Bug 20139 - mariadb 10.0.29
Summary: mariadb 10.0.29
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://lwn.net/Vulnerabilities/712067/
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Keywords: validated_update
Depends on: 20143
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-18 22:37 CET by David Walser
Modified: 2017-02-20 14:01 CET (History)
6 users (show)

See Also:
Source RPM: mariadb-10.0.28-1.mga5.src.rpm
CVE:
Status comment:


Attachments
mariadb fail to start journalctl -xe output (9.08 KB, text/plain)
2017-01-21 19:46 CET, William Kenney
Details

Description David Walser 2017-01-18 22:37:50 CET
MariaDB has released version 10.0.29 on January 13:
https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/

It fixes several security issues (listed in the release notes above).

10.0.29 is building for Mageia 5 right now, advisory to come later.
David Walser 2017-01-19 23:21:11 CET

URL: (none) => https://lwn.net/Vulnerabilities/712067/

Comment 1 William Kenney 2017-01-21 19:45:16 CET
In VirtualBox, M5, KDE, 32-bit

Create mariadb/mysql db PW: testmaria

Package(s) under test:
mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common
mariadb-common-core mariadb-core mariadb-extra

default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client
mariadb-common mariadb-common-core mariadb-core mariadb-extra

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libmariadb-embedded18
Package libmariadb-embedded18-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libmariadb18
Package libmariadb18-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-bench
Package mariadb-bench-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-client
Package mariadb-client-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-common
Package mariadb-common-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-common-core
Package mariadb-common-core-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-core
Package mariadb-core-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-extra
Package mariadb-extra-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.9-1.mga5.noarch is already installed

http://localhost/mediawiki opens, sets up and is usable
http://localhost/phpmyadmin opens, sets up, I can create databases and is usable

install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client
mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing

[root@localhost wilcal]# systemctl start mysqld.service
Job for mysqld.service failed. See "systemctl status mysqld.service" and "journalctl -xe" for details.
Attached.

CC: (none) => wilcal.int

Comment 2 William Kenney 2017-01-21 19:46:31 CET
Created attachment 8878 [details]
mariadb fail to start journalctl -xe output
Comment 3 William Kenney 2017-01-22 19:53:29 CET
In VirtualBox, M5, KDE, 32-bit

Just install mariadb from updates_testing

Create mariadb/mysql db PW: testmaria

Package(s) under test:
mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common
mariadb-common-core mariadb-core mariadb-extra

default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client
mariadb-common mariadb-common-core mariadb-core mariadb-extra

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libmariadb-embedded18
Package libmariadb-embedded18-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libmariadb18
Package libmariadb18-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-bench
Package mariadb-bench-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-client
Package mariadb-client-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-common
Package mariadb-common-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-common-core
Package mariadb-common-core-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-core
Package mariadb-core-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi mariadb-extra
Package mariadb-extra-10.0.29-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.9-1.mga5.noarch is already installed

[root@localhost wilcal]# systemctl start mysqld.service
Job for mysqld.service failed. See "systemctl status mysqld.service" and "journalctl -xe" for details.
Comment 4 William Kenney 2017-01-23 16:17:51 CET
In VirtualBox, M5, KDE, 64-bit

Install mariadb from updates_testing

Package(s) under test:
mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common
mariadb-common-core mariadb-core mariadb-extra

Errors encountered during install:

2 installation transactions failed

There was a problem during the installation:

file /usr/share/mysql/default/errmsg.sys from install of libmariadb-embedded18-10.0.29-1.mga5.i586 conflicts with file from package lib64mariadb-embedded18-10.0.28-1.mga5.x86_64

mariadb-client(x86-64) = 10.0.29-1.mga5 is needed by mariadb-10.0.29-1.mga5.x86_64

mariadb-common(x86-64) = 10.0.29-1.mga5 is needed by mariadb-10.0.29-1.mga5.x86_64

mariadb-common-core(x86-64) >= 10.0.29-1.mga5 is needed by mariadb-core-10.0.29-1.mga5.x86_64

mariadb-client(x86-64) >= 10.0.29-1.mga5 is needed by mariadb-bench-10.0.29-1.mga5.x86_64

perl(GD) is needed by mariadb-bench-10.0.29-1.mga5.x86_64

There was a problem during the installation:

file /usr/share/mysql/default/errmsg.sys from install of libmariadb-embedded18-10.0.29-1.mga5.i586 conflicts with file from package lib64mariadb-embedded18-10.0.28-1.mga5.x86_64
Comment 5 David Walser 2017-01-24 02:38:41 CET
Debian has issued an advisory for this on January 22:
https://www.debian.org/security/2017/dsa-3770

So it says they updated to 10.0.29, but I can't see that on packages.debian.org or sources.debian.net, so I don't know what they did to get around this issue.

