.gitignore

@@ -1 +1 @@
-SOURCES/mariadb-10.5.16-downstream_modified.tar.gz
+SOURCES/mariadb-10.3.39.tar.gz

.mariadb.metadata

@@ -1 +1 @@
-10c51d806a5eba0abce079a1965a487ff104a9a1 SOURCES/mariadb-10.5.16-downstream_modified.tar.gz
+25972d22ed05249782141392f0893e71c7d549a9 SOURCES/mariadb-10.3.39.tar.gz

SOURCES/README.mariadb-docs

@@ -1,9 +0,0 @@
-MariaDB haven't yet made a document package available for offline.
-
-You can create your own copy with the instructions here:
-
-https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/
-
-You can find view the on-line documentation at:
-
-https://mariadb.com/kb/en/documentation/

SOURCES/README.mysql-docs

@@ -0,0 +1,4 @@
+The official MySQL documentation is not freely redistributable, so we cannot
+include it in RHEL or Fedora.  You can find it on-line at
+
+http://dev.mysql.com/doc/

SOURCES/README.mysql-license

@@ -0,0 +1,9 @@
+MySQL is distributed under GPL v2, but there are some licensing exceptions
+that allow the client libraries to be linked with a non-GPL application,
+so long as the application is under a license approved by Oracle.
+For details see
+
+http://www.mysql.com/about/legal/licensing/foss-exception/
+
+Some innobase code from Percona and Google is under BSD license.
+Some code related to test-suite is under LGPLv2.

SOURCES/mariadb-10.3.39-tests.patch

@@ -0,0 +1,101 @@
+--- mariadb-10.3.39/mysql-test/include/default_mysqld.cnf	2023-05-03 06:32:44.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/include/default_mysqld.cnf	2023-07-07 13:58:40.255283041 +0200
+@@ -127,3 +127,8 @@ local-infile
+ # tables.  Let's enable it in the [server] group, because this group
+ # is read after [mysqld] and [embedded]
+ loose-aria
++
++[mysqltest]
++loose-ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
++loose-ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
++loose-ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
+
+--- mariadb-10.3.39/mysql-test/include/wait_until_connected_again.inc	2023-05-03 06:32:44.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/include/wait_until_connected_again.inc	2023-07-07 13:55:30.424368106 +0200
+@@ -11,7 +11,7 @@ let $counter= 5000;
+ let $mysql_errno= 9999;
+ while ($mysql_errno)
+ {
+-  --error 0,ER_SERVER_SHUTDOWN,ER_CONNECTION_KILLED,ER_LOCK_WAIT_TIMEOUT,2002,2006,2013
++  --error 0,ER_SERVER_SHUTDOWN,ER_CONNECTION_KILLED,ER_LOCK_WAIT_TIMEOUT,2002,2006,2013,2026
+   show status;
+ 
+   dec $counter;
+
+--- mariadb-10.3.39/mysql-test/suite/rpl/t/rpl_err_ignoredtable.test	2023-05-03 06:32:45.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/suite/rpl/t/rpl_err_ignoredtable.test	2023-07-07 13:54:31.152082427 +0200
+@@ -53,7 +53,7 @@ insert into t4 values (3),(4);
+ connection master;
+ # The get_lock function causes warning for unsafe statement.
+ --disable_warnings
+---error 0,1317,2013
++--error 0,1317,2013,2026
+ reap;
+ --enable_warnings
+ connection master1;
+
+--- mariadb-10.3.39/mysql-test/suite/innodb/t/innodb_bug51920.test	2023-05-03 06:32:44.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/suite/innodb/t/innodb_bug51920.test	2023-07-07 15:11:39.000404508 +0200
+@@ -36,7 +36,7 @@ let $wait_condition =
+ # depending on platform.
+ #
+ connection con1;
+--- error 1317, 2006, 2013, ER_CONNECTION_KILLED
++-- error 1317, 2006, 2013, 2026, ER_CONNECTION_KILLED
+ reap;
+ connection default;
+ DROP TABLE bug51920;
+
+--- mariadb-10.3.39/mysql-test/main/lock_kill.test	2023-05-03 06:32:44.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/main/lock_kill.test	2023-07-07 15:13:54.335086789 +0200
+@@ -17,7 +17,7 @@ LOCK TABLE t1 WRITE;
+ eval KILL $conid;
+ --enable_query_log
+ --connection con1
+---error 0,2006,2013,ER_CONNECTION_KILLED
++--error 0,2006,2013,2026,ER_CONNECTION_KILLED
+ reap;
+ --connection default
+ --disconnect con1
+@@ -35,7 +35,7 @@ LOCK TABLE t1 WRITE, t2 WRITE;
+ eval KILL $conid;
+ --enable_query_log
+ --connection con1
+---error 0,2006,2013,ER_CONNECTION_KILLED
++--error 0,2006,2013,2026,ER_CONNECTION_KILLED
+ reap;
+ --connection default
+ --disconnect con1
+
+--- mariadb-10.3.39/mysql-test/main/loadxml.test	2023-05-03 06:32:44.000000000 +0200
++++ ../../mariadb-10.3.39/mysql-test/main/loadxml.test	2023-07-07 15:15:14.862492763 +0200
+@@ -83,7 +83,7 @@ connection default;
+ connection addconroot;
+ # Read response from connection to avoid packets out-of-order when disconnecting
+ # Note, that connection can already be dead due to previously issued kill
+---error 0,2013
++--error 0,2013,2026
+ --reap
+ disconnect addconroot;
+ connection default;
+
+--- mariadb-10.3.39/plugin/disks/mysql-test/disks/disks.test	2023-05-03 06:32:45.000000000 +0200
++++ ../../mariadb-10.3.39/plugin/disks/mysql-test/disks/disks.test	2023-07-10 11:48:28.859497746 +0200
+@@ -1,3 +1,3 @@
+ --replace_regex /varchar\([0-9]+\)/varchar(pathlen)/
+ show create table information_schema.disks;
+-select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
++select sum(Total) >= sum(Available), sum(Total) >= sum(Used) from information_schema.disks;
+
+--- mariadb-10.3.39/plugin/disks/mysql-test/disks/disks.result	2023-05-03 06:32:45.000000000 +0200
++++ ../../mariadb-10.3.39/plugin/disks/mysql-test/disks/disks.result	2023-07-10 12:47:10.460233056 +0200
+@@ -7,6 +7,6 @@ DISKS	CREATE TEMPORARY TABLE `DISKS` (
+   `Used` bigint(32) NOT NULL,
+   `Available` bigint(32) NOT NULL
+ ) ENGINE=MEMORY DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci
+-select sum(Total) > sum(Available), sum(Total)>sum(Used) from information_schema.disks;
+-sum(Total) > sum(Available)	sum(Total)>sum(Used)
++select sum(Total) >= sum(Available), sum(Total) >= sum(Used) from information_schema.disks;
++sum(Total) >= sum(Available)	sum(Total) >= sum(Used)
+ 1	1
+

