| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
| |
Remove upstreamed patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
fixes:
FAILED: tpool/CMakeFiles/tpool.dir/aio_liburing.cc.o
/usr/src/openwrt/staging_dir/toolchain-x86_64_gcc-13.1.0_musl/bin/x86_64-openwrt-linux-musl-g++ -DDBUG_TRACE -DHAVE_CONFIG_H -DHAVE_URING -D_FILE_OFFSET_BITS=64 -I/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/wsrep-lib/include -I/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/wsrep-lib/wsrep-API/v26 -I/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/include -I/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/include/providers -I/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/tpool -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -fmacro-prefix-map=/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3=mariadb-10.9.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/usr/src/openwrt/staging_dir/toolchain-x86_64_gcc-13.1.0_musl/usr/include -I/usr/src/openwrt/staging_dir/toolchain-x86_64_gcc-13.1.0_musl/include/fortify -I/usr/src/openwrt/staging_dir/toolchain-x86_64_gcc-13.1.0_musl/include -DNDEBUG -DDBUG_OFF -std=gnu++11 -DHAVE_IO_URING_MLOCK_SIZE -MD -MT tpool/CMakeFiles/tpool.dir/aio_liburing.cc.o -MF tpool/CMakeFiles/tpool.dir/aio_liburing.cc.o.d -o tpool/CMakeFiles/tpool.dir/aio_liburing.cc.o -c /usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/tpool/aio_liburing.cc
/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/tpool/aio_liburing.cc: In constructor '{anonymous}::aio_uring::aio_uring(tpool::thread_pool*, int)':
/usr/src/openwrt/build_dir/target-x86_64_musl/mariadb-10.9.3/tpool/aio_liburing.cc:64:18: error: 'runtime_error' is not a member of 'std'
64 | throw std::runtime_error("aio_uring()");
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
|
| |
|
|
|
|
|
| |
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to the latest upstream version. For more details, see:
https://mariadb.com/kb/en/changes-improvements-in-mariadb-109/
Added new dependency on libfmt.
Following two patches dropped as the issues were fixed in upstream.
* 130-c11_atomics.patch
* 140-mips-connect-unaligned.patch
The rest of the patches were refreshed.
Don't need to disable cassandra and tokudb anymore as they were dropped
from upstream tarball.
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
|
| |
|
|
|
|
|
|
| |
During update we use sudo to start an instance. It probably could be
workarounded, but given the MariaDB size, dependency on sudo shouldn't
be an issue.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
| |
For every mysql* binary create corresponding mariadb binary and vice
versa.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
| |
Do not pick just few random SQL files to install, install all of them.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The raison d'ĂȘtre of package mariadb-common was to provide common my.cnf
config file that was being used to include subdirectories and then to
push utf-8 as default everywhere. Let's make this file part of the
server package as there we actually set other options as well and drop
it from all clients. Instead let's set utf-8 as default in server,
client and client libraries. While at it also set socket to the more
common path and drop mysqld_safe script from the list of configuration
files and do other minor tweaks.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
liburing is preferred over libaio. So, if liburing has already been
built, mariadb will use it, instead of libaio, failing with a missed
dependency. If it is not found, then libaio is used.
Since it depends on the kernel being built with io_uring support, and it
defaults to y unless SMALL_FLASH=y, then we should allow libaio as
fallback, checking the CONFIG_KERNEL_IO_URING symbol.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
mariadb may detect boost libraries, if the latter has been built with
threads, date_time and chorno support, then it will enable the
columnstore engine, which fails to build.
Set PKG_RELEASE:=$(AUTORLEASE).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
| |
Update to the latest stable version of MariaDB. Dropped few no longer
needed patches.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
| |
Ninja was merged to base and therefore we can now use normal cmake.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
faster to compile.
A small selection of packages was tested going from:
Executed in 696.30 secs fish external
usr time 82.98 mins 395.00 micros 82.98 mins
sys time 9.02 mins 0.00 micros 9.02 mins
to:
Executed in 592.20 secs fish external
usr time 84.84 mins 361.00 micros 84.84 mins
sys time 8.85 mins 57.00 micros 8.85 mins
Tested by running make -j 12 and wiping staging/build_dir/target_x
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
| |
Remove uClibc depends. It's gone now.
