diff --git a/.gitignore b/.gitignore index 5deed28..0b733f1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mariadb-10.0.28.tar.gz +SOURCES/mariadb-10.0.33.tar.gz diff --git a/.rh-mariadb100-mariadb.metadata b/.rh-mariadb100-mariadb.metadata index fccab67..be78e6d 100644 --- a/.rh-mariadb100-mariadb.metadata +++ b/.rh-mariadb100-mariadb.metadata @@ -1 +1 @@ -31ce5c8f9d7617723e343f934d8334eed2222366 SOURCES/mariadb-10.0.28.tar.gz +10f39ec8b84ab9b9083b96e024e923c5f1614c01 SOURCES/mariadb-10.0.33.tar.gz diff --git a/SOURCES/mariadb-covscan-stroverflow.patch b/SOURCES/mariadb-covscan-stroverflow.patch deleted file mode 100644 index 0e169dc..0000000 --- a/SOURCES/mariadb-covscan-stroverflow.patch +++ /dev/null @@ -1,57 +0,0 @@ -The following problems have been found by Coverity - static analysis tool. - -mysql-5.5.31/plugin/semisync/semisync_master.cc:672:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -mysql-5.5.31/plugin/semisync/semisync_master.cc:661:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -mysql-5.5.31/plugin/semisync/semisync_master.cc:555:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. - -diff -up mariadb-10.0.25/plugin/semisync/semisync_master.cc.orig mariadb-10.0.25/plugin/semisync/semisync_master.cc ---- mariadb-10.0.25/plugin/semisync/semisync_master.cc.orig 2014-11-27 15:16:59.664855517 +0100 -+++ mariadb-10.0.25/plugin/semisync/semisync_master.cc 2014-11-27 15:16:17.029779375 +0100 -@@ -554,7 +553,8 @@ int ReplSemiSyncMaster::reportReplyBinlo - - if (need_copy_send_pos) - { -- strcpy(reply_file_name_, log_file_name); -+ strncpy(reply_file_name_, log_file_name, sizeof(reply_file_name_)-1); -+ reply_file_name_[sizeof(reply_file_name_)-1] = '\0'; - reply_file_pos_ = log_file_pos; - reply_file_name_inited_ = true; - -@@ -662,7 +663,8 @@ int ReplSemiSyncMaster::commitTrx(const - if (cmp <= 0) - { - /* This thd has a lower position, let's update the minimum info. */ -- strcpy(wait_file_name_, trx_wait_binlog_name); -+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1); -+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0'; - wait_file_pos_ = trx_wait_binlog_pos; - - rpl_semi_sync_master_wait_pos_backtraverse++; -@@ -673,7 +673,8 @@ int ReplSemiSyncMaster::commitTrx(const - } - else - { -- strcpy(wait_file_name_, trx_wait_binlog_name); -+ strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1); -+ wait_file_name_[sizeof(wait_file_name_)-1] = '\0'; - wait_file_pos_ = trx_wait_binlog_pos; - wait_file_name_inited_ = true; - - -mysql-5.5.31/sql/rpl_handler.cc:306:fixed_size_dest – You might overrun the 512 byte fixed-size string "log_info->log_file" by copying "log_file + dirname_length(log_file)" without checking the length. diff -up mysql-5.5.31/sql/rpl_handler.cc.covscan-stroverflow mysql-5.5.31/sql/rpl_handler.cc - -diff -up mariadb-10.0.25/sql/rpl_handler.cc.orig mariadb-10.0.25/sql/rpl_handler.cc ---- mariadb-10.0.25/sql/rpl_handler.cc.orig 2016-04-28 22:27:48.000000000 +0200 -+++ mariadb-10.0.25/sql/rpl_handler.cc 2016-05-05 15:10:19.562177816 +0200 -@@ -261,7 +261,8 @@ int Binlog_storage_delegate::after_flush - thd->semisync_info= log_info; - } - -- strcpy(log_info->log_file, log_file+dirname_length(log_file)); -+ strncpy(log_info->log_file, log_file+dirname_length(log_file), sizeof(log_info->log_file)-1); -+ log_info->log_file[sizeof(log_info->log_file)-1] = '\0'; - log_info->log_pos = log_pos; - - FOREACH_OBSERVER(ret, after_flush, false, diff --git a/SOURCES/mariadb-install-db-sharedir.patch