import mariadb-10.5.13-1.module+el8.5.0+14125+d11efe18

This commit is contained in:
CentOS Sources 2022-03-29 07:02:54 -04:00 committed by Stepan Oksanichenko
parent e74263f396
commit 215d61b90e
9 changed files with 1118 additions and 169 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/mariadb-10.5.9.tar.gz
SOURCES/mariadb-10.5.13-downstream_modified.tar.gz

View File

@ -1 +1 @@
73767fac3d1c504298259708272fb6a58e644967 SOURCES/mariadb-10.5.9.tar.gz
ace36fe1a0ebba69b7cab359cb9a51c5b9fecbb4 SOURCES/mariadb-10.5.13-downstream_modified.tar.gz

View File

@ -0,0 +1,132 @@
socat tunnel for encrypted rsync SST
====================================
`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer)
implementation that ships with mariadb. Its purpose is to encrypt
communication between the donor and the joiner during an SST.
Encryption is implemented by means of a socat tunnel, using OPENSSL
addresses. It can be configured via the regular openssl flags exposed
by socat.
## How to configure the script
This SST script can configured by setting a few keys in your favorite
mariadb option file in addition to the usual galera settings.
[mysqld]
...
bind_address=<node-name>
wsrep_sst_method=rsync_tunnel
...
[sst]
tca=/path/to/your/ca-file.crt
tcert=/path/to/node/certificate.crt
tkey=/path/to/node/key.key
sockopt=<openssl-address-options-as-per-socat-manual>
When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses
socat to listen to incoming SSL connections on port 4444 in lieu of
the original rsync daemon. Received data will be forwarded to the
rscynd daemon started locally to replicate the database.
When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes
a series of rsync calls that target a locally started socat daemon.
The daemon tunnels all rsync traffic into an encrypted SSL connection
that targets the joiner's end of the socat tunnel.
Encryption parameters are specified under the `[sst]` group in the
mariadb option file, where `tkey` and `tcert` are respectively the key
and the certificate that are used by both sides of the socat tunnel.
Each node typically has a different key and cert. Both key and
certificate can be combined into a single PEM file and referenced by
`tcert`. Option `tca` holds a list of the trusted signing
certificates.
In case you need to tweak the creation of the SSL connection, you can
pass valid socat options (as per socat manual) via the `sockopt` key.
For debugging purpose, the exact socat command that is being executed
shows up in the mariadb log file.
Note that socat verifies that the certificate's commonName matches
that of the host that is being targeted. The target name comes from
the value configured in `bind_address`, so it's important that it
matches the certificate's commonName. An IP address can be used for
`bind_address`, but you may get into trouble in case different
hostnames resolve to the same IP (e.g. multiple networks per host).
## Examples of use
Suppose you're running a 3-node galera cluster
`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`.
### Scenario: using self-signed certificates
On each node, create a key and a certificate, and bundle them into a
single PEM file. For instance on `node1.my.cluster`:
openssl genrsa -out /tls/mysql-$(hostname -f).key 2048
openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch
cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem
Then, on each node, create a cafile that will contain all the certs to
trust:
for n in node1.my.cluster node2.my.cluster node3.my.cluster; do
ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt
done
Once you have those two files on each host, you can configure the SST
appropriately. For instance from `/etc/my.cnf.d/galera.cnf`:
[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem
### Scenario: using self-signed certificates, without verification
By default, when socat tries to establish a SSL connection to a peer,
it also verifies that it can trust the peer's certificate. If for some
reason you need to disable that feature, you can amend the previous
configuration with a sockopt option:
[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem
sockopt="verify=0"
The associated sockopt value is passed to socat when
the donor or the joiner configures his part of the tunnel.
Note: please do not do so in production, this is inherently insecure
as you will not verify the identity of the peer you're connecting to!
### Scenario: using certificates from a CA
Suppose you have a FreeIPA service which generated a key file and a
certificate file for the three galera nodes, respectively located at
/tls/mysql.key and /tls/mysql.crt.
Assuming that the certificate for the FreeIPA server is available at
/etc/ipa/ca.crt, you can configure you galera servers as follows:
[sst]
tca=/etc/ipa/ca.crt
tcert=/tls/mysql.crt
tkey=/tls/mysql.key
## License
Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin).
This work is derived from the original `wsrep_rsync_sst`, copyright
© 2010-2014 [Codership Oy](https://github.com/codership).
Released under the GNU GPLv2.

