diff --git a/debian/changelog b/debian/changelog index 6bee229..b3e6349 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,28 @@ +mariadb-10.0 (10.0.23-0ubuntu0.15.04.1) vivid-security; urgency=low + + * SECURITY UPDATE: Update to 10.0.23 fixes security issues (LP: #1538315): + - CVE-2016-2047 + - CVE-2016-0616 + - CVE-2016-0609 + - CVE-2016-0608 + - CVE-2016-0606 + - CVE-2016-0600 + - CVE-2016-0598 + - CVE-2016-0597 + - CVE-2016-0596 + - CVE-2016-0546 + - CVE-2016-0505 + * Update TokuDB plugin install and copyright paths to match latest + release done under Percona ownership + + -- Otto Kekäläinen Tue, 26 Jan 2016 23:59:51 +0200 + mariadb-10.0 (10.0.22-0ubuntu0.15.04.1) vivid-security; urgency=low * SECURITY UPDATE: Update to 10.0.22 fixes security issues: (LP: #1512241) + - CVE-2016-0610 + - CVE-2015-7744 - CVE-2015-4802 - CVE-2015-4807 - CVE-2015-4815 @@ -41,6 +62,7 @@ mariadb-10.0 (10.0.20-0ubuntu0.15.04.1) vivid-security; urgency=low - CVE-2015-0499 (LP: #1451677) * Oracle CVE IDs added after release: + - CVE-2015-4866 - CVE-2015-2648 - CVE-2015-2582 - CVE-2015-4752 diff --git a/debian/copyright b/debian/copyright index 46e9d45..b583edc 100644 --- a/debian/copyright +++ b/debian/copyright @@ -917,7 +917,7 @@ Copyright: License: BSD-3-clause Files: storage/tokudb/* -Copyright: 2007-2014 Tokutek, Inc +Copyright: 2006-2015 Percona and/or its affiliates License: GPL-2 Files: storage/tokudb/ft-index/third_party/xz-4.999.9beta/build-aux/ltmain.sh diff --git a/debian/patches/extend_default_test_timeout_for_tokudb.patch b/debian/patches/extend_default_test_timeout_for_tokudb.patch index 4a45d55..faaa3d3 100644 --- a/debian/patches/extend_default_test_timeout_for_tokudb.patch +++ b/debian/patches/extend_default_test_timeout_for_tokudb.patch @@ -1,14 +1,14 @@ Author: Otto Kekäläinen Description: Extend timeout as some Debian pbuilder/sbuilder chroots may be very slow to run these ---- old/mysql-test/CMakeLists.txt 2014-02-12 17:55:23.469136898 +0200 -+++ new/mysql-test/CMakeLists.txt 2014-02-12 17:54:07.471406742 +0200 -@@ -64,7 +64,7 @@ +--- a/mysql-test/CMakeLists.txt ++++ b/mysql-test/CMakeLists.txt +@@ -64,7 +64,7 @@ ELSE() ENDIF() -+SET(MTR_FORCE perl ./mysql-test-run.pl --force --testcase-timeout=30 --suite-timeout=540) -SET(MTR_FORCE perl ./mysql-test-run.pl --force) ++SET(MTR_FORCE perl ./mysql-test-run.pl --force --testcase-timeout=30 --suite-timeout=540) IF(EXISTS ${CMAKE_SOURCE_DIR}/mysql-test/suite/nist) SET(TEST_NIST ${MTR_FORCE} --comment=nist suite=nist ${EXP} && ${MTR_FORCE} --comment=nist --force --suite=nist+ps ${EXP}) diff --git a/debian/patches/fix-spelling-errors.patch b/debian/patches/fix-spelling-errors.patch index 214b450..1ef16d9 100644 --- a/debian/patches/fix-spelling-errors.patch +++ b/debian/patches/fix-spelling-errors.patch @@ -2,9 +2,9 @@ Description: Fix spelling errors Author: Otto Kekäläinen Last-Update: 2014-10-02 ---- mariadb-10.0-10.0.13.orig/storage/connect/tabxml.cpp -+++ mariadb-10.0-10.0.13/storage/connect/tabxml.cpp -@@ -1798,7 +1798,7 @@ void XMULCOL::ReadColumn(PGLOBAL g) +--- a/storage/connect/tabxml.cpp ++++ b/storage/connect/tabxml.cpp +@@ -1800,7 +1800,7 @@ void XMULCOL::ReadColumn(PGLOBAL g) if (N > Tdbp->Limit) { N = Tdbp->Limit; @@ -13,22 +13,9 @@ Last-Update: 2014-10-02 PushWarning(g, Tdbp); } // endif N ---- mariadb-10.0-10.0.13.orig/man/mysqldump.1 -+++ mariadb-10.0-10.0.13/man/mysqldump.1 -@@ -1261,7 +1261,7 @@ to point the slave to the correct master - .