SOURCES/mariadb-annocheck.patch

@@ -0,0 +1,13 @@
+Harden the "hardened" flags even more to comply with RHEL8 security rules
+
+--- mariadb-10.3.25/CMakeLists.txt	2020-10-05 18:19:45.000000000 +0200
++++ mariadb-10.3.25/CMakeLists.txt_patched	2020-11-03 01:29:52.369426705 +0100
+@@ -247,7 +247,7 @@ IF(NOT WITH_TSAN)
+     # security-enhancing flags
+     MY_CHECK_AND_SET_COMPILER_FLAG("-pie -fPIC")
+     MY_CHECK_AND_SET_LINKER_FLAG("-Wl,-z,relro,-z,now")
+-    MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector --param=ssp-buffer-size=4")
++    MY_CHECK_AND_SET_COMPILER_FLAG("-fstack-protector-strong --param=ssp-buffer-size=4")
+     MY_CHECK_AND_SET_COMPILER_FLAG("-D_FORTIFY_SOURCE=2" RELEASE RELWITHDEBINFO)
+   ENDIF()
+ ENDIF()

SOURCES/mariadb-fips.patch

@@ -1,28 +0,0 @@
-Fix md5 in FIPS mode
-
-OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
-In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
-in 3.0.0+ it is a different EVP_MD provider.
-
-Resolves: rhbz#2050541
-
-diff -up mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc
---- mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips	2022-02-07 16:36:47.255131576 +0100
-+++ mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc	2022-02-07 22:57:32.391002916 +0100
-@@ -52,12 +52,15 @@ static void md5_result(EVP_MD_CTX *conte
- 
- static void md5_init(EVP_MD_CTX *context)
- {
-+  EVP_MD *md5;
-+  md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
-   EVP_MD_CTX_init(context);
- #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
-   /* Ok to ignore FIPS: MD5 is not used for crypto here */
-   EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- #endif
--  EVP_DigestInit_ex(context, EVP_md5(), NULL);
-+  EVP_DigestInit_ex(context, md5, NULL);
-+  EVP_MD_free(md5);
- }
- 
- static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len)

SOURCES/mariadb-logrotate.patch

@@ -26,15 +26,13 @@ Update 6/2018
   beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
 * Submited as PR: https://github.com/MariaDB/server/pull/807
 
-Update 02/2021
-* Enhance the script as proposed in:
-  https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/
-* Discussion continues in:
-  https://jira.mariadb.org/browse/MDEV-16621
+Update 01/2022
+* added delaycompress option
+* see https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux
 
---- mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh	2022-02-22 04:56:35.571185622 +0100
-+++ mariadb-10.5.13-downstream_modified/support-files/mysql-log-rotate.sh_patched	2022-02-22 04:56:15.121003580 +0100
-@@ -3,36 +3,23 @@
+--- mariadb-10.3.32/support-files/mysql-log-rotate.sh	2022-01-14 17:03:27.000000000 +0100
++++ mariadb-10.3.32/support-files/mysql-log-rotate.sh_patched	2022-01-17 15:07:54.205379672 +0100
+@@ -3,36 +3,22 @@
  # in the [mysqld] section as follows:
  #
  # [mysqld]
@@ -65,9 +63,8 @@ Update 02/2021
          missingok
          compress
 +        delaycompress
-+        sharedscripts
      postrotate
- 	# just if mariadbd is really running
+ 	# just if mysqld is really running
 -	if test -x @bindir@/mysqladmin && \
 -	   @bindir@/mysqladmin ping &>/dev/null
 -	then

SOURCES/mariadb-mdev-30402.patch

@@ -0,0 +1,12 @@
+--- mariadb-10.3.39/scripts/wsrep_sst_mariabackup.sh	2023-08-11 11:31:40.415022889 +0200
++++ ../../mariadb-10.3.39/scripts/wsrep_sst_mariabackup.sh	2023-08-11 11:32:01.924161077 +0200
+@@ -340,6 +340,9 @@ get_transfer()
+                         "Use workaround for socat $SOCAT_VERSION bug"
+                 fi
+             fi
++            if check_for_version "$SOCAT_VERSION" '1.7.4'; then
++                tcmd="$tcmd,no-sni=1"
++            fi
+         fi
+ 
+         if [ "${sockopt#*,dhparam=}" = "$sockopt" ]; then

