From 598987a975ec022ff119e3269c8534d03b8d3156 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 26 Apr 2022 09:53:08 -0400 Subject: [PATCH] import mariadb-10.5.13-1.module+el8.5.0+14125+d11efe18 --- .gitignore | 2 +- .mariadb.metadata | 2 +- SOURCES/README.wsrep_sst_rsync_tunnel | 132 +++++ SOURCES/mariadb-openssl3.patch | 378 ++++++++++++++ SOURCES/rh-skipped-tests-base.list | 4 + SOURCES/rh-skipped-tests-ppc.list | 9 + ...096f93b7f130b36f8bc0fc43440db9a848e4.patch | 62 --- SOURCES/wsrep_sst_rsync_tunnel | 492 ++++++++++++++++++ SPECS/mariadb.spec | 206 ++++---- 9 files changed, 1118 insertions(+), 169 deletions(-) create mode 100644 SOURCES/README.wsrep_sst_rsync_tunnel create mode 100644 SOURCES/mariadb-openssl3.patch create mode 100644 SOURCES/wsrep_sst_rsync_tunnel diff --git a/.gitignore b/.gitignore index 023cbee..ec7f53e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mariadb-10.5.9.tar.gz +SOURCES/mariadb-10.5.13-downstream_modified.tar.gz diff --git a/.mariadb.metadata b/.mariadb.metadata index 032702d..4f2d986 100644 --- a/.mariadb.metadata +++ b/.mariadb.metadata @@ -1 +1 @@ -73767fac3d1c504298259708272fb6a58e644967 SOURCES/mariadb-10.5.9.tar.gz +ace36fe1a0ebba69b7cab359cb9a51c5b9fecbb4 SOURCES/mariadb-10.5.13-downstream_modified.tar.gz diff --git a/SOURCES/README.wsrep_sst_rsync_tunnel b/SOURCES/README.wsrep_sst_rsync_tunnel new file mode 100644 index 0000000..0222b34 --- /dev/null +++ b/SOURCES/README.wsrep_sst_rsync_tunnel @@ -0,0 +1,132 @@ +socat tunnel for encrypted rsync SST +==================================== + +`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer) +implementation that ships with mariadb. Its purpose is to encrypt +communication between the donor and the joiner during an SST. + +Encryption is implemented by means of a socat tunnel, using OPENSSL +addresses. It can be configured via the regular openssl flags exposed +by socat. + + +## How to configure the script + +This SST script can configured by setting a few keys in your favorite +mariadb option file in addition to the usual galera settings. + + [mysqld] + ... + bind_address= + wsrep_sst_method=rsync_tunnel + ... + + [sst] + tca=/path/to/your/ca-file.crt + tcert=/path/to/node/certificate.crt + tkey=/path/to/node/key.key + sockopt= + +When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses +socat to listen to incoming SSL connections on port 4444 in lieu of +the original rsync daemon. Received data will be forwarded to the +rscynd daemon started locally to replicate the database. + +When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes +a series of rsync calls that target a locally started socat daemon. +The daemon tunnels all rsync traffic into an encrypted SSL connection +that targets the joiner's end of the socat tunnel. + +Encryption parameters are specified under the `[sst]` group in the +mariadb option file, where `tkey` and `tcert` are respectively the key +and the certificate that are used by both sides of the socat tunnel. +Each node typically has a different key and cert. Both key and +certificate can be combined into a single PEM file and referenced by +`tcert`. Option `tca` holds a list of the trusted signing +certificates. + +In case you need to tweak the creation of the SSL connection, you can +pass valid socat options (as per socat manual) via the `sockopt` key. +For debugging purpose, the exact socat command that is being executed +shows up in the mariadb log file. + +Note that socat verifies that the certificate's commonName matches +that of the host that is being targeted. The target name comes from +the value configured in `bind_address`, so it's important that it +matches the certificate's commonName. An IP address can be used for +`bind_address`, but you may get into trouble in case different +hostnames resolve to the same IP (e.g. multiple networks per host). + + +## Examples of use + +Suppose you're running a 3-node galera cluster +`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`. + +### Scenario: using self-signed certificates + +On each node, create a key and a certificate, and bundle them into a +single PEM file. For instance on `node1.my.cluster`: + + openssl genrsa -out /tls/mysql-$(hostname -f).key 2048 + openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch + cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem + +Then, on each node, create a cafile that will contain all the certs to +trust: + + for n in node1.my.cluster node2.my.cluster node3.my.cluster; do + ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt + done + +Once you have those two files on each host, you can configure the SST +appropriately. For instance from `/etc/my.cnf.d/galera.cnf`: + + [mysqld] + ... + + [sst] + tca=/tls/all-mysql.crt + tcert=/tls/mysql.pem + +### Scenario: using self-signed certificates, without verification + +By default, when socat tries to establish a SSL connection to a peer, +it also verifies that it can trust the peer's certificate. If for some +reason you need to disable that feature, you can amend the previous +configuration with a sockopt option: + + [mysqld] + ... + + [sst] + tca=/tls/all-mysql.crt + tcert=/tls/mysql.pem + sockopt="verify=0" + +The associated sockopt value is passed to socat when +the donor or the joiner configures his part of the tunnel. + +Note: please do not do so in production, this is inherently insecure +as you will not verify the identity of the peer you're connecting to! + +### Scenario: using certificates from a CA + +Suppose you have a FreeIPA service which generated a key file and a +certificate file for the three galera nodes, respectively located at +/tls/mysql.key and /tls/mysql.crt. + +Assuming that the certificate for the FreeIPA server is available at +/etc/ipa/ca.crt, you can configure you galera servers as follows: + + [sst] + tca=/etc/ipa/ca.crt + tcert=/tls/mysql.crt + tkey=/tls/mysql.key + +## License + +Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin). +This work is derived from the original `wsrep_rsync_sst`, copyright +© 2010-2014 [Codership Oy](https://github.com/codership). +Released under the GNU GPLv2. diff --git a/SOURCES/mariadb-openssl3.patch b/SOURCES/mariadb-openssl3.patch new file mode 100644 index 0000000..0b69969 --- /dev/null +++ b/SOURCES/mariadb-openssl3.patch @@ -0,0 +1,378 @@ +From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001 +From: Vladislav Vaintroub +Date: Mon, 8 Nov 2021 18:48:19 +0100 +Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 + +Summary of changes + +- MD_CTX_SIZE is increased + +- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points + to nobody knows where. The assumption made previously was that + (since the function does not seem to be documented) + was that it points to the last partial source block. + Add own partial block buffer for NOPAD encryption instead + +- SECLEVEL in CipherString in openssl.cnf + had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible + +- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, + in addition to what was set in --ssl-cipher + +- ctx_buf buffer now must be aligned to 16 bytes with openssl( + previously with WolfSSL only), ot crashes will happen + +- updated aes-t , to be better debuggable + using function, rather than a huge multiline macro + added test that does "nopad" encryption piece-wise, to test + replacement of EVP_CIPHER_CTX_buf_noconst +--- + cmake/ssl.cmake | 19 ++++- + include/ssl_compat.h | 3 +- + mysql-test/lib/openssl.cnf | 2 +- + mysql-test/main/ssl_cipher.result | 6 +- + mysql-test/main/ssl_cipher.test | 2 +- + mysys_ssl/my_crypt.cc | 46 +++++++----- + unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- + 7 files changed, 141 insertions(+), 58 deletions(-) + + +diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake +--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100 +@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) + SET(SSL_INTERNAL_INCLUDE_DIRS "") + SET(SSL_DEFINES "-DHAVE_OPENSSL") + ++ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) ++ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) ++ ENDFOREACH() ++ ++ # Silence "deprecated in OpenSSL 3.0" ++ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake ++ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) ++ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") ++ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) ++ ENDIF() ++ + SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) +- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) ++ + CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" + HAVE_ERR_remove_thread_state) + CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" +@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) + HAVE_EncryptAes128Gcm) + CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" + HAVE_X509_check_host) +- SET(CMAKE_REQUIRED_INCLUDES) +- SET(CMAKE_REQUIRED_LIBRARIES) ++ ++ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) ++ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) ++ ENDFOREACH() + ELSE() + IF(WITH_SSL STREQUAL "system") + MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") +diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h +--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100 +@@ -24,7 +24,7 @@ + #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) + #define ERR_remove_state(X) ERR_clear_error() + #define EVP_CIPHER_CTX_SIZE 176 +-#define EVP_MD_CTX_SIZE 48 ++#define EVP_MD_CTX_SIZE 72 + #undef EVP_MD_CTX_init + #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) + #undef EVP_CIPHER_CTX_init +@@ -74,7 +74,6 @@ + #endif + + #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) +-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) + #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) + #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) + +diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf +--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100 +@@ -9,4 +9,4 @@ ssl_conf = ssl_section + system_default = system_default_section + + [system_default_section] +-CipherString = ALL:@SECLEVEL=1 ++CipherString = ALL:@SECLEVEL=0 +diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result +--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100 +@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; + SHOW STATUS LIKE 'Ssl_cipher'; + Variable_name Value + Ssl_cipher AES128-SHA +-SHOW STATUS LIKE 'Ssl_cipher_list'; +-Variable_name Value +-Ssl_cipher_list AES128-SHA ++SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; ++VARIABLE_VALUE like '%AES128-SHA%' ++1 + disconnect ssl_con; + connection default; +diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test +--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100 ++++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100 +@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL) + --replace_regex /TLS_AES_.*/AES128-SHA/ + SHOW STATUS LIKE 'Ssl_cipher'; + --replace_regex /TLS_AES_.*/AES128-SHA/ +-SHOW STATUS LIKE 'Ssl_cipher_list'; ++SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; + disconnect ssl_con; + connection default; +diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc +--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100 +@@ -29,11 +29,7 @@ + #include + #include + +-#ifdef HAVE_WOLFSSL + #define CTX_ALIGN 16 +-#else +-#define CTX_ALIGN 0 +-#endif + + class MyCTX + { +@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX + { + public: + const uchar *key; +- uint klen, buf_len; ++ uint klen, source_tail_len; + uchar oiv[MY_AES_BLOCK_SIZE]; ++ uchar source_tail[MY_AES_BLOCK_SIZE]; + + MyCTX_nopad() : MyCTX() { } + ~MyCTX_nopad() { } +@@ -112,7 +109,7 @@ public: + compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); + this->key= key; + this->klen= klen; +- this->buf_len= 0; ++ this->source_tail_len= 0; + if (ivlen) + memcpy(oiv, iv, ivlen); + DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); +@@ -123,26 +120,41 @@ public: + return res; + } + ++ /** Update last partial source block, stored in source_tail array. */ ++ void update_source_tail(const uchar* src, uint slen) ++ { ++ if (!slen) ++ return; ++ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; ++ if (new_tail_len) ++ { ++ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) ++ { ++ memcpy(source_tail + source_tail_len, src, slen); ++ } ++ else ++ { ++ DBUG_ASSERT(slen > new_tail_len); ++ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); ++ } ++ } ++ source_tail_len= new_tail_len; ++ } ++ + int update(const uchar *src, uint slen, uchar *dst, uint *dlen) + { +- buf_len+= slen; ++ update_source_tail(src, slen); + return MyCTX::update(src, slen, dst, dlen); + } + + int finish(uchar *dst, uint *dlen) + { +- buf_len %= MY_AES_BLOCK_SIZE; +- if (buf_len) ++ if (source_tail_len) + { +- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); + /* + Not much we can do, block ciphers cannot encrypt data that aren't + a multiple of the block length. At least not without padding. + Let's do something CTR-like for the last partial block. +- +- NOTE this assumes that there are only buf_len bytes in the buf. +- If OpenSSL will change that, we'll need to change the implementation +- of this class too. + */ + uchar mask[MY_AES_BLOCK_SIZE]; + uint mlen; +@@ -154,10 +166,10 @@ public: + return rc; + DBUG_ASSERT(mlen == sizeof(mask)); + +- for (uint i=0; i < buf_len; i++) +- dst[i]= buf[i] ^ mask[i]; ++ for (uint i=0; i < source_tail_len; i++) ++ dst[i]= source_tail[i] ^ mask[i]; + } +- *dlen= buf_len; ++ *dlen= source_tail_len; + return MY_AES_OK; + } + }; +diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c +--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100 +@@ -21,27 +21,96 @@ + #include + #include + +-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ +- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ +- { \ +- memset(src, fill, src_len= slen); \ +- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ +- src, src_len, dst, &dst_len, \ +- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ +- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ +- if (!nopad) \ +- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ +- my_md5(md5, (char*)dst, dst_len); \ +- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ +- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ +- dst, dst_len, ddst, &ddst_len, \ +- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ +- "decrypt " #mode " %u", dst_len); \ +- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ ++ ++/** Test streaming encryption, bytewise update.