Fedora has issued an advisory on September 14: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YSLPW44RWIGHU5AG3P4U2HPSD3UBG4GJ/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning to barjac as registered maintainer, also most recent committer.
Assignee: bugsquad => zen25000
Status comment: (none) => Patch available from Fedora
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only (CVE-2019-14511). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14511 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YSLPW44RWIGHU5AG3P4U2HPSD3UBG4GJ/ ======================== Updated packages in core/updates_testing: ======================== sphinx-2.3.2-0.beta.1.1.mga7 libsphinxclient1-2.3.2-0.beta.1.1.mga7 libsphinxclient-devel-2.3.2-0.beta.1.1.mga7 sphinx-java-2.3.2-0.beta.1.1.mga7 from sphinx-2.3.2-0.beta.1.1.mga7.src.rpm
Version: Cauldron => 7Assignee: zen25000 => qa-bugsStatus comment: Patch available from Fedora => (none)CC: (none) => zen25000Whiteboard: MGA7TOO => (none)
Thanks David, I tried to look at this the other night, but could not find Fedora's repository. I have been really busy with real life recently so your help is greatly appreciated! Barry
MGA7-64 Plasma on Lenovo B50 No installation issues. Only previous update is bug 10382, and that goes only as far as starting the service. # systemctl start sphinx-searchd.service # systemctl -l status sphinx-searchd.service ● sphinx-searchd.service - Sphinx - SQL Full Text Search Engine Loaded: loaded (/usr/lib/systemd/system/sphinx-searchd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2020-01-30 10:59:55 CET; 25s ago Process: 25841 ExecStart=/usr/sbin/sphinx-searchd --config /etc/sphinx/sphinx.conf (code=exited, status=0/SUCCESS) Main PID: 25844 (sphinx-searchd) Memory: 5.0M CGroup: /system.slice/sphinx-searchd.service ├─25843 /usr/sbin/sphinx-searchd --config /etc/sphinx/sphinx.conf └─25844 /usr/sbin/sphinx-searchd --config /etc/sphinx/sphinx.conf jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: WARNING: index 'test1': prealloc: failed to open /var/lib/sphinx/test1.s> jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: precaching index 'test1stemmed' jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: WARNING: index 'test1stemmed': prealloc: failed to open /var/lib/sphinx/> jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: WARNING: multiple addresses found for 'localhost', using the first one (> jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: precaching index 'rt' jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: Sphinx 2.3.2-id64-beta (???) Similar warnings as before. I tried to make sense of the commands of sphinx, but that's beyond me. Agree this is OK??? jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: Copyright (c) 2001-2016, Andrew Aksyonoff jan 30 10:59:55 mach5.hviaene.thuis sphinx-searchd[25841]: Copyright (c) 2008-2016, Sphinx Technologies Inc (http://sphinxsearch.co> jan 30 10:59:55 mach5.hviaene.thuis systemd[1]: sphinx-searchd.service: Supervising process 25844 which is not our child. We'll mos> jan 30 10:59:55 mach5.hviaene.thuis systemd[1]: Started Sphinx - SQL Full Text Search Engine.
CC: (none) => herman.viaene
I found a "getting started" section online at https://sphinxsearch.com/docs/current.html#quick-tour I have no experience at this sort of thing myself, but perhaps the procedure there could serve as a credible test for someone with skills I lack.
CC: (none) => andrewsfarm
Ventured into the getting started tour, but not with great success. Used phpmyadmin to assure the user and database test exist, then copied the /etc/sphinx/sphinx-min.conf to my user's sphinx.conf. At CLI $ mysql -u test -p test < /etc/sphinx/example.sql Enter password: checked in phpmyadmin that the two tables were created and populated: OK then $ sphinx-indexer --config sphinx.conf --all Sphinx 2.3.2-id64-beta (???) Copyright (c) 2001-2016, Andrew Aksyonoff Copyright (c) 2008-2016, Sphinx Technologies Inc (http://sphinxsearch.com) using config file 'sphinx.conf'... indexing index 'test1'... FATAL: failed to open /var/lib/sphinx/test1.spl: Permission denied, will not index. Try --rotate option. Remarks here: if you omit the --config, the command uses /etc/sphinx/sphinx.conf, not my own with the test references. The failure message is misleading: there is no /var/lib/sphinx/test1.spl file. Checking access rights found out this command needs to be run as user sphinx or the access rights should be opened. Opened sphinx user and made sure the test config file is in /etc/sphinx then $ sphinx-indexer --all Sphinx 2.3.2-id64-beta (???) Copyright (c) 2001-2016, Andrew Aksyonoff Copyright (c) 2008-2016, Sphinx Technologies Inc (http://sphinxsearch.com) using config file '/etc/sphinx/sphinx.conf'... indexing index 'test1'... collected 4 docs, 0.0 MB sorted 0.0 Mhits, 100.0% done total 4 docs, 193 bytes total 0.007 sec, 25222 bytes/sec, 522.73 docs/sec skipping non-plain index 'testrt'... total 4 reads, 0.000 sec, 8.1 kb/call avg, 0.0 msec/call avg total 12 writes, 0.000 sec, 0.1 kb/call avg, 0.0 msec/call avg So no errors given, but in the database I cann't find any index (or new table or that matter) created, so the next step from the tour utterly fails. $ mysql -h0 -P9306 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 2.3.2-id64-beta (???) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> SELECT * FROM test1 WHERE MATCH('my document'); ERROR 1064 (42000): no enabled local indexes to search Giving up.