SOURCES/mariadb-openssl3.patch

@@ -1,401 +0,0 @@
-From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001
-From: Vladislav Vaintroub <wlad@mariadb.com>
-Date: Mon, 8 Nov 2021 18:48:19 +0100
-Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
-
-Summary of changes
-
-- MD_CTX_SIZE is increased
-
-- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
-  to nobody knows where. The assumption made previously was that
-  (since the function does not seem to be documented)
-  was that it points to the last partial source block.
-  Add own partial block buffer for NOPAD encryption instead
-
-- SECLEVEL in CipherString in openssl.cnf
-  had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
-
-- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
-  in addition to what was set in --ssl-cipher
-
-- ctx_buf buffer now must be aligned to 16 bytes with openssl(
-  previously with WolfSSL only), ot crashes will happen
-
-- updated aes-t , to be better debuggable
-  using function, rather than a huge multiline macro
-  added test that does "nopad" encryption piece-wise, to test
-  replacement of EVP_CIPHER_CTX_buf_noconst
----
- cmake/ssl.cmake                   |  19 ++++-
- include/ssl_compat.h              |   3 +-
- mysql-test/lib/openssl.cnf        |   2 +-
- mysql-test/main/ssl_cipher.result |   6 +-
- mysql-test/main/ssl_cipher.test   |   2 +-
- mysys_ssl/my_crypt.cc             |  46 +++++++-----
- unittest/mysys/aes-t.c            | 121 ++++++++++++++++++++++--------
- 7 files changed, 141 insertions(+), 58 deletions(-)
-
-
-diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake
---- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16	2021-08-03 10:29:07.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake	2021-11-18 16:58:41.552440737 +0100
-@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
-       SET(SSL_INTERNAL_INCLUDE_DIRS "")
-       SET(SSL_DEFINES "-DHAVE_OPENSSL")
- 
-+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+        SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
-+      ENDFOREACH()
-+
-+      # Silence "deprecated in OpenSSL 3.0"
-+      IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
-+         OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
-+        SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
-+        SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
-+      ENDIF()
-+
-       SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-       SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
--      SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+
-       CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
-                           HAVE_ERR_remove_thread_state)
-       CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
-@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
-                           HAVE_EncryptAes128Gcm)
-       CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
-                           HAVE_X509_check_host)
--      SET(CMAKE_REQUIRED_INCLUDES)
--      SET(CMAKE_REQUIRED_LIBRARIES)
-+
-+      FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+        SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
-+      ENDFOREACH()
-     ELSE()
-       IF(WITH_SSL STREQUAL "system")
-         MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
-diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h
---- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16	2021-08-03 10:29:07.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h	2021-11-18 16:58:41.552440737 +0100
-@@ -24,7 +24,7 @@
- #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
- #define ERR_remove_state(X) ERR_clear_error()
- #define EVP_CIPHER_CTX_SIZE 176
--#define EVP_MD_CTX_SIZE 48
-+#define EVP_MD_CTX_SIZE 72
- #undef EVP_MD_CTX_init
- #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
- #undef EVP_CIPHER_CTX_init
-@@ -74,7 +74,6 @@
- #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
- #endif
- 
--#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
- #define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
- #define EVP_CIPHER_CTX_SIZE             sizeof(EVP_CIPHER_CTX)
- 
-diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf
---- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16	2021-08-03 10:29:07.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf	2021-11-18 16:58:41.552440737 +0100
-@@ -9,4 +9,4 @@ ssl_conf = ssl_section
- system_default = system_default_section
- 
- [system_default_section]
--CipherString = ALL:@SECLEVEL=1
-+CipherString = ALL:@SECLEVEL=0
-diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result
---- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16	2021-08-03 10:29:08.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result	2021-11-18 16:58:41.552440737 +0100
-@@ -61,8 +61,8 @@ connect  ssl_con,localhost,root,,,,,SSL;
- SHOW STATUS LIKE 'Ssl_cipher';
- Variable_name	Value
- Ssl_cipher	AES128-SHA
--SHOW STATUS LIKE 'Ssl_cipher_list';
--Variable_name	Value
--Ssl_cipher_list	AES128-SHA
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
-+VARIABLE_VALUE like '%AES128-SHA%'
-+1
- disconnect ssl_con;
- connection default;
-diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test
---- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16	2021-11-18 16:58:41.552440737 +0100
-+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test	2021-11-18 17:00:47.753839711 +0100
-@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL)
- --replace_regex /TLS_AES_.*/AES128-SHA/
- SHOW STATUS LIKE 'Ssl_cipher';
- --replace_regex /TLS_AES_.*/AES128-SHA/
--SHOW STATUS LIKE 'Ssl_cipher_list';
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
- disconnect ssl_con;
- connection default;
-diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc
---- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16	2021-08-03 10:29:08.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc	2021-11-18 16:58:41.552440737 +0100
-@@ -29,11 +29,7 @@
- #include <ssl_compat.h>
- #include <cstdint>
- 
--#ifdef HAVE_WOLFSSL
- #define CTX_ALIGN 16
--#else
--#define CTX_ALIGN 0
--#endif
- 
- class MyCTX
- {
-@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
- {
- public:
-   const uchar *key;
--  uint klen, buf_len;
-+  uint klen, source_tail_len;
-   uchar oiv[MY_AES_BLOCK_SIZE];
-+  uchar source_tail[MY_AES_BLOCK_SIZE];
- 
-   MyCTX_nopad() : MyCTX() { }
-   ~MyCTX_nopad() { }
-@@ -112,7 +109,7 @@ public:
-     compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
-     this->key= key;
-     this->klen= klen;
--    this->buf_len= 0;
-+    this->source_tail_len= 0;
-     if (ivlen)
-       memcpy(oiv, iv, ivlen);
-     DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
-@@ -123,26 +120,41 @@ public:
-     return res;
-   }
- 
-+  /** Update last partial source block, stored in source_tail array. */
-+  void update_source_tail(const uchar* src, uint slen)
-+  {
-+    if (!slen)
-+      return;
-+    uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
-+    if (new_tail_len)
-+    {
-+      if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
-+      {
-+        memcpy(source_tail + source_tail_len, src, slen);
-+      }
-+      else
-+      {
-+        DBUG_ASSERT(slen > new_tail_len);
-+        memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
-+      }
-+    }
-+    source_tail_len= new_tail_len;
-+  }
-+
-   int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
-   {
--    buf_len+= slen;
-+    update_source_tail(src, slen);
-     return MyCTX::update(src, slen, dst, dlen);
-   }
- 
-   int finish(uchar *dst, uint *dlen)
-   {
--    buf_len %= MY_AES_BLOCK_SIZE;
