Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
Brian Stinson 2023-04-27 17:58:07 -05:00
parent b859670e4c
commit 86f9a28632
24 changed files with 143 additions and 2162 deletions

5
.gitignore vendored
View File

@ -1,2 +1,3 @@
SOURCES/mariadb-10.5.9.tar.gz
/mariadb-10.5.9.tar.gz
/*/
/*.rpm
/*.tar.gz

View File

@ -1,9 +0,0 @@
MariaDB haven't yet made a document package available for offline.
You can create your own copy with the instructions here:
https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/
You can find view the on-line documentation at:
https://mariadb.com/kb/en/documentation/

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -5,17 +5,17 @@
set -ex
NAME="mariadb"
VERSION=$( rpmspec -q --srpm --qf '%{VERSION}' "${NAME}.spec" )
# SOURCES_URL=$( spectool -s 0 "$NAME.spec" | cut -d ' ' -f 2 )
SOURCES_URL="https://downloads.mariadb.org/interstitial/mariadb-${VERSION}/source/mariadb-${VERSION}.tar.gz"
VERSION=`rpmspec -q --srpm --qf '%{VERSION}' "$NAME.spec" `
# SOURCES_URL=`spectool -s 0 "$NAME.spec" | cut -d ' ' -f 2 `
SOURCES_URL="https://downloads.mariadb.org/interstitial/mariadb-$VERSION/source/mariadb-$VERSION.tar.gz"
OLD_ARCHIVE_NAME="${NAME}-${VERSION}"
NEW_ARCHIVE_NAME="${NAME}-${VERSION}-downstream_modified"
# Retrieve the archive:
rm -rf "./${OLD_ARCHIVE_NAME}.tar.gz" "./${OLD_ARCHIVE_NAME}/" "./${NEW_ARCHIVE_NAME}.tar.gz" "./${NEW_ARCHIVE_NAME}/"
wget "${SOURCES_URL}"
rm -rf "${OLD_ARCHIVE_NAME}.tar.gz" "${OLD_ARCHIVE_NAME}/" "${NEW_ARCHIVE_NAME}.tar.gz" "${NEW_ARCHIVE_NAME}/"
wget "$SOURCES_URL"
# Modify the archive:
@ -43,4 +43,4 @@ tar -czf "${NEW_ARCHIVE_NAME}.tar.gz" "${NEW_ARCHIVE_NAME}"
# Remove the decompressed original used to create the archive
rm -r "./${NEW_ARCHIVE_NAME}/"
rm -r "${NEW_ARCHIVE_NAME}/"

View File

@ -1,39 +0,0 @@
#!/bin/sh
# We check if there is already a process using the socket file,
# since otherwise the systemd service file could report false
# positive result when starting and mysqld_safe could remove
# a socket file, which is actually being used by a different daemon.
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
if test -e "$socketfile" ; then
echo "Socket file $socketfile exists." >&2
# no write permissions
if ! test -w "$socketfile" ; then
echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi
# not a socket file
if ! test -S "$socketfile" ; then
echo "The file $socketfile is not a socket file, which is suspicious." >&2
echo "Please, remove $socketfile manually to start the service." >&2
exit 1
fi
# some process uses the socket file
response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
echo "Is another MariaDB daemon already running with the same unix socket?" >&2
echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
exit 1
fi
# socket file is a garbage
echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2
fi
exit 0

View File

@ -1,39 +0,0 @@
#!/bin/sh
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
upgrade_info_file="$datadir/mysql_upgrade_info"
version=0
# get version as integer from mysql_upgrade_info file
if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then
version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/')
version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/')
if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then
version=$((version_major*100+version_minor))
fi
fi
# compute current version as integer
thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@))
# provide warning in cases we should run mysql_upgrade
if [ $version -ne $thisversion ] ; then
# give extra warning if some version seems to be skipped
if [ $version -gt 0 ] && [ $version -lt 505 ] ; then
echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2
fi
cat <<EOF >&2
The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps:
1. Back-up your data before with 'mariadb-upgrade'
2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service'
3. Run 'mariadb-upgrade' with a database user that has sufficient privileges
Read more about 'mariadb-upgrade' usage at:
https://mariadb.com/kb/en/mysql_upgrade/
EOF
fi
exit 0

View File

@ -1,28 +0,0 @@
Fix md5 in FIPS mode
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.
Resolves: rhbz#2050541
diff -up mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc
--- mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips 2022-02-07 16:36:47.255131576 +0100
+++ mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc 2022-02-07 22:57:32.391002916 +0100
@@ -52,12 +52,15 @@ static void md5_result(EVP_MD_CTX *conte
static void md5_init(EVP_MD_CTX *context)
{
+ EVP_MD *md5;
+ md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
EVP_MD_CTX_init(context);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Ok to ignore FIPS: MD5 is not used for crypto here */
EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
- EVP_DigestInit_ex(context, EVP_md5(), NULL);
+ EVP_DigestInit_ex(context, md5, NULL);
+ EVP_MD_free(md5);
}
static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len)

View File

@ -1,30 +0,0 @@
# Fixing conflict with groonga package
# https://bugzilla.redhat.com/show_bug.cgi?id=1763287
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt.withoutoption 2019-11-11 14:01:07.762595716 +0100
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt 2019-11-11 14:33:05.224012458 +0100
@@ -86,7 +86,9 @@
set(INCLUDE_DIR "include")
set(GRN_INCLUDE_DIR "include/groonga")
set(DATA_DIR "share")
-set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
+if(NOT DEFINED GRN_DATA_DIR)
+ set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
+endif()
set(CONFIG_DIR "etc")
set(GRN_CONFIG_DIR "${CONFIG_DIR}/${GRN_PROJECT_NAME}")
set(GRN_CONFIG_PATH "${CMAKE_INSTALL_PREFIX}/${GRN_CONFIG_DIR}/groonga.conf")
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt.withoutoption 2019-11-11 14:34:22.661005715 +0100
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt 2019-11-11 14:35:59.962244120 +0100
@@ -16,7 +16,9 @@
# MA 02110-1335 USA
cmake_minimum_required(VERSION 2.6)
-set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
+if (NOT DEFINED GROONGA_NORMALIZER_MYSQL_PROJECT_NAME)
+ set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
+endif()
project("${GROONGA_NORMALIZER_MYSQL_PROJECT_NAME}")
if(DEFINED GROONGA_NORMALIZER_MYSQL_EMBED)

View File

@ -32,9 +32,9 @@ Update 02/2021
* Discussion continues in:
https://jira.mariadb.org/browse/MDEV-16621
--- mariadb-10.5.8/support-files/mysql-log-rotate.sh 2021-02-12 08:37:47.857289694 +0100
+++ mariadb-10.5.8/support-files/mysql-log-rotate.sh_pacthed 2021-02-12 08:40:26.420372325 +0100
@@ -3,35 +3,22 @@
--- mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh 2022-02-22 04:56:35.571185622 +0100
+++ mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh_patched 2022-02-22 04:56:15.121003580 +0100
@@ -3,36 +3,23 @@
# in the [mysqld] section as follows:
#
# [mysqld]
@ -58,6 +58,7 @@ Update 02/2021
- # create 600 mysql mysql
+@LOG_LOCATION@ {
+ create 600 mysql mysql
su mysql mysql
notifempty
daily
rotate 3

