[arch-commits] Commit in mariadb/repos (4 files)
Date: Wednesday, November 11, 2020 @ 11:57:12 Author: eworm Revision: 400361 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 400360, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 400360, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 400360, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 223 + mariadb.install | 15 +++ 3 files changed, 332 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 400360, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-11-11 11:57:12 UTC (rev 400361) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Wednesday, November 4, 2020 @ 06:58:03 Author: eworm Revision: 399239 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 399238, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 399238, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 399238, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 223 + mariadb.install | 25 + 3 files changed, 342 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 399238, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-11-04 06:58:03 UTC (rev 399239) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Wednesday, October 7, 2020 @ 19:21:16 Author: eworm Revision: 397493 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 397492, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 397492, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 397492, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 223 + mariadb.install | 25 + 3 files changed, 342 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 397492, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-10-07 19:21:16 UTC (rev 397493) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Wednesday, October 7, 2020 @ 07:22:56 Author: eworm Revision: 397463 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 397462, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 397462, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 397462, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 223 + mariadb.install | 25 + 3 files changed, 342 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 397462, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-10-07 07:22:56 UTC (rev 397463) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Thursday, August 20, 2020 @ 08:35:19 Author: eworm Revision: 394429 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 394428, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 394428, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 394428, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 224 + mariadb.install | 25 + 3 files changed, 343 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 394428, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-08-20 08:35:19 UTC (rev 394429) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Monday, August 10, 2020 @ 15:04:15 Author: eworm Revision: 393517 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 393516, mariadb/trunk/0001-arch-specific.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 393516, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 393516, mariadb/trunk/mariadb.install) --+ 0001-arch-specific.patch | 94 ++ PKGBUILD | 223 + mariadb.install | 25 + 3 files changed, 342 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 393516, mariadb/trunk/0001-arch-specific.patch) === --- testing-x86_64/0001-arch-specific.patch (rev 0) +++ testing-x86_64/0001-arch-specific.patch 2020-08-10 15:04:15 UTC (rev 393517) @@ -0,0 +1,94 @@ +From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:17 +0100 +Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index e7665ed1219..a1fe69d61c4 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -129,7 +129,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index ffefc2f22d8..f8b0b8aad8d 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -241,7 +241,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!) + # this is the same value as used in SysV init scripts in the past + +From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:10:46 +0100 +Subject: [PATCH 2/3] force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a1fe69d61c4..9a2941ae917 100644 +--- a/support-files/mariadb.service.in b/support-files/mariadb.service.in +@@ -159,6 +159,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index f8b0b8aad8d..3309127330c 100644 +--- a/support-files/mari...@.service.in b/support-files/mari...@.service.in +@@ -282,6 +282,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync + +From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse +Date: Wed, 19 Feb 2020 13:11:31 +0100 +Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. + +Also this now sets the No_COW attribute. +--- + support-files/tmpfiles.conf.in | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +@@ -1 +1,3 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - ++h @MYSQL_DATADIR@ - - - - +C Copied:
