New upstream release. Addresses:
CVE-2019-2805
CVE-2019-2740
CVE-2019-2739
CVE-2019-2737
CVE-2019-2758
Package updates:
- includes "THIRDPARTY" in PKG_LICENSE_FILES
- drops client_ed25519 as a dynamic plugin and install it with the lib
as per upstream decision
- refreshes patches
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Now that libaio compiles on arc targets we need to add the dependency to
libaio on these targets as well.
resolves#9298
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- added trailing '--' to logger to make it foolproof
- user is extracted from config instead of using hard-coded value
- log directory is now also extracted from config (if set)
- directory creation is now done via awk script (more robust)
- improved log messages
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
From Release Notes:
Security
MDEV-18686 - Add option to PAM authentication plugin to allow case insensitive username matching
bugfix - multi-update checked privileges on views incorrectly (commit 5057d46375)
MDEV-19276 - during connect, write error log warning for ER_DBACCESS_DENIED_ERROR, if log_warnings > 1
MDEV-17456 - Malicious SUPER user can possibly change audit log configuration without leaving traces.
Fixes for the following security vulnerabilities:
CVE-2019-2614
CVE-2019-2627
CVE-2019-2628
OpenWrt changes:
- added PKG_CPE_ID
- shortened default description to make "opkg info" output easier on the eyes
- refreshed patches
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The shared library does not depend on libatomic nor libstdcpp anymore.
This is very good news for the users of said lib.
This commit updates the depends accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
50-client.cnf is used by the client library, so it should be installed
with the library. This commit moves the configuration file to the
correct package and updates its depend (50-client.cnf is sourced by
my.cnf from mariadb-common).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Does away with /etc/default/mysqld, introduces uci configuration
instead. The init script receives some further brushing up, like a
function (copied from Debian) to get mysqld configuration parameters
easily and quickly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- correct spelling in comments ("mariadb" to "MariaDB")
- remove mysqld_safe and mysqld_safe_helper (not used)
- add some extra cmake configuration defines
- remove cmake configuration defines that don't exist in the source
- don't disable address sanitizer (ASAN) support
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add galera support by installing the configuration and including the
wsrep scripts in mariadb-server-extra.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
There is little sense in keeping these charsets in an extra package. The
included sets are of the single byte character set variety. They only
amount to a few kbytes.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
At present there are some flaws related to configuration, also related
to the packaging of mariadb. For starters there are complaints that the
configuration is too static.
To address this a new configuration layout is introduced. The primary
configuration file (my.cnf) is changed so that it now only includes
further configuration files in the directory /etc/mysql/conf.d. More
default configuration files are added for the server and the client.
This is the new default configuration.
With these changes it's possible for the user to select if they want to
change the default configuration (in conf.d/*.cnf) or if they want to
drop their own files into conf.d instead. If the user .cnf files are
read after the default .cnf files (files are included in alphabetical
order), they will overwrite the settings from the default configuration.
The other flaw is that the my.cnf file is included in mariadb-server.
But that doesn't really fit the requirements, as the client also uses
the configuration file(s). To accomodate this a new package
mariadb-common is added. It installs the shared my.cnf file.
The remaining changes add base packages, both for the server and the
client. These are meant as foundation for the packages containing the
respective binaries. In summary they will install the configuration,
small miscellaneous files (SQL scripts etc.) and the user "mariadb".
That means that everything is ready for the binaries, like mysql and
mysqld. If there is not enough space left on flash memory, the user can
just drop the binaries on a pendrive, link them to /usr/bin and get
started.
The ideas and configuration files were copied from Debian. Some
amendments were made.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit deals with changes related to plugins and how they're built
or disabled.
Currently a lot of plugins are packaged which are merely for tests or
plain examples. Other distros do not bundle these, hence this commit
does away with them.
A few new plugins are added related to PAM and Kerberos (auth_gssapi,
auth_gssapi_client and auth_pam).
The BuildPlugin template is refactored to also allow building of library
plugins (needed for auth_gssapi_client). The template is also cleaned up
- some extraneous dollar signs are removed and the install function is
now defined outside the template.
Unwanted plugins/engines are now turned off efficiently (without using
cmake variables) by blanking CMakeLists.txt files in the associated
folders. The idea was lifted from Gentoo.
ha_sequence is now built into the server. This is an upstream
preference. The plugin is about 30 kbytes in size, so there is no harm
adding it into the server, which weighs in at about 15 Mbytes anyway.