View File

@ -1,401 +0,0 @@
From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Mon, 8 Nov 2021 18:48:19 +0100
Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
Summary of changes
- MD_CTX_SIZE is increased
- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
to nobody knows where. The assumption made previously was that
(since the function does not seem to be documented)
was that it points to the last partial source block.
Add own partial block buffer for NOPAD encryption instead
- SECLEVEL in CipherString in openssl.cnf
had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
in addition to what was set in --ssl-cipher
- ctx_buf buffer now must be aligned to 16 bytes with openssl(
previously with WolfSSL only), ot crashes will happen
- updated aes-t , to be better debuggable
using function, rather than a huge multiline macro
added test that does "nopad" encryption piece-wise, to test
replacement of EVP_CIPHER_CTX_buf_noconst
---
cmake/ssl.cmake | 19 ++++-
include/ssl_compat.h | 3 +-
mysql-test/lib/openssl.cnf | 2 +-
mysql-test/main/ssl_cipher.result | 6 +-
mysql-test/main/ssl_cipher.test | 2 +-
mysys_ssl/my_crypt.cc | 46 +++++++-----
unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++--------
7 files changed, 141 insertions(+), 58 deletions(-)
diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake
--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100
@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
SET(SSL_INTERNAL_INCLUDE_DIRS "")
SET(SSL_DEFINES "-DHAVE_OPENSSL")
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
+
+ # Silence "deprecated in OpenSSL 3.0"
+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
+ ENDIF()
+
SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+
CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
HAVE_ERR_remove_thread_state)
CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
HAVE_EncryptAes128Gcm)
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
HAVE_X509_check_host)
- SET(CMAKE_REQUIRED_INCLUDES)
- SET(CMAKE_REQUIRED_LIBRARIES)
+
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
+ ENDFOREACH()
ELSE()
IF(WITH_SSL STREQUAL "system")
MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h
--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100
@@ -24,7 +24,7 @@
#define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
#define ERR_remove_state(X) ERR_clear_error()
#define EVP_CIPHER_CTX_SIZE 176
-#define EVP_MD_CTX_SIZE 48
+#define EVP_MD_CTX_SIZE 72
#undef EVP_MD_CTX_init
#define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
#undef EVP_CIPHER_CTX_init
@@ -74,7 +74,6 @@
#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
#endif
-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf
--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100
@@ -9,4 +9,4 @@ ssl_conf = ssl_section
system_default = system_default_section
[system_default_section]
-CipherString = ALL:@SECLEVEL=1
+CipherString = ALL:@SECLEVEL=0
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100
@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
-SHOW STATUS LIKE 'Ssl_cipher_list';
-Variable_name Value
-Ssl_cipher_list AES128-SHA
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
+VARIABLE_VALUE like '%AES128-SHA%'
+1
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100
@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL)
--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
--replace_regex /TLS_AES_.*/AES128-SHA/
-SHOW STATUS LIKE 'Ssl_cipher_list';
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
disconnect ssl_con;
connection default;
diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc
--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100
@@ -29,11 +29,7 @@
#include <ssl_compat.h>
#include <cstdint>
-#ifdef HAVE_WOLFSSL
#define CTX_ALIGN 16
-#else
-#define CTX_ALIGN 0
-#endif
class MyCTX
{
@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
{
public:
const uchar *key;
- uint klen, buf_len;
+ uint klen, source_tail_len;
uchar oiv[MY_AES_BLOCK_SIZE];
+ uchar source_tail[MY_AES_BLOCK_SIZE];
MyCTX_nopad() : MyCTX() { }
~MyCTX_nopad() { }
@@ -112,7 +109,7 @@ public:
compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
this->key= key;
this->klen= klen;
- this->buf_len= 0;
+ this->source_tail_len= 0;
if (ivlen)
memcpy(oiv, iv, ivlen);
DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
@@ -123,26 +120,41 @@ public:
return res;
}
+ /** Update last partial source block, stored in source_tail array. */
+ void update_source_tail(const uchar* src, uint slen)
+ {
+ if (!slen)
+ return;
+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
+ if (new_tail_len)
+ {
+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
+ {
+ memcpy(source_tail + source_tail_len, src, slen);
+ }
+ else
+ {
+ DBUG_ASSERT(slen > new_tail_len);
+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
+ }
+ }
+ source_tail_len= new_tail_len;
+ }
+
int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
{
- buf_len+= slen;
+ update_source_tail(src, slen);
return MyCTX::update(src, slen, dst, dlen);
}
int finish(uchar *dst, uint *dlen)
{
- buf_len %= MY_AES_BLOCK_SIZE;
- if (buf_len)
+ if (source_tail_len)
{
- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
-
- NOTE this assumes that there are only buf_len bytes in the buf.
- If OpenSSL will change that, we'll need to change the implementation
- of this class too.
*/
uchar mask[MY_AES_BLOCK_SIZE];
uint mlen;
@@ -154,10 +166,10 @@ public:
return rc;
DBUG_ASSERT(mlen == sizeof(mask));
- for (uint i=0; i < buf_len; i++)
- dst[i]= buf[i] ^ mask[i];
+ for (uint i=0; i < source_tail_len; i++)
+ dst[i]= source_tail[i] ^ mask[i];
}
- *dlen= buf_len;
+ *dlen= source_tail_len;
return MY_AES_OK;
}
};
diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c
--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200
+++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100
@@ -21,27 +21,96 @@
#include <string.h>
#include <ctype.h>
-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \
- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \
- { \
- memset(src, fill, src_len= slen); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \
- src, src_len, dst, &dst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \
- if (!nopad) \
- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
- my_md5(md5, (char*)dst, dst_len); \
- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \
- dst, dst_len, ddst, &ddst_len, \
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
- "decrypt " #mode " %u", dst_len); \
- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
+
+/** Test streaming encryption, bytewise update.*/
+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
+ unsigned int slen, unsigned char *dst, unsigned int *dlen,
+ const unsigned char *key, unsigned int klen,
+ const unsigned char *iv, unsigned int ivlen)
+{
+ /* Allocate context on odd address on stack, in order to
+ catch misalignment errors.*/
+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
+
+ int res1, res2;
+ uint d1= 0, d2;
+ uint i;
+
+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
+ return res1;
+ for (i= 0; i < slen; i++)
+ {
+ uint tmp_d1=0;
+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
+ if (res1)
+ return res1;
+ d1+= tmp_d1;
+ dst+= tmp_d1;
+ }
+ res2= my_aes_crypt_finish(ctx, dst, &d2);
+ *dlen= d1 + d2;
+ return res1 ? res1 : res2;
+}
+
+
+#ifndef HAVE_EncryptAes128Ctr
+const uint MY_AES_CTR=0xDEADBEAF;
+#endif
+#ifndef HAVE_EncryptAes128Gcm
+const uint MY_AES_GCM=0xDEADBEAF;
+#endif
+
+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF)
+
+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
+ char fill, size_t dlen, const char *hash)
+{
+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
+ uchar src[1000], dst[1100], dst2[1100], ddst[1000];
+ uchar md5[MY_MD5_HASH_SIZE];
+ uint src_len, dst_len, dst_len2, ddst_len;
+ int result;
+
+ if (MY_AES_UNSUPPORTED(mode))
+ {
+ skip(nopad?7:6, "%s not supported", mode_str);
+ return;
+ }
+ memset(src, fill, src_len= slen);
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
+ nopad ? "nopad" : "pad");
+
+ if (nopad)
+ {
+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
+ src_len, dst2, &dst_len2, key, sizeof(key),
+ iv, sizeof(iv));
+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
+ /* Compare with non-bytewise encryption result*/
+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
+ "memcmp bytewise %s %u", mode_str, src_len);
}
+ else
+ {
+ int dst_len_real= my_aes_get_size(mode, src_len);
+ ok(dst_len_real= dst_len, "my_aes_get_size");
+ }
+ my_md5(md5, (char *) dst, dst_len);
+ ok(dst_len == dlen, "md5 len");
+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
+ sizeof(iv));
+
+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
+}
-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
/* useful macro for debugging */
#define PRINT_MD5() \
@@ -53,25 +122,15 @@
printf("\"\n"); \
} while(0);
-#ifndef HAVE_EncryptAes128Ctr
-const uint MY_AES_CTR=0xDEADBEAF;
-#endif
-#ifndef HAVE_EncryptAes128Gcm
-const uint MY_AES_GCM=0xDEADBEAF;
-#endif
int
main(int argc __attribute__((unused)),char *argv[])
{
- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
- uchar src[1000], dst[1100], ddst[1000];
- uchar md5[MY_MD5_HASH_SIZE];
- uint src_len, dst_len, ddst_len;
MY_INIT(argv[0]);
- plan(87);
+ plan(122);
+
DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
MariaDB before 10.8 series does not contain the OpenSSL 3 patch on the upstream.
MariaDB upstream later added the following condition:
https://github.com/MariaDB/server/commit/c9beef4315
limiting the OpenSSL that can be used to < 3. and reverted this commit for 10.8 and later:
https://github.com/MariaDB/server/commit/64e358821e
Since we apply the OpenSSL 3 patch from MariaDB 10.8 series to earlier series, we need to revert this commit
on those earlier series too.
--- mariadb-10.5.15-downstream_modified/cmake/ssl.cmake 2022-02-22 05:13:17.259097302 +0100
+++ mariadb-10.5.15-downstream_modified/cmake/ssl.cmake_patched 2022-02-23 07:22:20.290082378 +0100
@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
ENDIF()
FIND_PACKAGE(OpenSSL)
SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
+ IF(OPENSSL_FOUND)
SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
INCLUDE(CheckSymbolExists)
SET(SSL_SOURCES "")

