import mariadb-5.5.56-2.el7

.gitignore

@@ -1 +1 @@
-SOURCES/mariadb-5.5.52.tar.gz
+SOURCES/mariadb-5.5.56.tar.gz

.mariadb.metadata

@@ -1 +1 @@
-bbedcc0eba7580d1ef16f2dfe4868cf9f31a636d SOURCES/mariadb-5.5.52.tar.gz
+7edaedfdc1bc6ee1856925cd9bf67c3ed2924a75 SOURCES/mariadb-5.5.56.tar.gz

SOURCES/mariadb-prepare-db-dir

@@ -9,9 +9,13 @@
 # We use my_print_defaults which prints all options from multiple files,
 # with the more specific ones later; hence take the last match.
 get_mysql_option(){
+        if [ $# -ne 3 ] ; then
+          echo "get_mysql_option requires 3 arguments: section option default_value"
+          return
+        fi
         result=`/usr/bin/my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1`
         if [ -z "$result" ]; then
-            # not found, use default
+            # if not found, use the default value
             result="$3"
         fi
 }
@@ -24,6 +28,8 @@ errlogfile="$result"
 get_mysql_option mysqld socket "$datadir/mysql.sock"
 socketfile="$result"
 
+
+
 # Absorb configuration settings from the specified systemd service file,
 # or the default "mysqld" service if not specified
 SERVICE_NAME="$1"
@@ -46,11 +52,28 @@ then
     mygroup=mysql
 fi
 
+
+
 # Set up the errlogfile with appropriate permissions
-touch "$errlogfile"
+if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
-chown "$myuser:$mygroup" "$errlogfile"
+    case $(basename "$errlogfile") in
-chmod 0640 "$errlogfile"
+        mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
-[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile"
+        *) ;;
+    esac
+else
+    # Provide some advice if the log file cannot be created by this script
+    errlogdir=$(dirname "$errlogfile")
+    if ! [ -d "$errlogdir" ] ; then
+        echo "The directory $errlogdir does not exist."
+        exit 1
+    elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
+        echo "The log file $errlogfile cannot be written, please, fix its permissions."
+        echo "The daemon will be run under $myuser:$mygroup"
+        exit 1
+    fi
+fi
+
+
 
 # We check if there is already a process using the socket file,
 # since otherwise this systemd service file could report false
@@ -62,8 +85,33 @@ if fuser "$socketfile" &>/dev/null ; then
     exit 1
 fi
 
-# Make the data directory
+
-if [ ! -d "$datadir/mysql" ] ; then
+
+export LC_ALL=C
+
+# Returns content of the specified directory
+# If listing files fails, fake-file is returned so which means
+# we'll behave like there was some data initialized
+# Some files or directories are fine to be there, so those are
+# explicitly removed from the listing
+# @param <dir> datadir
+list_datadir ()
+{
+    ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
+    -e '^lost+found$' \
+    -e '\.err$' \
+    -e '^.bash_history$'
+}
+
+# Checks whether datadir should be initialized
+# @param <dir> datadir
+should_initialize ()
+{
+    test -z "$(list_datadir "$1")"
+}
+
+# Make the data directory if doesn't exist or empty
+if should_initialize "$datadir" ; then
     # First, make sure $datadir is there with correct permissions
     # (note: if it's not, and we're not root, this'll fail ...)
     if [ ! -e "$datadir" -a ! -h "$datadir" ]
@@ -74,21 +122,49 @@ if [ ! -d "$datadir/mysql" ] ; then
     chmod 0755 "$datadir"
     [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
 
