From 5ca1d5e953a556f68a8d9e573b2c50b7001888c7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 08:16:34 -0400 Subject: [PATCH] import mariadb-10.5.16-2.el9_0 --- .gitignore | 2 +- .mariadb.metadata | 2 +- SOURCES/mariadb-groonga.patch | 30 ---------------- SOURCES/mariadb-logrotate.patch | 7 ++-- SOURCES/mariadb-openssl3.patch | 25 ++++++++++++- SOURCES/mariadb-pcdir.patch | 19 ---------- SOURCES/rh-skipped-tests-base.list | 5 +++ SPECS/mariadb.spec | 57 +++++++++++++++++------------- 8 files changed, 68 insertions(+), 79 deletions(-) delete mode 100644 SOURCES/mariadb-groonga.patch delete mode 100644 SOURCES/mariadb-pcdir.patch diff --git a/.gitignore b/.gitignore index ec7f53e..e180061 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mariadb-10.5.13-downstream_modified.tar.gz +SOURCES/mariadb-10.5.16-downstream_modified.tar.gz diff --git a/.mariadb.metadata b/.mariadb.metadata index 4f2d986..1460b83 100644 --- a/.mariadb.metadata +++ b/.mariadb.metadata @@ -1 +1 @@ -ace36fe1a0ebba69b7cab359cb9a51c5b9fecbb4 SOURCES/mariadb-10.5.13-downstream_modified.tar.gz +10c51d806a5eba0abce079a1965a487ff104a9a1 SOURCES/mariadb-10.5.16-downstream_modified.tar.gz diff --git a/SOURCES/mariadb-groonga.patch b/SOURCES/mariadb-groonga.patch deleted file mode 100644 index 3a0e74c..0000000 --- a/SOURCES/mariadb-groonga.patch +++ /dev/null @@ -1,30 +0,0 @@ -# Fixing conflict with groonga package -# https://bugzilla.redhat.com/show_bug.cgi?id=1763287 - ---- mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt.withoutoption 2019-11-11 14:01:07.762595716 +0100 -+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt 2019-11-11 14:33:05.224012458 +0100 -@@ -86,7 +86,9 @@ - set(INCLUDE_DIR "include") - set(GRN_INCLUDE_DIR "include/groonga") - set(DATA_DIR "share") --set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}") -+if(NOT DEFINED GRN_DATA_DIR) -+ set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}") -+endif() - set(CONFIG_DIR "etc") - set(GRN_CONFIG_DIR "${CONFIG_DIR}/${GRN_PROJECT_NAME}") - set(GRN_CONFIG_PATH "${CMAKE_INSTALL_PREFIX}/${GRN_CONFIG_DIR}/groonga.conf") - ---- mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt.withoutoption 2019-11-11 14:34:22.661005715 +0100 -+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt 2019-11-11 14:35:59.962244120 +0100 -@@ -16,7 +16,9 @@ - # MA 02110-1335 USA - - cmake_minimum_required(VERSION 2.6) --set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql") -+if (NOT DEFINED GROONGA_NORMALIZER_MYSQL_PROJECT_NAME) -+ set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql") -+endif() - project("${GROONGA_NORMALIZER_MYSQL_PROJECT_NAME}") - - if(DEFINED GROONGA_NORMALIZER_MYSQL_EMBED) diff --git a/SOURCES/mariadb-logrotate.patch b/SOURCES/mariadb-logrotate.patch index aa46e59..a09a312 100644 --- a/SOURCES/mariadb-logrotate.patch +++ b/SOURCES/mariadb-logrotate.patch @@ -32,9 +32,9 @@ Update 02/2021 * Discussion continues in: https://jira.mariadb.org/browse/MDEV-16621 ---- mariadb-10.5.8/support-files/mysql-log-rotate.sh 2021-02-12 08:37:47.857289694 +0100 -+++ mariadb-10.5.8/support-files/mysql-log-rotate.sh_pacthed 2021-02-12 08:40:26.420372325 +0100 -@@ -3,35 +3,22 @@ +--- mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh 2022-02-22 04:56:35.571185622 +0100 ++++ mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh_patched 2022-02-22 04:56:15.121003580 +0100 +@@ -3,36 +3,23 @@ # in the [mysqld] section as follows: # # [mysqld] @@ -58,6 +58,7 @@ Update 02/2021 - # create 600 mysql mysql +@LOG_LOCATION@ { + create 600 mysql mysql + su mysql mysql notifempty daily rotate 3 diff --git a/SOURCES/mariadb-openssl3.patch b/SOURCES/mariadb-openssl3.patch index 0b69969..9f5b660 100644 --- a/SOURCES/mariadb-openssl3.patch +++ b/SOURCES/mariadb-openssl3.patch @@ -88,9 +88,9 @@ diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariad #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) #undef EVP_CIPHER_CTX_init @@ -74,7 +74,6 @@ + #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) #endif - #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) -#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) @@ -376,3 +376,26 @@ diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mari DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); + + + +MariaDB before 10.8 series does not contain the OpenSSL 3 patch on the upstream. +MariaDB upstream later added the following condition: +https://github.com/MariaDB/server/commit/c9beef4315 +limiting the OpenSSL that can be used to < 3. and reverted this commit for 10.8 and later: +https://github.com/MariaDB/server/commit/64e358821e + +Since we apply the OpenSSL 3 patch from MariaDB 10.8 series to earlier series, we need to revert this commit +on those earlier series too. + +--- mariadb-10.5.15-downstream_modified/cmake/ssl.cmake 2022-02-22 05:13:17.259097302 +0100 ++++ mariadb-10.5.15-downstream_modified/cmake/ssl.cmake_patched 2022-02-23 07:22:20.290082378 +0100 +@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL) + ENDIF() + FIND_PACKAGE(OpenSSL) + SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED) +- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0") ++ IF(OPENSSL_FOUND) + SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) + INCLUDE(CheckSymbolExists) + SET(SSL_SOURCES "") diff --git a/SOURCES/mariadb-pcdir.patch b/SOURCES/mariadb-pcdir.patch deleted file mode 100644 index 117273a..0000000 --- a/SOURCES/mariadb-pcdir.patch +++ /dev/null @@ -1,19 +0,0 @@ -Use PCDIR CMake option, if configured - -Upstream install the server pkgconfig file into arch-independent directory -Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340 - ---- mariadb-10.5.5/support-files/CMakeLists.txt.old 2020-09-30 10:36:08.582490318 +0200 -+++ mariadb-10.5.5/support-files/CMakeLists.txt 2020-09-30 10:38:58.079710848 +0200 -@@ -91,7 +91,11 @@ - ENDIF() - - CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY) -+IF(INSTALL_PCDIR) -+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development) -+ELSE() - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development) -+ENDIF() - - INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development) - diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list index 1c2f917..f164aba 100644 --- a/SOURCES/rh-skipped-tests-base.list +++ b/SOURCES/rh-skipped-tests-base.list @@ -67,3 +67,8 @@ oqgraph.legacy_upgrade : oqgraph.regression_1133093 : oqgraph.regression_1196036 : oqgraph.regression_1213120 : + +# Fails since RHEL 9.0.0 GA +# TLSv1.0 and TLSv1.1 are not allowed anymore +# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index +main.tls_version1 : diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index 21e2489..5e67618 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -1,7 +1,3 @@ -# This is a fix for the https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds -# So the beaviour will be the same also in F31 nad F32 -%undefine __cmake_in_source_build - # Prefix that is used for patches %global pkg_name %{name} %global pkgnamepatch