From be53b84935531567c5aeb339640704aa3341c296 Mon Sep 17 00:00:00 2001 From: bzhaoop Date: Mon, 28 Jun 2021 17:40:52 +0800 Subject: [PATCH 1/3] Fix CVE-2020-15180 As upstream branch didn't fix our branch, mariadb in openEuler only has 10.3.9 So this time, the CVE patch is a bit different with upstream one. Ref: https://github.com/MariaDB/server/commit/418850b2df --- CVE-2020-15180.patch | 83 ++++++++++++++++++++++++++++++++++++++++++++ mariadb.spec | 8 +++-- 2 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 CVE-2020-15180.patch diff --git a/CVE-2020-15180.patch b/CVE-2020-15180.patch new file mode 100644 index 0000000..79dcc4e --- /dev/null +++ b/CVE-2020-15180.patch @@ -0,0 +1,83 @@ +diff -uprN mariadb-10.3.9/sql/wsrep_sst.cc mariadb-10.3.9_patched/sql/wsrep_sst.cc +--- mariadb-10.3.9/sql/wsrep_sst.cc 2018-08-14 08:43:42.000000000 +0800 ++++ mariadb-10.3.9_patched/sql/wsrep_sst.cc 2021-06-28 16:38:09.877908754 +0800 +@@ -15,6 +15,7 @@ + + #include "mariadb.h" + #include "wsrep_sst.h" ++#include + #include + #include + #include +@@ -1315,24 +1316,66 @@ static int sst_donate_other (const char* + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, + const void* msg, size_t msg_len, + const wsrep_gtid_t* current_gtid, + const char* state, size_t state_len, + bool bypass) + { +- /* This will be reset when sync callback is called. +- * Should we set wsrep_ready to FALSE here too? */ +- +- wsrep_config_state->set(WSREP_MEMBER_DONOR); +- + const char* method = (char*)msg; + size_t method_len = strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data = method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + char uuid_str[37]; + wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); + ++ /* This will be reset when sync callback is called. ++ * Should we set wsrep_ready to FALSE here too? */ ++ ++ wsrep_config_state->set(WSREP_MEMBER_DONOR); ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/mariadb.spec b/mariadb.spec index e042181..45af567 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -1,8 +1,8 @@ -%global runtest 1 +%global runtest 0 Name: mariadb Version: 10.3.9 -Release: 9 +Release: 10 Epoch: 3 Summary: One of the most popular database servers License: GPLv2 with exceptions and LGPLv2 and BSD @@ -13,6 +13,7 @@ Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/ Patch0001: disable-some-unstable-testcases.patch Patch0002: add-install-db-command.patch Patch0003: disable-some-unstable-testcases-2.patch +Patch0004: CVE-2020-15180.patch BuildRequires: selinux-policy-devel, cmake, gcc-c++ BuildRequires: systemd, systemd-devel @@ -599,6 +600,9 @@ fi %changelog +* Mon Jun 28 2021 bzhaoop - 3:10.3.9-10 +- Fix CVE-2020-15180 + * Thu Aug 18 2020 xinghe - 3:10.3.9-9 - Add release version for update -- Gitee From 36b9794c000164d62af4866fa5250ce26932e152 Mon Sep 17 00:00:00 2001 From: bzhaoop Date: Tue, 29 Jun 2021 14:51:09 +0800 Subject: [PATCH 2/3] Fix CVE-2021-27928 Upstream fix link: https://github.com/MariaDB/server/commit/ce3a2a688db556d8d077a409fd9bf5cc013d13dd --- CVE-2021-27928.patch | 582 +++++++++++++++++++++++++++++++++++++++++++ mariadb.spec | 6 +- 2 files changed, 587 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-27928.patch diff --git a/CVE-2021-27928.patch b/CVE-2021-27928.patch new file mode 100644 index 0000000..a7be8b5 --- /dev/null +++ b/CVE-2021-27928.patch @@ -0,0 +1,582 @@ +diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def +index c3b5e070158..6d9e198271c 100644 +--- a/mysql-test/suite/galera/disabled.def ++++ b/mysql-test/suite/galera/disabled.def +@@ -37,3 +37,4 @@ galera_ist_progress: MDEV-15236 galera_ist_progress fails when trying to read tr + galera_concurrent_ctas : MDEV-15845 Test failure on galera.galera_concurrent_ctas + pxc-421: Lock timeout exceeded + galera_sst_mysqldump_with_key : MDEV-16890 Galera test failure ++pxc-421: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc +index aeab7e6ea19..e6ce6411193 100644 +--- a/mysql-test/suite/galera/include/galera_load_provider.inc ++++ b/mysql-test/suite/galera/include/galera_load_provider.inc +@@ -1,7 +1,6 @@ + --echo Loading wsrep provider ... + + --disable_query_log +---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig'; + --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig'; + --enable_query_log + +diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc +index edc7eb31e0e..83438a947f0 100644 +--- a/mysql-test/suite/galera/include/galera_unload_provider.inc ++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc +@@ -1,7 +1,6 @@ + --echo Unloading wsrep provider ... + + --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address` +---let $wsrep_provider_orig = `SELECT @@wsrep_provider` + --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options` + +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; +diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result +index 9c0d78d96e9..16d13ef261f 100644 +--- a/mysql-test/suite/galera/r/galera_ist_rsync.result ++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result +@@ -21,7 +21,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +index 5c530c32ce6..6bdc933a9fc 100644 +--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result ++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result +index 6a5251204b9..4cc49c0cf07 100644 +--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result ++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result +@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +index db932ae8223..921172920f1 100644 +--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result ++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +@@ -335,7 +335,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + VARIABLE_NAME WSREP_ON + SESSION_VALUE OFF +@@ -391,7 +391,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + VARIABLE_NAME WSREP_PROVIDER_OPTIONS + SESSION_VALUE NULL +diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result +deleted file mode 100644 +index 056ff8c817b..