Commit Graph

81 Commits

Author SHA1 Message Date
Michal Schorm
56442079e2 Rebase to 10.5.18
Fedora commit: 9f12d914a4

OpenSSL 3 patch upstreamed

Resolves: RHEL-11332 RHEL-8411
2023-10-03 17:00:46 +00:00
Zuzana Miklankova
5c5c2f53d1
Handle optimization test in rpminspect's annocheck inspection
Ignore check_stack_overrun function in optimization test in rpminspect
check.
This function is purposely not being optimized, to preserve a
stack variable creation.

--

Resolves: #2012938
2022-06-14 15:26:19 +02:00
Michal Schorm
227dbf53a5 Release bump for rebuild
--

Related: #2092370
2022-06-13 13:46:20 +02:00
Michal Schorm
2f46772070 rpminspect - introduce a global ignore list
--

Related: #2092370
2022-06-13 13:45:41 +02:00
Michal Schorm
ee4d4c1c0b Update skipped tests list for MariaDB 10.5.16 release
--

Resolves: #2092370
2022-06-08 04:04:00 +02:00
Michal Schorm
bcee682dc0 Update the version number of the bundled PCRE2
The PCRE2 version used by upstream in the 'MariaDB 10.5.16' release is '10.40'

--

Related: #2092370
2022-06-08 04:04:00 +02:00
Michal Schorm
8060bcc4f7 Pack newly introduced translations
--

Related: #2092370
2022-06-08 04:04:00 +02:00
Michal Schorm
f60b8593e8 Rebase to 10.5.16
--

Related: #2092370

Issues Fixed in MariaDB 10.5.14
Reolves: #2090192
2022-06-08 04:03:40 +02:00
Michal Schorm
0ce0cd11ac Remove the second source path definition from the CMake command
The '%cmake' RPM macro in Fedora actually expands to:
| ...
|   /usr/bin/cmake \
|         -S "." \
|         -B "redhat-linux-build" \
| ...

So in this case the source patch was specified twice.
First in the macro with the '-S' option and second time outside of the macro,
in the SPECfile, without the '-S' option.

CMake upstream declares that:
|  This has never been officially documented or supported,
|  but older versions accidentally accepted multiple source paths
|  and used the last path specified. Update scripts to avoid
|  passing multiple source path arguments.
https://cmake.org/cmake/help/v3.23/release/3.23.html#deprecated-and-removed-features

This was discovered as CMake upstream implemented a change to the 3.23.0-rc2 release
that changed this behavior and it broke many Fedora packages that used this
double source path definition.
  See rhbz#2057738 to see how build behaved

After the CMake upstream got aware of what problems it caused in Fedora,
they opened a merge request to restore the behavior to the old one,
but kept the warnings that that is an unsupported and problematic behavior:
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334

---

As for today, this issue is still not yet fully resolved.
- The CMake maintainers in Fedora haven't rebased the package to 3.23-1 release, so it is still broken
- Affected packages in Fedora should find a way to stop using this unsupported behavior
- The double '-S' argument passing should be marked as problematic too, in the exact same way
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258
- A change to the %cmake Fedora RPM macro might be in play, so it won't force a source path
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258

I opened a BZ #2079833 to track the progress of the solution by CMake maintainers

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
7ac4ffbb5d Patch for pkgconfig directory has been upstreamed
The upstream implementation is to NOT make it configurable, but to put it on the correct location instead:
  c5c1027c6e

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
ae9053f42a Another fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The condition has to be fixed, as the OpenSSL 3 was introduced into the Fedora 36, instead of Fedora 35
  https://fedoraproject.org/wiki/Changes/OpenSSL3.0

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
6fd5319b66 Fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The 'mariadb-fips.patch' patch has to be applied conditionally. It will FTBFS on releases without OpenSSL 3.

---

/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc: In function 'void md5_init(EVP_MD_CTX*)':
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:56:9: error: 'EVP_MD_fetch' was not declared in this scope; did you mean 'EVP_MD_flags'?
   56 |   md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
      |         ^~~~~~~~~~~~
      |         EVP_MD_flags
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:63:3: error: 'EVP_MD_free' was not declared in this scope; did you mean 'EVP_MD_type'?
   63 |   EVP_MD_free(md5);
      |   ^~~~~~~~~~~
      |   EVP_MD_type
gmake[2]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/build.make:149: mysys_ssl/CMakeFiles/mysys_ssl.dir/my_md5.cc.o] Error 1

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
1d2bedfc2e Remove bits only relevant for EOL Fedora 32 and older
--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
923d57f454 Rebase to 10.5.15
Logrotate patch rebased onto upstream commit:
  008c02c987

