From 9b22734d900a375a1084cdadbdf9778ee72c6101 Mon Sep 17 00:00:00 2001
From: Bernard Spil <brnrd@FreeBSD.org>
Date: Sun, 26 Mar 2017 10:20:57 +0000
Subject: MFH: r433041 r433042 r436493

databases/maria55*: reset maintainer

The maintainer was not involved in any of the last 13 releases and still
is not responding to PRs (many, many timeouts).  Maintainership of this
port probably should have been reset a couple of years ago.

databases/mariadb55-client: Fix stage QA

Remove files from stage directory that aren't supposed to be packaged
to satisfy QA checks.  No revump necessary.

PR:	214669

databases/mariadb55-server: Fix vulnerabilities

 - Add vulnerability patch from upstream
 - Improve OQGraph BROKEN message
 - Take maintaintership

Security:	7c27192f-0bc3-11e7-9940-b499baebfeaf
Security:	4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
Security:	CVE-2017-3313
Security:	CVE-2017-3302

Approved by:	ports-secteam (junovitch)
---
 databases/mariadb55-client/Makefile                |   6 +-
 .../mariadb55-client/files/patch-CVE-2017-3302     | 124 +++++++++++++++++++++
 databases/mariadb55-server/Makefile                |   6 +-
 .../mariadb55-server/files/patch-CVE-2017-3302     | 124 +++++++++++++++++++++
 4 files changed, 255 insertions(+), 5 deletions(-)
 create mode 100644 databases/mariadb55-client/files/patch-CVE-2017-3302
 create mode 100644 databases/mariadb55-server/files/patch-CVE-2017-3302

diff --git a/databases/mariadb55-client/Makefile b/databases/mariadb55-client/Makefile
index 7b6bd9fe4f05..c047b2bda322 100644
--- a/databases/mariadb55-client/Makefile
+++ b/databases/mariadb55-client/Makefile
@@ -19,9 +19,11 @@ CONFLICTS_INSTALL=	mariadb5[0-46-9]-client-* \
 			percona*-client-*
 
 CMAKE_ARGS+=	-DWITHOUT_SERVER=1
-
 USE_LDCONFIG=	${PREFIX}/lib/mysql
-
 CLIENT_ONLY=	yes
 
+post-install:
+	${RM} ${STAGEDIR}${PREFIX}/bin/mysqld_safe_helper
+	${RM} -r ${STAGEDIR}${PREFIX}/include/mysql/private
+
 .include "${MASTERDIR}/Makefile"
diff --git a/databases/mariadb55-client/files/patch-CVE-2017-3302 b/databases/mariadb55-client/files/patch-CVE-2017-3302
new file mode 100644
index 000000000000..87d08f1d8f93
--- /dev/null
+++ b/databases/mariadb55-client/files/patch-CVE-2017-3302
@@ -0,0 +1,124 @@
+From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 16 Feb 2017 11:32:47 +0100
+Subject: [PATCH] MDEV-11933 Wrong usage of linked list in
+ mysql_prune_stmt_list
+
+mysql_prune_stmt_list() was walking the list following
+element->next pointers, but inside the loop it was invoking
+list_add(element) that modified element->next. So, mysql_prune_stmt_list()
+failed to visit and reset all elements, and some of them were left
+with pointers to invalid MYSQL.
+---
+ sql-common/client.c       | 11 ++---------
+ tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/sql-common/client.c b/sql-common/client.c
+index c2e0cc3..b348afc 100644
+--- sql-common/client.c.orig
++++ sql-common/client.c
+@@ -1,5 +1,5 @@
+ /* Copyright (c) 2003, 2016, Oracle and/or its affiliates.
+-   Copyright (c) 2009, 2016, MariaDB
++   Copyright (c) 2009, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql)
+ static void mysql_prune_stmt_list(MYSQL *mysql)
+ {
+   LIST *element= mysql->stmts;
+-  LIST *pruned_list= 0;
+-
+   for (; element; element= element->next)
+   {
+     MYSQL_STMT *stmt= (MYSQL_STMT *) element->data;
+@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql)
+       stmt->last_errno= CR_SERVER_LOST;
+       strmov(stmt->last_error, ER(CR_SERVER_LOST));
+       strmov(stmt->sqlstate, unknown_sqlstate);
+-    }
+-    else
+-    {
+-      pruned_list= list_add(pruned_list, element);
++      mysql->stmts= list_delete(mysql->stmts, element);
+     }
+   }
+-
+-  mysql->stmts= pruned_list;
+ }
+ 
+ 
+diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
+index 446018e..f62545d 100644
+--- tests/mysql_client_test.c.orig
++++ tests/mysql_client_test.c
+@@ -1,5 +1,5 @@
+-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates.
+-   Copyright (c) 2008, 2012, Monty Program Ab
++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates.
++   Copyright (c) 2008, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -19031,6 +19031,49 @@ static void test_mdev4326()
+   myquery(rc);
+ }
+ 
++
++/**
++   BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST()
++*/
++static void test_bug17512527()
++{
++  MYSQL *conn;
++  MYSQL_STMT *stmt1, *stmt2;
++  unsigned long thread_id;
++  char query[MAX_TEST_QUERY_LENGTH];
++  int rc;
++
++  conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1);
++
++  stmt1 = mysql_stmt_init(conn);
++  check_stmt(stmt1);
++  rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1"));
++  check_execute(stmt1, rc);
++
++  stmt2 = mysql_stmt_init(conn);
++  check_stmt(stmt2);
++
++  thread_id= mysql_thread_id(conn);
++  sprintf(query, "KILL %lu", thread_id);
++  if (thread_query(query))
++    exit(1);
++
++  rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2"));
++  check_execute(stmt2, rc);
++
++  rc= mysql_stmt_execute(stmt1);
++  check_execute_r(stmt1, rc);
++
++  rc= mysql_stmt_execute(stmt2);
++  check_execute(stmt2, rc);
++
++  mysql_close(conn);
++
++  mysql_stmt_close(stmt2);
++  mysql_stmt_close(stmt1);
++}
++
++
+ static struct my_tests_st my_tests[]= {
+   { "disable_query_logs", disable_query_logs },
+   { "test_view_sp_list_fields", test_view_sp_list_fields },
+@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug13001491", test_bug13001491 },
+   { "test_mdev4326", test_mdev4326 },
+   { "test_ps_sp_out_params", test_ps_sp_out_params },
++#ifndef _WIN32
++  { "test_bug17512527", test_bug17512527},
++#endif
+   { 0, 0 }
+ };
+ 
diff --git a/databases/mariadb55-server/Makefile b/databases/mariadb55-server/Makefile
index 9d25ba7e72c4..b1c6137706ed 100644
--- a/databases/mariadb55-server/Makefile
+++ b/databases/mariadb55-server/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME?=	mariadb
 PORTVERSION=	5.5.54
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES=	databases ipv6
 MASTER_SITES=	http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \
 		http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/source/ \
@@ -15,7 +15,7 @@ MASTER_SITES=	http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/sourc
 		http://mirror.switch.ch/mirror/mariadb/${PORTNAME}-${PORTVERSION}/source/
 PKGNAMESUFFIX?=	55-server
 
-MAINTAINER=	never@nevermind.kiev.ua
+MAINTAINER=	brnrd@FreeBSD.org
 COMMENT?=	Multithreaded SQL database (server)
 
 LICENSE=	GPLv2
@@ -101,7 +101,7 @@ OQGRAPH_DESC=	Open Query Graph Computation engine
 
 OQGRAPH_USE=	GCC=yes
 OQGRAPH_LIB_DEPENDS=	libboost_system.so:devel/boost-libs
-OQGRAPH_BROKEN=	yes
+OQGRAPH_BROKEN=	OQGraph does not build
 
