MFH: r470246

databases/mariadb102-server: Security update to 10.2.15

Security:	57aec168-453e-11e8-8777-b499baebfeaf

Approved by:	ports-secteam (miwi)

8 files changed, 75 insertions, 71 deletions

diff --git a/databases/mariadb102-client/Makefile b/databases/mariadb102-client/Makefile
index 09c9a067e9cf..0863d0847e9d 100644
--- a/databases/mariadb102-client/Makefile
+++ b/databases/mariadb102-client/Makefile
@@ -22,7 +22,7 @@ CLIENT_ONLY=	yes
 
 post-configure:
 	${REINPLACE_CMD} -Ee 's|(#define INCLUDE.*)"$$|\1 -I${PREFIX}/include"|' \
-		-e 's|(#define LIBS.*)"\\ $$|\1 -L${PREFIX}/lib "\\|' \
+		-e 's|(#define LIBS .*)"$$|\1 -L${PREFIX}/lib"|' \
 		${WRKSRC}/libmariadb/mariadb_config/mariadb_config.c
 
 post-install:
@@ -33,7 +33,7 @@ post-install:
 		${STAGEDIR}${DATADIR}/policy \
 		${STAGEDIR}${PREFIX}/include/mysql/server
 	# Fix https://mariadb.atlassian.net/browse/MDEV-9388
-	@${REINPLACE_CMD} 's/-l-pthread/-lpthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config
+	@${REINPLACE_CMD} 's/-l-pthread/-pthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config
 
 post-install-GSSAPI_NONE:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/mysql/plugin/auth_gssapi_client.so
diff --git a/databases/mariadb102-client/files/patch-sql-common_client.c b/databases/mariadb102-client/files/patch-sql-common_client.c
deleted file mode 100644
index d222e5f37be4..000000000000
--- a/databases/mariadb102-client/files/patch-sql-common_client.c
+++ /dev/null
@@ -1,23 +0,0 @@
---- sql-common/client.c.orig	2018-01-03 14:48:29.000000000 +0100
-+++ sql-common/client.c	2018-01-24 00:45:11.194419000 +0100
-@@ -104,6 +104,10 @@
- #define CONNECT_TIMEOUT 0
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) || defined(HAVE_YASSL)
-+#define ASN1_STRING_get0_data(X) ASN1_STRING_data(X)
-+#endif
-+
- #include "client_settings.h"
- #include <ssl_compat.h>
- #include <sql_common.h>
-@@ -1822,7 +1826,8 @@
-   */
- 
- #ifdef HAVE_X509_check_host
--  ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1;
-+  ret_validation= X509_check_host(server_cert, server_hostname,
-+                                  strlen(server_hostname), 0, 0) != 1;
- #else
-   subject= X509_get_subject_name(server_cert);
-   cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
diff --git a/databases/mariadb102-server/Makefile b/databases/mariadb102-server/Makefile
index c218ca50a52f..b184d55fd52a 100644
--- a/databases/mariadb102-server/Makefile
+++ b/databases/mariadb102-server/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME?=	mariadb
-PORTVERSION=	10.2.14
+PORTVERSION=	10.2.15
 PORTREVISION?=	0
 CATEGORIES=	databases ipv6
 MASTER_SITES=	http://mirrors.supportex.net/${SITESDIR}/ \
@@ -22,10 +22,7 @@ LICENSE_NAME_PerconaFT=	PerconaFT patents license
 LICENSE_FILE_PerconaFT=	${WRKSRC}/storage/tokudb/PerconaFT/PATENTS
 LICENSE_PERMS_PerconaFT=	dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
 
-BROKEN_aarch64=		fails to link: stacktrace.c: undefined reference to 'sbrk'
-
 SUB_FILES=	pkg-message
-PKGMESSAGE=	${WRKDIR}/pkg-message
 
 SLAVEDIRS=	databases/mariadb102-client
 USES=		bison:build cmake:noninja compiler:c++11-lib cpe iconv:translit libedit ncurses shebangfix ssl
@@ -194,6 +191,14 @@ post-install:
 GSSAPI_BASE_IGNORE=	BASE_GSSAPI is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system
 .endif
 