View File

@ -1,19 +0,0 @@
Use PCDIR CMake option, if configured
Upstream install the server pkgconfig file into arch-independent directory
Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340
--- mariadb-10.5.5/support-files/CMakeLists.txt.old 2020-09-30 10:36:08.582490318 +0200
+++ mariadb-10.5.5/support-files/CMakeLists.txt 2020-09-30 10:38:58.079710848 +0200
@@ -91,7 +91,11 @@
ENDIF()
CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
+IF(INSTALL_PCDIR)
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development)
+ELSE()
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
+ENDIF()
INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)

View File

@ -1,137 +0,0 @@
#!/bin/sh
# This script creates the MariaDB data directory during first service start.
# In subsequent starts, it does nothing much.
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
export LC_ALL=C
# Returns content of the specified directory
# If listing files fails, fake-file is returned so which means
# we'll behave like there was some data initialized
# Some files or directories are fine to be there, so those are
# explicitly removed from the listing
# @param <dir> datadir
list_datadir ()
{
( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
-e '^lost+found$' \
-e '\.err$' \
-e '^.bash_history$'
}
# Checks whether datadir should be initialized
# @param <dir> datadir
should_initialize ()
{
test -z "$(list_datadir "$1")"
}
# If two args given first is user, second is group
# otherwise the arg is the systemd service file
if [ "$#" -eq 2 ]
then
myuser="$1"
mygroup="$2"
else
# Absorb configuration settings from the specified systemd service file,
# or the default service if not specified
SERVICE_NAME="$1"
if [ x"$SERVICE_NAME" = x ]
then
SERVICE_NAME=@DAEMON_NAME@.service
fi
myuser=`systemctl show -p User "${SERVICE_NAME}" |
sed 's/^User=//'`
if [ x"$myuser" = x ]
then
myuser=mysql
fi
mygroup=`systemctl show -p Group "${SERVICE_NAME}" |
sed 's/^Group=//'`
if [ x"$mygroup" = x ]
then
mygroup=mysql
fi
fi
# Set up the errlogfile with appropriate permissions
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
case $(basename "$errlogfile") in
mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
*) ;;
esac
else
# Provide some advice if the log file cannot be created by this script
errlogdir=$(dirname "$errlogfile")
if ! [ -d "$errlogdir" ] ; then
echo "The directory $errlogdir does not exist." >&2
exit 1
elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
echo "The daemon will be run under $myuser:$mygroup" >&2
exit 1
fi
fi
# Make the data directory if doesn't exist or empty
if should_initialize "$datadir" ; then
# First, make sure $datadir is there with correct permissions
# (note: if it's not, and we're not root, this'll fail ...)
if [ ! -e "$datadir" -a ! -h "$datadir" ]
then
mkdir -p "$datadir" || exit 1
fi
chown "$myuser:$mygroup" "$datadir"
chmod 0755 "$datadir"
[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
# Now create the database
echo "Initializing @NICE_PROJECT_NAME@ database" >&2
# Avoiding deletion of files not created by mysql_install_db is
# guarded by time check and sleep should help work-arounded
# potential issues on systems with 1 second resolution timestamps
# https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
INITDB_TIMESTAMP=`LANG=C date -u`
sleep 1
@bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
ret=$?
if [ $ret -ne 0 ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
# Clean up any partially-created database files
if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
echo "Files created so far will be removed." >&2
find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
-not -name "lost+found" -exec rm -rf {} +
if [ $? -ne 0 ] ; then
echo "Removing of created files was not successfull." >&2
echo "Please, clean directory $datadir manually." >&2
fi
else
echo "However, part of data has been initialized and those will not be removed." >&2
echo "Please, clean directory $datadir manually." >&2
fi
exit $ret
fi
# upgrade does not need to be run on a fresh datadir
echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
else
if [ -d "$datadir/mysql/" ] ; then
# mysql dir exists, it seems data are initialized properly
echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
else
# if the directory is not empty but mysql/ directory is missing, then
# print error and let user to initialize manually or empty the directory
echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
echo "Make sure the $datadir is empty before running `basename $0`." >&2
exit 1
fi
fi
exit 0

View File

@ -1,68 +0,0 @@
#!/bin/sh
# Some useful functions used in other MariaDB helper scripts
# This scripts defines variables datadir, errlogfile, socketfile
export LC_ALL=C
# extract value of a MariaDB option from config files
# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
# result is returned in $result
# We use my_print_defaults which prints all options from multiple files,
# with the more specific ones later; hence take the last match.
get_mysql_option(){
if [ $# -ne 3 ] ; then
echo "get_mysql_option requires 3 arguments: section option default_value"
return
fi
sections="$1"
option_name="$2"
default_value="$3"
result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="${default_value}"
fi
}
# For the case of running more instances via systemd, scripts that source
# this file can get --default-group-suffix or similar option as the first
# argument. The utility my_print_defaults needs to use it as well, so the
# scripts sourcing this file work with the same options as the daemon.
my_print_defaults_extra_args=''
while echo "$1" | grep -q '^--defaults' ; do
my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
shift
done
# Defaults here had better match what mariadbd-safe will default to
# The option values are generally defined on three important places
# on the default installation:
# 1) default values are hardcoded in the code of mariadbd daemon or
# mariadbd-safe script
# 2) configurable values are defined in @sysconfdir@/my.cnf
# 3) default values for helper scripts are specified bellow
# So, in case values are defined in my.cnf, we need to get that value.
# In case they are not defined in my.cnf, we need to get the same value
# in the daemon, as in the helper scripts. Thus, default values here
# must correspond with values defined in mariadbd-safe script and source
# code itself.
server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera"
get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
datadir="$result"
# if there is log_error in the my.cnf, my_print_defaults still
# returns log-error
# log-error might be defined in mysqld_safe and mysqld sections,
# the former has bigger priority
get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
errlogfile="$result"
get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
socketfile="$result"
get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
pidfile="$result"

