diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 13:01:45 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 13:01:45 +0000 |
commit | 7f7241ef59644917efed8c594e42f2f4b9158f01 (patch) | |
tree | cf768f66232e45fdf1b440115a9189ad16a51ae4 | |
parent | f6aa4d89b83111cd057817e5619f40258ea78831 (diff) | |
download | pkgsrc-7f7241ef59644917efed8c594e42f2f4b9158f01.tar.gz |
Pullup ticket #5900 - requested by maya
databases/mysql55-client: security fix
databases/mysql56-client: security fix
databases/mysql57-client: security fix
Revisions pulled up:
- databases/mysql55-client/Makefile 1.32
- databases/mysql55-client/distinfo 1.63
- databases/mysql55-client/patches/patch-CMakeLists.txt 1.7
- databases/mysql55-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1
- databases/mysql55-client/patches/patch-sql_sys__vars.cc 1.1
- databases/mysql56-client/Makefile 1.28
- databases/mysql56-client/distinfo 1.49
- databases/mysql56-client/patches/patch-CMakeLists.txt 1.6
- databases/mysql56-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1
- databases/mysql56-client/patches/patch-sql_sys__vars.cc 1.3
- databases/mysql57-client/Makefile 1.19
- databases/mysql57-client/distinfo 1.27
- databases/mysql57-client/patches/patch-CMakeLists.txt 1.2
- databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1
- databases/mysql57-client/patches/patch-sql_sys__vars.cc 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Jan 20 18:03:25 UTC 2019
Modified Files:
pkgsrc/databases/mysql55-client: Makefile distinfo
pkgsrc/databases/mysql55-client/patches: patch-CMakeLists.txt
Added Files:
pkgsrc/databases/mysql55-client/patches:
patch-cmake_build__configurations_mysql__release.cmake
patch-sql_sys__vars.cc
Log Message:
mysql55-client: change the default configuration to avoid information
disclosure to a malicious server.
Backport of upstream commit:
https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
Exploit method described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Jan 20 18:04:49 UTC 2019
Modified Files:
pkgsrc/databases/mysql56-client: Makefile distinfo
pkgsrc/databases/mysql56-client/patches: patch-CMakeLists.txt
Added Files:
pkgsrc/databases/mysql56-client/patches:
patch-cmake_build__configurations_mysql__release.cmake
patch-sql_sys__vars.cc
Log Message:
mysql56-client: change the default configuration to avoid information
disclosure to a malicious server.
Backport of upstream commit:
https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
Exploit method described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Jan 20 18:22:10 UTC 2019
Modified Files:
pkgsrc/databases/mysql57-client: Makefile distinfo
pkgsrc/databases/mysql57-client/patches: patch-CMakeLists.txt
Added Files:
pkgsrc/databases/mysql57-client/patches:
patch-cmake_build__configurations_mysql__release.cmake
patch-sql_sys__vars.cc
Log Message:
mysql57-client: change the default configuration to avoid information
disclosure to a malicious server.
