Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, The latest security upload of mysql-5.5 breaks akonadi-backend-mysql in stable, this is due to a change in the compiled-in configuration values that are incompatible with the ones shipped in the akonadi backend *. In the bug #843520 [1] the mysql maintainers requested this to be fixed on the akonadi side. The bug #843534 currently tracks the akonadi side of things, sadly we have some contradicting user reports. But according to our tests this upload fixes the issue caused by the mysql-5.5 upload, we may need to further investigate the problems that aren't fixed with this. I'm not completely sure if it would be better to upload this change as a security upload as a way to retain archive consistency, in any case I would wait for a green flag from the release team before uploading this. I'm attaching the diff of the proposed changes. Happy hacking. [1]: https://bugs.debian.org/843520 [2]: https://bugs.debian.org/843534 *: The compiled-in value of secure_file_priv points to the directory "/var/lib/mysql-files" that isn't present in the mysql-server-core-5.5 package, requiring that this value is correctly set in mysql configuration file shipped in the akonadi backend. Since the use of secure_file_priv has no benefit for the akonadi use cases a simple workaround is to set it to the empty value that reverts mysql to the previous behaviour. - -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'buildd-unstable'), (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQItBAEBCgAXBQJYJIxYEBxtYXh5QGRlYmlhbi5vcmcACgkQxxl2mbKbIyqUAQ// aucTQ4KR7e+1vzAzgV9Km0u9Qz3scYCqYY2+hCfxbtitDi9tX1ZngKcVr5uq2mSz m+vMWHPz6B3Usej5e0kqUrzUcreC9at8va4XCH5w4YukLAmNycxiDsjbpYjH4STD VU9m498auQR2gyGT0C8d041FISWCny9ydnGa7rbiRJHHSoNSd4wFqplEee2Xt8WT QUBgfnviP9Zpi5w0NmoUB8kyOj9pCT+ELwxwjO9vJd3Y/7eZxoY0JVPmKpMUcTrz hX7cEj40jAa9acvMFc6+HtBwHNJ1DDdGDdXD9Jp3+30Y5DP52YcS3habPK7X3yTi keogj8ypqHaGxyqfe16uO0YAdDzPDLc/VpsERxkdM8ivUEjS3uwpLyqcVXG4gq2V LLiTJs2lszC+h/EkGHu4uw9bHlEmyLn5l6rNd19a71dwdvblvE9VXFYC9AroUhNv Jp2dEL801DCJLgsAFggQKl71ICgrtvvwwQzhfO+xdYzhTBZaRvs8H8A3v/qQzNuO JE6NdQJsTbjRsff0++tjlRJIzauxrAZf+/yncmCnDBs9Akq6Q7CwJ7+xmNjGEVWu Nw/c4EX5gzDCy1GmcTdsTqtW1i1Ru4QxMLpZtGHaC6Gjkd2rV0/fJZG7vqCruz6p KDy2Ey6KGax7dpesiSXPiJRL2nNjC53YeXuB4nY27bI= =E+r9 -----END PGP SIGNATURE-----
diff --git a/debian/changelog b/debian/changelog index 43d92d7..7cf44ae 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +akonadi (1.13.0-2+deb8u2) stable-proposed-updates; urgency=medium + + * Add patch from kubuntu: kubuntu_disable_secure_file_priv_check.diff + - fix compatibility with stricter defaults in mysql security update. + (Closes: 843534) Thanks to fld for the report and Marc Deslauriers + for the patch. + + -- Maximiliano Curia <m...@debian.org> Thu, 10 Nov 2016 15:17:27 +0100 + akonadi (1.13.0-2+deb8u1) stable-proposed-updates; urgency=medium * Team upload. diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..79e4e3e --- /dev/null +++ b/debian/not-installed @@ -0,0 +1 @@ +usr/bin/asapcat diff --git a/debian/patches/kubuntu_disable_secure_file_priv_check.diff b/debian/patches/kubuntu_disable_secure_file_priv_check.diff new file mode 100644 index 0000000..5a35b64 --- /dev/null +++ b/debian/patches/kubuntu_disable_secure_file_priv_check.diff @@ -0,0 +1,26 @@ +Description: disable the secure_file_priv check + MySQL 5.7 introduced a premission check for export and import operations. + In Ubuntu, only the full mysql-server package creates the set system wide + directory causing mysqld-akonadi to error out on startup if only + mysql-server-core-5.7 is installed. + To prevent that the key is set to empty, which reverts mysqld to the 5.6 + behavior. + See http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_secure_file_priv +Author: Philip Muskovac <yo...@gmx.net> +Last-Update: 2016-04-18 +Forwarded: not-needed +Origin: vendor +Index: b/server/src/storage/mysql-global.conf +=================================================================== +--- a/server/src/storage/mysql-global.conf ++++ b/server/src/storage/mysql-global.conf +@@ -100,5 +100,9 @@ wait_timeout=31536000 + # We use InnoDB, so don't let MyISAM eat up memory + key_buffer_size=16K + ++# KUBUNTU: ++# Unset the export dir check as only the full mysql-server package creates it ++secure_file_priv= ++ + [client] + default-character-set=utf8 diff --git a/debian/patches/series b/debian/patches/series index 584311c..aaecbd5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ upstream-fix_buffer_overflow_in_AKTEST_FAKESERVER_MAIN upstream-do_not_crash_when_setmntent_returns_NULL upstream_dont_call_insert_from_Q_ASSERT upstream_dont_leak_old_external_payload_files.patch +kubuntu_disable_secure_file_priv_check.diff