--    if (buf_len)
-+    if (source_tail_len)
-     {
--      uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
-       /*
-         Not much we can do, block ciphers cannot encrypt data that aren't
-         a multiple of the block length. At least not without padding.
-         Let's do something CTR-like for the last partial block.
--
--        NOTE this assumes that there are only buf_len bytes in the buf.
--        If OpenSSL will change that, we'll need to change the implementation
--        of this class too.
-       */
-       uchar mask[MY_AES_BLOCK_SIZE];
-       uint mlen;
-@@ -154,10 +166,10 @@ public:
-         return rc;
-       DBUG_ASSERT(mlen == sizeof(mask));
- 
--      for (uint i=0; i < buf_len; i++)
--        dst[i]= buf[i] ^ mask[i];
-+      for (uint i=0; i < source_tail_len; i++)
-+        dst[i]= source_tail[i] ^ mask[i];
-     }
--    *dlen= buf_len;
-+    *dlen= source_tail_len;
-     return MY_AES_OK;
-   }
- };
-diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c
---- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16	2021-08-03 10:29:10.000000000 +0200
-+++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c	2021-11-18 16:58:41.553440740 +0100
-@@ -21,27 +21,96 @@
- #include <string.h>
- #include <ctype.h>
- 
--#define DO_TEST(mode, nopad, slen, fill, dlen, hash)                    \
--  SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported")     \
--  {                                                                     \
--    memset(src, fill, src_len= slen);                                   \
--    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT,              \
--                    src, src_len, dst, &dst_len,                        \
--                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
--      "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad");     \
--    if (!nopad)                                                         \
--      ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
--    my_md5(md5, (char*)dst, dst_len);                                   \
--    ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5");  \
--    ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,              \
--                    dst, dst_len, ddst, &ddst_len,                      \
--                    key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK,     \
--       "decrypt " #mode " %u", dst_len);                                \
--    ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
-+
-+/** Test streaming encryption, bytewise update.*/
-+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
-+                 unsigned int slen, unsigned char *dst, unsigned int *dlen,
-+                 const unsigned char *key, unsigned int klen,
-+                 const unsigned char *iv, unsigned int ivlen)
-+{
-+  /* Allocate context on odd address on stack, in order to
-+   catch misalignment errors.*/
-+  void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
-+
-+  int res1, res2;
-+  uint d1= 0, d2;
-+  uint i;
-+
-+  if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
-+    return res1;
-+  for (i= 0; i < slen; i++)
-+  {
-+    uint tmp_d1=0;
-+    res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
-+    if (res1)
-+      return res1;
-+    d1+= tmp_d1;
-+    dst+= tmp_d1;
-+  }
-+  res2= my_aes_crypt_finish(ctx, dst, &d2);
-+  *dlen= d1 + d2;
-+  return res1 ? res1 : res2;
-+}
-+
-+
-+#ifndef HAVE_EncryptAes128Ctr
-+const uint MY_AES_CTR=0xDEADBEAF;
-+#endif
-+#ifndef HAVE_EncryptAes128Gcm
-+const uint MY_AES_GCM=0xDEADBEAF;
-+#endif
-+
-+#define MY_AES_UNSUPPORTED(x)  (x == 0xDEADBEAF)
-+
-+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
-+                    char fill, size_t dlen, const char *hash)
-+{
-+  uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
-+  uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
-+  uchar src[1000], dst[1100], dst2[1100], ddst[1000];
-+  uchar md5[MY_MD5_HASH_SIZE];
-+  uint src_len, dst_len, dst_len2, ddst_len;
-+  int result;
-+
-+  if (MY_AES_UNSUPPORTED(mode))
-+  {
-+    skip(nopad?7:6, "%s not supported", mode_str);
-+    return;
-+  }
-+  memset(src, fill, src_len= slen);
-+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
-+                       dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
-+  ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
-+     nopad ? "nopad" : "pad");
-+
-+  if (nopad)
-+  {
-+    result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
-+                                src_len, dst2, &dst_len2, key, sizeof(key),
-+                                iv, sizeof(iv));
-+    ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
-+    /* Compare with non-bytewise encryption result*/
-+    ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
-+       "memcmp bytewise  %s %u", mode_str, src_len);
-   }
-+  else
-+  {
-+    int dst_len_real= my_aes_get_size(mode, src_len);
-+    ok(dst_len_real= dst_len, "my_aes_get_size");
-+  }
-+  my_md5(md5, (char *) dst, dst_len);
-+  ok(dst_len == dlen, "md5 len");
-+  ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
-+  result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
-+                       dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
-+                       sizeof(iv));
-+
-+  ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
-+  ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
-+}
- 
--#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
--#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
-+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
-+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
- 
- /* useful macro for debugging */
- #define PRINT_MD5()                                     \
-@@ -53,25 +122,15 @@
-     printf("\"\n");                                     \
-   } while(0);
- 
--#ifndef HAVE_EncryptAes128Ctr
--const uint MY_AES_CTR=0xDEADBEAF;
--#endif
--#ifndef HAVE_EncryptAes128Gcm
--const uint MY_AES_GCM=0xDEADBEAF;
--#endif
- 
- int
- main(int argc __attribute__((unused)),char *argv[])
- {
--  uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
--  uchar iv[16]=  {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
--  uchar src[1000], dst[1100], ddst[1000];
--  uchar md5[MY_MD5_HASH_SIZE];
--  uint src_len, dst_len, ddst_len;
- 
-   MY_INIT(argv[0]);
- 
--  plan(87);
-+  plan(122);
-+
-   DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
-   DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
-   DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
-
-
-
-MariaDB before 10.8 series does not contain the OpenSSL 3 patch on the upstream.
-MariaDB upstream later added the following condition:
-https://github.com/MariaDB/server/commit/c9beef4315
-limiting the OpenSSL that can be used to < 3. and reverted this commit for 10.8 and later:
-https://github.com/MariaDB/server/commit/64e358821e
-
-Since we apply the OpenSSL 3 patch from MariaDB 10.8 series to earlier series, we need to revert this commit
-on those earlier series too.
-
---- mariadb-10.5.15-downstream_modified/cmake/ssl.cmake	2022-02-22 05:13:17.259097302 +0100
-+++ mariadb-10.5.15-downstream_modified/cmake/ssl.cmake_patched	2022-02-23 07:22:20.290082378 +0100
-@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
-     ENDIF()
-     FIND_PACKAGE(OpenSSL)
-     SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
--    IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
-+    IF(OPENSSL_FOUND)
-       SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
-       INCLUDE(CheckSymbolExists)
-       SET(SSL_SOURCES "")

