Bug 204410 - databases/mariadb55-server: Multiple security vulnerabilities
Summary: databases/mariadb55-server: Multiple security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bernard Spil
URL: https://reviews.freebsd.org/D4134
Keywords: needs-qa, patch, security
: 204734 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-11-10 00:29 UTC by Sevan Janiyan
Modified: 2017-02-01 15:38 UTC (History)
8 users (show)

See Also:
bugzilla: maintainer-feedback? (never)

Attachments
svn diff for databases/mariadb55-server (1.30 KB, patch)
2015-11-10 19:46 UTC, Bernard Spil 		no flags Details | Diff
svn diff for databases/mariadb55-server and -client (1.85 KB, patch)
2015-11-10 19:50 UTC, Bernard Spil 		brnrd: maintainer-approval? (never)
 Details | Diff
svn diff for security/vuxml (2.95 KB, patch)
2015-11-11 20:09 UTC, Bernard Spil 		no flags Details | Diff
svn diff for security/vuxml (3.45 KB, patch)
2015-11-11 20:33 UTC, Bernard Spil 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-11-10 00:29:51 UTC 
CVE-2015-4913
CVE-2015-4792
CVE-2015-4802
CVE-2015-4815
CVE-2015-4816
CVE-2015-4819
CVE-2015-4826
CVE-2015-4830
CVE-2015-4836
CVE-2015-4858
CVE-2015-4861
CVE-2015-4870
CVE-2015-4879
Comment 1 Bernard Spil freebsd_committer freebsd_triage 2015-11-10 19:46:53 UTC 
Created attachment 162988 [details]
svn diff for databases/mariadb55-server

Builds for me (with only OpenSSL and MaxKey selected) both -client and -server.

make check-plist is OK.
Comment 2 Bernard Spil freebsd_committer freebsd_triage 2015-11-10 19:50:20 UTC 
Created attachment 162989 [details]
svn diff for databases/mariadb55-server and -client

Includes harmonization of conflicts for all mariadb ports as well
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-11 03:56:03 UTC 
@Bernard, is any of this covered in your open reviews?

I believe this also needs a security/vuxml entry, Jan might be able to help here if you need it
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2015-11-11 19:06:06 UTC 
(In reply to Kubilay Kocak from comment #3)

Nope, no review open for 5.5 (I'm not maintainer). Will cook up a vuxml entry and update the patch...
Comment 5 Bernard Spil freebsd_committer freebsd_triage 2015-11-11 20:09:06 UTC 
Created attachment 163021 [details]
svn diff for security/vuxml

Includes all MySQL/MariaDB/Percona versions
Comment 6 Bernard Spil freebsd_committer freebsd_triage 2015-11-11 20:33:47 UTC 
Created attachment 163022 [details]
svn diff for security/vuxml

make validate fixed
add cite url to references
Comment 7 commit-hook freebsd_committer freebsd_triage 2015-11-11 20:39:57 UTC 
A commit references this bug:

Author: brnrd
Date: Wed Nov 11 20:39:14 UTC 2015
New revision: 401295
URL: https://svnweb.freebsd.org/changeset/ports/401295

Log:
  Document CVE's in MySQL/MariaDB/Percona

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	feld
  Approved by:	feld
  Security:	CVE-2015-4802
  Security:	CVE-2015-4807
  Security:	CVE-2015-4815
  Security:	CVE-2015-4826
  Security:	CVE-2015-4830
  Security:	CVE-2015-4836
  Security:	CVE-2015-4858
  Security:	CVE-2015-4861
  Security:	CVE-2015-4870
  Security:	CVE-2015-4913
  Security:	CVE-2015-4792

Changes:
  head/security/vuxml/vuln.xml
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-12 06:51:26 UTC 
@ports-secteam Do security vulnerability (version) updates (see attachment 162989 [details]) have blanket approval?

