From 6fa5cde8967d835c0976304c692152a5f490c286 Mon Sep 17 00:00:00 2001 From: Thomas Zander Date: Mon, 19 Sep 2016 12:28:53 +0000 Subject: MFH: r422257 Update to upstream version 5.7.15; fixes zero-day remote vuln CVE-2016-6662 PR: 212690 Submitted by: mokhi64@gmail.com (maintainer) Security: CVE 2016-6662 Approved by: ports-secteam (feld) --- databases/mysql57-client/Makefile | 1 + ...e_build__configurations_compiler__options.cmake | 12 +++--- .../files/patch-mysys__ssl_my__default.cc | 48 ++++++++++++++++++---- databases/mysql57-server/Makefile | 18 ++++---- databases/mysql57-server/distinfo | 6 +-- databases/mysql57-server/files/mysql-server.in | 8 ++-- .../files/patch-mysys__ssl_my__default.cc | 48 ++++++++++++++++++---- .../patch-rapid_plugin_x_mysqlx__configure.cmake | 15 +++++++ .../files/patch-rapid_plugin_x_mysqlx__error.cmake | 11 ----- .../mysql57-server/files/patch-sql_CMakeLists.txt | 4 +- databases/mysql57-server/pkg-message | 9 ++-- databases/mysql57-server/pkg-plist | 2 + 12 files changed, 125 insertions(+), 57 deletions(-) create mode 100644 databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake delete mode 100644 databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake diff --git a/databases/mysql57-client/Makefile b/databases/mysql57-client/Makefile index 7472142e50bc..8ce6bd5784c3 100644 --- a/databases/mysql57-client/Makefile +++ b/databases/mysql57-client/Makefile @@ -10,6 +10,7 @@ COMMENT= Multithreaded SQL database (client) LICENSE+= LGPL21 BROKEN_powerpc64= Does not build +BROKEN_powerpc64= Does not build: reports unsupported compiler MASTERDIR= ${.CURDIR}/../mysql57-server diff --git a/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake b/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake index 2fcf5754c44e..713c197992bc 100644 --- a/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake +++ b/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake @@ -1,6 +1,6 @@ ---- cmake/build_configurations/compiler_options.cmake.orig 2016-03-28 18:06:12 UTC +--- cmake/build_configurations/compiler_options.cmake.orig 2016-08-25 11:52:06 UTC +++ cmake/build_configurations/compiler_options.cmake -@@ -28,7 +28,7 @@ IF(UNIX) +@@ -29,7 +29,7 @@ IF(UNIX) # Default GCC flags IF(CMAKE_COMPILER_IS_GNUCC) @@ -9,12 +9,12 @@ # Disable inline optimizations for valgrind testing to avoid false positives IF(WITH_VALGRIND) SET(COMMON_C_FLAGS "-fno-inline ${COMMON_C_FLAGS}") -@@ -37,7 +37,7 @@ IF(UNIX) +@@ -42,7 +42,7 @@ IF(UNIX) SET(CMAKE_C_FLAGS_RELWITHDEBINFO "-O3 ${COMMON_C_FLAGS}") ENDIF() IF(CMAKE_COMPILER_IS_GNUCXX) - SET(COMMON_CXX_FLAGS "-g -fabi-version=2 -fno-omit-frame-pointer -fno-strict-aliasing") + SET(COMMON_CXX_FLAGS "-g -fno-omit-frame-pointer -fno-strict-aliasing") - # Disable inline optimizations for valgrind testing to avoid false positives - IF(WITH_VALGRIND) - SET(COMMON_CXX_FLAGS "-fno-inline ${COMMON_CXX_FLAGS}") + # GCC 6 has C++14 as default, set it explicitly to the old default. + EXECUTE_PROCESS(COMMAND ${CMAKE_CXX_COMPILER} -dumpversion + OUTPUT_VARIABLE GXX_VERSION) diff --git a/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc b/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc index ca7dd233539d..ea05679341fa 100644 --- a/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc +++ b/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc @@ -1,6 +1,6 @@ ---- mysys_ssl/my_default.cc.orig 2016-03-28 18:06:12 UTC +--- mysys_ssl/my_default.cc.orig 2016-08-25 11:52:06 UTC +++ mysys_ssl/my_default.cc -@@ -122,7 +122,7 @@ static my_bool is_login_file= FALSE; +@@ -114,7 +114,7 @@ static my_bool defaults_already_read= FA /* Which directories are searched for options (and in which order) */ @@ -9,18 +9,48 @@ #define DEFAULT_DIRS_SIZE (MAX_DEFAULT_DIRS + 1) /* Terminate with NULL */ static const char **default_directories = NULL; -@@ -1409,7 +1409,10 @@ static const char **init_default_directo +@@ -914,6 +914,14 @@ static int search_default_file_with_ext( + return 1; /* Ignore wrong files */ + } - #if defined(DEFAULT_SYSCONFDIR) - if (DEFAULT_SYSCONFDIR[0]) ++ if (strstr(name, "/etc") == name) + { - errors += add_directory(alloc, DEFAULT_SYSCONFDIR, dirs); -+ errors += add_directory(alloc, DEFAULT_SYSCONFDIR "/mysql", dirs); ++ fprintf(stderr, ++ "error: Config file %s in invalid location, please move to or merge with /usr/local%s\n", ++ name,name); ++ goto err; + } - #endif /* DEFAULT_SYSCONFDIR */ ++ + while (mysql_file_getline(buff, sizeof(buff) - 1, fp, is_login_file)) + { + line++; +@@ -1252,7 +1260,8 @@ void my_print_default_files(const char * + end[(strlen(end)-1)] = ' '; + else + strxmov(end, conf_file, *ext , " ", NullS); +- fputs(name, stdout); ++ if (strstr(name, "/etc") != name) ++ fputs(name, stdout); + } + } + } +@@ -1411,13 +1420,8 @@ static const char **init_default_directo + + #else + +- errors += add_directory(alloc, "/etc/", dirs); +- errors += add_directory(alloc, "/etc/mysql/", dirs); +- +-#if defined(DEFAULT_SYSCONFDIR) +- if (DEFAULT_SYSCONFDIR[0]) +- errors += add_directory(alloc, DEFAULT_SYSCONFDIR, dirs); +-#endif /* DEFAULT_SYSCONFDIR */ ++ errors += add_directory(alloc, "/usr/local/etc/", dirs); ++ errors += add_directory(alloc, "/usr/local/etc/mysql/", dirs); #endif -@@ -1480,7 +1483,7 @@ int check_file_permissions(const char *f + +@@ -1488,7 +1492,7 @@ int check_file_permissions(const char *f MY_STAT stat_info; if (!my_stat(file_name,&stat_info,MYF(0))) diff --git a/databases/mysql57-server/Makefile b/databases/mysql57-server/Makefile index eff2298d1f46..15f0c354d4ba 100644 --- a/databases/mysql57-server/Makefile +++ b/databases/mysql57-server/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= mysql -PORTVERSION= 5.7.13 +PORTVERSION= 5.7.15 PORTREVISION?= 0 CATEGORIES= databases ipv6 MASTER_SITES= MYSQL/MySQL-5.7 @@ -51,12 +51,12 @@ CMAKE_ARGS+= -DINSTALL_LAYOUT=FREEBSD \ -DINSTALL_SHAREDIR="share" \ -DINSTALL_SUPPORTFILESDIR="share/mysql" \ -DMYSQL_KEYRINGDIR="${ETCDIR}/keyring" \ - -DSYSCONFDIR="${ETCDIR}" \ -DWITH_BOOST="${WRKSRC}/boost" \ -DWITH_EDITLINE=system \ -DWITH_LIBEVENT=system \ -DWITH_LZ4=system \ - -DWITH_ZLIB=system + -DWITH_ZLIB=system \ + -DINSTALL_MYSQLTESTDIR=0 SHEBANG_FILES= scripts/*.pl* scripts/*.sh @@ -133,23 +133,21 @@ PERFSCHM_SUB_LIST_OFF+= PERFSCHEMRC="--skip-performance-schema" ### Just for the sake of FreeBSD 9.X ### .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 -.if !defined(CLIENT_ONLY) +. if !defined(CLIENT_ONLY) EXTRA_PATCHES+= ${PATCHDIR}/rapid_plugin-patch-_x_mysqlxtest__src_mysqlxtest.cc -.endif -WITH_OPENSSL_PORT= yes -CMAKE_ARGS+= -DWITH_SSL=${OPENSSLBASE} +. endif +### Just like deperecated `WITH_OPENSSL_PORT=yes` a workaround for building on 9.X ### +DEFAULT_VERSIONS+=ssl=openssl .endif .include -### FreeBSD Version > 9.X ### -.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1000000 .if ${SSL_DEFAULT} == base +BROKEN_FreeBSD_9= FreeBSD 9.x requires SSL from ports CMAKE_ARGS+= -DWITH_SSL=system .else CMAKE_ARGS+= -DWITH_SSL=${OPENSSLBASE} .endif -.endif post-extract: @${RM} -rvf ${WRKSRC}/sql/sql_hints.yy.cc ${WRKSRC}/sql/sql_hints.yy.h diff --git a/databases/mysql57-server/distinfo b/databases/mysql57-server/distinfo index 9ee61e895cb9..b3fcf738dec9 100644 --- a/databases/mysql57-server/distinfo +++ b/databases/mysql57-server/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1465065317 -SHA256 (mysql-boost-5.7.13.tar.gz) = 2a768682c37dfbca286912bd137f1a526075ac1f00a6a46da8b6fe63f6fcfa37 -SIZE (mysql-boost-5.7.13.tar.gz) = 60561931 +TIMESTAMP = 1473858917 +SHA256 (mysql-boost-5.7.15.tar.gz) = 7342a3a3e40878378dfaee252d42a3a5b06c58237f49c2544424d27316738945 +SIZE (mysql-boost-5.7.15.tar.gz) = 60583907 diff --git a/databases/mysql57-server/files/mysql-server.in b/databases/mysql57-server/files/mysql-server.in index 1f57e75325b7..03c57e7d15b8 100644 --- a/databases/mysql57-server/files/mysql-server.in +++ b/databases/mysql57-server/files/mysql-server.in @@ -64,9 +64,11 @@ mysql_prestart() { if [ -f "${mysql_dbdir}/my.cnf" ]; then echo "" - echo "Please keep in mind that the default location for my.cnf will be changed" - echo "from \"%%MY_DBDIR%%/my.cnf\" to \"%%ETCDIR%%/my.cnf\" in the near" - echo "future. If you do not want to move your my.cnf to the new location then" + echo "Please keep in mind that the default location for my.cnf has changed" + echo "from \"%%MY_DBDIR%%/my.cnf\" to \"%%ETCDIR%%/my.cnf\". " + echo "Please merge your existing my.cnf with the new default and move" + echo "it to \"%%ETCDIR%%/my.cnf\"." + echo "If you do not want to move your my.cnf to the new location then" echo "you must set \"mysql_optfile\" in /etc/rc.conf to \"/var/db/mysql/my.cnf\"." echo "" fi diff --git a/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc b/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc index ca7dd233539d..ea05679341fa 100644 --- a/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc +++ b/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc @@ -1,6 +1,6 @@ ---- mysys_ssl/my_default.cc.orig 2016-03-28 18:06:12 UTC +--- mysys_ssl/my_default.cc.orig 2016-08-25 11:52:06 UTC +++ mysys_ssl/my_default.cc -@@ -122,7 +122,7 @@ static my_bool is_login_file= FALSE; +@@ -114,7 +114,7 @@ static my_bool defaults_already_read= FA /* Which directories are searched for options (and in which order) */ @@ -9,18 +9,48 @@ #define DEFAULT_DIRS_SIZE (MAX_DEFAULT_DIRS + 1) /* Terminate with NULL */ static const char **default_directories = NULL; -@@ -1409,7 +1409,10 @@ static const char **init_default_directo +@@ -914,6 +914,14 @@ static int search_default_file_with_ext( + return 1; /* Ignore wrong files */ + } - #if defined(DEFAULT_SYSCONFDIR) - if (DEFAULT_SYSCONFDIR[0]) ++ if (strstr(name, "/etc") == name) + { - errors += add_directory(alloc, DEFAULT_SYSCONFDIR, dirs); -+ errors += add_directory(alloc, DEFAULT_SYSCONFDIR "/mysql", dirs); ++ fprintf(stderr, ++ "error: Config file %s in invalid location, please move to or merge with /usr/local%s\n", ++ name,name); ++ goto err; + } - #endif /* DEFAULT_SYSCONFDIR */ ++ + while (mysql_file_getline(buff, sizeof(buff) - 1, fp, is_login_file)) + { + line++; +@@ -1252,7 +1260,8 @@ void my_print_default_files(const char * + end[(strlen(end)-1)] = ' '; + else + strxmov(end, conf_file, *ext , " ", NullS); +- fputs(name, stdout); ++ if (strstr(name, "/etc") != name) ++ fputs(name, stdout); + } + } + } +@@ -1411,13 +1420,8 @@ static const char **init_default_directo + + #else + +- errors += add_directory(alloc, "/etc/", dirs); +- errors += add_directory(alloc, "/etc/mysql/", dirs); +- +-#if defined(DEFAULT_SYSCONFDIR) +- if (DEFAULT_SYSCONFDIR[0]) +- errors += add_directory(alloc, DEFAULT_SYSCONFDIR, dirs); +-#endif /* DEFAULT_SYSCONFDIR */ ++ errors += add_directory(alloc, "/usr/local/etc/", dirs); ++ errors += add_directory(alloc, "/usr/local/etc/mysql/", dirs); #endif -@@ -1480,7 +1483,7 @@ int check_file_permissions(const char *f + +@@ -1488,7 +1492,7 @@ int check_file_permissions(const char *f MY_STAT stat_info; if (!my_stat(file_name,&stat_info,MYF(0))) diff --git a/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake b/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake new file mode 100644 