From 99848d9bf2f90c695b89ac6a458d8796d64d1ff3 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 11 2016 12:07:16 +0000
Subject: import rh-mariadb100-mariadb-10.0.26-2.el7


---

diff --git a/.gitignore b/.gitignore
index 6bd9484..c56c7d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/mariadb-10.0.25.tar.gz
+SOURCES/mariadb-10.0.26.tar.gz
diff --git a/.rh-mariadb100-mariadb.metadata b/.rh-mariadb100-mariadb.metadata
index 23cacde..1373795 100644
--- a/.rh-mariadb100-mariadb.metadata
+++ b/.rh-mariadb100-mariadb.metadata
@@ -1 +1 @@
-eb5f2af0f5f4a2432b3f9fb1afb109b3091d3059 SOURCES/mariadb-10.0.25.tar.gz
+a3d0b33b0d65c70ca257bfc9bd122cc1507628ab SOURCES/mariadb-10.0.26.tar.gz
diff --git a/SOURCES/mariadb-test-multi_update.patch b/SOURCES/mariadb-test-multi_update.patch
new file mode 100644
index 0000000..848aa90
--- /dev/null
+++ b/SOURCES/mariadb-test-multi_update.patch
@@ -0,0 +1,21 @@
+The warning is now being suppressed at the beginning of the test:
+CALL mtr.add_suppression("Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT.");
+
+--- mariadb-10.0.26/mysql-test/r/multi_update.result.orig	2016-06-23 11:24:42.000000000 +0200
++++ mariadb-10.0.26/mysql-test/r/multi_update.result	2016-07-28 08:55:18.440615246 +0200
+@@ -1054,7 +1054,6 @@ UPDATE IGNORE table_11757486 SET field1=
+ Warnings:
+ Warning	1264	Out of range value for column 'field1' at row 1
+ Warning	1264	Out of range value for column 'field1' at row 2
+-Note	1592	Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. UPDATE IGNORE is unsafe because the order in which rows are updated determines which (if any) rows are ignored. This order cannot be predicted and may differ on master and the slave.
+ UPDATE (SELECT 128 as col1) x, table_11757486 SET field1=x.col1;
+ ERROR 22003: Out of range value for column 'field1' at row 1
+ UPDATE table_11757486 SET field1=128;
+@@ -1068,7 +1067,6 @@ UPDATE IGNORE table_11757486 SET field1=
+ Warnings:
+ Warning	1264	Out of range value for column 'field1' at row 1
+ Warning	1264	Out of range value for column 'field1' at row 2
+-Note	1592	Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. UPDATE IGNORE is unsafe because the order in which rows are updated determines which (if any) rows are ignored. This order cannot be predicted and may differ on master and the slave.
+ DROP TABLE table_11757486;
+ SET SESSION SQL_MODE=default;
+ end of 10.0 tests
diff --git a/SOURCES/pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch b/SOURCES/pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
deleted file mode 100644
index ae51b50..0000000
--- a/SOURCES/pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 943a5105b9fe2842851003f692c7077a6cdbeefe Mon Sep 17 00:00:00 2001
-From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
-Date: Wed, 10 Feb 2016 19:13:17 +0000
-Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
- parentheses.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1631 2f5784b3-3f2a-0410-8824-cb99058d5e15
-
-Petr Písař: Ported to 8.38.
-
-diff --git a/pcre_compile.c b/pcre_compile.c
-index b9a239e..5019854 100644
---- a/pcre_compile.c
-+++ b/pcre_compile.c
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
- 
-                        Written by Philip Hazel
--           Copyright (c) 1997-2014 University of Cambridge
-+           Copyright (c) 1997-2016 University of Cambridge
- 
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -560,6 +560,7 @@ static const char error_texts[] =
-   /* 85 */
-   "parentheses are too deeply nested (stack check)\0"
-   "digits missing in \\x{} or \\o{}\0"
-+  "regular expression is too complicated\0"
-   ;
- 
- /* Table to identify digits and hex digits. This is used when compiling
-@@ -4591,7 +4592,8 @@ for (;; ptr++)
-     if (code > cd->start_workspace + cd->workspace_size -
-         WORK_SIZE_SAFETY_MARGIN)                       /* Check for overrun */
-       {
--      *errorcodeptr = ERR52;
-+      *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
-+        ERR52 : ERR87;
-       goto FAILED;
-       }
- 
-@@ -6626,8 +6628,21 @@ for (;; ptr++)
-             cd->had_accept = TRUE;
-             for (oc = cd->open_caps; oc != NULL; oc = oc->next)
-               {
--              *code++ = OP_CLOSE;
--              PUT2INC(code, 0, oc->number);
-+              if (lengthptr != NULL)
-+                {
-+#ifdef COMPILE_PCRE8
-+                *lengthptr += 1 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE16
-+                *lengthptr += 2 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE32
-+                *lengthptr += 4 + IMM2_SIZE;
-+#endif
-+                }
-+              else
-+                {
-+                *code++ = OP_CLOSE;
-+                PUT2INC(code, 0, oc->number);
-+                }
-               }
-             setverb = *code++ =