*/ ++static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, ++ unsigned int slen, unsigned char *dst, unsigned int *dlen, ++ const unsigned char *key, unsigned int klen, ++ const unsigned char *iv, unsigned int ivlen) ++{ ++ /* Allocate context on odd address on stack, in order to ++ catch misalignment errors.*/ ++ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; ++ ++ int res1, res2; ++ uint d1= 0, d2; ++ uint i; ++ ++ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) ++ return res1; ++ for (i= 0; i < slen; i++) ++ { ++ uint tmp_d1=0; ++ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); ++ if (res1) ++ return res1; ++ d1+= tmp_d1; ++ dst+= tmp_d1; ++ } ++ res2= my_aes_crypt_finish(ctx, dst, &d2); ++ *dlen= d1 + d2; ++ return res1 ? res1 : res2; ++} ++ ++ ++#ifndef HAVE_EncryptAes128Ctr ++const uint MY_AES_CTR=0xDEADBEAF; ++#endif ++#ifndef HAVE_EncryptAes128Gcm ++const uint MY_AES_GCM=0xDEADBEAF; ++#endif ++ ++#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) ++ ++static void do_test(uint mode, const char *mode_str, int nopad, uint slen, ++ char fill, size_t dlen, const char *hash) ++{ ++ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; ++ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; ++ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; ++ uchar md5[MY_MD5_HASH_SIZE]; ++ uint src_len, dst_len, dst_len2, ddst_len; ++ int result; ++ ++ if (MY_AES_UNSUPPORTED(mode)) ++ { ++ skip(nopad?7:6, "%s not supported", mode_str); ++ return; ++ } ++ memset(src, fill, src_len= slen); ++ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, ++ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); ++ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, ++ nopad ? "nopad" : "pad"); ++ ++ if (nopad) ++ { ++ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, ++ src_len, dst2, &dst_len2, key, sizeof(key), ++ iv, sizeof(iv)); ++ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); ++ /* Compare with non-bytewise encryption result*/ ++ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, ++ "memcmp bytewise %s %u", mode_str, src_len); + } ++ else ++ { ++ int dst_len_real= my_aes_get_size(mode, src_len); ++ ok(dst_len_real= dst_len, "my_aes_get_size"); ++ } ++ my_md5(md5, (char *) dst, dst_len); ++ ok(dst_len == dlen, "md5 len"); ++ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); ++ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, ++ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, ++ sizeof(iv)); ++ ++ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); ++ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); ++} + +-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) +-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) ++#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) ++#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) + + /* useful macro for debugging */ + #define PRINT_MD5() \ +@@ -53,25 +122,15 @@ + printf("\"\n"); \ + } while(0); + +-#ifndef HAVE_EncryptAes128Ctr +-const uint MY_AES_CTR=0xDEADBEAF; +-#endif +-#ifndef HAVE_EncryptAes128Gcm +-const uint MY_AES_GCM=0xDEADBEAF; +-#endif + + int + main(int argc __attribute__((unused)),char *argv[]) + { +- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; +- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; +- uchar src[1000], dst[1100], ddst[1000]; +- uchar md5[MY_MD5_HASH_SIZE]; +- uint src_len, dst_len, ddst_len; + + MY_INIT(argv[0]); + +- plan(87); ++ plan(122); ++ + DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); + DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); + DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list index 40d5384..30c8097 100644 --- a/SOURCES/rh-skipped-tests-base.list +++ b/SOURCES/rh-skipped-tests-base.list @@ -58,3 +58,7 @@ main.myisampack : # Fails everywhere in 10.5.8 rpl.rpl_innodb_mixed_dml : + +# Since 10.5.10 +sys_vars.tcp_nodelay : +innodb.restart : diff --git a/SOURCES/rh-skipped-tests-ppc.list b/SOURCES/rh-skipped-tests-ppc.list index ceff217..f51ee05 100644 --- a/SOURCES/rh-skipped-tests-ppc.list +++ b/SOURCES/rh-skipped-tests-ppc.list @@ -1,2 +1,11 @@ # Fails on ppc64le since 10.4.12 oqgraph.social : + +# Fails since 10.5.13 +encryption.create_or_replace_big : +rpl.rpl_parallel_optimistic_xa_lsu_off : +rpl.rpl_parallel_optimistic_xa : +innodb.innodb_defrag_concurrent : +rpl.rpl_parallel_xa_same_xid : +parts.part_supported_sql_func_innodb : +parts.partition_alter2_1_1_innodb : diff --git a/SOURCES/upstream_5cc2096f93b7f130b36f8bc0fc43440db9a848e4.patch b/SOURCES/upstream_5cc2096f93b7f130b36f8bc0fc43440db9a848e4.patch index f1c2f19..0f104ea 100644 --- a/SOURCES/upstream_5cc2096f93b7f130b36f8bc0fc43440db9a848e4.patch +++ b/SOURCES/upstream_5cc2096f93b7f130b36f8bc0fc43440db9a848e4.patch @@ -297,19 +297,6 @@ index 2001efae3929..6b4d758a5131 100644 $opt_user, $opt_password, { PrintError => 0}) -diff --git a/scripts/mysql_setpermission.sh b/scripts/mysql_setpermission.sh -index 71462d286229..66decbd69af7 100644 ---- a/scripts/mysql_setpermission.sh -+++ b/scripts/mysql_setpermission.sh -@@ -86,7 +86,7 @@ if ($opt_password eq '') - - - # make the connection to MariaDB --$dbh= DBI->connect("DBI:mysql:mysql:host=$sqlhost:port=$opt_port:mysql_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) || -+$dbh= DBI->connect("DBI:MariaDB:mysql:host=$sqlhost:port=$opt_port:mariadb_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) || - die("Can't make a connection to the mysql server.\n The error: $DBI::errstr"); - - # the start of the program diff --git a/scripts/mysqlhotcopy.sh b/scripts/mysqlhotcopy.sh index c56cdea470c0..94e577a94a7f 100644 --- a/scripts/mysqlhotcopy.sh @@ -339,33 +326,6 @@ index c56cdea470c0..94e577a94a7f 100644 ($master_host, $log_file, $log_pos ) = @{$row_hash}{ qw / Master_Host Log_File Pos / }; } else { -diff --git a/scripts/mytop.sh b/scripts/mytop.sh -index 3ef0a59f27f7..1c4d7a502f51 100644 ---- a/scripts/mytop.sh -+++ b/scripts/mytop.sh -@@ -230,11 +230,11 @@ my $dsn; - - ## Socket takes precedence. - --$dsn ="DBI:mysql:database=$config{db};mysql_read_default_group=mytop;"; -+$dsn ="DBI:MariaDB:database=$config{db};mariadb_read_default_group=mytop;"; - - if ($config{socket} and -S $config{socket}) - { -- $dsn .= "mysql_socket=$config{socket}"; -+ $dsn .