mariadb is vulnerable to CVE-2021-27928 (RCE)

Léo Le Bouter wrote on 19 Mar 11:25 +0100

Recipients:(address . bug-guix@gnu.org)

Message-ID:7d6d60c61fc372f62125ef5a36bc22956db5907e.camel@zaclys.net

CVE-2021-27928 04:15A remote code execution issue was discovered in MariaDB 10.2 before10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before10.5.9; Percona Server through 2021-03-03; and the wsrep patch through2021-03-03 for MySQL. An untrusted search path leads to eval injection,in which a database SUPER user can execute OS commands after modifyingwsrep_provider and wsrep_notify_cmd. NOTE: this does not affect anOracle product.
From https://jira.mariadb.org/browse/MDEV-25179it looks like 10.5.9fixes it for us since we package 10.5.8 currently.
However:
$ ./pre-inst-env guix refresh -l mariadbBuilding the following 552 packages would ensure 1047 dependentpackages are rebuilt:[..]
Is it possible to graft mariadb you think? I am thinking this issuedoesnt need updating of the "lib" output which is what's causing thehigh number of dependents AIUI. I am not sure we could actually updateindividual outputs right now though. Might be a good idea to split thepackages for the future.
Léo

Léo Le Bouter wrote on 19 Mar 11:30 +0100

Recipients:(address . control@debbugs.gnu.org)

Message-ID:de686d52fe6693eb528cd372273e916ea66f9b2a.camel@zaclys.net

tags 47257 + securityquit

Julien Lepiller wrote on 19 Mar 12:15 +0100

Recipients:

Message-ID:65A2F9EE-030F-4174-95B0-4A862188EA3D@lepiller.eu

You need to graft: when building a package, the output hash depends on the inputs, sources and instructions, so even if the content of the lib output does not change, its store path does, leading to a rebuild.
Le 19 mars 2021 06:25:31 GMT-04:00, "Léo Le Bouter via Bug reports for GNU Guix" <bug-guix@gnu.org> a écrit :

Toggle quote (26 lines)>CVE-2021-27928	04:15>A remote code execution issue was discovered in MariaDB 10.2 before>10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before>10.5.9; Percona Server through 2021-03-03; and the wsrep patch through>2021-03-03 for MySQL. An untrusted search path leads to eval injection,>in which a database SUPER user can execute OS commands after modifying>wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an>Oracle product.>>From https://jira.mariadb.org/browse/MDEV-25179 it looks like 10.5.9>fixes it for us since we package 10.5.8 currently.>>However:>>$ ./pre-inst-env guix refresh -l mariadb>Building the following 552 packages would ensure 1047 dependent>packages are rebuilt:>[..]>>Is it possible to graft mariadb you think? I am thinking this issue>doesnt need updating of the "lib" output which is what's causing the>high number of dependents AIUI. I am not sure we could actually update>individual outputs right now though. Might be a good idea to split the>packages for the future.>>Léo

Attachment: file

Léo Le Bouter wrote on 19 Mar 12:35 +0100

[PATCH 1/1] gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928].

Recipients:(address . 47257@debbugs.gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:20210319113537.18290-2-lle-bout@zaclys.net

* gnu/packages/databases.scm (mariadb/fixed): New variable.(mariadb)[replacement]: Graft.--- gnu/packages/databases.scm | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)

Toggle diff (53 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 8be83f5cbe..6fdb22d7fb 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -734,6 +734,7 @@ Language.")                             (append (find-files "extra/wolfssl")                                     (find-files "zlib")))                   #t))))+    (replacement mariadb/fixed)     (build-system cmake-build-system)     (outputs '("out" "lib" "dev"))     (arguments@@ -969,6 +970,38 @@ Language.") as a drop-in replacement of MySQL.")     (license license:gpl2))) +(define mariadb/fixed+  (package/inherit mariadb+    (version "10.5.9")+    (source (origin+              (method url-fetch)+              (uri (string-append "https://downloads.mariadb.com/MariaDB"+                                  "/mariadb-" version "/source/mariadb-"+                                  version ".tar.gz"))+              (sha256+               (base32+                "1kv8226ydyh4nyfx432dxqdkbry92c92bwlc33f1y56yp2p1kas0"))+              (modules '((guix build utils)))+              (snippet+               '(begin+                  ;; Delete bundled snappy and xz.+                  (delete-file-recursively "storage/tokudb/PerconaFT/third_party")+                  (substitute* "storage/tokudb/PerconaFT/CMakeLists.txt"+                    ;; This file checks that the bundled sources are present and+                    ;; declares build procedures for them.+                    (("^include\\(TokuThirdParty\\)") ""))+                  (substitute* "storage/tokudb/PerconaFT/ft/CMakeLists.txt"+                    ;; Don't attempt to use the procedures we just removed.+                    ((" build_lzma build_snappy") ""))++                  ;; Preserve CMakeLists.txt for these.+                  (for-each (lambda (file)+                              (unless (string-suffix? "CMakeLists.txt" file)+                                (delete-file file)))+                            (append (find-files "extra/wolfssl")+                                    (find-files "zlib")))+                  #t))))))+ (define-public mariadb-connector-c   (package     (name "mariadb-connector-c")-- 2.31.0

Léo Le Bouter wrote on 19 Mar 12:35 +0100

[PATCH 0/1] gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928].

Recipients:(address . 47257@debbugs.gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:20210319113537.18290-1-lle-bout@zaclys.net

I made a patch, please review and push if you think that's OK, I will otherwisepush it myself after some time.
The patch produces some test error, not sure if deterministic, looks related tonetworking disabled in build sandboxes, log:
The servers were restarted 778 timesSpent 6689.041 of 234 seconds executing testcases
Failure: Failed 1/2711 tests, 99.96% were successful.
Failing test(s): main.system_mysql_db
The log files in var/log may give you some hint of what went wrong.
If you want to report this error, please read first the documentationat http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html
969 tests were skipped, 161 by the test itself.
mysql-test-run: *** ERROR: there were failing test casesError happened at lib/mtr_report.pm line 687. mtr_report::mtr_error("there were failing test cases") called at lib/mtr_report.pm line 556 mtr_report::mtr_report_stats("Failure", 1, ARRAY(0x19d75d0), ARRAY(0x1420d08)) called at /tmp/guix-build-mariadb-10.5.9.drv-0/mariadb-10.5.9/mysql-test/mysql-test-run.pl line 586 main::main() called at /tmp/guix-build-mariadb-10.5.9.drv-0/mariadb-10.5.9/mysql-test/mysql-test-run.pl line 387command "./mtr" "--verbose" "--retry=3" "--testcase-timeout=40" "--suite-timeout=600" "--parallel" "48" "--skip-rpl" "--skip-test-list=unstable-tests" failed with status 1builder for `/gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv' failed with exit code 1@ build-failed /gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv - 1 builder for `/gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv' failed with exit code 1derivation '/gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv' offloaded to 'www.proxmox-2.schmilblick.org' failed: build of `/gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv' failedbuild of /gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv failedView build log at '/var/log/guix/drvs/hk/1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv.bz2'.guix build: error: build of `/gnu/store/hk1awalxmnd7a7qz4v8r5h7bpxc4ig5b-mariadb-10.5.9.drv' failed
Léo Le Bouter (1): gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928].
gnu/packages/databases.scm | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
-- 2.31.0

zimoun wrote on 19 Mar 12:35 +0100

Re: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)

Recipients:

Message-ID:86r1kbl6kw.fsf@gmail.com

Hi,
On Fri, 19 Mar 2021 at 11:25, Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> wrote:

Toggle quote (6 lines)

> Is it possible to graft mariadb you think? I am thinking this issue> doesnt need updating of the "lib" output which is what's causing the> high number of dependents AIUI. I am not sure we could actually update> individual outputs right now though. Might be a good idea to split the> packages for the future.

Instead of grafting, I would fix first check the compatibility betweenmariadb  and zstd.  Because mariadb@10.5.8 does not build withzstd@1.4.9, at least on my machine.
Other said, I seem better to do this fix as a whole on core-updateswithout any graft.  Instead of grafting here and there; and notnecessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from 10.5.8to 10.5.8).
All the best,simon

Mark H Weaver wrote on 20 Mar 01:28 +0100

Re: bug#47257: [PATCH 1/1] gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928].