@Bernard, can you confirm attachment 162989 [details] passes QA and pop up a review for it please
Comment 9 Bernard Spil freebsd_committer freebsd_triage 2015-11-12 14:02:53 UTC 
This is now in review, https://reviews.freebsd.org/D4134
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-12 14:21:46 UTC 
After New|Open requires Assignee
Comment 11 Bernard Spil freebsd_committer freebsd_triage 2015-12-01 20:17:50 UTC 
*** Bug 204734 has been marked as a duplicate of this bug. ***
Comment 12 commit-hook freebsd_committer freebsd_triage 2015-12-01 20:49:23 UTC 
A commit references this bug:

Author: brnrd
Date: Tue Dec  1 20:48:54 UTC 2015
New revision: 402786
URL: https://svnweb.freebsd.org/changeset/ports/402786

Log:
  databases/mariadb55-server: Update to 5.5.46

    * Update server and (slave) client port
    * Add LICENSE
    * Consistent globbing of CONFLICTS

  The release notes for MariaDB 5.5.46 can be found at:

      https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	koobs (mentor), feld (ports-secteam@)
  Approved by:	koobs, feld
  Security:	851a0eea-88aa-11e5-90e7-b499baebfeaf
  MFH:		2015Q4
  Differential Revision:	https://reviews.freebsd.org/D4134
  > Description of fields to fill in above:                     76 columns --|
  > PR:            If a Bugzilla PR is affected by the change.
  > Submitted by:  If someone else sent in the change.
  > Reviewed by:   If someone else reviewed your modification.
  > Approved by:   If you needed approval for this commit.
  > Obtained from: If the change is from a third party.
  > MFC after:     N [day[s]|week[s]|month[s]].  Request a reminder email.
  > Relnotes:      Set to 'yes' for mention in release notes.
  > Security:      Vulnerability reference (one per line) or description.
  > Sponsored by:  If the change was sponsored by an organization.
  > Empty fields above will be automatically removed.

  M    mariadb55-client/Makefile
  M    mariadb55-server/Makefile
  M    mariadb55-server/distinfo

Changes:
  head/databases/mariadb55-client/Makefile
  head/databases/mariadb55-server/Makefile
  head/databases/mariadb55-server/distinfo
Comment 13 commit-hook freebsd_committer freebsd_triage 2015-12-01 21:04:26 UTC 
A commit references this bug:

Author: brnrd
Date: Tue Dec  1 21:03:31 UTC 2015
New revision: 402788
URL: https://svnweb.freebsd.org/changeset/ports/402788

Log:
  MFH: r402786

  databases/mariadb55-server: Update to 5.5.46

    * Update server and (slave) client port
    * Add LICENSE
    * Consistent globbing of CONFLICTS

  The release notes for MariaDB 5.5.46 can be found at:

      https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	koobs (mentor), feld (ports-secteam@)
  Approved by:	ports-secteam (feld)
  Security:	851a0eea-88aa-11e5-90e7-b499baebfeaf
  Differential Revision:	https://reviews.freebsd.org/D4134
  > Description of fields to fill in above:                     76 columns --|
  > PR:            If a Bugzilla PR is affected by the change.
  > Submitted by:  If someone else sent in the change.
  > Reviewed by:   If someone else reviewed your modification.
  > Approved by:   If you needed approval for this commit.
  > Obtained from: If the change is from a third party.
  > MFC after:     N [day[s]|week[s]|month[s]].  Request a reminder email.
  > Relnotes:      Set to 'yes' for mention in release notes.
  > Security:      Vulnerability reference (one per line) or description.
  > Sponsored by:  If the change was sponsored by an organization.
  > Empty fields above will be automatically removed.

  M    mariadb55-client/Makefile
  M    mariadb55-server/Makefile
  M    mariadb55-server/distinfo

Changes:
_U  branches/2015Q4/
  branches/2015Q4/databases/mariadb55-client/Makefile
  branches/2015Q4/databases/mariadb55-server/Makefile
  branches/2015Q4/databases/mariadb55-server/distinfo
Comment 14 John Marino freebsd_committer freebsd_triage 2017-02-01 15:38:56 UTC 
This doesn't pass QA checks: bug#214669