Hello community,
here is the log from the commit of package mysql-community-server for
openSUSE:Factory checked in at 2017-04-28 09:13:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mysql-community-server (Old)
and /work/SRC/openSUSE:Factory/.mysql-community-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mysql-community-server"
Fri Apr 28 09:13:25 2017 rev:62 rq:490957 version:5.6.36
Changes:
--------
---
/work/SRC/openSUSE:Factory/mysql-community-server/mysql-community-server.changes
2017-02-13 07:49:00.139246614 +0100
+++
/work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-community-server.changes
2017-04-28 09:13:41.558788445 +0200
@@ -1,0 +2,29 @@
+Mon Apr 24 14:00:45 UTC 2017 - [email protected]
+
+- update to 5.6.36
+ * changes
+ http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html
+ * fixed CVEs:
+ CVE-2017-3308, CVE-2017-3309, CVE-2017-3450, CVE-2017-3599,
+ CVE-2017-3329, CVE-2017-3600, CVE-2017-3453, CVE-2017-3452,
+ CVE-2017-3302, CVE-2017-3456, CVE-2017-3463, CVE-2017-3462,
+ CVE-2017-3461, CVE-2017-3464
+ CVE-2017-3305 [bsc#1029396] - Riddle vulnerability
+ CVE-2016-5483 [bsc#1029014] - mysqldump failed to properly
+ quote certain identifiers in SQL statements written to the
+ dump output
+ * remove mysql-community-server-5.6.26-enforce_ssl.patch that
+ is no longer needed
+ * upstream fixed BACKRONYM issue (bsc#924663, CVE-2015-3152)
+ * '--ssl-mode=REQUIRED' can be specified to require a secure
+ connection (it fails if a secure connection cannot be
+ obtained)
+- change permissions of the configuration dir/files to 755/644.
+ Please note that storing the password in the /etc/my.cnf file is
+ not safe. Use for example an option file that is accessible only
+ by yourself [bsc#889126]
+- increase required physical memory from 5 GB to 7 GB in order to
+ try to fix i586 build that fails because of "Out of memory" error
+- set the default umask to 077 in mysql-systemd-helper [bsc#1020976]
+
+-------------------------------------------------------------------
Old:
----
mysql-5.6.35.tar.gz
New:
----
mysql-5.6.36.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mysql-community-server.spec ++++++
--- /var/tmp/diff_new_pack.g3vl4V/_old 2017-04-28 09:13:44.090431443 +0200
+++ /var/tmp/diff_new_pack.g3vl4V/_new 2017-04-28 09:13:44.090431443 +0200
@@ -43,7 +43,7 @@
%define with_cassandra 0
%endif
Name: mysql-community-server
-Version: 5.6.35
+Version: 5.6.36
Release: 0
Summary: Server part of %{pretty_name}
License: SUSE-GPL-2.0-with-FLOSS-exception
@@ -561,7 +561,7 @@
install -m 644 "${i}" "${DOCDIR}" || true
done
# Default configuration file
-install -m 660 %{SOURCE14} %{buildroot}%{_sysconfdir}/my.cnf
+install -m 664 %{SOURCE14} %{buildroot}%{_sysconfdir}/my.cnf
# Systemd/initscript
install -D -m 755 %{_sourcedir}/mysql-systemd-helper
'%{buildroot}'%{_libexecdir}/mysql/mysql-systemd-helper
@@ -761,9 +761,9 @@
%files -f mysql.files
%defattr(-, root, root)
-%config(noreplace) %attr(0640, root, mysql) %{_sysconfdir}/my.cnf
-%dir %attr(0750, root, mysql) %{_sysconfdir}/my.cnf.d
-%config(noreplace) %attr(0640, root, mysql) %{_sysconfdir}/my.cnf.d/*
+%config(noreplace) %attr(0644, root, mysql) %{_sysconfdir}/my.cnf
+%dir %attr(0755, root, mysql) %{_sysconfdir}/my.cnf.d
+%config(noreplace) %attr(0644, root, mysql) %{_sysconfdir}/my.cnf.d/*
%config %{_sysconfdir}/logrotate.d/%{name}
%doc %{_defaultdocdir}/%{name}
%dir %{_libexecdir}/mysql
++++++ _constraints ++++++
--- /var/tmp/diff_new_pack.g3vl4V/_old 2017-04-28 09:13:44.218413396 +0200
+++ /var/tmp/diff_new_pack.g3vl4V/_new 2017-04-28 09:13:44.218413396 +0200
@@ -7,7 +7,7 @@
</conditions>
<hardware>
<physicalmemory>
- <size unit="M">5000</size>
+ <size unit="M">7000</size>
</physicalmemory>
</hardware>
</overwrite>
++++++ configuration-tweaks.tar.xz ++++++
++++++ my.ini ++++++
--- /var/tmp/diff_new_pack.g3vl4V/_old 2017-04-28 09:13:44.318399296 +0200
+++ /var/tmp/diff_new_pack.g3vl4V/_new 2017-04-28 09:13:44.318399296 +0200
@@ -2,9 +2,12 @@
# It is based on upstream defaults with some additional examples.
-# The following options will be passed to all MariaDB clients
+# The following options will be passed to all MySQL/MariaDB clients
[client]
-# password = your_password
+# Please note that storing the password in this file is not safe. For this
+# purpose you can, for example, list your password in the [client] section
+# of the '~/.my.cnf' configuration file with an access mode set to 400 or 600.