+.include <bsd.port.options.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200057
+SUB_LIST+=	LEGACY_LIMITS="@comment " MODERN_LIMITS=""
+.else
+SUB_LIST+=	LEGACY_LIMITS="" MODERN_LIMITS="@comment "
+.endif
+
 .include <bsd.port.pre.mk>
 
 .if ${OPSYS} == DragonFly
diff --git a/databases/mariadb102-server/distinfo b/databases/mariadb102-server/distinfo
index c037e6068bc3..8138cd2192c0 100644
--- a/databases/mariadb102-server/distinfo
+++ b/databases/mariadb102-server/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1522324208
-SHA256 (mariadb-10.2.14.tar.gz) = 3443ec2d6e8af1eba49d097f6b2f6741c8d94b75abf19b8dd5753608f0703f7e
-SIZE (mariadb-10.2.14.tar.gz) = 72607526
+TIMESTAMP = 1526556031
+SHA256 (mariadb-10.2.15.tar.gz) = 33de205158fc22fd8eb4e5770cc5ffa1cb4029f9c398dfd8c554ccb3e636ba11
+SIZE (mariadb-10.2.15.tar.gz) = 73329750
diff --git a/databases/mariadb102-server/files/mysql-server.in b/databases/mariadb102-server/files/mysql-server.in
index 5f5603f2f575..d3417eebce5f 100644
--- a/databases/mariadb102-server/files/mysql-server.in
+++ b/databases/mariadb102-server/files/mysql-server.in
@@ -9,9 +9,9 @@
 # Add the following line to /etc/rc.conf to enable mysql:
 # mysql_(instance_)?enable (bool):	Set to "NO" by default.
 #			Set it to "YES" to enable MySQL.
-# mysql_(instance_)?limits (bool):	Set to "NO" by default.
-#			Set it to yes to run `limits -e -U mysql`
-#			just before mysql starts.
+%%LEGACY_LIMITS%%# mysql_(instance_)?limits (bool):	Set to "NO" by default.
+%%LEGACY_LIMITS%%#			Set it to yes to run `limits -e -U mysql`
+%%LEGACY_LIMITS%%#			just before mysql starts.
 # mysql_(instance_)?dbdir (str):	Default to "/var/db/mysql"
 #			Base database directory.
 # mysql_(instance_)?args (str):	Custom additional arguments to be passed
@@ -22,7 +22,7 @@
 #			Default to "mysql" created by the port
 # mysql_(instance_)?optfile (str): Server-specific option file.
 #			Default to "${mysql_dbdir}/my.cnf".
-# mysql_instances (str): Set to "" by default. 
+# mysql_instances (str): Set to "" by default.
 #			If defined, list of instances to enable
 
 . /etc/rc.subr
@@ -33,9 +33,9 @@ rcvar=mysql_enable
 load_rc_config $name
 
 : ${mysql_enable="NO"}
-: ${mysql_limits="NO"}
+%%LEGACY_LIMITS%%: ${mysql_limits="NO"}
 : ${mysql_user="mysql"}
-: ${mysql_limits_args="-e -U $mysql_user"}
+%%LEGACY_LIMITS%%: ${mysql_limits_args="-e -U $mysql_user"}
 : ${mysql_dbdir="/var/db/mysql"}
 : ${mysql_optfile="${mysql_dbdir}/my.cnf"}
 
@@ -51,9 +51,9 @@ if [ -n "$2" ]; then
 	"$2 "*|*" $2 "*|*" $2"|"$2")
 		eval mysql_args="\${mysql_${instance}_args:-\"${mysql_args}\"}"
 		eval mysql_dbdir="\${mysql_${instance}_dbdir:-\"/var/db/mysql_${instance}\"}"
-		eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}"
+%%LEGACY_LIMITS%%		eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}"
 		eval mysql_user="\${mysql_${instance}_user:-\"${mysql_user}\"}"
-		eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}"
+%%LEGACY_LIMITS%%		eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}"
 		eval mysql_optfile="\${mysql_${instance}_optfile:-\"${mysql_dbdir}/my.cnf\"}"
 		eval mysql_pidfile="\${mysql_${instance}_pidfile:-\"${mysql_dbdir}/`/bin/hostname`.pid\"}"
 	;;
@@ -119,11 +119,12 @@ mysql_prestart()
 	if [ ! -d "${mysql_dbdir}/mysql/." ]; then
 		mysql_create_auth_tables || return 1
 	fi
-	if checkyesno mysql_limits; then
-		eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null
-	else
-		return 0
-	fi
+%%LEGACY_LIMITS%%	if checkyesno mysql_limits; then
+%%LEGACY_LIMITS%%		eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null
+%%LEGACY_LIMITS%%	else
+%%LEGACY_LIMITS%%		return 0
+%%LEGACY_LIMITS%%	fi
+%%MODERN_LIMITS%%	return 0
 }
 
