Just a short warning: When updating an existing installation of mariadb, make sure to backup /var/lib/mysql before. A mysqldump is not enough, because it cannot be easily restored: https://bugzilla.opensuse.org/show_bug.cgi?id=1166786 And after updating, the database might be broken: https://bugzilla.opensuse.org/show_bug.cgi?id=1166781 Am 18.03.20 um 10:07 schrieb openSUSE release team:
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&build=607.3&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.2
Packages changed:
mariadb (10.2.29 -> 10.4.12)
==== mariadb ==== Version update (10.2.29 -> 10.4.12) Subpackages: mariadb-client mariadb-errormessages
- update the list of the skipped tests - test macros: clarify who is admin and user of the database, fix build with 10.4 - modified sources % macros.mariadb-test - disable testing with rpm macros as it does not work as for 10.4, needs to be investigated - remove @VERSION@ from mariadb.service and mariadb@.service - update to 10.4.12 [jsc#SLE-8269] * Changes & Improvements https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/ https://mariadb.com/kb/en/changes-improvements-in-mariadb-103/ * Fixes for the following security vulnerabilities: CVE-2020-2574 * don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb packages CVE-2020-7221 [bsc#1160868] - pack pam_user_map.so module in the /%{_lib}/security directory and user_map.conf configuration file in the /etc/security directory - fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895] - move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink attack [bsc#1160912] - change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be SUSE/openSUSE independent - enhance mariadb.service and mariadb@.service with various options (Documentation=, User=, Group=, KillSignal=, SendSIGKILL=, Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=, ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878] - mysql-systemd-helper: use systemd-tmpfiles instead of shell script operations for a cleaner and safer creating of /run/mysql [bsc#1160883] - pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow is a symlink to mysqldumpslow and the like) - update suse_skipped_tests.list - _constraints: increase physicalmemory value - package auth_pam_tool setuid binary properly - add cracklib-password-check subpackage but do not build it right now (cracklib-dict-full >= 2.9.0 is not available yet) - add rcmariadb compat link - add mariadb-rpmlintrc file - do not move my_safe_process to bindir but use rpmlint arch-dependent-file-in-usr-share exception for it (this file is used just for the testing and it doesn't have to be in bindir - added rpm test macros: %mysql_testserver_start, %mysql_testserver_cconf, %mysql_testserver_stop First two consuments are python-sortinghat and python-mysqlclient. - remove sql_mode from my.ini/my.cnf as NO_ENGINE_SUBSTITUTION and STRICT_TRANS_TABLES are already set by default from version 10.2.4 [bsc#1144314] - add "BuildRequires: python3" as some tests and myrocks_hotbackup script need python3. Make the PYTHON_SHEBANG value configurable [bsc#1142909] - add "Requires: python3-mysqlclient" that is needed by myrocks_hotbackup script - remove "innodb_file_format" option from my.ini (my.cnf) file that was removed in MariaDB 10.3.1. Also remove "innodb_file_per_table=ON" option that is by default ON and it's redundant now. - Use FAT LTO objects in order to provide proper static library. - refresh README.install and suse-test-run - rename libmysqld subpackage (embedded library) to libmariadbd as libmysqld.so was renamed to libmariadbd.so (MDEV-14953) - simplify removing static libs (we don't need to have .static) - add perl(Memoize) and perl(Symbol) to BuildRequires and Requires that are needed for tests - replace Requires pwdutils with shadow - build RocksDB only for x86_64 as other platforms are not supported - add the following patches * add mariadb-10.2.19-link-and-enable-c++11-atomics.patch to link against libatomic where necessary and use C++11 atomics instead of gcc built-in atomics * mariadb-10.4.12-harden_setuid.patch to harden auth_pam_tool setuid-root binary [bsc#1160285] * mariadb-10.4.12-fix-install-db.patch to improve default behaviour of mysql_install_db. This prevents performing security sensitive actions to be performed but instead only warns the caller (bsc#1160868) - refresh mariadb-10.2.4-fortify-and-O.patch - remove the following patches: * mysql-community-server-5.1.45-multi-configuration.patch as we have the same configuration in /etc/my.cnf and it doesn't make any sense to keep it twice. Moreover the patched file support-files/my-medium.cnf.sh was removed in upstream * mariadb-5.5.28-install_db-quiet.patch and add "--rpm" option to the mysql_install_db script that does basically the same [bsc#1080891] * mariadb-5.2.3-cnf.patch as all patched files were removed upstream * remove mariadb-10.1.12-deharcode-libdir.patch because it's not needed - we don't build libmariadb library in mariadb package anymore so we don't need to take care about LIBDIR and PLUGINDIR here. Moreover we shouldn't (and we don't) touch *_RPM variables as they are internal) [bsc#1080891] * mariadb-10.2.9-galera_cnf.patch as it's not clear what the correct path to galera wsrep provider is while users can use galera 3, galera 4 or galera compiled on their own
-- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org