MariaDB Q1 2025 release prep
Prep work for the Q1 2025 MariaDB releases has begun. Expected release date is Tue, 04 Feb 2025. Draft release notes and changelogs: MariaDB 11.4.5 - https://mariadb.com/kb/en/mdb-11-4-5-rn/ - https://mariadb.com/kb/en/mdb-11-4-5-cl/ MariaDB 10.11.11 - https://mariadb.com/kb/en/mdb-10-11-11-rn/ - https://mariadb.com/kb/en/mdb-10-11-11-cl/ MariaDB 10.6.21 - https://mariadb.com/kb/en/mdb-10-6-21-rn/ - https://mariadb.com/kb/en/mdb-10-6-21-cl/ MariaDB 10.5.28 - https://mariadb.com/kb/en/mdb-10-5-28-rn/ - https://mariadb.com/kb/en/mdb-10-5-28-cl/ As usual, the release notes and changelog are still in draft form at this time and will be updated prior to release. Thanks. -- Daniel Bartholomew, MariaDB Documentation & Release Manager MariaDB | https://mariadb.com
Hi! As packaging occasionally requires some decisions of what to include or exclude, I wanted to share to other packagers here what we ended up doing for the official Debian and Ubuntu repositoriesÖ The next uploads in line are ready for review at: https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/102 Prepare MariaDB Server 1:11.4.5-1 minor maintenance release for Debian unstable https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/98 Prepare MariaDB Server 1:10.11.11-0+deb12u1 minor maintenance release for Debian stable (Bookworm) https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/106 Prepare upload to MariaDB 10.11.9 to Ubuntu 24.04 "Noble" https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/96 Prepare upload to MariaDB 10.6.19 to Ubuntu 22.04 "Jammy" https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/20 New upstream version MariaDB 10.5.28 for Debian 11 "Bullseye" So far we haven't encountered any regressions, so all good! - Otto
SECURITY IMPORTANCE - recommend reading for systemd packaging tldr: https://jira.mariadb.org/browse/MDEV-36229 Thanks for sharing Otto, Note the IPC Lock commit https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/172c7d3fa579e5... was something I reverted on https://github.com/MariaDB/server/pull/3157 after an obscure case of using env OPENSSL_CONF to control settings was incompatible with any setcap cap_ipc_lock+ep on the mariadbd executable. With https://jira.mariadb.org/browse/MDEV-36229 that came in a a few hours ago, I think that CAP_DAC_OVERRIDE CAP_AUDIT_WRITE moving with CAP_IPC_LOCK to AmbientCapabilities was probably a mistake. In the systemd service files the following probably a much safer option. This is the one I'm considering. CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_AUDIT_WRITE AmbientCapabilities=CAP_IPC_LOCK If packagers truly want a safe option probably: CapabilityBoundingSet=CAP_IPC_LOCK CAP_DAC_OVERRIDE CAP_AUDIT_WRITE This is better though that means users have a choice of env OPENSSL_CONFIG or --memlock depending on if they use secap themself on the executable. Noting I haven't looked strongly at how the Debian PAM needs DAC/AUDIT_WRITE beyond the systemd service file comments. Short of arguing with OpenSSL devs about AT_SECURITY (oh wait, I did - https://github.com/openssl/openssl/issues/21770) I couldn't see an easy packaging resolution. Thanks for your attention to packaging MariaDB. On Thu, 6 Mar 2025 at 02:30, Otto Kekäläinen via packagers < packagers@lists.mariadb.org> wrote:
Hi!
As packaging occasionally requires some decisions of what to include or exclude, I wanted to share to other packagers here what we ended up doing for the official Debian and Ubuntu repositoriesÖ
The next uploads in line are ready for review at:
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/102 Prepare MariaDB Server 1:11.4.5-1 minor maintenance release for Debian
unstable
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/98 Prepare MariaDB Server 1:10.11.11-0+deb12u1 minor maintenance release for Debian stable (Bookworm)
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/106 Prepare upload to MariaDB 10.11.9 to Ubuntu 24.04 "Noble"
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/96 Prepare upload to MariaDB 10.6.19 to Ubuntu 22.04 "Jammy"
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/20 New upstream version MariaDB 10.5.28 for Debian 11 "Bullseye"
So far we haven't encountered any regressions, so all good!
- Otto _______________________________________________ packagers mailing list -- packagers@lists.mariadb.org To unsubscribe send an email to packagers-leave@lists.mariadb.org
Thanks for the info! Please take your time to research the optimal solution and different people review it. I am keeping an eye on the MDEV and PR you posted and will probably backport it into Debian/Ubuntu before the next release.
participants (3)
-
Daniel Bartholomew -
Daniel Black -
Otto Kekäläinen