Hello community,
here is the log from the commit of package mariadb for openSUSE:Factory checked in at 2017-02-20 13:11:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mariadb (Old)
and /work/SRC/openSUSE:Factory/.mariadb.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mariadb"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mariadb/mariadb.changes 2017-02-03 17:49:48.765933195 +0100
+++ /work/SRC/openSUSE:Factory/.mariadb.new/mariadb.changes 2017-02-20 13:11:54.375371422 +0100
@@ -1,0 +2,24 @@
+Fri Feb 3 18:02:42 UTC 2017 - kstreitova@suse.com
+
+- update to MariaDB 10.1.21
+ * notable changes:
+ * Innodb updated to 5.6.35
+ * Performance Schema updated to 5.6.35
+ * release notes and changelog:
+ * https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/
+ * https://mariadb.com/kb/en/mariadb/mariadb-10121-changelog/
+ * fixes the following CVEs:
+ CVE-2017-3318 [bsc#1020896], CVE-2017-3317 [bsc#1020894],
+ CVE-2017-3312 [bsc#1020873], CVE-2017-3291 [bsc#1020884],
+ CVE-2017-3265 [bsc#1020885], CVE-2017-3258 [bsc#1020875],
+ CVE-2017-3257 [bsc#1020878], CVE-2017-3244 [bsc#1020877],
+ CVE-2017-3243 [bsc#1020891], CVE-2017-3238 [bsc#1020882],
+ CVE-2016-6664 [bsc#1008253]
+- add mariadb.te file to the filelist
+- add mysqld_safe_helper to the filelist
+- refresh mariadb-10.1.4-group.patch
+- add mariadb-10.1.20-incorrect_list_handling.patch to fix incorrect
+ linked list handling in mysql_prune_stmt_list() function that can
+ cause use-after-free error [bsc#1022428]
+
+-------------------------------------------------------------------
Old:
----
mariadb-10.1.20.tar.gz
New:
----
mariadb-10.1.21.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mariadb.spec ++++++
--- /var/tmp/diff_new_pack.suxV9y/_old 2017-02-20 13:11:57.258965516 +0100
+++ /var/tmp/diff_new_pack.suxV9y/_new 2017-02-20 13:11:57.262964952 +0100
@@ -43,7 +43,7 @@
%define with_cassandra 0
%endif
Name: mariadb
-Version: 10.1.20
+Version: 10.1.21
Release: 0
Summary: Server part of %{pretty_name}
License: SUSE-GPL-2.0-with-FLOSS-exception
@@ -486,7 +486,7 @@
# Generate various filelists
filelist innochecksum my_print_defaults myisam_ftdump myisamchk myisamlog myisampack mysql_fix_extensions mysql_fix_privilege_tables mysql_ssl_rsa_setup mysql_install_db mysql_secure_installation mysql_upgrade mysqlbug mysqld mysqld_multi mysqld_safe mysqlbinlog mysqldumpslow mysqlmanager mroonga resolve_stack_dump resolveip {m,}aria_chk {m,}aria_dump_log {m,}aria_ftdump {m,}aria_pack {m,}aria_read_log xtstat tokuft_logprint tokuftdump >mysql.files
-filelist mysql mysqladmin mysqlcheck mysqldump mysqlimport mysqlshow mysql_config_editor >mysql-client.files
+filelist mysql mysqladmin mysqlcheck mysqldump mysqlimport mysqlshow mysql_config_editor mysqld_safe_helper >mysql-client.files
# The dialog stuff is mariadb only
if [ "`ls '%{buildroot}'%{_libdir}/mysql/plugin/dialog*.so 2> /dev/null`" ]; then
echo '%%dir %%_libdir/mysql' >> mysql-client.files
@@ -782,6 +782,7 @@
%dir %{_datadir}/mysql/policy/selinux
%{_datadir}/mysql/policy/selinux/README
%{_datadir}/mysql/policy/selinux/mariadb-server.*
+%{_datadir}/mysql/policy/selinux/mariadb.te
%dir %{_datadir}/mysql/systemd
%{_datadir}/mysql/systemd/mariadb.service
%{_datadir}/mysql/systemd/mariadb@.service
++++++ configuration-tweaks.tar.xz ++++++
++++++ mariadb-10.1.20.tar.gz -> mariadb-10.1.21.tar.gz ++++++
/work/SRC/openSUSE:Factory/mariadb/mariadb-10.1.20.tar.gz /work/SRC/openSUSE:Factory/.mariadb.new/mariadb-10.1.21.tar.gz differ: char 5, line 1
++++++ mysql-patches.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mariadb-10.1.20-incorrect_list_handling.patch new/mysql-patches/mysql-patches/mariadb-10.1.20-incorrect_list_handling.patch
--- old/mysql-patches/mysql-patches/mariadb-10.1.20-incorrect_list_handling.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/mysql-patches/mysql-patches/mariadb-10.1.20-incorrect_list_handling.patch 2017-01-31 11:05:33.433560970 +0100
@@ -0,0 +1,77 @@
+PATCH-P1-FIX: Fix incorrect linked list handling
+
+More information can be found below.
