diff --git a/.gitignore b/.gitignore index e70ab19..cacc57a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mariadb-5.5.52.tar.gz +SOURCES/mariadb-5.5.56.tar.gz diff --git a/.mariadb.metadata b/.mariadb.metadata index b97ba17..940a6fd 100644 --- a/.mariadb.metadata +++ b/.mariadb.metadata @@ -1 +1 @@ -bbedcc0eba7580d1ef16f2dfe4868cf9f31a636d SOURCES/mariadb-5.5.52.tar.gz +7edaedfdc1bc6ee1856925cd9bf67c3ed2924a75 SOURCES/mariadb-5.5.56.tar.gz diff --git a/SOURCES/mariadb-prepare-db-dir b/SOURCES/mariadb-prepare-db-dir index 8a7d3e1..e8a284b 100644 --- a/SOURCES/mariadb-prepare-db-dir +++ b/SOURCES/mariadb-prepare-db-dir @@ -9,9 +9,13 @@ # We use my_print_defaults which prints all options from multiple files, # with the more specific ones later; hence take the last match. get_mysql_option(){ + if [ $# -ne 3 ] ; then + echo "get_mysql_option requires 3 arguments: section option default_value" + return + fi result=`/usr/bin/my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1` if [ -z "$result" ]; then - # not found, use default + # if not found, use the default value result="$3" fi } @@ -24,6 +28,8 @@ errlogfile="$result" get_mysql_option mysqld socket "$datadir/mysql.sock" socketfile="$result" + + # Absorb configuration settings from the specified systemd service file, # or the default "mysqld" service if not specified SERVICE_NAME="$1" @@ -46,11 +52,28 @@ then mygroup=mysql fi + + # Set up the errlogfile with appropriate permissions -touch "$errlogfile" -chown "$myuser:$mygroup" "$errlogfile" -chmod 0640 "$errlogfile" -[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile" +if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then + case $(basename "$errlogfile") in + mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;; + *) ;; + esac +else + # Provide some advice if the log file cannot be created by this script + errlogdir=$(dirname "$errlogfile") + if ! [ -d "$errlogdir" ] ; then + echo "The directory $errlogdir does not exist." + exit 1 + elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then + echo "The log file $errlogfile cannot be written, please, fix its permissions." + echo "The daemon will be run under $myuser:$mygroup" + exit 1 + fi +fi + + # We check if there is already a process using the socket file, # since otherwise this systemd service file could report false @@ -62,8 +85,33 @@ if fuser "$socketfile" &>/dev/null ; then exit 1 fi -# Make the data directory -if [ ! -d "$datadir/mysql" ] ; then + + +export LC_ALL=C + +# Returns content of the specified directory +# If listing files fails, fake-file is returned so which means +# we'll behave like there was some data initialized +# Some files or directories are fine to be there, so those are +# explicitly removed from the listing +# @param datadir +list_datadir () +{ + ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \ + -e '^lost+found$' \ + -e '\.err$' \ + -e '^.bash_history$' +} + +# Checks whether datadir should be initialized +# @param datadir +should_initialize () +{ + test -z "$(list_datadir "$1")" +} + +# Make the data directory if doesn't exist or empty +if should_initialize "$datadir" ; then # First, make sure $datadir is there with correct permissions # (note: if it's not, and we're not root, this'll fail ...) if [ ! -e "$datadir" -a ! -h "$datadir" ] @@ -74,21 +122,49 @@ if [ ! -d "$datadir/mysql" ] ; then chmod 0755 "$datadir" [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" + + # Now create the database - echo "Initializing MySQL database" - /usr/bin/mysql_install_db --datadir="$datadir" --user="$myuser" + echo "Initializing MariaDB database" + # Avoiding deletion of files not created by mysql_install_db is + # guarded by time check and sleep should help work-arounded + # potential issues on systems with 1 second resolution timestamps + # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19 + INITDB_TIMESTAMP=`LANG=C date -u` + sleep 1 + /usr/bin/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" ret=$? if [ $ret -ne 0 ] ; then - echo "Initialization of MySQL database failed." >&2 - echo "Perhaps /etc/my.cnf is misconfigured." >&2 + echo "Initialization of MariaDB database failed." >&2 + echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2 # Clean up any partially-created database files - if [ ! -e "$datadir/mysql/user.frm" ] ; then - rm -rf "$datadir"/* + if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then + echo "Initialization of MariaDB database was not finished successfully." >&2 + echo "Files created so far will be removed." >&2 + find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \ + -not -name "lost+found" -exec rm -rf {} + + if [ $? -ne 0 ] ; then + echo "Removing of created files was not successfull." >&2 + echo "Please, clean directory $datadir manually." >&2 + fi + else + echo "However, part of data has been initialized and those will not be removed." >&2 + echo "Please, clean directory $datadir manually." >&2 fi exit $ret fi - # In case we're running as root, make sure files are owned properly - chown -R "$myuser:$mygroup" "$datadir" +else + if [ -d "$datadir/mysql/" ] ; then + # mysql dir exists, it seems data are initialized properly + echo "Database MariaDB is probably initialized in $datadir already, nothing is done." + echo "If this is not the case, make sure the $datadir is empty before running `basename $0`." + else + # if the directory is not empty but mysql/ directory is missing, then + # print error and let user to initialize manually or empty the directory + echo "Database MariaDB is not initialized, but the directory $datadir is not empty, so initialization cannot be done." + echo "Make sure the $datadir is empty before running `basename $0`." + exit 1 + fi fi exit 0 diff --git a/SOURCES/rh-skipped-tests-arm.list b/SOURCES/rh-skipped-tests-arm.list deleted file mode 100644 index a6ae9bf..0000000 --- a/SOURCES/rh-skipped-tests-arm.list +++ /dev/null @@ -1,8 +0,0 @@ - -# Disable perfschema.func_file_io and perfschema.func_mutex, which fail -# because cycle counter returns 0 every time on ARM architectures. -# This is caused by missing hardware performance counter support on ARM. -# Discussion about fixing that can be found in RH bug #741325. - -perfschema.func_file_io : rhbz#773116 cycle counter does not work on arm -perfschema.func_mutex : rhbz#773116 cycle counter does not work on arm diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list index 1a73c03..6c7a1d5 100644 --- a/SOURCES/rh-skipped-tests-base.list +++ b/SOURCES/rh-skipped-tests-base.list @@ -1,5 +1,3 @@ -# Disable innodb.innodb, which is showing platform-dependent results -# as of 5.5.9. Upstream at http://bugs.mysql.com/bug.php?id=60155 - -innodb.innodb : bug#60155 has platform-dependent results +# Tests and a bug where we track the failure in the following format: +# suite.test : rhbz#1234567 diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index 73c737d..ed226cf 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -3,8 +3,8 @@ %bcond_with tokudb Name: mariadb -Version: 5.5.52 -Release: 1%{?dist} +Version: 5.5.56 +Release: 2%{?dist} Epoch: 1 Summary: A community developed branch of MySQL @@ -34,7 +34,6 @@ Source11: mariadb.service Source12: mariadb-prepare-db-dir Source13: mariadb-wait-ready Source14: rh-skipped-tests-base.list -Source15: rh-skipped-tests-arm.list Source16: README.mysql-cnf # Working around perl dependency checking bug in rpm FTTB. Remove later. Source999: filter-requires-mysql.sh @@ -62,6 +61,8 @@ BuildRequires: time procps # perl modules needed to run regression tests BuildRequires: perl(Socket), perl(Time::HiRes) BuildRequires: perl(Data::Dumper), perl(Test::More), perl(Env) +# version 5.5.56+ requires checkpolicy and policycoreutils-python +BuildRequires: checkpolicy policycoreutils-python Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: grep, fileutils, bash @@ -226,22 +227,13 @@ rm -f mysql-test/t/ssl_8k_key-master.opt # generate a list of tests that fail, but are not disabled by upstream cat %{SOURCE14} > mysql-test/rh-skipped-tests.list -# disable some tests failing on ARM architectures -%ifarch %{arm} aarch64 -cat %{SOURCE15} >> mysql-test/rh-skipped-tests.list -%endif -# disable some tests failing on ppc and s390 -%ifarch ppc %{power64} s390 s390x aarch64 -echo "main.gis-precise : rhbz#906367" >> mysql-test/rh-skipped-tests.list +# disable some tests failing on particular aches +%ifarch aarch64 +echo "perfschema.dml_setup_timers : rhbz#1449880" >> mysql-test/rh-skipped-tests.list %endif %ifarch i686 echo "main.mysql_client_test_nonblock : rhbz#1021450" >> mysql-test/rh-skipped-tests.list %endif -%ifarch %{power64} -echo "rpl.rpl_insert : rhbz#1125605" >> mysql-test/rh-skipped-tests.list -echo "rpl.rpl_insert_delayed : rhbz#1125605" >> mysql-test/rh-skipped-tests.list -echo "main.mysqlslap : rhbz#1125605" >> mysql-test/rh-skipped-tests.list -%endif %build @@ -346,9 +338,10 @@ done ( cd mysql-test perl ./mysql-test-run.pl --force --retry=0 \ + --skip-test-list=rh-skipped-tests.list \ --suite-timeout=720 --testcase-timeout=30 \ --mysqld=--binlog-format=mixed --force-restart \ - --shutdown-timeout=60 || : + --shutdown-timeout=60 # cmake build scripts will install the var cruft if left alone :-( rm -rf var ) @@ -475,7 +468,6 @@ rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/mysql # remove doc files that we rather pack using %%doc rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/COPYING -rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/COPYING.LESSER rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INFO_BIN rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INFO_SRC rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INSTALL-BINARY @@ -524,7 +516,7 @@ fi %postun embedded -p /sbin/ldconfig %files -%doc README COPYING COPYING.LESSER README.mysql-license +%doc README COPYING README.mysql-license %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google %doc README.mysql-docs @@ -566,7 +558,7 @@ fi %config(noreplace) %{_sysconfdir}/my.cnf.d/client.cnf %files libs -%doc README COPYING COPYING.LESSER README.mysql-license +%doc README COPYING README.mysql-license %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google # although the default my.cnf contains only server settings, we put it in the # libs package because it can be used for client settings too. @@ -623,6 +615,7 @@ fi %{_bindir}/mysqldumpslow %{_bindir}/mysqld_multi %{_bindir}/mysqld_safe +%{_bindir}/mysqld_safe_helper %{_bindir}/mysqlhotcopy %{_bindir}/mysqltest %{_bindir}/innochecksum @@ -706,7 +699,7 @@ fi %{_mandir}/man1/mysql_config.1* %files embedded -%doc README COPYING COPYING.LESSER README.mysql-license +%doc README COPYING README.mysql-license %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google %{_libdir}/mysql/libmysqld.so.* @@ -728,6 +721,33 @@ fi %{_mandir}/man1/mysql_client_test.1* %changelog +* Thu Jun 08 2017 Honza Horak - 1:5.5.56-2 +- Do not fix context and change owner if run by root in mariadb-prepare-db-dir + Related: #1458940 +- Check properly that datadir includes only expected files + Related: #1356897 + +* Mon Jun 05 2017 Honza Horak - 1:5.5.56-1 +- Rebase to 5.5.56 + That release also fixes the following security issues: + CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243 + CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 + CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308 + CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 + Resolves: #1458933 + New deps required by upstream: checkpolicy and policycoreutils-python + License text removed by upstream: COPYING.LESSER + Do not ignore test-suite failure + Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 + Resolves: #1458940 + +* Tue Mar 21 2017 Michal Schorm - 5.5.52-2 +- Extension of mariadb-prepare-db-dir script +- Resolves: #1356897 + +- Rebase to 5.5.52, that also include fix for CVE-2016-6662 + Resolves: #1377974 + * Wed Sep 21 2016 Honza Horak - 5.5.52-1 - Rebase to 5.5.52, that also include fix for CVE-2016-6662 Resolves: #1377974