diff --git a/debian/changelog b/debian/changelog index 9d25f8c0d203fcf905ad87022e8617ea4ce7551b..45cac27446c70cc38b909bc0f1aba4137ebd100c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +mariadb-10.1 (10.1.39-0+deb9u1) stretch-security; urgency=high + + * SECURITY UPDATE: New upstream version 10.1.39. Includes fixes for + the following security vulnerabilities: + - CVE-2019-2627 + - CVE-2019-2614 + * Amend previous changelog entries to include newly released CVE numbers. + + -- Otto Kekäläinen Fri, 03 May 2019 10:18:41 +0300 + mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for @@ -23,6 +33,7 @@ mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high * SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for the following security vulnerabilities (Closes: #912848): + - CVE-2019-2503 - CVE-2018-3282 - CVE-2018-3251 - CVE-2018-3174 @@ -46,6 +57,7 @@ mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high - CVE-2018-3058 * Previous upstream version 10.1.33 included fixes for the following security vulnerabilities: + - CVE-2019-2455 - CVE-2018-2819 - CVE-2018-2817 - CVE-2018-2813 @@ -69,6 +81,7 @@ mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high * Revert "Update d/gbp.conf to track stretch branches" * New upstream version 10.1.30. Includes fixes for the following security vulnerabilities (Closes: #885345): + - CVE-2018-3133 - CVE-2017-15365 * Amend previous Debian changelog entries to contain new CVE identifiers * Refresh patches for MariaDB 10.1.30 and again for .34 diff --git a/debian/patches/mips-compilation-failure-__bss_start-symbol-miss.patch b/debian/patches/mips-compilation-failure-__bss_start-symbol-miss.patch index 1f44e3b396b8592a067b918214fdd6e0fb895730..1586de3507f8a3694ca32da0a11a0a2e01641b88 100644 --- a/debian/patches/mips-compilation-failure-__bss_start-symbol-miss.patch +++ b/debian/patches/mips-compilation-failure-__bss_start-symbol-miss.patch @@ -18,11 +18,9 @@ and will correctly detect if __bss_start will be available or not. configure.cmake | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 53d67813b5c..b6300d28b2d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -318,6 +318,8 @@ ELSE() +@@ -333,6 +333,8 @@ ELSE() SET(DEFAULT_TMPDIR "\"${TMPDIR}\"") ENDIF() @@ -31,7 +29,7 @@ index 53d67813b5c..b6300d28b2d 100644 # Run platform tests INCLUDE(configure.cmake) -@@ -350,8 +352,6 @@ CHECK_JEMALLOC() +@@ -365,8 +367,6 @@ CHECK_JEMALLOC() CHECK_PCRE() @@ -40,8 +38,6 @@ index 53d67813b5c..b6300d28b2d 100644 IF(CMAKE_CROSSCOMPILING) SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build") INCLUDE(${IMPORT_EXECUTABLES}) -diff --git a/cmake/systemd.cmake b/cmake/systemd.cmake -index 692d4df9f26..61ff6e8812b 100644 --- a/cmake/systemd.cmake +++ b/cmake/systemd.cmake @@ -15,6 +15,8 @@ @@ -53,8 +49,6 @@ index 692d4df9f26..61ff6e8812b 100644 MACRO(CHECK_SYSTEMD) IF(UNIX) -diff --git a/configure.cmake b/configure.cmake -index b036d457294..b2d8fbcdb9e 100644 --- a/configure.cmake +++ b/configure.cmake @@ -130,6 +130,9 @@ IF(UNIX) @@ -67,6 +61,3 @@ index b036d457294..b2d8fbcdb9e 100644 # Need explicit pthread for gcc -fsanitize=address IF(CMAKE_USE_PTHREADS_INIT AND CMAKE_C_FLAGS MATCHES "-fsanitize=") SET(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} pthread) --- -2.19.2 - diff --git a/debian/patches/mysql-test__db_test.patch b/debian/patches/mysql-test__db_test.patch index ded65d88e91d2e20f5265010ec48d6fd0f345e4a..a7fb43e6e423d6f13c51fa998b328bee164add69 100644 --- a/debian/patches/mysql-test__db_test.patch +++ b/debian/patches/mysql-test__db_test.patch @@ -14,7 +14,7 @@ Subject: mysql-test__db_test --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl -@@ -3225,6 +3225,10 @@ sub mysql_install_db { +@@ -3227,6 +3227,10 @@ sub mysql_install_db { mtr_appendfile_to_file("$sql_dir/mysql_system_tables_data.sql", $bootstrap_sql_file); diff --git a/debian/patches/remove_rename_mariadb-server_files_in.patch b/debian/patches/remove_rename_mariadb-server_files_in.patch index 1256c8dbbe131ce7111fca7eeaf300f328c77b8f..f5df84139f91e17d6871d80c3440852a26d0e170 100644 --- a/debian/patches/remove_rename_mariadb-server_files_in.patch +++ b/debian/patches/remove_rename_mariadb-server_files_in.patch @@ -8,7 +8,7 @@ Subject: remove_rename_mariadb-server_files_in --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -456,12 +456,6 @@ CONFIGURE_FILE( +@@ -465,12 +465,6 @@ CONFIGURE_FILE( ${CMAKE_SOURCE_DIR}/cmake/info_macros.cmake.in ${CMAKE_BINARY_DIR}/info_macros.cmake @ONLY) diff --git a/debian/patches/scripts__mysql_install_db.sh__no_test.patch b/debian/patches/scripts__mysql_install_db.sh__no_test.patch index 68d30932d1c5e80428dc406a154f425129e062ad..b5181f55460170592e3c1e814c105b6124317c3a 100644 --- a/debian/patches/scripts__mysql_install_db.sh__no_test.patch +++ b/debian/patches/scripts__mysql_install_db.sh__no_test.patch @@ -2,23 +2,16 @@ From: Debian MySQL Maintainers Date: Thu, 10 Aug 2017 20:40:28 +0200 Subject: scripts__mysql_install_db.sh__no_test -## 41_scripts__mysql_install_db.sh__no_test.dpatch by -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: scripts__mysql_install_db.sh__no_test -## DP: http://bugs.mysql.com/bug.php?id=6901 ---- - scripts/mysql_install_db.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) +Updated 2019-05-03 to match upstream change: +https://github.com/mariadb/server/commit/3db6de33b2b47a3c31bc8f8deb721abe0c5b0e1c --- a/scripts/mysql_install_db.sh +++ b/scripts/mysql_install_db.sh -@@ -429,7 +429,7 @@ then - fi - - # Create database directories --for dir in "$ldata" "$ldata/mysql" "$ldata/test" -+for dir in "$ldata" "$ldata/mysql" - do - if test ! -d "$dir" - then +@@ -36,7 +36,6 @@ in_rpm=0 + ip_only=0 + cross_bootstrap=0 + install_params="create database if not exists mysql; +-create database if not exists test; + use mysql;" + auth_root_authentication_method=normal + auth_root_socket_user='root'