Recipients:(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:87blbemzww.fsf@netris.org

Hi Léo,
Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> writes:

Toggle quote (25 lines)> * gnu/packages/databases.scm (mariadb/fixed): New variable.> (mariadb)[replacement]: Graft.> --->  gnu/packages/databases.scm | 33 +++++++++++++++++++++++++++++++++>  1 file changed, 33 insertions(+)>> diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm> index 8be83f5cbe..6fdb22d7fb 100644> --- a/gnu/packages/databases.scm> +++ b/gnu/packages/databases.scm> @@ -734,6 +734,7 @@ Language.")>                              (append (find-files "extra/wolfssl")>                                      (find-files "zlib")))>                    #t))))> +    (replacement mariadb/fixed)>      (build-system cmake-build-system)>      (outputs '("out" "lib" "dev"))>      (arguments> @@ -969,6 +970,38 @@ Language.")>  as a drop-in replacement of MySQL.")>      (license license:gpl2)))>  > +(define mariadb/fixed> +  (package/inherit mariadb

Please don't use 'package/inherit' when the package you're defining is areplacement to the package you're inheriting from. It creates a packageobject with an infinite chain of grafts. I guess that the infinitechain gets truncated somewhere in the grafting machinery, but I seem torecall that this kind of thing has caused real problems in the past.
'package/inherit' is usually the right thing when defining other kindsof package variants, however.
Thanks again for all of your recent work on improving our security. Itis a great help.
Regards, Mark

Mark H Weaver wrote on 20 Mar 01:42 +0100

Recipients:(name . Léo Le Bouter)(address . lle-bout@zaclys.net)(address . 47257@debbugs.gnu.org)

Message-ID:878s6imz8r.fsf@netris.org

Mark H Weaver <mhw@netris.org> writes:

Toggle quote (3 lines)

> 'package/inherit' is usually the right thing when defining other kinds> of package variants, however.

One addendum to this guideline: if the package variant you're definingoverrides the 'source' field[*], it's probably pointless to use'package/inherit', because the fixes embodied in the original package'sreplacement would most likely be lost anyway.
[*] One exception is if the overridden 'source' field merely adds someadditional patches to the original package, while taking care topreserve any existing patches -- that last part is important, even ifthe original package doesn't including any patches at the time you look.In that case, 'package/inherit' might well be helpful.
More generally, when inheriting from another package, it's useful to askyourself what should happen if the package you're inheriting from islater grafted, and to try to arrange for that to happen automatically.
     Thanks,       Mark

Léo Le Bouter wrote on 25 Mar 11:58 +0100

[PATCH v2] gnu: mariadb: Fix CVE-2021-27928.

Recipients:(address . 47257@debbugs.gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:20210325105815.5411-1-lle-bout@zaclys.net

* gnu/packages/patches/mariadb-CVE-2021-27928.patch: New patch.* gnu/local.mk (dist_patch_DATA): Register it.* gnu/packages/databases.scm (mariadb/fixed): New variable. Apply patch.(mariadb)[replacement]: Graft.--- gnu/local.mk                                  |   1 + gnu/packages/databases.scm                    |  34 + .../patches/mariadb-CVE-2021-27928.patch      | 629 ++++++++++++++++++ 3 files changed, 664 insertions(+) create mode 100644 gnu/packages/patches/mariadb-CVE-2021-27928.patch

