Bug 204410 - databases/mariadb55-server: Multiple security vulnerabilities
Summary: databases/mariadb55-server: Multiple security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bernard Spil
URL: https://reviews.freebsd.org/D4134
Keywords: needs-qa, patch, security
: 204734 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-11-10 00:29 UTC by Sevan Janiyan
Modified: 2017-02-01 15:38 UTC (History)
8 users (show)

See Also:
bugzilla: maintainer-feedback? (never)


Attachments
svn diff for databases/mariadb55-server (1.30 KB, patch)
2015-11-10 19:46 UTC, Bernard Spil
no flags Details | Diff
svn diff for databases/mariadb55-server and -client (1.85 KB, patch)
2015-11-10 19:50 UTC, Bernard Spil
brnrd: maintainer-approval? (never)
Details | Diff
svn diff for security/vuxml (2.95 KB, patch)
2015-11-11 20:09 UTC, Bernard Spil
no flags Details | Diff
svn diff for security/vuxml (3.45 KB, patch)
2015-11-11 20:33 UTC, Bernard Spil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-11-10 00:29:51 UTC
CVE-2015-4913
CVE-2015-4792
CVE-2015-4802
CVE-2015-4815
CVE-2015-4816
CVE-2015-4819
CVE-2015-4826
CVE-2015-4830
CVE-2015-4836
CVE-2015-4858
CVE-2015-4861
CVE-2015-4870
CVE-2015-4879
Comment 1 Bernard Spil freebsd_committer 2015-11-10 19:46:53 UTC
Created attachment 162988 [details]
svn diff for databases/mariadb55-server

Builds for me (with only OpenSSL and MaxKey selected) both -client and -server.

make check-plist is OK.
Comment 2 Bernard Spil freebsd_committer 2015-11-10 19:50:20 UTC
Created attachment 162989 [details]
svn diff for databases/mariadb55-server and -client

Includes harmonization of conflicts for all mariadb ports as well
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-11 03:56:03 UTC
@Bernard, is any of this covered in your open reviews?

I believe this also needs a security/vuxml entry, Jan might be able to help here if you need it
Comment 4 Bernard Spil freebsd_committer 2015-11-11 19:06:06 UTC
(In reply to Kubilay Kocak from comment #3)

Nope, no review open for 5.5 (I'm not maintainer). Will cook up a vuxml entry and update the patch...
Comment 5 Bernard Spil freebsd_committer 2015-11-11 20:09:06 UTC
Created attachment 163021 [details]
svn diff for security/vuxml

Includes all MySQL/MariaDB/Percona versions
Comment 6 Bernard Spil freebsd_committer 2015-11-11 20:33:47 UTC
Created attachment 163022 [details]
svn diff for security/vuxml

make validate fixed
add cite url to references
Comment 7 commit-hook freebsd_committer 2015-11-11 20:39:57 UTC
A commit references this bug:

Author: brnrd
Date: Wed Nov 11 20:39:14 UTC 2015
New revision: 401295
URL: https://svnweb.freebsd.org/changeset/ports/401295

Log:
  Document CVE's in MySQL/MariaDB/Percona

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	feld
  Approved by:	feld
  Security:	CVE-2015-4802
  Security:	CVE-2015-4807
  Security:	CVE-2015-4815
  Security:	CVE-2015-4826
  Security:	CVE-2015-4830
  Security:	CVE-2015-4836
  Security:	CVE-2015-4858
  Security:	CVE-2015-4861
  Security:	CVE-2015-4870
  Security:	CVE-2015-4913
  Security:	CVE-2015-4792

Changes:
  head/security/vuxml/vuln.xml
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-12 06:51:26 UTC
@ports-secteam Do security vulnerability (version) updates (see attachment 162989 [details]) have blanket approval?