index 000000000000..52828f00f631 --- /dev/null +++ b/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake @@ -0,0 +1,15 @@ +--- rapid/plugin/x/mysqlx_configure.cmake.orig 2016-09-14 15:25:26 UTC ++++ rapid/plugin/x/mysqlx_configure.cmake +@@ -29,6 +29,7 @@ CONFIGURE_FILE(${MYSQLX_PROJECT_DIR}/src + CONFIGURE_FILE(${MYSQLX_PROJECT_DIR}/src/mysqlx_version.h.in + ${CMAKE_CURRENT_BINARY_DIR}/generated/mysqlx_version.h ) + ++IF(FALSE) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/generated/mysqlx_error.h + DESTINATION ${INSTALL_INCLUDEDIR} + COMPONENT Developement) +@@ -36,3 +37,4 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/generated/mysqlx_version.h + DESTINATION ${INSTALL_INCLUDEDIR} + COMPONENT Developement) ++ENDIF() diff --git a/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake b/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake deleted file mode 100644 index 3239e33e82cb..000000000000 --- a/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake +++ /dev/null @@ -1,11 +0,0 @@ ---- rapid/plugin/x/mysqlx_error.cmake.orig 2016-04-14 21:38:55 UTC -+++ rapid/plugin/x/mysqlx_error.cmake -@@ -26,6 +26,8 @@ GENERATE_XERRORS(${MYSQLX_PROJECT_DIR}/s - CONFIGURE_FILE(${MYSQLX_PROJECT_DIR}/src/mysqlx_error.h.in - ${CMAKE_CURRENT_BINARY_DIR}/mysqlx_error.h) - -+IF(FALSE) - INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mysqlx_error.h - DESTINATION ${INSTALL_INCLUDEDIR} - COMPONENT Developement) -+ENDIF() diff --git a/databases/mysql57-server/files/patch-sql_CMakeLists.txt b/databases/mysql57-server/files/patch-sql_CMakeLists.txt index 6f0f1f4bdab9..033958f32efb 100644 --- a/databases/mysql57-server/files/patch-sql_CMakeLists.txt +++ b/databases/mysql57-server/files/patch-sql_CMakeLists.txt @@ -1,4 +1,4 @@ ---- sql/CMakeLists.txt.orig 2016-03-28 18:06:12 UTC +--- sql/CMakeLists.txt.orig 2016-08-25 11:52:06 UTC +++ sql/CMakeLists.txt @@ -24,6 +24,8 @@ INCLUDE_DIRECTORIES( ${ZLIB_INCLUDE_DIR} @@ -6,6 +6,6 @@ ${CMAKE_BINARY_DIR}/sql + ${CMAKE_BINARY_DIR}/include + ${CMAKE_BINARY_DIR} + ${LZ4_INCLUDE_DIR} ) - SET(CONF_SOURCES diff --git a/databases/mysql57-server/pkg-message b/databases/mysql57-server/pkg-message index a047f75afd3c..50a3fb8fb482 100644 --- a/databases/mysql57-server/pkg-message +++ b/databases/mysql57-server/pkg-message @@ -11,9 +11,10 @@ in /root/.mysql_secret ***************************************************************************** -Please keep in mind that the default location for my.cnf will be changed -from "/var/db/mysql/my.cnf" to "/usr/local/etc/mysql/my.cnf" in the near -future. If you do not want to move your my.cnf to the new location then -you must set "mysql_optfile" in /etc/rc.conf to "/var/db/mysql/my.cnf". +The default location for my.cnf has changed from "/var/db/mysql/my.cnf" to +"/usr/local/etc/mysql/my.cnf". Existing my.cnf files must be merged manually +with the new default and moved to the new location. To continue using the +my.cnf file at the old location, set "mysql_optfile" in /etc/rc.conf to +point to the location of the existing my.cnf file. ***************************************************************************** diff --git a/databases/mysql57-server/pkg-plist b/databases/mysql57-server/pkg-plist index bb8e6b9f3840..a4a805c83ac9 100644 --- a/databases/mysql57-server/pkg-plist +++ b/databases/mysql57-server/pkg-plist @@ -62,6 +62,8 @@ lib/mysql/plugin/rewriter.so lib/mysql/plugin/semisync_master.so lib/mysql/plugin/semisync_slave.so lib/mysql/plugin/test_security_context.so +lib/mysql/plugin/keyring_udf.so +lib/mysql/plugin/test_udf_services.so lib/mysql/plugin/validate_password.so lib/mysql/plugin/version_token.so libdata/pkgconfig/LIBMYSQL_OS_OUTPUT_NAME-NOTFOUND.pc -- cgit v1.2.3