The current version avilable for FreeBSD is vulnerable since 19.04.2017 and has now been patched upstream. There are very critical vulnerabilities in it. See here: https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/ Available port version: 10.1.22 Patched version: 10.1.23 Important Changes Fixes for the following security vulnerabilities: CVE-2017-3302 CVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 Fixes: MDEV-12602: Fixed some race conditions in InnoDB encryption MariaDB Backup alpha introduced Galera wsrep library updated to 25.3.20 Packages for Ubuntu 17.04 "zesty" added As per the MariaDB Deprecation Policy, this will be the last release of MariaDB 10.1 for Ubuntu 12.04 LTS "Precise" and Mint 13 LTS "Maya" -> Full Changelog: https://mariadb.com/kb/en/mariadb-10123-changelog/
Created attachment 182280 [details] Update mariadb101-server to 10.1.23 Following changes to the port (see patch): - Change Version @ Makefile - Change Size & Checksum @ distinfo - Fix broken "patch-CMakeLists.txt" Patch - Add patch "patch-MDEV-12281" for DoS of MariaDB Server - See MariaDB Bug MDEV-12281
Created attachment 182281 [details] Update mariadb101-client to 10.1.23 Following changes to the port (see patch): - Fix broken "patch-CMakeLists.txt" Patch - Remove unneeded "patch-build-fail-MDEV-12261" patch. This has been patched upstream and is included in the latest version (10.1.23)
Created attachment 182287 [details] Update mariadb101-client pkg-plist for 10.1.23 Add missing pkg-plist files.
Thanks Dani, Processing this before I get to the 5.5.56 update. Need to run builds...
A commit references this bug: Author: brnrd Date: Thu May 4 06:46:27 UTC 2017 New revision: 440094 URL: https://svnweb.freebsd.org/changeset/ports/440094 Log: databases/mariadb101-server: Update to 10.1.23 - Security and bugfix update to 10.1.23 - Add upstream patch for InnoDB crash - Update CMakeLists.txt patch - Remove MDEV-12261 patch (included upstream) - Fix plist issues PR: 219045 Submitted by: Dani <i.dani@outlook.com> MFH: 2017Q2 Security: d9e01c35-2531-11e7-b291-b499baebfeaf Changes: head/databases/mariadb101-client/files/patch-CMakeLists.txt head/databases/mariadb101-client/files/patch-build-fail-MDEV-12261 head/databases/mariadb101-client/pkg-plist head/databases/mariadb101-server/Makefile head/databases/mariadb101-server/distinfo head/databases/mariadb101-server/files/patch-CMakeLists.txt head/databases/mariadb101-server/files/patch-MDEV-12281 head/databases/mariadb101-server/pkg-plist
Set maintainer-feedback to - due to minor issues with the patches 1. For Master ports, PORTREVISION is ?= 0 (not removed) 2. Missing plist patch for -server
(In reply to Bernard Spil from comment #6) Hey brnd! Thanks for the feedback. I realized to late that the plist for -server was missing. Really sorry about that! And thanks for the hint about the PORTREVISION - i didn't think about that. I'll try to be more precicse the next time. Anyway thanks for the fast update! Have a good weekend.
(In reply to Dani from comment #7) Your effort is really appreciated Dani! For maintainers it helps if you create a single `svn diff` for the changes from PORTSDIR. So in this case that'd be `cd /usr/ports ; svn diff databases/mariadb55-*` If you want more hints, you can always try me (add to CC in PR). Outdated but still contains relevant info https://wiki.freebsd.org/BernardSpil/PortingWorkflow
This update needs to be pushed to quarterly packages due to the security fixes.