@Bernard, can you confirm attachment 162989 [details] passes QA and pop up a review for it please
Comment 9 Bernard Spil freebsd_committer 2015-11-12 14:02:53 UTC
This is now in review, https://reviews.freebsd.org/D4134
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-12 14:21:46 UTC
After New|Open requires Assignee
Comment 11 Bernard Spil freebsd_committer 2015-12-01 20:17:50 UTC
*** Bug 204734 has been marked as a duplicate of this bug. ***
Comment 12 commit-hook freebsd_committer 2015-12-01 20:49:23 UTC
A commit references this bug:

Author: brnrd
Date: Tue Dec  1 20:48:54 UTC 2015
New revision: 402786
URL: https://svnweb.freebsd.org/changeset/ports/402786

Log:
  databases/mariadb55-server: Update to 5.5.46

    * Update server and (slave) client port
    * Add LICENSE
    * Consistent globbing of CONFLICTS

  The release notes for MariaDB 5.5.46 can be found at:

      https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	koobs (mentor), feld (ports-secteam@)
  Approved by:	koobs, feld
  Security:	851a0eea-88aa-11e5-90e7-b499baebfeaf
  MFH:		2015Q4
  Differential Revision:	https://reviews.freebsd.org/D4134
  > Description of fields to fill in above:                     76 columns --|
  > PR:            If a Bugzilla PR is affected by the change.
  > Submitted by:  If someone else sent in the change.
  > Reviewed by:   If someone else reviewed your modification.
  > Approved by:   If you needed approval for this commit.
  > Obtained from: If the change is from a third party.
  > MFC after:     N [day[s]|week[s]|month[s]].  Request a reminder email.
  > Relnotes:      Set to 'yes' for mention in release notes.
  > Security:      Vulnerability reference (one per line) or description.
  > Sponsored by:  If the change was sponsored by an organization.
  > Empty fields above will be automatically removed.

  M    mariadb55-client/Makefile
  M    mariadb55-server/Makefile
  M    mariadb55-server/distinfo

Changes:
  head/databases/mariadb55-client/Makefile
  head/databases/mariadb55-server/Makefile
  head/databases/mariadb55-server/distinfo
Comment 13 commit-hook freebsd_committer 2015-12-01 21:04:26 UTC
A commit references this bug:

Author: brnrd
Date: Tue Dec  1 21:03:31 UTC 2015
New revision: 402788
URL: https://svnweb.freebsd.org/changeset/ports/402788

Log:
  MFH: r402786

  databases/mariadb55-server: Update to 5.5.46

    * Update server and (slave) client port
    * Add LICENSE
    * Consistent globbing of CONFLICTS

  The release notes for MariaDB 5.5.46 can be found at:

      https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/

  PR:		204410
  Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Reviewed by:	koobs (mentor), feld (ports-secteam@)
  Approved by:	ports-secteam (feld)
  Security:	851a0eea-88aa-11e5-90e7-b499baebfeaf
  Differential Revision:	https://reviews.freebsd.org/D4134
  > Description of fields to fill in above:                     76 columns --|
  > PR:            If a Bugzilla PR is affected by the change.
  > Submitted by:  If someone else sent in the change.
  > Reviewed by:   If someone else reviewed your modification.
  > Approved by:   If you needed approval for this commit.
  > Obtained from: If the change is from a third party.
  > MFC after:     N [day[s]|week[s]|month[s]].  Request a reminder email.
  > Relnotes:      Set to 'yes' for mention in release notes.
  > Security:      Vulnerability reference (one per line) or description.
  > Sponsored by:  If the change was sponsored by an organization.
  > Empty fields above will be automatically removed.

  M    mariadb55-client/Makefile
  M    mariadb55-server/Makefile
  M    mariadb55-server/distinfo

Changes:
_U  branches/2015Q4/
  branches/2015Q4/databases/mariadb55-client/Makefile
  branches/2015Q4/databases/mariadb55-server/Makefile
  branches/2015Q4/databases/mariadb55-server/distinfo
Comment 14 John Marino freebsd_committer 2017-02-01 15:38:56 UTC
This doesn't pass QA checks: bug#214669