SOURCES/mariadb-ownsetup.patch

@@ -1,13 +1,15 @@
---- mariadb-10.4.14/support-files/CMakeLists.txt	2020-08-06 17:28:28.000000000 +0200
-+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched	2020-09-03 13:21:07.826658279 +0200
-@@ -187,6 +187,7 @@ IF(UNIX)
-               COMPONENT SharedLibraries)
-       INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
-               COMPONENT Client)
-+      CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY)
-       INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
-               COMPONENT IniFiles)
-       INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR}
+diff -up mariadb-10.1.8/support-files/CMakeLists.txt.p9 mariadb-10.1.8/support-files/CMakeLists.txt
+--- mariadb-10.2.32/support-files/CMakeLists.txt	2020-05-08 13:45:27.000000000 +0200
++++ mariadb-10.2.32/support-files/CMakeLists.txt_pacthed	2020-05-13 10:11:30.884190396 +0200
+@@ -100,7 +100,8 @@ IF(UNIX)
+   ENDIF()
+ 
+   CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
+-  INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
++  CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
++  INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
+ 
+   INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
    
 diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
 --- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup	2015-01-24 23:55:55.110063592 +0100

SOURCES/mariadb-pcdir.patch

@@ -0,0 +1,20 @@
+Use PCDIR CMake option, if configured
+
+Upstream install the server pkgconfig file into arch-independent directory
+Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340
+
+--- mariadb-10.3.12/support-files/CMakeLists.txt	2019-03-20 15:25:53.423283135 +0100
++++ mariadb-10.3.12/support-files/CMakeLists.txt_patched	2019-03-20 15:38:56.372819958 +0100
+@@ -82,7 +82,12 @@ IF(UNIX)
+ 
+   CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
+   CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
++IF(INSTALL_PCDIR)
++  INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development)
++ELSE()
+   INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
++ENDIF()
++
+ 
+   INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
+   

SOURCES/mariadb-scripts.patch

@@ -1,23 +1,22 @@
 We have some downstream patches and other scripts that include variables to
 be expanded by cmake. Cmake needs to know about them, so adding them manually.
 
- # Install libgcc as  mylibgcc.a
---- mariadb-10.5.5/scripts/CMakeLists.txt.old	2020-09-24 10:13:35.272589689 +0200
-+++ mariadb-10.5.5/scripts/CMakeLists.txt	2020-09-24 10:17:31.428985798 +0200
-@@ -377,6 +377,34 @@
-       INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT})
-     ENDIF()
+--- mariadb-10.3.8/scripts/CMakeLists.txt	2018-07-02 09:34:11.000000000 +0200
++++ mariadb-10.3.8/scripts/CMakeLists.txt_patched	2018-07-03 10:58:15.954670153 +0200
+@@ -361,6 +361,34 @@ ELSE()
+       COMPONENT ${${file}_COMPONENT}
+      )
    ENDFOREACH()
 +
 +  # files for systemd
 +  SET(SYSTEMD_SCRIPTS
-+    mariadb.tmpfiles.d
++    mysql.tmpfiles.d
 +    mysql.service
 +    mysql@.service
-+    mariadb-prepare-db-dir
-+    mariadb-check-socket
-+    mariadb-check-upgrade
-+    mariadb-scripts-common
++    mysql-prepare-db-dir
++    mysql-check-socket
++    mysql-check-upgrade
++    mysql-scripts-common
 +    mysql_config_multilib
 +    clustercheck
 +    galera_new_cluster