Toggle diff (701 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex 14d228cfa4..40956598db 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1380,6 +1380,7 @@ dist_patch_DATA =						\   %D%/packages/patches/lvm2-static-link.patch			\   %D%/packages/patches/mailutils-fix-uninitialized-variable.patch	\   %D%/packages/patches/make-impure-dirs.patch			\+  %D%/packages/patches/mariadb-CVE-2021-27928.patch		\   %D%/packages/patches/mars-install.patch			\   %D%/packages/patches/mars-sfml-2.3.patch			\   %D%/packages/patches/maxima-defsystem-mkdir.patch		\diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 83b6a13892..75edf3fd08 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -734,6 +734,7 @@ Language.")                             (append (find-files "extra/wolfssl")                                     (find-files "zlib")))                   #t))))+    (replacement mariadb/fixed)     (build-system cmake-build-system)     (outputs '("out" "lib" "dev"))     (arguments@@ -969,6 +970,39 @@ Language.") as a drop-in replacement of MySQL.")     (license license:gpl2))) +(define-public mariadb/fixed+  (package+    (inherit mariadb)+    (source (origin+              (method url-fetch)+              (uri (string-append "https://downloads.mariadb.com/MariaDB"+                                  "/mariadb-" version "/source/mariadb-"+                                  version ".tar.gz"))+              (sha256+               (base32+                "1s3vfm73911cddjhgpcbkya6nz7ag2zygg56qqzwscn5ybv28j7b"))+              (modules '((guix build utils)))+              (snippet+               '(begin+                  ;; Delete bundled snappy and xz.+                  (delete-file-recursively "storage/tokudb/PerconaFT/third_party")+                  (substitute* "storage/tokudb/PerconaFT/CMakeLists.txt"+                    ;; This file checks that the bundled sources are present and+                    ;; declares build procedures for them.+                    (("^include\\(TokuThirdParty\\)") ""))+                  (substitute* "storage/tokudb/PerconaFT/ft/CMakeLists.txt"+                    ;; Don't attempt to use the procedures we just removed.+                    ((" build_lzma build_snappy") ""))++                  ;; Preserve CMakeLists.txt for these.+                  (for-each (lambda (file)+                              (unless (string-suffix? "CMakeLists.txt" file)+                                (delete-file file)))+                            (append (find-files "extra/wolfssl")+                                    (find-files "zlib")))+                  #t))+              (patches (search-patches "mariadb-CVE-2021-27928.patch"))))))+ (define-public mariadb-connector-c   (package     (name "mariadb-connector-c")diff --git a/gnu/packages/patches/mariadb-CVE-2021-27928.patch b/gnu/packages/patches/mariadb-CVE-2021-27928.patchnew file mode 100644index 0000000000..eea18431cf--- /dev/null+++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch@@ -0,0 +1,629 @@+From ce3a2a688db556d8d077a409fd9bf5cc013d13dd Mon Sep 17 00:00:00 2001+From: Sergei Golubchik <serg@mariadb.org>+Date: Thu, 18 Feb 2021 14:20:48 +0100+Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only++this should simplify run-time cluster management+---+ mysql-test/suite/galera/disabled.def          |  2 ++ .../galera/include/galera_load_provider.inc   |  1 -+ .../galera/include/galera_unload_provider.inc |  3 +-+ .../suite/galera/r/galera_ist_rsync.result    |  2 +-+ .../galera/r/galera_sst_mysqldump.result      |  2 +-+ .../suite/galera/r/mysql-wsrep#33.result      |  2 +-+ .../suite/sys_vars/r/sysvars_wsrep.result     |  4 +-+ .../sys_vars/r/wsrep_notify_cmd_basic.result  | 47 -----------------+ .../sys_vars/r/wsrep_provider_basic.result    | 40 ---------------+ .../r/wsrep_provider_options_basic.result     | 49 ------------------+ .../sys_vars/t/wsrep_notify_cmd_basic.test    | 43 ----------------+ .../sys_vars/t/wsrep_provider_basic.test      | 39 --------------+ .../t/wsrep_provider_options_basic.test       | 51 -------------------+ mysql-test/suite/wsrep/disabled.def           |  2 ++ mysql-test/suite/wsrep/r/variables.result     | 12 ++---+ mysql-test/suite/wsrep/t/variables.test       | 34 +++----------+ sql/sys_vars.cc                               |  4 +-+ 17 files changed, 24 insertions(+), 313 deletions(-)+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test++diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def+index 7fe03a9422013..a063e17d46533 100644+--- a/mysql-test/suite/galera/disabled.def++++ b/mysql-test/suite/galera/disabled.def+@@ -30,3 +30,5 @@ partition : MDEV-19958 Galera test failure on galera.partition+ query_cache: MDEV-15805 Test failure on galera.query_cache+ sql_log_bin : MDEV-21491 galera.sql_log_bin+ versioning_trx_id: MDEV-18590: galera.versioning_trx_id: Test failure: mysqltest: Result content mismatch++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons++pxc-421: wsrep_provider is read-only for security reasons+diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc+index aeab7e6ea199f..e6ce6411193c2 100644+--- a/mysql-test/suite/galera/include/galera_load_provider.inc++++ b/mysql-test/suite/galera/include/galera_load_provider.inc+@@ -1,7 +1,6 @@+ --echo Loading wsrep provider ...+ + --disable_query_log+---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig';+ --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig';+ --enable_query_log+ +diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc+index edc7eb31e0e21..83438a947f03e 100644+--- a/mysql-test/suite/galera/include/galera_unload_provider.inc++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc+@@ -1,7 +1,6 @@+ --echo Unloading wsrep provider ...+ + --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address`+---let $wsrep_provider_orig = `SELECT @@wsrep_provider`+ --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options`+ +-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result+index 8a7c02ab1b6d9..80a28d349baed 100644+--- a/mysql-test/suite/galera/r/galera_ist_rsync.result++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result+@@ -21,7 +21,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result+index 5c530c32ce695..6bdc933a9fca7 100644+--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result+index 6a5251204b9bb..4cc49c0cf0790 100644+--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result+index e54afd2d64a24..67e1540531311 100644+--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result+@@ -349,7 +349,7 @@ NUMERIC_MIN_VALUE	NULL+ NUMERIC_MAX_VALUE	NULL+ NUMERIC_BLOCK_SIZE	NULL+ ENUM_VALUE_LIST	NULL+-READ_ONLY	NO++READ_ONLY	YES+ COMMAND_LINE_ARGUMENT	REQUIRED+ VARIABLE_NAME	WSREP_ON+ SESSION_VALUE	OFF+@@ -405,7 +405,7 @@ NUMERIC_MIN_VALUE	NULL+ NUMERIC_MAX_VALUE	NULL+ NUMERIC_BLOCK_SIZE	NULL+ ENUM_VALUE_LIST	NULL+-READ_ONLY	NO++READ_ONLY	YES+ COMMAND_LINE_ARGUMENT	REQUIRED+ VARIABLE_NAME	WSREP_PROVIDER_OPTIONS+ SESSION_VALUE	NULL+diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result+deleted file mode 100644+index 056ff8c817b0f..0000000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result++++ /dev/null+@@ -1,47 +0,0 @@+-#+-# wsrep_notify_cmd+-#+-call mtr.add_suppression("WSREP: Failed to get provider options");+-# save the initial value+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;+-# default+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-+-+-# scope+-SELECT @@session.wsrep_notify_cmd;+-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable+-SET @@global.wsrep_notify_cmd='notify_cmd';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-notify_cmd+-+-# valid values+-SET @@global.wsrep_notify_cmd='command';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-command+-SET @@global.wsrep_notify_cmd='hyphenated-command';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-hyphenated-command+-SET @@global.wsrep_notify_cmd=default;+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-+-SET @@global.wsrep_notify_cmd=NULL;+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-NULL+-+-# invalid values+-SET @@global.wsrep_notify_cmd=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd'+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-NULL+-+-# restore the initial value+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;+-# End of test+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result+deleted file mode 100644+index 3e4ac8ca88362..0000000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result++++ /dev/null+@@ -1,40 +0,0 @@+-#+-# wsrep_provider+-#+-# save the initial value+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;+-# default+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# scope+-SELECT @@session.wsrep_provider;+-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# valid values+-SET @@global.wsrep_provider=default;+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# invalid values+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so'+-SET @@global.wsrep_provider=NULL;+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL'+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-SET @@global.wsrep_provider=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider'+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# restore the initial value+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;+-# End of test+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result+deleted file mode 100644+index b2e07c55b38cf..0000000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result++++ /dev/null+@@ -1,49 +0,0 @@+-#+-# wsrep_provider_options+-#+-call mtr.add_suppression("WSREP: Failed to get provider options");+-SET @@global.wsrep_provider =  @@global.wsrep_provider;+-# save the initial value+-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options;+-# default+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-+-# scope+-SELECT @@session.wsrep_provider_options;+-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable+-SET @@global.wsrep_provider_options='option1';+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-option1+-+-# valid values+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-name1=value1;name2=value2+-SET @@global.wsrep_provider_options='hyphenated-name:value';+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-hyphenated-name:value+-SET @@global.wsrep_provider_options=default;+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-+-# invalid values+-SET @@global.wsrep_provider_options=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options'+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-SET @@global.wsrep_provider_options=NULL;+-Got one of the listed errors+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-NULL+-+-# restore the initial value+-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved;+-# End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test+deleted file mode 100644+index 6d1535ba1482d..0000000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test++++ /dev/null+@@ -1,43 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_notify_cmd+---echo #+-+-call mtr.add_suppression("WSREP: Failed to get provider options");+-+---echo # save the initial value+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;+-+---echo # default+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd='notify_cmd';+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # valid values+-SET @@global.wsrep_notify_cmd='command';+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd='hyphenated-command';+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd=default;+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd=NULL;+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # invalid values+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_notify_cmd=1;+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # restore the initial value+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;+-+---echo # End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test+deleted file mode 100644+index 1190ab41bb053..0000000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test++++ /dev/null+@@ -1,39 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_provider+---echo #+-+---echo # save the initial value+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;+-+---echo # default+-SELECT @@global.wsrep_provider;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_provider;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # valid values+-SET @@global.wsrep_provider=default;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # invalid values+---error ER_WRONG_VALUE_FOR_VAR+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';+---error ER_WRONG_VALUE_FOR_VAR+-SET @@global.wsrep_provider=NULL;+-SELECT @@global.wsrep_provider;+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_provider=1;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # restore the initial value+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;+-+---echo # End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test+deleted file mode 100644+index d2ea32a063786..0000000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test++++ /dev/null+@@ -1,51 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_provider_options+---echo #+-+-call mtr.add_suppression("WSREP: Failed to get provider options");+-+-SET @@global.wsrep_provider =  @@global.wsrep_provider;+-+---echo # save the initial value+-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options;+-+---echo # default+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_provider_options;+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='option1';+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # valid values+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';+-SELECT @@global.wsrep_provider_options;+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='hyphenated-name:value';+-SELECT @@global.wsrep_provider_options;+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options=default;+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # invalid values+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_provider_options=1;+-SELECT @@global.wsrep_provider_options;+---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options=NULL;+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # restore the initial value+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved;+-+---echo # End of test+diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def+index 11577bfe8b007..3d204db694580 100644+--- a/mysql-test/suite/wsrep/disabled.def++++ b/mysql-test/suite/wsrep/disabled.def+@@ -10,3 +10,5 @@+ #+ ##############################################################################+ ++++mdev_6832: wsrep_provider is read-only for security reasons+diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result+index 9ef1b3290afd6..8bb0b426380a1 100644+--- a/mysql-test/suite/wsrep/r/variables.result++++ b/mysql-test/suite/wsrep/r/variables.result+@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON;+ ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL+ SET GLOBAL wsrep_replicate_myisam= ON;+ SET GLOBAL wsrep_replicate_myisam= OFF;+-SET GLOBAL wsrep_provider=none;+ #+ # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of+ # variables when using "_"+@@ -26,7 +25,6 @@ wsrep_local_state_comment	#+ # Should show nothing.+ SHOW STATUS LIKE 'x';+ Variable_name	Value+-SET GLOBAL wsrep_provider=none;+ + SHOW STATUS LIKE 'wsrep_local_state_uuid';+ Variable_name	Value+@@ -35,7 +33,6 @@ wsrep_local_state_uuid	#+ SHOW STATUS LIKE 'wsrep_last_committed';+ Variable_name	Value+ wsrep_last_committed	#+-SET GLOBAL wsrep_provider=none;+ + #+ # MDEV#6206: wsrep_slave_threads subtracts from max_connections+@@ -49,7 +46,7 @@ SELECT @@global.wsrep_slave_threads;+ 1+ SELECT @@global.wsrep_cluster_address;+ @@global.wsrep_cluster_address+-++gcomm://+ SELECT @@global.wsrep_on;+ @@global.wsrep_on+ 1+@@ -58,14 +55,14 @@ Variable_name	Value+ Threads_connected	1+ SHOW STATUS LIKE 'wsrep_thread_count';+ Variable_name	Value+-wsrep_thread_count	0++wsrep_thread_count	2+ + SELECT @@global.wsrep_provider;+ @@global.wsrep_provider+ libgalera_smm.so+ SELECT @@global.wsrep_cluster_address;+ @@global.wsrep_cluster_address+-++gcomm://+ SELECT @@global.wsrep_on;+ @@global.wsrep_on+ 1+@@ -74,11 +71,10 @@ Variable_name	Value+ Threads_connected	1+ SHOW STATUS LIKE 'wsrep_thread_count';+ Variable_name	Value+-wsrep_thread_count	0++wsrep_thread_count	2+ + # Setting wsrep_cluster_address triggers the creation of+ # applier/rollbacker threads.+-SET GLOBAL wsrep_cluster_address= 'gcomm://';+ # Wait for applier thread to get created 1.+ # Wait for applier thread to get created 2.+ SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';+diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test+index 5ab0eb68505a7..1a3bd62b16489 100644+--- a/mysql-test/suite/wsrep/t/variables.test++++ b/mysql-test/suite/wsrep/t/variables.test+@@ -22,7 +22,7 @@ SET GLOBAL wsrep_replicate_myisam= ON;+ + # Reset it back.+ SET GLOBAL wsrep_replicate_myisam= OFF;+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ + --echo #+ --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of+@@ -31,13 +31,9 @@ SET GLOBAL wsrep_provider=none;+ + CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*");+ +---disable_result_log+---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ --let $galera_version=25.3.24+ source include/check_galera_version.inc;+---enable_result_log+---enable_query_log+ + --replace_column 2 #+ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';+@@ -46,11 +42,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';+ SHOW STATUS LIKE 'x';+ + # Reset it back.+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + # The following 2 variables are used by mariabackup+ # SST.+@@ -62,7 +56,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid';+ SHOW STATUS LIKE 'wsrep_last_committed';+ + # Reset it back.+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ + --echo+ --echo #+@@ -70,9 +64,7 @@ SET GLOBAL wsrep_provider=none;+ --echo #+ call mtr.add_suppression("WSREP: Failed to get provider options");+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/+ SELECT @@global.wsrep_provider;+@@ -83,9 +75,7 @@ SHOW STATUS LIKE 'threads_connected';+ SHOW STATUS LIKE 'wsrep_thread_count';+ --echo+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/+ SELECT @@global.wsrep_provider;+@@ -97,7 +87,7 @@ SHOW STATUS LIKE 'wsrep_thread_count';+ + --echo # Setting wsrep_cluster_address triggers the creation of+ --echo # applier/rollbacker threads.+-SET GLOBAL wsrep_cluster_address= 'gcomm://';++#SET GLOBAL wsrep_cluster_address= 'gcomm://';+ + --echo # Wait for applier thread to get created 1.+ --let $wait_timeout=600+@@ -159,14 +149,6 @@ SET @@global.wsrep_sst_auth= NULL;+ SELECT @@global.wsrep_sst_auth;+ SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved;+ +-# Reset (for mtr internal checks)+---disable_query_log+-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved;+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved;+-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved;+---enable_query_log+-+ --source include/galera_wait_ready.inc+ + --echo # End of test.+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc+index baf27a7d0af92..e4de3d8d0aa1a 100644+--- a/sql/sys_vars.cc++++ b/sql/sys_vars.cc+@@ -4958,7 +4958,7 @@ static Sys_var_tz Sys_time_zone(+ + static Sys_var_charptr Sys_wsrep_provider(+        "wsrep_provider", "Path to replication provider library",+-       PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),++       PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),+        IN_FS_CHARSET, DEFAULT(WSREP_NONE),+        NO_MUTEX_GUARD, NOT_IN_BINLOG,+        ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update));+@@ -5171,7 +5171,7 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows (+ + static Sys_var_charptr Sys_wsrep_notify_cmd(+        "wsrep_notify_cmd", "",+-       GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG),++       READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG),+        IN_SYSTEM_CHARSET, DEFAULT(""));+ + static Sys_var_mybool Sys_wsrep_certify_nonPK(-- 2.31.0

