CVS commit: pkgsrc/databases/mysql57-client

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/databases/mysql57-client
From: "Maya Rashish" <maya%netbsd.org@localhost>
Date: Sun, 20 Jan 2019 18:22:10 +0000

Module Name:    pkgsrc
Committed By:   maya
Date:           Sun Jan 20 18:22:10 UTC 2019

Modified Files:
        pkgsrc/databases/mysql57-client: Makefile distinfo
        pkgsrc/databases/mysql57-client/patches: patch-CMakeLists.txt
Added Files:
        pkgsrc/databases/mysql57-client/patches:
            patch-cmake_build__configurations_mysql__release.cmake
            patch-sql_sys__vars.cc

Log Message:
mysql57-client: change the default configuration to avoid information
disclosure to a malicious server.

Backport of upstream commit:
https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be

Exploit method described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/mysql57-client/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/databases/mysql57-client/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake \
    pkgsrc/databases/mysql57-client/patches/patch-sql_sys__vars.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/mysql57-client/Makefile
diff -u pkgsrc/databases/mysql57-client/Makefile:1.18 pkgsrc/databases/mysql57-client/Makefile:1.19
--- pkgsrc/databases/mysql57-client/Makefile:1.18       Thu Dec 13 19:51:45 2018
+++ pkgsrc/databases/mysql57-client/Makefile    Sun Jan 20 18:22:10 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2018/12/13 19:51:45 adam Exp $
+# $NetBSD: Makefile,v 1.19 2019/01/20 18:22:10 maya Exp $
 
 PKGNAME=       ${DISTNAME:S/-/-client-/}
-PKGREVISION=   1
+PKGREVISION=   2
 COMMENT=       MySQL 5, a free SQL database (client)
 
 CONFLICTS=     mysql3-client-[0-9]*

Index: pkgsrc/databases/mysql57-client/distinfo
diff -u pkgsrc/databases/mysql57-client/distinfo:1.26 pkgsrc/databases/mysql57-client/distinfo:1.27
--- pkgsrc/databases/mysql57-client/distinfo:1.26       Thu Dec 13 19:51:45 2018
+++ pkgsrc/databases/mysql57-client/distinfo    Sun Jan 20 18:22:10 2019
@@ -1,14 +1,15 @@
-$NetBSD: distinfo,v 1.26 2018/12/13 19:51:45 adam Exp $
+$NetBSD: distinfo,v 1.27 2019/01/20 18:22:10 maya Exp $
 
 SHA1 (mysql-5.7.24.tar.gz) = e2f73a243659075d0100a71b8338c752c0c65de8
 RMD160 (mysql-5.7.24.tar.gz) = 67fc0207cb6fae76af0b6e18bb1f6e14d190ac4c
 SHA512 (mysql-5.7.24.tar.gz) = c3a00788b91c243696cf140d2e3a374c3154ace97413ba09bc85c2d4325ec7bf476cd7eb5bff5c33e0407fc345f12b73d4cce19894c0f8ab9e1853f6a6cfa351
 Size (mysql-5.7.24.tar.gz) = 52052796 bytes
-SHA1 (patch-CMakeLists.txt) = b47592cf8801538375da3df2990fde4d292fc365
+SHA1 (patch-CMakeLists.txt) = 1409a98380c999c6973fa3106dc35684b7c3b3cc
 SHA1 (patch-client_CMakeLists.txt) = 990d6df52380981f11a4ac5aafe48f34a3b2097f
 SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb
 SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93
 SHA1 (patch-cmake_boost.cmake) = cab30ebdff1e773d6970f541f96fce8ed51257f8
+SHA1 (patch-cmake_build__configurations_mysql__release.cmake) = 7a1fb8c686f187db8fd9d8ad203c1f764d6e55a6
 SHA1 (patch-cmake_os_SunOS.cmake) = 06e290820a75d68931fce6dfd70a0b5edd548320
 SHA1 (patch-cmake_plugin.cmake) = 92267182d4ec559a312a5a38826b9047c99b122f
 SHA1 (patch-cmake_readline.cmake) = fb79ed969240ae2984098f72c2d3fb501154902c
@@ -38,6 +39,7 @@ SHA1 (patch-sql_CMakeLists.txt) = 697add
 SHA1 (patch-sql_conn__handler_socket__connection.cc) = 12cf83e061edbe59eb073037b1036903b7ba4b00
 SHA1 (patch-sql_item__geofunc__internal.cc) = 752862c3a30231e694e508ced1a215a610649fc6
 SHA1 (patch-sql_log_event.h) = 311dc7fb04ea832df229dc2a28bcfbf263670ebf
+SHA1 (patch-sql_sys__vars.cc) = 202b8756c20549393d0e2a14952e1f060037b88a
 SHA1 (patch-storage_archive_CMakeLists.txt) = 4cf5ed97a226a3844e184c46958b5202eefb9dd5
 SHA1 (patch-storage_blackhole_CMakeLists.txt) = 1d066d686172657ce9f812a505c7323a76111a63
 SHA1 (patch-storage_csv_CMakeLists.txt) = 6208989a32805f8b107cd9de96e3ff0490ec9000

