rpms/mariadb
5
0
Fork 0
Code Issues Pull Requests Releases Activity

resync

Browse Source 
Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
Brian Stinson 2023-04-27 18:13:36 -05:00
parent 4133dd9055
commit 4f59768c46
29 changed files with 525 additions and 2622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,2 +1,3 @@
SOURCES/mariadb-10.5.8.tar.gz /*/
/mariadb-10.5.8.tar.gz /*.rpm
/*.tar.gz

9
README.mariadb-docs
View File

@ -1,9 +0,0 @@
MariaDB haven't yet made a document package available for offline.
You can create your own copy with the instructions here:
https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/
You can find view the on-line documentation at:
https://mariadb.com/kb/en/documentation/

13
README.mysql-cnf
View File

@ -1,13 +0,0 @@
This directory contains prepared configuration files with .cnf extension,
which provide a configuration for some common MariaDB deployment scenarios.
These configuration files do not include the default configuration of datadir,
log-file and pid-file locations, as specified in the default my.cnf file,
provided in this distribution.
Thus, it is recommended to use these configuration files as an addition to the
default my.cnf configuration file.
Since default my.cnf contains `!includedir @INSTALL_SYSCONF2DIR@` directive, it is
recommended to copy required configuration under @INSTALL_SYSCONF2DIR@ directory,
so the default my.cnf specifications will be extended.

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

46
generate-modified-sources.sh
View File

@ -1,46 +0,0 @@
#!/bin/bash
# This script downloads sources and modifies them
set -ex
NAME="mariadb"
VERSION=$( rpmspec -q --srpm --qf '%{VERSION}' "${NAME}.spec" )
# SOURCES_URL=$( spectool -s 0 "$NAME.spec" | cut -d ' ' -f 2 )
SOURCES_URL="https://downloads.mariadb.org/interstitial/mariadb-${VERSION}/source/mariadb-${VERSION}.tar.gz"
OLD_ARCHIVE_NAME="${NAME}-${VERSION}"
NEW_ARCHIVE_NAME="${NAME}-${VERSION}-downstream_modified"
# Retrieve the archive:
rm -rf "./${OLD_ARCHIVE_NAME}.tar.gz" "./${OLD_ARCHIVE_NAME}/" "./${NEW_ARCHIVE_NAME}.tar.gz" "./${NEW_ARCHIVE_NAME}/"
wget "${SOURCES_URL}"
# Modify the archive:
# 1/ Change both the name of the archive and the name of the base directory inside of the archive
# It will be necessary to change the name in the SPECfile in the %prep phase
# This will prevent maintainer to rebase to a non-modified sources archive without changing the SPECfile
tar -xof "${OLD_ARCHIVE_NAME}.tar.gz"
mv "${OLD_ARCHIVE_NAME}" "${NEW_ARCHIVE_NAME}"
# 2/ Remove the code licensed under the PerconaFT license
# which was not yet reviewed as suitable for Fedora or RHEL.
#
# License file:
# storage/tokudb/PerconaFT/PATENTS
#
# The whole storage engine, which requires code under this license
# has to be removed before uploading sources to Fedora.
rm -r "${NEW_ARCHIVE_NAME}/storage/tokudb"
# Pack the extracted files back to the archive
tar -czf "${NEW_ARCHIVE_NAME}.tar.gz" "${NEW_ARCHIVE_NAME}"
# Remove the decompressed original used to create the archive
rm -r "./${NEW_ARCHIVE_NAME}/"

29
mariadb-auth_pam_tool_dir.patch
View File

@ -1,29 +0,0 @@
This scirpt is ran by the systemd service.
In Fedora the service has priviledges dropped to the mysql user.
Thus "chown 0" will always fail
Never parse 'ls' output!
http://mywiki.wooledge.org/BashFAQ/087
--- mariadb-10.4.12/scripts/mysql_install_db.sh 2020-01-26 21:43:53.000000000 +0100
+++ mariadb-10.4.12/scripts/mysql_install_db.sh_patched 2020-01-29 11:11:09.448812331 +0100
@@ -482,13 +482,16 @@ if test -n "$user"
then
if test -z "$srcdir" -a "$in_rpm" -eq 0
then
- chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
- chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
- if test $? -ne 0
+ if [ `stat "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" -c %u` -ne 0 ]
then
+ chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
+ chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
+ if test $? -ne 0
+ then
echo "Couldn't set an owner to '$pamtooldir/auth_pam_tool_dir/auth_pam_tool'."
echo "It must be root, the PAM authentication plugin doesn't work otherwise.."
echo
+ fi
fi
chown $user "$pamtooldir/auth_pam_tool_dir" && \
chmod 0700 "$pamtooldir/auth_pam_tool_dir"