+# password = your_password
# port = 3306
# socket = /var/run/mysql/mysql.sock
++++++ mysql-5.6.35.tar.gz -> mysql-5.6.36.tar.gz ++++++
/work/SRC/openSUSE:Factory/mysql-community-server/mysql-5.6.35.tar.gz
/work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-5.6.36.tar.gz
differ: char 5, line 1
++++++ mysql-patches.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch
new/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch
---
old/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch
2015-10-05 20:41:09.854235431 +0200
+++
new/mysql-patches/mysql-patches/mysql-community-server-5.6.26-enforce_ssl.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,66 +0,0 @@
-PATCH-P1-FIX: fix MySQL lack of SSL enforcement
-BUGS: bnc#924663, bnc#928962, CVE-2015-3152
-
-Maintainer: Kristyna Streitova <[email protected]>
-
-From 4ef74979969ac9339d0d42c11a6f26632e6776f1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <[email protected]>
-Date: Tue, 9 Jun 2015 14:08:44 +0300
-Subject: [PATCH] MDEV-7937: Enforce SSL when --ssl client option is used
-
-Using --ssl-verify-server-cert and --ssl[-*] implies that
-the ssl connection is required. The mysql client will now print an error if ssl
-is required, but the server can not handle a ssl connection.
----
- sql-common/client.c | 23 +++++++++++++++++++----
- 1 file changed, 19 insertions(+), 4 deletions(-)
-
-Index: mysql-5.6.26/sql-common/client.c
-===================================================================
---- mysql-5.6.26.orig/sql-common/client.c
-+++ mysql-5.6.26/sql-common/client.c
-@@ -1742,6 +1742,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__
- mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath) +
- mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher)
- ? 1 : 0;
-+ mysql->options.use_ssl = TRUE;
- #endif
- DBUG_RETURN(result);
- }
-@@ -2600,12 +2601,6 @@ static int send_client_reply_packet(MCPV
- mysql->client_flag|= CLIENT_MULTI_RESULTS;
-
- #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
-- if (mysql->options.ssl_key || mysql->options.ssl_cert ||
-- mysql->options.ssl_ca || mysql->options.ssl_capath ||
-- mysql->options.ssl_cipher ||
-- (mysql->options.extension && mysql->options.extension->ssl_crl) ||
-- (mysql->options.extension && mysql->options.extension->ssl_crlpath))
-- mysql->options.use_ssl= 1;
- if (mysql->options.use_ssl)
- mysql->client_flag|= CLIENT_SSL;
- #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/
-@@ -2639,6 +2634,23 @@ static int send_client_reply_packet(MCPV
- end= buff+5;
- }
- #ifdef HAVE_OPENSSL
-+
-+ /*
-+ If client uses ssl and client also has to verify the server
-+ certificate, a ssl connection is required.
-+ If the server does not support ssl, we abort the connection.
-+ */
-+ if (mysql->options.use_ssl &&
-+ (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
-+ !(mysql->server_capabilities & CLIENT_SSL))
-+ {
-+ set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
-+ ER(CR_SSL_CONNECTION_ERROR),
-+ "SSL is required, but the server does not "
-+ "support it");
-+ goto error;
-+ }
-+
- if (mysql->client_flag & CLIENT_SSL)
- {
- /* Do the SSL layering. */
++++++ mysql-systemd-helper ++++++
--- /var/tmp/diff_new_pack.g3vl4V/_old 2017-04-28 09:13:44.426384068 +0200
+++ /var/tmp/diff_new_pack.g3vl4V/_new 2017-04-28 09:13:44.426384068 +0200
@@ -167,6 +167,9 @@
# We rely on output in english at some points
LC_ALL=C
+# set the default umask bsc#1020976
+umask 077
+
INSTANCE="$2"
read_config
mkdir -p /var/run/mysql
++++++ series ++++++
--- /var/tmp/diff_new_pack.g3vl4V/_old 2017-04-28 09:13:44.518371097 +0200
+++ /var/tmp/diff_new_pack.g3vl4V/_new 2017-04-28 09:13:44.518371097 +0200
@@ -11,4 +11,3 @@
mysql-community-server-5.6.12-srv_buf_size.patch
mysql-community-server-5.6.12-logrotate-su.patch
mysql-community-server-5.6.24-static_library.patch
-mysql-community-server-5.6.26-enforce_ssl.patch
