From owner-svn-ports-all@freebsd.org Sun Mar 26 10:20:59 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D813D1D1DB; Sun, 26 Mar 2017 10:20:59 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E5DC1ABC; Sun, 26 Mar 2017 10:20:59 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2QAKwpE013361; Sun, 26 Mar 2017 10:20:58 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2QAKv1R013357; Sun, 26 Mar 2017 10:20:57 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201703261020.v2QAKv1R013357@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Sun, 26 Mar 2017 10:20:57 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r436947 - in branches/2017Q1/databases: mariadb55-client mariadb55-client/files mariadb55-server mariadb55-server/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2017 10:20:59 -0000 Author: brnrd Date: Sun Mar 26 10:20:57 2017 New Revision: 436947 URL: https://svnweb.freebsd.org/changeset/ports/436947 Log: MFH: r433041 r433042 r436493 databases/maria55*: reset maintainer The maintainer was not involved in any of the last 13 releases and still is not responding to PRs (many, many timeouts). Maintainership of this port probably should have been reset a couple of years ago. databases/mariadb55-client: Fix stage QA Remove files from stage directory that aren't supposed to be packaged to satisfy QA checks. No revump necessary. PR: 214669 databases/mariadb55-server: Fix vulnerabilities - Add vulnerability patch from upstream - Improve OQGraph BROKEN message - Take maintaintership Security: 7c27192f-0bc3-11e7-9940-b499baebfeaf Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf Security: CVE-2017-3313 Security: CVE-2017-3302 Approved by: ports-secteam (junovitch) Added: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 - copied unchanged from r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302 branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 - copied unchanged from r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302 Modified: branches/2017Q1/databases/mariadb55-client/Makefile branches/2017Q1/databases/mariadb55-server/Makefile Directory Properties: branches/2017Q1/ (props changed) Modified: branches/2017Q1/databases/mariadb55-client/Makefile ============================================================================== --- branches/2017Q1/databases/mariadb55-client/Makefile Sun Mar 26 09:49:52 2017 (r436946) +++ branches/2017Q1/databases/mariadb55-client/Makefile Sun Mar 26 10:20:57 2017 (r436947) @@ -19,9 +19,11 @@ CONFLICTS_INSTALL= mariadb5[0-46-9]-clie percona*-client-* CMAKE_ARGS+= -DWITHOUT_SERVER=1 - USE_LDCONFIG= ${PREFIX}/lib/mysql - CLIENT_ONLY= yes +post-install: + ${RM} ${STAGEDIR}${PREFIX}/bin/mysqld_safe_helper + ${RM} -r ${STAGEDIR}${PREFIX}/include/mysql/private + .include "${MASTERDIR}/Makefile" Copied: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 (from r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 Sun Mar 26 10:20:57 2017 (r436947, copy of r436493, head/databases/mariadb55-client/files/patch-CVE-2017-3302) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; + Modified: branches/2017Q1/databases/mariadb55-server/Makefile ============================================================================== --- branches/2017Q1/databases/mariadb55-server/Makefile Sun Mar 26 09:49:52 2017 (r436946) +++ branches/2017Q1/databases/mariadb55-server/Makefile Sun Mar 26 10:20:57 2017 (r436947) @@ -2,7 +2,7 @@ PORTNAME?= mariadb PORTVERSION= 5.5.54 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= databases ipv6 MASTER_SITES= http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ @@ -15,7 +15,7 @@ MASTER_SITES= http://ftp.osuosl.org/pub/ http://mirror.switch.ch/mirror/mariadb/${PORTNAME}-${PORTVERSION}/source/ PKGNAMESUFFIX?= 55-server -MAINTAINER= never@nevermind.kiev.ua +MAINTAINER= brnrd@FreeBSD.org COMMENT?= Multithreaded SQL database (server) LICENSE= GPLv2 @@ -101,7 +101,7 @@ OQGRAPH_DESC= Open Query Graph Computati OQGRAPH_USE= GCC=yes OQGRAPH_LIB_DEPENDS= libboost_system.so:devel/boost-libs -OQGRAPH_BROKEN= yes +OQGRAPH_BROKEN= OQGraph does not build MAXKEY_EXTRA_PATCHES= ${FILESDIR}/extra-patch-include_my_compare.h .endif Copied: branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 (from r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 Sun Mar 26 10:20:57 2017 (r436947, copy of r436493, head/databases/mariadb55-server/files/patch-CVE-2017-3302) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; +