diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2017-10-28 20:08:13 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-10-28 20:10:54 +0200 |
commit | c3f948792073c6f485cdd1fa99ad9dce6602d757 (patch) | |
tree | a7ce1f434b96aed5b15c3bffeceb9538a61ab349 /dev-db | |
parent | dev-db/mariadb: Security cleanup (bug #635704) (diff) | |
download | gentoo-c3f948792073c6f485cdd1fa99ad9dce6602d757.tar.gz gentoo-c3f948792073c6f485cdd1fa99ad9dce6602d757.tar.bz2 gentoo-c3f948792073c6f485cdd1fa99ad9dce6602d757.zip |
dev-db/mysql: Rev bump to fix CVE-2017-15945
Bug: https://bugs.gentoo.org/635706
Package-Manager: Portage-2.3.13, Repoman-2.3.4
RepoMan-Options: --force
Diffstat (limited to 'dev-db')
-rw-r--r-- | dev-db/mysql/mysql-5.6.36-r1.ebuild | 177 | ||||
-rw-r--r-- | dev-db/mysql/mysql-5.6.37-r1.ebuild | 183 |
2 files changed, 360 insertions, 0 deletions
diff --git a/dev-db/mysql/mysql-5.6.36-r1.ebuild b/dev-db/mysql/mysql-5.6.36-r1.ebuild new file mode 100644 index 000000000000..3ced3a4395b2 --- /dev/null +++ b/dev-db/mysql/mysql-5.6.36-r1.ebuild @@ -0,0 +1,177 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +MY_EXTRAS_VER="20170302-1359Z" +MY_PV="${PV//_alpha_pre/-m}" +MY_PV="${MY_PV//_/-}" +HAS_TOOLS_PATCH="1" +SUBSLOT="18" + +inherit mysql-multilib-r1 +# only to make repoman happy. it is really set in the eclass +IUSE="$IUSE" + +# REMEMBER: also update eclass/mysql*.eclass before committing! +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" + +DEPEND="|| ( >=sys-devel/gcc-3.4.6 >=sys-devel/gcc-apple-4.0 )" +RDEPEND="${RDEPEND}" + +MY_PATCH_DIR="${WORKDIR}/mysql-extras-${MY_EXTRAS_VER}" + +PATCHES=( + "${MY_PATCH_DIR}"/01050_all_mysql_config_cleanup-5.6.patch + "${MY_PATCH_DIR}"/02040_all_embedded-library-shared-5.5.10.patch + "${MY_PATCH_DIR}"/20006_all_cmake_elib-mysql-5.6.35.patch + "${MY_PATCH_DIR}"/20007_all_cmake-debug-werror-5.6.22.patch + "${MY_PATCH_DIR}"/20008_all_mysql-tzinfo-symlink.patch + "${MY_PATCH_DIR}"/20009_all_mysql_myodbc_symbol_fix-5.6.patch + "${MY_PATCH_DIR}"/20018_all_mysql-5.6.25-without-clientlibs-tools.patch +) + +# Please do not add a naive src_unpack to this ebuild +# If you want to add a single patch, copy the ebuild to an overlay +# and create your own mysql-extras tarball, looking at 000_index.txt + +# validate_password plugin uses exceptions when it shouldn't yet (until 5.7) +# disable until we see what happens with it +MYSQL_CMAKE_NATIVE_DEFINES=( -DWITHOUT_VALIDATE_PASSWORD=1 ) + +src_prepare() { + mysql-multilib-r1_src_prepare + if use libressl ; then + sed -i 's/OPENSSL_MAJOR_VERSION STREQUAL "1"/OPENSSL_MAJOR_VERSION STREQUAL "2"/' \ + "${S}/cmake/ssl.cmake" || die + fi +} + +# Official test instructions: +# USE='server embedded extraengine perl openssl static-libs' \ +# FEATURES='test userpriv -usersandbox' \ +# ebuild mysql-X.X.XX.ebuild \ +# digest clean package +multilib_src_test() { + + if ! multilib_is_native_abi ; then + einfo "Server tests not available on non-native abi". + return 0; + fi + + local TESTDIR="${BUILD_DIR}/mysql-test" + local retstatus_unit + local retstatus_tests + + # Bug #213475 - MySQL _will_ object strenously if your machine is named + # localhost. Also causes weird failures. + [[ "${HOSTNAME}" == "localhost" ]] && die "Your machine must NOT be named