aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2022-05-21 17:15:54 +0200
committeralice <alice@ayaya.dev>2022-05-21 15:35:57 +0000
commit5b53b957edea6e53cd04e575c496b877a9408df6 (patch)
tree3aac372d974fa578e50498a37349c368201f92cb
parente170c9ce9a943db8ab74e494fa5495a735a6afa9 (diff)
downloadaports-5b53b957edea6e53cd04e575c496b877a9408df6.tar.gz
aports-5b53b957edea6e53cd04e575c496b877a9408df6.tar.bz2
aports-5b53b957edea6e53cd04e575c496b877a9408df6.tar.xz
main/mariadb: security upgrade to 10.6.8
-rw-r--r--main/mariadb/0001-ppc64le-lock-elision.patch195
-rw-r--r--main/mariadb/APKBUILD30
2 files changed, 26 insertions, 199 deletions
diff --git a/main/mariadb/0001-ppc64le-lock-elision.patch b/main/mariadb/0001-ppc64le-lock-elision.patch
deleted file mode 100644
index 2ce492c41b..0000000000
--- a/main/mariadb/0001-ppc64le-lock-elision.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-Patch-Source: https://github.com/MariaDB/server/commit/11e68988d9698c3b1f79b8a3a41f81502b3e095c
-From 11e68988d9698c3b1f79b8a3a41f81502b3e095c Mon Sep 17 00:00:00 2001
-From: Daniel Black <daniel@mariadb.org>
-Date: Wed, 2 Mar 2022 11:48:24 +1100
-Subject: [PATCH] MDEV-27936 hardware lock elision on ppc64{,le} failing to
- compile
-
-There is only a very small range of gcc compiler versions
-that allow the built_{htm} functions to be defined without -mhtm
-being specified as a global C{,XX}FLAGS.
-
-Because the design is centered around enable HTM only in the
-functional blocks that use it, this breaks on the inclusion
-of the htmxlintrin.h header that includes this.
-
-As a partial mitigation, extented to GNU/clang compilers,
-transaction functions gain the attribute "hot".
-
-In general the use of htm is around the optimistic
-transaction ability of the function. The key part of using the
-hot attribute is to place these functions together so that
-a maximization of icache, tlb and OS paging can ensure that
-these can be ready to execute by any thread/cpu with the
-minimium amount of overhead.
-
-POWER is particulary affected here because the xbegin/xend
-functions are not inline.
-
-srw_lock.cc requires the -mhtm cflag, both in the storage
-engine and the unittests.
-
-As below, target htm sections don't enable the builtins
-
-root@0b49bb233a4d:/# gcc -o main main.c
-main.c: In function 'f':
-main.c:5:16: warning: implicit declaration of function '__builtin_tbegin'; did you mean '__builtin_asin'? [-Wimplicit-function-declaration]
- 5 | return __builtin_tbegin(0);
- | ^~~~~~~~~~~~~~~~
- | __builtin_asin
-/usr/bin/ld: /tmp/ccaqLefJ.o: in function `f':
-main.c:(.text+0x20): undefined reference to `__builtin_tbegin'
-collect2: error: ld returned 1 exit status
-
-root@0b49bb233a4d:/# gcc -mhtm -o main main.c
-
-root@0b49bb233a4d:/# cat main.c
-
-__attribute__((target("htm")))
-int f()
-{
- return __builtin_tbegin(0);
-}
-
-int main()
-{
-
- return f();
-}
-root@0b49bb233a4d:/# uname -a
-Linux 0b49bb233a4d 5.17.0-0.rc6.109.fc37.x86_64 #1 SMP PREEMPT Mon Feb 28 15:48:52 UTC 2022 ppc64le GNU/Linux
----
- storage/innobase/CMakeLists.txt | 10 ++++++
- .../include/transactional_lock_guard.h | 31 ++++++++++---------
- storage/innobase/sync/srw_lock.cc | 17 +++++++++-
- storage/innobase/unittest/CMakeLists.txt | 6 ++++
- 4 files changed, 48 insertions(+), 16 deletions(-)
-