39
mariadb-check-socket.sh
View File

@ -1,39 +0,0 @@
#!/bin/sh
# We check if there is already a process using the socket file,
# since otherwise the systemd service file could report false
# positive result when starting and mysqld_safe could remove
# a socket file, which is actually being used by a different daemon.
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
if test -e "$socketfile" ; then
echo "Socket file $socketfile exists." >&2
# no write permissions
if ! test -w "$socketfile" ; then
echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi
# not a socket file
if ! test -S "$socketfile" ; then
echo "The file $socketfile is not a socket file, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi
# some process uses the socket file
response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
echo "Is another MariaDB daemon already running with the same unix socket?" >&2
echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
exit 1
fi
# socket file is a garbage
echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2
fi
exit 0

39
mariadb-check-upgrade.sh
View File

@ -1,39 +0,0 @@
#!/bin/sh
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
upgrade_info_file="$datadir/mysql_upgrade_info"
version=0
# get version as integer from mysql_upgrade_info file
if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then
version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/')
version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/')
if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then
version=$((version_major*100+version_minor))
fi
fi
# compute current version as integer
thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@))
# provide warning in cases we should run mysql_upgrade
if [ $version -ne $thisversion ] ; then
# give extra warning if some version seems to be skipped
if [ $version -gt 0 ] && [ $version -lt 505 ] ; then
echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2
fi
cat <<EOF >&2
The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps:
1. Back-up your data before with 'mariadb-upgrade'
2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service'
3. Run 'mariadb-upgrade' with a database user that has sufficient privileges
Read more about 'mariadb-upgrade' usage at:
https://mariadb.com/kb/en/mysql_upgrade/
EOF
fi
exit 0

28
mariadb-fips.patch
View File

@ -1,28 +0,0 @@
Fix md5 in FIPS mode
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.
Resolves: rhbz#2050541
diff -up mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc
--- mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips 2022-02-07 16:36:47.255131576 +0100
+++ mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc 2022-02-07 22:57:32.391002916 +0100
@@ -52,12 +52,15 @@ static void md5_result(EVP_MD_CTX *conte
static void md5_init(EVP_MD_CTX *context)
{
+ EVP_MD *md5;
+ md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
EVP_MD_CTX_init(context);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Ok to ignore FIPS: MD5 is not used for crypto here */
EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
- EVP_DigestInit_ex(context, EVP_md5(), NULL);
+ EVP_DigestInit_ex(context, md5, NULL);
+ EVP_MD_free(md5);
}
static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len)

12
mariadb-galera.cnf.patch Normal file
View File

@ -0,0 +1,12 @@
--- mariadb-10.1.13/support-files/wsrep.cnf.sh.orig 2016-03-24 10:12:15.000000000 +0100
+++ mariadb-10.1.13/support-files/wsrep.cnf.sh 2016-04-07 10:18:34.281155365 +0200
@@ -30,6 +30,9 @@ bind-address=0.0.0.0
## WSREP options
##
+# Enable wsrep
+wsrep_on=1
+
# Full path to wsrep provider library or 'none'
wsrep_provider=none

30
mariadb-groonga.patch
View File

@ -1,30 +0,0 @@
# Fixing conflict with groonga package
# https://bugzilla.redhat.com/show_bug.cgi?id=1763287
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt.withoutoption 2019-11-11 14:01:07.762595716 +0100
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt 2019-11-11 14:33:05.224012458 +0100
@@ -86,7 +86,9 @@
set(INCLUDE_DIR "include")
set(GRN_INCLUDE_DIR "include/groonga")
set(DATA_DIR "share")
-set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
+if(NOT DEFINED GRN_DATA_DIR)
+ set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
+endif()
set(CONFIG_DIR "etc")
set(GRN_CONFIG_DIR "${CONFIG_DIR}/${GRN_PROJECT_NAME}")
set(GRN_CONFIG_PATH "${CMAKE_INSTALL_PREFIX}/${GRN_CONFIG_DIR}/groonga.conf")
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt.withoutoption 2019-11-11 14:34:22.661005715 +0100
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt 2019-11-11 14:35:59.962244120 +0100
@@ -16,7 +16,9 @@
# MA 02110-1335 USA
cmake_minimum_required(VERSION 2.6)
-set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
+if (NOT DEFINED GROONGA_NORMALIZER_MYSQL_PROJECT_NAME)
+ set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
+endif()
project("${GROONGA_NORMALIZER_MYSQL_PROJECT_NAME}")
if(DEFINED GROONGA_NORMALIZER_MYSQL_EMBED)