+
+
     # Now create the database
-    echo "Initializing MySQL database"
+    echo "Initializing MariaDB database"
-    /usr/bin/mysql_install_db --datadir="$datadir" --user="$myuser"
+    # Avoiding deletion of files not created by mysql_install_db is
+    # guarded by time check and sleep should help work-arounded
+    # potential issues on systems with 1 second resolution timestamps
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
+    INITDB_TIMESTAMP=`LANG=C date -u`
+    sleep 1
+    /usr/bin/mysql_install_db --rpm --datadir="$datadir" --user="$myuser"
     ret=$?
     if [ $ret -ne 0 ] ; then
-        echo "Initialization of MySQL database failed." >&2
+        echo "Initialization of MariaDB database failed." >&2
-        echo "Perhaps /etc/my.cnf is misconfigured." >&2
+        echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
         # Clean up any partially-created database files
-        if [ ! -e "$datadir/mysql/user.frm" ] ; then
+        if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
-            rm -rf "$datadir"/*
+            echo "Initialization of MariaDB database was not finished successfully." >&2
+            echo "Files created so far will be removed." >&2
+            find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
+                 -not -name "lost+found" -exec rm -rf {} +
+            if [ $? -ne 0 ] ; then
+                echo "Removing of created files was not successfull." >&2
+                echo "Please, clean directory $datadir manually." >&2
+            fi
+        else
+            echo "However, part of data has been initialized and those will not be removed." >&2
+            echo "Please, clean directory $datadir manually." >&2
         fi
         exit $ret
     fi
-    # In case we're running as root, make sure files are owned properly
+else
-    chown -R "$myuser:$mygroup" "$datadir"
+    if [ -d "$datadir/mysql/" ] ; then
+        # mysql dir exists, it seems data are initialized properly
+        echo "Database MariaDB is probably initialized in $datadir already, nothing is done."
+        echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
+    else
+        # if the directory is not empty but mysql/ directory is missing, then
+        # print error and let user to initialize manually or empty the directory
+        echo "Database MariaDB is not initialized, but the directory $datadir is not empty, so initialization cannot be done."
+        echo "Make sure the $datadir is empty before running `basename $0`."
+        exit 1
+    fi
 fi
 
 exit 0

SOURCES/rh-skipped-tests-arm.list

@@ -1,8 +0,0 @@
-
-# Disable perfschema.func_file_io and perfschema.func_mutex, which fail
-# because cycle counter returns 0 every time on ARM architectures.
-# This is caused by missing hardware performance counter support on ARM.
-# Discussion about fixing that can be found in RH bug #741325.
-
-perfschema.func_file_io   : rhbz#773116 cycle counter does not work on arm
-perfschema.func_mutex     : rhbz#773116 cycle counter does not work on arm

SOURCES/rh-skipped-tests-base.list

@@ -1,5 +1,3 @@
-# Disable innodb.innodb, which is showing platform-dependent results
+# Tests and a bug where we track the failure in the following format:
-# as of 5.5.9.  Upstream at http://bugs.mysql.com/bug.php?id=60155
+# suite.test : rhbz#1234567
-
-innodb.innodb             : bug#60155 has platform-dependent results
 

SPECS/mariadb.spec

@@ -3,8 +3,8 @@
 %bcond_with tokudb
 
 Name: mariadb
-Version: 5.5.52
+Version: 5.5.56
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 
 Summary: A community developed branch of MySQL
@@ -34,7 +34,6 @@ Source11: mariadb.service
 Source12: mariadb-prepare-db-dir
 Source13: mariadb-wait-ready
 Source14: rh-skipped-tests-base.list
-Source15: rh-skipped-tests-arm.list
 Source16: README.mysql-cnf
 # Working around perl dependency checking bug in rpm FTTB. Remove later.
 Source999: filter-requires-mysql.sh
@@ -62,6 +61,8 @@ BuildRequires: time procps
 # perl modules needed to run regression tests
 BuildRequires: perl(Socket), perl(Time::HiRes)
 BuildRequires: perl(Data::Dumper), perl(Test::More), perl(Env)
+# version 5.5.56+ requires checkpolicy and policycoreutils-python
+BuildRequires: checkpolicy policycoreutils-python
 
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: grep, fileutils, bash
@@ -226,22 +227,13 @@ rm -f mysql-test/t/ssl_8k_key-master.opt
 
