From 2fbd23ab9ee1412063c3a0ede9dc4638bb9aa900 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas.gerbet@enalean.com>
Date: Thu, 28 Nov 2024 12:26:33 +0100
Subject: [PATCH 1/3] percona-server: 8.4.0-1 -> 8.4.2-2

Changes:
https://docs.percona.com/percona-server/8.4/release-notes/8.4.2-2.html
https://docs.percona.com/percona-server/8.4/release-notes/8.4.1.html

Fixes
* CVE-2024-21171
* CVE-2024-21177
* CVE-2024-21163
* CVE-2024-21176
* CVE-2024-20996
* CVE-2024-21157
* CVE-2024-21179
* CVE-2024-21127
* CVE-2024-21129
* CVE-2024-21125
* CVE-2024-21130
* CVE-2024-21162
* CVE-2024-21142
* CVE-2024-21134
---
 pkgs/servers/sql/percona-server/8_4.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/sql/percona-server/8_4.nix b/pkgs/servers/sql/percona-server/8_4.nix
index 01bac0fdef56..9b8621e40900 100644
--- a/pkgs/servers/sql/percona-server/8_4.nix
+++ b/pkgs/servers/sql/percona-server/8_4.nix
@@ -50,11 +50,11 @@ assert !(withJemalloc && withTcmalloc);
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "percona-server";
-  version = "8.4.0-1";
+  version = "8.4.2-2";
 
   src = fetchurl {
     url = "https://downloads.percona.com/downloads/Percona-Server-${lib.versions.majorMinor finalAttrs.version}/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz";
-    hash = "sha256-76PXXqTNBVsD7RX2vhp7RyESiFpJL0h0zG9ucNfy3uQ=";
+    hash = "sha256-KdaF2+vZfWf6fW8HWi+c97SHW+WqmlcpdPzUUgX94EY=";
   };
 
   nativeBuildInputs = [

From 954f9b947ae2d0e0cd276266124910eb37fa13fe Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas.gerbet@enalean.com>
Date: Thu, 28 Nov 2024 12:31:21 +0100
Subject: [PATCH 2/3] percona-server_8_0: 8.0.37-29 -> 8.0.39-30

Changes:
https://docs.percona.com/percona-server/8.0/release-notes/8.0.39-30.html
https://docs.percona.com/percona-server/8.0/release-notes/8.0.38.html

Fixes:
* CVE-2024-21171
* CVE-2024-21177
* CVE-2024-21163
* CVE-2024-21173
* CVE-2024-21179
* CVE-2024-21127
* CVE-2024-21129
* CVE-2024-21125
* CVE-2024-21130
* CVE-2024-21162
* CVE-2024-21165
* CVE-2024-21142
* CVE-2024-21134
---
 pkgs/servers/sql/percona-server/8_0.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/sql/percona-server/8_0.nix b/pkgs/servers/sql/percona-server/8_0.nix
index e48afe07af86..3c9e97d5eea0 100644
--- a/pkgs/servers/sql/percona-server/8_0.nix
+++ b/pkgs/servers/sql/percona-server/8_0.nix
@@ -42,11 +42,11 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "percona-server";
-  version = "8.0.37-29";
+  version = "8.0.39-30";
 
   src = fetchurl {
     url = "https://www.percona.com/downloads/Percona-Server-8.0/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz";
-    hash = "sha256-zZgq3AxCRYdte3dTUJiuMvVGdl9U01s8jxcAqDxZiNM=";
+    hash = "sha256-Ag+9tzmWpdF5vxWOFUsn65oJXIkb0HmoMbif7HcSoP8=";
   };
 
   nativeBuildInputs = [

From c055f6bc0a7ee3b315cc19ae4f20ed32b99bda2a Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Fri, 29 Nov 2024 21:38:28 +0100
Subject: [PATCH 3/3] nixos/mysql: fix evaluation of percona test

Commit e14483d6a67399485876ab51c9726dbd2eb0836a fixed a bug in the `ini`
type with `listsAsDuplicatedKeys = true;`: multiple list declarations
weren't merged, but latter declarations shadowed the former without any
error.

The fix brought another issue to surface however: before, the
`plugin-load-add` declaration in the MySQL test shadowed the
`auth_socket.so` setting in the module. But now the attempt
to merge a list and a single declaration breaks because of
`types.either` seeing a mix of declarations from the left
AND right type.

Turning the `plugin-load-add` in the module into a list triggers the
correct merging behavior and thus fixes the evaluation error (and
merging behavior of `plugin-load-add`)!

This wasn't an issue for mysql itself (empty `plugin-load-add` in the
test) and neither for mariadb (the `auth_socket.so` isn't added for
this).
---
 nixos/modules/services/databases/mysql.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix
index 40844b26d0da..412fe4836cd3 100644
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@@ -314,7 +314,7 @@ in
         binlog-ignore-db = [ "information_schema" "performance_schema" "mysql" ];
       })
       (lib.mkIf (!isMariaDB) {
-        plugin-load-add = "auth_socket.so";
+        plugin-load-add = [ "auth_socket.so" ];
       })
     ];