MFH: r470246
databases/mariadb102-server: Security update to 10.2.15 Security: 57aec168-453e-11e8-8777-b499baebfeaf Approved by: ports-secteam (miwi)
This commit is contained in:
Bernard Spil
parent
eb9950df64
commit
52cdee4d29
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2018Q2/; revision=470441
@ -22,7 +22,7 @@ CLIENT_ONLY= yes
|
||||
|
||||
post-configure:
|
||||
${REINPLACE_CMD} -Ee 's|(#define INCLUDE.*)"$$|\1 -I${PREFIX}/include"|' \
|
||||
-e 's|(#define LIBS.*)"\\ $$|\1 -L${PREFIX}/lib "\\|' \
|
||||
-e 's|(#define LIBS .*)"$$|\1 -L${PREFIX}/lib"|' \
|
||||
${WRKSRC}/libmariadb/mariadb_config/mariadb_config.c
|
||||
|
||||
post-install:
|
||||
@ -33,7 +33,7 @@ post-install:
|
||||
${STAGEDIR}${DATADIR}/policy \
|
||||
${STAGEDIR}${PREFIX}/include/mysql/server
|
||||
# Fix https://mariadb.atlassian.net/browse/MDEV-9388
|
||||
@${REINPLACE_CMD} 's/-l-pthread/-lpthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config
|
||||
@${REINPLACE_CMD} 's/-l-pthread/-pthread/' ${STAGEDIR}${PREFIX}/bin/mysql_config
|
||||
|
||||
post-install-GSSAPI_NONE:
|
||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/mysql/plugin/auth_gssapi_client.so
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
--- sql-common/client.c.orig 2018-01-03 14:48:29.000000000 +0100
|
||||
+++ sql-common/client.c 2018-01-24 00:45:11.194419000 +0100
|
||||
@@ -104,6 +104,10 @@
|
||||
#define CONNECT_TIMEOUT 0
|
||||
#endif
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) || defined(HAVE_YASSL)
|
||||
+#define ASN1_STRING_get0_data(X) ASN1_STRING_data(X)
|
||||
+#endif
|
||||
+
|
||||
#include "client_settings.h"
|
||||
#include <ssl_compat.h>
|
||||
#include <sql_common.h>
|
||||
@@ -1822,7 +1826,8 @@
|
||||
*/
|
||||
|
||||
#ifdef HAVE_X509_check_host
|
||||
- ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1;
|
||||
+ ret_validation= X509_check_host(server_cert, server_hostname,
|
||||
+ strlen(server_hostname), 0, 0) != 1;
|
||||
#else
|
||||
subject= X509_get_subject_name(server_cert);
|
||||
cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
|
||||
@ -1,7 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME?= mariadb
|
||||
PORTVERSION= 10.2.14
|
||||
PORTVERSION= 10.2.15
|
||||
PORTREVISION?= 0
|
||||
CATEGORIES= databases ipv6
|
||||
MASTER_SITES= http://mirrors.supportex.net/${SITESDIR}/ \
|
||||
@ -22,10 +22,7 @@ LICENSE_NAME_PerconaFT= PerconaFT patents license
|
||||
LICENSE_FILE_PerconaFT= ${WRKSRC}/storage/tokudb/PerconaFT/PATENTS
|
||||
LICENSE_PERMS_PerconaFT= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
|
||||
|
||||
BROKEN_aarch64= fails to link: stacktrace.c: undefined reference to 'sbrk'
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
PKGMESSAGE= ${WRKDIR}/pkg-message
|
||||
|
||||
SLAVEDIRS= databases/mariadb102-client
|
||||
USES= bison:build cmake:noninja compiler:c++11-lib cpe iconv:translit libedit ncurses shebangfix ssl
|
||||
@ -194,6 +191,14 @@ post-install:
|
||||
GSSAPI_BASE_IGNORE= BASE_GSSAPI is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system
|
||||
.endif
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200057
|
||||
SUB_LIST+= LEGACY_LIMITS="@comment " MODERN_LIMITS=""
|
||||
.else
|
||||
SUB_LIST+= LEGACY_LIMITS="" MODERN_LIMITS="@comment "
|
||||
.endif
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${OPSYS} == DragonFly
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1522324208
|
||||
SHA256 (mariadb-10.2.14.tar.gz) = 3443ec2d6e8af1eba49d097f6b2f6741c8d94b75abf19b8dd5753608f0703f7e
|
||||
SIZE (mariadb-10.2.14.tar.gz) = 72607526
|
||||
TIMESTAMP = 1526556031
|
||||
SHA256 (mariadb-10.2.15.tar.gz) = 33de205158fc22fd8eb4e5770cc5ffa1cb4029f9c398dfd8c554ccb3e636ba11