Remove CMAKE_INSTALL to avoid installing to InstallDev.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
| |
Update to the latest version from 10.4 series
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
|
| |
Remove few no longer needed bits - like checking that datadir is defined
or mysqld_safe from server package and bumping revision after all the
init script cleanups.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
|
|
|
|
| |
Use /srv/mysql as default datadir as /var/lib/mysql is in tmpfs. This
doesn't affect any existing setup as up till now it had to be always
specified in configuration. That is addressed in the second part of this
commit - init script now uses even defaults as compiled in MariaDB so
not everything has to be specified in configuration file.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| |
|
|
|
|
| |
fakeroot support was recently added to OpenWrt. Let's make use of it.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
|
| |
|
|
| |
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Even though I think that mysql_upgrade is a client package (it depends
on the mysql client and it's in the "client" directory in the source
tree, for instance), upstream laid it out differently. Since upstream
commit ec586f5 mysql_upgrade is to be considered a part of the server,
because the COMPONENT argument in the MYSQL_ADD_EXECUTABLE macro is set
to "Server".
That means that mysql_upgrade is only installed when the server is. So
we need to move it back to the server package, otherwise we will have a
build failure when mariadb-client is selected while mariadb-server is
not. This particular build failure was recently a topic on
openwrt-devel.
Some more binaries are moved, following the layout visible in
"man/CMakeLists.txt", to make sure we follow upstream's vision with
regards to how the binaries are packaged.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream added define INSTALL_PAMDATADIR, so hardcoded path is gone.
Fixes:
CVE-2020-2752
CVE-2020-2812
CVE-2020-2814
CVE-2020-2760
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mysqld_safe is the recommended way to start the server on non-systemd
systems ([1]). For instance, it has a crash detection with auto-restart
function, can update ulimits, setup core files, set the niceness of the
server etc. It looks like it could also be helpful when trying to set up
clusters. It's maintained upstream and adding it means we don't need to
add these features into our init script.
mysqld_safe is a script itself, so it's added to conffiles in case users
want to edit it.
It can't be run under procd, so the init script is converted to a normal
System V type. To stop the server and to reload the privileges tables
mysqladmin is used. To that end mysqladmin is moved into the server
package.
While changing the init script, the Debian init script was used for
ideas. It wasn't copied verbatim and adapted a bit here and there.
Thanks to whoever wrote it!
This commit removes the support for starting the service as a user other
than "mariadb". This makes the init script simpler. If anybody wants to
play around with the user then it's up to them to fix the permissions.
[1] https://mariadb.com/kb/en/mysqld_safe/
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
| |
It's really a client. It connects to the running server as a client, to
upgrade the DBs. And it depends on both mysql and mysqlcheck.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With INSTALL_PAMDIR undefined some items necessary for the auth_pam
module aren't built. This adds the define so that configuration and
shared object become available.
This commit also tightens up the installation of the SUID tool. The
directory it is copied into gets created on the build host already with
u=rwx,g=rx,o=, so it cannot be accessed on target, except by root. The
post-install script then changes group ownership of the directory to the
"mariadb" group only if the directory is really a directory and owned by
"root:root".
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Until now $(INSTALL_CONF) is used for configuration files that go into
/etc/mysql. This commit replaces that with $(INSTALL_DATA). The
configuration files are not only parsed by the server, but also by the
clients (which can be anybody).
This also removes a comment about a cron job from one of the
configuration files. There is no cron job.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Today CVE-2020-7221 was publicly discussed on oss-sec [1]. MariaDB
upstream had not mentioned this CVE in their last release notes. The CVE
is related to auth-pam and the possibility of a local mariadb to root
user exploit in the mysql_install_db script.
Upstream has made amendments to the script, but according to the oss-sec
posts the folder permissions were not updated as they should have been.
In OpenWrt the script mysql_install_db is actually patched to never run
the commands in question. This has been this way since MariaDB 10.4 was
made available.
Still, the directory permissions set by the postinstall script are too
lax. To quote the discoverer of the issue, Matthias Gerstner from Suse,
they exhibit "the dangerous situation of a setuid-root binary residing
in a directory owned by an unprivileged user".
This commit fixes this by changing the permissions to the following:
root:mariadb 0750 /usr/lib/mariadb/plugin/auth_pam_tool_dir
This way the setuid-root binary is only available to root and the
mariadb user, while at the same time the mariadb user has no ownership
of the directory.
[1] https://seclists.org/oss-sec/2020/q1/55
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
Fixes CVE-2020-2574.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MariaDB 10.4 includes some changes in sql/sql_statistics.cc that require
std::fmin and std::fmax. But these functions aren't available when
libstdc++ is compiled against uClibc, because uClibc doesn't pass the
test when libstdc++ checks for C99 math that supports "TR1" facilities
(macro: GLIBCXX_CHECK_C99_TR1).