\" max-allowed-packet option: mysqldump - \fB\-\-max\-allowed\-packet=\fR\fB\fIlength\fR\fR - .sp --Sets the maximum packet length to send to or recieve from server\&. -+Sets the maximum packet length to send to or receive from server\&. - .RE - .sp - .RS 4 -diff --git a/storage/connect/mysql-test/connect/r/xml_mult.result b/storage/connect/mysql-test/connect/r/xml_mult.result - --- a/storage/connect/mysql-test/connect/r/xml_mult.result +++ b/storage/connect/mysql-test/connect/r/xml_mult.result -@@ -51,14 +51,14 @@ WEB XQuery Kick Start en Per Bothner 2003 49.99 +@@ -51,14 +51,14 @@ WEB XQuery Kick Start en Per Bothner 200 WEB XQuery Kick Start en Kurt Cagle 2003 49.99 WEB Learning XML en Erik T. Ray 2003 39.95 Warnings: @@ -45,7 +32,7 @@ diff --git a/storage/connect/mysql-test/connect/r/xml_mult.result b/storage/conn # # Testing concatenated values # -@@ -91,12 +91,12 @@ CHILDREN Harry Potter en J K. Rowling 2005 29.99 +@@ -91,12 +91,12 @@ CHILDREN Harry Potter en J K. Rowling 20 WEB XQuery Kick Start en James McGovern, Per Bothner, Kurt Cagle, James Linn 2003 49.99 WEB Learning XML en Erik T. Ray 2003 39.95 Warnings: diff --git a/debian/patches/innodb_simulate_comp_test_speedup.patch b/debian/patches/innodb_simulate_comp_test_speedup.patch index 024be54..9f12415 100644 --- a/debian/patches/innodb_simulate_comp_test_speedup.patch +++ b/debian/patches/innodb_simulate_comp_test_speedup.patch @@ -7,8 +7,8 @@ Description: Add options to innodb test that fixes possible test failure Author: Otto Kekäläinen Bug: https://mariadb.atlassian.net/browse/MDEV-6682 ---- mariadb-10.0-10.0.13.orig/mysql-test/suite/innodb/t/innodb_simulate_comp_failures_small-master.opt -+++ mariadb-10.0-10.0.13/mysql-test/suite/innodb/t/innodb_simulate_comp_failures_small-master.opt +--- a/mysql-test/suite/innodb/t/innodb_simulate_comp_failures_small-master.opt ++++ b/mysql-test/suite/innodb/t/innodb_simulate_comp_failures_small-master.opt @@ -1,2 +1,3 @@ --innodb-file-per-table +--innodb-flush-log-at-trx-commit=2 diff --git a/debian/patches/mysql-test__db_test.patch b/debian/patches/mysql-test__db_test.patch index caedeef..e1c33e0 100644 --- a/debian/patches/mysql-test__db_test.patch +++ b/debian/patches/mysql-test__db_test.patch @@ -4,9 +4,9 @@ ## DP: Patch 33_scripts__mysql_create_system_tables__no_test removes the ## DP: rights for anybody to connect to the test database but the test ## DP: suite depends on them. ---- old/mysql-test/mysql-test-run.pl 2009-06-16 14:24:09.000000000 +0200 -+++ new/mysql-test/mysql-test-run.pl 2009-07-04 00:03:34.000000000 +0200 -@@ -3602,6 +3602,11 @@ sub mysql_install_db { +--- a/mysql-test/mysql-test-run.pl ++++ b/mysql-test/mysql-test-run.pl +@@ -3603,6 +3603,11 @@ sub mysql_install_db { mtr_appendfile_to_file("$sql_dir/mysql_system_tables_data.sql", $bootstrap_sql_file); diff --git a/debian/patches/mysqld_multi_confd.patch b/debian/patches/mysqld_multi_confd.patch index 30dca92..38436d6 100644 --- a/debian/patches/mysqld_multi_confd.patch +++ b/debian/patches/mysqld_multi_confd.patch @@ -1,6 +1,6 @@ --- a/scripts/mysqld_multi.sh +++ b/scripts/mysqld_multi.sh -@@ -504,6 +504,7 @@ +@@ -503,6 +503,7 @@ sub list_defaults_files '@prefix@/my.cnf', ($ENV{MYSQL_HOME} ? "$ENV{MYSQL_HOME}/my.cnf" : undef), $opt{'extra-file'}, diff --git a/debian/patches/remove_rename_mariadb-server_files_in.patch