Index: branches/2017Q1/databases/mariadb55-client/Makefile =================================================================== --- branches/2017Q1/databases/mariadb55-client/Makefile (revision 436946) +++ branches/2017Q1/databases/mariadb55-client/Makefile (revision 436947) @@ -1,27 +1,29 @@ # $FreeBSD$ PORTNAME= mariadb PKGNAMESUFFIX= 55-client COMMENT= Multithreaded SQL database (client) LICENSE+= LGPL21 MASTERDIR= ${.CURDIR}/../mariadb55-server FILESDIR= ${.CURDIR}/files PATCHDIR= ${.CURDIR}/files PLIST= ${.CURDIR}/pkg-plist CONFLICTS_INSTALL= mariadb5[0-46-9]-client-* \ mariadb1*-client-* \ mysql*-client-* \ percona*-client-* CMAKE_ARGS+= -DWITHOUT_SERVER=1 - USE_LDCONFIG= ${PREFIX}/lib/mysql - CLIENT_ONLY= yes + +post-install: + ${RM} ${STAGEDIR}${PREFIX}/bin/mysqld_safe_helper + ${RM} -r ${STAGEDIR}${PREFIX}/include/mysql/private .include "${MASTERDIR}/Makefile" Index: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 =================================================================== --- branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 (nonexistent) +++ branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 (revision 436947) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; + Property changes on: branches/2017Q1/databases/mariadb55-client/files/patch-CVE-2017-3302 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q1/databases/mariadb55-server/Makefile =================================================================== --- branches/2017Q1/databases/mariadb55-server/Makefile (revision 436946) +++ branches/2017Q1/databases/mariadb55-server/Makefile (revision 436947) @@ -1,130 +1,130 @@ # $FreeBSD$ PORTNAME?= mariadb PORTVERSION= 5.5.54 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= databases ipv6 MASTER_SITES= http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirror.aarnet.edu.au/pub/MariaDB/${PORTNAME}-${PORTVERSION}/source/ \ http://mirror2.hs-esslingen.de/pub/Mirrors/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://gd.tuwien.ac.at/db/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirrors.fe.up.pt/pub/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirror.de.gsnw.de:56431/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirror.layerjet.com/mariadb/${PORTNAME}-${PORTVERSION}/source/ \ http://mirror.switch.ch/mirror/mariadb/${PORTNAME}-${PORTVERSION}/source/ PKGNAMESUFFIX?= 55-server -MAINTAINER= never@nevermind.kiev.ua +MAINTAINER= brnrd@FreeBSD.org COMMENT?= Multithreaded SQL database (server) LICENSE= GPLv2 SUB_FILES= pkg-message PKGMESSAGE= ${WRKDIR}/pkg-message SLAVEDIRS= databases/mariadb55-client USES= cmake execinfo shebangfix ssl SHEBANG_FILES= scripts/*.sh CMAKE_ARGS+= -DINSTALL_DOCDIR="share/doc/mysql" \ -DINSTALL_DOCREADMEDIR="share/doc/mysql" \ -DINSTALL_INCLUDEDIR="include/mysql" \ -DINSTALL_INFODIR="info" \ -DINSTALL_LIBDIR="lib/mysql" \ -DINSTALL_MANDIR="man" \ -DINSTALL_MYSQLDATADIR="/var/db/mysql" \ -DINSTALL_MYSQLSHAREDIR="share/mysql" \ -DINSTALL_MYSQLTESTDIR= \ -DINSTALL_PLUGINDIR="lib/mysql/plugin" \ -DINSTALL_SBINDIR="libexec" \ -DINSTALL_SCRIPTDIR="bin" \ -DINSTALL_SHAREDIR="share" \ -DINSTALL_SQLBENCHDIR="share/mysql" \ -DINSTALL_SUPPORTFILESDIR="share/mysql" \ -DWITH_UNIT_TESTS=0 \ -DWITH_LIBEDIT=0 \ -DWITH_LIBWRAP=1 \ -DWITH_SSL=yes \ -DEXECINFO_ROOT=${LOCALBASE} \ -DCOMPILATION_COMMENT="FreeBSD Ports" DATADIR= ${PREFIX}/share/mysql BROKEN_aarch64= Fails to link: missing sbrk BROKEN_armv6= Does not compile on armv6 BROKEN_sparc64= Does not compile: Unsupported platform .if defined(USE_MYSQL) .error You have 'USE_MYSQL' variable defined either in environment or in make(1) arguments. Please undefine and try again. .endif .if !defined(CLIENT_ONLY) # MySQL-Server part USES+= mysql:55m CONFLICTS_INSTALL= mariadb5[0-46-9]-server-* \ mariadb1*-server-* \ mysql[0-9]*-server-* \ percona[0-9]*-server-* USE_RC_SUBR= mysql-server USERS= mysql GROUPS= mysql CMAKE_ARGS+= -DREADLINE_INCLUDE_DIR=/usr/include \ -DWITH_EMBEDDED_SERVER="ON" \ -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 .else # MySQL-Client part USES+= ncurses readline .endif OPTIONS_DEFINE+= FASTMTX OPTIONS_SUB= yes NO_OPTIONS_SORT=yes FASTMTX_DESC= Replace mutexes with spinlocks FASTMTX_CMAKE_ON= -DWITH_FAST_MUTEXES=1 .if !defined(CLIENT_ONLY) # MySQL-Server options OPTIONS_DEFINE+= MAXKEY OQGRAPH OPTIONS_DEFAULT+= MAXKEY MAXKEY_DESC= Change max key length from 1000 to 4000 OQGRAPH_DESC= Open Query Graph Computation engine OQGRAPH_USE= GCC=yes OQGRAPH_LIB_DEPENDS= libboost_system.so:devel/boost-libs -OQGRAPH_BROKEN= yes +OQGRAPH_BROKEN= OQGraph does not build MAXKEY_EXTRA_PATCHES= ${FILESDIR}/extra-patch-include_my_compare.h .endif .include .if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000012 CMAKE_ARGS+= -DWITH_JEMALLOC="system" .else CMAKE_ARGS+= -DWITH_JEMALLOC="no" .endif # Server segfaults on i386 when built with clang >= 3.4 .if ${ARCH} == 'i386' && ${OSVERSION} >= 1001000 USE_GCC= yes .endif post-extract-OQGRAPH-off: @${RM} -r ${WRKSRC}/storage/oqgraph post-patch: @${REINPLACE_CMD} 's/*.1/${MAN1}/' ${WRKSRC}/man/CMakeLists.txt @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/mysys/default.c @${REINPLACE_CMD} 's|%%LOCALBASE%%|${LOCALBASE}|g' ${WRKSRC}/scripts/mysql_config.sh .include Index: branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 =================================================================== --- branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 (nonexistent) +++ branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 (revision 436947) @@ -0,0 +1,124 @@ +From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Thu, 16 Feb 2017 11:32:47 +0100 +Subject: [PATCH] MDEV-11933 Wrong usage of linked list in + mysql_prune_stmt_list + +mysql_prune_stmt_list() was walking the list following +element->next pointers, but inside the loop it was invoking +list_add(element) that modified element->next. So, mysql_prune_stmt_list() +failed to visit and reset all elements, and some of them were left +with pointers to invalid MYSQL. +--- + sql-common/client.c | 11 ++--------- + tests/mysql_client_test.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/sql-common/client.c b/sql-common/client.c +index c2e0cc3..b348afc 100644 +--- sql-common/client.c.orig ++++ sql-common/client.c +@@ -1,5 +1,5 @@ + /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. +- Copyright (c) 2009, 2016, MariaDB ++ Copyright (c) 2009, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) + static void mysql_prune_stmt_list(MYSQL *mysql) + { + LIST *element= mysql->stmts; +- LIST *pruned_list= 0; +- + for (; element; element= element->next) + { + MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; +@@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) + stmt->last_errno= CR_SERVER_LOST; + strmov(stmt->last_error, ER(CR_SERVER_LOST)); + strmov(stmt->sqlstate, unknown_sqlstate); +- } +- else +- { +- pruned_list= list_add(pruned_list, element); ++ mysql->stmts= list_delete(mysql->stmts, element); + } + } +- +- mysql->stmts= pruned_list; + } + + +diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c +index 446018e..f62545d 100644 +--- tests/mysql_client_test.c.orig ++++ tests/mysql_client_test.c +@@ -1,5 +1,5 @@ +-/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. +- Copyright (c) 2008, 2012, Monty Program Ab ++/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. ++ Copyright (c) 2008, 2017, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -19031,6 +19031,49 @@ static void test_mdev4326() + myquery(rc); + } + ++ ++/** ++ BUG#17512527: LIST HANDLING INCORRECT IN MYSQL_PRUNE_STMT_LIST() ++*/ ++static void test_bug17512527() ++{ ++ MYSQL *conn; ++ MYSQL_STMT *stmt1, *stmt2; ++ unsigned long thread_id; ++ char query[MAX_TEST_QUERY_LENGTH]; ++ int rc; ++ ++ conn= client_connect(0, MYSQL_PROTOCOL_SOCKET, 1); ++ ++ stmt1 = mysql_stmt_init(conn); ++ check_stmt(stmt1); ++ rc= mysql_stmt_prepare(stmt1, STRING_WITH_LEN("SELECT 1")); ++ check_execute(stmt1, rc); ++ ++ stmt2 = mysql_stmt_init(conn); ++ check_stmt(stmt2); ++ ++ thread_id= mysql_thread_id(conn); ++ sprintf(query, "KILL %lu", thread_id); ++ if (thread_query(query)) ++ exit(1); ++ ++ rc= mysql_stmt_prepare(stmt2, STRING_WITH_LEN("SELECT 2")); ++ check_execute(stmt2, rc); ++ ++ rc= mysql_stmt_execute(stmt1); ++ check_execute_r(stmt1, rc); ++ ++ rc= mysql_stmt_execute(stmt2); ++ check_execute(stmt2, rc); ++ ++ mysql_close(conn); ++ ++ mysql_stmt_close(stmt2); ++ mysql_stmt_close(stmt1); ++} ++ ++ + static struct my_tests_st my_tests[]= { + { "disable_query_logs", disable_query_logs }, + { "test_view_sp_list_fields", test_view_sp_list_fields }, +@@ -19297,6 +19340,9 @@ static struct my_tests_st my_tests[]= { + { "test_bug13001491", test_bug13001491 }, + { "test_mdev4326", test_mdev4326 }, + { "test_ps_sp_out_params", test_ps_sp_out_params }, ++#ifndef _WIN32 ++ { "test_bug17512527", test_bug17512527}, ++#endif + { 0, 0 } + }; + Property changes on: branches/2017Q1/databases/mariadb55-server/files/patch-CVE-2017-3302 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q1 =================================================================== --- branches/2017Q1 (revision 436946) +++ branches/2017Q1 (revision 436947) Property changes on: branches/2017Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r433041-433042,436493