Commit Graph

736 Commits

Author SHA1 Message Date
Honza Horak
0d4a89ed92 Fix md5 in FIPS mode with OpenSSL 3.0.0
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.

  Resolves: #2050541
2022-02-07 23:01:38 +01:00
Michal Schorm
db03980787 Diable upstream hardening - it overrides the default compilation flags of the distribution, but provides lower level of hardening than the default flags
This issue was originally discovered by Annocheck stack-protection test in RHEL 9: #2044388

The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
We disable this option to the default compilation flags (which have higher level of hardening) will be used
2022-02-07 14:02:25 +01:00
Fedora Release Engineering
b0ed606846 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 18:41:24 +00:00
Michal Schorm
612f03d82b Fix the RPM condition for when the client subpackage is not built 2022-01-14 15:17:06 +01:00
Michal Schorm
452e11f762 Fix the RPM condition for when the test subpackage is not built but the PAM plugin subpackage is 2022-01-14 10:51:36 +01:00
Michal Schorm
ede543499e Fix the RPM condition for when the test subpackage is not built but the embedded server subpackage is 2022-01-14 10:50:57 +01:00
Michal Schorm
860088c5ca Fix the RPM condition for when the galera subpackage is not built 2022-01-14 10:50:13 +01:00
Michal Schorm
a1003a7c33 Fix the RPM condition for when the PAM plugin subpackage is not built 2022-01-14 10:48:53 +01:00
Michal Schorm
439d015366 Fix whitespaces in the echo, so both variables are prefixed with exactly one whitespace 2022-01-13 12:52:50 +01:00
Michal Schorm
b8157c3994 Fix the regular expression used to pick up the PCRE2 version the upstream bundles
Upstream changed the URL from which they download the PCRE2 tarball
2022-01-13 12:52:45 +01:00
Zuzana Miklankova
98fafb1bc7 Whitelisting file Index.xml from rpminspect xml check
Reason is, that the bug is already reported on upstream:
https://jira.mariadb.org/browse/MDEV-26905.
Also we currently do not know how to fix it. If we eventually figure out
how to fix this bug, then the patch would be submitted directly to the
upstream, rather than to downstream, to avoid unintentionally breaking
some code that relied on the malformed XML.
2022-01-12 09:07:22 +01:00
Lukas Javorsky
fc088dbe49 Revert "Disable dtrace for the arm architecture due to FTBFS during gcc compiling"
This reverts commit b3e0e11edd.

The issue in systemtap is fixed now
https://sourceware.org/git/?p=systemtap.git;a=commit;h=34facf7ee6b43dae66cc109973a4eda42e439163
2021-12-16 13:06:56 +01:00
Michal Schorm
314d2bf8f0 Rebase to 10.5.13
- Full testsuite checked
- Patch 16 upstreamed
2021-12-02 11:16:46 +01:00
Michal Schorm
643c233529 Enable LTO
Resolves: #1994993
2021-12-01 14:27:13 +01:00
Michal Schorm
9fa16bbecc Fix OpenSSL 3 patch
It has to be applied AFTER the mariadb-ssl-cipher-tests.patch
2021-12-01 14:26:45 +01:00
Zuzana Miklankova
cf60f44fa1 Disable badfunct rpinspect CI check for /usr/bin/resolveip, BZ1973194
Resolveip binary is only used in mysql_install_db.sh script,
and only in non-"--rpm" mode [1]. However, we call this script with
"--rpm" option enabled, and thus the resolveip is not used [2],
and its badfuncs check can be disabled. [3]

[1] https://gitlab.com/redhat/centos-stream/rpms/mariadb/-/blob/c9s/mariadb-prepare-db-dir.sh#L100
[2] 5566cbadb0/scripts/mysql_install_db.sh (L425-L441)
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1973194#c4
2021-12-01 14:14:29 +01:00
Zuzana Miklankova
866cfb97a4 Add ignorefiles for xmllint rpminspect check
based on https://lists.launchpad.net/maria-discuss/msg06133.html
discussion are all the invalid xmls (except for Index.xml)
present in the sources on purpose and the xmllint
check can be thus disabled in the CI process.