Depends on: (none) => 20143
Whiteboard: (none) => feedback

Comment 6 William Kenney 2017-01-24 02:42:48 CET
(In reply to David Walser from comment #5)

> So it says they updated to 10.0.29, but I can't see that on
> packages.debian.org or sources.debian.net, so I don't know what they did to
> get around this issue.

Thanks David. Usually testing mariadb is pretty easy for me. This situation is beyond my understanding. Should this go back to the maintainer?
Comment 7 David Walser 2017-01-24 02:46:41 CET
(In reply to William Kenney from comment #6)
> Thanks David. Usually testing mariadb is pretty easy for me. This situation
> is beyond my understanding. Should this go back to the maintainer?

It just needs to be fixed.  It doesn't really need to "go back" anywhere since it doesn't really have a maintainer and I'm already aware of the issue.
Comment 8 Herman Viaene 2017-01-27 11:55:02 CET
MGA5-32 on AsusA6000VM
No installation issues for 10.0.29
But problem at CLI as root
# systemctl start mysqld
Job for mysqld.service failed. See "systemctl status mysqld.service" and "journalctl -xe" for details.
# systemctl status mysqld.service
â mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
   Active: failed (Result: start-limit) since vr 2017-01-27 11:14:32 CET; 3min 9s ago
  Process: 29031 ExecStartPost=/usr/sbin/mysqld-wait-ready $MAINPID (code=exited, status=1/FAILURE)
  Process: 28814 ExecStart=/usr/bin/mysqld_safe --nowatch (code=exited, status=0/SUCCESS)
  Process: 28797 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)

jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: Unit mysqld.service entered failed state.
jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: mysqld.service failed.
jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: start request repeated too quickly for mysqld.service
jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: Failed to start MySQL database server.
jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: Unit mysqld.service entered failed state.
jan 27 11:14:32 mach6.hviaene.thuis systemd[1]: mysqld.service failed.
Checked access rights on /var/lib/mysqld : OK for mysqluser
Googled and apparently could start with
# mysqld_safe --defaults-file=/etc/my.cnf
170127 11:29:53 mysqld_safe Logging to '/var/log/mysqld/mysqld.log'.
170127 11:29:53 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
That allowed me (on another root prompt) to
# mysqladmin password tester
but the systemctl kept giving failed state, but the ps command showed process running, and I killed the process to have another go at systemctl, to no avail

CC: (none) => herman.viaene

Comment 9 David Walser 2017-02-12 14:58:24 CET
The service issue should be fixed in mariadb-10.0.29-1.1.mga5.

Please test again, including testing upgrades from mariadb-10.0.28-1.mga5.

Whiteboard: feedback => (none)

Comment 10 David Walser 2017-02-12 16:06:51 CET
Now uploading mariadb-10.0.29-1.2.mga5 with further fixes.
Comment 11 Dave Hodgins 2017-02-13 03:22:05 CET
With the patch from https://bugs.mageia.org/show_bug.cgi?id=20143#c58 applied,
and perl-DBD-mysql installed for bug 20275 mariadb-bench now shows
All 10 test executed successfully. No problems found having updated from the
prior version.

While 10.0.29-1.2 is not a regression from the prior version, would you prefer
we validate this version, or wait for the above 2 bugs to be fixed too?

CC: (none) => davidwhodgins

Comment 12 David Walser 2017-02-13 03:30:07 CET
Bug 20143 *is* a regression from the prior version, so if it's still not fixed by the changes in 1.2.mga5, then we're not done.  Is this the case?
Comment 13 Dave Hodgins 2017-02-13 04:42:08 CET
(In reply to David Walser from comment #12)
> Bug 20143 *is* a regression from the prior version, so if it's still not
> fixed by the changes in 1.2.mga5, then we're not done.  Is this the case?