SOURCES/mariadb-ssl-cipher-tests.patch

@@ -1,13 +0,0 @@
-diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
---- mariadb-10.3.13/mysql-test/main/ssl_cipher.test	2019-02-20 08:59:09.000000000 +0100
-+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched	2019-02-22 11:22:01.250256060 +0100
-@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
- let $restart_parameters=--ssl-cipher=AES128-SHA;
- source include/restart_mysqld.inc;
- connect (ssl_con,localhost,root,,,,,SSL);
-+--replace_regex /TLS_AES_.*/AES128-SHA/
- SHOW STATUS LIKE 'Ssl_cipher';
-+--replace_regex /TLS_AES_.*/AES128-SHA/
- SHOW STATUS LIKE 'Ssl_cipher_list';
- disconnect ssl_con;
- connection default;

SOURCES/mysql-check-socket.sh

@@ -5,7 +5,7 @@
 # positive result when starting and mysqld_safe could remove
 # a socket file, which is actually being used by a different daemon.
 
-source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
+source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
 
 if test -e "$socketfile" ; then
     echo "Socket file $socketfile exists." >&2
@@ -25,9 +25,9 @@ if test -e "$socketfile" ; then
     fi
 
     # some process uses the socket file
-    response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
+    response=`@bindir@/mysqladmin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
     if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
-        echo "Is another MariaDB daemon already running with the same unix socket?" >&2
+        echo "Is another MySQL daemon already running with the same unix socket?" >&2
         echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
         exit 1
     fi

SOURCES/mysql-check-upgrade.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
+source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
 
 upgrade_info_file="$datadir/mysql_upgrade_info"
 version=0
@@ -25,14 +25,14 @@ if [ $version -ne $thisversion ] ; then
     fi
 
     cat <<EOF >&2
-The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps:
+The datadir located at $datadir needs to be upgraded using 'mysql_upgrade' tool. This can be done using the following steps:
 
-  1. Back-up your data before with 'mariadb-upgrade'
-  2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service'
-  3. Run 'mariadb-upgrade' with a database user that has sufficient privileges
+  1. Back-up your data before with 'mysql_upgrade'
+  2. Start the database daemon using 'service @DAEMON_NAME@ start'
+  3. Run 'mysql_upgrade' with a database user that has sufficient privileges
 
-Read more about 'mariadb-upgrade' usage at:
-https://mariadb.com/kb/en/mysql_upgrade/
+Read more about 'mysql_upgrade' usage at:
+https://mariadb.com/kb/en/mariadb/documentation/sql-commands/table-commands/mysql_upgrade/
 EOF
 fi
 

SOURCES/mysql-prepare-db-dir.sh

@@ -1,9 +1,9 @@
 #!/bin/sh
 
-# This script creates the MariaDB data directory during first service start.
+# This script creates the mysql data directory during first service start.
 # In subsequent starts, it does nothing much.
 
-source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
+source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
 
 export LC_ALL=C
 
@@ -97,7 +97,7 @@ if should_initialize "$datadir" ; then
     # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
     INITDB_TIMESTAMP=`LANG=C date -u`
     sleep 1
-    @bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
+    @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
     ret=$?
     if [ $ret -ne 0 ] ; then
         echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2

SOURCES/mysql-scripts-common.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
-# Some useful functions used in other MariaDB helper scripts
+# Some useful functions used in other MySQL helper scripts
 # This scripts defines variables datadir, errlogfile, socketfile
 
 export LC_ALL=C
 
-# extract value of a MariaDB option from config files
+# extract value of a MySQL option from config files
 # Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
 # result is returned in $result
 # We use my_print_defaults which prints all options from multiple files,
@@ -25,7 +25,7 @@ get_mysql_option(){
 	fi
 }
 
-# For the case of running more instances via systemd, scripts that source
+# For the case of running more instances via systemd, scrits that source
 # this file can get --default-group-suffix or similar option as the first
 # argument. The utility my_print_defaults needs to use it as well, so the
 # scripts sourcing this file work with the same options as the daemon.
@@ -35,20 +35,20 @@ while echo "$1" | grep -q '^--defaults' ; do
 	shift
 done
 
-# Defaults here had better match what mariadbd-safe will default to
+# Defaults here had better match what mysqld_safe will default to
 # The option values are generally defined on three important places
 # on the default installation:
-#  1) default values are hardcoded in the code of mariadbd daemon or
-#     mariadbd-safe script
+#  1) default values are hardcoded in the code of mysqld daemon or
+#     mysqld_safe script
 #  2) configurable values are defined in @sysconfdir@/my.cnf
 #  3) default values for helper scripts are specified bellow
 # So, in case values are defined in my.cnf, we need to get that value.
 # In case they are not defined in my.cnf, we need to get the same value
 # in the daemon, as in the helper scripts. Thus, default values here
-# must correspond with values defined in mariadbd-safe script and source
+# must correspond with values defined in mysqld_safe script and source
 # code itself.
 
