From owner-svn-ports-all@freebsd.org Sat Nov 12 00:49:06 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90CF9C3AE9B; Sat, 12 Nov 2016 00:49:06 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 52EE51C13; Sat, 12 Nov 2016 00:49:06 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uAC0n5a1026764; Sat, 12 Nov 2016 00:49:05 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uAC0n58V026761; Sat, 12 Nov 2016 00:49:05 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201611120049.uAC0n58V026761@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Sat, 12 Nov 2016 00:49:05 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r425917 - in branches/2016Q4/databases/mariadb101-server: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Nov 2016 00:49:06 -0000 Author: brnrd Date: Sat Nov 12 00:49:05 2016 New Revision: 425917 URL: https://svnweb.freebsd.org/changeset/ports/425917 Log: MFH: r424132 r425398 r425916 databases/mariadb101-server: Update to 10.1.18 - Regular update to 10.1.18 Fix data encryption at rest when building with LibreSSL Replace RAND_SSLeay->bytes with arc4random_buf when using LibreSSL, as it supports RAND_SSLeay only for ABI compatibility [0]. Note that the code in question in mariadb mentions that RAND_bytes isn't guaranteed to not block and therefore uses these functions directly. As LibreSSL implements RAND_bytes in terms of arc4random_buf, which shouldn't block, the patch could also use RAND_bytes instead of using arc4random_buf directly, but the current version of the patch has been tested in production and might be less confusing overall. Bumped revision, as this fixes a runtime problem. [0] https://github.com/libressl/libressl/blob/master/src/crypto/rand/rand_lib.c#L36 PR: 213577 Approved by: ssl blanket databases/mariadb101-server: Update to 10.1.19 - Update to 10.1.19 - Use target-OPT-on not .if exists - Remove OQGraph patches now included upstream PR: 213902 Security: 9bc14850-a070-11e6-a881-b499baebfeaf Approved by: ports-secteam (junovitch) Added: branches/2016Q4/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc - copied unchanged from r425398, head/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc Deleted: branches/2016Q4/databases/mariadb101-server/files/patch-storage_oqgraph_graphcore.cc branches/2016Q4/databases/mariadb101-server/files/patch-storage_oqgraph_oqgraph__shim.h Modified: branches/2016Q4/databases/mariadb101-server/Makefile branches/2016Q4/databases/mariadb101-server/distinfo Directory Properties: branches/2016Q4/ (props changed) Modified: branches/2016Q4/databases/mariadb101-server/Makefile ============================================================================== --- branches/2016Q4/databases/mariadb101-server/Makefile Sat Nov 12 00:11:26 2016 (r425916) +++ branches/2016Q4/databases/mariadb101-server/Makefile Sat Nov 12 00:49:05 2016 (r425917) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME?= mariadb -PORTVERSION= 10.1.17 +PORTVERSION= 10.1.19 CATEGORIES= databases ipv6 MASTER_SITES= http://ftp.osuosl.org/pub/${SITESDIR}/ \ http://mirrors.supportex.net/${SITESDIR}/ \ @@ -173,10 +173,8 @@ post-patch: ${WRKSRC}/cmake/os/DragonFly.cmake .endif -.if exists(${WRKSRC}/storage/mroonga/CMakeFiles/mroonga.dir/link.txt) -post-configure: +post-configure-MROONGA-on: @${REINPLACE_CMD} "s|/usr/bin/c++ |/usr/bin/c++ -L${LOCALBASE}/lib |" \ ${WRKSRC}/storage/mroonga/CMakeFiles/mroonga.dir/link.txt -.endif .include Modified: branches/2016Q4/databases/mariadb101-server/distinfo ============================================================================== --- branches/2016Q4/databases/mariadb101-server/distinfo Sat Nov 12 00:11:26 2016 (r425916) +++ branches/2016Q4/databases/mariadb101-server/distinfo Sat Nov 12 00:49:05 2016 (r425917) @@ -1,3 +1,3 @@ -TIMESTAMP = 1472628631 -SHA256 (mariadb-10.1.17.tar.gz) = 4ca45ac5e34418761868115ebc8c068d511fed08e283b2cac52559d63ba4aab5 -SIZE (mariadb-10.1.17.tar.gz) = 61158134 +TIMESTAMP = 1478591187 +SHA256 (mariadb-10.1.19.tar.gz) = 5b9373f314e2d1727422fb3795bcf50c1c59005129b35b6cadafae5663251a81 +SIZE (mariadb-10.1.19.tar.gz) = 61222929 Copied: branches/2016Q4/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc (from r425398, head/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q4/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc Sat Nov 12 00:49:05 2016 (r425917, copy of r425398, head/databases/mariadb101-server/files/patch-mysys_ssl-my_crypt.cc) @@ -0,0 +1,25 @@ +--- mysys_ssl/my_crypt.cc.orig 2016-08-29 16:38:54.000000000 +0200 ++++ mysys_ssl/my_crypt.cc 2016-10-17 19:14:45.146531847 +0200 +@@ -275,10 +275,14 @@ + return MY_AES_OK; + } + #else ++#include + #include + + int my_random_bytes(uchar *buf, int num) + { ++#if defined(LIBRESSL_VERSION_NUMBER) ++ arc4random_buf(buf, num); ++#else + /* + Unfortunately RAND_bytes manual page does not provide any guarantees + in relation to blocking behavior. Here we explicitly use SSLeay random +@@ -288,6 +292,7 @@ + RAND_METHOD *rand = RAND_SSLeay(); + if (rand == NULL || rand->bytes(buf, num) != 1) + return MY_AES_OPENSSL_ERROR; ++#endif + return MY_AES_OK; + } + #endif