Date: Sun, 26 Mar 2017 10:20:57 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r436947 - in branches/2017Q1/databases: mariadb55-client mariadb55-client/files mariadb55-server mariadb55-server/files Message-ID: <201703261020.v2QAKv1R013357@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sun Mar 26 10:20:57 2017 New Revision: 436947 URL: https://svnweb.freebsd.org/changeset/ports/436947 Log: MFH: r433041 r433042 r436493 databases/maria55*: reset maintainer The maintainer was not involved in any of the last 13 releases and still is not responding to PRs (many, many timeouts). Maintainership of this port probably should have been reset a couple of years ago. databases/mariadb55-client: Fix stage QA Remove files from stage directory that aren't supposed to be packaged to satisfy QA checks. No revump necessary. PR: 214669 databases/mariadb55-server: Fix vulnerabilities - Add vulnerability patch from upstream - Improve OQGraph BROKEN message - Take maintaintership Security: 7c27192f-0bc3-11e7-9940-b499baebfeaf Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf Security: CVE-2017-3313 Security: CVE-2017-3302 Approved by: ports-secteam (junovitch) Added: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 - copied unchanged from r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302 branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 - copied unchanged from r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302 Modified: branches/2017Q1/databases/mariadb55-client/Makefile branches/2017Q1/databases/mariadb55-server/Makefile Directory Properties: branches/2017Q1/ (props changed) Modified: branches/2017Q1/databases/mariadb55-client/Makefile ============================================================================== --- branches/2017Q1/databases/mariadb55-client/Makefile Sun Mar 26 09:49:52 2017 (r436946) +++ branches/2017Q1/databases/mariadb55-client/Makefile Sun Mar 26 10:20:57 2017 (r436947) @@ -19,9 +19,11 @@ CONFLICTS_INSTALL= mariadb5[0-46-9]-clie percona*-client-* CMAKE_ARGS+= -DWITHOUT_SERVER=1 - USE_LDCONFIG= ${PREFIX}/lib/mysql - CLIENT_ONLY= yes +post-install: + ${RM} ${STAGEDIR}${PREFIX}/bin/mysqld_safe_helper + ${RM} -r ${STAGEDIR}${PREFIX}/include/mysql/private + .include "${MASTERDIR}/Makefile" Copied: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 (from r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 Sun Mar 26 10:20:57 2017 (r436947, copy of r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik <serg@mariadb.org> +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; + Modified: branches/2017Q1/databases/mariadb55-server/Makefile ============================================================================== --- branches/2017Q1/databases/mariadb55-server/Makefile Sun Mar 26 09:49:52 2017 (r436946) +++ branches/2017Q1/databases/mariadb55-server/Makefile Sun Mar 26 10:20:57 2017 (r436947) @@ -2,7 +2,7 @@ PORTNAME?= mariadb PORTVERSION= 5.5.54 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= databases ipv6 MASTER_SITES= http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ @@ -15,7 +15,7 @@ MASTER_SITES= http://ftp.osuosl.org/pub/ http://mirror.switch.ch/mirror/mariadb/${PORTNAME}-${PORTVERSION}/source/ PKGNAMESUFFIX?= 55-server -MAINTAINER= never@nevermind.kiev.ua +MAINTAINER= brnrd@FreeBSD.org COMMENT?= Multithreaded SQL database (server) LICENSE= GPLv2 @@ -101,7 +101,7 @@ OQGRAPH_DESC= Open Query Graph Computati OQGRAPH_USE= GCC=yes OQGRAPH_LIB_DEPENDS= libboost_system.so:devel/boost-libs -OQGRAPH_BROKEN= yes +OQGRAPH_BROKEN= OQGraph does not build MAXKEY_EXTRA_PATCHES= ${FILESDIR}/extra-patch-include_my_compare.h .endif Copied: branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 (from r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 Sun Mar 26 10:20:57 2017 (r436947, copy of r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik <serg@mariadb.org> +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703261020.v2QAKv1R013357>