16
mariadb-logrotate.patch
View File

@ -26,9 +26,13 @@ Update 6/2018
beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can. beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
* Submited as PR: https://github.com/MariaDB/server/pull/807 * Submited as PR: https://github.com/MariaDB/server/pull/807
--- mariadb-10.5.4/support-files/mysql-log-rotate.sh.old 2020-09-16 13:36:57.247955135 +0200 Update 01/2022
+++ mariadb-10.5.4/support-files/mysql-log-rotate.sh 2020-09-16 13:40:59.744220908 +0200 * added delaycompress option
@@ -3,23 +3,10 @@ * see https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux
--- mariadb-10.3.32/support-files/mysql-log-rotate.sh 2022-01-14 17:03:27.000000000 +0100
+++ mariadb-10.3.32/support-files/mysql-log-rotate.sh_patched 2022-01-17 15:07:54.205379672 +0100
@@ -3,36 +3,22 @@
# in the [mysqld] section as follows: # in the [mysqld] section as follows:
# #
# [mysqld] # [mysqld]
@ -52,13 +56,15 @@ Update 6/2018
- # create 600 mysql mysql - # create 600 mysql mysql
+@LOG_LOCATION@ { +@LOG_LOCATION@ {
+ create 600 mysql mysql + create 600 mysql mysql
su mysql mysql
notifempty notifempty
daily daily
rotate 3 rotate 3
@@ -27,11 +14,9 @@ missingok
compress compress
+ delaycompress
postrotate postrotate
# just if mariadbd is really running # just if mysqld is really running
- if test -x @bindir@/mysqladmin && \ - if test -x @bindir@/mysqladmin && \
- @bindir@/mysqladmin ping &>/dev/null - @bindir@/mysqladmin ping &>/dev/null
- then - then