All of xmlfiles, whose warnings are being supressed with this commit are
being used for testing.

A bug report [https://jira.mariadb.org/browse/MDEV-26905] was created
for the Index.xml file.

Fedora CI picks up the rpmlimspect.yaml for specific package in the
dist-git repo [ref:
https://rpminspect.readthedocs.io/en/latest/configuration.html#rpminspect-yaml
]

Replace xmllint shutdown with ignoring specific xmls in the xml check
2021-12-01 12:58:03 +00:00
Michal Schorm
f443a82bd6 Apply OpenSSL 3 patch picked from the upstream developement branch for MariaDB 10.8 2021-12-01 13:51:44 +01:00
Lukas Javorsky
b3e0e11edd Disable dtrace for the arm architecture due to FTBFS during gcc compiling
Temporary workaround for BZ#2026600

Problem with the GCC is already beeing discussed in upstream's Bugzilla
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103395

This commit should be reverted when the GCC fixes the issue on their
side
2021-12-01 13:46:11 +01:00
Sahana Prasad
17657ce119 Rebuilt with OpenSSL 3.0.0 2021-09-14 19:07:41 +02:00
Marek Kulik
3b8ee8379a Fix mysql_setpermission bug (#1976224)
This patch fixes bug in mysql_setpermission perl script
by adding conditionally port information to connections parameters.

More information about this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1976224

This bug has been fixed in upstream.
Patch can be removed when new version with fix is released.

https://github.com/MariaDB/server/pull/1896
2021-08-26 12:59:44 +02:00
Michal Schorm
8461c0e791 Rebase to 10.5.12 2021-08-07 09:57:12 +02:00
Michal Schorm
778adde283 Enhance the usage of the "echo" program to get better formated output 2021-08-07 09:57:12 +02:00
Michal Schorm
eab3fb692c Revert a single change from the previous commit so that the commit #7f8a0e15a can be cleanly reverted, when the time comes.
The commented "Source0" line in the #7f8a0e15a commit raises RPMLint warnings.
While it is good to have the code without such warnings, the value of the clean revert of the whole #7f8a0e15a commit is higher.

The RPMLint warning for "macro in a comment" is meant for cases, when the macro in the comment would be expanded to multiple lines.
The additional lines won't be commented out as the original line with the unexpanded macros.
That leads to an unwated code execution.
The macro "%{version}" is a single line macro, so no real issue should arise here.
2021-08-06 19:35:31 +02:00
Lukas Javorsky
5659759831 Set user_map.conf file to be noreplace config file
Related: BZ#1989534
2021-08-03 15:18:59 +02:00
Fedora Release Engineering
ff0b1ccf09 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 13:45:05 +00:00
Lukas Javorsky
f45390c986 Rebuild against pcre2-10.37 (bug #1965025) 2021-07-14 11:10:13 +02:00
Michal Schorm
ad41c37057 Rebase to 10.5.11 2021-07-01 09:23:24 +02:00
Michal Schorm
e96ef648dd Explicitly disable building of the Columnstore SE
until it is packed properly

Undefined behaviour leads to the SE being built by default on systems that have the necessary devel package installed
Resolves: #1960161
2021-05-14 16:20:09 +02:00
Michal Schorm
f192442cc3 Remove TokuDB Storage Engine subpackage
The TokuDB SE from Percona upstream has been deprecated in MariaDB 10.5 and completely removed in MariaDB 10.6
In Fedora, we don't build it since MariaDB 10.5
2021-05-12 05:41:16 +02:00
Michal Schorm
47762ab9fc Use the modified sources; bump release 2021-05-12 05:33:16 +02:00
Michal Schorm
b3ff1d5772 Ignore missing files during "rm -r" 2021-05-12 05:33:16 +02:00
Michal Schorm
7f8a0e15a6 Introduce the script for generating sources tarball without a code under a license which was not yet approved for Fedora or RHEL
Change the name of the sources archive, so the maintainer will encounter an error when uploading new sources which haven't undergo modification by this script
2021-05-12 05:33:16 +02:00
Michal Schorm
b14945398c Fix RPMLint warning: incoherent-version-in-changelog 10.5.10-1 ['3:10.5.10-1.fc35', '3:10.5.10-1'] 2021-05-11 21:40:39 +02:00
Michal Schorm
2e03a737bb Update RPMLint whitelist; fix RPMLint findings 2021-05-11 21:36:11 +02:00
Daniel Black
a87e9e5d9a Document systemd service changes
Prefer the systemctl edit mysql.service syntax
and leave the more complex alternatives to the
existing documents referenced.

Also show how to use the multiinstance a bit more.
2021-05-11 12:07:23 +00:00
Daniel Black
95f558b833 drop KillMode=process
MariaDB-10.4 onwards included a pam_helper subprocess to help
with the pam authentication module.

If the user is running with Galera there are SST modules that could
be executing.

By dropping KillMode=process this reverts back to control-group to
cover all of these subprocesses. This is what upstream does.

https://jira.mariadb.org/browse/MDEV-25233 suggests moving to
KillMode=mixed, which is probably ok too, but has been tested less.
2021-05-11 12:07:23 +00:00
Daniel Black
fcdfad8ad8 update package descriptions
Use mariadbd rather than mysqld in package descriptions.

Changed community branch of MySQL to "fork from", since branch
implies far too many updates from or back to the original
which isn't true.

Updated server-galera package description as it didn't
reference Galera at all.
2021-05-11 12:04:41 +00:00
Daniel Black
c205fe1604 mariadb-scripts-common: update sections from mariadbd --help --verbose 2021-05-11 12:01:29 +00:00
Daniel Black
df76620f9e rename mysql scripts to mariadb
Use mariadb names in the scripts too.
2021-05-11 12:01:29 +00:00
Daniel Black
00056934fb Drop README.mysql-license, there are no exceptions
MariaDB has LGPL-2.1 for the licensing of Connector/C

This is the submodule in libmariadb on the server repository
from which the client libraries are built.

ref: https://github.com/mariadb-corporation/mariadb-connector-c

From upstream:
  e4da179b03
2021-05-11 12:01:29 +00:00
Daniel Black
8a01c71407 README.mariadb-docs to refer to MariaDB documentation
MariaDB has its own documentation and refering to MySQL
documentation may mislead users.
2021-05-11 12:01:29 +00:00
Michal Schorm
b84b8cfc8c Rebase to 10.5.10 2021-05-11 05:10:04 +02:00
Michal Schorm
939918b1e0 Fix package Conflicts on other OS than Fedora
The "community-mysql" packgae is named just "mysql" on RHEL & CentOS
2021-05-02 15:17:53 +02:00
Jonathan Wakely
a5d57f3520 Rebuilt for removed libstdc++ symbol (#1937698) 2021-03-30 19:37:59 +01:00
Michal Schorm
098e789957 Remove all upstream Systemd service files from the datadir
---

Until now, we remove "mysql*" named upstream service files from the datadir, but leave the others.
IMO we should either ship them all or remove them all.

I see no benefit in keeping upstream service files, since they use different logic, capabilities, and starts scripts as root; unlike our downstream Systemd service files.
2021-03-19 15:33:47 +00:00
Michal Schorm
e9fc8adf5d Bump release for rebuild 2021-03-19 15:57:56 +01:00
Michal Schorm
51cd6d3ae2 Move PAM authentication plugin to a standalone sub-package, suggested by the server sub-package to minimize potential security risks to only to the users which will install this plugin. https://jira.mariadb.org/browse/MDEV-25126 2021-03-19 15:57:56 +01:00
Michal Schorm
c356ff4717 Bump release for rebuild 2021-03-18 04:20:34 +01:00
Michal Schorm
51dee9887b Fix file permissions for the PAMv2 authentication plugin
Access to this SUID-to-root binary MUST be restricted.
https://jira.mariadb.org/browse/MDEV-25126
2021-03-18 04:14:39 +01:00