Yes
Comment 14 Dave Hodgins 2017-02-13 20:03:03 CET
Just to clarify, without the patch, mysqld does start, but systemd fails to detect that it has started, and forces a restart every time the timeout expires,
currently every 5 minutes, which breaks access for things like mariadb-bench.

systemctl status mysqld.service shows it as active (starting), not active
(running), while it is running.

While https://mariadb.com/kb/en/mariadb/systemd/ indicates mariadb version
10.1.8 is the version that requires mysqld_safe no longer be used, it seems
that with the current patches applied, it also now applies to our 10.0.29
version, and my testing indicates it works ok without mysqld_safe.
Dave Hodgins 2017-02-16 21:50:17 CET

Whiteboard: (none) => feedback

Comment 15 David Walser 2017-02-17 12:13:38 CET
Sorry nobody else is looking at this and I've been very busy.  I'll try to get to it this weekend.

Note to self, openSUSE added a patch to fix a use-after-free:
https://build.opensuse.org/package/rdiff/openSUSE:Leap:42.2:Update/mariadb?linkrev=base&rev=2

They also added a mysqld_safe_helper to the files list; not sure what that is.
Comment 16 Arne Spiegelhauer 2017-02-17 21:05:06 CET
10.0.29-1.2 depends on systemd-notify support, which was not added to mariadb until version 10.1.8, so it won't work (unless backport of the systemd-notify support is also added).

10.0.29-1 with  Raphael Gertz's patch for Cauldron bug 20143: https://bugs.mageia.org/attachment.cgi?id=8915 seems to work fine.

CC: (none) => gm2.asp

Comment 17 David Walser 2017-02-18 15:48:13 CET
Mageia 5 build building now with mysqld.service changes reverted and using rapsys's patch to mysqld-wait-ready.

Whiteboard: feedback => (none)

Comment 18 nathan giovannini 2017-02-18 19:23:13 CET
mariadb:10.0.29-1.3.mga5
is now available in the repository: Core Updates-Testing

CC: (none) => nathan95

Comment 19 Herman Viaene 2017-02-19 11:49:41 CET
MGA5-32 on Asus A6000VM Xfce
No installation issues
At CLI:
# systemctl start mysqld
# systemctl -l status mysqld.service
â mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled)
   Active: active (running) since zo 2017-02-19 11:26:15 CET; 10min ago
 Main PID: 12993 (mysqld)
   CGroup: /system.slice/mysqld.service
           ââ12993 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --log-error=/var/log/mysqld/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306

feb 19 11:26:12 mach6.hviaene.thuis mysqld_safe[12779]: 170219 11:26:12 mysqld_safe Logging to '/var/log/mysqld/mysqld.log'.
With phpmyadmin I could create and drop a table in "test" database.

Whiteboard: (none) => MGA5-32-OK

Comment 20 Dave Hodgins 2017-02-19 22:09:13 CET
Testing complete on Mageia 5 x86_64, also using phpmyadmin for testing.

Still need the advisory before this can be pushed.

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 21 David Walser 2017-02-19 23:43:11 CET
Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Root Privilege Escalation (CVE-2016-6664).

Unspecified vulnerability affecting the Optimizer component (CVE-2017-3238).

Unspecified vulnerability affecting the Charsets component (CVE-2017-3243).

Unspecified vulnerability affecing the DML component (CVE-2017-3244).

Unspecified vulnerability affecting InnoDB (CVE-2017-3257).

Unspecified vulnerability in the DDL component (CVE-2017-3258).

Unsafe chmod/chown use in init script (CVE-2017-3265).

Unrestricted mysqld_safe's ledir (CVE-2017-3291).

Insecure error log file handling in mysqld_safe, due to an incomplete fix for
CVE-2016-6664 (CVE-2017-3312).

Unspecified vulnerability affecting Logging (CVE-2017-3317).

Unspecified vulnerability affecting Error Handling (CVE-2017-3318).

Applications using the client library for MySQL (libmysqlclient.so) had
a use-after-free issue that could cause the applications to crash
(bsc#1022428).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3318
https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
https://lists.opensuse.org/opensuse-updates/2017-02/msg00074.html
Dave Hodgins 2017-02-20 04:31:06 CET

Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory

Comment 22 Mageia Robot 2017-02-20 14:01:03 CET
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0054.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.