401
mariadb-openssl3.patch
View File

@ -1,401 +0,0 @@
From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Mon, 8 Nov 2021 18:48:19 +0100
Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
Summary of changes
- MD_CTX_SIZE is increased
- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
to nobody knows where. The assumption made previously was that
(since the function does not seem to be documented)
was that it points to the last partial source block.
Add own partial block buffer for NOPAD encryption instead
- SECLEVEL in CipherString in openssl.cnf
had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
in addition to what was set in --ssl-cipher
- ctx_buf buffer now must be aligned to 16 bytes with openssl(
previously with WolfSSL only), ot crashes will happen
- updated aes-t , to be better debuggable
using function, rather than a huge multiline macro
added test that does "nopad" encryption piece-wise, to test
replacement of EVP_CIPHER_CTX_buf_noconst
---
cmake/ssl.cmake | 19 ++++-
include/ssl_compat.h | 3 +-
mysql-test/lib/openssl.cnf | 2 +-
mysql-test/main/ssl_cipher.result | 6 +-
mysql-test/main/ssl_cipher.test | 2 +-
mysys_ssl/my_crypt.cc | 46 +++++++-----
unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++--------
7 files changed, 141 insertions(+), 58 deletions(-)
diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake
--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100
@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
SET(SSL_INTERNAL_INCLUDE_DIRS "")
SET(SSL_DEFINES "-DHAVE_OPENSSL")
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
+
+ # Silence "deprecated in OpenSSL 3.0"
+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
+ ENDIF()
+
SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+
CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
HAVE_ERR_remove_thread_state)
CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
HAVE_EncryptAes128Gcm)
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
HAVE_X509_check_host)
- SET(CMAKE_REQUIRED_INCLUDES)
- SET(CMAKE_REQUIRED_LIBRARIES)
+
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
ELSE()
IF(WITH_SSL STREQUAL "system")
MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h
--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100
@@ -24,7 +24,7 @@
#define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
#define ERR_remove_state(X) ERR_clear_error()
#define EVP_CIPHER_CTX_SIZE 176
-#define EVP_MD_CTX_SIZE 48
+#define EVP_MD_CTX_SIZE 72
#undef EVP_MD_CTX_init
#define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
#undef EVP_CIPHER_CTX_init
@@ -74,7 +74,6 @@
#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
#endif
-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf
--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100
@@ -9,4 +9,4 @@ ssl_conf = ssl_section
system_default = system_default_section
[system_default_section]
-CipherString = ALL:@SECLEVEL=1
+CipherString = ALL:@SECLEVEL=0
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100
@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
-SHOW STATUS LIKE 'Ssl_cipher_list';
-Variable_name Value
-Ssl_cipher_list AES128-SHA
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
+VARIABLE_VALUE like '%AES128-SHA%'
+1
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100
@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL)
--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
--replace_regex /TLS_AES_.*/AES128-SHA/
-SHOW STATUS LIKE 'Ssl_cipher_list';
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc
--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100
@@ -29,11 +29,7 @@
#include <ssl_compat.h>
#include <cstdint>
-#ifdef HAVE_WOLFSSL
#define CTX_ALIGN 16
-#else
-#define CTX_ALIGN 0
-#endif
class MyCTX
{
@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
{
public:
const uchar *key;
- uint klen, buf_len;
+ uint klen, source_tail_len;
uchar oiv[MY_AES_BLOCK_SIZE];
+ uchar source_tail[MY_AES_BLOCK_SIZE];
MyCTX_nopad() : MyCTX() { }
~MyCTX_nopad() { }
@@ -112,7 +109,7 @@ public:
compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
this->key= key;
this->klen= klen;
- this->buf_len= 0;
+ this->source_tail_len= 0;
if (ivlen)
memcpy(oiv, iv, ivlen);
DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
@@ -123,26 +120,41 @@ public:
return res;
}
+ /** Update last partial source block, stored in source_tail array. */
+ void update_source_tail(const uchar* src, uint slen)
+ {
+ if (!slen)
+ return;
+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
+ if (new_tail_len)
+ {
+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
+ {
+ memcpy(source_tail + source_tail_len, src, slen);
+ }
+ else
+ {
+ DBUG_ASSERT(slen > new_tail_len);
+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
+ }
+ }
+ source_tail_len= new_tail_len;
+ }
+
int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
{
- buf_len+= slen;
+ update_source_tail(src, slen);
return MyCTX::update(src, slen, dst, dlen);
}
int finish(uchar *dst, uint *dlen)
{
- buf_len %= MY_AES_BLOCK_SIZE;
- if (buf_len)
+ if (source_tail_len)
{
- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
-
- NOTE this assumes that there are only buf_len bytes in the buf.
- If OpenSSL will change that, we'll need to change the implementation
- of this class too.
*/
uchar mask[MY_AES_BLOCK_SIZE];
uint mlen;
@@ -154,10 +166,10 @@ public:
return rc;
DBUG_ASSERT(mlen == sizeof(mask));
- for (uint i=0; i < buf_len; i++)
- dst[i]= buf[i] ^ mask[i];
+ for (uint i=0; i < source_tail_len; i++)
+ dst[i]= source_tail[i] ^ mask[i];
}
- *dlen= buf_len;
+ *dlen= source_tail_len;
return MY_AES_OK;
}
};
diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c
--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100
@@ -21,27 +21,96 @@
#include <string.h>
#include <ctype.h>
-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \
- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \
- { \
- memset(src, fill, src_len= slen); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \
- src, src_len, dst, &dst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \
- if (!nopad) \
- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
- my_md5(md5, (char*)dst, dst_len); \
- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \
- dst, dst_len, ddst, &ddst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "decrypt " #mode " %u", dst_len); \
- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
+
+/** Test streaming encryption, bytewise update.*/
+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
+ unsigned int slen, unsigned char *dst, unsigned int *dlen,
+ const unsigned char *key, unsigned int klen,
+ const unsigned char *iv, unsigned int ivlen)
+{
+ /* Allocate context on odd address on stack, in order to
+ catch misalignment errors.*/
+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
+
+ int res1, res2;
+ uint d1= 0, d2;
+ uint i;
+
+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
+ return res1;
+ for (i= 0; i < slen; i++)
+ {
+ uint tmp_d1=0;
+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
+ if (res1)
+ return res1;
+ d1+= tmp_d1;
+ dst+= tmp_d1;
+ }
+ res2= my_aes_crypt_finish(ctx, dst, &d2);
+ *dlen= d1 + d2;
+ return res1 ? res1 : res2;
+}
+
+
+#ifndef HAVE_EncryptAes128Ctr
+const uint MY_AES_CTR=0xDEADBEAF;
+#endif
+#ifndef HAVE_EncryptAes128Gcm
+const uint MY_AES_GCM=0xDEADBEAF;
+#endif
+
+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF)
+
+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
+ char fill, size_t dlen, const char *hash)
+{
+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
+ uchar src[1000], dst[1100], dst2[1100], ddst[1000];
+ uchar md5[MY_MD5_HASH_SIZE];
+ uint src_len, dst_len, dst_len2, ddst_len;
+ int result;
+
+ if (MY_AES_UNSUPPORTED(mode))
+ {
+ skip(nopad?7:6, "%s not supported", mode_str);
+ return;
+ }
+ memset(src, fill, src_len= slen);
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
+ nopad ? "nopad" : "pad");
+
+ if (nopad)
+ {
+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
+ src_len, dst2, &dst_len2, key, sizeof(key),
+ iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
+ /* Compare with non-bytewise encryption result*/
+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
+ "memcmp bytewise %s %u", mode_str, src_len);
}
+ else
+ {
+ int dst_len_real= my_aes_get_size(mode, src_len);
+ ok(dst_len_real= dst_len, "my_aes_get_size");
+ }
+ my_md5(md5, (char *) dst, dst_len);
+ ok(dst_len == dlen, "md5 len");
+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
+ sizeof(iv));
+
+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
+}
-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
/* useful macro for debugging */
#define PRINT_MD5() \
@@ -53,25 +122,15 @@
printf("\"\n"); \
} while(0);
-#ifndef HAVE_EncryptAes128Ctr
-const uint MY_AES_CTR=0xDEADBEAF;
-#endif
-#ifndef HAVE_EncryptAes128Gcm
-const uint MY_AES_GCM=0xDEADBEAF;
-#endif
int
main(int argc __attribute__((unused)),char *argv[])
{
- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
- uchar src[1000], dst[1100], ddst[1000];
- uchar md5[MY_MD5_HASH_SIZE];
- uint src_len, dst_len, ddst_len;
MY_INIT(argv[0]);
- plan(87);
+ plan(122);
+
DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
MariaDB before 10.8 series does not contain the OpenSSL 3 patch on the upstream.
MariaDB upstream later added the following condition:
https://github.com/MariaDB/server/commit/c9beef4315
limiting the OpenSSL that can be used to < 3. and reverted this commit for 10.8 and later:
https://github.com/MariaDB/server/commit/64e358821e
Since we apply the OpenSSL 3 patch from MariaDB 10.8 series to earlier series, we need to revert this commit
on those earlier series too.
--- mariadb-10.5.15-downstream_modified/cmake/ssl.cmake 2022-02-22 05:13:17.259097302 +0100
+++ mariadb-10.5.15-downstream_modified/cmake/ssl.cmake_patched 2022-02-23 07:22:20.290082378 +0100
@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
ENDIF()
FIND_PACKAGE(OpenSSL)
SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
+ IF(OPENSSL_FOUND)
SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
INCLUDE(CheckSymbolExists)
SET(SSL_SOURCES "")