View File

@ -0,0 +1,378 @@
From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Mon, 8 Nov 2021 18:48:19 +0100
Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
Summary of changes
- MD_CTX_SIZE is increased
- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
to nobody knows where. The assumption made previously was that
(since the function does not seem to be documented)
was that it points to the last partial source block.
Add own partial block buffer for NOPAD encryption instead
- SECLEVEL in CipherString in openssl.cnf
had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
in addition to what was set in --ssl-cipher
- ctx_buf buffer now must be aligned to 16 bytes with openssl(
previously with WolfSSL only), ot crashes will happen
- updated aes-t , to be better debuggable
using function, rather than a huge multiline macro
added test that does "nopad" encryption piece-wise, to test
replacement of EVP_CIPHER_CTX_buf_noconst
---
cmake/ssl.cmake | 19 ++++-
include/ssl_compat.h | 3 +-
mysql-test/lib/openssl.cnf | 2 +-
mysql-test/main/ssl_cipher.result | 6 +-
mysql-test/main/ssl_cipher.test | 2 +-
mysys_ssl/my_crypt.cc | 46 +++++++-----
unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++--------
7 files changed, 141 insertions(+), 58 deletions(-)
diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake
--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100
@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
SET(SSL_INTERNAL_INCLUDE_DIRS "")
SET(SSL_DEFINES "-DHAVE_OPENSSL")
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
+
+ # Silence "deprecated in OpenSSL 3.0"
+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
+ ENDIF()
+
SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+
CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
HAVE_ERR_remove_thread_state)
CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
HAVE_EncryptAes128Gcm)
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
HAVE_X509_check_host)
- SET(CMAKE_REQUIRED_INCLUDES)
- SET(CMAKE_REQUIRED_LIBRARIES)
+
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
ELSE()
IF(WITH_SSL STREQUAL "system")
MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h
--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100
@@ -24,7 +24,7 @@
#define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
#define ERR_remove_state(X) ERR_clear_error()
#define EVP_CIPHER_CTX_SIZE 176
-#define EVP_MD_CTX_SIZE 48
+#define EVP_MD_CTX_SIZE 72
#undef EVP_MD_CTX_init
#define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
#undef EVP_CIPHER_CTX_init
@@ -74,7 +74,6 @@
#endif
#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf
--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100
@@ -9,4 +9,4 @@ ssl_conf = ssl_section
system_default = system_default_section
[system_default_section]
-CipherString = ALL:@SECLEVEL=1
+CipherString = ALL:@SECLEVEL=0
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100
@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
-SHOW STATUS LIKE 'Ssl_cipher_list';
-Variable_name Value
-Ssl_cipher_list AES128-SHA
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
+VARIABLE_VALUE like '%AES128-SHA%'
+1
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100
@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL)
--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
--replace_regex /TLS_AES_.*/AES128-SHA/
-SHOW STATUS LIKE 'Ssl_cipher_list';
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc
--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100
@@ -29,11 +29,7 @@
#include <ssl_compat.h>
#include <cstdint>
-#ifdef HAVE_WOLFSSL
#define CTX_ALIGN 16
-#else
-#define CTX_ALIGN 0
-#endif
class MyCTX
{
@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
{
public:
const uchar *key;
- uint klen, buf_len;
+ uint klen, source_tail_len;
uchar oiv[MY_AES_BLOCK_SIZE];
+ uchar source_tail[MY_AES_BLOCK_SIZE];
MyCTX_nopad() : MyCTX() { }
~MyCTX_nopad() { }
@@ -112,7 +109,7 @@ public:
compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
this->key= key;
this->klen= klen;
- this->buf_len= 0;
+ this->source_tail_len= 0;
if (ivlen)
memcpy(oiv, iv, ivlen);
DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
@@ -123,26 +120,41 @@ public:
return res;
}
+ /** Update last partial source block, stored in source_tail array. */
+ void update_source_tail(const uchar* src, uint slen)
+ {
+ if (!slen)
+ return;
+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
+ if (new_tail_len)
+ {
+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
+ {
+ memcpy(source_tail + source_tail_len, src, slen);
+ }
+ else
+ {
+ DBUG_ASSERT(slen > new_tail_len);
+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
+ }
+ }
+ source_tail_len= new_tail_len;
+ }
+
int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
{
- buf_len+= slen;
+ update_source_tail(src, slen);
return MyCTX::update(src, slen, dst, dlen);
}
int finish(uchar *dst, uint *dlen)
{
- buf_len %= MY_AES_BLOCK_SIZE;
- if (buf_len)
+ if (source_tail_len)
{
- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
-
- NOTE this assumes that there are only buf_len bytes in the buf.
- If OpenSSL will change that, we'll need to change the implementation
- of this class too.
*/
uchar mask[MY_AES_BLOCK_SIZE];
uint mlen;
@@ -154,10 +166,10 @@ public:
return rc;
DBUG_ASSERT(mlen == sizeof(mask));
- for (uint i=0; i < buf_len; i++)
- dst[i]= buf[i] ^ mask[i];
+ for (uint i=0; i < source_tail_len; i++)
+ dst[i]= source_tail[i] ^ mask[i];
}
- *dlen= buf_len;
+ *dlen= source_tail_len;
return MY_AES_OK;
}
};
diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c
--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100
@@ -21,27 +21,96 @@
#include <string.h>
#include <ctype.h>
-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \
- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \
- { \
- memset(src, fill, src_len= slen); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \
- src, src_len, dst, &dst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \
- if (!nopad) \
- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
- my_md5(md5, (char*)dst, dst_len); \
- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \
- dst, dst_len, ddst, &ddst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "decrypt " #mode " %u", dst_len); \
- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
+
+/** Test streaming encryption, bytewise update.*/
+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
+ unsigned int slen, unsigned char *dst, unsigned int *dlen,
+ const unsigned char *key, unsigned int klen,
+ const unsigned char *iv, unsigned int ivlen)
+{
+ /* Allocate context on odd address on stack, in order to
+ catch misalignment errors.*/
+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
+
+ int res1, res2;
+ uint d1= 0, d2;
+ uint i;
+
+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
+ return res1;
+ for (i= 0; i < slen; i++)
+ {
+ uint tmp_d1=0;
+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
+ if (res1)
+ return res1;
+ d1+= tmp_d1;
+ dst+= tmp_d1;
+ }
+ res2= my_aes_crypt_finish(ctx, dst, &d2);
+ *dlen= d1 + d2;
+ return res1 ? res1 : res2;
+}
+
+
+#ifndef HAVE_EncryptAes128Ctr
+const uint MY_AES_CTR=0xDEADBEAF;
+#endif
+#ifndef HAVE_EncryptAes128Gcm
+const uint MY_AES_GCM=0xDEADBEAF;
+#endif
+
+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF)
+
+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
+ char fill, size_t dlen, const char *hash)
+{
+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
+ uchar src[1000], dst[1100], dst2[1100], ddst[1000];
+ uchar md5[MY_MD5_HASH_SIZE];
+ uint src_len, dst_len, dst_len2, ddst_len;
+ int result;
+
+ if (MY_AES_UNSUPPORTED(mode))
+ {
+ skip(nopad?7:6, "%s not supported", mode_str);
+ return;
+ }
+ memset(src, fill, src_len= slen);
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
+ nopad ? "nopad" : "pad");
+
+ if (nopad)
+ {
+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
+ src_len, dst2, &dst_len2, key, sizeof(key),
+ iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
+ /* Compare with non-bytewise encryption result*/
+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
+ "memcmp bytewise %s %u", mode_str, src_len);
}
+ else
+ {
+ int dst_len_real= my_aes_get_size(mode, src_len);
+ ok(dst_len_real= dst_len, "my_aes_get_size");
+ }
+ my_md5(md5, (char *) dst, dst_len);
+ ok(dst_len == dlen, "md5 len");
+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
+ sizeof(iv));
+
+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
+}
-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
/* useful macro for debugging */
#define PRINT_MD5() \
@@ -53,25 +122,15 @@
printf("\"\n"); \
} while(0);
-#ifndef HAVE_EncryptAes128Ctr
-const uint MY_AES_CTR=0xDEADBEAF;
-#endif
-#ifndef HAVE_EncryptAes128Gcm
-const uint MY_AES_GCM=0xDEADBEAF;
-#endif
int
main(int argc __attribute__((unused)),char *argv[])
{
- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
- uchar src[1000], dst[1100], ddst[1000];
- uchar md5[MY_MD5_HASH_SIZE];
- uint src_len, dst_len, ddst_len;
MY_INIT(argv[0]);
- plan(87);
+ plan(122);
+
DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");

