[SRU] MariaDB new release 10.3.30

Bug #1936727 reported by Otto Kekäläinen
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-10.3 (Ubuntu)
Fix Released

Bug Description

We currently have MariaDB 1:10.3.29-0ubuntu0.20.10.1 in Groovy and 1:10.3.29-0ubuntu0.20.04.1 in Focal, uploaded as security updates.

Package history: https://launchpad.net/ubuntu/+source/mariadb-10.3

Unfortunately there was a bug compromising the results of some type of queries (subqueries with group by). This is fixed in MariaDB 10.3.30 and I proposed it to be uploaded as a stable release update in Ubuntu.

Upstream bug fixed: https://jira.mariadb.org/browse/MDEV-25714
Debian bug about same issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990306

Ubuntu users have not reported the urgent need for this SRU, but some of them are surely affected.

Otto Kekäläinen (otto)
affects: virtualbox (Ubuntu) → mariadb-10.3 (Ubuntu)
Revision history for this message
Otto Kekäläinen (otto) wrote :

I have (as the Debian maintainer) produced updates for all maintained Ubuntu versions for MariaDB:
- mariadb-10.3 in Focal
- mariadb-10.3 in Groovy

Security sponsors have this doc: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

The person doing the SRU can follow the same steps.

The 10.3 series update for 20.04 and 20.10 are now available.

Please use git-buildpackage to fetch and build from the ubuntu-20.04 branch at https://salsa.debian.org/mariadb-team/mariadb-10.3/tree/ubuntu-20.04 and ubuntu-20.10 branch at https://salsa.debian.org/mariadb-team/mariadb-10.3/tree/ubuntu-20.10

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at
https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.3/+builds?build_text=&build_state=all (Only Focal, the PPA ran out of disk space for Groovy builds to run)

Debdiffs can be created directly from the repo like in a local clone with 'git diff <tag1>..<tag2> debian/'

Revision history for this message
Otto Kekäläinen (otto) wrote :
Mathew Hodson (mhodson)
no longer affects: mariadb-10.3 (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-10.3 - 1:10.3.30-0ubuntu0.20.04.1

mariadb-10.3 (1:10.3.30-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version 10.3.30 includes fixes for a critical bug that
    was compromising the results of some type of queries (subqueries with
    group by): https://jira.mariadb.org/browse/MDEV-25714 (LP: #1936727)
  * Fix Perl executable path in scripts (stop using 'env') (Closes: #991472)
    Upstream MariaDB has broken shebangs (#!/usr/bin/env perl) in several
    scripts, thus rendering them potentially loading the wrong Perl version
    and rendering the scripts unusable. Fixing the shebang recovers correct

  [ Daniel Black ]
  * Add caching_sha2_password.so (Closes: #962597) (LP: #1913676)

 -- Otto Kekäläinen <email address hidden> Sat, 17 Jul 2021 15:59:58 -0700

Changed in mariadb-10.3 (Ubuntu Focal):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.