Commit Graph

767 Commits

Author SHA1 Message Date
Michal Schorm
032692271d Update 'mariadb-server-galera' SELinux policy packaging
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
2023-09-26 08:41:56 +02:00
Michal Schorm
607eb71d53 Regroup scriptlets
(should be no-op change)
2023-09-26 08:41:56 +02:00
Michal Schorm
466e9bfd68 [2/2] Rebase to version 10.5.22 - Pack aditional SELinux rules for the cracklib plugin
https://jira.mariadb.org/browse/MDEV-18374
https://github.com/MariaDB/server/pull/1131/files

https://fedoraproject.org/wiki/SELinux/IndependentPolicy
2023-09-26 08:41:56 +02:00
Michal Schorm
a0c21fd5cf [1/2] Rebase to version 10.5.22
Upstream Release notes:
https://mariadb.com/kb/en/mariadb-10-5-22-release-notes/
2023-09-16 18:33:54 +02:00
Michal Schorm
e04eb650af Rebase to 10.5.21
Extended testsuite results checked
2023-07-27 09:20:14 +02:00
Fedora Release Engineering
ada959fe7d Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 13:45:39 +00:00
Michal Schorm
a6a41d44d0 Testsuite verification for 10.5.20 version
- skipped test lists format fixed
- code for applying skipped tests list added to the SPIDER suites
2023-06-07 04:37:25 +02:00
Michal Schorm
be7c99651a Save SPIDER tests data on disk, rather than to memory
I've encountered this strange behaviour, staring with MariaDB 10.5.20.
The SPIDER tests, and only them, started to fail in 100% cases on all arches
with wide range of "no space left on device" like errors.

This is interesting, as simmilar issues occured before
only on specific arches or build systems.

I've thought that maybe the full suite, which run before the spider tests,
have left over some data in the memory which would leave less space for the
spider tests.
However swapping order - running the spider test first and the full suite
later didn't help anyhow. The spider tests failed rightaway.

Also, it's interesting that running just the main suite in memory is possible.
This observation should rule out changes in the build system (lowering the
memory limits for builders), as I'd expect that the main suite woould have much
bigger memory need than the spider tests.

--

This leads to a possibility that there is actually a bug in the spider engine
or tests, which cause the unexpected larger memory consumption.
This should be examined further. Sadly I don't have capacity for it now.
2023-06-06 12:59:49 +02:00
Lukas Javorsky
40d8f32182 Pcre2 bundled version bump and changed GitHub project name
Pcre2 version bumped to 10.42.
Also pcre2 github project name has been changed to PCRE2Project.
2023-06-01 10:55:24 +00:00
Lukas Javorsky
b6ec88a877 Rebase to version 10.5.20
Patches 11 and 13 were upstreamed:
75bbf645a6
f575de39af

Resolves: CVE-2022-47015
2023-06-01 10:54:51 +00:00
Siddhesh Poyarekar
cb41bf05f1 Use _fortify_level to disable fortification in debug builds 2023-04-29 02:07:13 +02:00
Michal Schorm
aa28093e35 Fix RPM syntax: '%patchN' has been deprecated
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/VBFDPQHAHF3WG6WBZR2L5GSWMW6CVTJS/
2023-04-29 02:02:41 +02:00
Michal Schorm
70b643e1b3 Rebase to 10.5.19 2023-04-29 01:57:59 +02:00
Florian Weimer
2efa260d36 Port to C99
Related to:

  <https://fedoraproject.org/wiki/Changes/PortingToModernC>
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
2023-04-11 10:07:18 +02:00
Yaakov Selkowitz
752281ea43 Fix build with GCC 13 2023-01-24 14:15:29 -05:00
Fedora Release Engineering
974cfc625b Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 18:56:49 +00:00
Michal Schorm
c1ffd3ffe0 Rebase to 10.5.18 - add new sources 2022-11-16 12:06:29 +00:00
Michal Schorm
9f12d914a4 Rebase to 10.5.18
OpenSSL 3 patch upstreamed
2022-11-16 11:50:28 +00:00
Fedora Release Engineering
ff7a95c651 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 20:30:31 +00:00
Michal Schorm
f4c6b60962 Release bump for rebuild 2022-06-13 13:41:31 +02:00
Michal Schorm
255d71466a rpminspect - introduce a global ignore list 2022-06-11 10:17:03 +02:00
Michal Schorm
7b9fc23a15 Update the version number of the bundled PCRE2
The PCRE2 version used by upstream in the 'MariaDB 10.5.16' release is '10.40'
2022-05-30 18:06:22 +02:00
Michal Schorm
5a109bbad2 Pack newly introduced translations 2022-05-23 20:34:11 +02:00
Michal Schorm
3d9af144da Rebase to 10.5.16 2022-05-23 20:34:11 +02:00
Michal Schorm
03890c75fc Remove the second source path definition from the CMake command
The '%cmake' RPM macro in Fedora actually expands to:
| ...
|   /usr/bin/cmake \
|         -S "." \
|         -B "redhat-linux-build" \
| ...