Julien Lepiller wrote on 25 Mar 12:06 +0100

Recipients:

Message-ID:A7D522FD-4FCE-42D3-91BB-3F1C0DC1BD66@lepiller.eu

I think you can simplify the patch a bit by inheriting the source too:
(source (origin (inherit (package-source mariadb)) (patches …)))
Otherwise, untested but looks good.

Attachment: file

Léo Le Bouter wrote on 25 Mar 12:28 +0100

Re: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)

Recipients:

Message-ID:b9a61cca0f95239cb0b38fc4ef0988bd11b7777e.camel@zaclys.net

On Fri, 2021-03-19 at 12:35 +0100, zimoun wrote:

Toggle quote (5 lines)

> Instead of grafting, I would fix first check the compatibility> between> mariadb and zstd. Because mariadb@10.5.8 does not build with> zstd@1.4.9, at least on my machine.

Can you post build logs and repro scenario? mariadb@10.5.8 built finefor me on core-updates which has zstd@1.4.9.

Toggle quote (6 lines)

> Other said, I seem better to do this fix as a whole on core-updates> without any graft. Instead of grafting here and there; and not> necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from> 10.5.8> to 10.5.8).

We can't patch security issues through core-updates, especially thisRCE.

Toggle quote (2 lines)

> All the best,> simon

Léo Le Bouter wrote on 25 Mar 13:39 +0100

[PATCH v3] gnu: mariadb: Fix CVE-2021-27928.

Recipients:(address . 47257@debbugs.gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)

Message-ID:20210325123921.9800-1-lle-bout@zaclys.net

* gnu/packages/patches/mariadb-CVE-2021-27928.patch: New patch.* gnu/local.mk (dist_patch_DATA): Register it.* gnu/packages/databases.scm (mariadb/fixed): New variable. Apply patch.(mariadb)[replacement]: Graft.--- gnu/local.mk                                  |   1 + gnu/packages/databases.scm                    |   8 + .../patches/mariadb-CVE-2021-27928.patch      | 642 ++++++++++++++++++ 3 files changed, 651 insertions(+) create mode 100644 gnu/packages/patches/mariadb-CVE-2021-27928.patch