File diff suppressed because it is too large Load Diff

View File

@ -1,21 +0,0 @@
diff -up mariadb-10.1.19/mysql-test/r/ssl_8k_key.result.sslbak mariadb-10.1.19/mysql-test/r/ssl_8k_key.result
--- mariadb-10.1.19/mysql-test/r/ssl_8k_key.result.sslbak 2016-11-24 08:55:21.637000000 -0500
+++ mariadb-10.1.19/mysql-test/r/ssl_8k_key.result 2016-11-24 08:55:55.853000000 -0500
@@ -1,2 +1,2 @@
-Variable_name Value
-Ssl_cipher DHE-RSA-AES256-SHA
+have_ssl
+1
diff -up mariadb-10.1.19/mysql-test/t/ssl_8k_key.test.sslbak mariadb-10.1.19/mysql-test/t/ssl_8k_key.test
--- mariadb-10.1.19/mysql-test/t/ssl_8k_key.test.sslbak 2016-11-24 08:54:10.485000000 -0500
+++ mariadb-10.1.19/mysql-test/t/ssl_8k_key.test 2016-11-24 08:54:35.724000000 -0500
@@ -5,7 +5,7 @@
#
# Bug#29784 YaSSL assertion failure when reading 8k key.
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
## This test file is for testing encrypted communication only, not other
## encryption routines that the SSL library happens to provide!

View File

@ -1,79 +0,0 @@
# THIS FILE SERVES FOR WHITELISTING RPMLINT ERRORS AND WARNINGS IN TASKOTRON
# https://fedoraproject.org/wiki/Taskotron/Tasks/dist.rpmlint#Whitelisting_errors
# (same file in python3 package served as a great example)
# Spelling errors
addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage|libmariadb|mariadbd) ')
# Debugsource
addFilter(r'^mariadb.*debugsource\.[^:]+: (E|W): no-documentation')
# Debuginfo
addFilter(r'^mariadb.*debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)')
# Debug symlinks
addFilter(r'dangling-relative-symlink /usr/lib/.build-id')
# Testsuite
# Some expected tests results are zero-length files
addFilter(r'(zero-length|pem-certificate) /usr/share/mysql-test/*')
# Chroot function
# False positive; checked by upstream
addFilter(r'missing-call-to-chdir-with-chroot')
# Missing documentation
# I don't think that's on the upstream priority list
addFilter(r'no-documentation')
addFilter(r'no-manual-page-for-binary')
# Obsoleted not provided
# Obsoleting upstream packages, not providing them is expected to not mix them up
addFilter(r'obsolete-not-provided MySQL')
# Provided by mariadb-connector-c
addFilter(r'obsolete-not-provided mariadb-libs')
# Upstream dropped support
addFilter(r'obsolete-not-provided mariadb-bench')
addFilter(r'obsolete-not-provided mariadb-tokudb-engine')
# Config file without noreplace flag
# Don't replace logs that may contain old entries
addFilter(r'conffile-without-noreplace-flag /var/log/mariadb/mariadb.log')
# Log rotation
# MariaDB log rotation script is commented out, because it is still not ready for big industry usage.
# Let the user decide, if they want to enable it (uncomment it)
addFilter(r'incoherent-logrotate-file /etc/logrotate.d/mariadb')
# Permissions
# wsrep_sst_common
# It contains a parser of arguments for other sst scripts.
# It is meant to be sourced, not to be executed alone.
# So it correctly does not have shebang nor executable bit.
addFilter(r'non-executable-in-bin /usr/bin/wsrep_sst_common 644')
addFilter(r'script-without-shebang /usr/bin/wsrep_sst_common')
addFilter(r'non-executable-script /usr/bin/wsrep_sst_common 644 None')
# mariadb-scripts-common has a similar issue
addFilter(r'non-executable-script /usr/libexec/mariadb-scripts-common 644 /bin/sh')
# Seems pretty standard to me ...
addFilter(r'non-standard-dir-perm /var/log/mariadb 750')
# 640 is IMO also prety OK
addFilter(r'non-readable /etc/sysconfig/clustercheck 640')
# Unversioned bundles
# RocksDB has so rapid developement, it it not compatible through versions.
# That means we need to stick to the exact verison upstream use.
addFilter(r'unversioned-explicit-provides bundled\(rocksdb\)')
# Testsuite errors
addFilter(r'non-executable-script /usr/share/mysql-test')
addFilter(r'arch-dependent-file-in-usr-share /usr/share/mysql-test')
# Comments at the end of RPM %endif tags
addFilter(r'extra tokens at the end of %endif directive')
# PAM plugin specialities - all expected
addFilter(r'non-conffile-in-etc /etc/security/user_map.conf')
addFilter(r'setuid-binary /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')
addFilter(r'non-standard-executable-perm /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')