22
mariadb-ownsetup.patch
View File

@ -1,13 +1,15 @@
--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200 diff -up mariadb-10.1.8/support-files/CMakeLists.txt.p9 mariadb-10.1.8/support-files/CMakeLists.txt
+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200 --- mariadb-10.2.32/support-files/CMakeLists.txt 2020-05-08 13:45:27.000000000 +0200
@@ -187,6 +187,7 @@ IF(UNIX) +++ mariadb-10.2.32/support-files/CMakeLists.txt_pacthed 2020-05-13 10:11:30.884190396 +0200
COMPONENT SharedLibraries) @@ -100,7 +100,8 @@ IF(UNIX)
INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR} ENDIF()
COMPONENT Client)
+ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY) CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR} - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
COMPONENT IniFiles) + CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR} + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100 --- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100

11
mariadb-pcdir.patch
View File

@ -3,17 +3,18 @@ Use PCDIR CMake option, if configured
Upstream install the server pkgconfig file into arch-independent directory Upstream install the server pkgconfig file into arch-independent directory
Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340 Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340
--- mariadb-10.5.5/support-files/CMakeLists.txt.old 2020-09-30 10:36:08.582490318 +0200 --- mariadb-10.3.12/support-files/CMakeLists.txt 2019-03-20 15:25:53.423283135 +0100
+++ mariadb-10.5.5/support-files/CMakeLists.txt 2020-09-30 10:38:58.079710848 +0200 +++ mariadb-10.3.12/support-files/CMakeLists.txt_patched 2019-03-20 15:38:56.372819958 +0100
@@ -91,7 +91,11 @@ @@ -82,7 +82,12 @@ IF(UNIX)
ENDIF()
CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY) CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
+IF(INSTALL_PCDIR) +IF(INSTALL_PCDIR)
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development)
+ELSE() +ELSE()
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development) INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
+ENDIF() +ENDIF()
+
INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development) INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)

137
mariadb-prepare-db-dir.sh
View File

@ -1,137 +0,0 @@
#!/bin/sh
# This script creates the MariaDB data directory during first service start.
# In subsequent starts, it does nothing much.
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
export LC_ALL=C
# Returns content of the specified directory
# If listing files fails, fake-file is returned so which means
# we'll behave like there was some data initialized
# Some files or directories are fine to be there, so those are
# explicitly removed from the listing
# @param <dir> datadir
list_datadir ()
{
( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
-e '^lost+found$' \
-e '\.err$' \
-e '^.bash_history$'
}
# Checks whether datadir should be initialized
# @param <dir> datadir
should_initialize ()
{
test -z "$(list_datadir "$1")"
}
# If two args given first is user, second is group
# otherwise the arg is the systemd service file
if [ "$#" -eq 2 ]
then
myuser="$1"
mygroup="$2"
else
# Absorb configuration settings from the specified systemd service file,
# or the default service if not specified
SERVICE_NAME="$1"
if [ x"$SERVICE_NAME" = x ]
then
SERVICE_NAME=@DAEMON_NAME@.service
fi
myuser=`systemctl show -p User "${SERVICE_NAME}" |
sed 's/^User=//'`
if [ x"$myuser" = x ]
then
myuser=mysql
fi
mygroup=`systemctl show -p Group "${SERVICE_NAME}" |
sed 's/^Group=//'`
if [ x"$mygroup" = x ]
then
mygroup=mysql
fi
fi
# Set up the errlogfile with appropriate permissions
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
case $(basename "$errlogfile") in
mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
*) ;;
esac
else
# Provide some advice if the log file cannot be created by this script
errlogdir=$(dirname "$errlogfile")
if ! [ -d "$errlogdir" ] ; then
echo "The directory $errlogdir does not exist." >&2
exit 1
elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
echo "The daemon will be run under $myuser:$mygroup" >&2
exit 1
fi
fi
# Make the data directory if doesn't exist or empty
if should_initialize "$datadir" ; then
# First, make sure $datadir is there with correct permissions
# (note: if it's not, and we're not root, this'll fail ...)
if [ ! -e "$datadir" -a ! -h "$datadir" ]
then
mkdir -p "$datadir" || exit 1
fi
chown "$myuser:$mygroup" "$datadir"
chmod 0755 "$datadir"
[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
# Now create the database
echo "Initializing @NICE_PROJECT_NAME@ database" >&2
# Avoiding deletion of files not created by mysql_install_db is
# guarded by time check and sleep should help work-arounded
# potential issues on systems with 1 second resolution timestamps
# https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
INITDB_TIMESTAMP=`LANG=C date -u`
sleep 1
@bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
ret=$?
if [ $ret -ne 0 ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
# Clean up any partially-created database files
if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
echo "Files created so far will be removed." >&2
find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
-not -name "lost+found" -exec rm -rf {} +
if [ $? -ne 0 ] ; then
echo "Removing of created files was not successfull." >&2
echo "Please, clean directory $datadir manually." >&2
fi
else
echo "However, part of data has been initialized and those will not be removed." >&2
echo "Please, clean directory $datadir manually." >&2
fi
exit $ret
fi
# upgrade does not need to be run on a fresh datadir
echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
else
if [ -d "$datadir/mysql/" ] ; then
# mysql dir exists, it seems data are initialized properly
echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
else
# if the directory is not empty but mysql/ directory is missing, then
# print error and let user to initialize manually or empty the directory
echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
echo "Make sure the $datadir is empty before running `basename $0`." >&2
exit 1
fi
fi
exit 0