localhost" + + if use server ; then + + if [[ $UID -eq 0 ]]; then + die "Testing with FEATURES=-userpriv is no longer supported by upstream. Tests MUST be run as non-root." + fi + has usersandbox $FEATURES && ewarn "Some tests may fail with FEATURES=usersandbox" + + einfo ">>> Test phase [test]: ${CATEGORY}/${PF}" + + # Run CTest (test-units) + cmake-utils_src_test + retstatus_unit=$? + + # Ensure that parallel runs don't die + export MTR_BUILD_THREAD="$((${RANDOM} % 100))" + # Enable parallel testing, auto will try to detect number of cores + # You may set this by hand. + # The default maximum is 8 unless MTR_MAX_PARALLEL is increased + export MTR_PARALLEL="${MTR_PARALLEL:-auto}" + + # create directories because mysqladmin might right out of order + mkdir -p "${T}"/var-tests{,/log} + + # create symlink for the tests to find mysql_tzinfo_to_sql + ln -s "${BUILD_DIR}/sql/mysql_tzinfo_to_sql" "${S}/sql/" + + # These are failing in MySQL 5.5/5.6 for now and are believed to be + # false positives: + # + # main.information_schema, binlog.binlog_statement_insert_delayed, + # funcs_1.is_triggers funcs_1.is_tables_mysql, + # funcs_1.is_columns_mysql, binlog.binlog_mysqlbinlog_filter, + # perfschema.binlog_edge_mix, perfschema.binlog_edge_stmt, + # mysqld--help-notwin, funcs_1.is_triggers, funcs_1.is_tables_mysql, funcs_1.is_columns_mysql + # perfschema.binlog_edge_stmt, perfschema.binlog_edge_mix, binlog.binlog_mysqlbinlog_filter + # fails due to USE=-latin1 / utf8 default + # + # main.mysql_client_test: + # segfaults at random under Portage only, suspect resource limits. + # + # rpl.rpl_plugin_load + # fails due to included file not listed in expected result + # appears to be poor planning + # + # main.mysqlhotcopy_archive main.mysqlhotcopy_myisam + # fails due to bad cleanup of previous tests when run in parallel + # The tool is deprecated anyway + # Bug 532288 + # + # main.events_2 + # Fails on date in past without preserve causing the drop to fail + + for t in \ + binlog.binlog_mysqlbinlog_filter \ + binlog.binlog_statement_insert_delayed \ + funcs_1.is_columns_mysql \ + funcs_1.is_tables_mysql \ + funcs_1.is_triggers \ + main.information_schema \ + main.mysql_client_test \ + main.mysqld--help-notwin \ + perfschema.binlog_edge_mix \ + perfschema.binlog_edge_stmt \ + rpl.rpl_plugin_load \ + main.mysqlhotcopy_archive main.mysqlhotcopy_myisam \ + main.events_2 \ + ; do + mysql-multilib-r1_disable_test "$t" "False positives in Gentoo" + done + + if ! use extraengine ; then + # bug 401673, 530766 + for t in federated.federated_plugin ; do + mysql-multilib-r1_disable_test "$t" "Test $t requires USE=extraengine (Need federated engine)" + done + fi + + # Run mysql tests + pushd "${TESTDIR}" + + # Set file limits higher so tests run + ulimit -n 3000 + + # run mysql-test tests + perl mysql-test-run.pl --force --vardir="${T}/var-tests" \ + --suite-timeout=5000 --reorder + retstatus_tests=$? +# [[ $retstatus_tests -eq 0 ]] || eerror "tests failed" +# has usersandbox $FEATURES && eerror "Some tests may fail with FEATURES=usersandbox" + + popd + + # Cleanup is important for these testcases. + pkill -9 -f "${S}/ndb" 2>/dev/null + pkill -9 -f "${S}/sql" 2>/dev/null + + failures="" + [[ $retstatus_unit -eq 0 ]] || failures="${failures} test-unit" + [[ $retstatus_tests -eq 0 ]] || failures="${failures} tests" +# has usersandbox $FEATURES && eerror "Some tests may fail with FEATURES=usersandbox" + + [[ -z "$failures" ]] || die "Test failures: $failures" + einfo "Tests successfully completed" + + else + einfo "Skipping server tests due to minimal build." + fi +} diff --git a/dev-db/mysql/mysql-5.6.37-r1.ebuild b/dev-db/mysql/mysql-5.6.37-r1.ebuild new file mode 100644 index 000000000000..016e3491ecf1 --- /dev/null +++ b/dev-db/mysql/mysql-5.6.37-r1.ebuild @@ -0,0 +1,183 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +MY_EXTRAS_VER="20170719-1335Z" +MY_PV="${PV//_alpha_pre/-m}" +MY_PV="${MY_PV//_/-}" +HAS_TOOLS_PATCH="1" +SUBSLOT="18" +#fails to build with ninja +CMAKE_MAKEFILE_GENERATOR=emake + +inherit mysql-multilib-r1 +# only to make repoman happy. it is really set in the eclass +IUSE="$IUSE" + +# REMEMBER: also update eclass/mysql*.eclass before committing! +KEYWORDS="~alpha amd64 arm ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" + +DEPEND="|| ( >=sys-devel/gcc-3.4.6 >=sys-devel/gcc-apple-4.0 )" +RDEPEND="${RDEPEND}" + +MY_PATCH_DIR="${WORKDIR}/mysql-extras-${MY_EXTRAS_VER}" + +PATCHES=( + "${MY_PATCH_DIR}"/01050_all_mysql_config_cleanup-5.6.patch + "${MY_PATCH_DIR}"/02040_all_embedded-library-shared-5.5.10.patch + "${MY_PATCH_DIR}"/20006_all_cmake_elib-mysql-5.6.35.patch + "${MY_PATCH_DIR}"/20007_all_cmake-debug-werror-5.6.22.patch + "${MY_PATCH_DIR}"/20008_all_mysql-tzinfo-symlink-5.6.37.patch + "${MY_PATCH_DIR}"/20009_all_mysql_myodbc_symbol_fix-5.6.patch + "${MY_PATCH_DIR}"/20018_all_mysql-5.6.25-without-clientlibs-tools.patch +) + +# Please do not add a naive src_unpack to this ebuild +# If you want to add a single patch, copy the ebuild to an overlay +# and create your own mysql-extras tarball, looking at 000_index.txt + +# validate_password plugin uses exceptions when it shouldn't yet (until 5.7) +# disable until we see what happens with it +MYSQL_CMAKE_NATIVE_DEFINES=( -DWITHOUT_VALIDATE_PASSWORD=1 ) + +src_prepare() { + mysql-multilib-r1_src_prepare + if use libressl ; then + sed -i 's/OPENSSL_MAJOR_VERSION STREQUAL "1"/OPENSSL_MAJOR_VERSION STREQUAL "2"/' \ + "${S}/cmake/ssl.cmake" || die + fi +} + +# Official test instructions: +# USE='server embedded extraengine perl openssl static-libs' \ +# FEATURES='test userpriv -usersandbox' \ +# ebuild mysql-X.X.XX.ebuild \ +# digest clean package +multilib_src_test() { + + if ! multilib_is_native_abi ; then + einfo "Server tests not available on non-native abi". + return 0; + fi + + local TESTDIR="${BUILD_DIR}/mysql-test" + local retstatus_unit + local retstatus_tests + + # Bug #213475 - MySQL _will_ object strenously if your machine is named + # localhost. Also causes weird failures. + [[ "${HOSTNAME}" == "localhost" ]] && die "Your machine must NOT be named localhost" + + if use server ; then + + if [[ $UID -eq 0 ]]; then + die "Testing with FEATURES=-userpriv is no longer supported by upstream. Tests MUST be run as non-root." + fi + has usersandbox $FEATURES && ewarn "Some tests may fail with FEATURES=usersandbox" + + einfo ">>> Test phase [test]: ${CATEGORY}/${PF}" + + # Run CTest (test-units) + cmake-utils_src_test + retstatus_unit=$? + + # Ensure that parallel runs don't die + export MTR_BUILD_THREAD="$((${RANDOM} % 