+
+Maintainer: Kristyna Streitova
+
+From 4797ea0b772d5f4c5889bc552424132806f46e93 Mon Sep 17 00:00:00 2001
+From: Nisha Gopalakrishnan
+Date: Mon, 21 Jul 2014 21:21:15 +0530
+Subject: [PATCH] BUG#17512527: LIST HANDLING INCORRECT IN
+ MYSQL_PRUNE_STMT_LIST()
+
+Analysis:
+---------
+Invalid memory access maybe observed when using prepared statements if:
+a) The mysql client connection is lost after statement preparation
+ is complete and
+b) There is at least one statement which is in initialized state but
+ not prepared yet.
+
+When the client detects a closed connection, it calls end_server()
+to shutdown the connection. As part of the clean up, the
+mysql_prune_stmt_list() removes the statements which has transitioned
+beyond the initialized state and retains only the statements which
+are in a initialized state. During this processing, the initialized
+statements are moved from 'mysql->stmts' to a temporary 'pruned_list'.
+When moving the first 'INIT_DONE' element to the pruned_list,
+'element->next' is set to NULL. Hence the rest of the list is never
+traversed and the statements which have transitioned beyond the
+initialized state are never invalidated.
+
+When the mysql_stmt_close() is called for the statement which is not
+invalidated; the statements list is updated in order to remove the
+statement. This would end up accessing freed memory(freed by the
+mysql_stmt_close() for a previous statement in the list).
+
+Fix:
+---
+mysql_prune_stmt_list() called list_add() incorrectly to create a
+temporary list. The use case of list_add() is to add a single
+element to the front of the doubly linked list.
+mysql_prune_stmt_list() called list_add() by passing an entire
+list as the 'element'.
+
+mysql_prune_stmt_list() now uses list_delete() to remove the
+statement which has transitioned beyond the initialized phase.
+Thus the statement list would contain only elements where the
+the state of the statement is initialized.
+
+Note: Run the test with valgrind-mysqltest and leak-check=full
+option to see the invalid memory access.