Backport of upstream commit:
https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
Exploit method described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
15 files changed, 172 insertions, 23 deletions
diff --git a/databases/mysql55-client/Makefile b/databases/mysql55-client/Makefile index b56f26033a9..7a72a1a0db1 100644 --- a/databases/mysql55-client/Makefile +++ b/databases/mysql55-client/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.31 2018/11/22 11:27:11 adam Exp $ +# $NetBSD: Makefile,v 1.31.2.1 2019/01/29 13:01:45 bsiegert Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} +PKGREVISION= 1 COMMENT= MySQL 5, a free SQL database (client) CONFLICTS= mysql3-client-[0-9]* diff --git a/databases/mysql55-client/distinfo b/databases/mysql55-client/distinfo index fb2ca8f0259..ae0489533ad 100644 --- a/databases/mysql55-client/distinfo +++ b/databases/mysql55-client/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.62 2018/11/22 11:27:11 adam Exp $ +$NetBSD: distinfo,v 1.62.2.1 2019/01/29 13:01:45 bsiegert Exp $ SHA1 (mysql-5.5.62.tar.gz) = b3df3c8c50b8655878cfbc288537f44715f6b060 RMD160 (mysql-5.5.62.tar.gz) = 4b6fdfc37dc87fdabb2b944b695d5b9e687e22f2 @@ -9,12 +9,13 @@ RMD160 (sphinx-2.2.11-release.tar.gz) = 5804b4cce64bc03fa20bac26c7391cd661cecc77 SHA512 (sphinx-2.2.11-release.tar.gz) = cf1a262a5b0fbf0bd2827ec6ec629edeaf709ce855a6e7b509b65342baaeb26c02717ca63f1578d32c83d21e2fd6d1e92dceb34660e6351b93cd96fd4e623689 Size (sphinx-2.2.11-release.tar.gz) = 3061998 bytes SHA1 (patch-BUILD_compile-pentium-gcov) = a1ac666efa953a98455a726e5db359c903d699b6 -SHA1 (patch-CMakeLists.txt) = 2040dc4904270327c9d64178a3d889ebde2ec5d5 +SHA1 (patch-CMakeLists.txt) = 95f3f9ab5210d3e1fdb565d9565fbaad448be70c SHA1 (patch-client_completion_hash.cc) = e27fd7072a8206380f0a932b1a31d2843c985cbf SHA1 (patch-client_mysqladmin.cc) = c640d3ca742dc1b200701d21d82d8f2093917cf2 SHA1 (patch-client_mysqlbinlog.cc) = e38abe026c10a07808ccd24b596cf13c5079e206 SHA1 (patch-client_mysqlshow.c) = a12b06241eee91d1ec11e3b7e4f3125aa6c79905 SHA1 (patch-client_sql_string.cc) = 1547b8d3889af2831c89b97aecdbe8158711a600 +SHA1 (patch-cmake_build__configurations_mysql__release.cmake) = 5c2e3afc7ff0099cfc24b95b6ebf3f58c9a3e7af SHA1 (patch-cmake_libutils.cmake) = 5d75a1762e3db6724bec2d75b45d40b17a5e9d09 SHA1 (patch-cmake_plugin.cmake) = 2b702af6bf8f251886cea12cf7477abae7659230 SHA1 (patch-cmake_readline.cmake) = aed279d6740e70d7e0e7565a6d9f0f214c866c8d @@ -35,6 +36,7 @@ SHA1 (patch-sql_CMakeLists.txt) = c4e72a0a93eb94a94501c267e2a43aedf8de2c76 SHA1 (patch-sql_log_event.h) = 43a52ea2f410aa51b99f2f7e1f293a579e13f9c8 SHA1 (patch-sql_mysqld.cc) = 7e2cfb58f6af8531920dd9128f7b3a35735d7d2c SHA1 (patch-sql_sql_string.h) = 32c0caf813f7ba94e9ed8fc6d0da4b4a52b41141 +SHA1 (patch-sql_sys__vars.cc) = d82aee9dfc512ae7316316e8da28c74340f85400 SHA1 (patch-storage_archive_CMakeLists.txt) = 1144fc8dda537be12656e76c2a714f2af59d0368 SHA1 (patch-storage_blackhole_CMakeLists.txt) = c8907f400c64e7405a2d112b80892fa0a395d212 SHA1 (patch-storage_csv_CMakeLists.txt) = 59ef822fe0eeb65bd003a5cc6849b57d26276b56 diff --git