From owner-svn-ports-head@freebsd.org  Sun Mar 19 13:30:54 2017
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B054D124DB;
 Sun, 19 Mar 2017 13:30:54 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CFE7C16DD;
 Sun, 19 Mar 2017 13:30:53 +0000 (UTC)
 (envelope-from brnrd@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2JDUqfW040217;
 Sun, 19 Mar 2017 13:30:52 GMT (envelope-from brnrd@FreeBSD.org)
Received: (from brnrd@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2JDUqYS040214;
 Sun, 19 Mar 2017 13:30:52 GMT (envelope-from brnrd@FreeBSD.org)
Message-Id: <201703191330.v2JDUqYS040214@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: brnrd set sender to
 brnrd@FreeBSD.org using -f
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Sun, 19 Mar 2017 13:30:52 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r436493 - in head/databases: mariadb55-client/files
 mariadb55-server mariadb55-server/files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 13:30:54 -0000

Author: brnrd
Date: Sun Mar 19 13:30:52 2017
New Revision: 436493
URL: https://svnweb.freebsd.org/changeset/ports/436493

Log:
  databases/mariadb55-server: Fix vulnerabilities
  
   - Add vulnerability patch from upstream
   - Improve OQGraph BROKEN message
   - Take maintaintership
  
  MFH:		2017Q1
  Security:	7c27192f-0bc3-11e7-9940-b499baebfeaf
  Security:	4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
  Security:	CVE-2017-3313
  Security:	CVE-2017-3302

Added:
  head/databases/mariadb55-client/files/patch-CVE-2017-3302   (contents, props changed)
  head/databases/mariadb55-server/files/patch-CVE-2017-3302   (contents, props changed)
Modified:
  head/databases/mariadb55-server/Makefile

Added: head/databases/mariadb55-client/files/patch-CVE-2017-3302
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/databases/mariadb55-client/files/patch-CVE-2017-3302	Sun Mar 19 13:30:52 2017	(r436493)
@@ -0,0 +1,124 @@
+From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 16 Feb 2017 11:32:47 +0100
+Subject: [PATCH] MDEV-11933 Wrong usage of linked list in
+ mysql_prune_stmt_list
+
+mysql_prune_stmt_list() was walking the list following
+element->next pointers, but inside the loop it was invoking
+list_add(element) that modified element->next. So, mysql_prune_stmt_list()
+failed to visit and reset all elements, and some of them were left
+with pointers to invalid MYSQL.
+---
+ sql-common/client.c       | 11 ++---------
+ tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/sql-common/client.c b/sql-common/client.c
+index c2e0cc3..b348afc 100644
+--- sql-common/client.c.orig
++++ sql-common/client.c
+@@ -1,5 +1,5 @@
+ /* Copyright (c) 2003, 2016, Oracle and/or its affiliates.
+-   Copyright (c) 2009, 2016, MariaDB
++   Copyright (c) 2009, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql)
+ static void mysql_prune_stmt_list(MYSQL *mysql)
+ {
+   LIST *element= mysql->stmts;
+-  LIST *pruned_list= 0;
+-
+   for (; element; element= element->next)
+   {
+     MYSQL_STMT *stmt= (MYSQL_STMT *) element->data;
+@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql)
+       stmt->last_errno= CR_SERVER_LOST;
+       strmov(stmt->last_error, ER(CR_SERVER_LOST));
+       strmov(stmt->sqlstate, unknown_sqlstate);
+-    }
+-    else
+-    {
+-      pruned_list= list_add(pruned_list, element);
++      mysql->stmts= list_delete(mysql->stmts, element);
+     }
+   }
+-
+-  mysql->stmts= pruned_list;
+ }
+ 
+ 
+diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
+index 446018e..f62545d 100644
+--- tests/mysql_client_test.c.orig
++++ tests/mysql_client_test.c
+@@ -1,5 +1,5 @@
+-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates.
+-   Copyright (c) 2008, 2012, Monty Program Ab
++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates.
++   Copyright (c) 2008, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -19031,6 +19031,49 @@ static void test_mdev4326()
+   myquery(rc);
+ }
+ 
++
++/**
++   BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST()
++*/
++static void test_bug17512527()
++{
++  MYSQL *conn;
++  MYSQL_STMT *stmt1, *stmt2;
++  unsigned long thread_id;
++  char query[MAX_TEST_QUERY_LENGTH];
++  int rc;
++
++  conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1);
++
++  stmt1 = mysql_stmt_init(conn);
++  check_stmt(stmt1);
++  rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1"));
++  check_execute(stmt1, rc);
++
++  stmt2 = mysql_stmt_init(conn);
++  check_stmt(stmt2);
++
++  thread_id= mysql_thread_id(conn);
++  sprintf(query, "KILL %lu", thread_id);
++  if (thread_query(query))
++    exit(1);
++
++  rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2"));
++  check_execute(stmt2, rc);
++
++  rc= mysql_stmt_execute(stmt1);
++  check_execute_r(stmt1, rc);
++
++  rc= mysql_stmt_execute(stmt2);
++  check_execute(stmt2, rc);
++
++  mysql_close(conn);
++
++  mysql_stmt_close(stmt2);
++  mysql_stmt_close(stmt1);
++}
++
++
+ static struct my_tests_st my_tests[]= {
+   { "disable_query_logs", disable_query_logs },
+   { "test_view_sp_list_fields", test_view_sp_list_fields },
+@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug13001491", test_bug13001491 },
+   { "test_mdev4326", test_mdev4326 },
+   { "test_ps_sp_out_params", test_ps_sp_out_params },
++#ifndef _WIN32
++  { "test_bug17512527", test_bug17512527},
++#endif
+   { 0, 0 }
+ };
+ 

