extra/mariadb to 10.3.12-5

2024-11-28 22:57:37 +00:00 · 2019-01-26 22:13:57 +00:00 · 2019-01-26 22:13:57 +00:00 · 50bc84e8fa
commit 50bc84e8fa
parent 3ef72eca4b
3 changed files with 57 additions and 6 deletions
--- a/extra/mariadb/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
+++ b/extra/mariadb/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
@ -1,5 +1,18 @@
+From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicentiu@mariadb.org>
+Date: Thu, 24 Jan 2019 00:58:20 +0200
+Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files
+
+If the rlimit.rlim_cur value returned by getrlimit is not the
+RLIM_INFINITY magic constant, but a *very* large number, we can allocate
+too many open files. Restrict set_max_open_files to only return at most
+max_file_limit, as passed via its parameter.
+---
+ mysys/my_file.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
 diff --git a/mysys/my_file.c b/mysys/my_file.c
-index a23ab487d00..23226595b2e 100644
+index 8d01285a94b..b3aef8494cb 100644
 --- a/mysys/my_file.c
 +++ b/mysys/my_file.c
@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit)
--- a/extra/mariadb/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
+++ b/extra/mariadb/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
@ -0,0 +1,32 @@
+From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Fri, 25 Jan 2019 14:50:53 +0100
+Subject: fix galera_recovery with fs.protected_regular enabled
+
+The fs.protected_regular sysctls was added in Linux 4.19 to make some
+data spoofing attacks harder. With systemd v241 these will be enabled
+by default.
+
+With this protection enabled galera_recovery fails with EPERM
+(permission denied). This is caused by a wrong security measure:
+The script changes ownership of $log_file to $user, though $user never
+touches it. The shell redirection writes output to the file, not mysqld.
+So just drop chown to fix this.
+---
+ scripts/galera_recovery.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index c58f3d8f6b9..c70decc0005 100644
+--- a/scripts/galera_recovery.sh
+++ b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+ 
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+-  [ "$euid" = "0" ] && chown $user $log_file
+-      chmod 600 $log_file
+  chmod 600 $log_file
+ else
+   log "WSREP: mktemp failed"
+ fi
--- a/extra/mariadb/PKGBUILD
+++ b/extra/mariadb/PKGBUILD
@ -9,7 +9,7 @@ pkgbase=mariadb
 pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop')
 pkgdesc='Fast SQL database server, derived from MySQL'
 pkgver=10.3.12
-pkgrel=4
+pkgrel=5
 arch=('x86_64')
 license=('GPL')
 url='https://mariadb.org/'
@ -17,11 +17,13 @@ makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo'
             'openssl' 'systemd' 'zlib' 'zstd')
 validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key <package-signing-key@mariadb.org>
 source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
-        '0001-systemd-240.patch'
+        '0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch'
+        '0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch'
        'atomic.patch')
 sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6'
            'SKIP'
-            'd57500014f50d73fe7f35a4503488fb1008bbd15cbcc6ec9aa927fc801e816f4'
+            'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7'
+            '66e0acac7436fd8925710ef5cc66ba1a8f63a385ce374f01ae83096cc33d97a0'
            '7769fd8eb2bb3a6644a2200d01918ff887be25638d79dbec25897fe0d87badc4')

 prepare() {
@ -45,11 +47,15 @@ prepare() {
  # fix path to our config
  sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset}

-  # fix memory allocation and OOM with systemd >= 240
+  # MDEV-18360 Prevent set_max_open_files from allocating too many files
  # https://bugs.archlinux.org/task/61433
  # https://github.com/systemd/systemd/issues/11510
  # https://jira.mariadb.org/browse/MDEV-18360
-  patch -Np1 < ../0001-systemd-240.patch
+  patch -Np1 < ../0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
+
+  # fix galera_recovery with fs.protected_regular enabled
+  # https://github.com/MariaDB/server/pull/1137
+  patch -Np1 < ../0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch

  if [[ $CARCH == arm || $CARCH == armv6h ]]; then
    patch -p0 -i ../atomic.patch