View File

@ -58,3 +58,7 @@ main.myisampack :
# Fails everywhere in 10.5.8
rpl.rpl_innodb_mixed_dml :
# Since 10.5.10
sys_vars.tcp_nodelay :
innodb.restart :

View File

@ -1,2 +1,11 @@
# Fails on ppc64le since 10.4.12
oqgraph.social :
# Fails since 10.5.13
encryption.create_or_replace_big :
rpl.rpl_parallel_optimistic_xa_lsu_off :
rpl.rpl_parallel_optimistic_xa :
innodb.innodb_defrag_concurrent :
rpl.rpl_parallel_xa_same_xid :
parts.part_supported_sql_func_innodb :
parts.partition_alter2_1_1_innodb :

View File

@ -297,19 +297,6 @@ index 2001efae3929..6b4d758a5131 100644
$opt_user,
$opt_password,
{ PrintError => 0})
diff --git a/scripts/mysql_setpermission.sh b/scripts/mysql_setpermission.sh
index 71462d286229..66decbd69af7 100644
--- a/scripts/mysql_setpermission.sh
+++ b/scripts/mysql_setpermission.sh
@@ -86,7 +86,7 @@ if ($opt_password eq '')
# make the connection to MariaDB
-$dbh= DBI->connect("DBI:mysql:mysql:host=$sqlhost:port=$opt_port:mysql_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) ||
+$dbh= DBI->connect("DBI:MariaDB:mysql:host=$sqlhost:port=$opt_port:mariadb_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) ||
die("Can't make a connection to the mysql server.\n The error: $DBI::errstr");
# the start of the program
diff --git a/scripts/mysqlhotcopy.sh b/scripts/mysqlhotcopy.sh
index c56cdea470c0..94e577a94a7f 100644
--- a/scripts/mysqlhotcopy.sh
@ -339,33 +326,6 @@ index c56cdea470c0..94e577a94a7f 100644
($master_host, $log_file, $log_pos )
= @{$row_hash}{ qw / Master_Host Log_File Pos / };
} else {
diff --git a/scripts/mytop.sh b/scripts/mytop.sh
index 3ef0a59f27f7..1c4d7a502f51 100644
--- a/scripts/mytop.sh
+++ b/scripts/mytop.sh
@@ -230,11 +230,11 @@ my $dsn;
## Socket takes precedence.
-$dsn ="DBI:mysql:database=$config{db};mysql_read_default_group=mytop;";
+$dsn ="DBI:MariaDB:database=$config{db};mariadb_read_default_group=mytop;";
if ($config{socket} and -S $config{socket})
{
- $dsn .= "mysql_socket=$config{socket}";
+ $dsn .= "mariadb_socket=$config{socket}";
}
else
{
@@ -1877,7 +1877,7 @@ following:
* Perl 5.005 or newer
* Getopt::Long
- * DBI and DBD::mysql
+ * DBI and DBD::MariaDB
* Term::ReadKey from CPAN
Most systems are likely to have all of those installed--except for
diff --git a/sql-bench/server-cfg.sh b/sql-bench/server-cfg.sh
index 3991d16c6b18..6ef39c4d91f8 100644
--- a/sql-bench/server-cfg.sh
@ -781,28 +741,6 @@ index c844d2908345..a2b465734dc5 100644
$opt_user, $opt_password,
{ PrintError => 0}) || die $DBI::errstr;
diff --git a/tests/grant.pl b/tests/grant.pl
index cd6516433166..f8cdc1af4d55 100755
--- a/tests/grant.pl
+++ b/tests/grant.pl
@@ -60,7 +60,7 @@
# clear grant tables
#
-$dbh = DBI->connect("DBI:mysql:mysql:$opt_host",
+$dbh = DBI->connect("DBI:MariaDB:mysql:$opt_host",
$opt_root_user,$opt_password,
{ PrintError => 0}) || die "Can't connect to mysql server with user '$opt_root_user': $DBI::errstr\n";
@@ -653,7 +653,7 @@ sub user_connect
print "Connecting $opt_user\n" if ($opt_verbose);
$user_dbh->disconnect if (defined($user_dbh));
- $user_dbh=DBI->connect("DBI:mysql:$opt_database:$opt_host",$opt_user,
+ $user_dbh=DBI->connect("DBI:MariaDB:$opt_database:$opt_host",$opt_user,
$password, { PrintError => 0});
if (!$user_dbh)
{
diff --git a/tests/index_corrupt.pl b/tests/index_corrupt.pl
index 6b04ce8a59c5..6f31b85bd614 100755
--- a/tests/index_corrupt.pl

