head 1.2; access; symbols pkgsrc-2024Q2:1.1.0.46 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.44 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.42 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.40 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.38 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.36 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.34 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.32 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.30 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.28 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.26 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.24 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.22 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.20 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.18 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.16 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.14 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.10 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.12 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.8 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.6 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.4 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2024.08.05.06.30.31; author wiz; state dead; branches; next 1.1; commitid bBHFyVW9uHUXcBkF; 1.1 date 2019.01.20.18.22.10; author maya; state Exp; branches 1.1.2.1; next ; commitid Y2oxnUKVtqBhdy8B; 1.1.2.1 date 2019.01.20.18.22.10; author bsiegert; state dead; branches; next 1.1.2.2; commitid Oc05OrnAapzs9G9B; 1.1.2.2 date 2019.01.29.13.01.46; author bsiegert; state Exp; branches; next ; commitid Oc05OrnAapzs9G9B; desc @@ 1.2 log @mysql* 5.6, 5.7: remove As proposed on pkgsrc-users on July 26. These versions are unsupported by upstream since 2018 and 2020 respectively. @ text @$NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1 2019/01/20 18:22:10 maya Exp $ Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Avoid disclosure of files from a client to a malicious server, described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ --- cmake/build_configurations/mysql_release.cmake.orig 2018-10-04 05:48:22.000000000 +0000 +++ cmake/build_configurations/mysql_release.cmake @@@@ -19,7 +19,7 @@@@ INCLUDE(CheckIncludeFiles) INCLUDE(CheckLibraryExists) OPTION(DEBUG_EXTNAME "" ON) -OPTION(ENABLED_LOCAL_INFILE "" ON) +OPTION(ENABLED_LOCAL_INFILE "" OFF) IF(NOT COMPILATION_COMMENT) SET(COMPILATION_COMMENT "MySQL Community Server (GPL)") @ 1.1 log @mysql57-client: change the default configuration to avoid information disclosure to a malicious server. Backport of upstream commit: https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Exploit method described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-cmake_build__configurations_mysql__release.cmake was added on branch pkgsrc-2018Q4 on 2019-01-29 13:01:46 +0000 @ text @d1 17 @ 1.1.2.2 log @Pullup ticket #5900 - requested by maya databases/mysql55-client: security fix databases/mysql56-client: security fix databases/mysql57-client: security fix Revisions pulled up: - databases/mysql55-client/Makefile 1.32 - databases/mysql55-client/distinfo 1.63 - databases/mysql55-client/patches/patch-CMakeLists.txt 1.7 - databases/mysql55-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1 - databases/mysql55-client/patches/patch-sql_sys__vars.cc 1.1 - databases/mysql56-client/Makefile 1.28 - databases/mysql56-client/distinfo 1.49 - databases/mysql56-client/patches/patch-CMakeLists.txt 1.6 - databases/mysql56-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1 - databases/mysql56-client/patches/patch-sql_sys__vars.cc 1.3 - databases/mysql57-client/Makefile 1.19 - databases/mysql57-client/distinfo 1.27 - databases/mysql57-client/patches/patch-CMakeLists.txt 1.2 - databases/mysql57-client/patches/patch-cmake_build__configurations_mysql__release.cmake 1.1 - databases/mysql57-client/patches/patch-sql_sys__vars.cc 1.1 --- Module Name: pkgsrc Committed By: maya Date: Sun Jan 20 18:03:25 UTC 2019 Modified Files: pkgsrc/databases/mysql55-client: Makefile distinfo pkgsrc/databases/mysql55-client/patches: patch-CMakeLists.txt Added Files: pkgsrc/databases/mysql55-client/patches: patch-cmake_build__configurations_mysql__release.cmake patch-sql_sys__vars.cc Log Message: mysql55-client: change the default configuration to avoid information disclosure to a malicious server. Backport of upstream commit: https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Exploit method described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ --- Module Name: pkgsrc Committed By: maya Date: Sun Jan 20 18:04:49 UTC 2019 Modified Files: pkgsrc/databases/mysql56-client: Makefile distinfo pkgsrc/databases/mysql56-client/patches: patch-CMakeLists.txt Added Files: pkgsrc/databases/mysql56-client/patches: patch-cmake_build__configurations_mysql__release.cmake patch-sql_sys__vars.cc Log Message: mysql56-client: change the default configuration to avoid information disclosure to a malicious server. Backport of upstream commit: https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Exploit method described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ --- Module Name: pkgsrc Committed By: maya Date: Sun Jan 20 18:22:10 UTC 2019 Modified Files: pkgsrc/databases/mysql57-client: Makefile distinfo pkgsrc/databases/mysql57-client/patches: patch-CMakeLists.txt Added Files: pkgsrc/databases/mysql57-client/patches: patch-cmake_build__configurations_mysql__release.cmake patch-sql_sys__vars.cc Log Message: mysql57-client: change the default configuration to avoid information disclosure to a malicious server. Backport of upstream commit: https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Exploit method described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ @ text @a0 17 $NetBSD: patch-cmake_build__configurations_mysql__release.cmake,v 1.1 2019/01/20 18:22:10 maya Exp $ Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be Avoid disclosure of files from a client to a malicious server, described here: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/ --- cmake/build_configurations/mysql_release.cmake.orig 2018-10-04 05:48:22.000000000 +0000 +++ cmake/build_configurations/mysql_release.cmake @@@@ -19,7 +19,7 @@@@ INCLUDE(CheckIncludeFiles) INCLUDE(CheckLibraryExists) OPTION(DEBUG_EXTNAME "" ON) -OPTION(ENABLED_LOCAL_INFILE "" ON) +OPTION(ENABLED_LOCAL_INFILE "" OFF) IF(NOT COMPILATION_COMMENT) SET(COMPILATION_COMMENT "MySQL Community Server (GPL)") @