[HIGH] Upgrade mariadb to 10.11.15 for CVE-2025-13699 (microsoft#15417)

BinduSri-6522866 · Kanishk Bansal · jslobodzian · web-flow · commit 40455ab1afa6 · 2025-12-30T14:31:03.000-05:00
Co-authored-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: jslobodzian &lt;joslobo@microsoft.com&gt;
diff --git a/SPECS/mariadb/CVE-2023-52971.patch b/SPECS/mariadb/CVE-2023-52971.patch
diff --git a/SPECS/mariadb/mariadb.signatures.json b/SPECS/mariadb/mariadb.signatures.json
@@ -4,7 +4,7 @@
   "README.mariadb-docs": "c3c6584dbdc35445014ac48023da59cafc5abc6996859cebb4e357c2f380990f",
   "README.wsrep_sst_rsync_tunnel": "f121b2f6e804a8aaf01e0c835e62b64a0d0bf6cd922cc1a21897f196f8b0714f",
   "clustercheck.sh": "4be47a46f99b714bc3681fdf11b09d242dae5e3eb81274b3040a73f9d7800d50",
-  "mariadb-10.11.11.tar.gz": "14cc0d9d9a7a330231d9ed91ac28f29b502d2f1e7021d81c940280db52bac812",
+  "mariadb-10.11.15.tar.gz": "6190529d9d047163259967a92095b505df15b39195ea55cdf856314eef4546f5",
   "mariadb-check-socket.sh": "6d04410549275140f07b89a1dcef99f31cd47751ef9142d14e7898e7cbcff023",
   "mariadb-check-upgrade.sh": "e49c23e79155d416f7bad292d073213c0beafed99c172a06d909ec3e24ee6e75",
   "mariadb-prepare-db-dir.sh": "ff8d2e719f6db158eda0acb58a9d84b43c959baf0d2a8f4d9ce7a62f13af36d0",
@@ -21,4 +21,4 @@
   "rh-skipped-tests-s390.list": "5e826f9f3cc920c0fe67434fd32b25a205d6a8530552e998edb376c4661b59f3",
   "wsrep_sst_rsync_tunnel": "5194ed1971d0afe8d2836c1d143263f6891311c9ac0fae536b866f2a885d056e"
  }
-}
+}
diff --git a/SPECS/mariadb/mariadb.spec b/SPECS/mariadb/mariadb.spec
@@ -1,9 +1,8 @@
 # Plain package name for cases, where %%{name} differs (e.g. for versioned packages)
 %global majorname mariadb
-%define package_version 10.11.11
+%define package_version 10.11.15
 %define majorversion %(echo %{package_version} | cut -d'.' -f1-2 )
 
-
 %define _vpath_builddir .
 
 # Set if this package will be the default one in distribution
@@ -201,7 +200,6 @@ Patch12:          rocksdb-6.8-gcc13.patch
 Patch13:          %{majorname}-libfmt.patch
 #   Patch14: make MTR port calculation reasonably predictable
 Patch14:          %{majorname}-mtr.patch
-Patch15:          CVE-2023-52971.patch
 
 %global pkgname %{majorname}
  
@@ -823,7 +821,6 @@ rm -r storage/rocksdb/
 %endif
  
 %patch -P14 -p1
-%patch -P15 -p1
 
 # generate a list of tests that fail, but are not disabled by upstream
 cat %{SOURCE50} | tee -a mysql-test/unstable-tests
@@ -1772,6 +1769,9 @@ fi
 %endif
  
 %changelog
+* Mon Dec 29 2025 BinduSri Adabala <v-badabala@microsoft.com> - 10.11.15-1
+- Upgrade to 10.11.15 for CVE-2025-13699
+
 * Fri Apr 04 2025 Mayank Singh <mayansingh@microsoft.com> - 10.11.11-1
 - Initial Azure Linux import from Fedora 42 (license: MIT).
 - License verified
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -12961,8 +12961,8 @@
         "type": "other",
         "other": {
           "name": "mariadb",
-          "version": "10.11.11",
-          "downloadUrl": "https://downloads.mariadb.org/interstitial/mariadb-10.11.11/source/mariadb-10.11.11.tar.gz"
+          "version": "10.11.15",
+          "downloadUrl": "https://downloads.mariadb.org/interstitial/mariadb-10.11.15/source/mariadb-10.11.15.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -12961,8 +12961,8 @@`
`12961`	`12961`	`"type": "other",`
`12962`	`12962`	`"other": {`
`12963`	`12963`	`"name": "mariadb",`
`12964`		`- "version": "10.11.11",`
`12965`		`- "downloadUrl": "https://downloads.mariadb.org/interstitial/mariadb-10.11.11/source/mariadb-10.11.11.tar.gz"`
	`12964`	`+ "version": "10.11.15",`
	`12965`	`+ "downloadUrl": "https://downloads.mariadb.org/interstitial/mariadb-10.11.15/source/mariadb-10.11.15.tar.gz"`
`12966`	`12966`	`}`
`12967`	`12967`	`}`
`12968`	`12968`	`},`