b/SOURCES/mariadb-install-db-sharedir.patch index 4949b6d..adf9b7e 100644 --- a/SOURCES/mariadb-install-db-sharedir.patch +++ b/SOURCES/mariadb-install-db-sharedir.patch @@ -12,27 +12,3 @@ diff -up mariadb-10.0.13/scripts/mysql_install_db.pl.in.pbasedir mariadb-10.0.13 $scriptdir = "$opt->{basedir}/scripts"; } else -diff -up mariadb-10.0.13/scripts/mysql_install_db.sh.pbasedir mariadb-10.0.13/scripts/mysql_install_db.sh ---- mariadb-10.0.13/scripts/mysql_install_db.sh.pbasedir 2014-09-04 12:51:59.005086301 +0200 -+++ mariadb-10.0.13/scripts/mysql_install_db.sh 2014-09-04 12:54:02.794222597 +0200 -@@ -280,16 +280,16 @@ then - cannot_find_file mysqld $basedir/libexec $basedir/sbin $basedir/bin - exit 1 - fi -- langdir=`find_in_basedir --dir errmsg.sys share/english share/mysql/english` -+ langdir=`find_in_basedir --dir errmsg.sys share/english @INSTALL_MYSQLSHAREDIR@/english` - if test -z "$langdir" - then -- cannot_find_file errmsg.sys $basedir/share/english $basedir/share/mysql/english -+ cannot_find_file errmsg.sys $basedir/share/english $basedir/@INSTALL_MYSQLSHAREDIR@/english - exit 1 - fi -- pkgdatadir=`find_in_basedir --dir fill_help_tables.sql share share/mysql` -+ pkgdatadir=`find_in_basedir --dir fill_help_tables.sql share @INSTALL_MYSQLSHAREDIR@` - if test -z "$pkgdatadir" - then -- cannot_find_file fill_help_tables.sql $basedir/share $basedir/share/mysql -+ cannot_find_file fill_help_tables.sql $basedir/share $basedir/@INSTALL_MYSQLSHAREDIR@ - exit 1 - fi - scriptdir="$basedir/scripts" diff --git a/SOURCES/mariadb-install-test.patch b/SOURCES/mariadb-install-test.patch deleted file mode 100644 index a6c2866..0000000 --- a/SOURCES/mariadb-install-test.patch +++ /dev/null @@ -1,56 +0,0 @@ -Improve the documentation that will be installed in the mysql-test RPM. - -diff -up mariadb-10.0.25/mysql-test/README.orig mariadb-10.0.25/mysql-test/README ---- mariadb-10.0.25/mysql-test/README.orig 2016-04-28 22:27:44.000000000 +0200 -+++ mariadb-10.0.25/mysql-test/README 2016-05-05 14:57:26.937273700 +0200 -@@ -1,15 +1,28 @@ --This directory contains a test suite for the MySQL daemon. To run --the currently existing test cases, simply execute ./mysql-test-run in --this directory. It will fire up the newly built mysqld and test it. -- --Note that you do not have to have to do "make install", and you could --actually have a co-existing MySQL installation. The tests will not --conflict with it. To run the test suite in a source directory, you --must do make first. -- --All tests must pass. If one or more of them fail on your system, please --read the following manual section for instructions on how to report the --problem: -+This directory contains a test suite for the MariaDB daemon. To run -+the currently existing test cases, execute ./mysql-test-run in -+this directory. -+ -+For use in Red Hat distributions, you should run the script as user mysql, -+who is created with nologin shell however, so the best bet is something like -+ $ su - -+ # cd /usr/share/mysql-test -+ # su -s /bin/bash mysql -c "./mysql-test-run --skip-test-list=rh-skipped-tests.list" -+ -+This will use the installed mysql executables, but will run a private copy -+of the server process (using data files within /usr/share/mysql-test), -+so you need not start the mysqld service beforehand. -+ -+The "--skip-test-list=rh-skipped-tests.list" option excludes tests that are -+known to fail on one or more Red-Hat-supported platforms. You can omit it -+if you want to check whether such failures occur