Toggle diff (688 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex 14d228cfa4..40956598db 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1380,6 +1380,7 @@ dist_patch_DATA =						\   %D%/packages/patches/lvm2-static-link.patch			\   %D%/packages/patches/mailutils-fix-uninitialized-variable.patch	\   %D%/packages/patches/make-impure-dirs.patch			\+  %D%/packages/patches/mariadb-CVE-2021-27928.patch		\   %D%/packages/patches/mars-install.patch			\   %D%/packages/patches/mars-sfml-2.3.patch			\   %D%/packages/patches/maxima-defsystem-mkdir.patch		\diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 83b6a13892..20069f9383 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -734,6 +734,7 @@ Language.")                             (append (find-files "extra/wolfssl")                                     (find-files "zlib")))                   #t))))+    (replacement mariadb/fixed)     (build-system cmake-build-system)     (outputs '("out" "lib" "dev"))     (arguments@@ -969,6 +970,13 @@ Language.") as a drop-in replacement of MySQL.")     (license license:gpl2))) +(define mariadb/fixed+  (package+    (inherit mariadb)+    (source (origin+              (inherit (package-source mariadb))+              (patches (search-patches "mariadb-CVE-2021-27928.patch"))))))+ (define-public mariadb-connector-c   (package     (name "mariadb-connector-c")diff --git a/gnu/packages/patches/mariadb-CVE-2021-27928.patch b/gnu/packages/patches/mariadb-CVE-2021-27928.patchnew file mode 100644index 0000000000..39a023c159--- /dev/null+++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch@@ -0,0 +1,642 @@+From 7580701e6279900fec40822952a3b874732289cf Mon Sep 17 00:00:00 2001+From: Sergei Golubchik <serg@mariadb.org>+Date: Thu, 18 Feb 2021 14:20:48 +0100+Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only++this should simplify run-time cluster management+---+ mysql-test/suite/galera/disabled.def          |  2 ++ .../galera/include/galera_load_provider.inc   | 19 --------+ .../galera/include/galera_unload_provider.inc |  3 +-+ .../suite/galera/r/galera_ist_rsync.result    |  2 +-+ .../galera/r/galera_sst_mysqldump.result      |  2 +-+ .../suite/galera/r/mysql-wsrep#33.result      |  2 +-+ .../suite/sys_vars/r/sysvars_wsrep.result     |  4 +-+ .../sys_vars/r/wsrep_notify_cmd_basic.result  | 47 -------------------+ .../sys_vars/r/wsrep_provider_basic.result    | 40 ----------------+ .../r/wsrep_provider_options_basic.result     | 46 ------------------+ .../sys_vars/t/wsrep_notify_cmd_basic.test    | 43 -----------------+ .../sys_vars/t/wsrep_provider_basic.test      | 39 ---------------+ .../t/wsrep_provider_options_basic.test       | 41 ----------------+ mysql-test/suite/wsrep/disabled.def           |  2 ++ mysql-test/suite/wsrep/r/variables.result     | 12 ++---+ mysql-test/suite/wsrep/t/variables.test       | 32 +++----------+ sql/sys_vars.cc                               |  8 ++--+ 17 files changed, 25 insertions(+), 319 deletions(-)+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test++diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def+index d940c702d54..83f26e81636 100644+--- a/mysql-test/suite/galera/disabled.def++++ b/mysql-test/suite/galera/disabled.def+@@ -49,3 +49,5 @@ partition : MDEV-19958 Galera test failure on galera.partition+ query_cache: MDEV-15805 Test failure on galera.query_cache+ sql_log_bin : MDEV-21491 galera.sql_log_bin+ versioning_trx_id : MDEV-18590 galera.versioning_trx_id++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons++pxc-421: wsrep_provider is read-only for security reasons+diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc+index 0f843597d9c..28010cc5b71 100644+--- a/mysql-test/suite/galera/include/galera_load_provider.inc++++ b/mysql-test/suite/galera/include/galera_load_provider.inc+@@ -1,25 +1,6 @@+ --echo Loading wsrep provider ...+ + --disable_query_log+---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig';+-+-#+-# count occurences of successful node starts in error log+-#+-perl;+-  use strict;+-   my $test_log=$ENV{'LOG_FILE'} or die "LOG_FILE not set";+-   my $test_log_copy=$test_log . '.copy';+-   if (-e $test_log_copy) {+-      unlink $test_log_copy;+-   }+-+-EOF+---copy_file $LOG_FILE $LOG_FILE.copy+-+-#+-#  now join to the cluster+-#+ --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig';+ + --enable_query_log+diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc+index cd841f51fbc..ed7e9bc41f0 100644+--- a/mysql-test/suite/galera/include/galera_unload_provider.inc++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc+@@ -1,7 +1,6 @@+ --echo Unloading wsrep provider ...+ + --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address`+---let $wsrep_provider_orig = `SELECT @@wsrep_provider`+ --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options`+ --let $wsrep_error_log_orig = `SELECT @@log_error`+ if(!$wsrep_log_error_orig)+@@ -12,4 +11,4 @@ if(!$wsrep_log_error_orig)+ }+ --let LOG_FILE= $wsrep_log_error_orig+ +-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result+index 13f7d898a59..70a87c73df7 100644+--- a/mysql-test/suite/galera/r/galera_ist_rsync.result++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result+@@ -23,7 +23,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result+index 4ed679ba477..145b3a94775 100644+--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result+index fb0b593cc96..45c6a3f660a 100644+--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result+@@ -32,7 +32,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');+ INSERT INTO t1 VALUES ('node2_committed_before');+ COMMIT;+ Unloading wsrep provider ...+-SET GLOBAL wsrep_provider = 'none';++SET GLOBAL wsrep_cluster_address = '';+ connection node_1;+ SET AUTOCOMMIT=OFF;+ START TRANSACTION;+diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result+index 4b6abf85434..f73bfbd13e7 100644+--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result+@@ -403,7 +403,7 @@ NUMERIC_MIN_VALUE	NULL+ NUMERIC_MAX_VALUE	NULL+ NUMERIC_BLOCK_SIZE	NULL+ ENUM_VALUE_LIST	NULL+-READ_ONLY	NO++READ_ONLY	YES+ COMMAND_LINE_ARGUMENT	REQUIRED+ GLOBAL_VALUE_PATH	NULL+ VARIABLE_NAME	WSREP_ON+@@ -463,7 +463,7 @@ NUMERIC_MIN_VALUE	NULL+ NUMERIC_MAX_VALUE	NULL+ NUMERIC_BLOCK_SIZE	NULL+ ENUM_VALUE_LIST	NULL+-READ_ONLY	NO++READ_ONLY	YES+ COMMAND_LINE_ARGUMENT	REQUIRED+ GLOBAL_VALUE_PATH	NULL+ VARIABLE_NAME	WSREP_PROVIDER_OPTIONS+diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result+deleted file mode 100644+index 056ff8c817b..00000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result++++ /dev/null+@@ -1,47 +0,0 @@+-#+-# wsrep_notify_cmd+-#+-call mtr.add_suppression("WSREP: Failed to get provider options");+-# save the initial value+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;+-# default+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-+-+-# scope+-SELECT @@session.wsrep_notify_cmd;+-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable+-SET @@global.wsrep_notify_cmd='notify_cmd';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-notify_cmd+-+-# valid values+-SET @@global.wsrep_notify_cmd='command';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-command+-SET @@global.wsrep_notify_cmd='hyphenated-command';+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-hyphenated-command+-SET @@global.wsrep_notify_cmd=default;+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-+-SET @@global.wsrep_notify_cmd=NULL;+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-NULL+-+-# invalid values+-SET @@global.wsrep_notify_cmd=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd'+-SELECT @@global.wsrep_notify_cmd;+-@@global.wsrep_notify_cmd+-NULL+-+-# restore the initial value+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;+-# End of test+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result+deleted file mode 100644+index 3e4ac8ca883..00000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result++++ /dev/null+@@ -1,40 +0,0 @@+-#+-# wsrep_provider+-#+-# save the initial value+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;+-# default+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# scope+-SELECT @@session.wsrep_provider;+-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# valid values+-SET @@global.wsrep_provider=default;+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# invalid values+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so'+-SET @@global.wsrep_provider=NULL;+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL'+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-SET @@global.wsrep_provider=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider'+-SELECT @@global.wsrep_provider;+-@@global.wsrep_provider+-none+-+-# restore the initial value+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;+-# End of test+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result+deleted file mode 100644+index 15949a14e39..00000000000+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result++++ /dev/null+@@ -1,46 +0,0 @@+-#+-# wsrep_provider_options+-#+-call mtr.add_suppression("WSREP: Failed to get provider options");+-# default+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-+-# scope+-SELECT @@session.wsrep_provider_options;+-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable+-SET @@global.wsrep_provider_options='option1';+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-+-# valid values+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';+-ERROR HY000: WSREP (galera) not started+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-SET @@global.wsrep_provider_options='hyphenated-name:value';+-ERROR HY000: WSREP (galera) not started+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-SET @@global.wsrep_provider_options=default;+-ERROR HY000: WSREP (galera) not started+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-+-# invalid