From 9dda3cc87fdd45844b424880b7efa0cc3ef435f2 Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Mon, 18 May 2020 00:00:59 +0200
Subject: [PATCH 1/3] mariadb: bump to 10.2.32

Fixes:

  CVE-2020-2752
  CVE-2020-2812
  CVE-2020-2814
  CVE-2020-2760

Upstream added support files for auth_pam plugin. This commit adds them
to the package.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 utils/mariadb/Makefile | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile
index 767bb5e5a..9fdd1f045 100644
--- a/utils/mariadb/Makefile
+++ b/utils/mariadb/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mariadb
-PKG_VERSION:=10.2.31
-PKG_RELEASE:=2
+PKG_VERSION:=10.2.32
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL := \
@@ -18,7 +18,7 @@ PKG_SOURCE_URL := \
 	https://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/$(PKG_NAME)-$(PKG_VERSION)/source \
 	https://downloads.mariadb.org/interstitial/$(PKG_NAME)-$(PKG_VERSION)/source
 
-PKG_HASH:=321f744c322ecbc06feddd290d5ee0bf7c68e92cb61fd93c9450eb9c05683151
+PKG_HASH:=ea4fb28095e1079297eb3ba7ec5e215c641f2dff37964db778f6e9c37e0189b3
 PKG_MAINTAINER:=Sebastian Kemper <sebastian_ml@gmx.net>
 PKG_LICENSE:=GPL-2.0 LGPL-2.1
 PKG_LICENSE_FILES:=COPYING THIRDPARTY libmariadb/COPYING.LIB
@@ -406,6 +406,8 @@ CMAKE_OPTIONS += \
 	-DINSTALL_MANDIR=share/man \
 	-DINSTALL_MYSQLSHAREDIR=share/mariadb \
 	-DINSTALL_MYSQLTESTDIR="" \
+	-DINSTALL_PAMDATADIR="/etc/security" \
+	-DINSTALL_PAMDIR="/lib/security" \
 	-DINSTALL_PLUGINDIR=lib/mariadb/plugin \
 	-DINSTALL_SBINDIR=bin \
 	-DINSTALL_SCRIPTDIR=bin \
@@ -598,6 +600,16 @@ This package provides the $(2) plugin.
   define Package/$(1)-plugin-$(subst _,-,$(2))/install
 	  $(INSTALL_DIR) $$(1)$(PLUGIN_DIR)
 	  $(call Package/mariadb/install/plugin,$$(1),$(2))
+ifeq ($(2),auth_pam)
+	  $(INSTALL_DIR) $$(1)/etc/security
+	  $(INSTALL_DATA) \
+		  $(PKG_INSTALL_DIR)/etc/security/user_map.conf \
+					  $$(1)/etc/security
+	  $(INSTALL_DIR) $$(1)/lib/security
+	  $(INSTALL_DATA) \
+		  $(PKG_INSTALL_DIR)/lib/security/pam_user_map.so \
+					  $$(1)/lib/security
+endif
   endef
   $$(eval $$(call BuildPackage,$(1)-plugin-$(subst _,-,$(2))))
 endef

From 4f0d10835925658c90895bd86db3f4142a03484c Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Mon, 18 May 2020 00:03:38 +0200
Subject: [PATCH 2/3] mariadb: move mysql_upgrade to the client package

Backport from master.

It's really a client. It connects to the running server as a client, to
upgrade the DBs. And it depends on both mysql and mysqlcheck.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 utils/mariadb/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile
index 9fdd1f045..7ba3846e3 100644
--- a/utils/mariadb/Makefile
+++ b/utils/mariadb/Makefile
@@ -121,6 +121,7 @@ plugin-wsrep_info               := PLUGIN_WSREP_INFO
 
 MARIADB_CLIENT := \
 	mysql \
+	mysql_upgrade \
 	mysqlcheck
 
 MARIADB_CLIENT_EXTRA := \
@@ -138,7 +139,6 @@ MARIADB_SERVER := \
 	innochecksum \
 	my_print_defaults \
 	mysql_install_db \
-	mysql_upgrade \
 	mysqld
 
 MARIADB_SERVER_EXTRA := \

From 115f7eeb07e5de98a460cb7f815160ae88c89447 Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Mon, 18 May 2020 00:07:05 +0200
Subject: [PATCH 3/3] mariadb: install config files readable for all

Backport from master.