View File

@ -0,0 +1,492 @@
#!/bin/bash -ue
# Copyright (C) 2010-2014 Codership Oy
# Copyright (C) 2017-2020 Damien Ciabrini <damien.ciabrini@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING. If not, write to the
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston
# MA 02110-1301 USA.
# This is a reference script for rsync-based state snapshot tansfer
# over an encrypted communication channel, managed by socat
RSYNC_PID= # rsync pid file
RSYNC_CONF= # rsync configuration file
RSYNC_REAL_PID= # rsync process id
SOCAT_PID= # socat pid file
SOCAT_REAL_PID= # socat process id
SOCAT_OPTS= # openssl connection args
MODULE="rsync_tunnel_sst"
OS=$(uname)
[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH
# Setting the path for lsof on CentOS
export PATH="/usr/sbin:/sbin:$PATH"
. $(dirname $0)/wsrep_sst_common
wsrep_check_programs rsync socat
cleanup_pid()
{
local real_pid=$1
[ "0" != "$real_pid" ] && \
kill $real_pid && \
sleep 0.5 && \
kill -9 $real_pid >/dev/null 2>&1 || \
:
}
cleanup_tunnel()
{
if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then
wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID"
cleanup_pid $SOCAT_REAL_PID
fi
rm -rf "$SOCAT_PID"
}
cleanup_joiner()
{
wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID"
[ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID
rm -rf "$RSYNC_CONF"
rm -rf "$MAGIC_FILE"
rm -rf "$RSYNC_PID"
cleanup_tunnel
wsrep_log_info "Joiner cleanup done."
if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then
wsrep_cleanup_progress_file
fi
}
# Check whether process is still running.
check_pid()
{
local pid_file=$1
[ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1
}
check_pid_and_port()
{
local pid_file=$1
local service_pid=$2
local service_port=$3
local service_host=$4
local service_name=$5
if ! which lsof > /dev/null; then
wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed."
exit 2 # ENOENT
fi
local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \
grep "(LISTEN)")
local is_service=$(echo $port_info | \
grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null)
if [ -n "$port_info" -a -z "$is_service" ]; then
wsrep_log_error "$service_name daemon port '$service_port' has been taken"
exit 16 # EBUSY
fi
if ! check_pid $pid_file; then
wsrep_log_error "$service_name process terminated unexpectedly"
exit 10 # ECHILD
fi
[ -n "$port_info" ] && [ -n "$is_service" ] && \
[ $(cat $pid_file) -eq $service_pid ]
}
config_from_cnf()
{
local group=$1
local key=$2
echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1)
}
setup_tunnel_args()
{
tca=$(config_from_cnf sst tca)
tkey=$(config_from_cnf sst tkey)
tcert=$(config_from_cnf sst tcert)
sockopt=$(config_from_cnf sst sockopt)
if [ -z "$tcert" ]; then
wsrep_log_error "Encryption certificate not found in my.cnf"
exit 3
else
SOCAT_OPTS="cert=$tcert"
fi
[ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey"
[ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca"
wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS"
[ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt"
}
MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete"
rm -rf "$MAGIC_FILE"
BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar"
BINLOG_N_FILES=1
rm -f "$BINLOG_TAR_FILE" || :
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG)
BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG)
fi
WSREP_LOG_DIR=${WSREP_LOG_DIR:-""}
# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf
if [ -z "$WSREP_LOG_DIR" ]; then
WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \
| grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \
| cut -b 29- )
fi
if [ -n "$WSREP_LOG_DIR" ]; then
# handle both relative and absolute paths
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P)
else
# default to datadir
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P)
fi
# Old filter - include everything except selected
# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \
# --exclude '*.conf' --exclude core --exclude 'galera.*' \
# --exclude grastate.txt --exclude '*.pem' \
# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index')
# New filter - exclude everything except dirs (schemas) and innodb files
FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes'
-f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*')
SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid"
if check_pid $SOCAT_PID
then
wsrep_log_error "socat tunnel already running."
exit 114 # EALREADY
fi
rm -rf "$SOCAT_PID"
setup_tunnel_args
if [ "$WSREP_SST_OPT_ROLE" = "donor" ]
then
SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}')
# map to name in case we received an IP
SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_JOINER_HOST" ]; then
SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR
fi
SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }')
if [ -z "$SOCAT_PORT" ]
then
SOCAT_PORT=4444
fi
TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE
trap cleanup_tunnel EXIT
# Socat forwards rsync connections to the joiner
SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork
SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS
wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat"
do
sleep 0.2
done
if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
then
FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed"
ERROR="$WSREP_SST_OPT_DATA/sst_error"
rm -rf "$FLUSHED"
rm -rf "$ERROR"
# Use deltaxfer only for WAN
inv=$(basename $0)
[ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \
|| WHOLE_FILE_OPT="--whole-file"
echo "flush tables"