(In reply to Herman Viaene from comment #7) > > MySQL [(none)]> SELECT * FROM test1 WHERE MATCH('my document'); > ERROR 1064 (42000): no enabled local indexes to search > You can't SELECT ... if there is no database open, "[(none)]" should indicate the database name. To open the database use the USE command. Sorry if you already know that - just thought it worth a mention.
Tx Barry, I know somehow my way around different databases, but never used mysql for real, so no, I didn't know that. That brings me to running as sphinx: $ mysql -h0 -P9306 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 2.3.2-id64-beta (???) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> use test Database changed MySQL [test]> SELECT * FROM test1 WHERE MATCH('my document'); +------+----------+------------+ | id | group_id | date_added | +------+----------+------------+ | 1 | 1 | 1581425075 | | 2 | 1 | 1581425075 | +------+----------+------------+ 2 rows in set (0.064 sec) MySQL [test]> INSERT INTO rt VALUES (1, 'this is', 'a sample text', 11); ERROR 1064 (42000): no such index 'rt' I don't know how to explain this: there are a number of files test1.<xxx> in /var/lib/sphinx, but in phpmyadmin I don"t see anything "test1" But before that I need (according the tour) to do: $ sphinx-indexer --all Sphinx 2.3.2-id64-beta (???) Copyright (c) 2001-2016, Andrew Aksyonoff Copyright (c) 2008-2016, Sphinx Technologies Inc (http://sphinxsearch.com) using config file '/etc/sphinx/sphinx.conf'... indexing index 'test1'... FATAL: failed to lock /var/lib/sphinx/test1.spl: Resource temporarily unavailable, will not index. Try --rotate option. I am user sphinx that has full access to this file. So tried: $ sphinx-indexer --all --rotate Sphinx 2.3.2-id64-beta (???) Copyright (c) 2001-2016, Andrew Aksyonoff Copyright (c) 2008-2016, Sphinx Technologies Inc (http://sphinxsearch.com) using config file '/etc/sphinx/sphinx.conf'... indexing index 'test1'... collected 4 docs, 0.0 MB sorted 0.0 Mhits, 100.0% done total 4 docs, 193 bytes total 0.390 sec, 494 bytes/sec, 10.23 docs/sec skipping non-plain index 'testrt'... total 4 reads, 0.000 sec, 8.1 kb/call avg, 0.0 msec/call avg total 12 writes, 0.000 sec, 0.1 kb/call avg, 0.0 msec/call avg rotating indices: successfully sent SIGHUP to searchd (pid=2661). But that does not change a thing to the failure on the INSERT statement above.
Just looking quickly at that I suspect that the index is not called rt but test1. In #7 and #9 I see "indexing index 'test1'..." So maybe: MySQL [test]> INSERT INTO test1 VALUES (1, 'this is', 'a sample text', 11); BTW I only know only a very little about mysql that I have needed for zoneminder testing and writing a few scripts that include it. My dealings with mysqladmin have always caused more problems than they have solved so I stay away from it. It's just as easy from the command line with a little reading of the mysql manual. Be sure to use the correct version of the manual for our installed version though ;)
Tx Barry, you sort of got me on track. Look at the select statement in Comment 9, the result des not fit with the type of data in the insert statement. But then I wanted to know what is in that database: MySQL [test]> SHOW TABLES; +--------+-------+ | Index | Type | +--------+-------+ | test1 | local | | testrt | rt | +--------+-------+ so I did then: MySQL [test]> INSERT INTO testrt VALUES (1, 'this is', 'a sample text', 11); Query OK, 1 row affected (0.000 sec) MySQL [test]> INSERT INTO testrt VALUES (2, 'some more', 'text here', 22); Query OK, 1 row affected (0.001 sec) and then all further statements in the sphinx tour made sense: I copy here the first few of the lot, but be asured, I ran them all, and they all produce a result I can believe. MySQL [test]> SELECT gid/11 FROM testrt WHERE MATCH('text') GROUP BY gid; +----------+ | gid/11 | +----------+ | 1.000000 | | 2.000000 | +----------+ 2 rows in set (0.025 sec) MySQL [test]> SELECT * FROM testrt ORDER BY gid DESC; +------+------+ | id | gid | +------+------+ | 2 | 22 | | 1 | 11 | +------+------+ 2 rows in set (0.001 sec) MySQL [test]> SELECT *, WEIGHT() FROM test1 WHERE MATCH('"document one"/1');SHOW META; +------+----------+------------+----------+ | id | group_id | date_added | weight() | +------+----------+------------+----------+ | 1 | 1 | 1581425075 | 2663 | | 2 | 1 | 1581425075 | 1528 | +------+----------+------------+----------+ 2 rows in set (0.023 sec) +---------------+----------+ | Variable_name | Value | +---------------+----------+ | total | 2 | | total_found | 2 | | time | 0.022 | | keyword[0] | document | | docs[0] | 2 | | hits[0] | 2 | | keyword[1] | one | | docs[1] | 1 | | hits[1] | 2 | +---------------+----------+ 9 rows in set (0.000 sec) etc.... OK'ing
Whiteboard: (none) => MGA7-64-OK
Good job, Gentlemen! Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0087.html
Status: NEW => RESOLVEDResolution: (none) => FIXED