Debian Patches

Status for sphinxsearch/2.2.11-8~bpo11+1

Patch Description Author Forwarded Bugs Origin Last update
configure.diff configure
===================================================================
Debian QA Group <packages@qa.debian.org> no 2021-12-03
01_Makefile_am.patch Change the locations built by install-data-hook to match debian install.

===================================================================
Debian QA Group <packages@qa.debian.org> no 2021-12-03
02_sphinx.conf.patch Changed default locations to match debian locations.
===================================================================
Debian QA Group <packages@qa.debian.org> no 2021-12-03
add-multiarch-libdir.patch add-multiarch-libdir Debian QA Group <packages@qa.debian.org> no 2021-12-03
fix-2540.patch [PATCH] fixed #2504 daemon crash on snippet generation for empty documents with html_strip enabled Stanislav Klinov <tomat@sphinxsearch.com> no 2016-09-06
06-CVE-2020-29050.patch [PATCH] Fix random file reading by scattered snippets
Issue was that load_files_scattered option just concatenated prefix with
given name and then opened the file. So, if you provide something like
'/etc/password' as file, or '../../../etc/passwd' even with non-zero
prefix, it will unfortunately work. After this commit such behavior
possible ONLY if user explicitly set `snippets_file_prefix` to empty
string or '/'; another cases will not cause uncontroled reading.
That fixes #866.

[basilgello: Back-port to 2.2.11:
- Refactor sphNormalizePath to use only available classes.
- Do not use 'g_sSnippetsFilePrefix' in src/sphinxexcerpt.h,
use 'tOptions.m_sFilePrefix' instead, as for 2.2.11, all
two instances are assigned to 'g_sSnippetsFilePrefix'.
- Adjust context. ]

The following test passes, adapted from commit
66b5761ad258c60b1866a8e1333f86e74f48035 at
https://github.com/manticoresoftware/manticoresearch :

====
/*
cd test &&
g++ -o test test.cpp -I../src -I../config -I/usr/include/postgresql \
-I/usr/include/mariadb -DHAVE_CONFIG_H -L../src -lsphinx -pthread \
-lm -ldl -lstemmer -lmariadb -lpq -lexpat -lz
*/

void ASSERT_STREQ(const char *src, const char *dst)
{
auto normalized = sphNormalizePath(src);
if (!strcmp(dst, normalized.scstr())) {
auto _src = src;
auto _dst = dst;

if (src == nullptr) _src = "nullptr";
if (dst == nullptr) _dst = "nullptr";

std::cout << "OK : '" << _src << "' = '" << _dst <<
"'" << std::endl;
} else {
auto _src = src;
auto _dst = dst;

if (src == nullptr) _src = "nullptr";
if (dst == nullptr) _dst = "nullptr";

std::cout << "FAIL: '" << _src << "' != '" << _dst << "' ( = '" <<
normalized.scstr() << "')" << std::endl;
}
}

int main()
{
ASSERT_STREQ ( "/", "/" );
ASSERT_STREQ ( "/..//bbb", "/bbb" );
ASSERT_STREQ ( "/quite/long/path/../../../etc/passwd", "/etc/passwd" );
ASSERT_STREQ ( "/aaa/bbb/ccc/ddd/../../../../../../../", "/" );

ASSERT_STREQ ( "", "" );
ASSERT_STREQ ( nullptr, "" );
ASSERT_STREQ ( "aaa/", "aaa" );
ASSERT_STREQ ( "aaa/.", "aaa" );
ASSERT_STREQ ( "aaa/././././////././", "aaa" );
ASSERT_STREQ ( "aaa/////", "aaa" );
ASSERT_STREQ ( "aaa/bbb/ccc", "aaa/bbb/ccc" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/..", "aaa/bbb/ccc" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/../../..", "aaa" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/../../../xxx", "aaa/xxx" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/../../../..", "" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/../../../../", "" );
ASSERT_STREQ ( "aaa/bbb/ccc/ddd/../../../../../../../", "../../.." );
ASSERT_STREQ ( "..//bbb", "../bbb" );
return 0;
}
====

Fixes CVE-2020-29050.
klirichek <alexey@manticoresearch.com> no 2019-07-02
support-mysql8-clients.patch Support MySQL 8 clients

The handshsake implementation of version 2.2.11 does not support MySQL 8
clients, not allowing them to connect to searchd using the MySQL protocol.
It was fixed in version 3.3.1 according to the release notes:
http://sphinxsearch.com/docs/sphinx3.html#version-3.1.1-17-oct-2018 .

This patch was cherry-picked from manticoresearch project which is a
sphinxsearch fork with the same handshake implementation.
"Aleksey N. Vinogradov" <a.n.vinogradov@gmail.com> no other, https://github.com/manticoresoftware/manticoresearch/commit/ed98fdd7230c1d7298e1000fd10812338c6ba698 2019-12-06
config-default-to-localhost.patch Fixes #1011 default listens bind to localhost in sample configs
CVE-2019-14511
Adrian Nuta <adriannuta@gmail.com> no debian 2019-08-21
install-paths.patch Update the sample/minimal conf files to match installation paths Andrej Shadura <andrew.shadura@collabora.co.uk> no 2021-12-03
re2-drop-set_utf8.patch use RE2::Options.set_encoding() instead of set_utf8() Vitaly Lipatov <lav@altlinux.ru> no 2021-04-24
cross.patch Use pkg-config instead of mysql_config
sphinxsearch fails to cross build from source, because it fails
detecting mysql using mysql_config. During cross compilation,
mysql_config does not work at all. For that reason, it should not be
used at all. The attached patch looks up mysql using pkg-config, which
presently is the standard tools for discovering compiler and linker
flags. It makes sphinxsearch cross buildable. Please be aware:
* In order to use PKG_CHECK_MODULES, it must not occur in a shell
if/else branch. Such branches must be expressed using AS_IF to make
the use of AC_REQUIRE work.
* mariadb presently lacks a dependency on libssl-dev, but it emits
-lssl as linker flag, see #917135.
* In order to use the patch, you need to add pkg-config to
Build-Depends.

I tried writing the patch in a way that is upstreamable as it is useful
to other distributions (e.g. yocto).
Helmut Grohne <helmut@subdivi.de> no debian 2018-12-23
use-pkgconfig-for-libre2.patch Use pkg-config to detect libre2 Andrej Shadura <andrew.shadura@collabora.co.uk> no 2021-12-03
fix-pthread-hurd.patch Don’t call pthread_attr_setstacksize if PTHREAD_STACK_MIN is not defined
Fixed build on Hurd

See https://www.gnu.org/software/hurd/open_issues/libgomp_pthread_attr_setstacksize_pthread_stack_min.html

<azeem> neal: libgomp (GNU's implementation of OpenMP) uses PTHREAD_STACK_MIN, which we do not define apparently
<neal> azeem: We have fixed sized stacks.
<neal> so the pthread_attr_setstacksize will fail once you define PTHREAD_STACK_MIN)
Andrej Shadura <andrew.shadura@collabora.co.uk> no 2021-12-03

All known versions for source package 'sphinxsearch'

Links