-server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera"
+server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ client-server"
 
 get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
 datadir="$result"

SOURCES/mysql.service.in

@@ -1,24 +1,32 @@
 # It's not recommended to modify this file in-place, because it will be
 # overwritten during package upgrades.  If you want to customize, the
-# best way is to:
-#
-# root> systemctl edit @DAEMON_NAME@.service
-#
-# Then add additonal directives under a section (probably [Service]).
+# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
+# containing
+#	.include /usr/lib/systemd/system/@DAEMON_NAME@.service
+#	...make your changes here...
+# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
+# which doesn't need to include ".include" call and which will be parsed
+# after the file @DAEMON_NAME@.service itself is parsed.
 #
 # For more info about custom unit files, see systemd.unit(5) or
 # http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
-#
-# For example, if you want to increase MariaDB's open-files-limit to 10000,
-# you need to increase systemd's LimitNOFILE setting, use the contents below:
-#
+
+# For example, if you want to increase mysql's open-files-limit to 10000,
+# you need to increase systemd's LimitNOFILE setting, so create a file named
+# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
 #	[Service]
 #	LimitNOFILE=10000
-#
+
+# Note: /usr/lib/... is recommended in the .include line though /lib/...
+# still works.
+# Don't forget to reload systemd daemon after you change unit configuration:
+# root> systemctl --system daemon-reload
+
+# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance.
 
 [Unit]
 Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
-Documentation=man:mariadbd(8)
+Documentation=man:mysqld(8)
 Documentation=https://mariadb.com/kb/en/library/systemd/
 After=network.target
 
@@ -32,19 +40,20 @@ Type=notify
 User=mysql
 Group=mysql
 
-ExecStartPre=@libexecdir@/mariadb-check-socket
+ExecStartPre=@libexecdir@/mysql-check-socket
 # '%n' expands to 'Full unit name'; man systemd.unit
-ExecStartPre=@libexecdir@/mariadb-prepare-db-dir %n
+ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
 # Note: we set --basedir to prevent probes that might trigger SELinux alarms,
 # per bug #547485
-ExecStart=@libexecdir@/mariadbd --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
-ExecStartPost=@libexecdir@/mariadb-check-upgrade
+ExecStart=@libexecdir@/mysqld --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
+ExecStartPost=@libexecdir@/mysql-check-upgrade
 
 # Setting this to true can break replication and the Type=notify settings
-# See also bind-address MariaDB option.
+# See also bind-address mysqld option.
 PrivateNetwork=false
 
+KillMode=process
 KillSignal=SIGTERM
 
 # Don't want to see an automated SIGKILL ever

SOURCES/mysql@.service.in

@@ -1,46 +1,39 @@
-# Multi instance version of MariaDB. For if you run mutiple verions at once.
+# Multi instance version of mariadb. For if you run mutiple verions at once.
 # Also used for @DAEMON_NAME@@bootstrap to bootstrap Galera.
 #
-# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
-# @sysconfdir@/@my.cnf  to change per instance settings. A minimumal necessary
-# configuration items to change to avoid conflicts between instances is:
-#
-#       [mariadbd.instancename]
-#       # TCP port to make available for clients
-#       port=3306
-#       # Socket to make available for clients
-#       socket=/tmp/mariadb-instancename.sock
-#       # Where MariaDB should store all its data
-#       datadir=/usr/local/mariadb-instancename/data
-#
+# To use multi instance variant, use [mysqld.INSTANCENAME] as sections in my.cnf
 # and start the service via:
-#
-# root> systemctl start @DAEMON_NAME@@{instancename}.server
+#	systemctl start @DAEMON_NAME@@{instancename}.server
 #
 # It's not recommended to modify this file in-place, because it will be
-# overwritten during package upgrades.  If you want to customize, for
-# all instances, the best way is:
-#
-# root> systemctl edit @DAEMON_NAME@@.service
-#
-# Then add additonal directives under a section (probably [Service]).
-#
-# If you only want to change a specific instance:
-#
-# root>	systemctl edit @DAEMON_NAME@@{instancename}.server
+# overwritten during package upgrades.  If you want to customize, the
+# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service",
+# containing
+#	.include /usr/lib/systemd/system/@DAEMON_NAME@.service
+#	...make your changes here...
+# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf",
+# which doesn't need to include ".include" call and which will be parsed
+# after the file @DAEMON_NAME@.service itself is parsed.
 #
 # For more info about custom unit files, see systemd.unit(5) or
 # http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
-#
-# For example, if you want to increase MariaDB's open-files-limit to 10000,
-# you need to increase systemd's LimitNOFILE setting, use the contents below:
-#
+
+# For example, if you want to increase mysql's open-files-limit to 10000,
+# you need to increase systemd's LimitNOFILE setting, so create a file named
+# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing:
 #	[Service]
 #	LimitNOFILE=10000
 
+# Note: /usr/lib/... is recommended in the .include line though /lib/...
+# still works.
+# Don't forget to reload systemd daemon after you change unit configuration:
+# root> systemctl --system daemon-reload
+
+# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance.
+
 [Unit]
 Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
-Documentation=man:mariadbd(8)
+Documentation=man:mysqld(8)
 Documentation=https://mariadb.com/kb/en/library/systemd/
 After=network.target
 
@@ -54,18 +47,19 @@ Type=notify
 User=mysql
 Group=mysql
 
-ExecStartPre=@libexecdir@/mariadb-check-socket --defaults-group-suffix=.%I
-ExecStartPre=@libexecdir@/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
+ExecStartPre=@libexecdir@/mysql-check-socket --defaults-group-suffix=.%I
+ExecStartPre=@libexecdir@/mysql-prepare-db-dir --defaults-group-suffix=.%I %n
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
 # Note: we set --basedir to prevent probes that might trigger SELinux alarms,
 # per bug #547485
-ExecStart=@libexecdir@/mariadbd --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
-ExecStartPost=@libexecdir@/mariadb-check-upgrade --defaults-group-suffix=.%I
+ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
+ExecStartPost=@libexecdir@/mysql-check-upgrade --defaults-group-suffix=.%I
 
