diff options
author | Bernard Spil <brnrd@FreeBSD.org> | 2018-05-20 16:01:56 +0800 |
---|---|---|
committer | Bernard Spil <brnrd@FreeBSD.org> | 2018-05-20 16:01:56 +0800 |
commit | 52cdee4d29dc5048bbdb32a266a02f51306d3b09 (patch) | |
tree | 5b7ffa815f874fc354838318a87e3a7082651726 | |
parent | eb9950df6420bc390ff2dd1e1d0d4a6c022d4f45 (diff) | |
download | freebsd-ports-52cdee4d29dc5048bbdb32a266a02f51306d3b09.tar.gz freebsd-ports-52cdee4d29dc5048bbdb32a266a02f51306d3b09.tar.zst freebsd-ports-52cdee4d29dc5048bbdb32a266a02f51306d3b09.zip |
MFH: r470246
databases/mariadb102-server: Security update to 10.2.15
Security: 57aec168-453e-11e8-8777-b499baebfeaf
Approved by: ports-secteam (miwi)
Notes
Notes:
svn path=/branches/2018Q2/; revision=470441
-rw-r--r-- | databases/mariadb102-client/Makefile | 4 | ||||
-rw-r--r-- | databases/mariadb102-client/files/patch-sql-common_client.c | 23 | ||||
-rw-r--r-- | databases/mariadb102-server/Makefile | 13 | ||||
-rw-r--r-- | databases/mariadb102-server/distinfo | 6 | ||||
-rw-r--r-- | databases/mariadb102-server/files/mysql-server.in | 27 | ||||
-rw-r--r-- | databases/mariadb102-server/files/patch-MDEV-15961 | 47 | ||||
-rw-r--r-- | databases/mariadb102-server/files/patch-sql-common_client.c | 10 | ||||
-rw-r--r-- | databases/mariadb102-server/files/patch-sql_mysqld.cc | 16 |
8 files changed, 75 insertions, 71 deletions
diff --git a/databases/mariadb102-client/Makefile b/databases/mariadb102-client/Makefile index 09c9a067e9cf..0863d0847e9d 100644 --- a/databases/mariadb102-client/Makefile +++ b/databases/mariadb102-client/Makefile @@ -22,7 +22,7 @@ CLIENT_ONLY= yes post-configure: ${REINPLACE_CMD} -Ee 's|(#define INCLUDE.*)"$$|\1 -I${PREFIX}/include"|' \ - -e 's|(#define LIBS.*)"\\ $$|\1 -L${PREFIX}/lib "\\|' \ + -e 's|(#define LIBS .*)"$$|\1 -L${PREFIX}/lib"|' \ ${WRKSRC}/libmariadb/mariadb_config/mariadb_config.c post-install: @@ -33,7 +33,7 @@ post-install: ${STAGEDIR}${DATADIR}/policy \ ${STAGEDIR}${PREFIX}/include/mysql/server # Fix https://mariadb.atlassian.net/browse/MDEV-9388 - @${REINPLACE_CMD} 's/-l-pthread/-lpthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config + @${REINPLACE_CMD} 's/-l-pthread/-pthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config post-install-GSSAPI_NONE: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/mysql/plugin/auth_gssapi_client.so diff --git a/databases/mariadb102-client/files/patch-sql-common_client.c b/databases/mariadb102-client/files/patch-sql-common_client.c deleted file mode 100644 index d222e5f37be4..000000000000 --- a/databases/mariadb102-client/files/patch-sql-common_client.c +++ /dev/null @@ -1,23 +0,0 @@ ---- sql-common/client.c.orig 2018-01-03 14:48:29.000000000 +0100 -+++ sql-common/client.c 2018-01-24 00:45:11.194419000 +0100 -@@ -104,6 +104,10 @@ - #define CONNECT_TIMEOUT 0 - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) || defined(HAVE_YASSL) -+#define ASN1_STRING_get0_data(X) ASN1_STRING_data(X) -+#endif -+ - #include "client_settings.h" - #include <ssl_compat.h> - #include <sql_common.h> -@@ -1822,7 +1826,8 @@ - */ - - #ifdef HAVE_X509_check_host -- ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1; -+ ret_validation= X509_check_host(server_cert, server_hostname, -+ strlen(server_hostname), 0, 0) != 1; - #else - subject= X509_get_subject_name(server_cert); - cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1); diff --git a/databases/mariadb102-server/Makefile b/databases/mariadb102-server/Makefile index c218ca50a52f..b184d55fd52a 100644 --- a/databases/mariadb102-server/Makefile +++ b/databases/mariadb102-server/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME?= mariadb -PORTVERSION= 10.2.14 +PORTVERSION= 10.2.15 PORTREVISION?= 0 CATEGORIES= databases ipv6 MASTER_SITES= http://mirrors.supportex.net/${SITESDIR}/ \ @@ -22,10 +22,7 @@ LICENSE_NAME_PerconaFT= PerconaFT patents license LICENSE_FILE_PerconaFT= ${WRKSRC}/storage/tokudb/PerconaFT/PATENTS LICENSE_PERMS_PerconaFT= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept -BROKEN_aarch64= fails to link: stacktrace.c: undefined reference to 'sbrk' - SUB_FILES= pkg-message -PKGMESSAGE= ${WRKDIR}/pkg-message SLAVEDIRS= databases/mariadb102-client USES= bison:build cmake:noninja compiler:c++11-lib cpe iconv:translit libedit ncurses shebangfix ssl @@ -194,6 +191,14 @@ post-install: GSSAPI_BASE_IGNORE= BASE_GSSAPI is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system .endif +.include <bsd.port.options.mk> + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200057 +SUB_LIST+= LEGACY_LIMITS="@comment " MODERN_LIMITS="" +.else +SUB_LIST+= LEGACY_LIMITS="" MODERN_LIMITS="@comment " +.endif + .include <bsd.port.pre.mk> .if ${OPSYS} == DragonFly diff --git a/databases/mariadb102-server/distinfo b/databases/mariadb102-server/distinfo index c037e6068bc3..8138cd2192c0 100644 --- a/databases/mariadb102-server/distinfo +++ b/databases/mariadb102-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1522324208 -SHA256 (mariadb-10.2.14.tar.gz) = 3443ec2d6e8af1eba49d097f6b2f6741c8d94b75abf19b8dd5753608f0703f7e -SIZE (mariadb-10.2.14.tar.gz) = 72607526 +TIMESTAMP = 1526556031 +SHA256 (mariadb-10.2.15.tar.gz) = 33de205158fc22fd8eb4e5770cc5ffa1cb4029f9c398dfd8c554ccb3e636ba11 +SIZE (mariadb-10.2.15.tar.gz) = 73329750 diff --git a/databases/mariadb102-server/files/mysql-server.in b/databases/mariadb102-server/files/mysql-server.in index 5f5603f2f575..d3417eebce5f 100644 --- a/databases/mariadb102-server/files/mysql-server.in +++ b/databases/mariadb102-server/files/mysql-server.in @@ -9,9 +9,9 @@ # Add the following line to /etc/rc.conf to enable mysql: # mysql_(instance_)?enable (bool): Set to "NO" by default. # Set it to "YES" to enable MySQL. -# mysql_(instance_)?limits (bool): Set to "NO" by default. -# Set it to yes to run `limits -e -U mysql` -# just before mysql starts. +%%LEGACY_LIMITS%%# mysql_(instance_)?limits (bool): Set to "NO" by default. +%%LEGACY_LIMITS%%# Set it to yes to run `limits -e -U mysql` +%%LEGACY_LIMITS%%# just before mysql starts. # mysql_(instance_)?dbdir (str): Default to "/var/db/mysql" # Base database directory. # mysql_(instance_)?args (str): Custom additional arguments to be passed @@ -22,7 +22,7 @@ # Default to "mysql" created by the port # mysql_(instance_)?optfile (str): Server-specific option file. # Default to "${mysql_dbdir}/my.cnf". -# mysql_instances (str): Set to "" by default. +# mysql_instances (str): Set to "" by default. # If defined, list of instances to enable . /etc/rc.subr @@ -33,9 +33,9 @@ rcvar=mysql_enable load_rc_config $name : ${mysql_enable="NO"} -: ${mysql_limits="NO"} +%%LEGACY_LIMITS%%: ${mysql_limits="NO"} : ${mysql_user="mysql"} -: ${mysql_limits_args="-e -U $mysql_user"} +%%LEGACY_LIMITS%%: ${mysql_limits_args="-e -U $mysql_user"} : ${mysql_dbdir="/var/db/mysql"} : ${mysql_optfile="${mysql_dbdir}/my.cnf"} @@ -51,9 +51,9 @@ if [ -n "$2" ]; then "$2 "*|*" $2 "*|*" $2"|"$2") eval mysql_args="\${mysql_${instance}_args:-\"${mysql_args}\"}" eval mysql_dbdir="\${mysql_${instance}_dbdir:-\"/var/db/mysql_${instance}\"}" - eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}" +%%LEGACY_LIMITS%% eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}" eval