Until now $(INSTALL_CONF) is used for configuration files that go into
/etc/mysql. This commit replaces that with $(INSTALL_DATA). The
configuration files are not only parsed by the server, but also by the
clients (which can be anybody).

This also removes a comment about a cron job from one of the
configuration files. There is no cron job.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 utils/mariadb/Makefile           | 10 +++++-----
 utils/mariadb/conf/50-server.cnf |  1 -
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/utils/mariadb/Makefile b/utils/mariadb/Makefile
index 7ba3846e3..8e1f1d7b7 100644
--- a/utils/mariadb/Makefile
+++ b/utils/mariadb/Makefile
@@ -527,7 +527,7 @@ define Package/libmariadb/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/dialog.so $(1)$(PLUGIN_DIR)
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/mysql_clear_password.so $(1)$(PLUGIN_DIR)
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/sha256_password.so $(1)$(PLUGIN_DIR)
-	$(INSTALL_CONF) conf/50-client.cnf $(1)$(CONF_DIR)/conf.d
+	$(INSTALL_DATA) conf/50-client.cnf $(1)$(CONF_DIR)/conf.d
 endef
 
 define Package/mariadb-client/install
@@ -541,7 +541,7 @@ endef
 
 define Package/mariadb-client-base/install
 	$(INSTALL_DIR) $(1)$(CONF_DIR)/conf.d
-	$(INSTALL_CONF) conf/50-mysql-clients.cnf $(1)$(CONF_DIR)/conf.d
+	$(INSTALL_DATA) conf/50-mysql-clients.cnf $(1)$(CONF_DIR)/conf.d
 endef
 
 define Package/mariadb-client-extra/install
@@ -551,7 +551,7 @@ endef
 
 define Package/mariadb-common/install
 	$(INSTALL_DIR) $(1)$(CONF_DIR)
-	$(INSTALL_CONF) conf/my.cnf $(1)$(CONF_DIR)
+	$(INSTALL_DATA) conf/my.cnf $(1)$(CONF_DIR)
 endef
 
 define Package/mariadb-server/install
@@ -567,8 +567,8 @@ define Package/mariadb-server-base/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) files/mysqld.init $(1)/etc/init.d/mysqld
 	$(SED) '/^[a-z]/s/^/#/' $(PKG_INSTALL_DIR)$(SHARE_DIR)/wsrep.cnf
-	$(INSTALL_CONF) $(PKG_INSTALL_DIR)$(SHARE_DIR)/wsrep.cnf $(1)$(CONF_DIR)/conf.d/60-galera.cnf
-	$(INSTALL_CONF) conf/50-server.cnf $(1)$(CONF_DIR)/conf.d
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)$(SHARE_DIR)/wsrep.cnf $(1)$(CONF_DIR)/conf.d/60-galera.cnf
+	$(INSTALL_DATA) conf/50-server.cnf $(1)$(CONF_DIR)/conf.d
 	$(INSTALL_CONF) files/mysqld.config $(1)/etc/config/mysqld
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)$(SHARE_DIR)/charsets/* $(1)$(SHARE_DIR)/charsets
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)$(SHARE_DIR)/english/errmsg.sys $(1)$(SHARE_DIR)/english
diff --git a/utils/mariadb/conf/50-server.cnf b/utils/mariadb/conf/50-server.cnf
index d478d1f5e..7e0c6d539 100644
--- a/utils/mariadb/conf/50-server.cnf
+++ b/utils/mariadb/conf/50-server.cnf
@@ -56,7 +56,6 @@ query_cache_size	= 16M
 #
 # * Logging and Replication
 #
-# Both location gets rotated by the cronjob.
 # Be aware that this log type is a performance killer.
 # As of 5.1 you can enable the log at runtime!
 #general_log_file	= /var/log/mysql/mysql.log