Mailinglist Archive: opensuse-factory (355 mails)

< Previous Next >
[opensuse-factory] beware mariadb updaters (was: Leap 15.2 Build 607.3 released!)
Just a short warning:

When updating an existing installation of mariadb, make sure to backup
/var/lib/mysql before.
A mysqldump is not enough, because it cannot be easily restored:
https://bugzilla.opensuse.org/show_bug.cgi?id=1166786

And after updating, the database might be broken:
https://bugzilla.opensuse.org/show_bug.cgi?id=1166781

Am 18.03.20 um 10:07 schrieb openSUSE release team:
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&build=607.3&groupid=50
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.2

Packages changed:

mariadb (10.2.29 -> 10.4.12)

==== mariadb ====
Version update (10.2.29 -> 10.4.12)
Subpackages: mariadb-client mariadb-errormessages

- update the list of the skipped tests
- test macros: clarify who is admin and user of the database,
fix build with 10.4
- modified sources
% macros.mariadb-test
- disable testing with rpm macros as it does not work as for 10.4,
needs to be investigated
- remove @VERSION@ from mariadb.service and mariadb@.service
- update to 10.4.12 [jsc#SLE-8269]
* Changes & Improvements
https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/
https://mariadb.com/kb/en/changes-improvements-in-mariadb-103/
* Fixes for the following security vulnerabilities:
CVE-2020-2574
* don't let mysql_install_db set SUID bit for auth_pam_tool
in rpm/deb packages CVE-2020-7221 [bsc#1160868]
- pack pam_user_map.so module in the /%{_lib}/security directory
and user_map.conf configuration file in the /etc/security directory
- fix race condition with mysql_upgrade_info status file by moving
it to the location owned by root (/var/lib/misc) CVE-2019-18901
[bsc#1160895]
- move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade
to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't
use it for a symlink attack [bsc#1160912]
- change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be
SUSE/openSUSE independent
- enhance mariadb.service and mariadb@.service with various options
(Documentation=, User=, Group=, KillSignal=, SendSIGKILL=,
Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=,
ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878]
- mysql-systemd-helper: use systemd-tmpfiles instead of shell
script operations for a cleaner and safer creating of /run/mysql
[bsc#1160883]
- pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow
is a symlink to mysqldumpslow and the like)
- update suse_skipped_tests.list
- _constraints: increase physicalmemory value
- package auth_pam_tool setuid binary properly
- add cracklib-password-check subpackage but do not build it right
now (cracklib-dict-full >= 2.9.0 is not available yet)
- add rcmariadb compat link
- add mariadb-rpmlintrc file
- do not move my_safe_process to bindir but use rpmlint
arch-dependent-file-in-usr-share exception for it (this file
is used just for the testing and it doesn't have to be in bindir
- added rpm test macros: %mysql_testserver_start,
%mysql_testserver_cconf, %mysql_testserver_stop
First two consuments are python-sortinghat and python-mysqlclient.
- remove sql_mode from my.ini/my.cnf as NO_ENGINE_SUBSTITUTION and
STRICT_TRANS_TABLES are already set by default from version
10.2.4 [bsc#1144314]
- add "BuildRequires: python3" as some tests and myrocks_hotbackup
script need python3. Make the PYTHON_SHEBANG value configurable
[bsc#1142909]
- add "Requires: python3-mysqlclient" that is needed by
myrocks_hotbackup script
- remove "innodb_file_format" option from my.ini (my.cnf) file that
was removed in MariaDB 10.3.1. Also remove "innodb_file_per_table=ON"
option that is by default ON and it's redundant now.
- Use FAT LTO objects in order to provide proper static library.
- refresh README.install and suse-test-run
- rename libmysqld subpackage (embedded library) to libmariadbd as
libmysqld.so was renamed to libmariadbd.so (MDEV-14953)
- simplify removing static libs (we don't need to have .static)
- add perl(Memoize) and perl(Symbol) to BuildRequires and Requires
that are needed for tests
- replace Requires pwdutils with shadow
- build RocksDB only for x86_64 as other platforms are not supported
- add the following patches
* add mariadb-10.2.19-link-and-enable-c++11-atomics.patch to link
against libatomic where necessary and use C++11 atomics instead
of gcc built-in atomics
* mariadb-10.4.12-harden_setuid.patch to harden auth_pam_tool
setuid-root binary [bsc#1160285]
* mariadb-10.4.12-fix-install-db.patch to improve default behaviour
of mysql_install_db. This prevents performing security sensitive
actions to be performed but instead only warns the caller
(bsc#1160868)
- refresh mariadb-10.2.4-fortify-and-O.patch
- remove the following patches:
* mysql-community-server-5.1.45-multi-configuration.patch as
we have the same configuration in /etc/my.cnf and it doesn't make
any sense to keep it twice. Moreover the patched file
support-files/my-medium.cnf.sh was removed in upstream
* mariadb-5.5.28-install_db-quiet.patch and add "--rpm"
option to the mysql_install_db script that does basically the same
[bsc#1080891]
* mariadb-5.2.3-cnf.patch as all patched files were removed
upstream
* remove mariadb-10.1.12-deharcode-libdir.patch because it's not
needed - we don't build libmariadb library in mariadb package
anymore so we don't need to take care about LIBDIR and PLUGINDIR
here. Moreover we shouldn't (and we don't) touch *_RPM
variables as they are internal) [bsc#1080891]
* mariadb-10.2.9-galera_cnf.patch as it's not clear what the
correct path to galera wsrep provider is while users can use
galera 3, galera 4 or galera compiled on their own

--
Stefan Seyfried

"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >