upgrade mysql to 8.0.23, fix cves

2021-03-12 14:23:52 +08:00 · 2021-03-12 14:23:52 +08:00 · be2ea374b0
commit be2ea374b0
parent 096a2228c2
4 changed files with 121 additions and 3 deletions
--- a/disable-moutline-atomics-for-aarch64.patch
+++ b/disable-moutline-atomics-for-aarch64.patch
@ -0,0 +1,37 @@
+From 3603a7c5191c98e86e3b769c5877d17fd18bf39b Mon Sep 17 00:00:00 2001
+From: maminjie <maminjie1@huawei.com>
+Date: Fri, 26 Feb 2021 14:58:05 +0800
+Subject: [PATCH] disable moutline-atomics for aarch64
+
+---
+ CMakeLists.txt | 13 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index df69eb90..94557fc9 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -938,13 +938,13 @@ ENDIF()
+ # The -moutline-atomics switch enables run-time detection of LSE support.
+ # There are compilers (gcc 9.3.1 for example) which support this switch, but
+ # do not enable it by default, even though it seems to help. So, we force it.
+-IF(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64")
+-  MY_CHECK_CXX_COMPILER_FLAG( "-moutline-atomics" HAVE_OUTLINE_ATOMICS)
+-  IF(HAVE_OUTLINE_ATOMICS)
+-    STRING_APPEND(CMAKE_C_FLAGS   " -moutline-atomics")
+-    STRING_APPEND(CMAKE_CXX_FLAGS " -moutline-atomics")
+-  ENDIF()
+-ENDIF()
+#IF(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64")
+#  MY_CHECK_CXX_COMPILER_FLAG( "-moutline-atomics" HAVE_OUTLINE_ATOMICS)
+#  IF(HAVE_OUTLINE_ATOMICS)
+#    STRING_APPEND(CMAKE_C_FLAGS   " -moutline-atomics")
+#    STRING_APPEND(CMAKE_CXX_FLAGS " -moutline-atomics")
+#  ENDIF()
+#ENDIF()
+ 
+ IF(LINUX)
+   OPTION(LINK_RANDOMIZE "Randomize the order of all symbols in the binary" OFF)
+-- 
+2.23.0
+
--- a/mysql-fix-includes-robin-hood.patch
+++ b/mysql-fix-includes-robin-hood.patch
@ -0,0 +1,13 @@
+# Prevents fails when compiling with gcc11 (Fedora 34)
+# Upstream PR: https://github.com/mysql/mysql-server/pull/323
+
+--- mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h.old	2021-02-04 17:15:31.034997221 +0100
+++ mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h	2021-02-04 17:15:50.781372066 +0100
+@@ -48,6 +48,7 @@
+ #include <string>
+ #include <type_traits>
+ #include <utility>
+#include <limits>
+ #if __cplusplus >= 201703L
+ #    include <string_view>
+ #endif
--- a/mysql-main-cast.patch
+++ b/mysql-main-cast.patch
@ -0,0 +1,48 @@
+commit 68730acd9ae7ae8b2fcd25b5ccd18d47038d00b9
+Author: Catalin Besleaga <catalin.besleaga@oracle.com>
+Date:   Mon Jan 4 14:32:05 2021 +0100
+
+    WL#14015: Follow-up: fixed unstable test
+
+    Change-Id: I11f352168902c6689981131cfda3a87ba924941c
+
+diff --git a/mysql-test/r/cast.result b/mysql-test/r/cast.result
+index af82329a9c5..4d81ef111cb 100644
+--- a/mysql-test/r/cast.result
+++ b/mysql-test/r/cast.result
+@@ -1747,6 +1747,7 @@ CAST("2020extra" AS YEAR)
+ 2020
+ Warnings:
+ Warning	1292	Truncated incorrect YEAR value: '2020extra'
+SET timestamp = UNIX_TIMESTAMP('2020-12-22 03:30:00');
+ SELECT CAST(TIMESTAMP'2010-01-01 00:00' AS YEAR);
+ CAST(TIMESTAMP'2010-01-01 00:00' AS YEAR)
+ 2010
+@@ -1764,6 +1765,7 @@ CAST(TIME'08:09:10' AS YEAR)
+ SELECT CAST(TIME'00:00:00' AS YEAR);
+ CAST(TIME'00:00:00' AS YEAR)
+ 2020
+SET timestamp = DEFAULT;
+ SELECT CAST(ST_PointFromText('POINT(10 10)') AS YEAR);
+ ERROR HY000: Incorrect arguments to cast_as_year
+ CREATE TABLE t AS SELECT CAST("2010" AS YEAR);
+diff --git a/mysql-test/t/cast.test b/mysql-test/t/cast.test
+index 1a1f512fca7..a74d79ad91f 100644
+--- a/mysql-test/t/cast.test
+++ b/mysql-test/t/cast.test
+@@ -799,6 +799,7 @@ SELECT CAST("extra" AS YEAR);
+ SELECT CAST("22extra" AS YEAR);
+ SELECT CAST("2020extra" AS YEAR);
+
+SET timestamp = UNIX_TIMESTAMP('2020-12-22 03:30:00');
+ #date[time] values
+ SELECT CAST(TIMESTAMP'2010-01-01 00:00' AS YEAR);
+ SET SQL_MODE = "";
+@@ -807,6 +808,7 @@ SET SQL_MODE = default;
+ SELECT CAST(TIMESTAMP'2010-01-01 08:09:10' AS YEAR);
+ SELECT CAST(TIME'08:09:10' AS YEAR);
+ SELECT CAST(TIME'00:00:00' AS YEAR);
+SET timestamp = DEFAULT;
+
+ #geometry values
+ --error ER_WRONG_ARGUMENTS
--- a/mysql.spec
+++ b/mysql.spec
@ -29,8 +29,8 @@
 %bcond_without conflicts
 %global sameevr   %{?epoch:%{epoch}:}%{version}-%{release}
 Name:                mysql
-Version:             8.0.22
-Release:             2 
+Version:             8.0.23
+Release:             1
 Summary:             MySQL client programs and shared libraries
 URL:                 http://www.mysql.com
 License:             GPLv2 with exceptions and LGPLv2 and BSD
@ -48,6 +48,9 @@ Source17:            mysql-wait-stop.sh
 Source18:            mysql@.service.in
 Source30:            %{pkgnamepatch}.rpmlintrc
 Source31:            server.cnf.in
+Source32:            mysql-boost-%{version}.tar.gz.aa
+Source33:            mysql-boost-%{version}.tar.gz.ab
+Source34:            mysql-boost-%{version}.tar.gz.ac
 Patch1:              %{pkgnamepatch}-install-test.patch
 Patch2:              %{pkgnamepatch}-s390-tsc.patch
 Patch3:              %{pkgnamepatch}-file-contents.patch
@ -58,6 +61,9 @@ Patch52:             %{pkgnamepatch}-sharedir.patch
 Patch55:             %{pkgnamepatch}-rpath.patch
 Patch75:             %{pkgnamepatch}-arm32-timer.patch
 Patch78:	     %{pkgnamepatch}-gcc11.patch
+Patch79:             %{pkgnamepatch}-main-cast.patch
+Patch80:             %{pkgnamepatch}-fix-includes-robin-hood.patch
+Patch81:             disable-moutline-atomics-for-aarch64.patch
 Patch115:            boost-1.58.0-pool.patch
 Patch125:            boost-1.57.0-mpl-print.patch
 BuildRequires:       cmake gcc-c++ libaio-devel libedit-devel libevent-devel libicu-devel lz4
@ -65,7 +71,7 @@ BuildRequires:       lz4-devel mecab-devel bison libzstd-devel
 %ifnarch aarch64 %{arm} s390 s390x
 BuildRequires:       numactl-devel
 %endif
-BuildRequires:       openssl openssl-devel
+BuildRequires:       openssl openssl-devel libcurl-devel make
 BuildRequires:       perl-interpreter perl-generators
 BuildRequires:       rpcgen libtirpc-devel
 BuildRequires:       protobuf-lite-devel rapidjson-devel zlib zlib-devel multilib-rpm-config procps
@ -208,6 +214,9 @@ The package provides Docs for development of MySQL applications.


