Just a short warning: When updating an existing installation of mariadb, make sure to backup /var/lib/mysql before. A mysqldump is not enough, because it cannot be easily restored: https://bugzilla.opensuse.org/show_bug.cgi?id=1166786 And after updating, the database might be broken: https://bugzilla.opensuse.org/show_bug.cgi?id=1166781 Am 18.03.20 um 10:07 schrieb openSUSE release team:
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&am...
Packages changed:
mariadb (10.2.29 -> 10.4.12)
==== mariadb ==== Version update (10.2.29 -> 10.4.12) Subpackages: mariadb-client mariadb-errormessages
- update the list of the skipped tests
- test macros: clarify who is admin and user of the database, fix build with 10.4
- modified sources % macros.mariadb-test
- disable testing with rpm macros as it does not work as for 10.4, needs to be investigated
- remove @VERSION@ from mariadb.service and mariadb@.service
- update to 10.4.12 [jsc#SLE-8269]
- Changes & Improvements https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/ https://mariadb.com/kb/en/changes-improvements-in-mariadb-103/
- Fixes for the following security vulnerabilities: CVE-2020-2574
- don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb packages CVE-2020-7221 [bsc#1160868]
- pack pam_user_map.so module in the /%{_lib}/security directory and user_map.conf configuration file in the /etc/security directory
- fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895]
- move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink attack [bsc#1160912]
- change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be SUSE/openSUSE independent
- enhance mariadb.service and mariadb@.service with various options (Documentation=, User=, Group=, KillSignal=, SendSIGKILL=, Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=, ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878]
- mysql-systemd-helper: use systemd-tmpfiles instead of shell script operations for a cleaner and safer creating of /run/mysql [bsc#1160883]
- pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow is a symlink to mysqldumpslow and the like)
- update suse_skipped_tests.list
- _constraints: increase physicalmemory value
- package auth_pam_tool setuid binary properly
- add cracklib-password-check subpackage but do not build it right now (cracklib-dict-full >= 2.9.0 is not available yet)
- add rcmariadb compat link
- add mariadb-rpmlintrc file
- do not move my_safe_process to bindir but use rpmlint arch-dependent-file-in-usr-share exception for it (this file is used just for the testing and it doesn't have to be in bindir
- added rpm test macros: %mysql_testserver_start, %mysql_testserver_cconf, %mysql_testserver_stop First two consuments are python-sortinghat and python-mysqlclient.
- remove sql_mode from my.ini/my.cnf as NO_ENGINE_SUBSTITUTION and STRICT_TRANS_TABLES are already set by default from version 10.2.4 [bsc#1144314]
- add "BuildRequires: python3" as some tests and myrocks_hotbackup script need python3. Make the PYTHON_SHEBANG value configurable [bsc#1142909]
- add "Requires: python3-mysqlclient" that is needed by myrocks_hotbackup script
- remove "innodb_file_format" option from my.ini (my.cnf) file that was removed in MariaDB 10.3.1. Also remove "innodb_file_per_table=ON" option that is by default ON and it's redundant now.
- Use FAT LTO objects in order to provide proper static library.
- refresh README.install and suse-test-run
- rename libmysqld subpackage (embedded library) to libmariadbd as libmysqld.so was renamed to libmariadbd.so (MDEV-14953)
- simplify removing static libs (we don't need to have .static)
- add perl(Memoize) and perl(Symbol) to BuildRequires and Requires that are needed for tests
- replace Requires pwdutils with shadow
- build RocksDB only for x86_64 as other platforms are not supported
- add the following patches
- add mariadb-10.2.19-link-and-enable-c++11-atomics.patch to link against libatomic where necessary and use C++11 atomics instead of gcc built-in atomics
- mariadb-10.4.12-harden_setuid.patch to harden auth_pam_tool setuid-root binary [bsc#1160285]
- mariadb-10.4.12-fix-install-db.patch to improve default behaviour of mysql_install_db. This prevents performing security sensitive actions to be performed but instead only warns the caller (bsc#1160868)
- refresh mariadb-10.2.4-fortify-and-O.patch
- remove the following patches:
- mysql-community-server-5.1.45-multi-configuration.patch as we have the same configuration in /etc/my.cnf and it doesn't make any sense to keep it twice. Moreover the patched file support-files/my-medium.cnf.sh was removed in upstream
- mariadb-5.5.28-install_db-quiet.patch and add "--rpm" option to the mysql_install_db script that does basically the same [bsc#1080891]
- mariadb-5.2.3-cnf.patch as all patched files were removed upstream
- remove mariadb-10.1.12-deharcode-libdir.patch because it's not needed - we don't build libmariadb library in mariadb package anymore so we don't need to take care about LIBDIR and PLUGINDIR here. Moreover we shouldn't (and we don't) touch *_RPM variables as they are internal) [bsc#1080891]
- mariadb-10.2.9-galera_cnf.patch as it's not clear what the correct path to galera wsrep provider is while users can use galera 3, galera 4 or galera compiled on their own
-- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org