values+-SET @@global.wsrep_provider_options=1;+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options'+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-SET @@global.wsrep_provider_options=NULL;+-Got one of the listed errors+-SELECT @@global.wsrep_provider_options;+-@@global.wsrep_provider_options+-+-# End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test+deleted file mode 100644+index 6d1535ba148..00000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test++++ /dev/null+@@ -1,43 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_notify_cmd+---echo #+-+-call mtr.add_suppression("WSREP: Failed to get provider options");+-+---echo # save the initial value+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;+-+---echo # default+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd='notify_cmd';+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # valid values+-SET @@global.wsrep_notify_cmd='command';+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd='hyphenated-command';+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd=default;+-SELECT @@global.wsrep_notify_cmd;+-SET @@global.wsrep_notify_cmd=NULL;+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # invalid values+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_notify_cmd=1;+-SELECT @@global.wsrep_notify_cmd;+-+---echo+---echo # restore the initial value+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;+-+---echo # End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test+deleted file mode 100644+index 1190ab41bb0..00000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test++++ /dev/null+@@ -1,39 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_provider+---echo #+-+---echo # save the initial value+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;+-+---echo # default+-SELECT @@global.wsrep_provider;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_provider;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # valid values+-SET @@global.wsrep_provider=default;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # invalid values+---error ER_WRONG_VALUE_FOR_VAR+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';+---error ER_WRONG_VALUE_FOR_VAR+-SET @@global.wsrep_provider=NULL;+-SELECT @@global.wsrep_provider;+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_provider=1;+-SELECT @@global.wsrep_provider;+-+---echo+---echo # restore the initial value+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;+-+---echo # End of test+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test+deleted file mode 100644+index 6eb3a94b6a4..00000000000+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test++++ /dev/null+@@ -1,41 +0,0 @@+---source include/have_wsrep.inc+-+---echo #+---echo # wsrep_provider_options+---echo #+-+-call mtr.add_suppression("WSREP: Failed to get provider options");+-+---echo # default+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # scope+---error ER_INCORRECT_GLOBAL_LOCAL_VAR+-SELECT @@session.wsrep_provider_options;+---error 0,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='option1';+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # valid values+---error ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';+-SELECT @@global.wsrep_provider_options;+---error ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options='hyphenated-name:value';+-SELECT @@global.wsrep_provider_options;+---error ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options=default;+-SELECT @@global.wsrep_provider_options;+-+---echo+---echo # invalid values+---error ER_WRONG_TYPE_FOR_VAR+-SET @@global.wsrep_provider_options=1;+-SELECT @@global.wsrep_provider_options;+---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS+-SET @@global.wsrep_provider_options=NULL;+-SELECT @@global.wsrep_provider_options;+-+---echo # End of test+diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def+index 11577bfe8b0..3d204db6945 100644+--- a/mysql-test/suite/wsrep/disabled.def++++ b/mysql-test/suite/wsrep/disabled.def+@@ -10,3 +10,5 @@+ #+ ##############################################################################+ ++++mdev_6832: wsrep_provider is read-only for security reasons+diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result+index a9988fd1628..e57440125ee 100644+--- a/mysql-test/suite/wsrep/r/variables.result++++ b/mysql-test/suite/wsrep/r/variables.result+@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON;+ ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL+ SET GLOBAL wsrep_replicate_myisam= ON;+ SET GLOBAL wsrep_replicate_myisam= OFF;+-SET GLOBAL wsrep_provider=none;+ #+ # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of+ # variables when using "_"+@@ -151,7 +150,6 @@ wsrep_local_state_comment	#+ # Should show nothing.+ SHOW STATUS LIKE 'x';+ Variable_name	Value+-SET GLOBAL wsrep_provider=none;+ + SHOW STATUS LIKE 'wsrep_local_state_uuid';+ Variable_name	Value+@@ -160,7 +158,6 @@ wsrep_local_state_uuid	#+ SHOW STATUS LIKE 'wsrep_last_committed';+ Variable_name	Value+ wsrep_last_committed	#+-SET GLOBAL wsrep_provider=none;+ + #+ # MDEV#6206: wsrep_slave_threads subtracts from max_connections+@@ -174,7 +171,7 @@ SELECT @@global.wsrep_slave_threads;+ 1+ SELECT @@global.wsrep_cluster_address;+ @@global.wsrep_cluster_address+-++gcomm://+ SELECT @@global.wsrep_on;+ @@global.wsrep_on+ 1+@@ -183,14 +180,14 @@ Variable_name	Value+ Threads_connected	1+ SHOW STATUS LIKE 'wsrep_thread_count';+ Variable_name	Value+-wsrep_thread_count	0++wsrep_thread_count	2+ + SELECT @@global.wsrep_provider;+ @@global.wsrep_provider+ libgalera_smm.so+ SELECT @@global.wsrep_cluster_address;+ @@global.wsrep_cluster_address+-++gcomm://+ SELECT @@global.wsrep_on;+ @@global.wsrep_on+ 1+@@ -199,11 +196,10 @@ Variable_name	Value+ Threads_connected	1+ SHOW STATUS LIKE 'wsrep_thread_count';+ Variable_name	Value+-wsrep_thread_count	0++wsrep_thread_count	2+ + # Setting wsrep_cluster_address triggers the creation of+ # applier/rollbacker threads.+-SET GLOBAL wsrep_cluster_address= 'gcomm://';+ # Wait for applier thread to get created 1.+ # Wait for applier thread to get created 2.+ SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';+diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test+index f2c3a0a3b78..fd352b61a3a 100644+--- a/mysql-test/suite/wsrep/t/variables.test++++ b/mysql-test/suite/wsrep/t/variables.test+@@ -23,7 +23,7 @@ SET GLOBAL wsrep_replicate_myisam= ON;+ + # Reset it back.+ SET GLOBAL wsrep_replicate_myisam= OFF;+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ + --echo #+ --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of+@@ -32,9 +32,6 @@ SET GLOBAL wsrep_provider=none;+ + CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*");+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log+ + --replace_column 2 #+ SHOW GLOBAL STATUS LIKE 'wsrep%';+@@ -50,11 +47,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';+ SHOW STATUS LIKE 'x';+ + # Reset it back.+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + # The following 2 variables are used by mariabackup+ # SST.+@@ -66,7 +61,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid';+ SHOW STATUS LIKE 'wsrep_last_committed';+ + # Reset it back.+-SET GLOBAL wsrep_provider=none;++#SET GLOBAL wsrep_provider=none;+ + --echo+ --echo #+@@ -74,9 +69,7 @@ SET GLOBAL wsrep_provider=none;+ --echo #+ call mtr.add_suppression("WSREP: Failed to get provider options");+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/+ SELECT @@global.wsrep_provider;+@@ -87,9 +80,7 @@ SHOW STATUS LIKE 'threads_connected';+ SHOW STATUS LIKE 'wsrep_thread_count';+ --echo+ +---disable_query_log+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+---enable_query_log++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+ + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/+ SELECT @@global.wsrep_provider;+@@ -101,7 +92,7 @@ SHOW STATUS LIKE 'wsrep_thread_count';+ + --echo # Setting wsrep_cluster_address triggers the creation of+ --echo # applier/rollbacker threads.+-SET GLOBAL wsrep_cluster_address= 'gcomm://';++#SET GLOBAL wsrep_cluster_address= 'gcomm://';+ + --echo # Wait for applier thread to get created 1.+ --let $wait_condition = SELECT VARIABLE_VALUE = 1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';+@@ -162,15 +153,6 @@ SET @@global.wsrep_sst_auth= NULL;+ SELECT @@global.wsrep_sst_auth;+ SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved;+ +-# Reset (for mtr internal checks)+-+---disable_query_log+-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved;+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';+-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved;+-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved;+---enable_query_log+-+ --source include/galera_wait_ready.inc+ + --echo # End of test.+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc+index 64040243df0..8c67a4d432a 100644+--- a/sql/sys_vars.cc++++ b/sql/sys_vars.cc+@@ -5669,8 +5669,8 @@ static Sys_var_tz Sys_time_zone(+ + static Sys_var_charptr_fscs Sys_wsrep_provider(+        "wsrep_provider", "Path to replication provider library",+-       PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),+-       DEFAULT(WSREP_NONE),++       PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),++       DEFAULT(WSREP_NONE),+        NO_MUTEX_GUARD, NOT_IN_BINLOG,+        ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update));+ +@@ -5886,8 +5886,8 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows (+ + static Sys_var_charptr Sys_wsrep_notify_cmd(+        "wsrep_notify_cmd", "",+-       GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG),+-       DEFAULT(""));++       READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG),++       DEFAULT(""));+ + static Sys_var_mybool Sys_wsrep_certify_nonPK(+        "wsrep_certify_nonPK", "Certify tables with no primary key",+-- +2.31.0+-- 2.31.0