So in this case the source patch was specified twice.
First in the macro with the '-S' option and second time outside of the macro,
in the SPECfile, without the '-S' option.

CMake upstream declares that:
|  This has never been officially documented or supported,
|  but older versions accidentally accepted multiple source paths
|  and used the last path specified. Update scripts to avoid
|  passing multiple source path arguments.
https://cmake.org/cmake/help/v3.23/release/3.23.html#deprecated-and-removed-features

This was discovered as CMake upstream implemented a change to the 3.23.0-rc2 release
that changed this behavior and it broke many Fedora packages that used this
double source path definition.
  See rhbz#2057738 to see how build behaved

After the CMake upstream got aware of what problems it caused in Fedora,
they opened a merge request to restore the behavior to the old one,
but kept the warnings that that is an unsupported and problematic behavior:
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334

---

As for today, this issue is still not yet fully resolved.
- The CMake maintainers in Fedora haven't rebased the package to 3.23-1 release, so it is still broken
- Affected packages in Fedora should find a way to stop using this unsupported behavior
- The double '-S' argument passing should be marked as problematic too, in the exact same way
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258
- A change to the %cmake Fedora RPM macro might be in play, so it won't force a source path
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258

I opened a BZ #2079833 to track the progress of the solution by CMake maintainers
2022-04-28 14:14:56 +02:00
Michal Schorm
655a2f039f Remove the file of the patch 'mariadb-scripts-setpermission.patch'
The patch stopped being applied during the rebase to 10.5.13 (commit #314d2bf), because it was upstreamed,
but I forgot to remove the patch file.
2022-02-26 05:26:22 +01:00
Michal Schorm
5dcec0d8d0 Patch for pkgconfig directory has been upstreamed
The upstream implementation is to NOT make it configurable, but to put it on the correct location instead:
  c5c1027c6e
2022-02-26 05:14:00 +01:00
Michal Schorm
94d43bc3f7 Another fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The condition has to be fixed, as the OpenSSL 3 was introduced into the Fedora 36, instead of Fedora 35
  https://fedoraproject.org/wiki/Changes/OpenSSL3.0
2022-02-24 02:46:27 +01:00
Michal Schorm
56aea7f718 Fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The 'mariadb-fips.patch' patch has to be applied conditionally. It will FTBFS on releases without OpenSSL 3.

---

/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc: In function 'void md5_init(EVP_MD_CTX*)':
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:56:9: error: 'EVP_MD_fetch' was not declared in this scope; did you mean 'EVP_MD_flags'?
   56 |   md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
      |         ^~~~~~~~~~~~
      |         EVP_MD_flags
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:63:3: error: 'EVP_MD_free' was not declared in this scope; did you mean 'EVP_MD_type'?
   63 |   EVP_MD_free(md5);
      |   ^~~~~~~~~~~
      |   EVP_MD_type
gmake[2]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/build.make:149: mysys_ssl/CMakeFiles/mysys_ssl.dir/my_md5.cc.o] Error 1
2022-02-24 02:07:46 +01:00
Michal Schorm
e94e1c9253 Remove bits only relevant for EOL Fedora 32 and older 2022-02-23 13:59:59 +01:00
Michal Schorm
62af7d57f2 Rebase to 10.5.15
Logrotate patch rebased onto upstream commit:
  008c02c987

Groonga patch upstreamed:
  045f5f7b10

OpenSSL 3 patch rebased onto upstream commit:
  be1d965384

OpenSSL 3 CMake condition reverted - it should be only applied to series without OpenSSL 3 patch:
  c9beef4315

Full testsuite success on a Fedora Rawhide scratch build,
setting "last_tested_version" to 10.5.15 so only the "main" test suite will be run on subsequent
builds of the same MariaDB release
2022-02-23 13:57:02 +01:00
Honza Horak
0d4a89ed92 Fix md5 in FIPS mode with OpenSSL 3.0.0
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.

