[arch-commits] Commit in mariadb/trunk (2 files)
Christian Hesse
eworm at archlinux.org
Fri Jan 25 15:15:05 UTC 2019
Date: Friday, January 25, 2019 @ 15:15:05
Author: eworm
Revision: 344766
upgpkg: mariadb 10.3.12-5
Let's prepare for systemd v241...
Added:
mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
Modified:
mariadb/trunk/PKGBUILD
------------------------------------------------------------------+
0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 32 ++++++++++
PKGBUILD | 13 +++-
2 files changed, 42 insertions(+), 3 deletions(-)
Added: 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
===================================================================
--- 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch (rev 0)
+++ 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 2019-01-25 15:15:05 UTC (rev 344766)
@@ -0,0 +1,32 @@
+From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 25 Jan 2019 14:50:53 +0100
+Subject: fix galera_recovery with fs.protected_regular enabled
+
+The fs.protected_regular sysctls was added in Linux 4.19 to make some
+data spoofing attacks harder. With systemd v241 these will be enabled
+by default.
+
+With this protection enabled galera_recovery fails with EPERM
+(permission denied). This is caused by a wrong security measure:
+The script changes ownership of $log_file to $user, though $user never
+touches it. The shell redirection writes output to the file, not mysqld.
+So just drop chown to fix this.
+---
+ scripts/galera_recovery.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index c58f3d8f6b9..c70decc0005 100644
+--- a/scripts/galera_recovery.sh
++++ b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+- [ "$euid" = "0" ] && chown $user $log_file
+- chmod 600 $log_file
++ chmod 600 $log_file
+ else
+ log "WSREP: mktemp failed"
+ fi
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-01-25 14:46:35 UTC (rev 344765)
+++ PKGBUILD 2019-01-25 15:15:05 UTC (rev 344766)
@@ -5,7 +5,7 @@
pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop')
pkgdesc='Fast SQL database server, derived from MySQL'
pkgver=10.3.12
-pkgrel=4
+pkgrel=5
arch=('x86_64')
license=('GPL')
url='https://mariadb.org/'
@@ -13,10 +13,12 @@
'openssl' 'systemd' 'zlib' 'zstd')
validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key <package-signing-key at mariadb.org>
source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
- '0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch')
+ '0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch'
+ '0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch')
sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6'
'SKIP'
- 'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7')
+ 'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7'
+ '66e0acac7436fd8925710ef5cc66ba1a8f63a385ce374f01ae83096cc33d97a0')
prepare() {
cd $pkgbase-$pkgver/
@@ -44,6 +46,11 @@
# https://github.com/systemd/systemd/issues/11510
# https://jira.mariadb.org/browse/MDEV-18360
patch -Np1 < ../0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
+
+ # fix galera_recovery with fs.protected_regular enabled
+ # https://github.com/MariaDB/server/pull/1137
+ patch -Np1 < ../0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
+
}
build() {
More information about the arch-commits
mailing list