Léo Le Bouter wrote on 25 Mar 13:48 +0100

Recipients:(address . 47257@debbugs.gnu.org)

Message-ID:ebca408b79b4b828de3aca8f55a63977c6d44a42.camel@zaclys.net

v3 tested and builds fine:
$ ./pre-inst-env guix build mariadb/gnu/store/f70jymwyfcnsghy4jg8caibci59p8rgq-mariadb-10.5.8-dev/gnu/store/cj3qym1x1jjh02m2g23cqpbhchrbmn6c-mariadb-10.5.8-lib/gnu/store/mpb5bdf1vkwazqfmmwcvskdm50g191bg-mariadb-10.5.8
Since we don't have PoC, I can't verify the rebased patch actuallyfixes the security issue but it should. That's what we get whenmanually rebasing stuff to earlier versions. Test suite passes but notsure it actually tests this security issue being fixed.
Please review, then I will push, it's been 7 days so, let's get thisin.

Mark H Weaver wrote on 26 Mar 02:16 +0100

Re: bug#47257: [PATCH v3] gnu: mariadb: Fix CVE-2021-27928.

Recipients:

Message-ID:87blb6r9w9.fsf@netris.org

Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> writes:

Toggle quote (15 lines)> v3 tested and builds fine:>> $ ./pre-inst-env guix build mariadb> /gnu/store/f70jymwyfcnsghy4jg8caibci59p8rgq-mariadb-10.5.8-dev> /gnu/store/cj3qym1x1jjh02m2g23cqpbhchrbmn6c-mariadb-10.5.8-lib> /gnu/store/mpb5bdf1vkwazqfmmwcvskdm50g191bg-mariadb-10.5.8>> Since we don't have PoC, I can't verify the rebased patch actually> fixes the security issue but it should. That's what we get when> manually rebasing stuff to earlier versions. Test suite passes but not> sure it actually tests this security issue being fixed.>> Please review, then I will push, it's been 7 days so, let's get this> in.

Looks good to me. Please push. Thank you!
Mark

Léo Le Bouter wrote on 26 Mar 02:23 +0100

Recipients:

Message-ID:9e630e7cec836881b4842129a396f23fdab2f5e0.camel@zaclys.net

On Thu, 2021-03-25 at 21:16 -0400, Mark H Weaver wrote:

Toggle quote (5 lines)

> > Looks good to me. Please push. Thank you!> > Mark

Thank you for the review, pushed as52c8d07a4f7033534a71ac7efeec21a65d35c125.

Closed

zimoun wrote on 29 Mar 23:34 +0200

Re: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)

Recipients:(name . Léo Le Bouter)(address . lle-bout@zaclys.net)(address . 47257@debbugs.gnu.org)

Message-ID:CAJ3okZ1jNE7_uSifHdoKHM5XgPwFe4OjnyhmbhJiwiLPq8C=zQ@mail.gmail.com

On Thu, 25 Mar 2021 at 12:28, Léo Le Bouter <lle-bout@zaclys.net> wrote:

Toggle quote (9 lines)

> On Fri, 2021-03-19 at 12:35 +0100, zimoun wrote:> > Instead of grafting, I would fix first check the compatibility> > between> > mariadb and zstd. Because mariadb@10.5.8 does not build with> > zstd@1.4.9, at least on my machine.>> Can you post build logs and repro scenario? mariadb@10.5.8 built fine> for me on core-updates which has zstd@1.4.9.

On core-updates, I get this:

Toggle snippet (52 lines)

$ git log --oneline -1 && ./pre-inst-env guix build mariadbb20b45c6ce (HEAD -> core-updates, origin/core-updates) gnu: gd: Patchaway recent pkg-config files change that breaks php build.
[...]
Only 2061 of 5666 completed.--------------------------------------------------------------------------The servers were restarted 258 timesSpent 10782.523 of 607 seconds executing testcases
Failure: Failed 1/427 tests, 99.77% were successful.
Failing test(s): innodb.check_ibd_filesize
The log files in var/log may give you some hint of what went wrong.
If you want to report this error, please read first the documentationat http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html
798 tests were skipped, 39 by the test itself.
mysql-test-run: *** ERROR: there were failing test casesError happened at lib/mtr_report.pm line 683. mtr_report::mtr_error("there were failing test cases") called atlib/mtr_report.pm line 552 mtr_report::mtr_report_stats("Failure", 1, ARRAY(0x1ae0180),ARRAY(0xd3cb68)) called at/tmp/guix-build-mariadb-10.5.8.drv-0/mariadb-10.5.8/mysql-test/mysql-test-run.plline 586 main::main() called at/tmp/guix-build-mariadb-10.5.8.drv-0/mariadb-10.5.8/mysql-test/mysql-test-run.plline 387error: in phase 'check': uncaught exception:%exception #<&invoke-error program: "./mtr" arguments: ("--verbose""--retry=3" "--testcase-timeout=40" "--suite-timeout=600" "--parallel""64" "--skip-rpl" "--skip-test-list=unstable-tests") exit-status: 1term-signal: #f stop-signal: #f>phase `check' failed after 606.9 secondscommand "./mtr" "--verbose" "--retry=3" "--testcase-timeout=40""--suite-timeout=600" "--parallel" "64" "--skip-rpl""--skip-test-list=unstable-tests" failed with status 1builder for `/gnu/store/339560bw1rf3n7s4mbxx5q1ynwn5n52p-mariadb-10.5.8.drv'failed with exit code 1build of /gnu/store/339560bw1rf3n7s4mbxx5q1ynwn5n52p-mariadb-10.5.8.drv failedView build log at'/var/log/guix/drvs/33/9560bw1rf3n7s4mbxx5q1ynwn5n52p-mariadb-10.5.8.drv.bz2'.guix build: error: build of`/gnu/store/339560bw1rf3n7s4mbxx5q1ynwn5n52p-mariadb-10.5.8.drv'failed

Maybe, I am not doing something wrong. Then on master, it "works"except after the ungraft. Well, it seems coherent with what I getfrom core-updates. So if I am doing wrong, I do not know where.

