" -type f -exec rm --verbose -f {} \;
 %patch1
-%patch2
-%patch3
 %patch4
 %patch6 -p1
 %patch7 -p1
--- a/suse_skipped_tests.list
+++ b/suse_skipped_tests.list
@ -70,3 +70,13 @@ main.upgrade_MDEV-23102-2                        : since 10.5.8 - x86_64
 main.mysql_upgrade_to_100502                     : since 10.5.8 - x86_64
 sys_vars.profiling_history_size_basic            : since 10.5.8 - x86_64
 sys_vars.old_alter_table_basic                   : since 10.5.8 - x86_64
+
+roles.acl_statistics                             : since 10.7.3 - x86_64
+main.stat_tables_innodb                          : since 10.7.3 - x86_64
+main.stat_tables                                 : since 10.7.3 - x86_64
+plugins.feedback_plugin_load                     : since 10.7.3 - x86_64
+main.explain_non_select                          : since 10.7.3 - x86_64
+main.selectivity_no_engine                       : since 10.7.3 - x86_64
+main.mysql_upgrade                               : since 10.7.3 - x86_64
+perfschema.privilege_table_io                    : since 10.7.3 - x86_64
+