Index: pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt
diff -u pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt:1.1 pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt:1.2
--- pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt:1.1    Fri Sep 16 06:49:11 2016
+++ pkgsrc/databases/mysql57-client/patches/patch-CMakeLists.txt        Sun Jan 20 18:22:10 2019
@@ -1,10 +1,23 @@
-$NetBSD: patch-CMakeLists.txt,v 1.1 2016/09/16 06:49:11 adam Exp $
+$NetBSD: patch-CMakeLists.txt,v 1.2 2019/01/20 18:22:10 maya Exp $
 
 Split configuration between mysql-client and mysql-server.
 
---- CMakeLists.txt.orig        2016-06-30 06:22:11.000000000 +0000
+Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
+Avoid disclosure of files from a client to a malicious server, described here:
+https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
+
+--- CMakeLists.txt.orig        2018-10-04 05:48:22.000000000 +0000
 +++ CMakeLists.txt
-@@ -584,7 +584,6 @@ ADD_SUBDIRECTORY(vio)
+@@ -408,7 +408,7 @@ IF(REPRODUCIBLE_BUILD)
+ ENDIF()
+ 
+ OPTION(ENABLED_LOCAL_INFILE
+- "If we should enable LOAD DATA LOCAL by default" ${IF_WIN})
++ "If we should enable LOAD DATA LOCAL by default" OFF)
+ MARK_AS_ADVANCED(ENABLED_LOCAL_INFILE)
+ 
+ OPTION(OPTIMIZER_TRACE "Support tracing of Optimizer" ON)
+@@ -636,7 +636,6 @@ ADD_SUBDIRECTORY(vio)
  ADD_SUBDIRECTORY(regex)
  ADD_SUBDIRECTORY(mysys)
  ADD_SUBDIRECTORY(mysys_ssl)
@@ -12,7 +25,7 @@ Split configuration between mysql-client
  ADD_SUBDIRECTORY(libbinlogevents)
  ADD_SUBDIRECTORY(libbinlogstandalone)
  
-@@ -613,12 +612,12 @@ ADD_SUBDIRECTORY(client)
+@@ -674,12 +673,12 @@ ADD_SUBDIRECTORY(client)
  ADD_SUBDIRECTORY(sql/share)
  ADD_SUBDIRECTORY(libservices)
  

Added files:

Index: pkgsrc/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake
diff -u /dev/null pkgsrc/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake:1.1
--- /dev/null   Sun Jan 20 18:22:10 2019
+++ pkgsrc/databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake      Sun Jan 20 18:22:10 2019
@@ -0,0 +1,17 @@
+$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1 2019/01/20 18:22:10 maya Exp $
+
+Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
+Avoid disclosure of files from a client to a malicious server, described here:
+https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
+
+--- cmake/build_configurations/mysql_release.cmake.orig        2018-10-04 05:48:22.000000000 +0000
++++ cmake/build_configurations/mysql_release.cmake
+@@ -19,7 +19,7 @@ INCLUDE(CheckIncludeFiles)
+ INCLUDE(CheckLibraryExists)
+ 
+ OPTION(DEBUG_EXTNAME "" ON)
+-OPTION(ENABLED_LOCAL_INFILE "" ON)
++OPTION(ENABLED_LOCAL_INFILE "" OFF)
+ 
+ IF(NOT COMPILATION_COMMENT)
+   SET(COMPILATION_COMMENT "MySQL Community Server (GPL)")
Index: pkgsrc/databases/mysql57-client/patches/patch-sql_sys__vars.cc
diff -u /dev/null pkgsrc/databases/mysql57-client/patches/patch-sql_sys__vars.cc:1.1
--- /dev/null   Sun Jan 20 18:22:10 2019
+++ pkgsrc/databases/mysql57-client/patches/patch-sql_sys__vars.cc      Sun Jan 20 18:22:10 2019
@@ -0,0 +1,17 @@
+$NetBSD: patch-sql_sys__vars.cc,v 1.1 2019/01/20 18:22:10 maya Exp $
+
+Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
+Avoid disclosure of files from a client to a malicious server, described here:
+https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
+
+--- sql/sys_vars.cc.orig       2018-10-04 05:48:22.000000000 +0000
++++ sql/sys_vars.cc
+@@ -1809,7 +1809,7 @@ static Sys_var_charptr Sys_language(
+ 
+ static Sys_var_mybool Sys_local_infile(
+        "local_infile", "Enable LOAD DATA LOCAL INFILE",
+-       GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE));
++       GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE));
+ 
+ static Sys_var_ulong Sys_lock_wait_timeout(
+        "lock_wait_timeout",

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index