+---
+
+diff --git a/sql-common/client.c b/sql-common/client.c
+index eefb8a8..012292f 100644
+--- a/sql-common/client.c
++++ b/sql-common/client.c
+@@ -3985,12 +3985,15 @@ static void mysql_close_free(MYSQL *mysql)
+ */
+ static void mysql_prune_stmt_list(MYSQL *mysql)
+ {
+- LIST *element= mysql->stmts;
+- LIST *pruned_list= 0;
++ LIST *pruned_list= NULL;
+
+- for (; element; element= element->next)
++ while(mysql->stmts)
+ {
+- MYSQL_STMT *stmt= (MYSQL_STMT *) element->data;
++ LIST *element= mysql->stmts;
++ MYSQL_STMT *stmt;
++
++ mysql->stmts= list_delete(element, element);
++ stmt= (MYSQL_STMT *) element->data;
+ if (stmt->state != MYSQL_STMT_INIT_DONE)
+ {
+ stmt->mysql= 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mariadb-10.1.4-group.patch new/mysql-patches/mysql-patches/mariadb-10.1.4-group.patch
--- old/mysql-patches/mysql-patches/mariadb-10.1.4-group.patch 2016-10-24 18:01:09.131171359 +0200
+++ new/mysql-patches/mysql-patches/mariadb-10.1.4-group.patch 2017-02-03 15:48:33.836935430 +0100
@@ -9,7 +9,7 @@
===================================================================
--- scripts/mysqld_safe.sh.orig
+++ scripts/mysqld_safe.sh
-@@ -28,6 +28,7 @@ logging=init
+@@ -29,6 +29,7 @@ logging=init
want_syslog=0
syslog_tag=
user='@MYSQLD_USER@'
@@ -17,7 +17,7 @@
pid_file=
err_log=
err_log_base=
-@@ -289,6 +290,7 @@ parse_arguments() {
+@@ -308,6 +309,7 @@ parse_arguments() {
--pid[-_]file=*) pid_file="$val" ;;
--plugin[-_]dir=*) PLUGIN_DIR="$val" ;;
--user=*) user="$val"; SET_USER=1 ;;
@@ -25,26 +25,15 @@
--log[-_]basename=*|--hostname=*|--loose[-_]log[-_]basename=*)
pid_file="$val.pid";
err_log_base="$val";
-@@ -748,11 +750,17 @@ then
+@@ -737,6 +739,7 @@ then
if test "$user" != "root" -o $SET_USER = 1
then
USER_OPTION="--user=$user"
+ GROUP_OPTION="--group=$group"
fi
- # Change the err log to the right user, if it is in use
- if [ $want_syslog -eq 0 ]; then
- touch "$err_log"
-- chown $user "$err_log"
-+ if [ "$user" -a "$group" ]; then
-+ chown $user:$group $err_log
-+ else
-+ [ "$user" ] && chown $user $err_log
-+ [ "$group" ] && chgrp $group $err_log
-+ fi
- fi
if test -n "$open_files"
then
-@@ -775,7 +783,12 @@ then
+@@ -759,7 +762,12 @@ then
log_error "Fatal error Can't create database directory '$mysql_unix_port'"
exit 1
fi
@@ -70,7 +59,7 @@
force=0
in_rpm=0
-@@ -71,6 +72,11 @@ Usage: $0 [OPTIONS]
+@@ -88,6 +89,11 @@ Usage: $0 [OPTIONS]
user. You must be root to use this option. By default
mysqld runs using your current login name and files and
directories that it creates will be owned by you.
@@ -82,7 +71,7 @@
All other options are passed to the mysqld program
-@@ -118,11 +124,11 @@ parse_arguments()
+@@ -135,11 +141,11 @@ parse_arguments()
--builddir=*) builddir=`parse_arg "$arg"` ;;
--srcdir=*) srcdir=`parse_arg "$arg"` ;;
--ldata=*|--datadir=*|--data=*) ldata=`parse_arg "$arg"` ;;
@@ -96,7 +85,7 @@
--skip-name-resolve) ip_only=1 ;;
--verbose) verbose=1 ;; # Obsolete
--rpm) in_rpm=1 ;;
-@@ -392,7 +398,12 @@ do
+@@ -420,7 +426,12 @@ do
fi
if test -n "$user"
then
@@ -110,7 +99,7 @@
if test $? -ne 0
then
echo "Cannot change ownership of the database directories to the '$user'"
-@@ -407,6 +418,11 @@ then
+@@ -435,6 +446,11 @@ then
args="$args --user=$user"
fi
++++++ series ++++++
--- /var/tmp/diff_new_pack.suxV9y/_old 2017-02-20 13:11:57.770893454 +0100
+++ /var/tmp/diff_new_pack.suxV9y/_new 2017-02-20 13:11:57.770893454 +0100
@@ -10,3 +10,4 @@
mariadb-10.1.12-fortify-and-O.patch
mariadb-10.1.16-systemd-cmake.patch
mariadb-10.1.18-mysql_install_db-mariadb_dirs.patch
+mariadb-10.1.20-incorrect_list_handling.patch