mariadb @@ -15,7 +11,7 @@ # The last version on which the full testsuite has been run # In case of further rebuilds of that version, don't require full testsuite to be run # run only "main" suite -%global last_tested_version 10.5.13 +%global last_tested_version 10.5.16 # Set to 1 to force run the testsuite even if it was already tested in current version %global force_run_testsuite 0 @@ -113,7 +109,7 @@ %bcond_without unbundled_pcre %else %bcond_with unbundled_pcre -%global pcre_bundled_version 10.34 +%global pcre_bundled_version 10.40 %endif # Use main python interpretter version @@ -153,7 +149,7 @@ %global sameevr %{epoch}:%{version}-%{release} Name: mariadb -Version: 10.5.13 +Version: 10.5.16 Release: 2%{?with_debug:.debug}%{?dist} Epoch: 3 @@ -218,14 +214,10 @@ Patch7: %{pkgnamepatch}-scripts.patch Patch9: %{pkgnamepatch}-ownsetup.patch # Patch10: Fix cipher name in the SSL Cipher name test Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch -# Patch11: Use PCDIR CMake option, if configured -Patch11: %{pkgnamepatch}-pcdir.patch # Patch12: OpenSSL 3 patch # Picked from the upstream developement branch for MariaDB 10.8. # https://jira.mariadb.org/browse/MDEV-25785 Patch12: %{pkgnamepatch}-openssl3.patch -# Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path -Patch15: %{pkgnamepatch}-groonga.patch # Patch16: Fix MD5 in FIPS mode Patch16: %{pkgnamepatch}-fips.patch @@ -754,12 +746,10 @@ rm -r storage/rocksdb/ %patch7 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 -%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 %patch12 -p1 -%endif -%patch15 -p1 %patch16 -p1 +%endif # generate a list of tests that fail, but are not disabled by upstream cat %{SOURCE50} | tee -a mysql-test/unstable-tests @@ -788,12 +778,12 @@ sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{nam # Get version of PCRE, that upstream use -pcre_version=`grep -e "ftp.pcre.org/pub/pcre/pcre2" cmake/pcre.cmake | sed -r "s;[^0123456789]*2-([[:digit:]]+\.[[:digit:]]+)\.[^0123456789]*;\1;"` +pcre_version=`grep -e "https://github.com/PhilipHazel/pcre2/releases/download" cmake/pcre.cmake | sed -r "s;.*pcre2-([[:digit:]]+\.[[:digit:]]+).*;\1;" ` # Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles %if %{without unbundled_pcre} if [ %{pcre_bundled_version} != "$pcre_version" ] ; then - echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number:%{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n" + echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number: %{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n" exit 1 fi %else @@ -801,7 +791,7 @@ fi pcre_system_version=`pkgconf %{_libdir}/pkgconfig/libpcre2-*.pc --modversion 2>/dev/null | head -n 1` if [ "$pcre_system_version" != "$pcre_version" ] ; then - echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number:$pcre_system_version \n\tUpstream version number: $pcre_version\n" + echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number: $pcre_system_version \n\tUpstream version number: $pcre_version\n" fi %endif @@ -820,7 +810,7 @@ fi # The INSTALL_xxx macros have to be specified relative to CMAKE_INSTALL_PREFIX # so we can't use %%{_datadir} and so forth here. -%cmake . \ +%cmake \ -DBUILD_CONFIG=mysql_release \ -DFEATURE_SET="community" \ -DINSTALL_LAYOUT=RPM \ @@ -845,7 +835,6 @@ fi -DINSTALL_SBINDIR=libexec \ -DINSTALL_SCRIPTDIR=bin \ -DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \ - -DINSTALL_PCDIR=%{_lib}/pkgconfig \ -DMYSQL_DATADIR="%{dbdatadir}" \ -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ -DTMPDIR=/var/tmp \ @@ -873,6 +862,8 @@ fi -DPLUGIN_SPHINX=%{?with_sphinx:DYNAMIC}%{!?with_sphinx:NO} \ -DPLUGIN_CONNECT=%{?with_connect:DYNAMIC}%{!?with_connect:NO} \ -DPLUGIN_S3=%{?with_s3:DYNAMIC}%{!?with_s3:NO} \ + -DPLUGIN_AUTH_PAM=%{?with_pam:YES}%{!?with_pam:NO} \ + -DPLUGIN_AUTH_PAM_V1=%{?with_pam:DYNAMIC}%{!?with_pam:NO} \ -DPLUGIN_COLUMNSTORE=NO \ -DPLUGIN_CLIENT_ED25519=OFF \ -DPYTHON_SHEBANG=%{python_path} \ @@ -1073,7 +1064,9 @@ rm %{buildroot}%{logrotateddir}/mysql rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor # Buildroot does not have symlink /lib64 --> /usr/lib64 +%if %{with pam} mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir} +%endif # Add wsrep_sst_rsync_tunnel script install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel @@ -1149,6 +1142,8 @@ rm %{buildroot}%{_mandir}/man1/msql2mysql.1* rm %{buildroot}%{_mandir}/man1/{mysql,mariadb}.1* rm %{buildroot}%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,import,_plugin,show,slap,_waitpid}.1* rm %{buildroot}%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1* + +rm %{buildroot}%{_sysconfdir}/my.cnf.d/mysql-clients.cnf %endif %if %{without config} @@ -1163,30 +1158,33 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/charsets rm %{buildroot}%{_datadir}/%{pkg_name}/errmsg-utf8.txt rm -r %{buildroot}%{_datadir}/%{pkg_name}/{english,czech,danish,dutch,estonian,\ french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\ -polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi} +polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi,\ +bulgarian,chinese} %endif %if %{without test} %if %{with embedded} +rm %{buildroot}%{_bindir}/test-connect-t rm %{buildroot}%{_bindir}/{mysql_client_test_embedded,mysqltest_embedded} rm %{buildroot}%{_bindir}/{mariadb-client-test-embedded,mariadb-test-embedded} rm %{buildroot}%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* rm %{buildroot}%{_mandir}/man1/{mariadb-client-test-embedded,mariadb-test-embedded}.1* %endif # embedded +%if %{with pam} +rm %{buildroot}/suite/plugins/pam/mariadb_mtr +rm %{buildroot}/suite/plugins/pam/pam_mariadb_mtr.so +%endif # pam rm %{buildroot}%{_bindir}/{mysql_client_test,mysqltest} rm %{buildroot}%{_bindir}/{mariadb-client-test,mariadb-test} rm %{buildroot}%{_mandir}/man1/{mysql_client_test,mysqltest,my_safe_process}.1* rm %{buildroot}%{_mandir}/man1/{mariadb-client-test,mariadb-test}.1* rm %{buildroot}%{_mandir}/man1/{mysql-test-run,mysql-stress-test}.pl.1* -rm %{buildroot}/suite/plugins/pam/mariadb_mtr -rm %{buildroot}/suite/plugins/pam/pam_mariadb_mtr.so %endif %if %{without galera} rm %{buildroot}%{_sysconfdir}/sysconfig/clustercheck rm %{buildroot}%{_bindir}/{clustercheck,galera_new_cluster} rm %{buildroot}%{_bindir}/galera_recovery -rm %{buildroot}%{_datadir}/%{pkg_name}/systemd/use_galera_new_cluster.conf %endif %if %{without rocksdb} @@ -1380,6 +1378,8 @@ fi %lang(es) %{_datadir}/%{pkg_name}/spanish %lang(sv) %{_datadir}/%{pkg_name}/swedish %lang(uk) %{_datadir}/%{pkg_name}/ukrainian +%lang(bg) %{_datadir}/%{pkg_name}/bulgarian +%lang(zh) %{_datadir}/%{pkg_name}/chinese %endif %if %{with galera} @@ -1654,6 +1654,15 @@ fi %endif %changelog +* Mon Jun 13 2022 Michal Schorm - 3:10.5.16-2 +- Release bump for rebuild + +* Mon May 23 2022 Michal Schorm - 3:10.5.16-1 +- Rebase to 10.5.16 + +* Sun Feb 20 2022 Michal Schorm - 3:10.5.15-1 +- Rebase to 10.5.15 + * Mon Feb 07 2022 Honza Horak - 3:10.5.13-2 - Fix md5 in FIPS mode with OpenSSL 3.0.0 Resolves: #2050541