 # Setting this to true can break replication and the Type=notify settings
-# See also bind-address MariaDB option.
+# See also bind-address mysqld option.
 PrivateNetwork=false
 
+KillMode=process
 KillSignal=SIGTERM
 
 # Don't want to see an automated SIGKILL ever

SOURCES/rh-skipped-tests-arm.list

@@ -1,5 +1,3 @@
-# Fails since 10.3.17, only on armv7hl
-versioning.partition      :
-
-# Fail since 10.4.16 only on armv7hl
-versioning.partition_rotation :
+# Fails on aarch64
+innodb.innodb_buffer_pool_resize :
+innodb.innodb_buffer_pool_resize_with_chunks :

SOURCES/rh-skipped-tests-base.list

@@ -1,12 +1,18 @@
-# The SSL test are failing correctly. Fro more explanation, see:
-# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275
-main.ssl_7937                                : #1399847
-main.ssl_8k_key                              :
-main.ssl_crl                                 : #1399847
+# Fails everywhere
+innodb.innodb_defrag_binlog :
+
+main.ssl_7937 :
+main.ssl_8k_key :
+main.ssl_crl :
+main.ssl_system_ca :
+main.userstat :
 
-# ------------------------------
-# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
 perfschema.cnf_option :
+perfschema.nesting :
+perfschema.socket_summary_by_event_name_func :
+perfschema.socket_summary_by_instance_func :
+
+plugins.feedback_plugin_load :
 
 rpl.rpl_row_img_blobs :
 rpl.rpl_row_img_eng_min :
@@ -14,61 +20,8 @@ rpl.rpl_row_img_eng_noblob                   :
 
 sys_vars.slave_parallel_threads_basic :
 
-# ------------------------------
-# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead
-plugins.auth_ed25519                         :
-plugins.multiauth                            :
-
-# ------------------------------
-perfschema.nesting                           : #1399847
-perfschema.socket_summary_by_instance_func   : #1399847
-perfschema.socket_summary_by_event_name_func :
-
-# ------------------------------
-# Fails since 10.1.12
-innodb.innodb_defrag_binlog                  :
-
-# Fails everywhere since 10.2.15
-main.userstat				     :
-
-# Fails everywhere since 10.4.11
-main.events_bugs                             :
-sys_vars.tcp_nodelay                         :
-
-# Fails on i686
-encryption.innodb-redo-badkey                :
-
-# Fails since 10.5.2
-main.mysqld--help2                           :
-disks.disks                                  :
-disks.disks_notembedded                      :
-
-# Fails since 10.5.3
-main.mysqld--help-aria                       :
-
-# Fails since 10.5.4
-main.ssl_system_ca                           :
-
-# Fails since 10.5.7
-innodb.innodb_wl6326_big                     :
-plugins.feedback_plugin_load                 :
-
-# Fails only on RHEL 9 BETA on i686 architecture
+# Fails only on i686
 main.myisampack :
 
-# Fails on all arches since 10.5.13 on CentOS Stream 9
-oqgraph.regression_mdev6345                  :
-type_test.type_test_double                   :
-# Fails only on i686 since 10.5.13 on CentOS Stream 9
-oqgraph.general-innodb                       :
-oqgraph.general-Aria                         :
-oqgraph.general-MyISAM                       :
-oqgraph.legacy_upgrade                       :
-oqgraph.regression_1133093                   :
-oqgraph.regression_1196036                   :
-oqgraph.regression_1213120                   :
-
-# Fails since RHEL 9.0.0 GA
-# TLSv1.0 and TLSv1.1 are not allowed anymore
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index
-main.tls_version1                            :
+# We don't build the plugin in server; we build it in mariadb-connector-c instead
+plugins.auth_ed25519 :

SOURCES/rh-skipped-tests-ppc.list

@@ -1,5 +1,30 @@
-# Fails on ppc64le since 10.4.12
-oqgraph.social : 
+# Fails on ppc64le
+parts.partition_alter1_1_innodb :
+parts.partition_alter1_2_innodb : 
+parts.partition_alter1_1_2_innodb :
+parts.partition_alter1_2_1_innodb :
+parts.partition_alter2_1_1_innodb : 
+parts.partition_alter1_2_2_innodb : 
+parts.partition_alter2_1_2_innodb : 
+parts.partition_alter2_2_1_innodb : 
+parts.partition_alter2_2_2_innodb : 
+parts.partition_alter4_innodb : 
+parts.partition_basic_innodb :
+parts.part_supported_sql_func_innodb :
 
-# Fails since 10.5.2
-rh-skipped-tests-ppc.list :
+rpl.rpl_loaddata_m :
+
+#
+stress.ddl_innodb :
+
+innodb.innodb_buffer_pool_resize :
+innodb.innodb_buffer_pool_resize_with_chunks :
+innodb.innodb_bulk_create_index :
+innodb.innodb_defrag_binlog :
+innodb.innodb_defrag_concurrent :
+innodb_gis.kill_server :
+gcol.innodb_virtual_basic :
+
+# Unstable (randomly failing) tests
+innodb_gis.rtree_search :
+main.type_ranges :

SOURCES/rh-skipped-tests-s390.list

@@ -1,3 +1,8 @@
-# Fails since 10.5.2
-perfschema.memory_aggregate_32bit :
-period.overlaps :
+# Fails on s390x
+disks.disks :
+disks.disks_notembedded :
+
+# related to MDEV-20194
+# first check of `undefined` table causes warning,
+# instead INSERT and ALTER should cause it
+innodb.row_size_error_log_warnings_3 :