 MAXKEY_EXTRA_PATCHES=	${FILESDIR}/extra-patch-include_my_compare.h
 .endif
diff --git a/databases/mariadb55-server/files/patch-CVE-2017-3302 b/databases/mariadb55-server/files/patch-CVE-2017-3302
new file mode 100644
index 000000000000..87d08f1d8f93
--- /dev/null
+++ b/databases/mariadb55-server/files/patch-CVE-2017-3302
@@ -0,0 +1,124 @@
+From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001
+From: Sergei Golubchik <serg@mariadb.org>
+Date: Thu, 16 Feb 2017 11:32:47 +0100
+Subject: [PATCH] MDEV-11933 Wrong usage of linked list in
+ mysql_prune_stmt_list
+
+mysql_prune_stmt_list() was walking the list following
+element->next pointers, but inside the loop it was invoking
+list_add(element) that modified element->next. So, mysql_prune_stmt_list()
+failed to visit and reset all elements, and some of them were left
+with pointers to invalid MYSQL.
+---
+ sql-common/client.c       | 11 ++---------
+ tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 50 insertions(+), 11 deletions(-)
+
+diff --git a/sql-common/client.c b/sql-common/client.c
+index c2e0cc3..b348afc 100644
+--- sql-common/client.c.orig
++++ sql-common/client.c
+@@ -1,5 +1,5 @@
+ /* Copyright (c) 2003, 2016, Oracle and/or its affiliates.
+-   Copyright (c) 2009, 2016, MariaDB
++   Copyright (c) 2009, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql)
+ static void mysql_prune_stmt_list(MYSQL *mysql)
+ {
+   LIST *element= mysql->stmts;
+-  LIST *pruned_list= 0;
+-
+   for (; element; element= element->next)
+   {
+     MYSQL_STMT *stmt= (MYSQL_STMT *) element->data;
+@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql)
+       stmt->last_errno= CR_SERVER_LOST;
+       strmov(stmt->last_error, ER(CR_SERVER_LOST));
+       strmov(stmt->sqlstate, unknown_sqlstate);
+-    }
+-    else
+-    {
+-      pruned_list= list_add(pruned_list, element);
++      mysql->stmts= list_delete(mysql->stmts, element);
+     }
+   }
+-
+-  mysql->stmts= pruned_list;
+ }
+ 
+ 
+diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
+index 446018e..f62545d 100644
+--- tests/mysql_client_test.c.orig
++++ tests/mysql_client_test.c
+@@ -1,5 +1,5 @@
+-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates.
+-   Copyright (c) 2008, 2012, Monty Program Ab
++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates.
++   Copyright (c) 2008, 2017, MariaDB
+ 
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -19031,6 +19031,49 @@ static void test_mdev4326()
+   myquery(rc);
+ }
+ 
++
++/**
++   BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST()
++*/
++static void test_bug17512527()
++{
++  MYSQL *conn;
++  MYSQL_STMT *stmt1, *stmt2;
++  unsigned long thread_id;
++  char query[MAX_TEST_QUERY_LENGTH];
++  int rc;
++
++  conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1);
++
++  stmt1 = mysql_stmt_init(conn);
++  check_stmt(stmt1);
++  rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1"));
++  check_execute(stmt1, rc);
++
++  stmt2 = mysql_stmt_init(conn);
++  check_stmt(stmt2);
++
++  thread_id= mysql_thread_id(conn);
++  sprintf(query, "KILL %lu", thread_id);
++  if (thread_query(query))
++    exit(1);
++
++  rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2"));
++  check_execute(stmt2, rc);
++
++  rc= mysql_stmt_execute(stmt1);
++  check_execute_r(stmt1, rc);
++
++  rc= mysql_stmt_execute(stmt2);
++  check_execute(stmt2, rc);
++
++  mysql_close(conn);
++
++  mysql_stmt_close(stmt2);
++  mysql_stmt_close(stmt1);
++}
++
++
+ static struct my_tests_st my_tests[]= {
+   { "disable_query_logs", disable_query_logs },
+   { "test_view_sp_list_fields", test_view_sp_list_fields },
+@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug13001491", test_bug13001491 },
+   { "test_mdev4326", test_mdev4326 },
+   { "test_ps_sp_out_params", test_ps_sp_out_params },
++#ifndef _WIN32
++  { "test_bug17512527", test_bug17512527},
++#endif
+   { 0, 0 }
+ };
+ 
-- 
cgit v1.2.3