extra/mariadb to 10.3.12-5

This commit is contained in:
Kevin Mihelich 2019-01-26 22:13:57 +00:00
parent 3ef72eca4b
commit 50bc84e8fa
3 changed files with 57 additions and 6 deletions

View file

@ -1,5 +1,18 @@
From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicentiu@mariadb.org>
Date: Thu, 24 Jan 2019 00:58:20 +0200
Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files
If the rlimit.rlim_cur value returned by getrlimit is not the
RLIM_INFINITY magic constant, but a *very* large number, we can allocate
too many open files. Restrict set_max_open_files to only return at most
max_file_limit, as passed via its parameter.
---
mysys/my_file.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/mysys/my_file.c b/mysys/my_file.c
index a23ab487d00..23226595b2e 100644
index 8d01285a94b..b3aef8494cb 100644
--- a/mysys/my_file.c
+++ b/mysys/my_file.c
@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit)

View file

@ -0,0 +1,32 @@
From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 25 Jan 2019 14:50:53 +0100
Subject: fix galera_recovery with fs.protected_regular enabled
The fs.protected_regular sysctls was added in Linux 4.19 to make some
data spoofing attacks harder. With systemd v241 these will be enabled
by default.
With this protection enabled galera_recovery fails with EPERM
(permission denied). This is caused by a wrong security measure:
The script changes ownership of $log_file to $user, though $user never
touches it. The shell redirection writes output to the file, not mysqld.
So just drop chown to fix this.
---
scripts/galera_recovery.sh | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
index c58f3d8f6b9..c70decc0005 100644
--- a/scripts/galera_recovery.sh
+++ b/scripts/galera_recovery.sh
@@ -101,8 +101,7 @@ wsrep_recover_position() {
# Safety checks
if [ -n "$log_file" -a -f "$log_file" ]; then
- [ "$euid" = "0" ] && chown $user $log_file
- chmod 600 $log_file
+ chmod 600 $log_file
else
log "WSREP: mktemp failed"
fi

View file

@ -9,7 +9,7 @@ pkgbase=mariadb
pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop')
pkgdesc='Fast SQL database server, derived from MySQL'
pkgver=10.3.12
pkgrel=4
pkgrel=5
arch=('x86_64')
license=('GPL')
url='https://mariadb.org/'
@ -17,11 +17,13 @@ makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo'
'openssl' 'systemd' 'zlib' 'zstd')
validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key <package-signing-key@mariadb.org>
source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
'0001-systemd-240.patch'
'0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch'
'0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch'
'atomic.patch')
sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6'
'SKIP'
'd57500014f50d73fe7f35a4503488fb1008bbd15cbcc6ec9aa927fc801e816f4'
'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7'
'66e0acac7436fd8925710ef5cc66ba1a8f63a385ce374f01ae83096cc33d97a0'
'7769fd8eb2bb3a6644a2200d01918ff887be25638d79dbec25897fe0d87badc4')
prepare() {
@ -45,11 +47,15 @@ prepare() {
# fix path to our config
sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset}
# fix memory allocation and OOM with systemd >= 240
# MDEV-18360 Prevent set_max_open_files from allocating too many files
# https://bugs.archlinux.org/task/61433
# https://github.com/systemd/systemd/issues/11510
# https://jira.mariadb.org/browse/MDEV-18360
patch -Np1 < ../0001-systemd-240.patch
patch -Np1 < ../0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
# fix galera_recovery with fs.protected_regular enabled
# https://github.com/MariaDB/server/pull/1137
patch -Np1 < ../0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
if [[ $CARCH == arm || $CARCH == armv6h ]]; then
patch -p0 -i ../atomic.patch