100))" + # Enable parallel testing, auto will try to detect number of cores + # You may set this by hand. + # The default maximum is 8 unless MTR_MAX_PARALLEL is increased + export MTR_PARALLEL="${MTR_PARALLEL:-auto}" + + # create directories because mysqladmin might right out of order + mkdir -p "${T}"/var-tests{,/log} + + # create symlink for the tests to find mysql_tzinfo_to_sql + ln -s "${BUILD_DIR}/sql/mysql_tzinfo_to_sql" "${S}/sql/" + + # These are failing in MySQL 5.5/5.6 for now and are believed to be + # false positives: + # + # main.information_schema, binlog.binlog_statement_insert_delayed, + # funcs_1.is_triggers funcs_1.is_tables_mysql, + # funcs_1.is_columns_mysql, binlog.binlog_mysqlbinlog_filter, + # perfschema.binlog_edge_mix, perfschema.binlog_edge_stmt, + # mysqld--help-notwin, funcs_1.is_triggers, funcs_1.is_tables_mysql, funcs_1.is_columns_mysql + # perfschema.binlog_edge_stmt, perfschema.binlog_edge_mix, binlog.binlog_mysqlbinlog_filter + # fails due to USE=-latin1 / utf8 default + # + # main.mysql_client_test: + # segfaults at random under Portage only, suspect resource limits. + # + # rpl.rpl_plugin_load + # fails due to included file not listed in expected result + # appears to be poor planning + # + # main.mysqlhotcopy_archive main.mysqlhotcopy_myisam + # fails due to bad cleanup of previous tests when run in parallel + # The tool is deprecated anyway + # Bug 532288 + # + # main.events_2 + # Fails on date in past without preserve causing the drop to fail + + for t in \ + binlog.binlog_mysqlbinlog_filter \ + binlog.binlog_statement_insert_delayed \ + funcs_1.is_columns_mysql \ + funcs_1.is_tables_mysql \ + funcs_1.is_triggers \ + main.information_schema \ + main.mysql_client_test \ + main.mysqld--help-notwin \ + perfschema.binlog_edge_mix \ + perfschema.binlog_edge_stmt \ + rpl.rpl_plugin_load \ + main.mysqlhotcopy_archive main.mysqlhotcopy_myisam \ + main.events_2 \ + ; do + mysql-multilib-r1_disable_test "$t" "False positives in Gentoo" + done + + if ! use extraengine ; then + # bug 401673, 530766 + for t in federated.federated_plugin ; do + mysql-multilib-r1_disable_test "$t" "Test $t requires USE=extraengine (Need federated engine)" + done + fi + + for t in main.mysql main.mysql_upgrade ; do + mysql-multilib-r1_disable_test "$t" "Test $t broken upstream - error return value not updated" + done + + # Run mysql tests + pushd "${TESTDIR}" + + # Set file limits higher so tests run + ulimit -n 3000 + + # run mysql-test tests + perl mysql-test-run.pl --force --vardir="${T}/var-tests" \ + --suite-timeout=5000 --reorder + retstatus_tests=$? +# [[ $retstatus_tests -eq 0 ]] || eerror "tests failed" +# has usersandbox $FEATURES && eerror "Some tests may fail with FEATURES=usersandbox" + + popd + + # Cleanup is important for these testcases. + pkill -9 -f "${S}/ndb" 2>/dev/null + pkill -9 -f "${S}/sql" 2>/dev/null + + failures="" + [[ $retstatus_unit -eq 0 ]] || failures="${failures} test-unit" + [[ $retstatus_tests -eq 0 ]] || failures="${failures} tests" +# has usersandbox $FEATURES && eerror "Some tests may fail with FEATURES=usersandbox" + + [[ -z "$failures" ]] || die "Test failures: $failures" + einfo "Tests successfully completed" + + else + einfo "Skipping server tests due to minimal build." + fi +} |