|
||||
SIZE (mariadb-10.2.15.tar.gz) = 73329750
|
||||
|
||||
@ -9,9 +9,9 @@
|
||||
# Add the following line to /etc/rc.conf to enable mysql:
|
||||
# mysql_(instance_)?enable (bool): Set to "NO" by default.
|
||||
# Set it to "YES" to enable MySQL.
|
||||
# mysql_(instance_)?limits (bool): Set to "NO" by default.
|
||||
# Set it to yes to run `limits -e -U mysql`
|
||||
# just before mysql starts.
|
||||
%%LEGACY_LIMITS%%# mysql_(instance_)?limits (bool): Set to "NO" by default.
|
||||
%%LEGACY_LIMITS%%# Set it to yes to run `limits -e -U mysql`
|
||||
%%LEGACY_LIMITS%%# just before mysql starts.
|
||||
# mysql_(instance_)?dbdir (str): Default to "/var/db/mysql"
|
||||
# Base database directory.
|
||||
# mysql_(instance_)?args (str): Custom additional arguments to be passed
|
||||
@ -22,7 +22,7 @@
|
||||
# Default to "mysql" created by the port
|
||||
# mysql_(instance_)?optfile (str): Server-specific option file.
|
||||
# Default to "${mysql_dbdir}/my.cnf".
|
||||
# mysql_instances (str): Set to "" by default.
|
||||
# mysql_instances (str): Set to "" by default.
|
||||
# If defined, list of instances to enable
|
||||
|
||||
. /etc/rc.subr
|
||||
@ -33,9 +33,9 @@ rcvar=mysql_enable
|
||||
load_rc_config $name
|
||||
|
||||
: ${mysql_enable="NO"}
|
||||
: ${mysql_limits="NO"}
|
||||
%%LEGACY_LIMITS%%: ${mysql_limits="NO"}
|
||||
: ${mysql_user="mysql"}
|
||||
: ${mysql_limits_args="-e -U $mysql_user"}
|
||||
%%LEGACY_LIMITS%%: ${mysql_limits_args="-e -U $mysql_user"}
|
||||
: ${mysql_dbdir="/var/db/mysql"}
|
||||
: ${mysql_optfile="${mysql_dbdir}/my.cnf"}
|
||||
|
||||
@ -51,9 +51,9 @@ if [ -n "$2" ]; then
|
||||
"$2 "*|*" $2 "*|*" $2"|"$2")
|
||||
eval mysql_args="\${mysql_${instance}_args:-\"${mysql_args}\"}"
|
||||
eval mysql_dbdir="\${mysql_${instance}_dbdir:-\"/var/db/mysql_${instance}\"}"
|
||||
eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}"
|
||||
%%LEGACY_LIMITS%% eval mysql_limits="\${mysql_${instance}_limits:-\"${mysql_limits}\"}"
|
||||
eval mysql_user="\${mysql_${instance}_user:-\"${mysql_user}\"}"
|
||||
eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}"
|
||||
%%LEGACY_LIMITS%% eval mysql_limits_args="\${mysql_${instance}_limits_args:-\"-e -U $mysql_user\"}"
|
||||
eval mysql_optfile="\${mysql_${instance}_optfile:-\"${mysql_dbdir}/my.cnf\"}"
|
||||
eval mysql_pidfile="\${mysql_${instance}_pidfile:-\"${mysql_dbdir}/`/bin/hostname`.pid\"}"
|
||||
;;
|
||||
@ -119,11 +119,12 @@ mysql_prestart()
|
||||
if [ ! -d "${mysql_dbdir}/mysql/." ]; then
|
||||
mysql_create_auth_tables || return 1
|
||||
fi
|
||||
if checkyesno mysql_limits; then
|
||||
eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
%%LEGACY_LIMITS%% if checkyesno mysql_limits; then
|
||||
%%LEGACY_LIMITS%% eval `/usr/bin/limits ${mysql_limits_args:-"-e -U $mysql_user"}` 2>/dev/null
|
||||
%%LEGACY_LIMITS%% else
