diff --git a/.gitignore b/.gitignore index cacc57a..ab78b76 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mariadb-5.5.56.tar.gz +SOURCES/mariadb-5.5.60.tar.gz diff --git a/.mariadb.metadata b/.mariadb.metadata index 940a6fd..8214c51 100644 --- a/.mariadb.metadata +++ b/.mariadb.metadata @@ -1 +1 @@ -7edaedfdc1bc6ee1856925cd9bf67c3ed2924a75 SOURCES/mariadb-5.5.56.tar.gz +25cb56b1ea5df6057b89828675c92ce76c57620a SOURCES/mariadb-5.5.60.tar.gz diff --git a/SOURCES/mariadb-covscan-stroverflow.patch b/SOURCES/mariadb-covscan-stroverflow.patch index 8f9040d..a994ff2 100644 --- a/SOURCES/mariadb-covscan-stroverflow.patch +++ b/SOURCES/mariadb-covscan-stroverflow.patch @@ -1,61 +1,5 @@ The following problems have been found by Coverity - static analysis tool. -mysql-5.5.31/plugin/semisync/semisync_master.cc:672:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -mysql-5.5.31/plugin/semisync/semisync_master.cc:661:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -mysql-5.5.31/plugin/semisync/semisync_master.cc:555:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -diff -rup mariadb-5.5.47.covscan-stroverflow/plugin/semisync/semisync_master.cc mariadb-5.5.47/plugin/semisync/semisync_master.cc ---- mariadb-5.5.47.covscan-stroverflow/plugin/semisync/semisync_master.cc 2015-12-09 18:22:47.000000000 +0100 -+++ mariadb-5.5.47/plugin/semisync/semisync_master.cc 2016-02-04 07:51:02.023858249 +0100 -@@ -552,7 +552,8 @@ int ReplSemiSyncMaster::reportReplyBinlo - - if (need_copy_send_pos) - { -- strcpy(reply_file_name_, log_file_name); -+ strncpy(reply_file_name_, log_file_name, sizeof(reply_file_name_)-1); -+ reply_file_name_[sizeof(reply_file_name_)-1] = '\0'; - reply_file_pos_ = log_file_pos; - reply_file_name_inited_ = true; - -@@ -659,7 +660,8 @@ int ReplSemiSyncMaster::commitTrx(const - if (cmp <= 0) - { - /* This thd has a lower position, let's update the minimum info. */ -- strcpy(wait_file_name_, trx_wait_binlog_name); -+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1); -+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0'; - wait_file_pos_ = trx_wait_binlog_pos; - - rpl_semi_sync_master_wait_pos_backtraverse++; -@@ -670,7 +672,8 @@ int ReplSemiSyncMaster::commitTrx(const - } - else - { -- strcpy(wait_file_name_, trx_wait_binlog_name); -+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1); -+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0'; - wait_file_pos_ = trx_wait_binlog_pos; - wait_file_name_inited_ = true; - - -mysql-5.5.31/sql/rpl_handler.cc:306:fixed_size_dest – You might overrun the 512 byte fixed-size string "log_info->log_file" by copying "log_file + dirname_length(log_file)" without checking the length. diff -up mysql-5.5.31/sql/rpl_handler.cc.covscan-stroverflow mysql-5.5.31/sql/rpl_handler.cc - -diff -rup mariadb-5.5.47.covscan-stroverflow/sql/rpl_handler.cc mariadb-5.5.47/sql/rpl_handler.cc ---- mariadb-5.5.47.covscan-stroverflow/sql/rpl_handler.cc 2015-12-09 18:22:47.000000000 +0100 -+++ mariadb-5.5.47/sql/rpl_handler.cc 2016-02-04 07:53:11.920729054 +0100 -@@ -260,7 +260,8 @@ int Binlog_storage_delegate::after_flush - thd->semisync_info= log_info; - } - -- strcpy(log_info->log_file, log_file+dirname_length(log_file)); -+ strncpy(log_info->log_file, log_file+dirname_length(log_file), sizeof(log_info->log_file)-1); -+ log_info->log_file[sizeof(log_info->log_file)-1] = '\0'; - log_info->log_pos = log_pos; - - FOREACH_OBSERVER(ret, after_flush, false, - mysql-5.5.31/sql/sp_rcontext.h:87:buffer_size_warning – Calling strncpy with a maximum size argument of 512 bytes on destination array "this->m_message" of size 512 bytes might leave the destination string unterminated. diff -rup mariadb-5.5.47.covscan-stroverflow/sql/sp_rcontext.h mariadb-5.5.47/sql/sp_rcontext.h diff --git a/SOURCES/mariadb-wait-ready b/SOURCES/mariadb-wait-ready index 16f397c..2d0da07 100644 --- a/SOURCES/mariadb-wait-ready +++ b/SOURCES/mariadb-wait-ready @@ -35,7 +35,7 @@ while /bin/true; do ret=1 break fi - RESPONSE=`/usr/bin/mysqladmin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER ping 2>&1` + RESPONSE=`/usr/bin/mysqladmin --no-defaults --connect-timeout=2 --socket="$socketfile" --user=UNKNOWN_MYSQL_USER ping 2>&1` mret=$? if [ $mret -eq 0 ]; then break diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list index 6c7a1d5..9c303c6 100644 --- a/SOURCES/rh-skipped-tests-base.list +++ b/SOURCES/rh-skipped-tests-base.list @@ -1,3 +1,6 @@ # Tests and a bug where we track the failure in the following format: # suite.test : rhbz#1234567 - +main.mysql_client_test_nonblock : rhbz#1544452 rhbz#1021450 +parts.partition_alter4_innodb : +parts.partition_alter2_2_2_innodb : +innodb.innodb_simulate_comp_failures : diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index ed226cf..34e5189 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -3,8 +3,8 @@ %bcond_with tokudb Name: mariadb -Version: 5.5.56 -Release: 2%{?dist} +Version: 5.5.60 +Release: 1%{?dist} Epoch: 1 Summary: A community developed branch of MySQL @@ -22,7 +22,7 @@ License: GPLv2 with exceptions and LGPLv2 and BSD # Regression tests take a long time, you can skip 'em with this %{!?runselftest:%global runselftest 1} -Source0: http://ftp.osuosl.org/pub/mariadb/mariadb-%{version}/kvm-tarbake-jaunty-x86/mariadb-%{version}.tar.gz +Source0: http://mirror.hosting90.cz/%{name}/%{name}-%{version}/source/%{name}-%{version}.tar.gz Source3: my.cnf Source5: my_config.h Source6: README.mysql-docs @@ -206,6 +206,8 @@ package contains the regression test suite distributed with the MariaDB sources. MariaDB is a community developed branch of MySQL. + + %prep %setup -q -n mariadb-%{version} @@ -227,13 +229,8 @@ rm -f mysql-test/t/ssl_8k_key-master.opt # generate a list of tests that fail, but are not disabled by upstream cat %{SOURCE14} > mysql-test/rh-skipped-tests.list -# disable some tests failing on particular aches -%ifarch aarch64 -echo "perfschema.dml_setup_timers : rhbz#1449880" >> mysql-test/rh-skipped-tests.list -%endif -%ifarch i686 -echo "main.mysql_client_test_nonblock : rhbz#1021450" >> mysql-test/rh-skipped-tests.list -%endif + + %build @@ -300,6 +297,9 @@ cmake . -DBUILD_CONFIG=mysql_release \ -DTMPDIR=%{_localstatedir}/tmp \ -DWITH_MYSQLD_LDFLAGS="-Wl,-z,relro,-z,now" +#For CMake "List Advanced Help" about possible arguments and their values +#cmake -LAH + make %{?_smp_mflags} VERBOSE=1 # debuginfo extraction scripts fail to find source files in their real @@ -311,6 +311,8 @@ for e in innobase xtradb ; do done done + + %check %if %runselftest # hack to let 32- and 64-bit tests run concurrently on same build machine @@ -337,16 +339,18 @@ done # increase timeouts to prevent unwanted failures during mass rebuilds ( cd mysql-test - perl ./mysql-test-run.pl --force --retry=0 \ + perl ./mysql-test-run.pl --force --retry=2 \ --skip-test-list=rh-skipped-tests.list \ --suite-timeout=720 --testcase-timeout=30 \ --mysqld=--binlog-format=mixed --force-restart \ - --shutdown-timeout=60 + --shutdown-timeout=60 --big-test --max-test-fail=100 # cmake build scripts will install the var cruft if left alone :-( rm -rf var ) %endif + + %install make DESTDIR=$RPM_BUILD_ROOT install @@ -515,6 +519,8 @@ fi %postun embedded -p /sbin/ldconfig + + %files %doc README COPYING README.mysql-license %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google @@ -721,6 +727,16 @@ fi %{_mandir}/man1/mysql_client_test.1* %changelog +* Thu May 10 2018 Michal Schorm - 1:5.5.60-1 +- Rebase to 5.5.60 +- CVE's fixed: #1558256, #1558260, #1559060 + CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 + CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 + CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 + CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 + CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 +- Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 + * Thu Jun 08 2017 Honza Horak - 1:5.5.56-2 - Do not fix context and change owner if run by root in mariadb-prepare-db-dir Related: #1458940