= "mariadb_socket=$config{socket}"; - } - else - { -@@ -1877,7 +1877,7 @@ following: - - * Perl 5.005 or newer - * Getopt::Long -- * DBI and DBD::mysql -+ * DBI and DBD::MariaDB - * Term::ReadKey from CPAN - - Most systems are likely to have all of those installed--except for diff --git a/sql-bench/server-cfg.sh b/sql-bench/server-cfg.sh index 3991d16c6b18..6ef39c4d91f8 100644 --- a/sql-bench/server-cfg.sh @@ -781,28 +741,6 @@ index c844d2908345..a2b465734dc5 100644 $opt_user, $opt_password, { PrintError => 0}) || die $DBI::errstr; -diff --git a/tests/grant.pl b/tests/grant.pl -index cd6516433166..f8cdc1af4d55 100755 ---- a/tests/grant.pl -+++ b/tests/grant.pl -@@ -60,7 +60,7 @@ - # clear grant tables - # - --$dbh = DBI->connect("DBI:mysql:mysql:$opt_host", -+$dbh = DBI->connect("DBI:MariaDB:mysql:$opt_host", - $opt_root_user,$opt_password, - { PrintError => 0}) || die "Can't connect to mysql server with user '$opt_root_user': $DBI::errstr\n"; - -@@ -653,7 +653,7 @@ sub user_connect - print "Connecting $opt_user\n" if ($opt_verbose); - $user_dbh->disconnect if (defined($user_dbh)); - -- $user_dbh=DBI->connect("DBI:mysql:$opt_database:$opt_host",$opt_user, -+ $user_dbh=DBI->connect("DBI:MariaDB:$opt_database:$opt_host",$opt_user, - $password, { PrintError => 0}); - if (!$user_dbh) - { diff --git a/tests/index_corrupt.pl b/tests/index_corrupt.pl index 6b04ce8a59c5..6f31b85bd614 100755 --- a/tests/index_corrupt.pl diff --git a/SOURCES/wsrep_sst_rsync_tunnel b/SOURCES/wsrep_sst_rsync_tunnel new file mode 100644 index 0000000..f537249 --- /dev/null +++ b/SOURCES/wsrep_sst_rsync_tunnel @@ -0,0 +1,492 @@ +#!/bin/bash -ue + +# Copyright (C) 2010-2014 Codership Oy +# Copyright (C) 2017-2020 Damien Ciabrini +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; see the file COPYING. If not, write to the +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston +# MA 02110-1301 USA. + +# This is a reference script for rsync-based state snapshot tansfer +# over an encrypted communication channel, managed by socat + +RSYNC_PID= # rsync pid file +RSYNC_CONF= # rsync configuration file +RSYNC_REAL_PID= # rsync process id + +SOCAT_PID= # socat pid file +SOCAT_REAL_PID= # socat process id + +SOCAT_OPTS= # openssl connection args + +MODULE="rsync_tunnel_sst" + +OS=$(uname) +[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH + +# Setting the path for lsof on CentOS +export PATH="/usr/sbin:/sbin:$PATH" + +. $(dirname $0)/wsrep_sst_common + +wsrep_check_programs rsync socat + +cleanup_pid() +{ + local real_pid=$1 + [ "0" != "$real_pid" ] && \ + kill $real_pid && \ + sleep 0.5 && \ + kill -9 $real_pid >/dev/null 2>&1 || \ + : +} + +cleanup_tunnel() +{ + if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then + wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID" + cleanup_pid $SOCAT_REAL_PID + fi + rm -rf "$SOCAT_PID" +} + +cleanup_joiner() +{ + wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID" + [ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID + rm -rf "$RSYNC_CONF" + rm -rf "$MAGIC_FILE" + rm -rf "$RSYNC_PID" + + cleanup_tunnel + + wsrep_log_info "Joiner cleanup done." + if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then + wsrep_cleanup_progress_file + fi +} + +# Check whether process is still running. +check_pid() +{ + local pid_file=$1 + [ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1 +} + +check_pid_and_port() +{ + local pid_file=$1 + local service_pid=$2 + local service_port=$3 + local service_host=$4 + local service_name=$5 + + if ! which lsof > /dev/null; then + wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed." + exit 2 # ENOENT + fi + + local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \ + grep "(LISTEN)") + local is_service=$(echo $port_info | \ + grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null) + + if [ -n "$port_info" -a -z "$is_service" ]; then + wsrep_log_error "$service_name daemon port '$service_port' has been taken" + exit 16 # EBUSY + fi + + if ! check_pid $pid_file; then + wsrep_log_error "$service_name process terminated unexpectedly" + exit 10 # ECHILD + fi + + [ -n "$port_info" ] && [ -n "$is_service" ] && \ + [ $(cat $pid_file) -eq $service_pid ] +} + +config_from_cnf() +{ + local group=$1 + local key=$2 + echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1) +} + +setup_tunnel_args() +{ + tca=$(config_from_cnf sst tca) + tkey=$(config_from_cnf sst tkey) + tcert=$(config_from_cnf sst tcert) + sockopt=$(config_from_cnf sst sockopt) + + if [ -z "$tcert" ]; then + wsrep_log_error "Encryption certificate not found in my.cnf" + exit 3 + else + SOCAT_OPTS="cert=$tcert" + fi + [ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey" + [ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca" + wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS" + + [ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt" +} + +MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete" +rm -rf "$MAGIC_FILE" + +BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar" +BINLOG_N_FILES=1 +rm -f "$BINLOG_TAR_FILE" || : + +if ! [ -z $WSREP_SST_OPT_BINLOG ] +then + BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG) + BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG) +fi + +WSREP_LOG_DIR=${WSREP_LOG_DIR:-""} +# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf +if [ -z "$WSREP_LOG_DIR" ]; then + WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \ + | grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \ + | cut -b 29- ) +fi + +if [ -n "$WSREP_LOG_DIR" ]; then + # handle both relative and absolute paths + WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P) +else + # default to datadir + WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P) +fi + +# Old filter - include everything except selected +# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \ +# --exclude '*.conf' --exclude core --exclude 'galera.*' \ +# --exclude grastate.txt --exclude '*.pem' \ +# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index') + +# New filter - exclude everything except dirs (schemas) and innodb files +FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes' + -f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*') + +SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid" + +if check_pid $SOCAT_PID +then + wsrep_log_error "socat tunnel already running." + exit 114 # EALREADY +fi +rm -rf "$SOCAT_PID" + +setup_tunnel_args + +if [ "$WSREP_SST_OPT_ROLE" = "donor" ] +then + + SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}') + # map to name in case we received an IP + SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }') + if [ -z "$SOCAT_JOINER_HOST" ]; then + SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR + fi + SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }') + if [ -z "$SOCAT_PORT" ] + then + SOCAT_PORT=4444 + fi + TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE + + trap cleanup_tunnel EXIT + + # Socat forwards rsync connections to the joiner + SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork + SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS + wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST" + socat $SOCAT_SRC $SOCAT_DST & + SOCAT_REAL_PID=$! + # This is ok because a local galera node doesn't run SST concurrently + echo $SOCAT_REAL_PID >"$SOCAT_PID" + until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat" + do + sleep 0.2 + done + + if [ $WSREP_SST_OPT_BYPASS -eq 0 ] + then + + FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed" + ERROR="$WSREP_SST_OPT_DATA/sst_error" + + rm -rf "$FLUSHED" + rm -rf "$ERROR" + + # Use deltaxfer only for WAN + inv=$(basename $0) + [ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \ + || WHOLE_FILE_OPT="--whole-file" + + echo "flush tables" + + # Wait for : + # (a) Tables to be flushed, AND + # (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR + # (c) ERROR file, in case flush tables operation failed. + + while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1 + do + # Check whether ERROR file exists. + if [ -f "$ERROR" ] + then + # Flush tables operation failed. + rm -rf "$ERROR" + exit 255 + fi + + sleep 0.2 + done + + STATE="$(cat $FLUSHED)" + rm -rf "$FLUSHED" + + sync + + if ! [ -z $WSREP_SST_OPT_BINLOG ] + then + # Prepare binlog files + pushd $BINLOG_DIRNAME &> /dev/null + binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index) + binlog_files="" + for ii in $binlog_files_full + do + binlog_files="$binlog_files $(basename $ii)" + done + if ! [ -z "$binlog_files" ] + then + wsrep_log_info "Preparing binlog files for transfer:" + tar -cvf $BINLOG_TAR_FILE $binlog_files >&2 + fi + popd &> /dev/null + fi + + # first, the normal directories, so that we can detect incompatible protocol + RC=0 + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --dirs --delete --quiet \ + $WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \ + rsync://$TARGET_ADDR >&2 || RC=$? + + if [ "$RC" -ne 0 ]; then + wsrep_log_error "rsync returned code $RC:" + + case $RC in + 12) RC=71 # EPROTO + wsrep_log_error \ + "rsync server on the other end has incompatible protocol. " \ + "Make sure you have the same version of rsync on all nodes." + ;; + 22) RC=12 # ENOMEM + ;; + *) RC=255 # unknown error + ;; + esac + exit $RC + fi + + # second, we transfer InnoDB log files + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --dirs --delete --quiet \ + $WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \ + rsync://$TARGET_ADDR-log_dir >&2 || RC=$? + + if [ $RC -ne 0 ]; then + wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:" + exit 255 # unknown error + fi + + # then, we parallelize the transfer of database directories, use . so that pathconcatenation works + pushd "$WSREP_SST_OPT_DATA" >/dev/null + + count=1 + [ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo) + [ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu) + + find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \ + xargs -I{} -0 -P $count \ + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --recursive --delete --quiet \ + $WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \ + rsync://$TARGET_ADDR/{} >&2 || RC=$? + + popd >/dev/null + + if [ $RC -ne 0 ]; then + wsrep_log_error "find/rsync returned code $RC:" + exit 255 # unknown error + fi + + else # BYPASS + wsrep_log_info "Bypassing state dump." + + # Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id + # (separated by a space). + STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID" + fi + + echo "continue" # now server can resume updating data + + echo "$STATE" > "$MAGIC_FILE" + rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR + + # to avoid cleanup race, stop tunnel before declaring the SST finished. + # This ensures galera won't start a new SST locally before we exit. + cleanup_tunnel + + echo "done $STATE" + +elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ] +then + wsrep_check_programs lsof socat + + touch $SST_PROGRESS_FILE + MYSQLD_PID=$WSREP_SST_OPT_PARENT + + RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid" + + if check_pid $RSYNC_PID + then + wsrep_log_error "rsync daemon already running." + exit 114 # EALREADY + fi + rm -rf "$RSYNC_PID" + + ADDR=$WSREP_SST_OPT_ADDR + RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }') + if [ -z "$RSYNC_PORT" ] + then + RSYNC_PORT=4444 + ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT" + fi + + SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }') + # map to name in case we received an IP + SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }') + if [ -z "$SOCAT_HOST" ]; then + SOCAT_HOST=$SOCAT_ADDR + fi + SOCAT_PORT=$RSYNC_PORT + + trap "exit 32" HUP PIPE + trap "exit 3" INT TERM ABRT + trap cleanup_joiner EXIT + + RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf" + + if [ -n "${MYSQL_TMP_DIR:-}" ] ; then + SILENT="log file = $MYSQL_TMP_DIR/rsynd.log" + else + SILENT="" + fi + +cat << EOF > "$RSYNC_CONF" +pid file = $RSYNC_PID +use chroot = no +read only = no +timeout = 300 +$SILENT +[$MODULE] + path = $WSREP_SST_OPT_DATA +[$MODULE-log_dir] + path = $WSREP_LOG_DIR +EOF + +# rm -rf "$DATA"/ib_logfile* # we don't want old logs around + + # Socat receives rsync connections from the donor + SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS + SOCAT_DST=tcp:localhost:$RSYNC_PORT + wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST" + socat $SOCAT_SRC $SOCAT_DST & + SOCAT_REAL_PID=$! + # This is ok because a local galera node doesn't run SST concurrently + echo $SOCAT_REAL_PID >"$SOCAT_PID" + until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat" + do + sleep 0.2 + done + + wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\"" + rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" & + RSYNC_REAL_PID=$! + + until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync" + do + sleep 0.2 + done + + echo "ready $ADDR/$MODULE" + + # wait for SST to complete by monitoring magic file + while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \ + check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null + do + sleep 1 + done + + # to avoid cleanup race, we can tear down the socat tunnel now + # before signaling the end of the SST to galera. + cleanup_tunnel + + if ! ps -p $MYSQLD_PID >/dev/null + then + wsrep_log_error \ + "Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly." + exit 32 + fi + + if ! [ -z $WSREP_SST_OPT_BINLOG ] + then + + pushd $BINLOG_DIRNAME &> /dev/null + if [ -f $BINLOG_TAR_FILE ] + then + # Clean up old binlog files first + rm -f ${BINLOG_FILENAME}.* + wsrep_log_info "Extracting binlog files:" + tar -xvf $BINLOG_TAR_FILE >&2 + for ii in $(ls -1 ${BINLOG_FILENAME}.