 mysql_poststart()
diff --git a/databases/mariadb102-server/files/patch-MDEV-15961 b/databases/mariadb102-server/files/patch-MDEV-15961
new file mode 100644
index 000000000000..12854f191894
--- /dev/null
+++ b/databases/mariadb102-server/files/patch-MDEV-15961
@@ -0,0 +1,47 @@
+--- mysys/stacktrace.c.orig	2018-03-26 16:41:18 UTC
++++ mysys/stacktrace.c
+@@ -34,19 +34,19 @@
+ #include <execinfo.h>
+ #endif
+ 
++#ifdef __linux__
+ #define PTR_SANE(p) ((p) && (char*)(p) >= heap_start && (char*)(p) <= heap_end)
+-
+ static char *heap_start;
+-
+-#if(defined HAVE_BSS_START) && !(defined __linux__)
+ extern char *__bss_start;
+-#endif
++#else
++#define PTR_SANE(p) (p)
++#endif /* __linux */
+ 
+ void my_init_stacktrace()
+ {
+-#if(defined HAVE_BSS_START) && !(defined __linux__)
++#ifdef __linux__
+   heap_start = (char*) &__bss_start;
+-#endif
++#endif /* __linux__ */
+ }
+ 
+ #ifdef __linux__
+@@ -149,15 +149,16 @@ static int safe_print_str(const char *ad
+ 
+ int my_safe_print_str(const char* val, int max_len)
+ {
++#ifdef __linux__
++/* Only needed by the linux version of PTR_SANE */
+   char *heap_end;
+ 
+-#ifdef __linux__
+   // Try and make use of /proc filesystem to safely print memory contents.
+   if (!safe_print_str(val, max_len))
+     return 0;
+-#endif
+ 
+   heap_end= (char*) sbrk(0);
++#endif
+ 
+   if (!PTR_SANE(val))
+   {
diff --git a/databases/mariadb102-server/files/patch-sql-common_client.c b/databases/mariadb102-server/files/patch-sql-common_client.c
index d222e5f37be4..9eb5704fcb47 100644
--- a/databases/mariadb102-server/files/patch-sql-common_client.c
+++ b/databases/mariadb102-server/files/patch-sql-common_client.c
@@ -11,13 +11,3 @@
  #include "client_settings.h"
  #include <ssl_compat.h>
  #include <sql_common.h>
-@@ -1822,7 +1826,8 @@
-   */
- 
- #ifdef HAVE_X509_check_host
--  ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1;
-+  ret_validation= X509_check_host(server_cert, server_hostname,
-+                                  strlen(server_hostname), 0, 0) != 1;
- #else
-   subject= X509_get_subject_name(server_cert);
-   cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
diff --git a/databases/mariadb102-server/files/patch-sql_mysqld.cc b/databases/mariadb102-server/files/patch-sql_mysqld.cc
index 17e28f8c2b7c..ab4a1ed810a5 100644
--- a/databases/mariadb102-server/files/patch-sql_mysqld.cc
+++ b/databases/mariadb102-server/files/patch-sql_mysqld.cc
@@ -1,21 +1,5 @@
 --- sql/mysqld.cc.orig	2017-05-14 23:13:18 UTC
 +++ sql/mysqld.cc
-@@ -111,6 +111,7 @@
- #endif
- 
- #include <my_systemd.h>
-+#include <my_crypt.h>
- 
- #define mysqld_charset &my_charset_latin1
- 
-@@ -120,6 +121,7 @@
- #define HAVE_CLOSE_SERVER_SOCK 1
- #endif
- 
-+
- extern "C" {					// Because of SCO 3.2V4.2
- #include <sys/stat.h>
- #ifndef __GNU_LIBRARY__
 @@ -4838,8 +4840,9 @@ static void init_ssl()
        while ((err= ERR_get_error()))
          sql_print_warning("SSL error: %s", ERR_error_string(err, NULL));