Toggle snippet (107 lines)$ git log --oneline -1 && make -s 2>/dev/null && \> ./pre-inst-env guix build zstd -q           && \> ./pre-inst-env guix build mariadb -qa801c7379a (HEAD) gnu: Remove QT 4. cd . && /bin/bash /home/sitour/src/guix/wk/fix-zstd/build-aux/missingautomake-1.16 --gnu Makefile cd . && /bin/bash ./config.status Makefile depfilesconfig.status: creating Makefileconfig.status: executing depfiles commandsMaking all in po/guixMaking all in po/packages  GEN      scripts/guixCompiling Scheme modules...[  6%] LOAD     gnu/packages/compression.scm[ 12%] LOAD     gnu/packages/databases.scm[ 19%] LOAD     gnu/packages/engineering.scm[ 25%] LOAD     gnu/packages/messaging.scm[ 31%] LOAD     gnu/packages/password-utils.scm[ 38%] LOAD     gnu/packages/pdf.scm[ 44%] LOAD     gnu/packages/qt.scm[ 50%] LOAD     gnu/packages/sqlite.scm[ 56%] GUILEC   gnu/packages/compression.go[ 62%] GUILEC   gnu/packages/databases.go[ 69%] GUILEC   gnu/packages/engineering.go[ 75%] GUILEC   gnu/packages/messaging.go[ 81%] GUILEC   gnu/packages/password-utils.go[ 88%] GUILEC   gnu/packages/pdf.go[ 94%] GUILEC   gnu/packages/qt.go[100%] GUILEC   gnu/packages/sqlite.go/gnu/store/25sdln6zpjm2hcnmb55wi794k359mgkm-zstd-1.4.9-lib/gnu/store/n64pny0wdqrk2mw4crs9bznwzg5cm5bc-zstd-1.4.9/gnu/store/pjd5wx2dvrbxr3saf0a9a8va4v43b7zk-zstd-1.4.9-static/gnu/store/231bip1j7j3prx4q6mr44f3hdn8sl9nh-mariadb-10.5.8-dev/gnu/store/43sbv46pn6a31722savgbqcrryyn513h-mariadb-10.5.8-lib/gnu/store/68az8ch2l6x0ldjnjhqsmpn19ns9srjp-mariadb-10.5.8
$ git log --oneline -1 && make -s 2>/dev/null && \> ./pre-inst-env guix build zstd -q           && \> ./pre-inst-env guix build mariadb -q52c8d07a4f (HEAD) gnu: mariadb: Fix CVE-2021-27928. cd . && /bin/bash /home/sitour/src/guix/wk/fix-zstd/build-aux/missingautomake-1.16 --gnu Makefile cd . && /bin/bash ./config.status Makefile depfilesconfig.status: creating Makefileconfig.status: executing depfiles commandsMaking all in po/guixMaking all in po/packages  GEN      scripts/guixCompiling Scheme modules...[ 50%] LOAD     gnu/packages/databases.scm[100%] GUILEC   gnu/packages/databases.go/gnu/store/25sdln6zpjm2hcnmb55wi794k359mgkm-zstd-1.4.9-lib/gnu/store/n64pny0wdqrk2mw4crs9bznwzg5cm5bc-zstd-1.4.9/gnu/store/pjd5wx2dvrbxr3saf0a9a8va4v43b7zk-zstd-1.4.9-static/gnu/store/avgmb7dr3r7555zxnspzzjzxcy5vhhz4-mariadb-10.5.8-dev/gnu/store/jj2gmail5rfnlpmh2rj0vqxil0wihbj7-mariadb-10.5.8-lib/gnu/store/bjgz8jnfsbb4qvaa9csfy8i3x1i3ivp7-mariadb-10.5.8
$ git log --oneline -1 && make -s 2>/dev/null && \> ./pre-inst-env guix build zstd -q           && \> ./pre-inst-env guix build mariadb -q6e7ba45357 (HEAD) gnu: sqlite: Update to 3.32.3 [security fixes].Making all in po/guixMaking all in po/packagesCompiling Scheme modules...[ 50%] LOAD     gnu/packages/sqlite.scm[100%] GUILEC   gnu/packages/sqlite.go/gnu/store/25sdln6zpjm2hcnmb55wi794k359mgkm-zstd-1.4.9-lib/gnu/store/n64pny0wdqrk2mw4crs9bznwzg5cm5bc-zstd-1.4.9/gnu/store/pjd5wx2dvrbxr3saf0a9a8va4v43b7zk-zstd-1.4.9-static/gnu/store/avgmb7dr3r7555zxnspzzjzxcy5vhhz4-mariadb-10.5.8-dev/gnu/store/jj2gmail5rfnlpmh2rj0vqxil0wihbj7-mariadb-10.5.8-lib/gnu/store/bjgz8jnfsbb4qvaa9csfy8i3x1i3ivp7-mariadb-10.5.8
$ git log --oneline -1 && make -s 2>/dev/null && \> ./pre-inst-env guix build zstd -q           && \> ./pre-inst-env guix build mariadb -q692f1e5217 (HEAD) DRAFT: gnu: zstd: Fix test suite.Making all in po/guixMaking all in po/packagesCompiling Scheme modules...[ 50%] LOAD     gnu/packages/compression.scm[100%] GUILEC   gnu/packages/compression.go/gnu/store/q33xvan4j71f4kil0lg4h2yk549al1rv-zstd-1.4.9-lib/gnu/store/rixmvq9497dwqxr7apa4n70gmhb50lc7-zstd-1.4.9/gnu/store/2ym2nn0rmzgigagj7zrx4s6gidk94pqg-zstd-1.4.9-static/gnu/store/avgmb7dr3r7555zxnspzzjzxcy5vhhz4-mariadb-10.5.8-dev/gnu/store/jj2gmail5rfnlpmh2rj0vqxil0wihbj7-mariadb-10.5.8-lib/gnu/store/bjgz8jnfsbb4qvaa9csfy8i3x1i3ivp7-mariadb-10.5.8
$ git log --oneline -1 && make -s 2>/dev/null && \> ./pre-inst-env guix build zstd -q           && \> ./pre-inst-env guix build mariadb -q93fee48ada (HEAD -> fix-zstd) DRAFT: gnu: zstd: Update to 1.4.9 (ungraft).Making all in po/guixMaking all in po/packagesCompiling Scheme modules...[ 50%] LOAD     gnu/packages/compression.scm[100%] GUILEC   gnu/packages/compression.go/gnu/store/mmsp9ym0d3zcc0g1rr2gwmxb5pcq1wkm-zstd-1.4.9-lib/gnu/store/6bi9kvsj0si590ra99yzb8dchikzlxb1-zstd-1.4.9/gnu/store/1cnbqm29rc0gp30h18x7hs785c55fl0m-zstd-1.4.9-staticguix build: error: build of`/gnu/store/5927s1x3hpfv4v9rsc9y06kycx93zqvh-mariadb-10.5.8.drv'failed

I could be wrong... and I have not investigated more. As I saidelsewhere, grafting zstd from 1.4.4 to 1.4.9 seems totally *wrong*.There is ~1.5 years and 4 releases between these 2 releases.
BTW, note that:
$ guix graph --path mariadb zstd guix graph: error: no path from 'mariadb@10.5.8' to 'zstd@1.4.9'
Grafting MariaDB makes sense here. The culprit is zstd, IMHO.

Toggle quote (9 lines)

> > Other said, I seem better to do this fix as a whole on core-updates> > without any graft. Instead of grafting here and there; and not> > necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from> > 10.5.8> > to 10.5.8).>> We can't patch security issues through core-updates, especially this> RCE.

I will not comment because I am bored by all that.

Last, you have been prompted to commit a major update and disable thetest-suite for zstd, and I am still waiting that you are prompt againto fix it; especially when a proposal fix is done here:
https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00295.html

Best regards,simon

Léo Le Bouter wrote on 30 Mar 02:26 +0200

Recipients:(name . zimoun)(address . zimon.toutoune@gmail.com)(address . 47257@debbugs.gnu.org)

Message-ID:2139d0ea45c3f97bbd8bf1a7eea355b94709b710.camel@zaclys.net

Hello!
Simon,
I pushed 00c67375b17f4a4cfad53399d1918f2e7eba2c7d to core-updates. Yourpatch. Thank you for it. Let's watch for upstream zstd fix also.
I pushed 9feef62b73e284e106717a386624d6da90750a3d to master.
Ubuntu released a patch in the mean time, so while we couldnt make suchpatch in a timely manner because the backport was non-trivial andsecurity-sensitive also didnt want to risk failing to fix the flawbecause I don't have much expertise on it, Ubuntu now has done thatwork and we can just use it.
Léo

zimoun wrote on 30 Mar 10:29 +0200

Recipients:(name . Léo Le Bouter)(address . lle-bout@zaclys.net)(address . 47257@debbugs.gnu.org)

Message-ID:CAJ3okZ2UnAvoBhCihgisUXv8xoJNgPq+h4jretcj_fPVpq=rSQ@mail.gmail.com

Hi Léo,
On Tue, 30 Mar 2021 at 02:26, Léo Le Bouter <lle-bout@zaclys.net> wrote:

Toggle quote (3 lines)

> I pushed 00c67375b17f4a4cfad53399d1918f2e7eba2c7d to core-updates. Your> patch. Thank you for it. Let's watch for upstream zstd fix also.

Thanks. It mitigates zstd, even if it does not solve MariaDB. Onefoot, then another. :-)

Toggle quote (2 lines)

> I pushed 9feef62b73e284e106717a386624d6da90750a3d to master.

Cool! LTGM.

Toggle quote (6 lines)

> Ubuntu released a patch in the mean time, so while we couldnt make such> patch in a timely manner because the backport was non-trivial and> security-sensitive also didnt want to risk failing to fix the flaw> because I don't have much expertise on it, Ubuntu now has done that> work and we can just use it.

Thanks for taking care.  And do not consider my concerns as a slowdownbut instead as a way to reach something better.  For instance9feef62b73 seems The Right Thing (AFAIU), whereas 6f873731a0 and2bcfb944bd are not (AFAIK).  On one hand, I agree that ~3 weeksappears long through the lens of security vulnerabilities.  On theother hand, it is usually worth to take the time; as here. :-)Examine the various options and so the best move always takes time.
Well, thanks for pushing forward with security.
All the best,simon

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 47257@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date