packages/mysql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!63 fix CVE-2021-2340 CVE-2021-2356 CVE-2021-2339 CVE-2021-2354 CVE-2021-2352

Browse Source 
From: @programmer12
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-08-10 06:09:01 +00:00 committed by Gitee
commit 052b2ee5fd
2 changed files with 6 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mysql-arm32-timer.patch
View File

@ -1,14 +0,0 @@
--- mysql-8.0.24/mysql-test/include/mtr_warnings.sql.orig 2021-04-18 18:04:05.166312799 +0200
+++ mysql-8.0.24/mysql-test/include/mtr_warnings.sql 2021-04-18 18:04:23.605495467 +0200
@@ -308,6 +308,11 @@
*/
("Manifest file '.*' is not read-only. For better security, please make sure that the file is read-only."),
+ /*
+ ARM32 don't support timers and get this warning in every test.
+ */
+ ("The CYCLE timer is not available. WAIT events in the performance_schema will not be timed."),
+
("THE_LAST_SUPPRESSION");

16
mysql.spec
View File

@ -6,15 +6,12 @@
%global pkgnamepatch mysql %global pkgnamepatch mysql
%global boost_bundled_version 1.73.0 %global boost_bundled_version 1.73.0
Name: mysql Name: mysql
Version: 8.0.24 Version: 8.0.26
Release: 1 Release: 1
License: GPLv2 with exceptions and LGPLv2 and BSD License: GPLv2 with exceptions and LGPLv2 and BSD
Summary: The world's most popular open source database Summary: The world's most popular open source database
URL: http://www.mysql.com/ URL: http://www.mysql.com/
Source0: https://cdn.mysql.com/archives/%{name}-8.0/%{name}-boost-%{version}.tar.gz Source0: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz
Source1: %{name}-boost-%{version}.tar.gz.aa
Source2: %{name}-boost-%{version}.tar.gz.ab
Source3: %{name}-boost-%{version}.tar.gz.ac
Patch0:0000-mysql-add-fstack-protector-strong.patch Patch0:0000-mysql-add-fstack-protector-strong.patch
Patch1:%{pkgnamepatch}-install-test.patch Patch1:%{pkgnamepatch}-install-test.patch
Patch3:%{pkgnamepatch}-file-contents.patch Patch3:%{pkgnamepatch}-file-contents.patch
@ -22,7 +19,6 @@ Patch5:%{pkgnamepatch}-paths.patch
Patch6:%{pkgnamepatch}-chain-certs.patch Patch6:%{pkgnamepatch}-chain-certs.patch
Patch7:%{pkgnamepatch}-sharedir.patch Patch7:%{pkgnamepatch}-sharedir.patch
Patch8:%{pkgnamepatch}-rpath.patch Patch8:%{pkgnamepatch}-rpath.patch
Patch9:%{pkgnamepatch}-arm32-timer.patch
Patch10:boost-1.58.0-pool.patch Patch10:boost-1.58.0-pool.patch
Patch11:boost-1.57.0-mpl-print.patch Patch11:boost-1.57.0-mpl-print.patch
Patch12:%{pkgnamepatch}-fix-includes-robin-hood.patch Patch12:%{pkgnamepatch}-fix-includes-robin-hood.patch
@ -47,9 +43,6 @@ the GPL. See the chapter "Licensing and Support" in the manual for
further info. further info.
%prep %prep
cd ../SOURCES
cat %{SOURCE1} %{SOURCE2} %{SOURCE3} | tar xj
cd ..
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
@ -58,7 +51,6 @@ cd ..
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
pushd boost/boost_$(echo %{boost_bundled_version}| tr . _) pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
@ -124,6 +116,10 @@ fi
%exclude /usr/lib/debug %exclude /usr/lib/debug
%changelog %changelog
* Mon Aug 2 2021 liwu <liwu13@huawei.com> - 8.0.26-1
- Upgrade mysql to 8.0.26,fix CVES:CVE-2021-2356,CVE-2021-2339,CVE-2021-2354
CVE-2021-2352,CVE-2021-2340
* Thu May 6 2021 wangxiao <wangxiao65@huawei.com> 8.0.24-1 * Thu May 6 2021 wangxiao <wangxiao65@huawei.com> 8.0.24-1
- Upgrade mysql to 8.0.24, fix CVES: CVE-2021-2166 CVE-2021-2146 - Upgrade mysql to 8.0.24, fix CVES: CVE-2021-2166 CVE-2021-2146
CVE-2021-2162 CVE-2021-2212 CVE-2021-2299 CVE-2021-2293 CVE-2021-2215 CVE-2021-2162 CVE-2021-2212 CVE-2021-2299 CVE-2021-2293 CVE-2021-2215