diff options
author | maya <maya@pkgsrc.org> | 2019-01-20 18:22:10 +0000 |
---|---|---|
committer | maya <maya@pkgsrc.org> | 2019-01-20 18:22:10 +0000 |
commit | 5cd0828c29d4bfb2bf211ded7f1eff4626ec29f1 (patch) | |
tree | 66322771b90a6c898d55d310dadfa7e2a17b43a7 /databases/mysql57-client | |
parent | 53c7118842f9b71964b6799a2cc230b3c1e01c12 (diff) | |
download | pkgsrc-5cd0828c29d4bfb2bf211ded7f1eff4626ec29f1.tar.gz |
mysql57-client: change the default configuration to avoid information
disclosure to a malicious server.
Backport of upstream commit:
https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
Exploit method described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
Diffstat (limited to 'databases/mysql57-client')
5 files changed, 57 insertions, 8 deletions
diff --git a/databases/mysql57-client/Makefile b/databases/mysql57-client/Makefile index afd36581607..205ebc8e004 100644 --- a/databases/mysql57-client/Makefile +++ b/databases/mysql57-client/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.18 2018/12/13 19:51:45 adam Exp $ +# $NetBSD: Makefile,v 1.19 2019/01/20 18:22:10 maya Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= MySQL 5, a free SQL database (client) CONFLICTS= mysql3-client-[0-9]* diff --git a/databases/mysql57-client/distinfo b/databases/mysql57-client/distinfo index 970cb675650..4558ca2b4ae 100644 --- a/databases/mysql57-client/distinfo +++ b/databases/mysql57-client/distinfo @@ -1,14 +1,15 @@ -$NetBSD: distinfo,v 1.26 2018/12/13 19:51:45 adam Exp $ +$NetBSD: distinfo,v 1.27 2019/01/20 18:22:10 maya Exp $ SHA1 (mysql-5.7.24.tar.gz) = e2f73a243659075d0100a71b8338c752c0c65de8 RMD160 (mysql-5.7.24.tar.gz) = 67fc0207cb6fae76af0b6e18bb1f6e14d190ac4c SHA512 (mysql-5.7.24.tar.gz) = c3a00788b91c243696cf140d2e3a374c3154ace97413ba09bc85c2d4325ec7bf476cd7eb5bff5c33e0407fc345f12b73d4cce19894c0f8ab9e1853f6a6cfa351 Size (mysql-5.7.24.tar.gz) = 52052796 bytes -SHA1 (patch-CMakeLists.txt) = b47592cf8801538375da3df2990fde4d292fc365 +SHA1 (patch-CMakeLists.txt) = 1409a98380c999c6973fa3106dc35684b7c3b3cc SHA1 (patch-client_CMakeLists.txt) = 990d6df52380981f11a4ac5aafe48f34a3b2097f SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93 SHA1 (patch-cmake_boost.cmake) = cab30ebdff1e773d6970f541f96fce8ed51257f8 +SHA1 (patch-cmake_build__configurations_mysql__release.cmake) = 7a1fb8c686f187db8fd9d8ad203c1f764d6e55a6 SHA1 (patch-cmake_os_SunOS.cmake) = 06e290820a75d68931fce6dfd70a0b5edd548320 SHA1 (patch-cmake_plugin.cmake) = 92267182d4ec559a312a5a38826b9047c99b122f SHA1 (patch-cmake_readline.cmake) = fb79ed969240ae2984098f72c2d3fb501154902c @@ -38,6 +39,7 @@ SHA1 (patch-sql_CMakeLists.txt) = 697add15adb66bf55cf561a6e43e0bf514d1e068 SHA1 (patch-sql_conn__handler_socket__connection.cc) = 12cf83e061edbe59eb073037b1036903b7ba4b00 SHA1 (patch-sql_item__geofunc__internal.cc) = 752862c3a30231e694e508ced1a215a610649fc6 SHA1 (patch-sql_log_event.h) = 311dc7fb04ea832df229dc2a28bcfbf263670ebf +SHA1 (patch-sql_sys__vars.cc) = 202b8756c20549393d0e2a14952e1f060037b88a SHA1 (patch-storage_archive_CMakeLists.txt) = 4cf5ed97a226a3844e184c46958b5202eefb9dd5 SHA1 (patch-storage_blackhole_CMakeLists.txt) = 1d066d686172657ce9f812a505c7323a76111a63 SHA1 (patch-storage_csv_CMakeLists.txt) = 6208989a32805f8b107cd9de96e3ff0490ec9000 