-               (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-diff --git a/pcre_internal.h b/pcre_internal.h
-index f7a5ee7..dbfe80e 100644
---- a/pcre_internal.h
-+++ b/pcre_internal.h
-@@ -7,7 +7,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
- 
-                        Written by Philip Hazel
--           Copyright (c) 1997-2014 University of Cambridge
-+           Copyright (c) 1997-2016 University of Cambridge
- 
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -2289,7 +2289,7 @@ enum { ERR0,  ERR1,  ERR2,  ERR3,  ERR4,  ERR5,  ERR6,  ERR7,  ERR8,  ERR9,
-        ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
-        ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
-        ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
--       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
-+       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
- 
- /* JIT compiling modes. The function list is indexed by them. */
- 
-diff --git a/pcreposix.c b/pcreposix.c
-index dcc13ef..55b6ddc 100644
---- a/pcreposix.c
-+++ b/pcreposix.c
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
- 
-                        Written by Philip Hazel
--           Copyright (c) 1997-2014 University of Cambridge
-+           Copyright (c) 1997-2016 University of Cambridge
- 
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -173,7 +173,8 @@ static const int eint[] = {
-   REG_BADPAT,  /* group name must start with a non-digit */
-   /* 85 */
-   REG_BADPAT,  /* parentheses too deeply nested (stack check) */
--  REG_BADPAT   /* missing digits in \x{} or \o{} */
-+  REG_BADPAT,  /* missing digits in \x{} or \o{} */
-+  REG_BADPAT   /* pattern too complicated */
- };
- 
- /* Table of texts corresponding to POSIX error codes */
-diff --git a/testdata/testinput11 b/testdata/testinput11
-index ac9d228..6f0989a 100644
---- a/testdata/testinput11
-+++ b/testdata/testinput11
-@@ -138,4 +138,6 @@ is required for these tests. --/
- 
- /.((?2)(?R)\1)()/B
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- /-- End of testinput11 --/
-diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
-index 280692e..3c485da 100644
---- a/testdata/testoutput11-16
-+++ b/testdata/testoutput11-16
-@@ -765,4 +765,7 @@ Memory allocation (code space): 14
-  25     End
- ------------------------------------------------------------------
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: regular expression is too complicated at offset 490
-+
- /-- End of testinput11 --/
-diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
-index cdbda74..e19518d 100644
---- a/testdata/testoutput11-32
-+++ b/testdata/testoutput11-32
-@@ -765,4 +765,7 @@ Memory allocation (code space): 28
-  25     End
- ------------------------------------------------------------------
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
-index cb37896..5a4fbb2 100644
---- a/testdata/testoutput11-8
-+++ b/testdata/testoutput11-8
-@@ -765,4 +765,7 @@ Memory allocation (code space): 10
-  38     End
- ------------------------------------------------------------------
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
--- 
-2.5.0
-
diff --git a/SOURCES/pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch b/SOURCES/pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
deleted file mode 100644
index d7f1801..0000000
--- a/SOURCES/pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b7537308b7c758f33c347cb0bec62754c43c271f Mon Sep 17 00:00:00 2001
-From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
-Date: Sat, 27 Feb 2016 17:38:11 +0000
-Subject: [PATCH] Yet another duplicate name bugfix by overestimating the
- memory needed (i.e. another hack - PCRE2 has this "properly" fixed).
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1636 2f5784b3-3f2a-0410-8824-cb99058d5e15
-
-Petr Písař: Ported to 8.38.
-
-diff --git a/pcre_compile.c b/pcre_compile.c
-index 5019854..4ffea0c 100644
---- a/pcre_compile.c
-+++ b/pcre_compile.c
-@@ -7311,7 +7311,12 @@ for (;; ptr++)
-           so far in order to get the number. If the name is not found, leave
-           the value of recno as 0 for a forward reference. */
- 
--          else
-+          /* This patch (removing "else") fixes a problem when a reference is
-+          to multiple identically named nested groups from within the nest.
-+          Once again, it is not the "proper" fix, and it results in an
-+          over-allocation of memory. */
-+
-+          /* else */
-             {
-             ng = cd->named_groups;
-             for (i = 0; i < cd->names_found; i++, ng++)
--- 
-2.5.0
-
diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec
index 06d2d35..2d99bb3 100644
--- a/SPECS/mariadb.spec
+++ b/SPECS/mariadb.spec
@@ -152,7 +152,7 @@
 # Make long macros shorter
 %global sameevr   %{epoch}:%{version}-%{release}
 %global compatver 10.0
-%global bugfixver 25
+%global bugfixver 26
 