# Wait for :
# (a) Tables to be flushed, AND
# (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR
# (c) ERROR file, in case flush tables operation failed.
while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1
do
# Check whether ERROR file exists.
if [ -f "$ERROR" ]
then
# Flush tables operation failed.
rm -rf "$ERROR"
exit 255
fi
sleep 0.2
done
STATE="$(cat $FLUSHED)"
rm -rf "$FLUSHED"
sync
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
# Prepare binlog files
pushd $BINLOG_DIRNAME &> /dev/null
binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index)
binlog_files=""
for ii in $binlog_files_full
do
binlog_files="$binlog_files $(basename $ii)"
done
if ! [ -z "$binlog_files" ]
then
wsrep_log_info "Preparing binlog files for transfer:"
tar -cvf $BINLOG_TAR_FILE $binlog_files >&2
fi
popd &> /dev/null
fi
# first, the normal directories, so that we can detect incompatible protocol
RC=0
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \
rsync://$TARGET_ADDR >&2 || RC=$?
if [ "$RC" -ne 0 ]; then
wsrep_log_error "rsync returned code $RC:"
case $RC in
12) RC=71 # EPROTO
wsrep_log_error \
"rsync server on the other end has incompatible protocol. " \
"Make sure you have the same version of rsync on all nodes."
;;
22) RC=12 # ENOMEM
;;
*) RC=255 # unknown error
;;
esac
exit $RC
fi
# second, we transfer InnoDB log files
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \
rsync://$TARGET_ADDR-log_dir >&2 || RC=$?
if [ $RC -ne 0 ]; then
wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:"
exit 255 # unknown error
fi
# then, we parallelize the transfer of database directories, use . so that pathconcatenation works
pushd "$WSREP_SST_OPT_DATA" >/dev/null
count=1
[ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo)
[ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu)
find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \
xargs -I{} -0 -P $count \
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --recursive --delete --quiet \
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \
rsync://$TARGET_ADDR/{} >&2 || RC=$?
popd >/dev/null
if [ $RC -ne 0 ]; then
wsrep_log_error "find/rsync returned code $RC:"
exit 255 # unknown error
fi
else # BYPASS
wsrep_log_info "Bypassing state dump."
# Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id
# (separated by a space).
STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID"
fi
echo "continue" # now server can resume updating data
echo "$STATE" > "$MAGIC_FILE"
rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR
# to avoid cleanup race, stop tunnel before declaring the SST finished.
# This ensures galera won't start a new SST locally before we exit.
cleanup_tunnel
echo "done $STATE"
elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ]
then
wsrep_check_programs lsof socat
touch $SST_PROGRESS_FILE
MYSQLD_PID=$WSREP_SST_OPT_PARENT
RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid"
if check_pid $RSYNC_PID
then
wsrep_log_error "rsync daemon already running."
exit 114 # EALREADY
fi
rm -rf "$RSYNC_PID"
ADDR=$WSREP_SST_OPT_ADDR
RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }')
if [ -z "$RSYNC_PORT" ]
then
RSYNC_PORT=4444
ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT"
fi
SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }')
# map to name in case we received an IP
SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_HOST" ]; then
SOCAT_HOST=$SOCAT_ADDR
fi
SOCAT_PORT=$RSYNC_PORT
trap "exit 32" HUP PIPE
trap "exit 3" INT TERM ABRT
trap cleanup_joiner EXIT
RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf"
if [ -n "${MYSQL_TMP_DIR:-}" ] ; then
SILENT="log file = $MYSQL_TMP_DIR/rsynd.log"
else
SILENT=""
fi
cat << EOF > "$RSYNC_CONF"
pid file = $RSYNC_PID
use chroot = no
read only = no
timeout = 300
$SILENT
[$MODULE]
path = $WSREP_SST_OPT_DATA
[$MODULE-log_dir]
path = $WSREP_LOG_DIR
EOF
# rm -rf "$DATA"/ib_logfile* # we don't want old logs around
# Socat receives rsync connections from the donor
SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS
SOCAT_DST=tcp:localhost:$RSYNC_PORT
wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat"
do
sleep 0.2
done
wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\""
rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" &
RSYNC_REAL_PID=$!
until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync"
do
sleep 0.2
done
echo "ready $ADDR/$MODULE"
# wait for SST to complete by monitoring magic file
while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \
check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null
do
sleep 1
done
# to avoid cleanup race, we can tear down the socat tunnel now
# before signaling the end of the SST to galera.
cleanup_tunnel
if ! ps -p $MYSQLD_PID >/dev/null
then
wsrep_log_error \
"Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly."
exit 32
fi
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
pushd $BINLOG_DIRNAME &> /dev/null
if [ -f $BINLOG_TAR_FILE ]
then
# Clean up old binlog files first
rm -f ${BINLOG_FILENAME}.*
wsrep_log_info "Extracting binlog files:"
tar -xvf $BINLOG_TAR_FILE >&2
for ii in $(ls -1 ${BINLOG_FILENAME}.*)
do
echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index
done
fi
popd &> /dev/null
fi
if [ -r "$MAGIC_FILE" ]
then
# UUID:seqno & wsrep_gtid_domain_id is received here.
cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id
else
# this message should cause joiner to abort
echo "rsync process ended without creating '$MAGIC_FILE'"
fi
wsrep_cleanup_progress_file
# cleanup_joiner
else
wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'"
exit 22 # EINVAL
fi
rm -f $BINLOG_TAR_FILE || :
exit 0