 # generate a list of tests that fail, but are not disabled by upstream
 cat %{SOURCE14} > mysql-test/rh-skipped-tests.list
-# disable some tests failing on ARM architectures
+# disable some tests failing on particular aches
-%ifarch %{arm} aarch64
+%ifarch aarch64
-cat %{SOURCE15} >> mysql-test/rh-skipped-tests.list
+echo "perfschema.dml_setup_timers : rhbz#1449880" >> mysql-test/rh-skipped-tests.list
-%endif
-# disable some tests failing on ppc and s390
-%ifarch ppc %{power64} s390 s390x aarch64
-echo "main.gis-precise : rhbz#906367" >> mysql-test/rh-skipped-tests.list
 %endif
 %ifarch i686
 echo "main.mysql_client_test_nonblock : rhbz#1021450" >> mysql-test/rh-skipped-tests.list
 %endif
-%ifarch %{power64}
-echo "rpl.rpl_insert : rhbz#1125605" >> mysql-test/rh-skipped-tests.list
-echo "rpl.rpl_insert_delayed : rhbz#1125605" >> mysql-test/rh-skipped-tests.list
-echo "main.mysqlslap : rhbz#1125605" >> mysql-test/rh-skipped-tests.list
-%endif
 
 %build
 
@@ -346,9 +338,10 @@ done
   (
     cd mysql-test
     perl ./mysql-test-run.pl --force --retry=0 \
+	--skip-test-list=rh-skipped-tests.list \
 	--suite-timeout=720 --testcase-timeout=30 \
 	--mysqld=--binlog-format=mixed --force-restart \
-	--shutdown-timeout=60 || :
+	--shutdown-timeout=60
     # cmake build scripts will install the var cruft if left alone :-(
     rm -rf var
   )
@@ -475,7 +468,6 @@ rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/mysql
 
 # remove doc files that we rather pack using %%doc
 rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/COPYING
-rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/COPYING.LESSER
 rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INFO_BIN
 rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INFO_SRC
 rm -f ${RPM_BUILD_ROOT}%{_datadir}/doc/INSTALL-BINARY
@@ -524,7 +516,7 @@ fi
 %postun embedded -p /sbin/ldconfig
 
 %files
-%doc README COPYING COPYING.LESSER README.mysql-license
+%doc README COPYING README.mysql-license
 %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google
 %doc README.mysql-docs
 
@@ -566,7 +558,7 @@ fi
 %config(noreplace) %{_sysconfdir}/my.cnf.d/client.cnf
 
 %files libs
-%doc README COPYING COPYING.LESSER README.mysql-license
+%doc README COPYING README.mysql-license
 %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google
 # although the default my.cnf contains only server settings, we put it in the
 # libs package because it can be used for client settings too.
@@ -623,6 +615,7 @@ fi
 %{_bindir}/mysqldumpslow
 %{_bindir}/mysqld_multi
 %{_bindir}/mysqld_safe
+%{_bindir}/mysqld_safe_helper
 %{_bindir}/mysqlhotcopy
 %{_bindir}/mysqltest
 %{_bindir}/innochecksum
@@ -706,7 +699,7 @@ fi
 %{_mandir}/man1/mysql_config.1*
 
 %files embedded
-%doc README COPYING COPYING.LESSER README.mysql-license
+%doc README COPYING README.mysql-license
 %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google
 %{_libdir}/mysql/libmysqld.so.*
 
@@ -728,6 +721,33 @@ fi
 %{_mandir}/man1/mysql_client_test.1*
 
 %changelog
+* Thu Jun 08 2017 Honza Horak <hhorak@redhat.com> - 1:5.5.56-2
+- Do not fix context and change owner if run by root in mariadb-prepare-db-dir
+  Related: #1458940
+- Check properly that datadir includes only expected files
+  Related: #1356897
+
+* Mon Jun 05 2017 Honza Horak <hhorak@redhat.com> - 1:5.5.56-1
+- Rebase to 5.5.56
+  That release also fixes the following security issues:
+  CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243
+  CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318
+  CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308
+  CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
+  Resolves: #1458933
+  New deps required by upstream: checkpolicy and policycoreutils-python
+  License text removed by upstream: COPYING.LESSER
+  Do not ignore test-suite failure
+  Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265
+  Resolves: #1458940
+
+* Tue Mar 21 2017 Michal Schorm <mschorm@redhat.com> - 5.5.52-2
+- Extension of mariadb-prepare-db-dir script
+- Resolves: #1356897
+
+- Rebase to 5.5.52, that also include fix for CVE-2016-6662
+  Resolves: #1377974
+
 * Wed Sep 21 2016 Honza Horak <hhorak@redhat.com> - 5.5.52-1
 - Rebase to 5.5.52, that also include fix for CVE-2016-6662
   Resolves: #1377974