a/databases/mysql55-client/patches/patch-CMakeLists.txt b/databases/mysql55-client/patches/patch-CMakeLists.txt index b71ccb0f5d2..734bb3215c2 100644 --- a/databases/mysql55-client/patches/patch-CMakeLists.txt +++ b/databases/mysql55-client/patches/patch-CMakeLists.txt @@ -1,11 +1,15 @@ -$NetBSD: patch-CMakeLists.txt,v 1.6 2014/11/29 10:01:29 adam Exp $ +$NetBSD: patch-CMakeLists.txt,v 1.6.36.1 2019/01/29 13:01:45 bsiegert Exp $ Split configuration between mysql-client and mysql-server. Build with newer DTrace. +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + --- CMakeLists.txt.orig 2014-11-04 07:49:52.000000000 +0000 +++ CMakeLists.txt -@@ -165,6 +165,7 @@ IF(DISABLE_SHARED) +@@ -168,6 +168,7 @@ IF(DISABLE_SHARED) SET(WITHOUT_DYNAMIC_PLUGINS 1) ENDIF() OPTION(ENABLED_PROFILING "Enable profiling" ON) @@ -13,7 +17,16 @@ Build with newer DTrace. OPTION(CYBOZU "" OFF) OPTION(BACKUP_TEST "" OFF) OPTION(WITHOUT_SERVER OFF) -@@ -375,7 +376,6 @@ ADD_SUBDIRECTORY(strings) +@@ -294,7 +295,7 @@ IF(REPRODUCIBLE_BUILD) + ENDIF() + + OPTION(ENABLED_LOCAL_INFILE +- "If we should should enable LOAD DATA LOCAL by default" ${IF_WIN}) ++"If we should should enable LOAD DATA LOCAL by default" OFF) + MARK_AS_ADVANCED(ENABLED_LOCAL_INFILE) + + OPTION(WITH_FAST_MUTEXES "Compile with fast mutexes" OFF) +@@ -418,7 +419,6 @@ ADD_SUBDIRECTORY(strings) ADD_SUBDIRECTORY(vio) ADD_SUBDIRECTORY(regex) ADD_SUBDIRECTORY(mysys) @@ -21,7 +34,7 @@ Build with newer DTrace. IF(WITH_UNIT_TESTS) ENABLE_TESTING() -@@ -387,9 +387,13 @@ IF(WITH_UNIT_TESTS) +@@ -430,9 +430,13 @@ IF(WITH_UNIT_TESTS) ENDIF() ADD_SUBDIRECTORY(extra) @@ -37,7 +50,7 @@ Build with newer DTrace. ADD_SUBDIRECTORY(sql) ADD_SUBDIRECTORY(sql/share) ADD_SUBDIRECTORY(libservices) -@@ -402,11 +406,7 @@ IF(NOT WITHOUT_SERVER) +@@ -445,11 +449,7 @@ IF(NOT WITHOUT_SERVER) ADD_SUBDIRECTORY(mysql-test) ADD_SUBDIRECTORY(mysql-test/lib/My/SafeProcess) ADD_SUBDIRECTORY(support-files) diff --git a/databases/mysql55-client/patches/patch-cmake_build__configurations_mysql__release.cmake b/databases/mysql55-client/patches/patch-cmake_build__configurations_mysql__release.cmake new file mode 100644 index 00000000000..853f68185da --- /dev/null +++ b/databases/mysql55-client/patches/patch-cmake_build__configurations_mysql__release.cmake @@ -0,0 +1,17 @@ +$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1.2.2 2019/01/29 13:01:45 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- cmake/build_configurations/mysql_release.cmake.orig 2018-08-28 21:12:51.000000000 +0000 ++++ cmake/build_configurations/mysql_release.cmake +@@ -92,7 +92,7 @@ IF(FEATURE_SET) + ENDFOREACH() + ENDIF() + +-OPTION(ENABLED_LOCAL_INFILE "" ON) ++OPTION(ENABLED_LOCAL_INFILE "" OFF) + SET(WITH_SSL bundled CACHE STRING "") + SET(WITH_ZLIB bundled CACHE STRING "") + diff --git a/databases/mysql55-client/patches/patch-sql_sys__vars.cc b/databases/mysql55-client/patches/patch-sql_sys__vars.cc new file mode 100644 index 00000000000..588ef461421 --- /dev/null +++ b/databases/mysql55-client/patches/patch-sql_sys__vars.cc @@ -0,0 +1,17 @@ +$NetBSD: patch-sql_sys__vars.cc,v 