*) + do + echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index + done + fi + popd &> /dev/null + fi + if [ -r "$MAGIC_FILE" ] + then + # UUID:seqno & wsrep_gtid_domain_id is received here. + cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id + else + # this message should cause joiner to abort + echo "rsync process ended without creating '$MAGIC_FILE'" + fi + wsrep_cleanup_progress_file +# cleanup_joiner +else + wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'" + exit 22 # EINVAL +fi + +rm -f $BINLOG_TAR_FILE || : + +exit 0 diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index 09fea8f..4467063 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -15,7 +15,7 @@ # The last version on which the full testsuite has been run # In case of further rebuilds of that version, don't require full testsuite to be run # run only "main" suite -%global last_tested_version 10.5.9 +%global last_tested_version 10.5.12 # Set to 1 to force run the testsuite even if it was already tested in current version %global force_run_testsuite 0 @@ -32,10 +32,6 @@ -# TokuDB engine - DEPRECATED ! -# https://mariadb.com/kb/en/mariadb/tokudb/ -# TokuDB engine is available only for x86_64 -# The Percona upstream deprecated the SE. It is not part of MariaDB 10.5 # Mroonga engine # https://mariadb.com/kb/en/mariadb/about-mroonga/ # Current version in MariaDB, 7.07, only supports the x86_64 @@ -46,12 +42,9 @@ # RocksDB may be built with jemalloc, if specified in CMake %ifarch x86_64 %if 0%{?fedora} -# TokuDB is deprecated in MariaDB 10.5 and later -%bcond_with tokudb %bcond_without mroonga %bcond_without rocksdb %else -%bcond_with tokudb %bcond_with mroonga %bcond_with rocksdb %endif @@ -116,7 +109,7 @@ %bcond_without unbundled_pcre %else %bcond_with unbundled_pcre -%global pcre_bundled_version 10.36 +%global pcre_bundled_version 10.37 %endif # Use main python interpretter version @@ -154,7 +147,7 @@ %global sameevr %{epoch}:%{version}-%{release} Name: mariadb -Version: 10.5.9 +Version: 10.5.13 Release: 1%{?with_debug:.debug}%{?dist} Epoch: 3 @@ -163,11 +156,17 @@ URL: http://mariadb.org # Exceptions allow client libraries to be linked with most open source SW, not only GPL code. See README.mysql-license License: GPLv2 with exceptions and LGPLv2 and BSD -Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz +# Original upstream sources archive URL +# Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz +# Non-existent URL containing correct archive name +# The archive was created by executing the "generate-modified-sources.sh" script +Source0: https://fedoraproject.org/mariadb-%{version}-downstream_modified.tar.gz + Source2: mysql_config_multilib.sh Source3: my.cnf.in Source6: README.mysql-docs Source7: README.mysql-license +Source8: README.wsrep_sst_rsync_tunnel Source10: mysql.tmpfiles.d.in Source11: mysql.service.in Source12: mysql-prepare-db-dir.sh @@ -202,6 +201,14 @@ Source71: LICENSE.clustercheck # https://jira.mariadb.org/browse/MDEV-12646 Source72: mariadb-server-galera.te +# Script to support encrypted rsync transfers when SST is required between nodes. +# https://github.com/dciabrin/wsrep_sst_rsync_tunnel/blob/master/wsrep_sst_rsync_tunnel +Source73: wsrep_sst_rsync_tunnel + +# Patch1: OpenSSL 3 patch +# Picked from the upstream developement branch for MariaDB 10.8. +# https://jira.mariadb.org/browse/MDEV-25785 +Patch1: %{pkgnamepatch}-openssl3.patch # Patch4: Red Hat distributions specific logrotate fix # it would be big unexpected change, if we start shipping it now. Better wait for MariaDB 10.2 Patch4: %{pkgnamepatch}-logrotate.patch @@ -320,7 +327,7 @@ Provides: mysql-compat-client%{?_isa} = %{sameevr} Suggests: %{name}-server%{?_isa} = %{sameevr} -Conflicts: community-mysql +Conflicts: mysql # Filtering: https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/ %global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::|wsrep) @@ -356,7 +363,7 @@ to a MariaDB/MySQL server. # At least main config file /etc/my.cnf is shared for client and server part # Since we want to support combination of different client and server -# implementations (e.g. mariadb library and community-mysql server), +# implementations (e.g. mariadb library and mysql server), # we need the config file(s) to be in a separate package, so no extra packages # are pulled, because these would likely conflict. # More specifically, the dependency on the main configuration file (/etc/my.cnf) @@ -443,7 +450,6 @@ Recommends: %{name}-backup%{?_isa} = %{sameevr} %{?with_cracklib:Recommends: %{name}-cracklib-password-check%{?_isa} = %{sameevr}} %{?with_gssapi:Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr}} %{?with_rocksdb:Suggests: %{name}-rocksdb-engine%{?_isa} = %{sameevr}} -%{?with_tokudb:Suggests: %{name}-tokudb-engine%{?_isa} = %{sameevr}} %{?with_sphinx:Suggests: %{name}-sphinx-engine%{?_isa} = %{sameevr}} %{?with_oqgraph:Suggests: %{name}-oqgraph-engine%{?_isa} = %{sameevr}} %{?with_connect:Suggests: %{name}-connect-engine%{?_isa} = %{sameevr}} @@ -478,7 +484,7 @@ Provides: mysql-server%{?_isa} = %{sameevr} Provides: mysql-compat-server = %{sameevr} Provides: mysql-compat-server%{?_isa} = %{sameevr} %endif -Conflicts: community-mysql-server +Conflicts: mysql-server # Bench subpackage has been deprecated in F32 Obsoletes: %{name}-bench <= %{sameevr} @@ -552,18 +558,6 @@ The RocksDB storage engine is used for high performance servers on SSD drives. %endif -%if %{with tokudb} -%package tokudb-engine -Summary: The TokuDB storage engine for MariaDB -Requires: %{name}-server%{?_isa} = %{sameevr} -BuildRequires: jemalloc-devel -Requires: jemalloc - -%description tokudb-engine -The TokuDB storage engine from Percona. -%endif - - %if %{with cracklib} %package cracklib-password-check Summary: The password strength checking plugin @@ -625,7 +619,7 @@ Requires: %{name}-server%{?_isa} = %{sameevr} %if %{with mysql_names} Provides: mysql-perl = %{sameevr} %endif -Conflicts: community-mysql-server +Conflicts: mysql-server # mysqlhotcopy needs DBI/DBD support Requires: perl(DBI) perl(DBD::mysql) @@ -647,7 +641,7 @@ Requires: mariadb-connector-c-devel >= 3.0 Provides: mysql-devel = %{sameevr} Provides: mysql-devel%{?_isa} = %{sameevr} %endif -Conflicts: community-mysql-devel +Conflicts: mysql-devel %description devel MariaDB is a multi-user, multi-threaded SQL database server. @@ -690,7 +684,7 @@ Requires: libaio-devel Provides: mysql-embedded-devel = %{sameevr} Provides: mysql-embedded-devel%{?_isa} = %{sameevr} %endif -Conflicts: community-mysql-embedded-devel +Conflicts: mysql-embedded-devel %description embedded-devel MariaDB is a multi-user, multi-threaded SQL database server. @@ -718,7 +712,7 @@ Requires: perl(Socket) Requires: perl(Sys::Hostname) Requires: perl(Test::More) Requires: perl(Time::HiRes) -Conflicts: community-mysql-test +Conflicts: mysql-test %if %{with mysql_names} Provides: mysql-test = %{sameevr} Provides: mysql-test%{?