for you. Documentation -+about the reasons for omitting such tests can be found in the file -+rh-skipped-tests.list. -+ -+To clean up afterwards, remove the created "var" subdirectory, eg -+ # su -s /bin/bash - mysql -c "rm -rf /usr/share/mysql-test/var" -+ -+If one or more tests fail on your system, please read the following manual -+section for instructions on how to report the problem: - - https://mariadb.com/kb/en/reporting-bugs - -@@ -26,7 +39,8 @@ other relevant options. - - With no test cases named on the command line, mysql-test-run falls back - to the normal "non-extern" behavior. The reason for this is that some --tests cannot run with an external server. -+tests cannot run with an external server (because they need to control the -+options with which the server is started). - - You can create your own test cases. To create a test case, create a new - file in the t subdirectory using a text editor. The file should have a .test diff --git a/SOURCES/mariadb-logrotate.patch b/SOURCES/mariadb-logrotate.patch index 898f7f4..2a4f416 100644 --- a/SOURCES/mariadb-logrotate.patch +++ b/SOURCES/mariadb-logrotate.patch @@ -14,9 +14,9 @@ Adjust the mysql-log-rotate script in several ways: See discussions at RH bugs 799735, 547007 -diff -up mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 mariadb-10.0.10/support-files/mysql-log-rotate.sh ---- mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 2014-03-30 19:56:53.000000000 +0200 -+++ mariadb-10.0.10/support-files/mysql-log-rotate.sh 2014-04-07 16:30:11.264618655 +0200 +diff -up mariadb-10.1.24/support-files/mysql-log-rotate.sh.p4 mariadb-10.1.24/support-files/mysql-log-rotate.sh +--- mariadb-10.1.24/support-files/mysql-log-rotate.sh.p4 2017-05-29 18:48:37.000000000 +0200 ++++ mariadb-10.1.24/support-files/mysql-log-rotate.sh 2017-06-25 08:58:02.294912909 +0200 @@ -1,9 +1,9 @@ # This logname can be set in /etc/my.cnf -# by setting the variable "err-log" @@ -31,7 +31,7 @@ diff -up mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 mariadb-10.0.10/su # # If the root user has a password you have to create a # /root/.my.cnf configuration file with the following -@@ -18,19 +18,21 @@ +@@ -18,20 +18,22 @@ # ATTENTION: This /root/.my.cnf should be readable ONLY # for root ! @@ -47,7 +47,8 @@ diff -up mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 mariadb-10.0.10/su - if test -x @bindir@/mysqladmin && \ - @bindir@/mysqladmin ping &>/dev/null - then -- @bindir@/mysqladmin flush-logs +- @bindir@/mysqladmin --local flush-error-log \ +- flush-engine-log flush-general-log flush-slow-log - fi - endscript -} @@ -65,7 +66,8 @@ diff -up mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 mariadb-10.0.10/su +# if test -x @bindir@/mysqladmin && \ +# @bindir@/mysqladmin ping &>/dev/null +# then -+# @bindir@/mysqladmin flush-logs ++# @bindir@/mysqladmin --local flush-error-log \ ++# flush-engine-log flush-general-log flush-slow-log +# fi +# endscript +#} diff --git a/SOURCES/mariadb-scl-env-check.patch b/SOURCES/mariadb-scl-env-check.patch index 7708483..7dd87fe 100644 --- a/SOURCES/mariadb-scl-env-check.patch +++ b/SOURCES/mariadb-scl-env-check.patch @@ -1,6 +1,6 @@ -diff -up mariadb-10.0.17/scripts/mysqld_safe.sh.scl-env-check mariadb-10.0.17/scripts/mysqld_safe.sh ---- mariadb-10.0.17/scripts/mysqld_safe.sh.scl-env-check 2015-02-25 16:40:55.000000000 +0100 -+++ mariadb-10.0.17/scripts/mysqld_safe.sh 2015-03-14 12:49:01.693320701 +0100 +diff -up mariadb-10.0.33/scripts/mysqld_safe.sh.p90 