  Resolves: #2050541
2022-02-07 23:01:38 +01:00
Michal Schorm
db03980787 Diable upstream hardening - it overrides the default compilation flags of the distribution, but provides lower level of hardening than the default flags
This issue was originally discovered by Annocheck stack-protection test in RHEL 9: #2044388

The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
We disable this option to the default compilation flags (which have higher level of hardening) will be used
2022-02-07 14:02:25 +01:00
Fedora Release Engineering
b0ed606846 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 18:41:24 +00:00
Michal Schorm
612f03d82b Fix the RPM condition for when the client subpackage is not built 2022-01-14 15:17:06 +01:00
Michal Schorm
452e11f762 Fix the RPM condition for when the test subpackage is not built but the PAM plugin subpackage is 2022-01-14 10:51:36 +01:00
Michal Schorm
ede543499e Fix the RPM condition for when the test subpackage is not built but the embedded server subpackage is 2022-01-14 10:50:57 +01:00
Michal Schorm
860088c5ca Fix the RPM condition for when the galera subpackage is not built 2022-01-14 10:50:13 +01:00
Michal Schorm
a1003a7c33 Fix the RPM condition for when the PAM plugin subpackage is not built 2022-01-14 10:48:53 +01:00
Michal Schorm
439d015366 Fix whitespaces in the echo, so both variables are prefixed with exactly one whitespace 2022-01-13 12:52:50 +01:00
Michal Schorm
b8157c3994 Fix the regular expression used to pick up the PCRE2 version the upstream bundles
Upstream changed the URL from which they download the PCRE2 tarball
2022-01-13 12:52:45 +01:00
Zuzana Miklankova
98fafb1bc7 Whitelisting file Index.xml from rpminspect xml check
Reason is, that the bug is already reported on upstream:
https://jira.mariadb.org/browse/MDEV-26905.
Also we currently do not know how to fix it. If we eventually figure out
how to fix this bug, then the patch would be submitted directly to the
upstream, rather than to downstream, to avoid unintentionally breaking
some code that relied on the malformed XML.
2022-01-12 09:07:22 +01:00
Lukas Javorsky
fc088dbe49 Revert "Disable dtrace for the arm architecture due to FTBFS during gcc compiling"
This reverts commit b3e0e11edd.

The issue in systemtap is fixed now
https://sourceware.org/git/?p=systemtap.git;a=commit;h=34facf7ee6b43dae66cc109973a4eda42e439163
2021-12-16 13:06:56 +01:00
Michal Schorm
314d2bf8f0 Rebase to 10.5.13
- Full testsuite checked
- Patch 16 upstreamed
2021-12-02 11:16:46 +01:00
Michal Schorm
643c233529 Enable LTO
Resolves: #1994993
2021-12-01 14:27:13 +01:00
Michal Schorm
9fa16bbecc Fix OpenSSL 3 patch
It has to be applied AFTER the mariadb-ssl-cipher-tests.patch
2021-12-01 14:26:45 +01:00
Zuzana Miklankova
cf60f44fa1 Disable badfunct rpinspect CI check for /usr/bin/resolveip, BZ1973194
Resolveip binary is only used in mysql_install_db.sh script,
and only in non-"--rpm" mode [1]. However, we call this script with
"--rpm" option enabled, and thus the resolveip is not used [2],
and its badfuncs check can be disabled. [3]

[1] https://gitlab.com/redhat/centos-stream/rpms/mariadb/-/blob/c9s/mariadb-prepare-db-dir.sh#L100
[2] 5566cbadb0/scripts/mysql_install_db.sh (L425-L441)
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1973194#c4
2021-12-01 14:14:29 +01:00
Zuzana Miklankova
866cfb97a4 Add ignorefiles for xmllint rpminspect check
based on https://lists.launchpad.net/maria-discuss/msg06133.html
discussion are all the invalid xmls (except for Index.xml)
present in the sources on purpose and the xmllint
check can be thus disabled in the CI process.

All of xmlfiles, whose warnings are being supressed with this commit are
being used for testing.

A bug report [https://jira.mariadb.org/browse/MDEV-26905] was created
for the Index.xml file.

Fedora CI picks up the rpmlimspect.yaml for specific package in the
dist-git repo [ref:
https://rpminspect.readthedocs.io/en/latest/configuration.html#rpminspect-yaml
]

Replace xmllint shutdown with ignoring specific xmls in the xml check
2021-12-01 12:58:03 +00:00
Michal Schorm
f443a82bd6 Apply OpenSSL 3 patch picked from the upstream developement branch for MariaDB 10.8 2021-12-01 13:51:44 +01:00
Lukas Javorsky
b3e0e11edd Disable dtrace for the arm architecture due to FTBFS during gcc compiling
Temporary workaround for BZ#2026600

Problem with the GCC is already beeing discussed in upstream's Bugzilla
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103395

This commit should be reverted when the GCC fixes the issue on their
side
2021-12-01 13:46:11 +01:00