[arch-commits] Commit in mariadb/repos (4 files)
Date: Wednesday, January 23, 2019 @ 23:32:28 Author: eworm Revision: 344639 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-systemd-240.patch (from rev 344638, mariadb/trunk/0001-systemd-240.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 344638, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 344638, mariadb/trunk/mariadb.install) + 0001-systemd-240.patch | 18 +++ PKGBUILD | 233 +++ mariadb.install| 15 +++ 3 files changed, 266 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-systemd-240.patch (from rev 344638, mariadb/trunk/0001-systemd-240.patch) === --- testing-x86_64/0001-systemd-240.patch (rev 0) +++ testing-x86_64/0001-systemd-240.patch 2019-01-23 23:32:28 UTC (rev 344639) @@ -0,0 +1,18 @@ +diff --git a/mysys/my_file.c b/mysys/my_file.c +index a23ab487d00..23226595b2e 100644 +--- a/mysys/my_file.c b/mysys/my_file.c +@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit) + DBUG_PRINT("info", ("rlim_cur: %u rlim_max: %u", + (uint) rlimit.rlim_cur, + (uint) rlimit.rlim_max)); +-if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY) +- rlimit.rlim_cur = max_file_limit; +-if (rlimit.rlim_cur >= max_file_limit) +- DBUG_RETURN(rlimit.rlim_cur); /* purecov: inspected */ ++if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY || ++rlimit.rlim_cur >= max_file_limit) ++ DBUG_RETURN(max_file_limit); + rlimit.rlim_cur= rlimit.rlim_max= max_file_limit; + if (setrlimit(RLIMIT_NOFILE, )) + max_file_limit= old_cur;/* Use original value */ Copied: mariadb/repos/testing-x86_64/PKGBUILD (from rev 344638, mariadb/trunk/PKGBUILD) === --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2019-01-23 23:32:28 UTC (rev 344639) @@ -0,0 +1,233 @@ +# Maintainer: Bartłomiej Piotrowski +# Maintainer: Christian Hesse + +pkgbase=mariadb +pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop') +pkgdesc='Fast SQL database server, derived from MySQL' +pkgver=10.3.12 +pkgrel=4 +arch=('x86_64') +license=('GPL') +url='https://mariadb.org/' +makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo' + 'openssl' 'systemd' 'zlib' 'zstd') +validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key +source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc} +'0001-systemd-240.patch') +sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6' +'SKIP' +'d57500014f50d73fe7f35a4503488fb1008bbd15cbcc6ec9aa927fc801e816f4') + +prepare() { + cd $pkgbase-$pkgver/ + + # Changes to the upstream unit files: + # * remove the alias from unit files, we install symlinks in package function + # * enable PrivateTmp for a little bit more security + # * force preloading jemalloc for memory management + sed -i -e '/^Alias/d' \ +-e '/^PrivateTmp/c PrivateTmp=true' \ +-e '/# Environment="LD_/a Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"' \ +support-files/mariadb{,@}.service.in + + # let's create the datadir from tmpfiles + echo 'd @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -' >> support-files/tmpfiles.conf.in + + # instantiated configs are not subject to be included from main config + sed -i 's|@sysconf2dir@|@sysconfdir@|' support-files/mari...@.service.in + + # fix path to our config + sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset} + + # fix memory allocation and OOM with systemd >= 240 + # https://bugs.archlinux.org/task/61433 + # https://github.com/systemd/systemd/issues/11510 + # https://jira.mariadb.org/browse/MDEV-18360 + patch -Np1 < ../0001-systemd-240.patch +} + +build() { + local _cmake_options=( +# build options +-DCMAKE_BUILD_TYPE=RelWithDebInfo +-Wno-dev + +# file paths +# /etc +-DINSTALL_SYSCONFDIR=/etc/mysql +-DINSTALL_SYSCONF2DIR=/etc/mysql/my.cnf.d +# /run +-DINSTALL_UNIX_ADDRDIR=/run/mysqld/mysqld.sock +# /usr +-DCMAKE_INSTALL_PREFIX=/usr +# /usr/bin /usr/include +-DINSTALL_SCRIPTDIR=bin +-DINSTALL_INCLUDEDIR=include/mysql +# /usr/lib +-DINSTALL_PLUGINDIR=lib/mysql/plugin +-DINSTALL_SYSTEMD_UNITDIR=/usr/lib/systemd/system/ +-DINSTALL_SYSTEMD_SYSUSERSDIR=/usr/lib/sysusers.d/ +-DINSTALL_SYSTEMD_TMPFILESDIR=/usr/lib/tmpfiles.d/ +# /usr/share +-DINSTALL_SHAREDIR=share +-DINSTALL_SUPPORTFILESDIR=share/mysql +
[arch-commits] Commit in mariadb/repos (4 files)