diff --git a/databases/mysql57-client/patches/patch-CMakeLists.txt b/databases/mysql57-client/patches/patch-CMakeLists.txt index a90c4592ef1..f83b737b815 100644 --- a/databases/mysql57-client/patches/patch-CMakeLists.txt +++ b/databases/mysql57-client/patches/patch-CMakeLists.txt @@ -1,10 +1,23 @@ -$NetBSD: patch-CMakeLists.txt,v 1.1 2016/09/16 06:49:11 adam Exp $ +$NetBSD: patch-CMakeLists.txt,v 1.2 2019/01/20 18:22:10 maya Exp $ Split configuration between mysql-client and mysql-server. ---- CMakeLists.txt.orig 2016-06-30 06:22:11.000000000 +0000 +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- CMakeLists.txt.orig 2018-10-04 05:48:22.000000000 +0000 +++ CMakeLists.txt -@@ -584,7 +584,6 @@ ADD_SUBDIRECTORY(vio) +@@ -408,7 +408,7 @@ IF(REPRODUCIBLE_BUILD) + ENDIF() + + OPTION(ENABLED_LOCAL_INFILE +- "If we should enable LOAD DATA LOCAL by default" ${IF_WIN}) ++ "If we should enable LOAD DATA LOCAL by default" OFF) + MARK_AS_ADVANCED(ENABLED_LOCAL_INFILE) + + OPTION(OPTIMIZER_TRACE "Support tracing of Optimizer" ON) +@@ -636,7 +636,6 @@ ADD_SUBDIRECTORY(vio) ADD_SUBDIRECTORY(regex) ADD_SUBDIRECTORY(mysys) ADD_SUBDIRECTORY(mysys_ssl) @@ -12,7 +25,7 @@ Split configuration between mysql-client and mysql-server. ADD_SUBDIRECTORY(libbinlogevents) ADD_SUBDIRECTORY(libbinlogstandalone) -@@ -613,12 +612,12 @@ ADD_SUBDIRECTORY(client) +@@ -674,12 +673,12 @@ ADD_SUBDIRECTORY(client) ADD_SUBDIRECTORY(sql/share) ADD_SUBDIRECTORY(libservices) diff --git a/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake b/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake new file mode 100644 index 00000000000..12500626bf3 --- /dev/null +++ b/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake @@ -0,0 +1,17 @@ +$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1 2019/01/20 18:22:10 maya Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- cmake/build_configurations/mysql_release.cmake.orig 2018-10-04 05:48:22.000000000 +0000 ++++ cmake/build_configurations/mysql_release.cmake +@@ -19,7 +19,7 @@ INCLUDE(CheckIncludeFiles) + INCLUDE(CheckLibraryExists) + + OPTION(DEBUG_EXTNAME "" ON) +-OPTION(ENABLED_LOCAL_INFILE "" ON) ++OPTION(ENABLED_LOCAL_INFILE "" OFF) + + IF(NOT COMPILATION_COMMENT) + SET(COMPILATION_COMMENT "MySQL Community Server (GPL)") diff --git a/databases/mysql57-client/patches/patch-sql_sys__vars.cc b/databases/mysql57-client/patches/patch-sql_sys__vars.cc new file mode 100644 index 00000000000..e9749205ca9 --- /dev/null +++ b/databases/mysql57-client/patches/patch-sql_sys__vars.cc @@ -0,0 +1,17 @@ +$NetBSD: patch-sql_sys__vars.cc,v 1.1 2019/01/20 18:22:10 maya Exp $ + +Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be +Avoid disclosure of files from a client to a malicious server, described here: +https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ + +--- sql/sys_vars.cc.orig 2018-10-04 05:48:22.000000000 +0000 ++++ sql/sys_vars.cc +@@ -1809,7 +1809,7 @@ static Sys_var_charptr Sys_language( + + static Sys_var_mybool Sys_local_infile( + "local_infile", "Enable LOAD DATA LOCAL INFILE", +- GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE)); ++ GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); + + static Sys_var_ulong Sys_lock_wait_timeout( + "lock_wait_timeout", |