Comment 5 for bug 1313187

I now used the process outlined by Seth above to produce yet another Ubuntu security backport of 5.5.37. Instead of attaching the 21 MB debdiff file, I have now attached a diff that only has the debian/* contents.

Steps for you to apply this patch:
- apt-get source mariadb-server - on Trusty will download and unpack 5.5.36-1
- download ftp://ftp.osuosl.org/pub/mariadb/mariadb-5.5.37/source/mariadb-5.5.37.tar.gz, rename it to .orig.tar.gz and check that the sha256sum matches a0faf492b3595d938684ed701812a4bd5aaab395b8402efe3322338a80fb3c9c
- unpack mariadb-5.5_5.5.37.orig.tar.gz as a new upstream directory
- unpack mariadb-5.5_5.5.36-1.debian.tar.xz and use contents to replace the new upstream debian/*

At this point you should have the equivalent of a pure orig.tar.gz upgrade. Then continue with
- review attached patch mariadb-5.5_5.5.36-1_5.5.37-0ubuntu0.14.04.1-debian-dirs.diff
- use attached patch to patch debian/*
- apply patches from debian/patches/* with 'quilt push -a'
- build and ship

Please notify me where you build the final packages and where the build log are viewable, so that I can check them just to make sure everything went OK.

If you want to test the trusty amd64 binaries directly, add these lines to your sources.list:
deb http://labs.seravo.fi/~otto/mariadb-repo/ 5.5.37-0ubuntu0.14.04.1/
deb-src http://labs.seravo.fi/~otto/mariadb-repo/ 5.5.37-0ubuntu0.14.04.1/

The complete debdiff and other files are available for download from the file listing at http://labs.seravo.fi/~otto/mariadb-repo/5.5.37-0ubuntu0.14.04.1/

Regarding upstream signatures - I just filed https://mariadb.atlassian.net/browse/MDEV-6205 where I request them to publish .asc files next to their tar.gz source releases.

I hope this fulfills all your requirements so that you can land this security update. Please let me know if you need something more.