mysql_user="\${mysql_${instance}_user:-\"${mysql_user}\"}" - eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}" +%%LEGACY_LIMITS%% eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}" eval mysql_optfile="\${mysql_${instance}_optfile:-\"${mysql_dbdir}/my.cnf\"}" eval mysql_pidfile="\${mysql_${instance}_pidfile:-\"${mysql_dbdir}/`/bin/hostname`.pid\"}" ;; @@ -119,11 +119,12 @@ mysql_prestart() if [ ! -d "${mysql_dbdir}/mysql/." ]; then mysql_create_auth_tables || return 1 fi - if checkyesno mysql_limits; then - eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null - else - return 0 - fi +%%LEGACY_LIMITS%% if checkyesno mysql_limits; then +%%LEGACY_LIMITS%% eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null +%%LEGACY_LIMITS%% else +%%LEGACY_LIMITS%% return 0 +%%LEGACY_LIMITS%% fi +%%MODERN_LIMITS%% return 0 } mysql_poststart() diff --git a/databases/mariadb102-server/files/patch-MDEV-15961 b/databases/mariadb102-server/files/patch-MDEV-15961 new file mode 100644 index 000000000000..12854f191894 --- /dev/null +++ b/databases/mariadb102-server/files/patch-MDEV-15961 @@ -0,0 +1,47 @@ +--- mysys/stacktrace.c.orig 2018-03-26 16:41:18 UTC ++++ mysys/stacktrace.c +@@ -34,19 +34,19 @@ + #include <execinfo.h> + #endif + ++#ifdef __linux__ + #define PTR_SANE(p) ((p) && (char*)(p) >= heap_start && (char*)(p) <= heap_end) +- + static char *heap_start; +- +-#if(defined HAVE_BSS_START) && !(defined __linux__) + extern char *__bss_start; +-#endif ++#else ++#define PTR_SANE(p) (p) ++#endif /* __linux */ + + void my_init_stacktrace() + { +-#if(defined HAVE_BSS_START) && !(defined __linux__) ++#ifdef __linux__ + heap_start = (char*) &__bss_start; +-#endif ++#endif /* __linux__ */ + } + + #ifdef __linux__ +@@ -149,15 +149,16 @@ static int safe_print_str(const char *ad + + int my_safe_print_str(const char* val, int max_len) + { ++#ifdef __linux__ ++/* Only needed by the linux version of PTR_SANE */ + char *heap_end; + +-#ifdef __linux__ + // Try and make use of /proc filesystem to safely print memory contents. + if (!safe_print_str(val, max_len)) + return 0; +-#endif + + heap_end= (char*) sbrk(0); ++#endif + + if (!PTR_SANE(val)) + { diff --git a/databases/mariadb102-server/files/patch-sql-common_client.c b/databases/mariadb102-server/files/patch-sql-common_client.c index d222e5f37be4..9eb5704fcb47 100644 --- a/databases/mariadb102-server/files/patch-sql-common_client.c +++ b/databases/mariadb102-server/files/patch-sql-common_client.c @@ -11,13 +11,3 @@ #include "client_settings.h" #include <ssl_compat.h> #include <sql_common.h> -@@ -1822,7 +1826,8 @@ - */ - - #ifdef HAVE_X509_check_host -- ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1; -+ ret_validation= X509_check_host(server_cert, server_hostname, -+ strlen(server_hostname), 0, 0) != 1; - #else - subject= X509_get_subject_name(server_cert); - cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1); diff --git a/databases/mariadb102-server/files/patch-sql_mysqld.cc b/databases/mariadb102-server/files/patch-sql_mysqld.cc index 17e28f8c2b7c..ab4a1ed810a5 100644 --- a/databases/mariadb102-server/files/patch-sql_mysqld.cc +++ b/databases/mariadb102-server/files/patch-sql_mysqld.cc @@ -1,21 +1,5 @@ --- sql/mysqld.cc.orig 2017-05-14 23:13:18 UTC +++ sql/mysqld.cc -@@ -111,6 +111,7 @@ - #endif - - #include <my_systemd.h> -+#include <my_crypt.h> - - #define mysqld_charset &my_charset_latin1 - -@@ -120,6 +121,7 @@ - #define HAVE_CLOSE_SERVER_SOCK 1 - #endif - -+ - extern "C" { // Because of SCO 3.2V4.2 - #include <sys/stat.h> - #ifndef __GNU_LIBRARY__ @@ -4838,8 +4840,9 @@ static void init_ssl() while ((err= ERR_get_error())) sql_print_warning("SSL error: %s", ERR_error_string(err, NULL)); |