 %if 0%{?scl:1}
 %global scl_upper %{lua:print(string.upper(string.gsub(rpm.expand("%{scl}"), "-", "_")))}
@@ -160,7 +160,7 @@
 
 Name:             %{?scl_prefix}mariadb
 Version:          %{compatver}.%{bugfixver}
-Release:          4%{?with_debug:.debug}%{?dist}
+Release:          2%{?with_debug:.debug}%{?dist}
 Epoch:            1
 
 Summary:          A community developed branch of MySQL
@@ -211,15 +211,7 @@ Patch31:          %{pkgnamepatch}-string-overflow.patch
 Patch32:          %{pkgnamepatch}-basedir.patch
 Patch34:          %{pkgnamepatch}-covscan-stroverflow.patch
 Patch37:          %{pkgnamepatch}-notestdb.patch
-
-# Patches for bundled pcre
-# Fix CVE-2016-3191 (workspace overflow for (*ACCEPT) with deeply nested
-# parentheses), upstream bug #1791, fixed in upstream after 8.38
-Patch50:          pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
-# Fix CVE-2016-1283 (heap buffer overflow in handling of nested duplicate named
-# groups with a nested back reference), bug #1295386, upstream bug #1767,
-# fixed in upstream after 8.38
-Patch51:          pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
+Patch38:          %{pkgnamepatch}-test-multi_update.patch
 
 # Patches specific for scl
 Patch90:          %{pkgnamepatch}-scl-env-check.patch
@@ -253,6 +245,10 @@ BuildRequires:    perl(Time::HiRes)
 # for running some openssl tests rhbz#1189180
 BuildRequires:    openssl
 %{?with_init_systemd:BuildRequires: systemd}
+%if 0%{?rhel} == 6
+# in rhel 6 there is no implicit requirement for scl runtime
+BuildRequires:    %{?scl_prefix}runtime
+%endif
 
 Requires:         bash
 Requires:         fileutils
@@ -409,11 +405,7 @@ Group:            Applications/Databases
 Requires:         %{name}-server%{?_isa} = %{sameevr}
 %{?scl:Requires:%scl_runtime}
 # boost and Judy required for oograph
-%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
 BuildRequires:    boost-devel
-%else
-BuildRequires:    %{?scl_prefix}boost-devel
-%endif
 BuildRequires:    %{?scl_prefix}Judy-devel
 
 %description      oqgraph-engine
@@ -581,16 +573,12 @@ MariaDB is a community developed branch of MySQL.
 %patch32 -p1
 %patch34 -p1
 %patch37 -p1
+%patch38 -p1
 
 # removing bundled cmd-line-utils is now disabled
 # we cannot use libedit due #1201988
 # rm -r cmd-line-utils
 
-pushd pcre
-%patch50 -p1
-%patch51 -p1
-popd
-
 sed -i -e 's/2.8.7/2.6.4/g' cmake/cpack_rpm.cmake
 
 # workaround for upstream bug #56342
@@ -1302,23 +1290,32 @@ fi
 %endif
 
 %changelog
+* Mon Aug  1 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.26-2
+- Always build with boost-devel (do not use rh-mariadb100-boost-devel)
+  Related: #1359868
+
+* Tue Jul 26 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.26-1
+- Rebase to version 10.0.26
+  Resolves: #1359868
+  Also fixes: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440
+
 * Thu May 12 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.25-4
   Fixed Provides
   (Provides bundled pcre)
-  Related: #1330490
+  Related: #1330491
 
 * Tue May 10 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.25-3
   Fixed testsuite
   (couldn't find libmytap.so)
-  Related: #1330490
+  Related: #1330491
 
 * Fri May  6 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.25-2
 - Fix CVE-2016-3191 and CVE-2016-1283
-  Resolves: #1330490
+  Resolves: #1330491
 
 * Thu May  5 2016 Jakub Dorňák <jdornak@redhat.com> - 1:10.0.25-1
 - Rebase to version 10.0.25
-  Resolves: #1330444
+  Resolves: #1330445
   Also fixes: CVE-2016-2047 CVE-2016-0668 CVE-2016-0666 CVE-2016-0655
   CVE-2016-0651 CVE-2016-0650 CVE-2016-0649 CVE-2016-0648 CVE-2016-0647
   CVE-2016-0646 CVE-2016-0644 CVE-2016-0643 CVE-2016-0642 CVE-2016-0641