View File

@ -15,7 +15,7 @@
# The last version on which the full testsuite has been run
# In case of further rebuilds of that version, don't require full testsuite to be run
# run only "main" suite
%global last_tested_version 10.5.9
%global last_tested_version 10.5.12
# Set to 1 to force run the testsuite even if it was already tested in current version
%global force_run_testsuite 0
@ -32,10 +32,6 @@
# TokuDB engine - DEPRECATED !
# https://mariadb.com/kb/en/mariadb/tokudb/
# TokuDB engine is available only for x86_64
# The Percona upstream deprecated the SE. It is not part of MariaDB 10.5
# Mroonga engine
# https://mariadb.com/kb/en/mariadb/about-mroonga/
# Current version in MariaDB, 7.07, only supports the x86_64
@ -46,12 +42,9 @@
# RocksDB may be built with jemalloc, if specified in CMake
%ifarch x86_64
%if 0%{?fedora}
# TokuDB is deprecated in MariaDB 10.5 and later
%bcond_with tokudb
%bcond_without mroonga
%bcond_without rocksdb
%else
%bcond_with tokudb
%bcond_with mroonga
%bcond_with rocksdb
%endif
@ -116,7 +109,7 @@
%bcond_without unbundled_pcre
%else
%bcond_with unbundled_pcre
%global pcre_bundled_version 10.36
%global pcre_bundled_version 10.37
%endif
# Use main python interpretter version
@ -154,7 +147,7 @@
%global sameevr %{epoch}:%{version}-%{release}
Name: mariadb
Version: 10.5.9
Version: 10.5.13
Release: 1%{?with_debug:.debug}%{?dist}
Epoch: 3
@ -163,11 +156,17 @@ URL: http://mariadb.org
# Exceptions allow client libraries to be linked with most open source SW, not only GPL code. See README.mysql-license
License: GPLv2 with exceptions and LGPLv2 and BSD
Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz
# Original upstream sources archive URL
# Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz
# Non-existent URL containing correct archive name
# The archive was created by executing the "generate-modified-sources.sh" script
Source0: https://fedoraproject.org/mariadb-%{version}-downstream_modified.tar.gz
Source2: mysql_config_multilib.sh
Source3: my.cnf.in
Source6: README.mysql-docs
Source7: README.mysql-license
Source8: README.wsrep_sst_rsync_tunnel
Source10: mysql.tmpfiles.d.in
Source11: mysql.service.in
Source12: mysql-prepare-db-dir.sh
@ -202,6 +201,14 @@ Source71: LICENSE.clustercheck
# https://jira.mariadb.org/browse/MDEV-12646
Source72: mariadb-server-galera.te
# Script to support encrypted rsync transfers when SST is required between nodes.
# https://github.com/dciabrin/wsrep_sst_rsync_tunnel/blob/master/wsrep_sst_rsync_tunnel
Source73: wsrep_sst_rsync_tunnel
# Patch1: OpenSSL 3 patch
# Picked from the upstream developement branch for MariaDB 10.8.
# https://jira.mariadb.org/browse/MDEV-25785
Patch1: %{pkgnamepatch}-openssl3.patch
# Patch4: Red Hat distributions specific logrotate fix
# it would be big unexpected change, if we start shipping it now. Better wait for MariaDB 10.2
Patch4: %{pkgnamepatch}-logrotate.patch
@ -320,7 +327,7 @@ Provides: mysql-compat-client%{?_isa} = %{sameevr}
Suggests: %{name}-server%{?_isa} = %{sameevr}
Conflicts: community-mysql
Conflicts: mysql
# Filtering: https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/
%global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::|wsrep)
@ -356,7 +363,7 @@ to a MariaDB/MySQL server.
# At least main config file /etc/my.cnf is shared for client and server part
# Since we want to support combination of different client and server
# implementations (e.g. mariadb library and community-mysql server),
# implementations (e.g. mariadb library and mysql server),
# we need the config file(s) to be in a separate package, so no extra packages
# are pulled, because these would likely conflict.
# More specifically, the dependency on the main configuration file (/etc/my.cnf)
@ -443,7 +450,6 @@ Recommends: %{name}-backup%{?_isa} = %{sameevr}
%{?with_cracklib:Recommends: %{name}-cracklib-password-check%{?_isa} = %{sameevr}}
%{?with_gssapi:Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr}}
%{?with_rocksdb:Suggests: %{name}-rocksdb-engine%{?_isa} = %{sameevr}}
%{?with_tokudb:Suggests: %{name}-tokudb-engine%{?_isa} = %{sameevr}}
%{?with_sphinx:Suggests: %{name}-sphinx-engine%{?_isa} = %{sameevr}}
%{?with_oqgraph:Suggests: %{name}-oqgraph-engine%{?_isa} = %{sameevr}}
%{?with_connect:Suggests: %{name}-connect-engine%{?_isa} = %{sameevr}}
@ -478,7 +484,7 @@ Provides: mysql-server%{?_isa} = %{sameevr}
Provides: mysql-compat-server = %{sameevr}
Provides: mysql-compat-server%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-server
Conflicts: mysql-server
# Bench subpackage has been deprecated in F32
Obsoletes: %{name}-bench <= %{sameevr}
@ -552,18 +558,6 @@ The RocksDB storage engine is used for high performance servers on SSD drives.
%endif
%if %{with tokudb}
%package tokudb-engine
Summary: The TokuDB storage engine for MariaDB
Requires: %{name}-server%{?_isa} = %{sameevr}
BuildRequires: jemalloc-devel
Requires: jemalloc
%description tokudb-engine
The TokuDB storage engine from Percona.
%endif
%if %{with cracklib}
%package cracklib-password-check
Summary: The password strength checking plugin
@ -625,7 +619,7 @@ Requires: %{name}-server%{?_isa} = %{sameevr}
%if %{with mysql_names}
Provides: mysql-perl = %{sameevr}
%endif
Conflicts: community-mysql-server
Conflicts: mysql-server
# mysqlhotcopy needs DBI/DBD support
Requires: perl(DBI) perl(DBD::mysql)
@ -647,7 +641,7 @@ Requires: mariadb-connector-c-devel >= 3.0
Provides: mysql-devel = %{sameevr}
Provides: mysql-devel%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-devel
Conflicts: mysql-devel
%description devel
MariaDB is a multi-user, multi-threaded SQL database server.
@ -690,7 +684,7 @@ Requires: libaio-devel
Provides: mysql-embedded-devel = %{sameevr}
Provides: mysql-embedded-devel%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-embedded-devel
Conflicts: mysql-embedded-devel
%description embedded-devel
MariaDB is a multi-user, multi-threaded SQL database server.
@ -718,7 +712,7 @@ Requires: perl(Socket)
Requires: perl(Sys::Hostname)
Requires: perl(Test::More)
Requires: perl(Time::HiRes)
Conflicts: community-mysql-test
Conflicts: mysql-test
%if %{with mysql_names}
Provides: mysql-test = %{sameevr}
Provides: mysql-test%{?_isa} = %{sameevr}
@ -733,20 +727,20 @@ sources.
%prep
%setup -q -n mariadb-%{version}
%setup -q -n mariadb-%{version}-downstream_modified
# Remove JAR files that upstream puts into tarball
find . -name "*.jar" -type f -exec rm --verbose -f {} \;
# Remove testsuite for the mariadb-connector-c
rm -rf libmariadb/unittest
# Remove python scripts remains from tokudb upstream (those files are not used anyway)
rm -r storage/tokudb/mysql-test/tokudb/t/*.py
%if %{without rocksdb}
rm -r storage/rocksdb/
%endif
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
%patch1 -p1
%endif
%patch4 -p1
%patch7 -p1
%patch9 -p1
@ -774,7 +768,7 @@ cat %{SOURCE53} | tee -a mysql-test/unstable-tests
%endif
cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} \
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} scripts
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} %{SOURCE73} scripts
%if %{with galera}
# prepare selinux policy
@ -784,12 +778,12 @@ sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{nam
# Get version of PCRE, that upstream use
pcre_version=`grep -e "ftp.pcre.org/pub/pcre/pcre2" cmake/pcre.cmake | sed -r "s;[^0123456789]*2-([[:digit:]]+\.[[:digit:]]+)\.[^0123456789]*;\1;"`