b/debian/patches/remove_rename_mariadb-server_files_in.patch index d5b6b5c..b28ccec 100644 --- a/debian/patches/remove_rename_mariadb-server_files_in.patch +++ b/debian/patches/remove_rename_mariadb-server_files_in.patch @@ -1,11 +1,9 @@ Author: Otto Kekäläinen Description: Remove upstream debian/* handling that is obsolete -Index: gitwd/CMakeLists.txt -=================================================================== ---- gitwd.orig/CMakeLists.txt -+++ gitwd/CMakeLists.txt -@@ -460,12 +460,6 @@ CONFIGURE_FILE( +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -458,12 +458,6 @@ CONFIGURE_FILE( ${CMAKE_SOURCE_DIR}/cmake/info_macros.cmake.in ${CMAKE_BINARY_DIR}/info_macros.cmake @ONLY) diff --git a/debian/patches/replace_dash_with_bash_mbug675185.patch b/debian/patches/replace_dash_with_bash_mbug675185.patch index 1d920b1..83292df 100644 --- a/debian/patches/replace_dash_with_bash_mbug675185.patch +++ b/debian/patches/replace_dash_with_bash_mbug675185.patch @@ -5,12 +5,11 @@ ## DP: A race in dash causes mysqld_safe to occasionally loop infinitely. ## DP: Fix by using bash instead. ## DP: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/675185 ---- old/scripts/mysqld_safe.sh 2010-04-09 11:47:18 +0000 -+++ new/scripts/mysqld_safe.sh 2010-11-21 09:40:50 +0000 +--- a/scripts/mysqld_safe.sh ++++ b/scripts/mysqld_safe.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Copyright Abandoned 1996 TCX DataKonsult AB & Monty Program KB & Detron HB # This file is public domain and comes with NO WARRANTY of any kind # - diff --git a/debian/patches/scripts__mysql_config__libs.patch b/debian/patches/scripts__mysql_config__libs.patch index e1abf4d..851ed5e 100644 --- a/debian/patches/scripts__mysql_config__libs.patch +++ b/debian/patches/scripts__mysql_config__libs.patch @@ -1,10 +1,9 @@ Author: Christian Hammers Description: Removes unnecessary library dependencies. See #390692 -diff -Nur mysql-dfsg-5.1-5.1.31.orig/scripts/mysql_config.sh mysql-dfsg-5.1-5.1.31/scripts/mysql_config.sh ---- mysql-dfsg-5.1-5.1.31.orig/scripts/mysql_config.sh 2009-01-19 17:30:55.000000000 +0100 -+++ mysql-dfsg-5.1-5.1.31/scripts/mysql_config.sh 2009-02-08 17:17:48.000000000 +0100 -@@ -107,10 +107,10 @@ +--- a/scripts/mysql_config.sh ++++ b/scripts/mysql_config.sh +@@ -107,10 +107,10 @@ fi # Create options # We intentionally add a space to the beginning and end of lib strings, simplifies replace later @@ -18,4 +17,3 @@ diff -Nur mysql-dfsg-5.1-5.1.31.orig/scripts/mysql_config.sh mysql-dfsg-5.1-5.1. if [ -r "$pkglibdir/libmygcc.a" ]; then # When linking against the static library with a different version of GCC - diff --git a/debian/patches/scripts__mysql_create_system_tables__no_test.patch b/debian/patches/scripts__mysql_create_system_tables__no_test.patch index 1287039..eee97dc 100644 --- a/debian/patches/scripts__mysql_create_system_tables__no_test.patch +++ b/debian/patches/scripts__mysql_create_system_tables__no_test.patch @@ -6,8 +6,8 @@ ## DP: circumstances as it is checked first. See #301741. ## DP: http://bugs.mysql.com/bug.php?id=6901 ---- old/scripts/mysql_system_tables_data.sql 2008-12-04 22:59:44.000000000 +0100 -+++ new/scripts/mysql_system_tables_data.sql 2008-12-04 23:00:07.000000000 +0100 +--- a/scripts/mysql_system_tables_data.sql ++++ b/scripts/mysql_system_tables_data.sql @@ -26,16 +26,6 @@ -- a plain character SELECT LOWER( REPLACE((SELECT