Bug 239981 - databases/mariadb104-{server,client}: Update to 10.4.7 (with 5 CVEs fixed)
Summary: databases/mariadb104-{server,client}: Update to 10.4.7 (with 5 CVEs fixed)
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Bernard Spil
URL: https://mariadb.com/kb/en/library/mar...
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2019-08-20 01:06 UTC by VVD
Modified: 2019-10-09 19:47 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (brnrd)
koobs: merge-quarterly?


Attachments
Workaround to build on i386 (273 bytes, patch)
2019-09-02 23:39 UTC, VVD
no flags Details | Diff
File from mariadb 10.4.6: include/atomic/gcc_sync.h (2.70 KB, text/plain)
2019-09-02 23:42 UTC, VVD
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2019-08-20 01:06:21 UTC
MariaDB 10.4.7
Release date: 31 Jul 2019

Notable changes of this release include:

    MDEV-19795: Merge upstream MyRocks.
    MDEV-17228: Encrypted temporary tables are not encrypted.
    MDEV-18328: Disks Plugin is now stable and requires the FILE privilege.
    MDEV-16508: Spider - sql_mode not maintained between spider node and data nodes.
    Merge relevant InnoDB changes from MySQL 5.7.27
    Adjust spin loops to the x86 PAUSE instruction latency (MDEV-19845)
    CREATE TABLE: MDEV-19292, MDEV-20102
    ALTER TABLE: MDEV-15641, MDEV-19630, MDEV-19916, MDEV-19974, MDEV-17301, MDEV-18266
    Indexed virtual columns: MDEV-16222, MDEV-17005, MDEV-19870
    FULLTEXT INDEX: MDEV-14154
    Encryption: MDEV-17228, MDEV-19914
    Galera + FOREIGN KEY: MDEV-19660
    Recovery & Mariabackup: MDEV-19978
    MDEV-20091: DROP TEMPORARY table is logged despite no CREATE was logged
    MDEV-19871: Add page id matching check in innochecksum tool
    MDEV-20179: Server hangs on shutdown during installation of Spider
    As per the MariaDB Deprecation Policy, this will be the last release of MariaDB 10.4 for OpenSUSE 42.3 and Ubuntu 18.10 "Cosmic" 

    Fixes for the following security vulnerabilities:
        CVE-2019-2805
        CVE-2019-2740
        CVE-2019-2739
        CVE-2019-2737
        CVE-2019-2758
Comment 1 Bernard Spil freebsd_committer 2019-08-20 18:27:53 UTC
Hi,

I'm aware of the new version and the vulnerabilities it fixes.

There's an update prepped, but it fails building with issues that need fixing by the MariaDB project. Can't break this for all users...

Cheers, Bernard.
Comment 2 VVD 2019-09-02 20:43:40 UTC
Updated, but build of databases/mariadb104-client failed on i386…
Reported upstream?
Comment 3 VVD 2019-09-02 23:39:29 UTC
Created attachment 207126 [details]
Workaround to build on i386
Comment 4 VVD 2019-09-02 23:42:34 UTC
Created attachment 207127 [details]
File from mariadb 10.4.6: include/atomic/gcc_sync.h

Also copy file include/atomic/gcc_sync.h from mariadb 10.4.6.

With patch my_atomic.h.diff and this file databases/mariadb104-client build fine on i386 12.0.
Comment 5 Erik Cederstrand 2019-10-09 19:15:27 UTC
This can be closed. The port has been updated to 10.4.7: https://www.freshports.org/databases/mariadb104-server/
Comment 6 VVD 2019-10-09 19:47:46 UTC
(In reply to Erik Cederstrand from comment #5)
But it's still broken on i386.