_isa} = %{sameevr} @@ -733,20 +727,20 @@ sources. %prep -%setup -q -n mariadb-%{version} +%setup -q -n mariadb-%{version}-downstream_modified # Remove JAR files that upstream puts into tarball find . -name "*.jar" -type f -exec rm --verbose -f {} \; # Remove testsuite for the mariadb-connector-c rm -rf libmariadb/unittest -# Remove python scripts remains from tokudb upstream (those files are not used anyway) -rm -r storage/tokudb/mysql-test/tokudb/t/*.py %if %{without rocksdb} rm -r storage/rocksdb/ %endif - +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +%patch1 -p1 +%endif %patch4 -p1 %patch7 -p1 %patch9 -p1 @@ -774,7 +768,7 @@ cat %{SOURCE53} | tee -a mysql-test/unstable-tests %endif cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} \ - %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} scripts + %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} %{SOURCE73} scripts %if %{with galera} # prepare selinux policy @@ -784,12 +778,12 @@ sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{nam # Get version of PCRE, that upstream use -pcre_version=`grep -e "ftp.pcre.org/pub/pcre/pcre2" cmake/pcre.cmake | sed -r "s;[^0123456789]*2-([[:digit:]]+\.[[:digit:]]+)\.[^0123456789]*;\1;"` +pcre_version=`grep -e "https://github.com/PhilipHazel/pcre2/releases/download" cmake/pcre.cmake | sed -r "s;.*pcre2-([[:digit:]]+\.[[:digit:]]+).*;\1;" ` # Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles %if %{without unbundled_pcre} if [ %{pcre_bundled_version} != "$pcre_version" ] ; then - echo "\n Error: Bundled PCRE version is not correct. \n\tBundled version number:%{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n" + echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number: %{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n" exit 1 fi %else @@ -797,7 +791,7 @@ fi pcre_system_version=`pkgconf %{_libdir}/pkgconfig/libpcre2-*.pc --modversion 2>/dev/null | head -n 1` if [ "$pcre_system_version" != "$pcre_version" ] ; then - echo "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number:$pcre_system_version \n\tUpstream version number: $pcre_version\n" + echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number: $pcre_system_version \n\tUpstream version number: $pcre_version\n" fi %endif @@ -863,7 +857,6 @@ fi -DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \ -DWITH_SSL=system \ -DWITH_ZLIB=system \ - -DWITH_JEMALLOC=%{?with_tokudb:yes}%{!?with_tokudb:no} \ -DLZ4_LIBS=%{_libdir}/liblz4.so \ -DLZ4_LIBS=%{?with_lz4:%{_libdir}/liblz4.so}%{!?with_lz4:} \ -DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \ @@ -873,8 +866,8 @@ fi -DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \ -DPLUGIN_ROCKSDB=%{?with_rocksdb:DYNAMIC}%{!?with_rocksdb:NO} \ -DPLUGIN_SPHINX=%{?with_sphinx:DYNAMIC}%{!?with_sphinx:NO} \ - -DPLUGIN_TOKUDB=%{?with_tokudb:DYNAMIC}%{!?with_tokudb:NO} \ -DPLUGIN_CONNECT=%{?with_connect:DYNAMIC}%{!?with_connect:NO} \ + -DPLUGIN_COLUMNSTORE=NO \ -DPLUGIN_CLIENT_ED25519=OFF \ -DPYTHON_SHEBANG=%{python_path} \ -DPLUGIN_CACHING_SHA2_PASSWORD=%{?with_clibrary:DYNAMIC}%{!?with_clibrary:OFF} \ @@ -1045,6 +1038,7 @@ ln -s %{_libexecdir}/mariadbd %{buildroot}%{_sbindir}/mariadbd # copy additional docs into build tree so %%doc will find them install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}} install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}} +install -p -m 0644 %{SOURCE8} %{basename:%{SOURCE8}} install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}} install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}} @@ -1072,6 +1066,9 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor # Buildroot does not have symlink /lib64 --> /usr/lib64 mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir} +# Add wsrep_sst_rsync_tunnel script +install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel + # Disable plugins %if %{with gssapi} sed -i 's/^plugin-load-add/#plugin-load-add/' %{buildroot}%{_sysconfdir}/my.cnf.d/auth_gssapi.cnf @@ -1145,14 +1142,6 @@ rm %{buildroot}%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,i rm %{buildroot}%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1* %endif -%if %{with tokudb} -%if 0%{?fedora} || 0%{?rhel} > 7 -# Move the upstream file to the correct location -mkdir -p %{buildroot}%{_unitdir}/mariadb.service.d -mv %{buildroot}/etc/systemd/system/mariadb.service.d/tokudb.conf %{buildroot}%{_unitdir}/mariadb.service.d/tokudb.conf -%endif -%endif - %if %{without config} rm %{buildroot}%{_sysconfdir}/my.cnf %endif @@ -1238,14 +1227,14 @@ export MTR_BUILD_THREAD=$(( $(date +%s) % 1100 )) if [[ "%{last_tested_version}" == "%{version}" ]] && [[ %{force_run_testsuite} -eq 0 ]] then # in further rebuilds only run the basic "main" suite (~800 tests) - echo "running only base testsuite" + echo -e "\n\nRunning just the base testsuite\n\n" perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --suite=main --mem --skip-test-list=unstable-tests fi # If either this version wasn't marked as tested yet or I explicitly want to run the testsuite, run everything we have (~4000 test) if [[ "%{last_tested_version}" != "%{version}" ]] || [[ %{force_run_testsuite} -ne 0 ]] then - echo "running advanced testsuite" + echo -e "running advanced testsuite" perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --big-test --skip-test=spider \ %if %{ignore_testsuite_result} --max-test-fail=9999 || : @@ -1394,6 +1383,7 @@ fi %endif %files server +%doc README.wsrep_sst_rsync_tunnel %{_bindir}/aria_{chk,dump_log,ftdump,pack,read_log} %{_bindir}/mariadb-service-convert @@ -1440,7 +1430,6 @@ fi %{?with_connect:%exclude %{_libdir}/%{pkg_name}/plugin/ha_connect.so} %{?with_cracklib:%exclude %{_libdir}/%{pkg_name}/plugin/cracklib_password_check.so} %{?with_rocksdb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_rocksdb.so} -%{?with_tokudb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_tokudb.so} %{?with_gssapi:%exclude %{_libdir}/%{pkg_name}/plugin/auth_gssapi.so} %{?with_sphinx:%exclude %{_libdir}/%{pkg_name}/plugin/ha_sphinx.so} %if %{with clibrary} @@ -1485,7 +1474,6 @@ fi %{_datadir}/%{pkg_name}/mysql_system_tables.sql %{_datadir}/%{pkg_name}/mysql_system_tables_data.sql %{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql -%{_datadir}/%{pkg_name}/mysql_to_mariadb.sql %{_datadir}/%{pkg_name}/mysql_performance_tables.sql %{_datadir}/%{pkg_name}/mysql_test_db.sql %if %{with mroonga} @@ -1514,7 +1502,6 @@ fi %endif %{_unitdir}/%{daemon_name}* -%{?with_tokudb:%exclude %{_unitdir}/mariadb.service.d/tokudb.conf} %{_libexecdir}/mysql-prepare-db-dir %{_libexecdir}/mysql-check-socket @@ -1557,17 +1544,6 @@ fi %{_mandir}/man1/myrocks_hotbackup.1* %endif -%if %{with tokudb} -%files tokudb-engine -%{_bindir}/tokuftdump -%{_bindir}/tokuft_logprint -%{_mandir}/man1/tokuftdump.1* -%{_mandir}/man1/tokuft_logprint.1* -%config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf -%{_libdir}/%{pkg_name}/plugin/ha_tokudb.so -%{_unitdir}/mariadb.service.d/tokudb.conf -%endif - %if %{with gssapi} %files gssapi-server %{_libdir}/%{pkg_name}/plugin/auth_gssapi.so @@ -1581,7 +1557,7 @@ fi # SUID-to-root binary. Access MUST be restricted (https://jira.mariadb.org/browse/MDEV-25126) %attr(4750,root,mysql) %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool %{_libdir}/security/pam_user_map.so -%{_sysconfdir}/security/user_map.conf +%config(noreplace) %{_sysconfdir}/security/user_map.conf %endif %if %{with sphinx} @@ -1661,56 +1637,76 @@ fi %endif %changelog -* Mon Mar 22 2021 Michal Schorm - 10.5.9-1 +* Tue Jan 11 2022 Michal Schorm - 3:10.5.13-1 +- Rebase to 10.5.13 +- Add wsrep_sst_rsync_tunnel script + +* Tue Aug 24 2021 Lukas Javorsky - 3:10.5.12-1 +- Rebase to 10.5.12 + +* Thu Aug 19 2021 Lukas Javorsky - 3:10.5.11-1 +- Rebase to 10.5.11 + +* Mon Aug 16 2021 Lukas Javorsky - 3:10.5.10-2 +- Set user_map.conf file to be noreplace config file +- Resolves: rhbz#1989621 + +* Tue May 11 2021 Michal Schorm - 3:10.5.10-1 +- Rebase to 10.5.10 + +* Mon May 10 2021 Michal Schorm - 3:10.5.9-2 +- Modify the upstream sources + +* Mon Mar 22 2021 Michal Schorm - 3:10.5.9-1 - Rebase to 10.5.9 -* Fri Mar 19 2021 Michal Schorm - 10.5.8-4 +* Fri Mar 19 2021 Michal Schorm - 3:10.5.8-4 - Move the PAM plugin to a standalone sub-package -* Thu Mar 18 2021 Michal Schorm - 10.5.8-3 +* Thu Mar 18 2021 Michal Schorm - 3:10.5.8-3 - Fix permissions of the PAMv2 plugin files -* Tue Feb 16 2021 Michal Schorm - 10.5.8-2 +* Tue Feb 16 2021 Michal Schorm - 3:10.5.8-2 - Bump release after several commits cherry-picked from Fedora Rawhide -* Wed Nov 11 2020 Michal Schorm - 10.5.8-1 +* Wed Nov 11 2020 Michal Schorm - 3:10.5.8-1 - Rebase to 10.5.8 -* Fri Nov 06 2020 Michal Schorm - 10.5.7-1 +* Fri Nov 06 2020 Michal Schorm - 3:10.5.7-1 - Rebase to 10.5.7 -* Mon Sep 21 2020 Lukas Javorsky - 10.5.5-1 +* Mon Sep 21 2020 Lukas Javorsky - 3:10.5.5-1 - Rebase to 10.5.5 - Fix mariadb-ownsetup - Add manual for aria_s3_copy -* Wed Sep 16 2020 Lukas Javorsky - 10.5.4-1 +* Wed Sep 16 2020 Lukas Javorsky - 3:10.5.4-1 - Rebase to 10.5.4 - Add spider.cnf to the server config files -* Mon Sep 14 2020 Lukas Javorsky - 10.5.3-1 +* Mon Sep 14 2020 Lukas Javorsky - 3:10.5.3-1 - Rebase to 10.5.3 -* Fri Sep 11 2020 Michal Schorm - 10.5.2-1 +* Fri Sep 11 2020 Michal Schorm - 3:10.5.2-1 - Test rebase to 10.5.2 - Beta - TokuDB SE has been deprecated -* Thu Sep 10 2020 Michal Schorm - 10.5.1-1 +* Thu Sep 10 2020 Michal Schorm - 3:10.5.1-1 - Test rebase to 10.5.1 - Beta -* Thu Sep 10 2020 Michal Schorm - 10.5.0-1 +* Thu Sep 10 2020 Michal Schorm - 3:10.5.0-1 - Test rebase to 10.5.0 - Alpha -* Sun Sep 06 2020 Michal Schorm - 10.4.14-3 +* Sun Sep 06 2020 Michal Schorm - 3:10.4.14-3 - Resolves: #1851605 -* Thu Sep 03 2020 Michal Schorm - 10.4.14-2 +* Thu Sep 03 2020 Michal Schorm - 3:10.4.14-2 - Resolves: #1873999, #1874446 -* Thu Aug 20 2020 Michal Schorm - 10.4.14-1 +* Thu Aug 20 2020 Michal Schorm - 3:10.4.14-1 - Rebase to 10.4.14 -* Tue Aug 18 2020 Michal Schorm - 10.4.13-7 +* Tue Aug 18 2020 Michal Schorm - 3:10.4.13-7 - Do CMake out-of-source builds - Force the CMake change regarding the in-source builds also to F31 and F32 - Use CMake macros instead of cmake & make direct commands @@ -1727,16 +1723,16 @@ fi * Tue Jul 28 2020 Fedora Release Engineering - 3:10.4.13-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Tue Jul 14 2020 Michal Schorm - 10.4.13-3 +* Tue Jul 14 2020 Michal Schorm - 3:10.4.13-3 - Make conflicts between corresponding mariadb and mysql packages explicit - Get rid of the Conflicts macro, it was intended to mark conflicts with *upstream* packages -* Fri Jun 05 2020 Michal Schorm - 10.4.13-2 +* Fri Jun 05 2020 Michal Schorm - 3:10.4.13-2 - Extend Perl "Requires" filtering to wsrep Resolves: #1845376 -* Fri Jun 05 2020 Michal Schorm - 10.4.13-1 +* Fri Jun 05 2020 Michal Schorm - 3:10.4.13-1 - Rebase to 10.4.13 * Sun May 24 2020 Lukas Javorsky - 3:10.4.12-6 @@ -1745,23 +1741,23 @@ fi * Thu Apr 02 2020 Björn Esser - 3:10.4.12-5 - Fix string quoting for rpm >= 4.16 -* Thu Mar 26 2020 Jitka Plesnikova - 10.4.12-4 +* Thu Mar 26 2020 Jitka Plesnikova - 3:10.4.12-4 - Add perl dependencies needed for tests -* Mon Mar 16 2020 Michal Schorm - 10.4.12-3 +* Mon Mar 16 2020 Michal Schorm - 3:10.4.12-3 - Rebase mariadb-connector-c git submodule to commit fbf1db6 For fix: https://jira.mariadb.org/browse/CONC-441 -* Tue Mar 10 2020 Michal Schorm - 10.4.12-2 +* Tue Mar 10 2020 Michal Schorm - 3:10.4.12-2 - Update the fix for building in the debug mode -* Thu Feb 06 2020 Michal Schorm - 10.4.12-1 +* Thu Feb 06 2020 Michal Schorm - 3:10.4.12-1 - Rebase to 10.4.12 * Wed Jan 29 2020 Fedora Release Engineering - 3:10.4.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Fri Jan 17 2020 Michal Schorm - 10.4.11-1 +* Fri Jan 17 2020 Michal Schorm - 3:10.4.11-1 - Rebase to 10.4.11 Related: #1756468 - Remove 'bench' subpackage. Upstream no longer maintains it. @@ -1770,63 +1766,63 @@ fi - Tweak build flags - Add patch for auth_pam_tool directory -* Fri Jan 10 2020 Michal Schorm - 10.3.21-1 +* Fri Jan 10 2020 Michal Schorm - 3:10.3.21-1 - Rebase to 10.3.21 -* Mon Nov 18 2019 Lukas Javorsky - 10.3.20-3 +* Mon Nov 18 2019 Lukas Javorsky - 3:10.3.20-3 - Change path of groonga's packaged files - Fix bz#1763287 -* Tue Nov 12 2019 Michal Schorm - 10.3.20-2 +* Tue Nov 12 2019 Michal Schorm - 3:10.3.20-2 - Rebuild on top fo new mariadb-connector-c -* Mon Nov 11 2019 Michal Schorm - 10.3.20-1 +* Mon Nov 11 2019 Michal Schorm - 3:10.3.20-1 - Rebase to 10.3.20 -* Wed Nov 06 2019 Michal Schorm - 10.3.19-1 +* Wed Nov 06 2019 Michal Schorm - 3:10.3.19-1 - Rebase to 10.3.19 * Thu Oct 31 2019 Carl George - 3:10.3.18-1 - Rebase to 10.3.18 -* Wed Sep 11 2019 Michal Schorm - 10.3.17-3 +* Wed Sep 11 2019 Michal Schorm - 3:10.3.17-3 - Disable building of the ed25519 client plugin. From now on it will be shipped by 'mariadb-connector-c' package -* Fri Sep 06 2019 Michal Schorm - 10.3.17-2 +* Fri Sep 06 2019 Michal Schorm - 3:10.3.17-2 - Fix the debug build -* Thu Aug 01 2019 Michal Schorm - 10.3.17-1 +* Thu Aug 01 2019 Michal Schorm - 3:10.3.17-1 - Rebase to 10.3.17 * Thu Jul 25 2019 Fedora Release Engineering - 3:10.3.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -* Tue Jun 18 2019 Michal Schorm - 10.3.16-1 +* Tue Jun 18 2019 Michal Schorm - 3:10.3.16-1 - Rebase to 10.3.16 - Added patch for armv7hl builds of spider SE -* Tue Jun 11 2019 Michal Schorm - 10.3.15-1 +* Tue Jun 11 2019 Michal Schorm - 3:10.3.15-1 - Rebase to 10.3.15 - CVEs fixed: CVE-2019-2510 CVE-2019-2537 - CVEs fixed: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 -* Tue Jun 11 2019 Michal Schorm - 10.3.12-15 +* Tue Jun 11 2019 Michal Schorm - 3:10.3.12-15 - Remove Cassandra subpackage; it is no longer developed -* Thu Mar 21 2019 Michal Schorm - 10.3.12-14 +* Thu Mar 21 2019 Michal Schorm - 3:10.3.12-14 - Fix building of TokuDB with Jemalloc 5 - Fix building with / without lz4 -* Thu Mar 21 2019 Michal Schorm - 10.3.12-13 +* Thu Mar 21 2019 Michal Schorm - 3:10.3.12-13 - Add patch for mysqld_safe --dry-run -* Wed Mar 20 2019 Michal Schorm - 10.3.12-12 +* Wed Mar 20 2019 Michal Schorm - 3:10.3.12-12 - Add patch for server pkgconfig file location -* Sat Feb 23 2019 Pavel Raiskup - 10.3.12-11 +* Sat Feb 23 2019 Pavel Raiskup - 3:10.3.12-11 - conditionally depend on selinux-policy-targeted again (rhbz#1665643) * Mon Feb 11 2019 Michal Schorm - 3:10.3.12-10