Date: Friday, November 2, 2018 @ 09:25:02 Author: eworm Revision: 337729 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 337728, mariadb/trunk/0001-openssl-1-1-0.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 337728, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 337728, mariadb/trunk/mariadb.install) --+ 0001-openssl-1-1-0.patch | 1008 + PKGBUILD | 194 mariadb.install | 11 3 files changed, 1213 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 337728, mariadb/trunk/0001-openssl-1-1-0.patch) === --- testing-x86_64/0001-openssl-1-1-0.patch (rev 0) +++ testing-x86_64/0001-openssl-1-1-0.patch 2018-11-02 09:25:02 UTC (rev 337729) @@ -0,0 +1,1008 @@ +diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake +index 24e18600402..6fac749fd13 100644 +--- a/cmake/ssl.cmake b/cmake/ssl.cmake +@@ -182,7 +182,7 @@ MACRO (MYSQL_CHECK_SSL) + HAVE_SHA512_DIGEST_LENGTH) + SET(CMAKE_REQUIRED_INCLUDES) + IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARIES AND +- OPENSSL_MAJOR_VERSION STRLESS "101" AND ++ OPENSSL_MAJOR_VERSION STRLESS "102" AND +CRYPTO_LIBRARY AND HAVE_SHA512_DIGEST_LENGTH) + + SET(SSL_SOURCES "") +diff --git a/include/ssl_compat.h b/include/ssl_compat.h +new file mode 100644 +index 000..b0e3ed4 +--- /dev/null b/include/ssl_compat.h +@@ -0,0 +1,75 @@ ++/* ++ Copyright (c) 2016, 2017 MariaDB Corporation ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 2 of the License. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ ++ ++#include ++ ++/* OpenSSL version specific definitions */ ++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_X509_check_host 1 ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_OPENSSL11 1 ++#define ERR_remove_state(X) ERR_clear_error() ++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X) ++#define EVP_CIPHER_CTX_SIZE 168 ++#define EVP_MD_CTX_SIZE 48 ++#undef EVP_MD_CTX_init ++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) ++#undef EVP_CIPHER_CTX_init ++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0) ++ ++#else ++#define HAVE_OPENSSL10 1 ++/* ++ Unfortunately RAND_bytes manual page does not provide any guarantees ++ in relation to blocking behavior. Here we explicitly use SSLeay random ++ instead of whatever random engine is currently set in OpenSSL. That way ++ we are guaranteed to have a non-blocking random. ++*/ ++#define RAND_OpenSSL() RAND_SSLeay() ++ ++#ifdef HAVE_ERR_remove_thread_state ++#define ERR_remove_state(X) ERR_remove_thread_state(NULL) ++#endif /* HAVE_ERR_remove_thread_state */ ++ ++#endif /* HAVE_OPENSSL11 */ ++ ++#elif defined(HAVE_YASSL) ++#define BN_free(X) do { } while(0) ++#endif /* !defined(HAVE_YASSL) */ ++ ++#ifndef HAVE_OPENSSL11 ++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X) ++#define OPENSSL_init_ssl(X,Y) SSL_library_init() ++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G)) ++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) ++#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) ++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) ++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX) ++#endif ++ ++#ifdef__cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++int check_openssl_compatibility(); ++ ++#ifdef__cplusplus ++} ++#endif +diff --git a/include/violite.h b/include/violite.h +index a7165ca..572d474 100644 +--- a/include/violite.h b/include/violite.h +@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa, + int flags); + + #ifdef HAVE_OPENSSL +-#include +-#if OPENSSL_VERSION_NUMBER < 0x0090700f +-#define DES_cblock des_cblock +-#define DES_key_schedule des_key_schedule +-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks)) +-#define
[arch-commits] Commit in mariadb/repos (4 files)
Date: Saturday, September 8, 2018 @ 19:34:37 Author: eworm Revision: 334145 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 334144, mariadb/trunk/0001-openssl-1-1-0.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 334144, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 334144, mariadb/trunk/mariadb.install) --+ 0001-openssl-1-1-0.patch | 995 + PKGBUILD | 195 mariadb.install | 11 3 files changed, 1201 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 334144, mariadb/trunk/0001-openssl-1-1-0.patch) === --- testing-x86_64/0001-openssl-1-1-0.patch (rev 0) +++ testing-x86_64/0001-openssl-1-1-0.patch 2018-09-08 19:34:37 UTC (rev 334145) @@ -0,0 +1,995 @@ +diff --git a/include/ssl_compat.h b/include/ssl_compat.h +new file mode 100644 +index 000..b0e3ed4 +--- /dev/null b/include/ssl_compat.h +@@ -0,0 +1,75 @@ ++/* ++ Copyright (c) 2016, 2017 MariaDB Corporation ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 2 of the License. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ ++ ++#include ++ ++/* OpenSSL version specific definitions */ ++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_X509_check_host 1 ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_OPENSSL11 1 ++#define ERR_remove_state(X) ERR_clear_error() ++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X) ++#define EVP_CIPHER_CTX_SIZE 168 ++#define EVP_MD_CTX_SIZE 48 ++#undef EVP_MD_CTX_init ++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) ++#undef EVP_CIPHER_CTX_init ++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0) ++ ++#else ++#define HAVE_OPENSSL10 1 ++/* ++ Unfortunately RAND_bytes manual page does not provide any guarantees ++ in relation to blocking behavior. Here we explicitly use SSLeay random ++ instead of whatever random engine is currently set in OpenSSL. That way ++ we are guaranteed to have a non-blocking random. ++*/ ++#define RAND_OpenSSL() RAND_SSLeay() ++ ++#ifdef HAVE_ERR_remove_thread_state ++#define ERR_remove_state(X) ERR_remove_thread_state(NULL) ++#endif /* HAVE_ERR_remove_thread_state */ ++ ++#endif /* HAVE_OPENSSL11 */ ++ ++#elif defined(HAVE_YASSL) ++#define BN_free(X) do { } while(0) ++#endif /* !defined(HAVE_YASSL) */ ++ ++#ifndef HAVE_OPENSSL11 ++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X) ++#define OPENSSL_init_ssl(X,Y) SSL_library_init() ++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G)) ++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) ++#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) ++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) ++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX) ++#endif ++ ++#ifdef__cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++int check_openssl_compatibility(); ++ ++#ifdef__cplusplus ++} ++#endif +diff --git a/include/violite.h b/include/violite.h +index a7165ca..572d474 100644 +--- a/include/violite.h b/include/violite.h +@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa, + int flags); + + #ifdef HAVE_OPENSSL +-#include +-#if OPENSSL_VERSION_NUMBER < 0x0090700f +-#define DES_cblock des_cblock +-#define DES_key_schedule des_key_schedule +-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks)) +-#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e)) +-#endif + /* apple deprecated openssl in MacOSX Lion */ + #ifdef __APPLE__ + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -146,14 +139,10 @@ typedef my_socket YASSL_SOCKET_T; + #include + #include + +-#ifdef HAVE_ERR_remove_thread_state +-#define ERR_remove_state(X) ERR_remove_thread_state(NULL) +-#endif +- + enum enum_ssl_init_error + { +- SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT,
[arch-commits] Commit in mariadb/repos (4 files)
Date: Tuesday, August 7, 2018 @ 18:44:07 Author: eworm Revision: 331125 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 331124, mariadb/trunk/0001-openssl-1-1-0.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 331124, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 331124, mariadb/trunk/mariadb.install) --+ 0001-openssl-1-1-0.patch | 995 + PKGBUILD | 195 mariadb.install | 11 3 files changed, 1201 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 331124, mariadb/trunk/0001-openssl-1-1-0.patch) === --- testing-x86_64/0001-openssl-1-1-0.patch (rev 0) +++ testing-x86_64/0001-openssl-1-1-0.patch 2018-08-07 18:44:07 UTC (rev 331125) @@ -0,0 +1,995 @@ +diff --git a/include/ssl_compat.h b/include/ssl_compat.h +new file mode 100644 +index 000..b0e3ed4 +--- /dev/null b/include/ssl_compat.h +@@ -0,0 +1,75 @@ ++/* ++ Copyright (c) 2016, 2017 MariaDB Corporation ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 2 of the License. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ ++ ++#include ++ ++/* OpenSSL version specific definitions */ ++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_X509_check_host 1 ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_OPENSSL11 1 ++#define ERR_remove_state(X) ERR_clear_error() ++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X) ++#define EVP_CIPHER_CTX_SIZE 168 ++#define EVP_MD_CTX_SIZE 48 ++#undef EVP_MD_CTX_init ++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) ++#undef EVP_CIPHER_CTX_init ++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0) ++ ++#else ++#define HAVE_OPENSSL10 1 ++/* ++ Unfortunately RAND_bytes manual page does not provide any guarantees ++ in relation to blocking behavior. Here we explicitly use SSLeay random ++ instead of whatever random engine is currently set in OpenSSL. That way ++ we are guaranteed to have a non-blocking random. ++*/ ++#define RAND_OpenSSL() RAND_SSLeay() ++ ++#ifdef HAVE_ERR_remove_thread_state ++#define ERR_remove_state(X) ERR_remove_thread_state(NULL) ++#endif /* HAVE_ERR_remove_thread_state */ ++ ++#endif /* HAVE_OPENSSL11 */ ++ ++#elif defined(HAVE_YASSL) ++#define BN_free(X) do { } while(0) ++#endif /* !defined(HAVE_YASSL) */ ++ ++#ifndef HAVE_OPENSSL11 ++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X) ++#define OPENSSL_init_ssl(X,Y) SSL_library_init() ++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G)) ++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) ++#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) ++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) ++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX) ++#endif ++ ++#ifdef__cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++int