Modified: head/databases/mariadb55-server/Makefile
==============================================================================
--- head/databases/mariadb55-server/Makefile	Sun Mar 19 13:05:06 2017	(r436492)
+++ head/databases/mariadb55-server/Makefile	Sun Mar 19 13:30:52 2017	(r436493)
@@ -2,7 +2,7 @@
 
 PORTNAME?=	mariadb
 PORTVERSION=	5.5.54
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES=	databases ipv6
 MASTER_SITES=	http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \
 		http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/source/ \
@@ -15,7 +15,7 @@ MASTER_SITES=	http://ftp.osuosl.org/pub/
 		http://mirror.switch.ch/mirror/mariadb/${PORTNAME}-${PORTVERSION}/source/
 PKGNAMESUFFIX?=	55-server
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	brnrd@FreeBSD.org
 COMMENT?=	Multithreaded SQL database (server)
 
 LICENSE=	GPLv2
@@ -101,7 +101,7 @@ OQGRAPH_DESC=	Open Query Graph Computati
 
 OQGRAPH_USE=	GCC=yes
 OQGRAPH_LIB_DEPENDS=	libboost_system.so:devel/boost-libs
-OQGRAPH_BROKEN=	yes
+OQGRAPH_BROKEN=	OQGraph does not build
 
 MAXKEY_EXTRA_PATCHES=	${FILESDIR}/extra-patch-include_my_compare.h
 .endif

Added: head/databases/mariadb55-server/files/patch-CVE-2017-3302
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/databases/mariadb55-server/files/patch-CVE-2017-3302	Sun Mar 19 13:30:52 2017	(r436493)
@@ -0,0 +1,124 @@
+From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 16 Feb 2017 11:32:47 +0100
+Subject: [PATCH] MDEV-11933 Wrong usage of linked list in
+ mysql_prune_stmt_list
+
+mysql_prune_stmt_list() was walking the list following
+element->next pointers, but inside the loop it was invoking
+list_add(element) that modified element->next. So, mysql_prune_stmt_list()
+failed to visit and reset all elements, and some of them were left
+with pointers to invalid MYSQL.
+---
+ sql-common/client.c       | 11 ++---------
+ tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/sql-common/client.c b/sql-common/client.c
+index c2e0cc3..b348afc 100644
+--- sql-common/client.c.orig
++++ sql-common/client.c
+@@ -1,5 +1,5 @@
+ /* Copyright (c) 2003, 2016, Oracle and/or its affiliates.
+-   Copyright (c) 2009, 2016, MariaDB
++   Copyright (c) 2009, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql)
+ static void mysql_prune_stmt_list(MYSQL *mysql)
+ {
+   LIST *element= mysql->stmts;
+-  LIST *pruned_list= 0;
+-
+   for (; element; element= element->next)
+   {
+     MYSQL_STMT *stmt= (MYSQL_STMT *) element->data;
+@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql)
+       stmt->last_errno= CR_SERVER_LOST;
+       strmov(stmt->last_error, ER(CR_SERVER_LOST));
+       strmov(stmt->sqlstate, unknown_sqlstate);
+-    }
+-    else
+-    {
+-      pruned_list= list_add(pruned_list, element);
++      mysql->stmts= list_delete(mysql->stmts, element);
+     }
+   }
+-
+-  mysql->stmts= pruned_list;
+ }
+ 
+ 
+diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
+index 446018e..f62545d 100644
+--- tests/mysql_client_test.c.orig
++++ tests/mysql_client_test.c
+@@ -1,5 +1,5 @@
+-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates.
+-   Copyright (c) 2008, 2012, Monty Program Ab
++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates.
++   Copyright (c) 2008, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -19031,6 +19031,49 @@ static void test_mdev4326()
+   myquery(rc);
+ }
+ 
++
++/**
++   BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST()
++*/
++static void test_bug17512527()
++{
++  MYSQL *conn;
++  MYSQL_STMT *stmt1, *stmt2;
++  unsigned long thread_id;
++  char query[MAX_TEST_QUERY_LENGTH];
++  int rc;
++
++  conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1);
++
++  stmt1 = mysql_stmt_init(conn);
++  check_stmt(stmt1);
++  rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1"));
++  check_execute(stmt1, rc);
++
++  stmt2 = mysql_stmt_init(conn);
++  check_stmt(stmt2);
++
++  thread_id= mysql_thread_id(conn);
++  sprintf(query, "KILL %lu", thread_id);
++  if (thread_query(query))
++    exit(1);
++
++  rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2"));
++  check_execute(stmt2, rc);
++
++  rc= mysql_stmt_execute(stmt1);
++  check_execute_r(stmt1, rc);
++
++  rc= mysql_stmt_execute(stmt2);
++  check_execute(stmt2, rc);
++
++  mysql_close(conn);
++
++  mysql_stmt_close(stmt2);
++  mysql_stmt_close(stmt1);
++}
++
++
+ static struct my_tests_st my_tests[]= {
+   { "disable_query_logs", disable_query_logs },
+   { "test_view_sp_list_fields", test_view_sp_list_fields },
+@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug13001491", test_bug13001491 },
+   { "test_mdev4326", test_mdev4326 },
+   { "test_ps_sp_out_params", test_ps_sp_out_params },
++#ifndef _WIN32
++  { "test_bug17512527", test_bug17512527},
++#endif
+   { 0, 0 }
+ };
+