Groonga patch upstreamed:
  045f5f7b10

OpenSSL 3 patch rebased onto upstream commit:
  be1d965384

OpenSSL 3 CMake condition reverted - it should be only applied to series without OpenSSL 3 patch:
  c9beef4315

Full testsuite success on a Fedora Rawhide scratch build,
setting "last_tested_version" to 10.5.15 so only the "main" test suite will be run on subsequent
builds of the same MariaDB release

--

Related: #2092370

Issues Fixed in MariaDB 10.5.14
Reolves: #2083371 #2068219

Issues Fixed in MariaDB 10.5.15
Resolves: #2055607
2022-06-08 04:01:52 +02:00
Michal Schorm
321dc0e0d4 Fix the RPM condition for when the client subpackage is not built
--

Related: #2092370
2022-06-08 04:00:38 +02:00
Michal Schorm
29211e8620 Fix the RPM condition for when the test subpackage is not built but the PAM plugin subpackage is
--

Related: #2092370
2022-06-08 04:00:35 +02:00
Michal Schorm
0b02fefc9b Fix the RPM condition for when the test subpackage is not built but the embedded server subpackage is
--

Related: #2092370
2022-06-08 04:00:32 +02:00
Michal Schorm
1695bd1409 Fix the RPM condition for when the galera subpackage is not built
--

Related: #2092370
2022-06-08 04:00:22 +02:00
Michal Schorm
1c5ecdf5bd Fix the RPM condition for when the PAM plugin subpackage is not built
--

Related: #2092370
2022-06-08 04:00:17 +02:00
Michal Schorm
4698a110e3 Fix whitespaces in the echo, so both variables are prefixed with exactly one whitespace
--

Related: #2092370
2022-06-08 04:00:12 +02:00
Michal Schorm
0354b9890a Fix the regular expression used to pick up the PCRE2 version the upstream bundles
Upstream changed the URL from which they download the PCRE2 tarball

--

Related: #2092370
2022-06-08 04:00:04 +02:00
Honza Horak
02a712fe8d Fix md5 in FIPS mode with OpenSSL 3.0.0
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.

  Resolves: #2050541
2022-02-09 15:37:33 +00:00
Michal Schorm
5e82fd62a4 Disable the upstream hardening - it overrides the default compilation flags of the distribution, but provides lower level of hardening than the default flags
This issue was originally discovered by Annocheck stack-protection test in RHEL 9
Resolves: #2044388

The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
We disable this option to the default compilation flags (which have higher level of hardening) will be used
2022-02-07 14:17:10 +01:00
Zuzana Miklankova
119ed62f4f Whitelisting file Index.xml from rpminspect xml check
Reason is, that the bug is already reported on upstream:
https://jira.mariadb.org/browse/MDEV-26905.
Also we currently do not know how to fix it. If we eventually figure out
how to fix this bug, then the patch would be submitted directly to the
upstream, rather than to downstream, to avoid unintentionally breaking
some code that relied on the malformed XML.
2022-01-12 09:29:47 +01:00
Michal Schorm
ce17bc05c4 Rebase to 10.5.13
- Full testsuite checked

Resolves: #1976230 #2036983 #2021189
2022-01-11 15:38:59 +01:00
Michal Schorm
23822d7ce3 Enable LTO
Resolves: #1986172
2022-01-11 09:05:56 +01:00
Michal Schorm
a76a3c657b Reword lines applying OpenSSL patch to match Fedora SPECfile
Keeping the SPECfiles close helps with cherry-picking changes

Related: #2036983
2022-01-11 09:05:36 +01:00
Zuzana Miklankova
793527ec85 Disable badfunct rpinspect CI check for /usr/bin/resolveip
Resolveip binary is only used in mysql_install_db.sh script,
and only in non-"--rpm" mode [1]. However, we call this script with
"--rpm" option enabled, and thus the resolveip is not used [2],
and its badfuncs check can be disabled. [3]

Resolves: #1973194

[1] https://gitlab.com/redhat/centos-stream/rpms/mariadb/-/blob/c9s/mariadb-prepare-db-dir.sh#L100
[2] 5566cbadb0/scripts/mysql_install_db.sh (L425-L441)
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1973194#c4
2021-12-16 10:47:36 +01:00
Zuzana Miklankova
0de9e0a77f Disable xmllint check for specific xmls in rpminspect CI task #2012936
based on https://lists.launchpad.net/maria-discuss/msg06133.html
discussion are the invalid xmls (except for Index.xml)
present in the sources on purpose and their xmllint
check can be thus disabled in the CI process.

A bug report [https://jira.mariadb.org/browse/MDEV-26905] was created
for the Index.xml file.

The CI picks up the rpmlimspect.yaml for specific package in the
dist-git repo.