mariadb-10.0.33/scripts/mysqld_safe.sh +--- mariadb-10.0.33/scripts/mysqld_safe.sh.p90 2017-10-27 02:22:59.000000000 +0200 ++++ mariadb-10.0.33/scripts/mysqld_safe.sh 2017-10-31 22:04:09.387140847 +0100 @@ -11,6 +11,12 @@ # mysql.server works by first doing a cd to the base directory and from there # executing mysqld_safe @@ -14,9 +14,9 @@ diff -up mariadb-10.0.17/scripts/mysqld_safe.sh.scl-env-check mariadb-10.0.17/sc # Initialize script globals KILL_MYSQLD=1; MYSQLD= -diff -up mariadb-10.0.17/scripts/mysql.init.in.scl-env-check mariadb-10.0.17/scripts/mysql.init.in ---- mariadb-10.0.17/scripts/mysql.init.in.scl-env-check 2015-03-14 12:49:01.693320701 +0100 -+++ mariadb-10.0.17/scripts/mysql.init.in 2015-03-14 12:49:01.693320701 +0100 +diff -up mariadb-10.0.33/scripts/mysql.init.in.p90 mariadb-10.0.33/scripts/mysql.init.in +--- mariadb-10.0.33/scripts/mysql.init.in.p90 2017-10-31 22:04:09.386140828 +0100 ++++ mariadb-10.0.33/scripts/mysql.init.in 2017-10-31 22:04:09.387140847 +0100 @@ -154,6 +154,18 @@ condrestart(){ [ -e $lockfile ] && restart || : } @@ -36,9 +36,9 @@ diff -up mariadb-10.0.17/scripts/mysql.init.in.scl-env-check mariadb-10.0.17/scr # See how we were called. case "$1" in -diff -up mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check mariadb-10.0.17/scripts/mysql_install_db.sh ---- mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check 2015-03-14 12:49:00.319319690 +0100 -+++ mariadb-10.0.17/scripts/mysql_install_db.sh 2015-03-14 12:49:01.694320701 +0100 +diff -up mariadb-10.0.33/scripts/mysql_install_db.sh.p90 mariadb-10.0.33/scripts/mysql_install_db.sh +--- mariadb-10.0.33/scripts/mysql_install_db.sh.p90 2017-10-27 02:22:59.000000000 +0200 ++++ mariadb-10.0.33/scripts/mysql_install_db.sh 2017-10-31 22:06:01.432291898 +0100 @@ -19,6 +19,12 @@ # # All unrecognized arguments to this script are passed to mysqld. @@ -52,17 +52,17 @@ diff -up mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check mariadb-10.0. basedir="" builddir="" ldata="@localstatedir@" -@@ -435,16 +441,16 @@ else +@@ -439,16 +445,16 @@ else echo "The problem could be conflicting information in an external" echo "my.cnf files. You can ignore these by doing:" echo -- echo " shell> $scriptdir/scripts/mysql_install_db --defaults-file=~/.my.cnf" -+ echo " shell> su -s /bin/bash - mysql -c 'scl enable @SCL_NAME@ -- $scriptdir/scripts/mysql_install_db --defaults-file=~/.my.cnf'" +- echo " shell> $0 --defaults-file=~/.my.cnf" ++ echo " shell> su -s /bin/bash - mysql -c 'scl enable @SCL_NAME@ -- $0 --defaults-file=~/.my.cnf" echo echo "You can also try to start the mysqld daemon with:" echo - echo " shell> $mysqld --skip-grant --general-log &" -+ echo " shell> su -s /bin/bash - mysql -c 'scl enable @SCL_NAME@ -- $mysqld --skip-grant --general-log &'" ++ echo " shell> su -s /bin/bash - mysql -c 'scl enable @SCL_NAME@ -- $mysqld --skip-grant --general-log &" echo echo "and use the command line tool $bindir/mysql" echo "to connect to the mysql database and look at the grant tables:" @@ -72,7 +72,7 @@ diff -up mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check mariadb-10.0. echo " mysql> show tables;" echo echo "Try 'mysqld --help' if you have problems with paths. Using" -@@ -474,19 +480,15 @@ fi +@@ -478,19 +484,15 @@ fi # the screen. if test "$cross_bootstrap" -eq 0 && test -z "$srcdir" then @@ -95,7 +95,7 @@ diff -up mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check mariadb-10.0. echo echo "which will also give you the option of removing the test" echo "databases and anonymous user created by default. This is" -@@ -502,7 +504,8 @@ then +@@ -506,7 +508,8 @@ then echo "cd '$basedir' ; $bindir/mysqld_safe --datadir='$ldata'" echo echo "You can test the MariaDB daemon with mysql-test-run.pl" @@ -105,9 +105,9 @@ diff -up mariadb-10.0.17/scripts/mysql_install_db.sh.scl-env-check mariadb-10.0. fi echo -diff -up mariadb-10.0.17/scripts/mysql.service.in.scl-env-check mariadb-10.0.17/scripts/mysql.service.in ---- mariadb-10.0.17/scripts/mysql.service.in.scl-env-check 2015-03-14 12:49:01.594320628 +0100 -+++ mariadb-10.0.17/scripts/mysql.service.in 2015-03-14 16:06:28.582056853 +0100 +diff -up mariadb-10.0.33/scripts/mysql.service.in.p90 mariadb-10.0.33/scripts/mysql.service.in +--- mariadb-10.0.33/scripts/mysql.service.in.p90 2017-10-31 22:04:09.386140828 +0100 ++++ mariadb-10.0.33/scripts/mysql.service.in 2017-10-31 22:04:09.388140866 +0100 @@ -32,14 +32,20 @@ Type=simple User=mysql Group=mysql @@ -135,9 +135,9 @@ diff -up mariadb-10.0.17/scripts/mysql.service.in.scl-env-check mariadb-10.0.17/ # Give a reasonable amount of time for the server to start up/shut down TimeoutSec=300 -diff -up mariadb-10.0.17/support-files/mysql-log-rotate.sh.scl-env-check mariadb-10.0.17/support-files/mysql-log-rotate.sh ---- mariadb-10.0.17/support-files/mysql-log-rotate.sh.scl-env-check 2015-03-14 12:49:00.278319660 +0100 -+++ mariadb-10.0.17/support-files/mysql-log-rotate.sh 2015-03-14 12:49:01.694320701 +0100 +diff -up mariadb-10.0.33/support-files/mysql-log-rotate.sh.p90 mariadb-10.0.33/support-files/mysql-log-rotate.sh +--- mariadb-10.0.33/support-files/mysql-log-rotate.sh.p90 2017-10-31 22:04:09.365140425 +0100 ++++ mariadb-10.0.33/support-files/mysql-log-rotate.sh 2017-10-31 22:04:09.388140866 +0100 @@ -30,9 +30,9 @@ # postrotate # # just if mysqld is really running @@ -145,8 +145,8 @@ diff -up mariadb-10.0.17/support-files/mysql-log-rotate.sh.scl-env-check mariadb -# @bindir@/mysqladmin ping &>/dev/null +# /usr/bin/scl enable @SCL_NAME@ -- @bindir@/mysqladmin ping &>/dev/null # then --# @bindir@/mysqladmin flush-logs -+# /usr/bin/scl enable @SCL_NAME@ -- @bindir@/mysqladmin flush-logs +-# @bindir@/mysqladmin --local flush-error-log \ ++# /usr/bin/scl enable @SCL_NAME@ -- @bindir@/mysqladmin --local flush-error-log \ + # flush-engine-log flush-general-log flush-slow-log # fi # endscript - #} diff --git a/SOURCES/mariadb-string-overflow.patch b/SOURCES/mariadb-string-overflow.patch deleted file mode 100644 index a8231bd..0000000 --- a/SOURCES/mariadb-string-overflow.patch +++ /dev/null @@ -1,22 +0,0 @@ -These issues were found by Coverity static analysis tool, for more info -see messages by particular fixes (messages belong to 5.1.61). - -Filed upstream at http://bugs.mysql.com/bug.php?id=64631 - - -Error: BUFFER_SIZE_WARNING: -/builddir/build/BUILD/mysql-5.1.61/sql/sql_prepare.cc:2749: buffer_size_warning: Calling strncpy with a maximum size argument of 512 bytes on destination array "this->stmt->last_error" of size 512 bytes might leave the destination string unterminated. - - -diff -up mariadb-10.0.10/sql/sql_prepare.cc.p8 mariadb-10.0.10/sql/sql_prepare.cc ---- mariadb-10.0.10/sql/sql_prepare.cc.p8 2014-03-30 19:56:42.000000000 +0200 -+++ mariadb-10.0.10/sql/sql_prepare.cc 2014-04-07 18:43:33.901074770 +0200 -@@ -3021,7 +3021,7 @@ void mysql_stmt_get_longdata(THD *thd, c - { - stmt->state= Query_arena::STMT_ERROR; - stmt->last_errno= thd->get_stmt_da()->sql_errno(); -- strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE); -+ strncpy(stmt->last_error, thd->get_stmt_da()->message(), sizeof(stmt->last_error)-1); - } - thd->set_stmt_da(save_stmt_da); - diff --git a/SOURCES/mariadb-strmov.patch b/SOURCES/mariadb-strmov.patch index c2350c4..ea6a76d 100644 --- a/SOURCES/mariadb-strmov.patch +++ b/SOURCES/mariadb-strmov.patch @@ -12,9 +12,9 @@ ability to detect this type of error is low, and I also see little evidence of any real performance gain from optimizing these calls. So I'm keeping this patch. -diff -up mariadb-10.0.15/include/m_string.h.orig mariadb-10.0.15/include/m_string.h ---- mariadb-10.0.15/include/m_string.h.orig 2014-11-27 14:40:32.622032698 +0100 -+++ mariadb-10.0.15/include/m_string.h 2014-11-27 14:38:56.211864712 +0100 +diff -up mariadb-10.0.31/include/m_string.h.p1 mariadb-10.0.31/include/m_string.h +--- mariadb-10.0.31/include/m_string.h.p1 2017-06-25 09:37:32.803677317 +0200 ++++ mariadb-10.0.31/include/m_string.h 2017-06-25 09:38:21.870708830 +0200 @@ -73,12 +73,6 @@ extern void *(*my_str_malloc)(size_t); extern void *(*my_str_realloc)(void *, size_t); extern void (*my_str_free)(void *); diff --git a/SOURCES/mysql-prepare-db-dir.sh b/SOURCES/mysql-prepare-db-dir.sh index 1905f09..94b90dd 100644 --- a/SOURCES/mysql-prepare-db-dir.sh +++ b/SOURCES/mysql-prepare-db-dir.sh @@ -36,54 +36,76 @@ else fi # Set up the errlogfile with appropriate permissions -touch "$errlogfile" -ret=$? -# Provide some advice if the log file cannot be touched -if [ $ret -ne 0 ] ; then - errlogdir=$(dirname $errlogfile) +if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then + case $(basename "$errlogfile") in + mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;; + *) ;; + esac +else + # Provide some advice if the log file cannot be created by this script + errlogdir=$(dirname "$errlogfile") if ! [ -d "$errlogdir" ] ; then - echo "The directory $errlogdir does not exist." - elif [ -f "$errlogfile" ] ; then - echo "The log file $errlogfile cannot be touched, please, fix its permissions." - else - echo "The log file $errlogfile could not be created." + echo "The directory $errlogdir does not exist." >&2 + exit 1 + elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then + echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2 + echo "The daemon will be run under $myuser:$mygroup" >&2 + exit 1 fi - echo "The daemon will be run under $myuser:$mygroup" - exit 1 fi -chown "$myuser:$mygroup" "$errlogfile" -chmod 0640 "$errlogfile" -[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile" -# Make the data directory -if [ ! -d "$datadir/mysql" ] ; then - # First, make sure $datadir is there with correct permissions - # (note: if it's not, and we're not root, this'll fail ...) - if [ ! -e "$datadir" -a ! -h "$datadir" ] - then - mkdir -p "$datadir" || exit 1 - fi - chown "$myuser:$mygroup" "$datadir" - chmod 0755 "$datadir" - [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" + + +export LC_ALL=C + +# Returns content of the specified directory +# If listing files fails, fake-file is returned so which means +# we'll behave like there was some data initialized +# Some files or directories are fine to be there, so those are +# explicitly removed from the listing +# @param datadir +list_datadir () +{ + ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \ + -e '^lost+found$' \ + -e '\.err$' \ + -e '^\.bash_history$' +} + +# Checks whether datadir should be initialized +# @param datadir +should_initialize () +{ + test -z "$(list_datadir "$1")" +} + +# Make