pcre_version=`grep -e "https://github.com/PhilipHazel/pcre2/releases/download" cmake/pcre.cmake | sed -r "s;.*pcre2-([[:digit:]]+\.[[:digit:]]+).*;\1;" `
# Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles
%if %{without unbundled_pcre}
if [ %{pcre_bundled_version} != "$pcre_version" ] ; then
echo "\n Error: Bundled PCRE version is not correct. \n\tBundled version number:%{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n"
echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number: %{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n"
exit 1
fi
%else
@ -797,7 +791,7 @@ fi
pcre_system_version=`pkgconf %{_libdir}/pkgconfig/libpcre2-*.pc --modversion 2>/dev/null | head -n 1`
if [ "$pcre_system_version" != "$pcre_version" ] ; then
echo "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number:$pcre_system_version \n\tUpstream version number: $pcre_version\n"
echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number: $pcre_system_version \n\tUpstream version number: $pcre_version\n"
fi
%endif
@ -863,7 +857,6 @@ fi
-DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_JEMALLOC=%{?with_tokudb:yes}%{!?with_tokudb:no} \
-DLZ4_LIBS=%{_libdir}/liblz4.so \
-DLZ4_LIBS=%{?with_lz4:%{_libdir}/liblz4.so}%{!?with_lz4:} \
-DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \
@ -873,8 +866,8 @@ fi
-DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \
-DPLUGIN_ROCKSDB=%{?with_rocksdb:DYNAMIC}%{!?with_rocksdb:NO} \
-DPLUGIN_SPHINX=%{?with_sphinx:DYNAMIC}%{!?with_sphinx:NO} \
-DPLUGIN_TOKUDB=%{?with_tokudb:DYNAMIC}%{!?with_tokudb:NO} \
-DPLUGIN_CONNECT=%{?with_connect:DYNAMIC}%{!?with_connect:NO} \
-DPLUGIN_COLUMNSTORE=NO \
-DPLUGIN_CLIENT_ED25519=OFF \
-DPYTHON_SHEBANG=%{python_path} \
-DPLUGIN_CACHING_SHA2_PASSWORD=%{?with_clibrary:DYNAMIC}%{!?with_clibrary:OFF} \
@ -1045,6 +1038,7 @@ ln -s %{_libexecdir}/mariadbd %{buildroot}%{_sbindir}/mariadbd
# copy additional docs into build tree so %%doc will find them
install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}}
install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}}
install -p -m 0644 %{SOURCE8} %{basename:%{SOURCE8}}
install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}}
install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}}
@ -1072,6 +1066,9 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor
# Buildroot does not have symlink /lib64 --> /usr/lib64
mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir}
# Add wsrep_sst_rsync_tunnel script
install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel
# Disable plugins
%if %{with gssapi}
sed -i 's/^plugin-load-add/#plugin-load-add/' %{buildroot}%{_sysconfdir}/my.cnf.d/auth_gssapi.cnf
@ -1145,14 +1142,6 @@ rm %{buildroot}%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,i
rm %{buildroot}%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1*
%endif
%if %{with tokudb}
%if 0%{?fedora} || 0%{?rhel} > 7
# Move the upstream file to the correct location
mkdir -p %{buildroot}%{_unitdir}/mariadb.service.d
mv %{buildroot}/etc/systemd/system/mariadb.service.d/tokudb.conf %{buildroot}%{_unitdir}/mariadb.service.d/tokudb.conf
%endif
%endif
%if %{without config}
rm %{buildroot}%{_sysconfdir}/my.cnf
%endif
@ -1238,14 +1227,14 @@ export MTR_BUILD_THREAD=$(( $(date +%s) % 1100 ))
if [[ "%{last_tested_version}" == "%{version}" ]] && [[ %{force_run_testsuite} -eq 0 ]]
then
# in further rebuilds only run the basic "main" suite (~800 tests)
echo "running only base testsuite"
echo -e "\n\nRunning just the base testsuite\n\n"
perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --suite=main --mem --skip-test-list=unstable-tests
fi
# If either this version wasn't marked as tested yet or I explicitly want to run the testsuite, run everything we have (~4000 test)
if [[ "%{last_tested_version}" != "%{version}" ]] || [[ %{force_run_testsuite} -ne 0 ]]
then
echo "running advanced testsuite"
echo -e "running advanced testsuite"
perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --big-test --skip-test=spider \
%if %{ignore_testsuite_result}
--max-test-fail=9999 || :
@ -1394,6 +1383,7 @@ fi
%endif
%files server
%doc README.wsrep_sst_rsync_tunnel
%{_bindir}/aria_{chk,dump_log,ftdump,pack,read_log}
%{_bindir}/mariadb-service-convert
@ -1440,7 +1430,6 @@ fi
%{?with_connect:%exclude %{_libdir}/%{pkg_name}/plugin/ha_connect.so}
%{?with_cracklib:%exclude %{_libdir}/%{pkg_name}/plugin/cracklib_password_check.so}
%{?with_rocksdb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_rocksdb.so}
%{?with_tokudb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_tokudb.so}
%{?with_gssapi:%exclude %{_libdir}/%{pkg_name}/plugin/auth_gssapi.so}
%{?with_sphinx:%exclude %{_libdir}/%{pkg_name}/plugin/ha_sphinx.so}
%if %{with clibrary}
@ -1485,7 +1474,6 @@ fi
%{_datadir}/%{pkg_name}/mysql_system_tables.sql
%{_datadir}/%{pkg_name}/mysql_system_tables_data.sql
%{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql
%{_datadir}/%{pkg_name}/mysql_to_mariadb.sql
%{_datadir}/%{pkg_name}/mysql_performance_tables.sql
%{_datadir}/%{pkg_name}/mysql_test_db.sql
%if %{with mroonga}
@ -1514,7 +1502,6 @@ fi
%endif
%{_unitdir}/%{daemon_name}*
%{?with_tokudb:%exclude %{_unitdir}/mariadb.service.d/tokudb.conf}
%{_libexecdir}/mysql-prepare-db-dir
%{_libexecdir}/mysql-check-socket
@ -1557,17 +1544,6 @@ fi
%{_mandir}/man1/myrocks_hotbackup.1*
%endif
%if %{with tokudb}
%files tokudb-engine
%{_bindir}/tokuftdump
%{_bindir}/tokuft_logprint
%{_mandir}/man1/tokuftdump.1*
%{_mandir}/man1/tokuft_logprint.1*
%config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf
%{_libdir}/%{pkg_name}/plugin/ha_tokudb.so
%{_unitdir}/mariadb.service.d/tokudb.conf
%endif
%if %{with gssapi}
%files gssapi-server
%{_libdir}/%{pkg_name}/plugin/auth_gssapi.so
@ -1581,7 +1557,7 @@ fi
# SUID-to-root binary. Access MUST be restricted (https://jira.mariadb.org/browse/MDEV-25126)
%attr(4750,root,mysql) %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool
%{_libdir}/security/pam_user_map.so
%{_sysconfdir}/security/user_map.conf
%config(noreplace) %{_sysconfdir}/security/user_map.conf
%endif
%if %{with sphinx}
@ -1661,56 +1637,76 @@ fi
%endif
%changelog
* Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 10.5.9-1
* Tue Jan 11 2022 Michal Schorm <mschorm@redhat.com> - 3:10.5.13-1
- Rebase to 10.5.13
- Add wsrep_sst_rsync_tunnel script
* Tue Aug 24 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.12-1
- Rebase to 10.5.12
* Thu Aug 19 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.11-1
- Rebase to 10.5.11
* Mon Aug 16 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.10-2
- Set user_map.conf file to be noreplace config file
- Resolves: rhbz#1989621
* Tue May 11 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.10-1
- Rebase to 10.5.10
* Mon May 10 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-2
- Modify the upstream sources
* Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-1
- Rebase to 10.5.9
* Fri Mar 19 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-4
* Fri Mar 19 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-4
- Move the PAM plugin to a standalone sub-package
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-3
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-3
- Fix permissions of the PAMv2 plugin files
* Tue Feb 16 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-2
