From 2fbd23ab9ee1412063c3a0ede9dc4638bb9aa900 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet <thomas.gerbet@enalean.com> Date: Thu, 28 Nov 2024 12:26:33 +0100 Subject: [PATCH 1/3] percona-server: 8.4.0-1 -> 8.4.2-2 Changes: https://docs.percona.com/percona-server/8.4/release-notes/8.4.2-2.html https://docs.percona.com/percona-server/8.4/release-notes/8.4.1.html Fixes * CVE-2024-21171 * CVE-2024-21177 * CVE-2024-21163 * CVE-2024-21176 * CVE-2024-20996 * CVE-2024-21157 * CVE-2024-21179 * CVE-2024-21127 * CVE-2024-21129 * CVE-2024-21125 * CVE-2024-21130 * CVE-2024-21162 * CVE-2024-21142 * CVE-2024-21134 --- pkgs/servers/sql/percona-server/8_4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/percona-server/8_4.nix b/pkgs/servers/sql/percona-server/8_4.nix index 01bac0fdef56..9b8621e40900 100644 --- a/pkgs/servers/sql/percona-server/8_4.nix +++ b/pkgs/servers/sql/percona-server/8_4.nix @@ -50,11 +50,11 @@ assert !(withJemalloc && withTcmalloc); stdenv.mkDerivation (finalAttrs: { pname = "percona-server"; - version = "8.4.0-1"; + version = "8.4.2-2"; src = fetchurl { url = "https://downloads.percona.com/downloads/Percona-Server-${lib.versions.majorMinor finalAttrs.version}/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz"; - hash = "sha256-76PXXqTNBVsD7RX2vhp7RyESiFpJL0h0zG9ucNfy3uQ="; + hash = "sha256-KdaF2+vZfWf6fW8HWi+c97SHW+WqmlcpdPzUUgX94EY="; }; nativeBuildInputs = [ From 954f9b947ae2d0e0cd276266124910eb37fa13fe Mon Sep 17 00:00:00 2001 From: Thomas Gerbet <thomas.gerbet@enalean.com> Date: Thu, 28 Nov 2024 12:31:21 +0100 Subject: [PATCH 2/3] percona-server_8_0: 8.0.37-29 -> 8.0.39-30 Changes: https://docs.percona.com/percona-server/8.0/release-notes/8.0.39-30.html https://docs.percona.com/percona-server/8.0/release-notes/8.0.38.html Fixes: * CVE-2024-21171 * CVE-2024-21177 * CVE-2024-21163 * CVE-2024-21173 * CVE-2024-21179 * CVE-2024-21127 * CVE-2024-21129 * CVE-2024-21125 * CVE-2024-21130 * CVE-2024-21162 * CVE-2024-21165 * CVE-2024-21142 * CVE-2024-21134 --- pkgs/servers/sql/percona-server/8_0.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/percona-server/8_0.nix b/pkgs/servers/sql/percona-server/8_0.nix index e48afe07af86..3c9e97d5eea0 100644 --- a/pkgs/servers/sql/percona-server/8_0.nix +++ b/pkgs/servers/sql/percona-server/8_0.nix @@ -42,11 +42,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "percona-server"; - version = "8.0.37-29"; + version = "8.0.39-30"; src = fetchurl { url = "https://www.percona.com/downloads/Percona-Server-8.0/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz"; - hash = "sha256-zZgq3AxCRYdte3dTUJiuMvVGdl9U01s8jxcAqDxZiNM="; + hash = "sha256-Ag+9tzmWpdF5vxWOFUsn65oJXIkb0HmoMbif7HcSoP8="; }; nativeBuildInputs = [ From c055f6bc0a7ee3b315cc19ae4f20ed32b99bda2a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch <maximilian@mbosch.me> Date: Fri, 29 Nov 2024 21:38:28 +0100 Subject: [PATCH 3/3] nixos/mysql: fix evaluation of percona test Commit e14483d6a67399485876ab51c9726dbd2eb0836a fixed a bug in the `ini` type with `listsAsDuplicatedKeys = true;`: multiple list declarations weren't merged, but latter declarations shadowed the former without any error. The fix brought another issue to surface however: before, the `plugin-load-add` declaration in the MySQL test shadowed the `auth_socket.so` setting in the module. But now the attempt to merge a list and a single declaration breaks because of `types.either` seeing a mix of declarations from the left AND right type. Turning the `plugin-load-add` in the module into a list triggers the correct merging behavior and thus fixes the evaluation error (and merging behavior of `plugin-load-add`)! This wasn't an issue for mysql itself (empty `plugin-load-add` in the test) and neither for mariadb (the `auth_socket.so` isn't added for this). --- nixos/modules/services/databases/mysql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 40844b26d0da..412fe4836cd3 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -314,7 +314,7 @@ in binlog-ignore-db = [ "information_schema" "performance_schema" "mysql" ]; }) (lib.mkIf (!isMariaDB) { - plugin-load-add = "auth_socket.so"; + plugin-load-add = [ "auth_socket.so" ]; }) ];