-diff --git a/storage/innobase/CMakeLists.txt b/storage/innobase/CMakeLists.txt
-index 702bb843729e9..acfe91ab8a651 100644
---- a/storage/innobase/CMakeLists.txt
-+++ b/storage/innobase/CMakeLists.txt
-@@ -380,6 +380,16 @@ IF(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64"
- COMPILE_FLAGS "-O0"
- )
- ENDIF()
-+
-+# Older gcc version insist on -mhtm flag for including the
-+# htmxlintrin.h header. This is also true for new gcc versions
-+# like 11.2.0 in Debian Sid
-+IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64|powerpc64")
-+ ADD_COMPILE_FLAGS(
-+ sync/srw_lock.cc
-+ COMPILE_FLAGS "-mhtm"
-+ )
-+ENDIF()
- IF(MSVC)
- IF(CMAKE_SIZEOF_VOID_P EQUAL 8)
- ADD_COMPILE_FLAGS(
-diff --git a/storage/innobase/include/transactional_lock_guard.h b/storage/innobase/include/transactional_lock_guard.h
-index 3167055630c26..2655a8df20638 100644
---- a/storage/innobase/include/transactional_lock_guard.h
-+++ b/storage/innobase/include/transactional_lock_guard.h
-@@ -45,8 +45,8 @@ bool transactional_lock_enabled();
-
- # include <immintrin.h>
- # if defined __GNUC__ && !defined __INTEL_COMPILER
--# define TRANSACTIONAL_TARGET __attribute__((target("rtm")))
--# define TRANSACTIONAL_INLINE __attribute__((target("rtm"),always_inline))
-+# define TRANSACTIONAL_TARGET __attribute__((target("rtm"),hot))
-+# define TRANSACTIONAL_INLINE __attribute__((target("rtm"),hot,always_inline))
- # else
- # define TRANSACTIONAL_TARGET /* nothing */
- # define TRANSACTIONAL_INLINE /* nothing */
-@@ -70,25 +70,26 @@ TRANSACTIONAL_INLINE static inline void xabort() { _xabort(0); }
-
- TRANSACTIONAL_INLINE static inline void xend() { _xend(); }
- # elif defined __powerpc64__
--# include <htmxlintrin.h>
- extern bool have_transactional_memory;
- bool transactional_lock_enabled();
--# define TRANSACTIONAL_TARGET __attribute__((target("htm")))
--# define TRANSACTIONAL_INLINE __attribute__((target("htm"),always_inline))
--
--TRANSACTIONAL_INLINE static inline bool xbegin()
--{
-- return have_transactional_memory &&
-- __TM_simple_begin() == _HTM_TBEGIN_STARTED;
--}
--
-+# define TRANSACTIONAL_TARGET __attribute__((hot))
-+# define TRANSACTIONAL_INLINE __attribute__((hot,always_inline))
-+
-+/**
-+ Newer gcc compilers only provide __builtin_{htm}
-+ function when the -mhtm is actually provided. So
-+ we've got the option of including it globally, or
-+ pushing down to one file with that enabled and removing
-+ the inline optimization.
-+ file.
-+ */
-+TRANSACTIONAL_TARGET bool xbegin();
-+TRANSACTIONAL_TARGET void xabort();
-+TRANSACTIONAL_TARGET void xend();
- # ifdef UNIV_DEBUG
- bool xtest();
- # endif
-
--TRANSACTIONAL_INLINE static inline void xabort() { __TM_abort(); }
--
--TRANSACTIONAL_INLINE static inline void xend() { __TM_end(); }
- # endif
- #endif
-
-diff --git a/storage/innobase/sync/srw_lock.cc b/storage/innobase/sync/srw_lock.cc
-index f406b04712a94..bedbfee7b1d5a 100644
---- a/storage/innobase/sync/srw_lock.cc
-+++ b/storage/innobase/sync/srw_lock.cc
-@@ -55,6 +55,20 @@ TRANSACTIONAL_TARGET
- bool xtest() { return have_transactional_memory && _xtest(); }
- # endif
- #elif defined __powerpc64__
-+# include <htmxlintrin.h>
-+
-+__attribute__((target("htm"),hot))
-+bool xbegin()
-+{
-+ return have_transactional_memory &&
-+ __TM_simple_begin() == _HTM_TBEGIN_STARTED;
-+}
-+