Last but not least the auth_socket plugin is now also built into the
server. This allows the local root user to login to the database
without a password being set. This makes maintenance easier without
being detrimental to security. The idea was lifted from Debian.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
libedit changed its interface a while back. mariadb currently does not
recognize this interface and instead uses a static old readline version.
It does not link in the system readline due to licence incompatibility.
This commit adds a patch that enables mariadb to detect and use the
system libedit. The patch was sent upstream already ([1]).
[1] https://github.com/MariaDB/server/pull/1001
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The build breaks when Kerberos is available in staging dir. mariadb
build system exits with error:
CMake Error at libmariadb/cmake/plugins.cmake:43 (message):
Invalid plugin type NO. Allowed plugin types are DYNAMIC;STATIC;OFF
It doesn't like the definition "PLUGIN_AUTH_GSSAPI_CLIENT=NO" anymore.
We need to set it to "OFF" to make it happy.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Include fix from upstream for MDEV-17200. musl-1.1.20 segfaults when
pthread_detach() is called for already detached threads.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
From Release Notes:
- New variable innodb_log_optimize_ddl for avoiding delay due to page flushing and allowing concurrent backup
- InnoDB updated to 5.7.23
- ALTER TABLE fixes:
MDEV-14637 - Fix hang due to DDL with FOREIGN KEY or persistent statistics
MDEV-15953 - Alter InnoDB Partitioned Table Moves Files (which were originally not in the datadir) to the datadir
MDEV-16515 - InnoDB: Failing assertion: ++retries < 10000 in file dict0dict.cc line 2737
MDEV-16809 - Allow full redo logging for ALTER TABLE
- Temporary tables: MDEV-16713 - InnoDB hang with repeating log entry
- indexed virtual columns: MDEV-15855 - Deadlock between purge thread and DDL statement
- locking: MDEV-16664 - Change the default to innodb_lock_schedule_algorithm=fcfs
- Galera: MDEV-15822 - WSREP: BF lock wait long for trx
- Fixes for the following security vulnerabilities:
CVE-2018-3060
CVE-2018-3064
CVE-2018-3063
CVE-2018-3058
CVE-2018-3066
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
@jow- mentioned that depending on libiconv-full on uClibc is not the way
to do it. Instead nls.mk needs to be included and then the correct iconv
lib wil be used as per CONFIG_BUILD_NLS.
Update mariadb Makefile to address this.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
mariadb 10.2.x depends on iconv. glibc and musl include iconv, uclibc
does not. So for uclibc builds a depend on libiconv-full is required.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Also create a user "mariadb" and use it for running the server. And
add possibility to easily add command line args.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- ha_sequence: formerly builtin, now a plugin
- ha_sphinx: formerly disabled
- ha_example: was missing in the eval lines
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Bump to 10.2.x release series which has support for OpenSSL 1.1.x.
- libmariadbclient was replaced by libmaria
- libmaria uses LGPL, hence license info updated
- upstream disabled xtradb engine, innodb is now default (cannot be
built as plugin anymore)
- complex charsets are now all included (size increase), as otherwise
compile fails
- patches adapted/refreshed
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
As suggested by Daniel Engberg, add some mirror servers to offload from
MariaDB's main download server.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- create directory /etc/mysql/conf.d as without it the server refuses to
start
- correct the path to my.cnf in the init script
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Hannu mentioned that --recursive could not be available always. That is
correct. While GNU coreutils' ln supports this, BSD's ln for example does
not.
This commit addresses that.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Historically programs added /usr/lib/mysql to the library search path when
linking. mariadb does not do so anymore, although even its mysql_config
script suggests to use this path. When an old version of the library still
resides in this directory (like from an old mysql installation) it will be
linked against instead of the current library which is in /usr/lib.
To prevent this simply install symlinks from the staging libs in /usr/lib
into /usr/lib/mysql. This fixes build failures on the build bots which are
seen with libzdb and libdbi-drivers.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Observed once in about two dozen builds on the bots:
make[6]: *** No rule to make target '/build/lede-snapshots/arm_cortex-a7_neon-vfpv4/build/sdk/staging_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/usr/lib/libevent.so', needed by 'tests/async_queries'. Stop.
Address this by adding libevent2 to PKG_BUILD_DEPENDS.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
MariaDB is a drop-in replacement for MySQL. This commit adds a current
and stable version of MariaDB to the tree.
Quite a few ideas/patches were copied from Alpine Linux, Busybox Buildroot
and Debian.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>