1.1.2.2 2019/01/29 13:01:45 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- sql/sys_vars.cc.orig 2018-08-28 21:12:51.000000000 +0000 ++++ sql/sys_vars.cc +@@ -977,7 +977,7 @@ static Sys_var_charptr Sys_language( + + static Sys_var_mybool Sys_local_infile( + "local_infile", "Enable LOAD DATA LOCAL INFILE", +- GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE)); ++ GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); + + static Sys_var_ulong Sys_lock_wait_timeout( + "lock_wait_timeout", diff --git a/databases/mysql56-client/Makefile b/databases/mysql56-client/Makefile index 4de1e4865b3..8d11a1f4ea8 100644 --- a/databases/mysql56-client/Makefile +++ b/databases/mysql56-client/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2018/11/22 11:53:33 adam Exp $ +# $NetBSD: Makefile,v 1.27.2.1 2019/01/29 13:01:46 bsiegert Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} +PKGREVISION= 1 COMMENT= MySQL 5, a free SQL database (client) CONFLICTS= mysql3-client-[0-9]* diff --git a/databases/mysql56-client/distinfo b/databases/mysql56-client/distinfo index e689ef9e372..cc75cb96dca 100644 --- a/databases/mysql56-client/distinfo +++ b/databases/mysql56-client/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.48 2018/11/22 11:53:33 adam Exp $ +$NetBSD: distinfo,v 1.48.2.1 2019/01/29 13:01:46 bsiegert Exp $ SHA1 (mysql-5.6.42.tar.gz) = 536ca4899d49222d2c105e827f3a366a57a55b0e RMD160 (mysql-5.6.42.tar.gz) = ffbe4ceed2e751999077d089819ceb6a27dbeaaa @@ -8,10 +8,11 @@ SHA1 (sphinx-2.2.11-release.tar.gz) = 34e83f43de0e69e258bf749ea00348c60a51632a RMD160 (sphinx-2.2.11-release.tar.gz) = 5804b4cce64bc03fa20bac26c7391cd661cecc77 SHA512 (sphinx-2.2.11-release.tar.gz) = cf1a262a5b0fbf0bd2827ec6ec629edeaf709ce855a6e7b509b65342baaeb26c02717ca63f1578d32c83d21e2fd6d1e92dceb34660e6351b93cd96fd4e623689 Size (sphinx-2.2.11-release.tar.gz) = 3061998 bytes -SHA1 (patch-CMakeLists.txt) = cc14caabcb6ca55eba33595f98ad4b3db14504da +SHA1 (patch-CMakeLists.txt) = f3dc26d34730533c26f4496311767d774a72c5c4 SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93 SHA1 (patch-client_sql_string.h) = f26aff4ce4cf6dfef44c85ef95120331ca8fef52 +SHA1 (patch-cmake_build__configurations_mysql__release.cmake) = f6ddee05e028df9d4fdb4228a7e687b825fea1b3 SHA1 (patch-cmake_dtrace.cmake) = d953fdf976f3a7e7f0c2c16a9a2d2615f2777396 SHA1 (patch-cmake_libutils.cmake) = c3e5ab66d2bef43dc2308369e27550553e0f5356 SHA1 (patch-cmake_os_SunOS.cmake) = 60ba9f81c28bbb78295b8a12fe6cd3b176c03f91 @@ -36,6 +37,7 @@ SHA1 (patch-sql-common_client__authentication.cc) = fb14e5bcb64c4d2d0b8cbbe97ff5 SHA1 (patch-sql_CMakeLists.txt) = 83c1e50de6b53a0af5ff010f248dd595745b3eb5 SHA1 (patch-sql_log_event.h) = a413038ffa29103c75e1d243864615ccb3d9621e SHA1 (patch-sql_sql_string.h) = 1ce4d4db59310ea45e384f34e33c0d61935059bf +SHA1 (patch-sql_sys__vars.cc) = 355b17dac8da6f94c9996ae406df304113a1f8f5 SHA1 (patch-storage_archive_CMakeLists.txt) = e739ef4884a154d7e33e8aae24234fd6855119b7 SHA1 (patch-storage_blackhole_CMakeLists.txt) = b9c526783cabd04ea7859d62cb1930ff35f905f8 SHA1 (patch-storage_csv_CMakeLists.txt) = 