68
mariadb-scripts-common.sh
View File

@ -1,68 +0,0 @@
#!/bin/sh
# Some useful functions used in other MariaDB helper scripts
# This scripts defines variables datadir, errlogfile, socketfile
export LC_ALL=C
# extract value of a MariaDB option from config files
# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
# result is returned in $result
# We use my_print_defaults which prints all options from multiple files,
# with the more specific ones later; hence take the last match.
get_mysql_option(){
if [ $# -ne 3 ] ; then
echo "get_mysql_option requires 3 arguments: section option default_value"
return
fi
sections="$1"
option_name="$2"
default_value="$3"
result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="${default_value}"
fi
}
# For the case of running more instances via systemd, scripts that source
# this file can get --default-group-suffix or similar option as the first
# argument. The utility my_print_defaults needs to use it as well, so the
# scripts sourcing this file work with the same options as the daemon.
my_print_defaults_extra_args=''
while echo "$1" | grep -q '^--defaults' ; do
my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
shift
done
# Defaults here had better match what mariadbd-safe will default to
# The option values are generally defined on three important places
# on the default installation:
# 1) default values are hardcoded in the code of mariadbd daemon or
# mariadbd-safe script
# 2) configurable values are defined in @sysconfdir@/my.cnf
# 3) default values for helper scripts are specified bellow
# So, in case values are defined in my.cnf, we need to get that value.
# In case they are not defined in my.cnf, we need to get the same value
# in the daemon, as in the helper scripts. Thus, default values here
# must correspond with values defined in mariadbd-safe script and source
# code itself.
server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera"
get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
datadir="$result"
# if there is log_error in the my.cnf, my_print_defaults still
# returns log-error
# log-error might be defined in mysqld_safe and mysqld sections,
# the former has bigger priority
get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
errlogfile="$result"
get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
socketfile="$result"
get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
pidfile="$result"

11
mariadb-scripts.patch
View File

@ -1,12 +1,11 @@
We have some downstream patches and other scripts that include variables to We have some downstream patches and other scripts that include variables to
be expanded by cmake. Cmake needs to know about them, so adding them manually. be expanded by cmake. Cmake needs to know about them, so adding them manually.
# Install libgcc as mylibgcc.a --- mariadb-10.3.8/scripts/CMakeLists.txt 2018-07-02 09:34:11.000000000 +0200
--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200 +++ mariadb-10.3.8/scripts/CMakeLists.txt_patched 2018-07-03 10:58:15.954670153 +0200
+++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200 @@ -361,6 +361,34 @@ ELSE()
@@ -377,6 +377,34 @@ COMPONENT ${${file}_COMPONENT}
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT}) )
ENDIF()
ENDFOREACH() ENDFOREACH()
+ +
+ # files for systemd + # files for systemd

1078
mariadb-spider_on_armv7hl.patch
View File

File diff suppressed because it is too large Load Diff

13
mariadb-ssl-cipher-tests.patch
View File

@ -1,13 +0,0 @@
diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100
+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100
@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
let $restart_parameters=--ssl-cipher=AES128-SHA;
source include/restart_mysqld.inc;
connect (ssl_con,localhost,root,,,,,SSL);
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher_list';
disconnect ssl_con;
connection default;