View File

@ -15,7 +15,7 @@
# The last version on which the full testsuite has been run
# In case of further rebuilds of that version, don't require full testsuite to be run
# run only "main" suite
%global last_tested_version 10.5.9
%global last_tested_version 10.5.16
# Set to 1 to force run the testsuite even if it was already tested in current version
%global force_run_testsuite 0
@ -32,10 +32,6 @@
# TokuDB engine - DEPRECATED !
# https://mariadb.com/kb/en/mariadb/tokudb/
# TokuDB engine is available only for x86_64
# The Percona upstream deprecated the SE. It is not part of MariaDB 10.5
# Mroonga engine
# https://mariadb.com/kb/en/mariadb/about-mroonga/
# Current version in MariaDB, 7.07, only supports the x86_64
@ -46,12 +42,9 @@
# RocksDB may be built with jemalloc, if specified in CMake
%ifarch x86_64
%if 0%{?fedora}
# TokuDB is deprecated in MariaDB 10.5 and later
%bcond_with tokudb
%bcond_without mroonga
%bcond_without rocksdb
%else
%bcond_with tokudb
%bcond_with mroonga
%bcond_with rocksdb
%endif
@ -116,7 +109,7 @@
%bcond_without unbundled_pcre
%else
%bcond_with unbundled_pcre
%global pcre_bundled_version 10.36
%global pcre_bundled_version 10.40
%endif
# Use main python interpretter version
@ -154,8 +147,8 @@
%global sameevr %{epoch}:%{version}-%{release}
Name: mariadb
Version: 10.5.9
Release: 1%{?with_debug:.debug}%{?dist}
Version: 10.5.16
Release: 2%{?with_debug:.debug}%{?dist}
Epoch: 3
Summary: A very fast and robust SQL database server
@ -163,11 +156,17 @@ URL: http://mariadb.org
# Exceptions allow client libraries to be linked with most open source SW, not only GPL code. See README.mysql-license
License: GPLv2 with exceptions and LGPLv2 and BSD
Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz
# Original upstream sources archive URL
# Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz
# Non-existent URL containing correct archive name
# The archive was created by executing the "generate-modified-sources.sh" script
Source0: https://fedoraproject.org/mariadb-%{version}-downstream_modified.tar.gz
Source2: mysql_config_multilib.sh
Source3: my.cnf.in
Source6: README.mysql-docs
Source7: README.mysql-license
Source8: README.wsrep_sst_rsync_tunnel
Source10: mysql.tmpfiles.d.in
Source11: mysql.service.in
Source12: mysql-prepare-db-dir.sh
@ -202,6 +201,10 @@ Source71: LICENSE.clustercheck
# https://jira.mariadb.org/browse/MDEV-12646
Source72: mariadb-server-galera.te
# Script to support encrypted rsync transfers when SST is required between nodes.
# https://github.com/dciabrin/wsrep_sst_rsync_tunnel/blob/master/wsrep_sst_rsync_tunnel
Source73: wsrep_sst_rsync_tunnel
# Patch4: Red Hat distributions specific logrotate fix
# it would be big unexpected change, if we start shipping it now. Better wait for MariaDB 10.2
Patch4: %{pkgnamepatch}-logrotate.patch
@ -211,12 +214,6 @@ Patch7: %{pkgnamepatch}-scripts.patch
Patch9: %{pkgnamepatch}-ownsetup.patch
# Patch10: Fix cipher name in the SSL Cipher name test
Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch
# Patch11: Use PCDIR CMake option, if configured
Patch11: %{pkgnamepatch}-pcdir.patch
# Patch13: Fix Spider code on armv7hl; https://jira.mariadb.org/browse/MDEV-18737
Patch13: %{pkgnamepatch}-spider_on_armv7hl.patch
# Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path
Patch15: %{pkgnamepatch}-groonga.patch
# Patch16: Workaround for "chown 0" with priviledges dropped to "mysql" user
Patch16: %{pkgnamepatch}-auth_pam_tool_dir.patch
# Patch17: Revert of an upstream commit
@ -320,7 +317,7 @@ Provides: mysql-compat-client%{?_isa} = %{sameevr}
Suggests: %{name}-server%{?_isa} = %{sameevr}
Conflicts: community-mysql
Conflicts: mysql
# Filtering: https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/
%global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::|wsrep)
@ -356,7 +353,7 @@ to a MariaDB/MySQL server.
# At least main config file /etc/my.cnf is shared for client and server part
# Since we want to support combination of different client and server
# implementations (e.g. mariadb library and community-mysql server),
# implementations (e.g. mariadb library and mysql server),
# we need the config file(s) to be in a separate package, so no extra packages
# are pulled, because these would likely conflict.
# More specifically, the dependency on the main configuration file (/etc/my.cnf)
@ -443,7 +440,6 @@ Recommends: %{name}-backup%{?_isa} = %{sameevr}
%{?with_cracklib:Recommends: %{name}-cracklib-password-check%{?_isa} = %{sameevr}}
%{?with_gssapi:Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr}}
%{?with_rocksdb:Suggests: %{name}-rocksdb-engine%{?_isa} = %{sameevr}}
%{?with_tokudb:Suggests: %{name}-tokudb-engine%{?_isa} = %{sameevr}}
%{?with_sphinx:Suggests: %{name}-sphinx-engine%{?_isa} = %{sameevr}}
%{?with_oqgraph:Suggests: %{name}-oqgraph-engine%{?_isa} = %{sameevr}}
%{?with_connect:Suggests: %{name}-connect-engine%{?_isa} = %{sameevr}}
@ -478,7 +474,7 @@ Provides: mysql-server%{?_isa} = %{sameevr}
Provides: mysql-compat-server = %{sameevr}
Provides: mysql-compat-server%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-server
Conflicts: mysql-server
# Bench subpackage has been deprecated in F32
Obsoletes: %{name}-bench <= %{sameevr}
@ -552,18 +548,6 @@ The RocksDB storage engine is used for high performance servers on SSD drives.
%endif
%if %{with tokudb}
%package tokudb-engine
Summary: The TokuDB storage engine for MariaDB
Requires: %{name}-server%{?_isa} = %{sameevr}
BuildRequires: jemalloc-devel
Requires: jemalloc
%description tokudb-engine
The TokuDB storage engine from Percona.
%endif
%if %{with cracklib}
%package cracklib-password-check
Summary: The password strength checking plugin
@ -625,7 +609,7 @@ Requires: %{name}-server%{?_isa} = %{sameevr}
%if %{with mysql_names}
Provides: mysql-perl = %{sameevr}
%endif
Conflicts: community-mysql-server
Conflicts: mysql-server
# mysqlhotcopy needs DBI/DBD support
Requires: perl(DBI) perl(DBD::mysql)
@ -647,7 +631,7 @@ Requires: mariadb-connector-c-devel >= 3.0
Provides: mysql-devel = %{sameevr}
Provides: mysql-devel%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-devel
Conflicts: mysql-devel
%description devel
MariaDB is a multi-user, multi-threaded SQL database server.
@ -690,7 +674,7 @@ Requires: libaio-devel
Provides: mysql-embedded-devel = %{sameevr}
Provides: mysql-embedded-devel%{?_isa} = %{sameevr}
%endif
Conflicts: community-mysql-embedded-devel
Conflicts: mysql-embedded-devel
%description embedded-devel
MariaDB is a multi-user, multi-threaded SQL database server.
@ -718,7 +702,7 @@ Requires: perl(Socket)
Requires: perl(Sys::Hostname)
Requires: perl(Test::More)
Requires: perl(Time::HiRes)
Conflicts: community-mysql-test
Conflicts: mysql-test
%if %{with mysql_names}
Provides: mysql-test = %{sameevr}
Provides: mysql-test%{?_isa} = %{sameevr}
@ -733,27 +717,21 @@ sources.
%prep
%setup -q -n mariadb-%{version}
%setup -q -n mariadb-%{version}-downstream_modified
# Remove JAR files that upstream puts into tarball
find . -name "*.jar" -type f -exec rm --verbose -f {} \;
# Remove testsuite for the mariadb-connector-c
rm -rf libmariadb/unittest
# Remove python scripts remains from tokudb upstream (those files are not used anyway)
rm -r storage/tokudb/mysql-test/tokudb/t/*.py
%if %{without rocksdb}
rm -r storage/rocksdb/
%endif
%patch4 -p1
%patch7 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
#%patch13 -p1
%patch15 -p1
%patch16 -p1
%patch17 -R -p1
@ -774,7 +752,7 @@ cat %{SOURCE53} | tee -a mysql-test/unstable-tests
%endif
cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} \
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} scripts
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} %{SOURCE73} scripts
%if %{with galera}
# prepare selinux policy
@ -784,12 +762,12 @@ sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{nam
# Get version of PCRE, that upstream use
pcre_version=`grep -e "ftp.pcre.org/pub/pcre/pcre2" cmake/pcre.cmake | sed -r "s;[^0123456789]*2-([[:digit:]]+\.[[:digit:]]+)\.[^0123456789]*;\1;"`
pcre_version=`grep -e "https://github.com/PhilipHazel/pcre2/releases/download" cmake/pcre.cmake | sed -r "s;.*pcre2-([[:digit:]]+\.[[:digit:]]+).*;\1;" `
# Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles
%if %{without unbundled_pcre}
if [ %{pcre_bundled_version} != "$pcre_version" ] ; then
echo "\n Error: Bundled PCRE version is not correct. \n\tBundled version number:%{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n"
echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number: %{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n"
exit 1
fi
%else
@ -797,17 +775,13 @@ fi
pcre_system_version=`pkgconf %{_libdir}/pkgconfig/libpcre2-*.pc --modversion 2>/dev/null | head -n 1`
if [ "$pcre_system_version" != "$pcre_version" ] ; then
echo "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number:$pcre_system_version \n\tUpstream version number: $pcre_version\n"
echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number: $pcre_system_version \n\tUpstream version number: $pcre_version\n"
fi
%endif
%build
# This package has static probe points which do not currently
# work with LTO and result in undefined symbols at link time.
# This is being worked on in upstream GCC
%define _lto_cflags %{nil}
# fail quickly and obviously if user tries to build as root
%if %runselftest
@ -846,7 +820,6 @@ fi
-DINSTALL_SBINDIR=libexec \
-DINSTALL_SCRIPTDIR=bin \
-DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \
-DINSTALL_PCDIR=%{_lib}/pkgconfig \
-DMYSQL_DATADIR="%{dbdatadir}" \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
-DTMPDIR=/var/tmp \
@ -854,7 +827,7 @@ fi
-DGROONGA_NORMALIZER_MYSQL_PROJECT_NAME=%{name}-server/groonga-normalizer-mysql \
-DENABLED_LOCAL_INFILE=ON \
-DENABLE_DTRACE=ON \
-DSECURITY_HARDENED=ON \
-DSECURITY_HARDENED=OFF \
-DWITH_WSREP=%{?with_galera:ON}%{!?with_galera:OFF} \
-DWITH_INNODB_DISALLOW_WRITES=%{?with_galera:ON}%{!?with_galera:OFF} \
-DWITH_EMBEDDED_SERVER=%{?with_embedded:ON}%{!?with_embedded:OFF} \
@ -863,7 +836,6 @@ fi
-DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_JEMALLOC=%{?with_tokudb:yes}%{!?with_tokudb:no} \
-DLZ4_LIBS=%{_libdir}/liblz4.so \
-DLZ4_LIBS=%{?with_lz4:%{_libdir}/liblz4.so}%{!?with_lz4:} \
-DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \
@ -873,8 +845,8 @@ fi
-DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \
-DPLUGIN_ROCKSDB=%{?with_rocksdb:DYNAMIC}%{!?with_rocksdb:NO} \
-DPLUGIN_SPHINX=%{?with_sphinx:DYNAMIC}%{!?with_sphinx:NO} \
-DPLUGIN_TOKUDB=%{?with_tokudb:DYNAMIC}%{!?with_tokudb:NO} \
-DPLUGIN_CONNECT=%{?with_connect:DYNAMIC}%{!?with_connect:NO} \
-DPLUGIN_COLUMNSTORE=NO \
-DPLUGIN_CLIENT_ED25519=OFF \
-DPYTHON_SHEBANG=%{python_path} \
-DPLUGIN_CACHING_SHA2_PASSWORD=%{?with_clibrary:DYNAMIC}%{!?with_clibrary:OFF} \
@ -883,6 +855,10 @@ fi
-DCONNECT_WITH_JDBC=OFF \
%{?with_debug: -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=OFF -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_VALGRIND=ON}
# The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
# The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
# We disable this option to the default compilation flags (which have higher level of hardening) will be used
CFLAGS="$CFLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
# force PIC mode so that we can build libmysqld.so
@ -911,7 +887,7 @@ export CFLAGS CXXFLAGS CPPFLAGS
# Print all Cmake options values; "-LAH" means "List Advanced Help"
cmake -B %{_vpath_builddir} -LAH
%cmake_build -j2
%cmake_build
# build selinux policy
%if %{with galera}
@ -1045,6 +1021,7 @@ ln -s %{_libexecdir}/mariadbd %{buildroot}%{_sbindir}/mariadbd
# copy additional docs into build tree so %%doc will find them
install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}}
install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}}
install -p -m 0644 %{SOURCE8} %{basename:%{SOURCE8}}
install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}}
install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}}
@ -1072,6 +1049,9 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor
# Buildroot does not have symlink /lib64 --> /usr/lib64
mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir}
# Add wsrep_sst_rsync_tunnel script
install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel
# Disable plugins
%if %{with gssapi}
sed -i 's/^plugin-load-add/#plugin-load-add/' %{buildroot}%{_sysconfdir}/my.cnf.d/auth_gssapi.cnf
@ -1145,14 +1125,6 @@ rm %{buildroot}%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,i
rm %{buildroot}%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1*
%endif
%if %{with tokudb}
%if 0%{?fedora} || 0%{?rhel} > 7
# Move the upstream file to the correct location
mkdir -p %{buildroot}%{_unitdir}/mariadb.service.d
mv %{buildroot}/etc/systemd/system/mariadb.service.d/tokudb.conf %{buildroot}%{_unitdir}/mariadb.service.d/tokudb.conf
%endif
%endif
%if %{without config}
rm %{buildroot}%{_sysconfdir}/my.cnf
%endif
@ -1165,7 +1137,8 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/charsets
rm %{buildroot}%{_datadir}/%{pkg_name}/errmsg-utf8.txt
rm -r %{buildroot}%{_datadir}/%{pkg_name}/{english,czech,danish,dutch,estonian,\
french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\
polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi}
polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi,\
bulgarian,chinese}
%endif
%if %{without test}
@ -1238,14 +1211,14 @@ export MTR_BUILD_THREAD=$(( $(date +%s) % 1100 ))
if [[ "%{last_tested_version}" == "%{version}" ]] && [[ %{force_run_testsuite} -eq 0 ]]
then
# in further rebuilds only run the basic "main" suite (~800 tests)
echo "running only base testsuite"
echo -e "\n\nRunning just the base testsuite\n\n"
perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --suite=main --mem --skip-test-list=unstable-tests
fi
# If either this version wasn't marked as tested yet or I explicitly want to run the testsuite, run everything we have (~4000 test)
if [[ "%{last_tested_version}" != "%{version}" ]] || [[ %{force_run_testsuite} -ne 0 ]]
then
echo "running advanced testsuite"
echo -e "running advanced testsuite"
perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --big-test --skip-test=spider \
%if %{ignore_testsuite_result}
--max-test-fail=9999 || :
@ -1378,6 +1351,8 @@ fi
%lang(es) %{_datadir}/%{pkg_name}/spanish
%lang(sv) %{_datadir}/%{pkg_name}/swedish
%lang(uk) %{_datadir}/%{pkg_name}/ukrainian
%lang(bg) %{_datadir}/%{pkg_name}/bulgarian
%lang(zh) %{_datadir}/%{pkg_name}/chinese
%endif
%if %{with galera}
@ -1394,6 +1369,7 @@ fi
%endif
%files server
%doc README.wsrep_sst_rsync_tunnel
%{_bindir}/aria_{chk,dump_log,ftdump,pack,read_log}
%{_bindir}/mariadb-service-convert
@ -1440,7 +1416,6 @@ fi
%{?with_connect:%exclude %{_libdir}/%{pkg_name}/plugin/ha_connect.so}
%{?with_cracklib:%exclude %{_libdir}/%{pkg_name}/plugin/cracklib_password_check.so}
%{?with_rocksdb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_rocksdb.so}
%{?with_tokudb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_tokudb.so}
%{?with_gssapi:%exclude %{_libdir}/%{pkg_name}/plugin/auth_gssapi.so}
%{?with_sphinx:%exclude %{_libdir}/%{pkg_name}/plugin/ha_sphinx.so}
%if %{with clibrary}
@ -1485,7 +1460,6 @@ fi
%{_datadir}/%{pkg_name}/mysql_system_tables.sql
%{_datadir}/%{pkg_name}/mysql_system_tables_data.sql
%{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql
%{_datadir}/%{pkg_name}/mysql_to_mariadb.sql
%{_datadir}/%{pkg_name}/mysql_performance_tables.sql
%{_datadir}/%{pkg_name}/mysql_test_db.sql
%if %{with mroonga}
@ -1514,7 +1488,6 @@ fi
%endif
%{_unitdir}/%{daemon_name}*
%{?with_tokudb:%exclude %{_unitdir}/mariadb.service.d/tokudb.conf}
%{_libexecdir}/mysql-prepare-db-dir
%{_libexecdir}/mysql-check-socket
@ -1557,17 +1530,6 @@ fi
%{_mandir}/man1/myrocks_hotbackup.1*
%endif
%if %{with tokudb}
%files tokudb-engine
%{_bindir}/tokuftdump
%{_bindir}/tokuft_logprint
%{_mandir}/man1/tokuftdump.1*
%{_mandir}/man1/tokuft_logprint.1*
%config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf
%{_libdir}/%{pkg_name}/plugin/ha_tokudb.so
%{_unitdir}/mariadb.service.d/tokudb.conf
%endif
%if %{with gssapi}
%files gssapi-server
%{_libdir}/%{pkg_name}/plugin/auth_gssapi.so
@ -1581,7 +1543,7 @@ fi
# SUID-to-root binary. Access MUST be restricted (https://jira.mariadb.org/browse/MDEV-25126)
%attr(4750,root,mysql) %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool
%{_libdir}/security/pam_user_map.so
%{_sysconfdir}/security/user_map.conf
%config(noreplace) %{_sysconfdir}/security/user_map.conf
%endif
%if %{with sphinx}
@ -1661,56 +1623,85 @@ fi
%endif
%changelog
* Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 10.5.9-1
* Mon Jun 13 2022 Michal Schorm <mschorm@redhat.com> - 3:10.5.16-2
- Release bump for rebuild
* Mon May 23 2022 Michal Schorm <mschorm@redhat.com> - 3:10.5.16-1
- Rebase to 10.5.16
* Sun Feb 20 2022 Michal Schorm <mschorm@redhat.com> - 3:10.5.15-1
- Rebase to 10.5.15
* Tue Jan 11 2022 Michal Schorm <mschorm@redhat.com> - 3:10.5.13-1