739accd1fb85b051e28f5c3f16a6c3c0f77d6dae diff --git a/databases/mysql56-client/patches/patch-CMakeLists.txt b/databases/mysql56-client/patches/patch-CMakeLists.txt index e4b64ab4811..fc8fb296fb8 100644 --- a/databases/mysql56-client/patches/patch-CMakeLists.txt +++ b/databases/mysql56-client/patches/patch-CMakeLists.txt @@ -1,8 +1,12 @@ -$NetBSD: patch-CMakeLists.txt,v 1.5 2016/08/04 10:09:08 adam Exp $ +$NetBSD: patch-CMakeLists.txt,v 1.5.22.1 2019/01/29 13:01:46 bsiegert Exp $ Split configuration between mysql-client and mysql-server. Build with newer DTrace. +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + --- CMakeLists.txt.orig 2016-07-11 09:19:51.000000000 +0000 +++ CMakeLists.txt @@ -202,6 +202,7 @@ IF(DISABLE_SHARED) @@ -13,7 +17,16 @@ Build with newer DTrace. OPTION(CYBOZU "" OFF) OPTION(BACKUP_TEST "" OFF) OPTION(WITHOUT_SERVER OFF) -@@ -462,7 +463,6 @@ ADD_SUBDIRECTORY(vio) +@@ -345,7 +346,7 @@ IF(REPRODUCIBLE_BUILD) + ENDIF() + + OPTION(ENABLED_LOCAL_INFILE +- "If we should should enable LOAD DATA LOCAL by default" ${IF_WIN}) ++"If we should should enable LOAD DATA LOCAL by default" OFF) + MARK_AS_ADVANCED(ENABLED_LOCAL_INFILE) + + OPTION(WITH_FAST_MUTEXES "Compile with fast mutexes" OFF) +@@ -495,7 +496,6 @@ ADD_SUBDIRECTORY(vio) ADD_SUBDIRECTORY(regex) ADD_SUBDIRECTORY(mysys) ADD_SUBDIRECTORY(mysys_ssl) @@ -21,7 +34,7 @@ Build with newer DTrace. IF(WITH_UNIT_TESTS) # Visual Studio 11 needs this extra flag in order to compile gmock. -@@ -480,16 +480,16 @@ IF(WITH_UNIT_TESTS) +@@ -513,16 +513,16 @@ IF(WITH_UNIT_TESTS) ENDIF() ADD_SUBDIRECTORY(extra) @@ -43,7 +56,7 @@ Build with newer DTrace. ADD_SUBDIRECTORY(sql) OPTION (WITH_EMBEDDED_SERVER "Compile MySQL with embedded server" OFF) IF(WITH_EMBEDDED_SERVER) -@@ -500,7 +500,6 @@ ENDIF() +@@ -533,7 +533,6 @@ ENDIF() # scripts/mysql_config depends on client and server targets loaded above. # It is referenced by some of the directories below, so we insert it here. diff --git a/databases/mysql56-client/patches/patch-cmake_build__configurations_mysql__release.cmake b/databases/mysql56-client/patches/patch-cmake_build__configurations_mysql__release.cmake new file mode 100644 index 00000000000..30f3a78c555 --- /dev/null +++ b/databases/mysql56-client/patches/patch-cmake_build__configurations_mysql__release.cmake @@ -0,0 +1,17 @@ +$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1.2.2 2019/01/29 13:01:46 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- cmake/build_configurations/mysql_release.cmake.orig 2018-09-10 10:17:55.000000000 +0000 ++++ cmake/build_configurations/mysql_release.cmake +@@ -19,7 +19,7 @@ INCLUDE(CheckIncludeFiles) + INCLUDE(CheckLibraryExists) + + OPTION(DEBUG_EXTNAME "" ON) +-OPTION(ENABLED_LOCAL_INFILE "" ON) ++OPTION(ENABLED_LOCAL_INFILE "" OFF) + + IF(NOT COMPILATION_COMMENT) + SET(COMPILATION_COMMENT "MySQL Community Server (GPL)") diff --git a/databases/mysql56-client/patches/patch-sql_sys__vars.cc b/databases/mysql56-client/patches/patch-sql_sys__vars.cc new file mode 100644 index 00000000000..4b267cf9ece --- /dev/null +++ b/databases/mysql56-client/patches/patch-sql_sys__vars.cc @@ -0,0 +1,17 @@ +$NetBSD: patch-sql_sys__vars.cc,v 1.3.2.2 2019/01/29 13:01:46 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- sql/sys_vars.cc.orig 2018-09-10 10:17:55.000000000 +0000 ++++ sql/sys_vars.cc +@@ -1485,7 +1485,7 @@ static Sys_var_charptr Sys_language( + + static Sys_var_mybool Sys_local_infile( + "local_infile", "Enable LOAD DATA LOCAL INFILE", +- GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE)); ++ GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); + + static Sys_var_ulong Sys_lock_wait_timeout( + "lock_wait_timeout", diff --git a/databases/mysql57-client/Makefile b/databases/mysql57-client/Makefile index afd36581607..e3f62a4f8d3 100644 --- a/databases/mysql57-client/Makefile +++ b/databases/mysql57-client/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.18 2018/12/13 19:51:45 adam Exp $ +# $NetBSD: Makefile,v 1.18.2.1 2019/01/29 13:01:46 bsiegert Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= MySQL 5, a free SQL database (client) CONFLICTS= mysql3-client-[0-9]* diff --git a/databases/mysql57-client/distinfo b/databases/mysql57-client/distinfo index 970cb675650..5d0c7d3c731 100644 --- a/databases/mysql57-client/distinfo +++ b/databases/mysql57-client/distinfo @@ -1,14 +1,15 @@ -$NetBSD: distinfo,v 1.26 2018/12/13 19:51:45 adam Exp $ +$NetBSD: distinfo,v 1.26.2.1 2019/01/29 13:01:46 bsiegert Exp $ SHA1 (mysql-5.7.24.tar.gz) = e2f73a243659075d0100a71b8338c752c0c65de8 RMD160 (mysql-5.7.24.tar.gz) = 67fc0207cb6fae76af0b6e18bb1f6e14d190ac4c SHA512 (mysql-5.7.24.tar.gz) = c3a00788b91c243696cf140d2e3a374c3154ace97413ba09bc85c2d4325ec7bf476cd7eb5bff5c33e0407fc345f12b73d4cce19894c0f8ab9e1853f6a6cfa351 Size (mysql-5.7.24.tar.gz) = 52052796 bytes -SHA1 (patch-CMakeLists.txt) = b47592cf8801538375da3df2990fde4d292fc365 +SHA1 (patch-CMakeLists.txt) = 1409a98380c999c6973fa3106dc35684b7c3b3cc SHA1 (patch-client_CMakeLists.txt) = 990d6df52380981f11a4ac5aafe48f34a3b2097f SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93 SHA1 (patch-cmake_boost.cmake) = cab30ebdff1e773d6970f541f96fce8ed51257f8 +SHA1 (patch-cmake_build__configurations_mysql__release.cmake) = 7a1fb8c686f187db8fd9d8ad203c1f764d6e55a6 SHA1 (patch-cmake_os_SunOS.cmake) = 06e290820a75d68931fce6dfd70a0b5edd548320 SHA1 (patch-cmake_plugin.cmake) = 92267182d4ec559a312a5a38826b9047c99b122f SHA1 (patch-cmake_readline.cmake) = fb79ed969240ae2984098f72c2d3fb501154902c @@ -38,6 +39,7 @@ SHA1 (patch-sql_CMakeLists.txt) = 697add15adb66bf55cf561a6e43e0bf514d1e068 SHA1 (patch-sql_conn__handler_socket__connection.cc) = 12cf83e061edbe59eb073037b1036903b7ba4b00 SHA1 (patch-sql_item__geofunc__internal.cc) = 752862c3a30231e694e508ced1a215a610649fc6 SHA1 (patch-sql_log_event.h) = 311dc7fb04ea832df229dc2a28bcfbf263670ebf +SHA1 (patch-sql_sys__vars.cc) = 202b8756c20549393d0e2a14952e1f060037b88a SHA1 (patch-storage_archive_CMakeLists.txt) = 4cf5ed97a226a3844e184c46958b5202eefb9dd5 SHA1 (patch-storage_blackhole_CMakeLists.txt) = 1d066d686172657ce9f812a505c7323a76111a63 SHA1 (patch-storage_csv_CMakeLists.txt) = 6208989a32805f8b107cd9de96e3ff0490ec9000 diff --git a/databases/mysql57-client/patches/patch-CMakeLists.txt b/databases/mysql57-client/patches/patch-CMakeLists.txt index a90c4592ef1..708c6692f56 100644 --- a/databases/mysql57-client/patches/patch-CMakeLists.txt +++ b/databases/mysql57-client/patches/patch-CMakeLists.txt @@ -1,10 +1,23 @@ -$NetBSD: patch-CMakeLists.txt,v 1.1 2016/09/16 06:49:11 adam Exp $ +$NetBSD: patch-CMakeLists.txt,v 1.1.22.1 2019/01/29 13:01:46 bsiegert Exp $ Split configuration between mysql-client and mysql-server. ---- CMakeLists.txt.orig 2016-06-30 06:22:11.000000000 +0000 +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- CMakeLists.txt.orig 2018-10-04 05:48:22.000000000 +0000 +++ CMakeLists.txt -@@ -584,7 +584,6 @@ ADD_SUBDIRECTORY(vio) +@@ -408,7 +408,7 @@ IF(REPRODUCIBLE_BUILD) + ENDIF() + + OPTION(ENABLED_LOCAL_INFILE +- "If we should enable LOAD DATA LOCAL by default" ${IF_WIN}) ++ "If we should enable LOAD DATA LOCAL by default" OFF) + MARK_AS_ADVANCED(ENABLED_LOCAL_INFILE) + + OPTION(OPTIMIZER_TRACE "Support tracing of Optimizer" ON) +@@ -636,7 +636,6 @@ ADD_SUBDIRECTORY(vio) ADD_SUBDIRECTORY(regex) ADD_SUBDIRECTORY(mysys) ADD_SUBDIRECTORY(mysys_ssl) @@ -12,7 +25,7 @@ Split configuration between mysql-client and mysql-server. ADD_SUBDIRECTORY(libbinlogevents) ADD_SUBDIRECTORY(libbinlogstandalone) -@@ -613,12 +612,12 @@ ADD_SUBDIRECTORY(client) +@@ -674,12 +673,12 @@ ADD_SUBDIRECTORY(client) ADD_SUBDIRECTORY(sql/share) ADD_SUBDIRECTORY(libservices) diff --git a/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake b/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake new file mode 100644 index 00000000000..86f05c11d47 --- /dev/null +++ b/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake @@ -0,0 +1,17 @@ +$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1.2.2 2019/01/29 13:01:46 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- cmake/build_configurations/mysql_release.cmake.orig 2018-10-04 05:48:22.000000000 +0000 ++++ cmake/build_configurations/mysql_release.cmake +@@ -19,7 +19,7 @@ INCLUDE(CheckIncludeFiles) + INCLUDE(CheckLibraryExists) + + OPTION(DEBUG_EXTNAME "" ON) +-OPTION(ENABLED_LOCAL_INFILE "" ON) ++OPTION(ENABLED_LOCAL_INFILE "" OFF) + + IF(NOT COMPILATION_COMMENT) + SET(COMPILATION_COMMENT "MySQL Community Server (GPL)") diff --git a/databases/mysql57-client/patches/patch-sql_sys__vars.cc b/databases/mysql57-client/patches/patch-sql_sys__vars.cc new file mode 100644 index 00000000000..a172e3a5710 --- /dev/null +++ b/databases/mysql57-client/patches/patch-sql_sys__vars.cc @@ -0,0 +1,17 @@ +$NetBSD: patch-sql_sys__vars.cc,v 1.1.2.2 2019/01/29 13:01:46 bsiegert Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- sql/sys_vars.cc.orig 2018-10-04 05:48:22.000000000 +0000 ++++ sql/sys_vars.cc +@@ -1809,7 +1809,7 @@ static Sys_var_charptr Sys_language( + + static Sys_var_mybool Sys_local_infile( + "local_infile", "Enable LOAD DATA LOCAL INFILE", +- GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE)); ++ GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); + + static Sys_var_ulong Sys_lock_wait_timeout( + "lock_wait_timeout", |