31
mariadb.rpmlintrc
View File

@ -6,14 +6,13 @@
# Spelling errors # Spelling errors
addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage|libmariadb|mariadbd) ') addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage|libmariadb) ')
# Debugsource # Debugsource
addFilter(r'^mariadb.*debugsource\.[^:]+: (E|W): no-documentation') addFilter(r'^mariadb.*debugsource\.[^:]+: (E|W): no-documentation')
# Debuginfo # Debuginfo
addFilter(r'^mariadb.*debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)') addFilter(r'^mariadb.*debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)')
# Debug symlinks
addFilter(r'dangling-relative-symlink /usr/lib/.build-id')
# Testsuite # Testsuite
# Some expected tests results are zero-length files # Some expected tests results are zero-length files
@ -33,9 +32,6 @@ addFilter(r'no-manual-page-for-binary')
addFilter(r'obsolete-not-provided MySQL') addFilter(r'obsolete-not-provided MySQL')
# Provided by mariadb-connector-c # Provided by mariadb-connector-c
addFilter(r'obsolete-not-provided mariadb-libs') addFilter(r'obsolete-not-provided mariadb-libs')
# Upstream dropped support
addFilter(r'obsolete-not-provided mariadb-bench')
addFilter(r'obsolete-not-provided mariadb-tokudb-engine')
# Config file without noreplace flag # Config file without noreplace flag
# Don't replace logs that may contain old entries # Don't replace logs that may contain old entries
@ -54,26 +50,7 @@ addFilter(r'incoherent-logrotate-file /etc/logrotate.d/mariadb')
addFilter(r'non-executable-in-bin /usr/bin/wsrep_sst_common 644') addFilter(r'non-executable-in-bin /usr/bin/wsrep_sst_common 644')
addFilter(r'script-without-shebang /usr/bin/wsrep_sst_common') addFilter(r'script-without-shebang /usr/bin/wsrep_sst_common')
addFilter(r'non-executable-script /usr/bin/wsrep_sst_common 644 None') addFilter(r'non-executable-script /usr/bin/wsrep_sst_common 644 None')
# mariadb-scripts-common has a similar issue # mysql-scripts-common has a simmilar issue
addFilter(r'non-executable-script /usr/libexec/mariadb-scripts-common 644 /bin/sh') addFilter(r'non-executable-script /usr/libexec/mysql-scripts-common 644 /bin/sh')
# Seems pretty standard to me ... # Seems pretty standard to me ...
addFilter(r'non-standard-dir-perm /var/log/mariadb 750') addFilter(r'non-standard-dir-perm /var/log/mariadb 750')
# 640 is IMO also prety OK
addFilter(r'non-readable /etc/sysconfig/clustercheck 640')
# Unversioned bundles
# RocksDB has so rapid developement, it it not compatible through versions.
# That means we need to stick to the exact verison upstream use.
addFilter(r'unversioned-explicit-provides bundled\(rocksdb\)')
# Testsuite errors
addFilter(r'non-executable-script /usr/share/mysql-test')
addFilter(r'arch-dependent-file-in-usr-share /usr/share/mysql-test')
# Comments at the end of RPM %endif tags
addFilter(r'extra tokens at the end of %endif directive')
# PAM plugin specialities - all expected
addFilter(r'non-conffile-in-etc /etc/security/user_map.conf')
addFilter(r'setuid-binary /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')
addFilter(r'non-standard-executable-perm /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')

922
mariadb.spec
View File

File diff suppressed because it is too large Load Diff

3
mariadb.tmpfiles.d.in
View File

@ -1,3 +0,0 @@
# Do not edit this file.
# To override this, put /etc/tmpfiles.d/mariadb.conf instead.
d @PID_FILE_DIR@ 0755 mysql mysql -

5
rh-skipped-tests-arm.list
View File

@ -1,2 +1,3 @@
# Fails since 10.3.17, only on armv7hl # Fails on aarch64
versioning.partition : innodb.innodb_buffer_pool_resize :
innodb.innodb_buffer_pool_resize_with_chunks :

61
rh-skipped-tests-base.list
View File

@ -1,12 +1,18 @@
# The SSL test are failing correctly. Fro more explanation, see: # Fails everywhere
# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275 innodb.innodb_defrag_binlog :
main.ssl_7937 : #1399847
main.ssl_8k_key : main.ssl_7937 :
main.ssl_crl : #1399847 main.ssl_8k_key :
main.ssl_crl :
main.ssl_system_ca :
main.userstat :
# ------------------------------
# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
perfschema.cnf_option : perfschema.cnf_option :
perfschema.nesting :
perfschema.socket_summary_by_event_name_func :
perfschema.socket_summary_by_instance_func :
plugins.feedback_plugin_load :
rpl.rpl_row_img_blobs : rpl.rpl_row_img_blobs :
rpl.rpl_row_img_eng_min : rpl.rpl_row_img_eng_min :
@ -14,41 +20,8 @@ rpl.rpl_row_img_eng_noblob :
sys_vars.slave_parallel_threads_basic : sys_vars.slave_parallel_threads_basic :
# ------------------------------ # Fails only on i686
# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead main.myisampack :
# We don't build the plugin in server; we build it in mariadb-connector-c instead
plugins.auth_ed25519 : plugins.auth_ed25519 :
plugins.multiauth :
# ------------------------------
perfschema.nesting : #1399847
perfschema.socket_summary_by_instance_func : #1399847
perfschema.socket_summary_by_event_name_func :
# ------------------------------
# Fails since 10.1.12
innodb.innodb_defrag_binlog :
# Fails everywhere since 10.2.15
main.userstat :
# Fails everywhere since 10.4.11
main.events_bugs :
sys_vars.tcp_nodelay :
# Fails on i686
encryption.innodb-redo-badkey :
# Fails since 10.5.2
main.mysqld--help2 :
disks.disks :
disks.disks_notembedded :
# Fails since 10.5.3
main.mysqld--help-aria :
# Fails since 10.5.4
main.ssl_system_ca :
# Fails since 10.5.7
innodb.innodb_wl6326_big :
plugins.feedback_plugin_load :