 %prep
+cd ../SOURCES
+cat %{SOURCE32} %{SOURCE33} %{SOURCE34} | tar xj
+cd ..
 %setup -q -n mysql-%{version}
 %patch1 -p1
 %patch2 -p1
@ -219,6 +228,9 @@ The package provides Docs for development of MySQL applications.
 %patch55 -p1
 %patch75 -p1
 %patch78 -p1
+%patch79 -p1
+%patch80 -p1
+%patch81 -p1
 pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
 %patch115 -p0
 %patch125 -p1
@ -537,6 +549,14 @@ fi
 %exclude %{_mandir}/man1/{mysqld_multi.1*,mysqld_safe.1*,comp_err.1*}

 %changelog
+* Wed Mar 10 2021 wangxiao <wangxiao65@huawei.com> - 8.0.23-1
+- Upgrade mysql to 8.0.23, fix CVES: CVE-2021-1998 CVE-2021-2002
+  CVE-2021-2010 CVE-2021-2011 CVE-2021-2016 CVE-2021-2021 CVE-2021-2022
+  CVE-2021-2024 CVE-2021-2031 CVE-2021-2032 CVE-2021-2036 CVE-2021-2038
+  CVE-2021-2046 CVE-2021-2048 CVE-2021-2056 CVE-2021-2058 CVE-2021-2060
+  CVE-2021-2061 CVE-2021-2065 CVE-2021-2070 CVE-2021-2072 CVE-2021-2076
+  CVE-2021-2081 CVE-2021-2087 CVE-2021-2088 CVE-2021-2122
+
 * Wed Jan 13 2021 Shengjing Wei <weishengjing1@huawei.com> - 8.0.22-2
 - Delete useless information