A commit references this bug: Author: brnrd Date: Sun May 28 09:15:54 UTC 2017 New revision: 441904 URL: https://svnweb.freebsd.org/changeset/ports/441904 Log: MFH: r440094 databases/mariadb101-server: Update to 10.1.23 - Security and bugfix update to 10.1.23 - Add upstream patch for InnoDB crash - Update CMakeLists.txt patch - Remove MDEV-12261 patch (included upstream) - Fix plist issues PR: 219045 Submitted by: Dani <i.dani@outlook.com> Security: d9e01c35-2531-11e7-b291-b499baebfeaf Approved by: ports-secteam (woodsb02) Changes: _U branches/2017Q2/ branches/2017Q2/databases/mariadb101-client/files/patch-CMakeLists.txt branches/2017Q2/databases/mariadb101-client/files/patch-build-fail-MDEV-12261 branches/2017Q2/databases/mariadb101-client/pkg-plist branches/2017Q2/databases/mariadb101-server/Makefile branches/2017Q2/databases/mariadb101-server/distinfo branches/2017Q2/databases/mariadb101-server/files/patch-CMakeLists.txt branches/2017Q2/databases/mariadb101-server/files/patch-MDEV-12281 branches/2017Q2/databases/mariadb101-server/pkg-plist
(In reply to commit-hook from comment #10) Hey guys, you should also backport bug #219235 - else there is a chance your MariaDB won't run stable and will crash.
Also, it seems like mariadb won't build with LibreSSL anymore (probably the usual version check problem), can you handle this as well, or should I open a new PR? --CONFIGURE_ENV-- XDG_DATA_HOME=/wrkdirs/usr/ports/databases/mariadb101-client/work XDG_CONFIG_HOME=/wrkdirs/usr/ports/databases/mariadb101-client/work HOME=/wrkdirs/usr/ports/databases/mariadb101-client/work TMPDIR="/tmp" S...skipping... FAILED: client/mysqlshow : && /usr/bin/c++ -O2 -pipe -fstack-protector -fno-strict-aliasing -DWITH_INNODB_DISALLOW_WRITES -fno-exceptions -fno-rtti -O2 -pipe -fstack-protector -fno-strict-aliasing -DDBUG_OFF -Wl,-rpath,/usr/local/lib -fstack-protector client/CMakeFiles/mysqlshow.dir/mysqlshow.c.o -o client/mysqlshow -Wl,-rpath,/usr/local/lib: -pthread libmysql/libmysqlclient.a -pthread -lz -lm -lexecinfo /usr/local/lib/libssl.so /usr/local/lib/libcrypto.so && : libmysql/libmysqlclient.a(client.c.o): In function `send_client_reply_packet': /wrkdirs/usr/ports/databases/mariadb101-client/work/mariadb-10.1.23/sql-common/client.c:(.text+0x6721): undefined reference to `X509_check_host' c++: error: linker command failed with exit code 1 (use -v to see invocation) (more errors follow)
(In reply to Dani from comment #11) Hi Dani, The patch patches both innobase and xtradb paths already. https://svnweb.freebsd.org/ports/head/databases/mariadb101-server/files/patch-MDEV-12281 If anything else is amiss, do let me know! Cheers, Bernard.
(In reply to Michael Gmelin from comment #12) Hi Michael, I always do the porting on a LibreSSL (in base) system. This would require more logs to investigate, got a poudriere log somewhere? Cheers, Bernard.
(In reply to Bernard Spil from comment #13) Hey Bernard, it is in the head-branch, but the xtradb patch is missing in the 2017Q2 branch, as far as i can see.. https://svnweb.freebsd.org/ports/branches/2017Q2/databases/mariadb101-server/files/patch-MDEV-12281?revision=441904&view=markup In my opinion the xtradb patch should be added here too. Cheers Dani
Created attachment 183077 [details] Building mariadb101-client from 2017Q2 branch Hi Bernard, This happens on the current quarterly branch (2017Q2), please find build log attached. Exact tree version: testq2 svn 2017-05-30 17:22:20 /pdr/ports/testq2 Path: . Working Copy Root Path: /pdr/ports/testq2 URL: svn://svn.freebsd.org/ports/branches/2017Q2 Relative URL: ^/branches/2017Q2 Repository Root: svn://svn.freebsd.org/ports Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5 Revision: 442104 Node Kind: directory Schedule: normal Last Changed Author: feld Last Changed Rev: 442061 Last Changed Date: 2017-05-30 13:20:13 +0000 (Tue, 30 May 2017) Unrelated: On a HEAD ports tree I see this warning in the QA stage: =========================================================================== ====> Running Q/A tests (stage-qa) Error: /usr/local/bin/mariabackup is linked to /usr/local/lib/libarchive.so.13 from archiver Warning: you need USES+=libarchive