Resolves: #2012936
2021-12-15 14:15:32 +00:00
Honza Horak
295ecfc23a Use OpenSSL 3.0.0 patch from upstream
Resolves: #1991498

Upstream patch: c80991c79f
Upstream JIRA ticket: https://jira.mariadb.org/browse/MDEV-25785
2021-12-02 13:46:46 +01:00
Michal Schorm
5de93c78f5 Add wsrep_sst_rsync_tunnel script
Resolves: #2003556
2021-10-11 13:07:07 +02:00
Honza Horak
b23e21d635 Fix md5 usage in wsrep part
Related: #1962047
2021-08-17 16:02:15 +02:00
Michal Schorm
e59f4ddf66 Rebase to 10.5.12
Related: #1971248
2021-08-17 16:02:13 +02:00
Michal Schorm
61d38ce40d Enhance the usage of the "echo" program to get better formated output
Related: #1971248
2021-08-17 16:02:10 +02:00
Michal Schorm
c9900f6ca8 The user_map.conf configuration file is expected to be edited by users
Resolves: #1989619
2021-08-17 16:02:02 +02:00
Michal Schorm
b5366c5f57 Rebase to 10.5.11
Related: #1971248
2021-08-17 16:01:53 +02:00
Mohan Boddu
ed762744e1 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:07:19 +00:00
Lukas Javorsky
34c7a060a7 Add gating configuration 2021-08-09 11:27:31 +02:00
Florian Weimer
92eb3dd188 Another rebuild against pcre2-10.37 (bug #1970765)
Related: #1970765
2021-08-07 08:45:40 +02:00
Lukas Javorsky
4070c5be9a Rebuild against pcre2-10.37 (bug #1970765)
Resolves: rhbz#1986851
2021-07-28 15:40:46 +02:00
Mohan Boddu
ff1f296333 Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:30:26 +00:00
Michal Schorm
beec309d53 Explicitly disable building of the Columnstore SE until it is packed properly
Undefined behaviour leads to the SE being built by default on systems that have the necessary devel package installed

Cherry-picked from Fedora: e96ef648dd
Related: #1971248
2021-06-13 11:22:10 +02:00
Michal Schorm
df56f318a4 Remove TokuDB Storage Engine subpackage
The TokuDB SE from Percona upstream has been deprecated in MariaDB 10.5 and completely removed in MariaDB 10.6
In Fedora, we don't build it since MariaDB 10.5

Cherry-picked from Fedora: f192442cc3
Related: #1971248
2021-06-13 11:21:49 +02:00
Michal Schorm
53f8029fe4 Use the modified sources; bump release
Cherry-picked from Fedora: 47762ab9fc
Related: #1971248
2021-06-13 11:21:37 +02:00
Michal Schorm
aebcf6b79c Ignore missing files during "rm -r"
Cherry-picked from Fedora: b3ff1d5772
Related: #1971248
2021-06-13 11:21:22 +02:00
Michal Schorm
dcf9624f00 Introduce the script for generating sources tarball without a code under a license which was not yet approved for Fedora or RHEL
Change the name of the sources archive, so the maintainer will encounter an error when uploading new sources which haven't undergo modification by this script

Cherry-picked from Fedora: 7f8a0e15a6
Related: #1971248
2021-06-13 11:20:56 +02:00
Michal Schorm
29b1e7172c Fix RPMLint warning: incoherent-version-in-changelog 10.5.10-1 ['3:10.5.10-1.fc35', '3:10.5.10-1']
Cherry-picked from Fedora: b14945398c
Related: #1971248
2021-06-13 11:20:39 +02:00
Michal Schorm
1450841692 Update RPMLint whitelist; fix RPMLint findings
Cherry-picked from Fedora: 2e03a737bb
Related: #1971248
2021-06-13 11:20:26 +02:00
Daniel Black
8db0f6ac1a Document systemd service changes
Prefer the systemctl edit mysql.service syntax
and leave the more complex alternatives to the
existing documents referenced.

Also show how to use the multiinstance a bit more.

Cherry-picked from Fedora: a87e9e5d9a
Related: #1971248
2021-06-13 11:20:12 +02:00
Daniel Black
72944367e0 drop KillMode=process
MariaDB-10.4 onwards included a pam_helper subprocess to help
with the pam authentication module.

If the user is running with Galera there are SST modules that could
be executing.

By dropping KillMode=process this reverts back to control-group to
cover all of these subprocesses. This is what upstream does.

https://jira.mariadb.org/browse/MDEV-25233 suggests moving to
KillMode=mixed, which is probably ok too, but has been tested less.

Cherry-picked from Fedora: 95f558b833
Related: #1971248
2021-06-13 11:19:53 +02:00