-+__attribute__((target("htm"),hot))
-+void xabort() { __TM_abort(); }
-+
-+__attribute__((target("htm"),hot))
-+void xend() { __TM_end(); }
- # ifdef __linux__
- # include <sys/auxv.h>
-
-@@ -79,7 +93,8 @@ bool transactional_lock_enabled()
- }
-
- # ifdef UNIV_DEBUG
--TRANSACTIONAL_TARGET bool xtest()
-+__attribute__((target("htm"),hot))
-+bool xtest()
- {
- return have_transactional_memory &&
- _HTM_STATE (__builtin_ttest ()) == _HTM_TRANSACTIONAL;
-diff --git a/storage/innobase/unittest/CMakeLists.txt b/storage/innobase/unittest/CMakeLists.txt
-index 1ab6157b4a9e4..dfd972b6f45dd 100644
---- a/storage/innobase/unittest/CMakeLists.txt
-+++ b/storage/innobase/unittest/CMakeLists.txt
-@@ -21,6 +21,12 @@ ADD_EXECUTABLE(innodb_fts-t innodb_fts-t.cc)
- TARGET_LINK_LIBRARIES(innodb_fts-t mysys mytap)
- ADD_DEPENDENCIES(innodb_fts-t GenError)
- MY_ADD_TEST(innodb_fts)
-+IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64|powerpc64")
-+ ADD_COMPILE_FLAGS(
-+ ../sync/srw_lock.cc
-+ COMPILE_FLAGS "-mhtm"
-+ )
-+ENDIF()
- ADD_EXECUTABLE(innodb_sync-t innodb_sync-t.cc ../sync/srw_lock.cc)
- TARGET_LINK_LIBRARIES(innodb_sync-t mysys mytap)
- ADD_DEPENDENCIES(innodb_sync-t GenError)
diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD
index d5b5012e0a..2c908a0ebc 100644
--- a/main/mariadb/APKBUILD
+++ b/main/mariadb/APKBUILD
@@ -7,7 +7,7 @@
# Contributor: Jake Buchholz <tomalok@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb
-pkgver=10.6.7
+pkgver=10.6.8
pkgrel=0
pkgdesc="A fast SQL database server"
url="https://www.mariadb.org/"
@@ -42,10 +42,33 @@ source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariad
ppc-remove-glibc-dep.patch
disable-failing-test.patch
have_stacktrace.patch
- 0001-ppc64le-lock-elision.patch
"
# secfixes:
+# 10.6.8-r0:
+# - CVE-2022-27376
+# - CVE-2022-27377
+# - CVE-2022-27378
+# - CVE-2022-27379
+# - CVE-2022-27380
+# - CVE-2022-27381
+# - CVE-2022-27382
+# - CVE-2022-27383
+# - CVE-2022-27384
+# - CVE-2022-27386
+# - CVE-2022-27387
+# - CVE-2022-27444
+# - CVE-2022-27445
+# - CVE-2022-27446
+# - CVE-2022-27447
+# - CVE-2022-27448
+# - CVE-2022-27449
+# - CVE-2022-27451
+# - CVE-2022-27452
+# - CVE-2022-27455
+# - CVE-2022-27456
+# - CVE-2022-27457
+# - CVE-2022-27458
# 10.6.7-r0:
# - CVE-2021-46659
# - CVE-2021-46661
@@ -475,10 +498,9 @@ _plugin_rocksdb() {
}
sha512sums="
-2d26f56ea5f39b800a6f279c8411d4091b4f4d3acbf3ea1864068328d34a1437e7c46c08d3772009357fd89602e58f214266038e177c0a4fac914a5e5d01e3e6 mariadb-10.6.7.tar.gz
+b4327000eb3e5fc75bbd78de9890b0464217a432c8aac744948af94e092ffeef1f101885b81ec49029900a92b0018838e46efcf225056a9b06f35a04ecf26aab mariadb-10.6.8.tar.gz
c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd
20331e52e3dc419b4833e3c16bbb9828b9591f8aa3b6fce93c592161f3cae403c4a5d073369b2383d7d2325a2c9394d178866ac3e069fd8b6c50be00155ba942 ppc-remove-glibc-dep.patch
598490b4bb45c9f7be46086d25c2b6c601d417c45f11aa519c2290065e7d6e98a7519f9860b823e67a8fd3e6ce3b4728af73ec3a2c66eec32b42fd4ad7cc07f7 disable-failing-test.patch
4965275371e6d5e08e32a16fcfff2e68dfdcf6f4c30e5beffe18dcf56b503cbf373feeda814694e048964b16165ad65156c32fe27e974bed47201e8cf60736c6 have_stacktrace.patch
-9b9320ef7f98cdae1f10244d2e52cd4e14ef63ef52e1be3021b8b2cfcf340a99234f434362a0b00e4765902371c20cc1a42c2571ee122e50c53bc0655eb0be97 0001-ppc64le-lock-elision.patch
"