* Tue Feb 16 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-2
- Bump release after several commits cherry-picked from Fedora Rawhide
* Wed Nov 11 2020 Michal Schorm <mschorm@redhat.com> - 10.5.8-1
* Wed Nov 11 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-1
- Rebase to 10.5.8
* Fri Nov 06 2020 Michal Schorm <mschorm@redhat.com> - 10.5.7-1
* Fri Nov 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.7-1
- Rebase to 10.5.7
* Mon Sep 21 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.5-1
* Mon Sep 21 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.5-1
- Rebase to 10.5.5
- Fix mariadb-ownsetup
- Add manual for aria_s3_copy
* Wed Sep 16 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.4-1
* Wed Sep 16 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.4-1
- Rebase to 10.5.4
- Add spider.cnf to the server config files
* Mon Sep 14 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.3-1
* Mon Sep 14 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.3-1
- Rebase to 10.5.3
* Fri Sep 11 2020 Michal Schorm <mschorm@redhat.com> - 10.5.2-1
* Fri Sep 11 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.2-1
- Test rebase to 10.5.2 - Beta
- TokuDB SE has been deprecated
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 10.5.1-1
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.1-1
- Test rebase to 10.5.1 - Beta
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 10.5.0-1
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.0-1
- Test rebase to 10.5.0 - Alpha
* Sun Sep 06 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-3
* Sun Sep 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-3
- Resolves: #1851605
* Thu Sep 03 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-2
* Thu Sep 03 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-2
- Resolves: #1873999, #1874446
* Thu Aug 20 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-1
* Thu Aug 20 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-1
- Rebase to 10.4.14
* Tue Aug 18 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-7
* Tue Aug 18 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-7
- Do CMake out-of-source builds
- Force the CMake change regarding the in-source builds also to F31 and F32
- Use CMake macros instead of cmake & make direct commands
@ -1727,16 +1723,16 @@ fi
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.4.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-3
* Tue Jul 14 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-3
- Make conflicts between corresponding mariadb and mysql packages explicit
- Get rid of the Conflicts macro, it was intended to mark conflicts with
*upstream* packages
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-2
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-2
- Extend Perl "Requires" filtering to wsrep
Resolves: #1845376
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-1
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-1
- Rebase to 10.4.13
* Sun May 24 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.4.12-6
@ -1745,23 +1741,23 @@ fi
* Thu Apr 02 2020 Björn Esser <besser82@fedoraproject.org> - 3:10.4.12-5
- Fix string quoting for rpm >= 4.16
* Thu Mar 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 10.4.12-4
* Thu Mar 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 3:10.4.12-4
- Add perl dependencies needed for tests
* Mon Mar 16 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-3
* Mon Mar 16 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-3
- Rebase mariadb-connector-c git submodule to commit fbf1db6
For fix: https://jira.mariadb.org/browse/CONC-441
* Tue Mar 10 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-2
* Tue Mar 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-2
- Update the fix for building in the debug mode
* Thu Feb 06 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-1
* Thu Feb 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-1
- Rebase to 10.4.12
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.4.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Michal Schorm <mschorm@redhat.com> - 10.4.11-1
* Fri Jan 17 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.11-1
- Rebase to 10.4.11
Related: #1756468
- Remove 'bench' subpackage. Upstream no longer maintains it.
@ -1770,63 +1766,63 @@ fi
- Tweak build flags
- Add patch for auth_pam_tool directory
* Fri Jan 10 2020 Michal Schorm <mschorm@redhat.com> - 10.3.21-1
* Fri Jan 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.3.21-1
- Rebase to 10.3.21
* Mon Nov 18 2019 Lukas Javorsky <ljavorsk@redhat.com> - 10.3.20-3
* Mon Nov 18 2019 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.3.20-3
- Change path of groonga's packaged files
- Fix bz#1763287
* Tue Nov 12 2019 Michal Schorm <mschorm@redhat.com> - 10.3.20-2
* Tue Nov 12 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.20-2
- Rebuild on top fo new mariadb-connector-c
* Mon Nov 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.20-1
* Mon Nov 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.20-1
- Rebase to 10.3.20
* Wed Nov 06 2019 Michal Schorm <mschorm@redhat.com> - 10.3.19-1
* Wed Nov 06 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.19-1
- Rebase to 10.3.19
* Thu Oct 31 2019 Carl George <carl@george.computer> - 3:10.3.18-1
- Rebase to 10.3.18
* Wed Sep 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-3
* Wed Sep 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-3
- Disable building of the ed25519 client plugin.
From now on it will be shipped by 'mariadb-connector-c' package
* Fri Sep 06 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-2
* Fri Sep 06 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-2
- Fix the debug build
* Thu Aug 01 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-1
* Thu Aug 01 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-1
- Rebase to 10.3.17
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.3.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 18 2019 Michal Schorm <mschorm@redhat.com> - 10.3.16-1
* Tue Jun 18 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.16-1
- Rebase to 10.3.16
- Added patch for armv7hl builds of spider SE
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.15-1
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.15-1
- Rebase to 10.3.15
- CVEs fixed:
CVE-2019-2510 CVE-2019-2537
- CVEs fixed:
CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-15
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-15
- Remove Cassandra subpackage; it is no longer developed
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-14
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-14
- Fix building of TokuDB with Jemalloc 5
- Fix building with / without lz4
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-13
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-13
- Add patch for mysqld_safe --dry-run
* Wed Mar 20 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-12
* Wed Mar 20 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-12
- Add patch for server pkgconfig file location
* Sat Feb 23 2019 Pavel Raiskup <praiskup@redhat.com> - 10.3.12-11
* Sat Feb 23 2019 Pavel Raiskup <praiskup@redhat.com> - 3:10.3.12-11
- conditionally depend on selinux-policy-targeted again (rhbz#1665643)
* Mon Feb 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-10