- Rebase to 10.5.13
- Add wsrep_sst_rsync_tunnel script
* Tue Aug 24 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.12-1
- Rebase to 10.5.12
* Thu Aug 19 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.11-1
- Rebase to 10.5.11
* Mon Aug 16 2021 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.10-2
- Set user_map.conf file to be noreplace config file
- Resolves: rhbz#1989621
* Tue May 11 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.10-1
- Rebase to 10.5.10
* Mon May 10 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-2
- Modify the upstream sources
* Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-1
- Rebase to 10.5.9
* Fri Mar 19 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-4
* Fri Mar 19 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-4
- Move the PAM plugin to a standalone sub-package
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-3
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-3
- Fix permissions of the PAMv2 plugin files
* Tue Feb 16 2021 Michal Schorm <mschorm@redhat.com> - 10.5.8-2
* Tue Feb 16 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-2
- Bump release after several commits cherry-picked from Fedora Rawhide
* Wed Nov 11 2020 Michal Schorm <mschorm@redhat.com> - 10.5.8-1
* Wed Nov 11 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.8-1
- Rebase to 10.5.8
* Fri Nov 06 2020 Michal Schorm <mschorm@redhat.com> - 10.5.7-1
* Fri Nov 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.7-1
- Rebase to 10.5.7
* Mon Sep 21 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.5-1
* Mon Sep 21 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.5-1
- Rebase to 10.5.5
- Fix mariadb-ownsetup
- Add manual for aria_s3_copy
* Wed Sep 16 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.4-1
* Wed Sep 16 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.4-1
- Rebase to 10.5.4
- Add spider.cnf to the server config files
* Mon Sep 14 2020 Lukas Javorsky <ljavorsk@redhat.com> - 10.5.3-1
* Mon Sep 14 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.5.3-1
- Rebase to 10.5.3
* Fri Sep 11 2020 Michal Schorm <mschorm@redhat.com> - 10.5.2-1
* Fri Sep 11 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.2-1
- Test rebase to 10.5.2 - Beta
- TokuDB SE has been deprecated
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 10.5.1-1
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.1-1
- Test rebase to 10.5.1 - Beta
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 10.5.0-1
* Thu Sep 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.5.0-1
- Test rebase to 10.5.0 - Alpha
* Sun Sep 06 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-3
* Sun Sep 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-3
- Resolves: #1851605
* Thu Sep 03 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-2
* Thu Sep 03 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-2
- Resolves: #1873999, #1874446
* Thu Aug 20 2020 Michal Schorm <mschorm@redhat.com> - 10.4.14-1
* Thu Aug 20 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.14-1
- Rebase to 10.4.14
* Tue Aug 18 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-7
* Tue Aug 18 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-7
- Do CMake out-of-source builds
- Force the CMake change regarding the in-source builds also to F31 and F32
- Use CMake macros instead of cmake & make direct commands
@ -1727,16 +1718,16 @@ fi
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.4.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-3
* Tue Jul 14 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-3
- Make conflicts between corresponding mariadb and mysql packages explicit
- Get rid of the Conflicts macro, it was intended to mark conflicts with
*upstream* packages
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-2
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-2
- Extend Perl "Requires" filtering to wsrep
Resolves: #1845376
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 10.4.13-1
* Fri Jun 05 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.13-1
- Rebase to 10.4.13
* Sun May 24 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.4.12-6
@ -1745,23 +1736,23 @@ fi
* Thu Apr 02 2020 Björn Esser <besser82@fedoraproject.org> - 3:10.4.12-5
- Fix string quoting for rpm >= 4.16
* Thu Mar 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 10.4.12-4
* Thu Mar 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 3:10.4.12-4
- Add perl dependencies needed for tests
* Mon Mar 16 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-3
* Mon Mar 16 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-3
- Rebase mariadb-connector-c git submodule to commit fbf1db6
For fix: https://jira.mariadb.org/browse/CONC-441
* Tue Mar 10 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-2
* Tue Mar 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-2
- Update the fix for building in the debug mode
* Thu Feb 06 2020 Michal Schorm <mschorm@redhat.com> - 10.4.12-1
* Thu Feb 06 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.12-1
- Rebase to 10.4.12
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.4.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Michal Schorm <mschorm@redhat.com> - 10.4.11-1
* Fri Jan 17 2020 Michal Schorm <mschorm@redhat.com> - 3:10.4.11-1
- Rebase to 10.4.11
Related: #1756468
- Remove 'bench' subpackage. Upstream no longer maintains it.
@ -1770,63 +1761,63 @@ fi
- Tweak build flags
- Add patch for auth_pam_tool directory
* Fri Jan 10 2020 Michal Schorm <mschorm@redhat.com> - 10.3.21-1
* Fri Jan 10 2020 Michal Schorm <mschorm@redhat.com> - 3:10.3.21-1
- Rebase to 10.3.21
* Mon Nov 18 2019 Lukas Javorsky <ljavorsk@redhat.com> - 10.3.20-3
* Mon Nov 18 2019 Lukas Javorsky <ljavorsk@redhat.com> - 3:10.3.20-3
- Change path of groonga's packaged files
- Fix bz#1763287
* Tue Nov 12 2019 Michal Schorm <mschorm@redhat.com> - 10.3.20-2
* Tue Nov 12 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.20-2
- Rebuild on top fo new mariadb-connector-c
* Mon Nov 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.20-1
* Mon Nov 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.20-1
- Rebase to 10.3.20
* Wed Nov 06 2019 Michal Schorm <mschorm@redhat.com> - 10.3.19-1
* Wed Nov 06 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.19-1
- Rebase to 10.3.19
* Thu Oct 31 2019 Carl George <carl@george.computer> - 3:10.3.18-1
- Rebase to 10.3.18
* Wed Sep 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-3
* Wed Sep 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-3
- Disable building of the ed25519 client plugin.
From now on it will be shipped by 'mariadb-connector-c' package
* Fri Sep 06 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-2
* Fri Sep 06 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-2
- Fix the debug build
* Thu Aug 01 2019 Michal Schorm <mschorm@redhat.com> - 10.3.17-1
* Thu Aug 01 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.17-1
- Rebase to 10.3.17
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.3.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 18 2019 Michal Schorm <mschorm@redhat.com> - 10.3.16-1
* Tue Jun 18 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.16-1
- Rebase to 10.3.16
- Added patch for armv7hl builds of spider SE
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.15-1
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.15-1
- Rebase to 10.3.15
- CVEs fixed:
CVE-2019-2510 CVE-2019-2537
- CVEs fixed:
CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-15
* Tue Jun 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-15
- Remove Cassandra subpackage; it is no longer developed
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-14
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-14
- Fix building of TokuDB with Jemalloc 5
- Fix building with / without lz4
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-13
* Thu Mar 21 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-13
- Add patch for mysqld_safe --dry-run
* Wed Mar 20 2019 Michal Schorm <mschorm@redhat.com> - 10.3.12-12
* Wed Mar 20 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-12
- Add patch for server pkgconfig file location
* Sat Feb 23 2019 Pavel Raiskup <praiskup@redhat.com> - 10.3.12-11
* Sat Feb 23 2019 Pavel Raiskup <praiskup@redhat.com> - 3:10.3.12-11
- conditionally depend on selinux-policy-targeted again (rhbz#1665643)
* Mon Feb 11 2019 Michal Schorm <mschorm@redhat.com> - 3:10.3.12-10