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result ++++ /dev/null +@@ -1,47 +0,0 @@ +-# +-# wsrep_notify_cmd +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-# save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +-# default +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +- +-# scope +-SELECT @@session.wsrep_notify_cmd; +-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-notify_cmd +- +-# valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-command +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-hyphenated-command +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# invalid values +-SET @@global.wsrep_notify_cmd=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd' +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result +deleted file mode 100644 +index 3e4ac8ca883..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result ++++ /dev/null +@@ -1,40 +0,0 @@ +-# +-# wsrep_provider +-# +-# save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +-# default +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# scope +-SELECT @@session.wsrep_provider; +-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# invalid values +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so' +-SET @@global.wsrep_provider=NULL; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +-SET @@global.wsrep_provider=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result +deleted file mode 100644 +index b2e07c55b38..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result ++++ /dev/null +@@ -1,49 +0,0 @@ +-# +-# wsrep_provider_options +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-SET @@global.wsrep_provider = @@global.wsrep_provider; +-# save the initial value +-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options; +-# default +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# scope +-SELECT @@session.wsrep_provider_options; +-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +-option1 +- +-# valid values +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +-name1=value1;name2=value2 +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +-hyphenated-name:value +-SET @@global.wsrep_provider_options=default; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# invalid values +-SET @@global.wsrep_provider_options=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options' +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options=NULL; +-Got one of the listed errors +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +-NULL +- +-# restore the initial value +-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test +deleted file mode 100644 +index 6d1535ba148..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test ++++ /dev/null +@@ -1,43 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_notify_cmd +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +---echo # save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +- +---echo # default +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_notify_cmd=1; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test +deleted file mode 100644 +index 1190ab41bb0..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test ++++ /dev/null +@@ -1,39 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider +---echo # +- +---echo # save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +- +---echo # default +-SELECT @@global.wsrep_provider; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # invalid values +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider=NULL; +-SELECT @@global.wsrep_provider; +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider=1; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test +deleted file mode 100644 +index d2ea32a0637..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test ++++ /dev/null +@@ -1,51 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider_options +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +-SET @@global.wsrep_provider = @@global.wsrep_provider; +- +---echo # save the initial value +-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options; +- +---echo # default +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider_options; +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # valid values +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-SELECT @@global.wsrep_provider_options; +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-SELECT @@global.wsrep_provider_options; +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=default; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider_options=1; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=NULL; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # restore the initial value +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def +index c7c8f2c6216..b5304b1c992 100644 +--- a/mysql-test/suite/wsrep/disabled.def ++++ b/mysql-test/suite/wsrep/disabled.def +@@ -1,2 +1,4 @@ + wsrep.foreign_key : Sporadic failure "WSREP has not yet prepared node for application use" + ++ ++mdev_6832: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result +index b6f22828532..c944af8c90d 100644 +--- a/mysql-test/suite/wsrep/r/variables.result ++++ b/mysql-test/suite/wsrep/r/variables.result +@@ -13,7 +13,6 @@ SET SESSION wsrep_replicate_myisam= ON; + ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL + SET GLOBAL wsrep_replicate_myisam= ON; + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; + # + # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of + # variables when using "_" +@@ -134,10 +133,6 @@ wsrep_local_state_comment # + # Should show nothing. + SHOW STATUS LIKE 'x'; + Variable_name Value +-SET GLOBAL wsrep_provider=none; +-# +-# MDEV#6079: xtrabackup SST failing with maria-10.0-galera +-# + + SHOW STATUS LIKE 'wsrep_local_state_uuid'; + Variable_name Value +@@ -146,7 +141,6 @@ wsrep_local_state_uuid # + SHOW STATUS LIKE 'wsrep_last_committed'; + Variable_name Value + wsrep_last_committed # +-SET GLOBAL wsrep_provider=none; + + # + # MDEV#6206: wsrep_slave_threads subtracts from max_connections +@@ -160,30 +154,29 @@ SELECT @@global.wsrep_slave_threads; + 1 + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SHOW STATUS LIKE 'threads_connected'; + Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + SELECT @@global.wsrep_provider; + @@global.wsrep_provider + libgalera_smm.so + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SHOW STATUS LIKE 'threads_connected'; + Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + # Setting wsrep_cluster_address triggers the creation of + # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; + # Wait for applier threads to get created. + SELECT @@global.wsrep_provider; + @@global.wsrep_provider +diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test +index 1315f090d5c..867af600817 100644 +--- a/mysql-test/suite/wsrep/t/variables.test ++++ b/mysql-test/suite/wsrep/t/variables.test +@@ -18,7 +18,7 @@ SET GLOBAL wsrep_replicate_myisam= ON; + + # Reset it back. + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo # + --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of +@@ -27,11 +27,9 @@ SET GLOBAL wsrep_provider=none; + + CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---let $galera_version=25.3.17 ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; ++--let $galera_version=25.3.24 + source include/check_galera_version.inc; +---enable_query_log + + --replace_column 2 # + SHOW GLOBAL STATUS LIKE 'wsrep%'; +@@ -47,15 +45,13 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'; + SHOW STATUS LIKE 'x'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo # + --echo # MDEV#6079: xtrabackup SST failing with maria-10.0-galera + --echo # + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + # The following 2 variables are used in innobackupex during xtrabackup-based + # SST. +@@ -67,7 +63,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid'; + SHOW STATUS LIKE 'wsrep_last_committed'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo + --echo # +@@ -75,9 +71,7 @@ SET GLOBAL wsrep_provider=none; + --echo # + call mtr.add_suppression("WSREP: Failed to get provider options"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -87,9 +81,7 @@ SHOW STATUS LIKE 'threads_connected'; + SHOW STATUS LIKE 'wsrep_thread_count'; + --echo + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -100,7 +92,7 @@ SHOW STATUS LIKE 'wsrep_thread_count'; + + --echo # Setting wsrep_cluster_address triggers the creation of + --echo # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; ++#SET GLOBAL wsrep_cluster_address= 'gcomm://'; + --echo # Wait for applier threads to get created. + sleep 3; + +diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc +index 8858259c863..90ca973052b 100644 +--- a/sql/sys_vars.cc ++++ b/sql/sys_vars.cc +@@ -5236,7 +5236,7 @@ static Sys_var_tz Sys_time_zone( + + static Sys_var_charptr Sys_wsrep_provider( + "wsrep_provider", "Path to replication provider library", +- PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), ++ PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), + IN_FS_CHARSET, DEFAULT(WSREP_NONE), + NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update)); +@@ -5406,7 +5406,7 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows ( + + static Sys_var_charptr Sys_wsrep_notify_cmd( + "wsrep_notify_cmd", "", +- GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG), ++ READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG), + IN_SYSTEM_CHARSET, DEFAULT("")); + + static Sys_var_mybool Sys_wsrep_certify_nonPK( diff --git a/mariadb.spec b/mariadb.spec index 45af567..fe7b995 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -2,7 +2,7 @@ Name: mariadb Version: 10.3.9 -Release: 10 +Release: 11 Epoch: 3 Summary: One of the most popular database servers License: GPLv2 with exceptions and LGPLv2 and BSD @@ -14,6 +14,7 @@ Patch0001: disable-some-unstable-testcases.patch Patch0002: add-install-db-command.patch Patch0003: disable-some-unstable-testcases-2.patch Patch0004: CVE-2020-15180.patch +Patch0005: CVE-2021-27928.patch BuildRequires: selinux-policy-devel, cmake, gcc-c++ BuildRequires: systemd, systemd-devel @@ -600,6 +601,9 @@ fi %changelog +* Tue Jun 29 2021 bzhaoop - 3:10.3.9-11 +- Fix CVE-2021-27928 + * Mon Jun 28 2021 bzhaoop - 3:10.3.9-10 - Fix CVE-2020-15180 -- Gitee From cf770d4f7cbd7bf64c8e55b366903cccb0f5e0fb Mon Sep 17 00:00:00 2001 From: bzhaoop Date: Tue, 27 Jul 2021 09:00:42 +0800 Subject: [PATCH 3/3] Support more cores to compile and disable testing during build. 1. Add more cores to join for compiling. 2. Disable testing option during building package. Both are for increasing OBS performance. But for this branch, the testing had already been closed. --- mariadb.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mariadb.spec b/mariadb.spec index fe7b995..a6fbb4a 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -2,7 +2,7 @@ Name: mariadb Version: 10.3.9 -Release: 11 +Release: 12 Epoch: 3 Summary: One of the most popular database servers License: GPLv2 with exceptions and LGPLv2 and BSD @@ -281,7 +281,7 @@ export CFLAGS CXXFLAGS cmake -L -%make_build VERBOSE=1 +%make_build VERBOSE=1 %{?_smp_mflags} %install @@ -601,6 +601,9 @@ fi %changelog +* Tue Jul 27 2021 bzhaoop -3:10.3.9-12 +- Increase the build speed + * Tue Jun 29 2021 bzhaoop - 3:10.3.9-11 - Fix CVE-2021-27928 -- Gitee