the data directory if doesn't exist or empty +if should_initialize "$datadir" ; then # Now create the database - echo "Initializing @NICE_PROJECT_NAME@ database" - @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" + echo "Initializing @NICE_PROJECT_NAME@ database" >&2 + @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" >&2 ret=$? if [ $ret -ne 0 ] ; then echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2 echo "Perhaps @sysconfdir@/my.cnf is misconfigured." >&2 - # Clean up any partially-created database files - if [ ! -e "$datadir/mysql/user.frm" ] ; then - rm -rf "$datadir"/* - fi + echo "Note, that you may need to clean up any partially-created database files in $datadir" >&2 exit $ret fi # upgrade does not need to be run on a fresh datadir echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info" - # In case we're running as root, make sure files are owned properly - chown -R "$myuser:$mygroup" "$datadir" +else + if [ -d "$datadir/mysql/" ] ; then + # mysql dir exists, it seems data are initialized properly + echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done." + echo "If this is not the case, make sure the $datadir is empty before running `basename $0`." + else + # if the directory is not empty but mysql/ directory is missing, then + # print error and let user to initialize manually or empty the directory + echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2 + echo "Make sure the $datadir is empty before running `basename $0`." >&2 + exit 1 + fi fi exit 0 diff --git a/SOURCES/mysql.init.in b/SOURCES/mysql.init.in index de7b9c0..ccd9c26 100644 --- a/SOURCES/mysql.init.in +++ b/SOURCES/mysql.init.in @@ -71,8 +71,8 @@ start(){ action $"Starting $prog: " /bin/true ret=0 else - @libexecdir@/mysql-prepare-db-dir $MYUSER $MYGROUP || return 4 - @libexecdir@/mysql-check-socket || return 1 + @libexecdir@/mysql-prepare-db-dir $MYUSER $MYGROUP >/dev/null || return 4 + @libexecdir@/mysql-check-socket >/dev/null || return 1 # Pass all the options determined above, to ensure consistent behavior. # In many cases mysqld_safe would arrive at the same conclusions anyway diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index e5b9c1e..dd4d89f 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -98,7 +98,7 @@ # MariaDB 10.0 and later requires pcre >= 8.35, otherwise we need to use # the bundled library, since the package cannot be build with older version -%global pcre_version 8.39 +%global pcre_version 8.41 %if 0%{?fedora} >= 21 %bcond_without pcre %else @@ -153,7 +153,7 @@ # Make long macros shorter %global sameevr %{epoch}:%{version}-%{release} %global compatver 10.0 -%global bugfixver 28 +%global bugfixver 33 %if 0%{?scl:1} %global scl_upper %{lua:print(string.upper(string.gsub(rpm.expand("%{scl}"), "-", "_")))} @@ -161,7 +161,7 @@ Name: %{?scl_prefix}mariadb Version: %{compatver}.%{bugfixver} -Release: 5%{?with_debug:.debug}%{?dist} +Release: 3%{?with_debug:.debug}%{?dist} Epoch: 1 Summary: A community developed branch of MySQL @@ -196,7 +196,6 @@ Source52: rh-skipped-tests-ppc-s390.list # Comments for these patches are in the patch files # Patches common for more mysql-like packages Patch1: %{pkgnamepatch}-strmov.patch -Patch2: %{pkgnamepatch}-install-test.patch Patch3: %{pkgnamepatch}-s390-tsc.patch Patch4: %{pkgnamepatch}-logrotate.patch Patch5: %{pkgnamepatch}-file-contents.patch @@ -209,9 +208,7 @@ Patch13: %{pkgnamepatch}-ssl-cypher.patch # Patches specific for this mysql package Patch30: %{pkgnamepatch}-errno.patch -Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch -Patch34: %{pkgnamepatch}-covscan-stroverflow.patch Patch37: %{pkgnamepatch}-notestdb.patch Patch38: %{pkgnamepatch}-test-multi_update.patch @@ -561,8 +558,10 @@ MariaDB is a community developed branch of MySQL. %prep %setup -q -n mariadb-%{version} +# Removt JAR files that upstream puts into tarball +find . -name "*.jar" -type f -exec rm --verbose -f {} \; + %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 @@ -573,9 +572,7 @@ MariaDB is a community developed branch of MySQL. %patch12 -p1 %patch13 -p1 %patch30 -p1 -%patch31 -p1 %patch32 -p1 -%patch34 -p1 %patch37 -p1 %patch38 -p1 @@ -758,7 +755,7 @@ install -p -m 0755 scripts/mysql_config_multilib %{buildroot}%{_bindir}/mysql_co # but that's pretty wacko --- see also %%{name}-file-contents.patch) install -p -m 644 Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/ install -p -m 644 Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/ -rm -rf %{buildroot}%{_pkgdocdir}/MariaDB-server-%{version}/ +rm -rf %{buildroot}%{_datadir}/doc/%{_pkgdocdirname}/MariaDB-server-%{version}/ mkdir -p %{buildroot}%{logfiledir} chmod 0750 %{buildroot}%{logfiledir} @@ -1013,6 +1010,8 @@ semanage fcontext -a -t mysqld_log_t '/var/log/mariadb(/.*)?' >/dev/null 2>&1 || # work-around for rhbz#1172683 semanage fcontext -a -t mysqld_safe_exec_t %{_root_libexecdir}/mysqld_safe-scl-helper >/dev/null 2>&1 || : %endif +# in order to avoid a race condition: https://bugzilla.redhat.com/show_bug.cgi?id=1463417#c4 +semanage fcontext -a -t mysqld_exec_t %{_root_libexecdir}/mysqld_safe_helper >/dev/null 2>&1 || : selinuxenabled && load_policy || : restorecon -R "%{?_scl_root}/" >/dev/null 2>&1 || : restorecon -R "%{_sysconfdir}" >/dev/null 2>&1 || : @@ -1110,7 +1109,7 @@ fi %if %{with common} %files common -%doc README COPYING COPYING.LESSER README.mysql-license README.mysql-docs +%doc README COPYING README.mysql-license README.mysql-docs %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google %dir %{_libdir}/mysql %dir %{_libdir}/mysql/plugin @@ -1172,6 +1171,7 @@ fi %{_bindir}/mysqldumpslow %{_bindir}/mysqld_multi %{_bindir}/mysqld_safe +%{_bindir}/mysqld_safe_helper %{_bindir}/mysqlhotcopy %{_bindir}/mysqltest %{_bindir}/innochecksum @@ -1311,6 +1311,38 @@ fi %endif %changelog +* Mon Nov 06 2017 Honza Horak - 1:10.0.33-3 +- Use selinux for the mysqld_safe_helper also on RHEL-6 + Related: #1463417 +- Print the same messages as before when starting the service in SysV init, + to not scare users + Related: #1463411 + +* Fri Nov 03 2017 Honza Horak - 1:10.0.33-2 +- Remove .jar files from the sources + Related: #1463415 + +* Tue Oct 31 2017 Honza Horak - 1:10.0.33-1 +- Update to 10.0.33 + Also fixes: CVE-2017-10378, CVE-2017-10268 + Related: #1463415 + +* Mon Aug 14 2017 Honza Horak - 1:10.0.32-1 +- Update to 10.0.32 +- Remove mariadb-covscan-stroverflow.patch that was fixed upstream +- Update bundled pcre version to 8.41 + Related: #1463415 + +* Sun Jun 25 2017 Honza Horak - 1:10.0.31-1 +- Rebase to 10.0.31 + Also fixes: CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 + CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3313 + CVE-2017-3317 CVE-2017-3318 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 + CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 + Resolves: #1463418 +- Fix mysql-prepare-db-dir for CVE-2017-3265 + Resolves: #1463413 + * Tue Nov 22 2016 Michal Schorm - 1:10.0.28-5 - Rebase to 10.0.28 - JdbcMariaDB.jar test removed