33
rh-skipped-tests-ppc.list
View File

@ -1,5 +1,30 @@
# Fails on ppc64le since 10.4.12 # Fails on ppc64le
oqgraph.social : parts.partition_alter1_1_innodb :
parts.partition_alter1_2_innodb :
parts.partition_alter1_1_2_innodb :
parts.partition_alter1_2_1_innodb :
parts.partition_alter2_1_1_innodb :
parts.partition_alter1_2_2_innodb :
parts.partition_alter2_1_2_innodb :
parts.partition_alter2_2_1_innodb :
parts.partition_alter2_2_2_innodb :
parts.partition_alter4_innodb :
parts.partition_basic_innodb :
parts.part_supported_sql_func_innodb :
# Fails since 10.5.2 rpl.rpl_loaddata_m :
rh-skipped-tests-ppc.list :
#
stress.ddl_innodb :
innodb.innodb_buffer_pool_resize :
innodb.innodb_buffer_pool_resize_with_chunks :
innodb.innodb_bulk_create_index :
innodb.innodb_defrag_binlog :
innodb.innodb_defrag_concurrent :
innodb_gis.kill_server :
gcol.innodb_virtual_basic :
# Unstable (randomly failing) tests
innodb_gis.rtree_search :
main.type_ranges :

11
rh-skipped-tests-s390.list
View File

@ -1,3 +1,8 @@
# Fails since 10.5.2 # Fails on s390x
perfschema.memory_aggregate_32bit : disks.disks :
period.overlaps : disks.disks_notembedded :
# related to MDEV-20194
# first check of `undefined` table causes warning,
# instead INSERT and ALTER should cause it
innodb.row_size_error_log_warnings_3 :

50
rpminspect.yaml
View File

@ -1,50 +0,0 @@
# Set up global ignore list
ignore:
# mysql-test/ directory contains an extensive test-suite of about 20.000 files;
# It is very time consuming to be fully analysed and the results aren't useful anyway
# It is expected the tests change during rebases, as the underlying functionality the test evolve
# Some of the tests contain broken or problematic code, however that is on purpose
- /usr/share/mysql-test/
# based on https://lists.launchpad.net/maria-discuss/msg06133.html discussion
# are the invalid xmls (except for Index.xml) present in the sources on purpose
# and they can be removed from xmllint rpminspect check in the CI process.
#
# A bug report [https://jira.mariadb.org/browse/MDEV-26905] was created in the upstream
# for the Index.xml file.
#
# Fedora CI picks up the rpmlimspect.yaml for specific package in the dist-git repo
#[ref: https://rpminspect.readthedocs.io/en/latest/configuration.html#rpminspect-yaml]
#
xml:
ignore:
- /usr/share/mysql-test/std_data/loadxml.dat
- /usr/share/mysql-test/std_data/loaddata/mdev9874.xml
- /usr/share/mysql-test/std_data/ldml/Index.xml
- /usr/share/mysql-test/plugin/sphinx/sphinx/testdata.xml
- /usr/share/mysql-test/plugin/connect/connect/std_data/nocs.xml
- /usr/share/mariadb/charsets/Index.xml
# ignore bad functions in resolveip binary, based on BZ1973194
# all forbidden functions listed in main rpminspect config
# have to be menioned also here, else it would not be checked for them
badfuncs:
- gethostbyname
- gethostbyname2
- gethostbyaddr
- inet_addr
- inet_aton
- inet_nsap_addr
- inet_ntoa
- inet_nsap_ntoa
- inet_makeaddr
- inet_netof
- inet_network
- inet_neta
- inet_net_ntop
- inet_net_pton
- rcmd
- rexec
- rresvport
ignore:
- /usr/bin/resolveip

2
sources
View File

@ -1 +1 @@
SHA512 (mariadb-10.5.8.tar.gz) = 9801a68440a3502b49655e34dcbfd09734f4a4f1ba8621ed9b895e194cea461a8c69fb0ff66488d5defd3065b43f73e5083a60142e11cc7e4a442f86769b06e5 SHA512 (mariadb-10.3.35.tar.gz) = 9355de944eccef4e0bc01b19ffc3c0c72cf88befae7385c6f0ee1ea47dbd98d23f6bb46af9c140acc48d9d9613552870684bc0b7ca1f3cff1dc09c1a2c801573