|
||||
%%LEGACY_LIMITS%% return 0
|
||||
%%LEGACY_LIMITS%% fi
|
||||
%%MODERN_LIMITS%% return 0
|
||||
}
|
||||
|
||||
mysql_poststart()
|
||||
|
||||
47
databases/mariadb102-server/files/patch-MDEV-15961
Normal file
47
databases/mariadb102-server/files/patch-MDEV-15961
Normal file
@ -0,0 +1,47 @@
|
||||
--- mysys/stacktrace.c.orig 2018-03-26 16:41:18 UTC
|
||||
+++ mysys/stacktrace.c
|
||||
@@ -34,19 +34,19 @@
|
||||
#include <execinfo.h>
|
||||
#endif
|
||||
|
||||
+#ifdef __linux__
|
||||
#define PTR_SANE(p) ((p) && (char*)(p) >= heap_start && (char*)(p) <= heap_end)
|
||||
-
|
||||
static char *heap_start;
|
||||
-
|
||||
-#if(defined HAVE_BSS_START) && !(defined __linux__)
|
||||
extern char *__bss_start;
|
||||
-#endif
|
||||
+#else
|
||||
+#define PTR_SANE(p) (p)
|
||||
+#endif /* __linux */
|
||||
|
||||
void my_init_stacktrace()
|
||||
{
|
||||
-#if(defined HAVE_BSS_START) && !(defined __linux__)
|
||||
+#ifdef __linux__
|
||||
heap_start = (char*) &__bss_start;
|
||||
-#endif
|
||||
+#endif /* __linux__ */
|
||||
}
|
||||
|
||||
#ifdef __linux__
|
||||
@@ -149,15 +149,16 @@ static int safe_print_str(const char *ad
|
||||
|
||||
int my_safe_print_str(const char* val, int max_len)
|
||||
{
|
||||
+#ifdef __linux__
|
||||
+/* Only needed by the linux version of PTR_SANE */
|
||||
char *heap_end;
|
||||
|
||||
-#ifdef __linux__
|
||||
// Try and make use of /proc filesystem to safely print memory contents.
|
||||
if (!safe_print_str(val, max_len))
|
||||
return 0;
|
||||
-#endif
|
||||
|
||||
heap_end= (char*) sbrk(0);
|
||||
+#endif
|
||||
|
||||
if (!PTR_SANE(val))
|
||||
{
|
||||
@ -11,13 +11,3 @@
|
||||
#include "client_settings.h"
|
||||
#include <ssl_compat.h>
|
||||
#include <sql_common.h>
|
||||
@@ -1822,7 +1826,8 @@
|
||||
*/
|
||||
|
||||
#ifdef HAVE_X509_check_host
|
||||
- ret_validation= X509_check_host(server_cert, server_hostname, 0, 0, 0) != 1;
|
||||
+ ret_validation= X509_check_host(server_cert, server_hostname,
|
||||
+ strlen(server_hostname), 0, 0) != 1;
|
||||
#else
|
||||
subject= X509_get_subject_name(server_cert);
|
||||
cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
|
||||
|
||||
@ -1,21 +1,5 @@
|
||||
--- sql/mysqld.cc.orig 2017-05-14 23:13:18 UTC
|
||||
+++ sql/mysqld.cc
|
||||
@@ -111,6 +111,7 @@
|
||||
#endif
|
||||
|
||||
#include <my_systemd.h>
|
||||
+#include <my_crypt.h>
|
||||
|
||||
#define mysqld_charset &my_charset_latin1
|
||||
|
||||
@@ -120,6 +121,7 @@
|
||||
#define HAVE_CLOSE_SERVER_SOCK 1
|
||||
#endif
|
||||
|
||||
+
|
||||
extern "C" { // Because of SCO 3.2V4.2
|
||||
#include <sys/stat.h>
|
||||
#ifndef __GNU_LIBRARY__
|
||||
@@ -4838,8 +4840,9 @@ static void init_ssl()
|
||||
while ((err= ERR_get_error()))
|
||||
sql_print_warning("SSL error: %s", ERR_error_string(err, NULL));
|
||||
|
||||
Loading…
Reference in New Issue
Block a user