REPLACE(@@hostname,'_','\_')),'%','\%') )INTO @current_hostname; @@ -33,4 +33,4 @@ -INSERT INTO tmp_user (host,user) SELECT @current_hostname,'' FROM dual WHERE @current_hostname != 'localhost'; INSERT INTO user SELECT * FROM tmp_user WHERE @had_user_table=0; DROP TABLE tmp_user; - + diff --git a/debian/patches/scripts__mysql_install_db.sh__no_test.patch b/debian/patches/scripts__mysql_install_db.sh__no_test.patch index a44fbdb..480dc52 100644 --- a/debian/patches/scripts__mysql_install_db.sh__no_test.patch +++ b/debian/patches/scripts__mysql_install_db.sh__no_test.patch @@ -4,9 +4,9 @@ ## DP: scripts__mysql_install_db.sh__no_test ## DP: http://bugs.mysql.com/bug.php?id=6901 ---- mysql-dfsg-5.1-5.1.23rc.orig/scripts/mysql_install_db.sh 2008-01-29 22:41:20.000000000 +0100 -+++ mysql-dfsg-5.1-5.1.23rc/scripts/mysql_install_db.sh 2008-02-28 10:08:11.000000000 +0100 -@@ -372,7 +372,7 @@ then +--- a/scripts/mysql_install_db.sh ++++ b/scripts/mysql_install_db.sh +@@ -374,7 +374,7 @@ then fi # Create database directories diff --git a/debian/patches/scripts__mysqld_safe.sh__signals.patch b/debian/patches/scripts__mysqld_safe.sh__signals.patch index ff66f05..f4adc5e 100644 --- a/debian/patches/scripts__mysqld_safe.sh__signals.patch +++ b/debian/patches/scripts__mysqld_safe.sh__signals.patch @@ -4,9 +4,9 @@ ## DP: Executes /etc/init.d/mysql on signals ## DP: Reported as http://bugs.mysql.com/bug.php?id=31361 ---- a/scripts/mysqld_safe.sh 2013-01-11 16:02:41 +0000 -+++ b/scripts/mysqld_safe.sh 2013-01-11 16:03:14 +0000 -@@ -33,7 +33,6 @@ err_log= +--- a/scripts/mysqld_safe.sh ++++ b/scripts/mysqld_safe.sh +@@ -34,7 +34,6 @@ skip_err_log=0 syslog_tag_mysqld=mysqld syslog_tag_mysqld_safe=mysqld_safe @@ -14,7 +14,7 @@ # MySQL-specific environment variable. First off, it's not really a umask, # it's the desired mode. Second, it follows umask(2), not umask(3) in that -@@ -164,7 +163,7 @@ eval_log_error () { +@@ -165,7 +164,7 @@ eval_log_error () { # sed buffers output (only GNU sed supports a -u (unbuffered) option) # which means that messages may not get sent to syslog until the # mysqld process quits. @@ -23,7 +23,7 @@ ;; *) echo "Internal program error (non-fatal):" \ -@@ -806,6 +805,13 @@ then +@@ -819,6 +818,13 @@ then fi # @@ -37,4 +37,3 @@ # Uncomment the following lines if you want all tables to be automatically # checked and repaired during startup. You should add sensible key_buffer # and sort_buffer values to my.cnf to improve check performance or require - diff --git a/debian/rules b/debian/rules index daad95e..871103f 100755 --- a/debian/rules +++ b/debian/rules @@ -123,7 +123,7 @@ override_dh_auto_install: dh_testroot # If TokuDB plugin was built add it to the server install list. - [ ! -f $(BUILDDIR)/storage/tokudb/ha_tokudb.so ] || echo 'usr/lib/mysql/plugin/ha_tokudb.so\netc/mysql/conf.d/tokudb.cnf\nusr/bin/tokuftdump\nusr/share/doc/mariadb-server-10.0/README-TOKUDB\nusr/share/doc/mariadb-server-10.0/README.md' >> debian/mariadb-server-10.0.install + [ ! -f $(BUILDDIR)/storage/tokudb/ha_tokudb.so ] || echo 'usr/lib/mysql/plugin/ha_tokudb.so\netc/mysql/conf.d/tokudb.cnf\nusr/bin/tokuftdump\nusr/share/doc/mariadb-server-10.0/README.md' >> debian/mariadb-server-10.0.install # If Mroonga plugin was built add it to the server install list. [ ! -f $(BUILDDIR)/storage/mroonga/ha_mroonga.so ] || echo 'usr/lib/mysql/plugin/ha_mroonga.so' >> debian/mariadb-server-10.0.install