check_openssl_compatibility(); ++ ++#ifdef__cplusplus ++} ++#endif +diff --git a/include/violite.h b/include/violite.h +index a7165ca..572d474 100644 +--- a/include/violite.h b/include/violite.h +@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa, + int flags); + + #ifdef HAVE_OPENSSL +-#include +-#if OPENSSL_VERSION_NUMBER < 0x0090700f +-#define DES_cblock des_cblock +-#define DES_key_schedule des_key_schedule +-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks)) +-#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e)) +-#endif + /* apple deprecated openssl in MacOSX Lion */ + #ifdef __APPLE__ + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -146,14 +139,10 @@ typedef my_socket YASSL_SOCKET_T; + #include + #include + +-#ifdef HAVE_ERR_remove_thread_state +-#define ERR_remove_state(X) ERR_remove_thread_state(NULL) +-#endif +- + enum enum_ssl_init_error + { +- SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT,
[arch-commits] Commit in mariadb/repos (4 files)
Date: Monday, June 18, 2018 @ 09:15:47 Author: eworm Revision: 327121 archrelease: copy trunk to testing-x86_64 Added: mariadb/repos/testing-x86_64/ mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 327120, mariadb/trunk/0001-openssl-1-1-0.patch) mariadb/repos/testing-x86_64/PKGBUILD (from rev 327120, mariadb/trunk/PKGBUILD) mariadb/repos/testing-x86_64/mariadb.install (from rev 327120, mariadb/trunk/mariadb.install) --+ 0001-openssl-1-1-0.patch | 995 + PKGBUILD | 195 mariadb.install | 11 3 files changed, 1201 insertions(+) Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 327120, mariadb/trunk/0001-openssl-1-1-0.patch) === --- testing-x86_64/0001-openssl-1-1-0.patch (rev 0) +++ testing-x86_64/0001-openssl-1-1-0.patch 2018-06-18 09:15:47 UTC (rev 327121) @@ -0,0 +1,995 @@ +diff --git a/include/ssl_compat.h b/include/ssl_compat.h +new file mode 100644 +index 000..b0e3ed4 +--- /dev/null b/include/ssl_compat.h +@@ -0,0 +1,75 @@ ++/* ++ Copyright (c) 2016, 2017 MariaDB Corporation ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 2 of the License. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ ++ ++#include ++ ++/* OpenSSL version specific definitions */ ++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_X509_check_host 1 ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER) ++#define HAVE_OPENSSL11 1 ++#define ERR_remove_state(X) ERR_clear_error() ++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X) ++#define EVP_CIPHER_CTX_SIZE 168 ++#define EVP_MD_CTX_SIZE 48 ++#undef EVP_MD_CTX_init ++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) ++#undef EVP_CIPHER_CTX_init ++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0) ++ ++#else ++#define HAVE_OPENSSL10 1 ++/* ++ Unfortunately RAND_bytes manual page does not provide any guarantees ++ in relation to blocking behavior. Here we explicitly use SSLeay random ++ instead of whatever random engine is currently set in OpenSSL. That way ++ we are guaranteed to have a non-blocking random. ++*/ ++#define RAND_OpenSSL() RAND_SSLeay() ++ ++#ifdef HAVE_ERR_remove_thread_state ++#define ERR_remove_state(X) ERR_remove_thread_state(NULL) ++#endif /* HAVE_ERR_remove_thread_state */ ++ ++#endif /* HAVE_OPENSSL11 */ ++ ++#elif defined(HAVE_YASSL) ++#define BN_free(X) do { } while(0) ++#endif /* !defined(HAVE_YASSL) */ ++ ++#ifndef HAVE_OPENSSL11 ++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X) ++#define OPENSSL_init_ssl(X,Y) SSL_library_init() ++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G)) ++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) ++#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) ++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) ++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX) ++#endif ++ ++#ifdef__cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++int check_openssl_compatibility(); ++ ++#ifdef__cplusplus ++} ++#endif +diff --git a/include/violite.h b/include/violite.h +index a7165ca..572d474 100644 +--- a/include/violite.h b/include/violite.h +@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa, + int flags); + + #ifdef HAVE_OPENSSL +-#include +-#if OPENSSL_VERSION_NUMBER < 0x0090700f +-#define DES_cblock des_cblock +-#define DES_key_schedule des_key_schedule +-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks)) +-#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e)) +-#endif + /* apple deprecated openssl in MacOSX Lion */ + #ifdef __APPLE__ + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +@@ -146,14 +139,10 @@ typedef my_socket YASSL_SOCKET_T; + #include + #include + +-#ifdef HAVE_ERR_remove_thread_state +-#define ERR_remove_state(X) ERR_remove_thread_state(NULL) +-#endif +- + enum enum_ssl_init_error + { +- SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT,