Details
Critical
Description
Apply SUSE patches from https://github.com/openSUSE/mysql-packaging/
5.5
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-community-server-5.1.45-multi-configuration.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-community-server-5.1.46-logrotate.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.28-install_db-quiet.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.25-mysqld_multi-features.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.2.3-cnf.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-community-server-5.5.6-safe-process-in-bin.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.28-group.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.33-deharcode-libdir.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-5.5.31-upgrade-datadir.patch
10.0
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.15-fortify-and-O.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.15-logrotate-su.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.15-covscan-signexpr.patch
10.1
Processed
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.1.4-no-return-in-nonvoid-function.patch
should have been fixed by rev. bfabaf64866203b79b6ef251c89e31219ec05d9d
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.41-mariadb-admincrash.patch
should have been fixed by rev. 053143efe1a78184c3dc5e6c20f6f4c59491cb7e
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.28-hotcopy.patch
should have been fixed by rev. f34a731b6a3ae0b2f1d9a3e8f9d987873ceaf32b
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.20-tabxml-bufferoverflowstrncat.patch
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.1.5-tabxml-bufferoverflowstrncat.patch
To be fixed within MDEV-8317.
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.1.50-strncat-overflow.patch
This patch suggests to subtract strlen(buff) twice. Looks like incorrect port from MySQL. There's no possible buffer overrun in MariaDB anyway.
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.32-upgrade-exit-status.patch
Applied, rev. bfe2689cf642aac122c8cf8493863dff38f69558
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-community-server-5.1.51-mysql_config.patch
Couldn't reproduce this bug as described at https://bugs.mysql.com/bug.php?id=39175. Build system went through substantial changes since this patch was relevant. At least there's no SAVE_LDFLAGS variable now.
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mysql-community-server-5.6.12-srv_buf_size.patch
Applied, https://github.com/MariaDB/server/commit/bb22eb55dba5ebe41af2f554e74520d66bbbcf26
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.16-header_files_const_warnings.patch
Applied, https://github.com/MariaDB/server/commit/727da9c8ec0e6f4baa3f03e0c4b6a11846611417
- https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.10-string-overflow.patch
Roughly speaking Coverity complains that code like "strncpy(dst[N], src[N], N)" might leave the destination string unterminated, which is only possible if source string unterminated too. This looks like false positive by Coverity. I don't like idea of hiding unterminated source string here. Won't apply.
Gliffy Diagrams
Attachments
Issue Links
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.1.50-strncat-overflow.patch
This patch suggests to subtract strlen(buff) twice. Looks like incorrect port from MySQL. There's no possible buffer overrun in MariaDB anyway.
Sergei Golubchik, please review ported patch https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.32-upgrade-exit-status.patch
Patch is at commits@.
I don't have an opinion about this patch. Up to you.
I believe it is reasonable request: scripts somehow need to distinguish between real failure and "up to date". What I'm not sure about is if there is a need to distinguish between "up to date" and "job done", but we can fix that easily if needed anyway.
Kristyna Streitova, Michal Hrusecky, a question re https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.28-install_db-quiet.patch: there is mysql_install_db --rpm, which suppresses this output. Why didn't it work for you?
I'm afraid that --rpm option would change the mysql_install_db script behaviour more than we want. If we use --rpm option it will also disable echoes about how to start and test MariaDB daemon. And we just want to adjust these echoes not disable them.
Regarding
https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-5.5.32-upgrade-exit-status.patch
Applied, rev. bfe2689cf642aac122c8cf8493863dff38f69558
It seems that there is no commit for 10.1.x branch. Is it ok? Thank you.
Kristyna Streitova, yes, it's ok. We'll merge it 5.5 -> 10.0 -> 10.1 before next release.
It has to be said that the patches should be inspected before applying. It can happen that not all of them will be necessary or you may find some of them inconvenient. So please don't forget to review them. Thank you.