View File

@ -1,3 +0,0 @@
# Do not edit this file.
# To override this, put /etc/tmpfiles.d/mariadb.conf instead.
d @PID_FILE_DIR@ 0755 mysql mysql -

View File

@ -58,3 +58,7 @@ main.myisampack :
# Fails everywhere in 10.5.8
rpl.rpl_innodb_mixed_dml :
# Since 10.5.10
sys_vars.tcp_nodelay :
innodb.restart :

View File

@ -1,2 +1,11 @@
# Fails on ppc64le since 10.4.12
oqgraph.social :
# Fails since 10.5.13
encryption.create_or_replace_big :
rpl.rpl_parallel_optimistic_xa_lsu_off :
rpl.rpl_parallel_optimistic_xa :
innodb.innodb_defrag_concurrent :
rpl.rpl_parallel_xa_same_xid :
parts.part_supported_sql_func_innodb :
parts.partition_alter2_1_1_innodb :

View File

@ -3,3 +3,5 @@ perfschema.memory_aggregate_32bit :
period.overlaps :
# Fails since 10.5.9
bugfix.wait_timeout :
#Fails since 10.5.16
innodb.row_size_error_log_warnings_3 :

View File

@ -48,11 +48,3 @@ badfuncs:
- rresvport
ignore:
- /usr/bin/resolveip
---
# ignore check_stack_overrun function in optimization check, based on BZ2012938
# this function is purposely not being optimized, to preserve a stack variable
# creation
annocheck:
extra_opts:
- hardened: --skip-optimization=_Z19check_stack_overrunP3THDlPh

View File

@ -1 +1 @@
SHA512 (mariadb-10.5.9.tar.gz) = d23d5bf8510b3c36a6521fb3244cf323ef0f5d100ba379ed7b5bbc2acae1765a5b46c17bd929f0b27b28923eb1b5975314abdf7ffb96905cf7a93a5c8837294e
SHA512 (mariadb-10.5.16-downstream_modified.tar.gz) = c61457dcf4c2217b4432bee15094713e672f273a85f2f7a84326b619a0c51dd6f025d7bb94f5da35a2f4ac026c2b6fd32bd605985a5888101a06d62da8fdb02e

View File

@ -297,19 +297,6 @@ index 2001efae3929..6b4d758a5131 100644
$opt_user,
$opt_password,
{ PrintError => 0})
diff --git a/scripts/mysql_setpermission.sh b/scripts/mysql_setpermission.sh
index 71462d286229..66decbd69af7 100644
--- a/scripts/mysql_setpermission.sh
+++ b/scripts/mysql_setpermission.sh
@@ -86,7 +86,7 @@ if ($opt_password eq '')
# make the connection to MariaDB
-$dbh= DBI->connect("DBI:mysql:mysql:host=$sqlhost:port=$opt_port:mysql_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) ||
+$dbh= DBI->connect("DBI:MariaDB:mysql:host=$sqlhost:port=$opt_port:mariadb_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) ||
die("Can't make a connection to the mysql server.\n The error: $DBI::errstr");
# the start of the program
diff --git a/scripts/mysqlhotcopy.sh b/scripts/mysqlhotcopy.sh
index c56cdea470c0..94e577a94a7f 100644
--- a/scripts/mysqlhotcopy.sh
@ -339,33 +326,6 @@ index c56cdea470c0..94e577a94a7f 100644
($master_host, $log_file, $log_pos )
= @{$row_hash}{ qw / Master_Host Log_File Pos / };
} else {
diff --git a/scripts/mytop.sh b/scripts/mytop.sh
index 3ef0a59f27f7..1c4d7a502f51 100644
--- a/scripts/mytop.sh
+++ b/scripts/mytop.sh
@@ -230,11 +230,11 @@ my $dsn;
## Socket takes precedence.
-$dsn ="DBI:mysql:database=$config{db};mysql_read_default_group=mytop;";
+$dsn ="DBI:MariaDB:database=$config{db};mariadb_read_default_group=mytop;";
if ($config{socket} and -S $config{socket})
{
- $dsn .= "mysql_socket=$config{socket}";
+ $dsn .= "mariadb_socket=$config{socket}";
}
else
{
@@ -1877,7 +1877,7 @@ following:
* Perl 5.005 or newer
* Getopt::Long
- * DBI and DBD::mysql
+ * DBI and DBD::MariaDB
* Term::ReadKey from CPAN
Most systems are likely to have all of those installed--except for
diff --git a/sql-bench/server-cfg.sh b/sql-bench/server-cfg.sh
index 3991d16c6b18..6ef39c4d91f8 100644
--- a/sql-bench/server-cfg.sh
@ -781,28 +741,6 @@ index c844d2908345..a2b465734dc5 100644
$opt_user, $opt_password,
{ PrintError => 0}) || die $DBI::errstr;
diff --git a/tests/grant.pl b/tests/grant.pl
index cd6516433166..f8cdc1af4d55 100755
--- a/tests/grant.pl
+++ b/tests/grant.pl
@@ -60,7 +60,7 @@
# clear grant tables
#
-$dbh = DBI->connect("DBI:mysql:mysql:$opt_host",
+$dbh = DBI->connect("DBI:MariaDB:mysql:$opt_host",
$opt_root_user,$opt_password,
{ PrintError => 0}) || die "Can't connect to mysql server with user '$opt_root_user': $DBI::errstr\n";
@@ -653,7 +653,7 @@ sub user_connect
print "Connecting $opt_user\n" if ($opt_verbose);
$user_dbh->disconnect if (defined($user_dbh));
- $user_dbh=DBI->connect("DBI:mysql:$opt_database:$opt_host",$opt_user,
+ $user_dbh=DBI->connect("DBI:MariaDB:$opt_database:$opt_host",$opt_user,
$password, { PrintError => 0});
if (!$user_dbh)
{
diff --git a/tests/index_corrupt.pl b/tests/index_corrupt.pl
index 6b04ce8a59c5..6f31b85bd614 100755
--- a/tests/index_corrupt.pl