Hence compilation fails:
[ 90%] Building CXX object sql/CMakeFiles/sql.dir/sql_table.cc.o
/builder/shared-workdir/build/sdk/build_dir/target-arc_archs_uClibc/mariadb-10.4.10/sql/sql_statistics.cc: In member function 'void Column_statistics_collected::finish(ha_rows, double)':
/builder/shared-workdir/build/sdk/build_dir/target-arc_archs_uClibc/mariadb-10.4.10/sql/sql_statistics.cc:2533:20: error: 'fmax' is not a member of 'std'
val = std::fmax(estimate_total_distincts * (rows - nulls) / rows, 1.0);
This commit updates package dependencies to prevent a build against
uClibc. There is no reason to waste CPU cycles on the build bots.
The dependencies are also tidied up. In the past it made sense to define
MARIADB_COMMON_DEPENDS and MARIADB_COMMON_DEPENDS_EXE, because the
server had different dependencies compared to the library. But since the
library is now in its own package we can remove the differentiation.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
| |
This adds a few lines to the BuildPlugin routine to install some missing
files for auth_pam as well as ha_spider.
It also adds a postinstall script that updates the ownership of a
directory used by auth_pam.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
| |
This way when only wanting the library nobody needs to download and
compile the server package, saving space and time. Also this way we can
avoid sudden SONAME bumps during a server upgrade.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
| |
This moves mariadb-common into its own (tiny) package in preparation for
moving out libmariadb as well. Otherwise the library would have a
dependency on the big mariadb package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Highlights:
- Bump from 10.2.26 to 10.4.10
- auth_pam got replaced with never version, old one still available as
auth_pam_v1
- semisync plugins were merged into the core
- Upstream now installs symlinks for binaries with mariadb prefix. To
accommodate that this commit updates Package/mariadb/install/bin
accordingly.
- Patches are updated with new ones from Debian and Arch (thanks!)
- libedit patch dropped because it's upstream now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New upstream release. Addresses:
CVE-2019-2805
CVE-2019-2740
CVE-2019-2739
CVE-2019-2737
CVE-2019-2758
Package updates:
- includes "THIRDPARTY" in PKG_LICENSE_FILES
- drops client_ed25519 as a dynamic plugin and install it with the lib
as per upstream decision
- refreshes patches
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
Fixed a typo in tcpreplay.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Now that libaio compiles on arc targets we need to add the dependency to
libaio on these targets as well.
resolves #9298
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From Release Notes:
Security
MDEV-18686 - Add option to PAM authentication plugin to allow case insensitive username matching
bugfix - multi-update checked privileges on views incorrectly (commit 5057d4637525eadad438d25ee6a4870a4e6b384c)
MDEV-19276 - during connect, write error log warning for ER_DBACCESS_DENIED_ERROR, if log_warnings > 1
MDEV-17456 - Malicious SUPER user can possibly change audit log configuration without leaving traces.
Fixes for the following security vulnerabilities:
CVE-2019-2614
CVE-2019-2627
CVE-2019-2628
OpenWrt changes:
- added PKG_CPE_ID
- shortened default description to make "opkg info" output easier on the eyes
- refreshed patches
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From upstream release notes:
- Backport Information Schema CHECK_CONSTRAINTS Table.
- MDEV-17475: Maximum value of table_definition_cache is now 2097152.
- InnoDB ALTER TABLE fixes: MDEV-16499, MDEV-18186, MDEV-18237, MDEV-18222,
MDEV-18256, MDEV-18016, MDEV-16849
- Mariabackup fixes: MDEV-18185, MDEV-18201, MDEV-18194
- Galera crash recovery fix: MDEV-15740
- Encryption fixes: MDEV-18129, MDEV-18183, MDEV-18279
- Fixes for the following security vulnerabilities:
- CVE-2019-2510
- CVE-2019-2537
OpenWrt notes:
- OpenSSL patch dropped as issue fixed upstream
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
The shared library does not depend on libatomic nor libstdcpp anymore.
This is very good news for the users of said lib.
This commit updates the depends accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
| |
Version bump. Adds new upstream plugin caching_sha2_password.so to the
client lib package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
50-client.cnf is used by the client library, so it should be installed
with the library. This commit moves the configuration file to the
correct package and updates its depend (50-client.cnf is sourced by
my.cnf from mariadb-common).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Does away with /etc/default/mysqld, introduces uci configuration
instead. The init script receives some further brushing up, like a
function (copied from Debian) to get mysqld configuration parameters
easily and quickly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
| |
- correct spelling in comments ("mariadb" to "MariaDB")
- remove mysqld_safe and mysqld_safe_helper (not used)
- add some extra cmake configuration defines
- remove cmake configuration defines that don't exist in the source
- don't disable address sanitizer (ASAN) support
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|