diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-02-14 00:10:38 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-02-14 13:29:59 +0100 |
commit | 9a5f4fd634196e1d4257a31e89f24291b0398bc5 (patch) | |
tree | 5f72d2084eabe69bc9de29236c66dcca240198be /patches/source/mariadb | |
parent | eb19d645697c4935cc1041de9e9ec2946c0bdb46 (diff) | |
download | current-9a5f4fd634196e1d4257a31e89f24291b0398bc5.tar.gz |
Mon Feb 14 00:10:38 UTC 202220220214001038_15.0
patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
(* Security fix *)
Diffstat (limited to 'patches/source/mariadb')
-rw-r--r-- | patches/source/mariadb/doinst.sh | 36 | ||||
-rwxr-xr-x | patches/source/mariadb/mariadb.SlackBuild | 229 | ||||
-rw-r--r-- | patches/source/mariadb/mirror.url | 1 | ||||
-rw-r--r-- | patches/source/mariadb/rc.mysqld | 87 | ||||
-rw-r--r-- | patches/source/mariadb/slack-desc | 19 |
5 files changed, 372 insertions, 0 deletions
diff --git a/patches/source/mariadb/doinst.sh b/patches/source/mariadb/doinst.sh new file mode 100644 index 00000000..b106e2fe --- /dev/null +++ b/patches/source/mariadb/doinst.sh @@ -0,0 +1,36 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.mysqld.new: +if [ -e etc/rc.d/rc.mysqld ]; then + cp -a etc/rc.d/rc.mysqld etc/rc.d/rc.mysqld.new.incoming + cat etc/rc.d/rc.mysqld.new > etc/rc.d/rc.mysqld.new.incoming + mv etc/rc.d/rc.mysqld.new.incoming etc/rc.d/rc.mysqld.new +fi + +config etc/rc.d/rc.mysqld.new +config etc/mysqlaccess.conf.new +config etc/my.cnf.new +config etc/my.cnf.d/client.cnf.new +config etc/my.cnf.d/mysql-clients.cnf.new +config etc/my.cnf.d/s3.cnf.new +config etc/my.cnf.d/server.cnf.new +config etc/my.cnf.d/spider.cnf.new +config etc/logrotate.d/mysql.new + +# This one is only comments, so remove it if it's left behind: +if [ -r etc/security/user_map.conf.new ]; then + config etc/security/user_map.conf.new +fi +rm -f etc/security/user_map.conf.new + diff --git a/patches/source/mariadb/mariadb.SlackBuild b/patches/source/mariadb/mariadb.SlackBuild new file mode 100755 index 00000000..da5a11c2 --- /dev/null +++ b/patches/source/mariadb/mariadb.SlackBuild @@ -0,0 +1,229 @@ +#!/bin/bash + +# Copyright 2008, 2009, 2010, 2012, 2013, 2014, 2017, 2018, 2020, 2021 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2011, 2012, 2013, 2014, 2017 Heinz Wiesinger, Amsterdam, The Netherlands +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Build and install MySQL on Slackware +# by: David Cantrell <david@slackware.com> +# MariaDB conversion by: Heinz Wiesinger <pprkut@liwjatan.at> +# Also maintained by: Patrick Volkerding <volkerdi@slackware.com> + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=mariadb +VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +# To reduce the package size, the embedded server may be omitted. Currently +# only amarok uses this. To build without embedded support, set this to NO. +EMBEDDED=${EMBEDDED:-YES} + +# Add a description tag to the $BUILD. This is used by +# "build_embedded_package.sh" to mark packages containing the embedded server, +# but can optionally be used with any kind of custom tag desired. +TAG=${TAG:-} + +# Don't keep the large static libraries by default: +KEEPSTATIC=${KEEPSTATIC:-NO} + +# Don't keep the test suite by default: +KEEPTESTS=${KEEPTESTS:-NO} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-${BUILD}${TAG}.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} +TMP=${TMP:-/tmp} +PKG=$TMP/package-${PKGNAM} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf ${PKGNAM}-$VERSION +tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z || exit 1 +cd ${PKGNAM}-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +mkdir build +cd build +cmake \ + -DCMAKE_C_FLAGS="$SLKCFLAGS" \ + -DCMAKE_CXX_FLAGS="$SLKCFLAGS" \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DFEATURE_SET="community" \ + -DINSTALL_LAYOUT="RPM" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DINSTALL_LIBDIR="lib${LIBDIRSUFFIX}" \ + -DINSTALL_SBINDIR=libexec \ + -DINSTALL_INCLUDEDIR=include/mysql \ + -DINSTALL_MYSQLSHAREDIR=share/mysql \ + -DINSTALL_SQLBENCHDIR= \ + -DINSTALL_MYSQLTESTDIR=mysql-test \ + -DINSTALL_MANDIR=man \ + -DINSTALL_PLUGINDIR="lib${LIBDIRSUFFIX}/mysql/plugin" \ + -DINSTALL_SCRIPTDIR=bin \ + -DINSTALL_SUPPORTFILESDIR=share/mysql \ + -DINSTALL_MYSQLDATADIR="/var/lib/mysql" \ + -DINSTALL_DOCREADMEDIR="doc/${PKGNAM}-$VERSION" \ + -DINSTALL_DOCDIR="doc/${PKGNAM}-$VERSION" \ + -DMYSQL_DATADIR="/var/lib/mysql" \ + -DMYSQL_UNIX_ADDR="/var/run/mysql/mysql.sock" \ + -DWITH_EXTRA_CHARSETS=complex \ + -DWITH_INNOBASE_STORAGE_ENGINE=1 \ + -DENABLED_LOCAL_INFILE=ON \ + -DWITH_EMBEDDED_SERVER=${EMBEDDED} \ + -DWITH_LIBARCHIVE=ON \ + -DWITH_READLINE=ON \ + -DWITH_JEMALLOC=system \ + -DWITH_ZLIB=system \ + -DWITH_EXTERNAL_ZLIB=ON \ + -DWITH_SSL=system \ + -DCONC_WITH_SSL=ON \ + -DUSE_ARIA_FOR_TMP_TABLES=ON \ + -DAWS_SDK_EXTERNAL_PROJECT=OFF \ + .. || exit 1 + +# doesn't currently compile +# -DWITH_ROCKSDB_JEMALLOC=ON \ + +# not building with libwrap. Do we still need tcp_wrappers support? +# -DWITH_LIBWRAP=ON \ + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Sorry, I'm not going to put up with "/etc/systemd/" just for a config file +# that isn't really needed anyway: +rm -rf $PKG/etc/systemd + +# Leave build directory: +cd .. + +# Install innotop +install -m755 debian/additions/innotop/innotop $PKG/usr/bin/ +install -m644 debian/additions/innotop/innotop.1 $PKG/usr/man/man1/ + +# Install mysqlreport +install -m755 debian/additions/mysqlreport $PKG/usr/bin/ +install -m644 debian/additions/mysqlreport.1 $PKG/usr/man/man1/ + +if [ "$KEEPSTATIC" = "NO" ]; then + # Remove large static libraries: + rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libmariadbclient.a + rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libmariadbd.a + rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libmysqlclient.a + rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libmysqlclient_r.a + rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libmysqld.a +fi + +if [ "$KEEPTESTS" = "NO" ]; then + # Do not include the test suite: + rm -rf $PKG/usr/mysql-test +fi + +# Locate PAM module(s) correctly: +if [ -d $PKG/lib/security ]; then + if [ ! "lib" = "lib${LIBDIRSUFFIX}" ]; then + mkdir -p $PKG/lib${LIBDIRSUFFIX} + mv $PKG/lib/security $PKG/lib${LIBDIRSUFFIX}/security + rmdir $PKG/lib 2> /dev/null + fi +fi + +# The ./configure option to omit this has gone away, so we'll omit it +# the old-fashioned way. It's all in the source tarball if you need it. +rm -rf $PKG/usr/sql-bench + +# This is the directory where databases are stored +mkdir -p $PKG/var/lib/mysql +chown mysql.mysql $PKG/var/lib/mysql +chmod 0750 $PKG/var/lib/mysql + +# This is where the socket is stored +mkdir -p $PKG/var/run/mysql +chown mysql.mysql $PKG/var/run/mysql +chmod 0755 $PKG/var/run/mysql + +# Add init script: +mkdir -p $PKG/etc/rc.d +# This is installed chmod 644 so that the server does not run by default. +zcat $CWD/rc.mysqld.gz > $PKG/etc/rc.d/rc.mysqld.new +rm -rf $PKG/etc/init.d $PKG/usr/libexec/rcmysql + +# Install mysqlaccess.conf +install -m 644 scripts/mysqlaccess.conf $PKG/etc/mysqlaccess.conf.new + +# Mark config files under /etc as .new +mv $PKG/etc/my.cnf $PKG/etc/my.cnf.new +mv $PKG/etc/security/user_map.conf $PKG/etc/security/user_map.conf.new +mv $PKG/etc/logrotate.d/mysql $PKG/etc/logrotate.d/mysql.new +for i in client mysql-clients s3 server spider ; do + mv $PKG/etc/my.cnf.d/$i.cnf $PKG/etc/my.cnf.d/$i.cnf.new +done + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-${BUILD}${TAG}.txz + diff --git a/patches/source/mariadb/mirror.url b/patches/source/mariadb/mirror.url new file mode 100644 index 00000000..17354301 --- /dev/null +++ b/patches/source/mariadb/mirror.url @@ -0,0 +1 @@ +ftp://ftp.osuosl.org/pub/mariadb/ diff --git a/patches/source/mariadb/rc.mysqld b/patches/source/mariadb/rc.mysqld new file mode 100644 index 00000000..1844fe27 --- /dev/null +++ b/patches/source/mariadb/rc.mysqld @@ -0,0 +1,87 @@ +#!/bin/sh +# Start/stop/restart mysqld. +# +# Copyright 2003 Patrick J. Volkerding, Concord, CA +# Copyright 2003 Slackware Linux, Inc., Concord, CA +# Copyright 2008, 2013 Patrick J. Volkerding, Sebeka, MN, USA +# +# This program comes with NO WARRANTY, to the extent permitted by law. +# You may redistribute copies of this program under the terms of the +# GNU General Public License. + +# To start MariaDB automatically at boot, be sure this script is executable: +# chmod 755 /etc/rc.d/rc.mysqld + +# Before you can run MariaDB, you must have a database. To install an initial +# database, do this as root: +# +# mysql_install_db --user=mysql +# +# Note that the mysql user must exist in /etc/passwd, and the created files +# will be owned by this dedicated user. This is important, or else mysql +# (which runs as user "mysql") will not be able to write to the database +# later (this can be fixed with 'chown -R mysql.mysql /var/lib/mysql'). +# +# To increase system security, consider using "mysql_secure_installation" +# as well. For more information on this tool, please read: +# man mysql_secure_installation + +# To allow outside connections to the database comment out the next line. +# If you don't need incoming network connections, then leave the line +# uncommented to improve system security. +SKIP="--skip-networking" + +# Start mysqld: +mysqld_start() { + if [ -x /usr/bin/mysqld_safe ]; then + # If there is an old PID file (no mysqld running), clean it up: + if [ -r /var/run/mysql/mysql.pid ]; then + if ! ps axc | grep mysqld 1> /dev/null 2> /dev/null ; then + echo "Cleaning up old /var/run/mysql/mysql.pid." + rm -f /var/run/mysql/mysql.pid + fi + fi + + /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysql.pid $SKIP & + fi +} + +# Stop mysqld: +mysqld_stop() { + # If there is no PID file, ignore this request... + if [ -r /var/run/mysql/mysql.pid ]; then + PID=$(cat /var/run/mysql/mysql.pid) + kill $PID + # Wait at least one minute for it to exit, as we don't know how big the DB is... + for second in $(seq 0 60) ; do + if [ ! -r /var/run/mysql/mysql.pid ]; then + break; + fi + sleep 1 + done + if [ "$second" = "60" ]; then + echo "WARNING: Gave up waiting for mysqld to exit!" + sleep 15 + fi + fi +} + +# Restart mysqld: +mysqld_restart() { + mysqld_stop + mysqld_start +} + +case "$1" in +'start') + mysqld_start + ;; +'stop') + mysqld_stop + ;; +'restart') + mysqld_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/patches/source/mariadb/slack-desc b/patches/source/mariadb/slack-desc new file mode 100644 index 00000000..af139d6e --- /dev/null +++ b/patches/source/mariadb/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +mariadb: mariadb (Drop-in replacement for the MySQL Database Server) +mariadb: +mariadb: MariaDB is a backward compatible, drop-in replacement branch of the +mariadb: MySQL(R) Database Server. It includes all major open source storage +mariadb: engines, including the Aria storage engine. +mariadb: +mariadb: Homepage: http://mariadb.org/ +mariadb: +mariadb: +mariadb: +mariadb: |