mysql: use system libs when possible

This fixes second level CVEs of lz4 - CVE-2019-17543, CVE-2021-3520

Change-Id: Ib5f62764345f3f1b98bb803bda748240d8908732
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/21297

SPECS/lz4/lz4.spec

@@ -3,21 +3,25 @@ Name:           lz4
 Version:        1.9.4
 Release:        1%{?dist}
 License:        BSD 2-Clause and GPLv2
-URL:            http://lz4.github.io/lz4/
+URL:            http://lz4.github.io/lz4
 Group:          Applications
 Vendor:         VMware, Inc.
 Distribution:   Photon
 
-Source0:        https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
-%define sha512    %{name}=043a9acb2417624019d73db140d83b80f1d7c43a6fd5be839193d68df8fd0b3f610d7ed4d628c2a9184f7cde9a0fd1ba9d075d8251298e3eb4b3a77f52736684
+Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
+%define sha512 %{name}=043a9acb2417624019d73db140d83b80f1d7c43a6fd5be839193d68df8fd0b3f610d7ed4d628c2a9184f7cde9a0fd1ba9d075d8251298e3eb4b3a77f52736684
 
 %description
-LZ4 is lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU.
-It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems.
+LZ4 is lossless compression algorithm, providing compression speed
+at 400 MB/s per core, scalable with multi-cores CPU.
+
+It features an extremely fast decoder, with speed in multiple GB/s
+per core, typically reaching RAM speed limits on multi-core systems.
 
 %package devel
 Summary:    Libraries and header files for lz4
 Requires:   %{name} = %{version}-%{release}
+
 %description devel
 Static libraries and header files for the support library for lz4.
 
@@ -25,11 +29,13 @@ Static libraries and header files for the support library for lz4.
 %autosetup -p1
 
 %build
-make %{?_smp_mflags} all
+%make_build
 
 %install
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-make install DESTDIR=%{buildroot} LIBDIR=%{_libdir} PREFIX=%{_prefix} %{?_smp_mflags}
+%make_install PREFIX="%{_usr}" %{?_smp_mflags}
+
+%clean
+rm -rf %{buildroot}
 
 %ldconfig_scriptlets
 

SPECS/mysql/mysql.spec

@@ -1,7 +1,7 @@
 Summary:        MySQL.
 Name:           mysql
 Version:        8.0.33
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Group:          Applications/Databases
 Vendor:         VMware, Inc.
@@ -11,22 +11,34 @@ Url:            http://www.mysql.com
 Source0: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz
 %define sha512 %{name}-boost=47f76819004c7c545d1b0b6b6646d8816899976f92d35c5564b1255b144b597ff7d3e674c721a45bcbb13cc0da3f4474fb29221c0e21d2ff91a1892cd42c636c
 
-BuildRequires:  cmake
-BuildRequires:  openssl-devel
-BuildRequires:  zlib-devel
-BuildRequires:  libtirpc-devel
-BuildRequires:  rpcsvc-proto-devel
-BuildRequires:  protobuf-devel
-BuildRequires:  libevent-devel
+BuildRequires: cmake
+BuildRequires: rpcsvc-proto-devel
+BuildRequires: icu-devel
+BuildRequires: libedit-devel
+BuildRequires: libevent-devel
+BuildRequires: curl-devel
+BuildRequires: zstd-devel
+BuildRequires: lz4-devel
+BuildRequires: protobuf-devel
+BuildRequires: openssl-devel
+BuildRequires: libtirpc-devel
+BuildRequires: ncurses-devel
+BuildRequires: libnuma-devel
+BuildRequires: libfido2-devel
 
-Requires:       protobuf
-Requires:       libtirpc
-Requires:       libevent
-Requires:       zlib
-Requires:       openssl
-Requires:       ncurses-libs
-Requires:       perl
-Requires:       %{name}-icu-data-files = %{version}-%{release}
+Requires: icu
+Requires: libedit
+Requires: libevent
+Requires: curl-libs
+Requires: zstd-libs
+Requires: lz4
+Requires: protobuf
+Requires: openssl
+Requires: libtirpc
+Requires: perl
+Requires: ncurses-libs
+Requires: libnuma
+Requires: libfido2
 
 %description
 MySQL is a free, widely used SQL engine.
@@ -50,21 +62,20 @@ This package contains ICU data files needed by MySQL regular expressions.
 
 %build
 %{cmake} \
-   -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-   -DWITH_BOOST=boost \
-   -DINSTALL_MANDIR=share/man \
-   -DINSTALL_DOCDIR=share/doc \
-   -DINSTALL_DOCREADMEDIR=share/doc \
-   -DINSTALL_SUPPORTFILESDIR=share/support-files \
-   -DCMAKE_BUILD_TYPE=RELEASE \
-   -DCMAKE_C_FLAGS=-fPIC \
-   -DCMAKE_CXX_FLAGS=-fPIC \
-   -DWITH_EMBEDDED_SERVER=OFF \
-   -DFORCE_INSOURCE_BUILD=1 \
-   -DWITH_PROTOBUF=system \
-   -DWITH_ROUTER=OFF \
-   -DWITH_UNIT_TESTS=OFF \
-   -DWITH_LIBEVENT=system
+  -DCMAKE_INSTALL_PREFIX=%{_usr} \
+  -DWITH_BOOST=boost \
+  -DINSTALL_MANDIR=%{_mandir} \
+  -DINSTALL_DOCDIR=%{_docdir} \
+  -DINSTALL_DOCREADMEDIR=%{_docdir} \
+  -DINSTALL_SUPPORTFILESDIR=share/support-files \
+  -DCMAKE_BUILD_TYPE=RELEASE \
+  -DCMAKE_C_FLAGS=-fPIC \
+  -DCMAKE_CXX_FLAGS=-fPIC \
+  -DWITH_EMBEDDED_SERVER=OFF \
+  -DFORCE_INSOURCE_BUILD=1 \
+  -DWITH_UNIT_TESTS=OFF \
+  -DWITH_ROUTER=OFF \
+  -DWITH_SYSTEM_LIBS=ON
 
 %{cmake_build}
 
@@ -96,7 +107,6 @@ rm -rf %{buildroot}/*
 %{_mandir}/man8/*
 %{_datadir}/support-files/*
 %exclude %{_usr}/mysql-test
-%exclude %{_usr}/docs
 %exclude %{_datadir}
 
 %files devel
@@ -108,9 +118,10 @@ rm -rf %{buildroot}/*
 
 %files icu-data-files
 %defattr(-,root,root)
-%{_libdir}/private/icudt69l
 
 %changelog
+* Mon Jul 17 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.0.33-4
+- Use system libs
 * Sat Jun 17 2023 Shreenidhi Shedi <sshedi@vmware.com> 8.0.33-3
 - Bump version as a part of protobuf upgrade
 * Fri Jun 09 2023 Nitesh Kumar <kunitesh@vmware.com> 8.0.33-2

SPECS/zlib/zlib.spec

@@ -36,7 +36,10 @@ if [ %{_host} != %{_build} ]; then
   export STRIP=%{_host}-strip
 fi
 
-sh ./configure --prefix=%{_prefix} --shared
+sh ./configure \
+    --prefix=%{_prefix} \
+    --shared
+
 %make_build
 
 %install
@@ -47,7 +50,7 @@ sh ./configure --prefix=%{_prefix} --shared
 make %{?_smp_mflags} check
 %endif
 
-%post   -p /sbin/ldconfig
+%post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
 %files