From: Ryan Coe <bluemrp9@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] mariadb: security bump version to 10.3.11
Date: Fri, 28 Dec 2018 17:12:19 -0800 [thread overview]
Message-ID: <20181229011219.851-1-bluemrp9@gmail.com> (raw)
Remove 0002-cmake-fix-ucontext-dection.path as it is now upstream.
Hash updated for README.md because upstream changed bug report links.
Release notes: https://mariadb.com/kb/en/mariadb-10311-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10311-changelog/
Fixes the following security vulnerabilities:
CVE-2018-3282 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Storage Engines). Supported versions that are affected
are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2016-9843 - The crc32_big function in crc32.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact via vectors involving
big-endian CRC calculation.
CVE-2018-3174 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Supported versions that are affected are
5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
Difficult to exploit vulnerability allows high privileged attacker with logon
to the infrastructure where MySQL Server executes to compromise MySQL Server.
While the vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-3143 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-3156 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-3251 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-3185 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access
to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity
and Availability impacts).
CVE-2018-3277 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-3162 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-3173 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-3200 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-3284 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and
prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
---
.../0002-cmake-fix-ucontext-detection.patch | 44 -------------------
package/mariadb/mariadb.hash | 12 ++---
package/mariadb/mariadb.mk | 2 +-
3 files changed, 7 insertions(+), 51 deletions(-)
delete mode 100644 package/mariadb/0002-cmake-fix-ucontext-detection.patch
diff --git a/package/mariadb/0002-cmake-fix-ucontext-detection.patch b/package/mariadb/0002-cmake-fix-ucontext-detection.patch
deleted file mode 100644
index fff43e821e..0000000000
--- a/package/mariadb/0002-cmake-fix-ucontext-detection.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 3c8d309616295045745e778000c0185eec4b21d9 Mon Sep 17 00:00:00 2001
-From: Bernd Kuhls <bernd.kuhls@t-online.de>
-Date: Sun, 7 Oct 2018 14:25:59 +0200
-Subject: [PATCH] cmake: fix ucontext detection
-
-On some archs uclibc does not provide the ucontext structure despite
-providing ucontext.h, for details see
-https://git.buildroot.net/buildroot/commit/?id=f1cbfeea95e6287c7a666aafc182ffa318eff262
-
-This patch improves the detection of ucontext by making sure that
-HAVE_UCONTEXT_H is only set when makecontext() was found.
-
-Patch sent upstream: https://github.com/MariaDB/server/pull/878
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- configure.cmake | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/configure.cmake b/configure.cmake
-index d840dd4e565..a5df355ac42 100644
---- a/configure.cmake
-+++ b/configure.cmake
-@@ -986,12 +986,12 @@ CHECK_STRUCT_HAS_MEMBER("struct sockaddr_in6" sin6_len
-
- SET(CMAKE_EXTRA_INCLUDE_FILES)
-
--CHECK_INCLUDE_FILE(ucontext.h HAVE_UCONTEXT_H)
--IF(NOT HAVE_UCONTEXT_H)
-- CHECK_INCLUDE_FILE(sys/ucontext.h HAVE_UCONTEXT_H)
-+CHECK_INCLUDE_FILE(ucontext.h HAVE_FILE_UCONTEXT_H)
-+IF(NOT HAVE_FILE_UCONTEXT_H)
-+ CHECK_INCLUDE_FILE(sys/ucontext.h HAVE_FILE_UCONTEXT_H)
- ENDIF()
--IF(HAVE_UCONTEXT_H)
-- CHECK_FUNCTION_EXISTS(makecontext HAVE_UCONTEXT_H)
-+IF(HAVE_FILE_UCONTEXT_H)
-+ CHECK_FUNCTION_EXISTS(makecontext HAVE_UCONTEXT_H)
- ENDIF()
-
- CHECK_STRUCT_HAS_MEMBER("struct timespec" tv_sec "time.h" STRUCT_TIMESPEC_HAS_TV_SEC)
---
-2.19.0
-
diff --git a/package/mariadb/mariadb.hash b/package/mariadb/mariadb.hash
index 5b01b03dfc..f68eb40224 100644
--- a/package/mariadb/mariadb.hash
+++ b/package/mariadb/mariadb.hash
@@ -1,9 +1,9 @@
-# From https://downloads.mariadb.org/mariadb/10.3.10
-md5 a63e00179d5e09b63bf71860a19a5507 mariadb-10.3.10.tar.gz
-sha1 187b3e3d7bcc6a4b03a2ca79b8d1930a6fcc76b2 mariadb-10.3.10.tar.gz
-sha256 57767c048982811c7ab21d8527f6f36aa897386e8c7235f11b5505a924d68eda mariadb-10.3.10.tar.gz
-sha512 dee7789dff359a6352ceacb2db6bcb4730940e9458adda4e23894f9bfa0a7ff8c238060bffca58a60b662275e52a31ea1784d51fae114312b003c024e9412b31 mariadb-10.3.10.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.3.11
+md5 e13ab133060886cda814d68ebd1dc27b mariadb-10.3.11.tar.gz
+sha1 7b75d7ec06642f26ce197e07f5ba16283061cc87 mariadb-10.3.11.tar.gz
+sha256 211655b794c9d5397ba3be6c90737eac02e882f296268299239db47ba328f1b2 mariadb-10.3.11.tar.gz
+sha512 1adc1f9bbabf848726c669a7a0ab01257ba31882758b53fbf3b1316f2295670dba1c3d1f3292d7c1a749c701504588694a55d020839e690595897b0e20435298 mariadb-10.3.11.tar.gz
# Hash for license files
-sha256 5baa5057c525cacc9f7814215582ac150e5bb0b0007aa8f6ebc50a5c1b7a496d README.md
+sha256 a298aaf95cb7e594d15b29ae6b5a9ee22a2be4344379fd29304df4e0f19f695a README.md
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk
index 06d6365fab..e17649209a 100644
--- a/package/mariadb/mariadb.mk
+++ b/package/mariadb/mariadb.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MARIADB_VERSION = 10.3.10
+MARIADB_VERSION = 10.3.11
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
# Tarball no longer contains LGPL license text
--
2.20.1
next reply other threads:[~2018-12-29 1:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-29 1:12 Ryan Coe [this message]
2018-12-30 15:37 ` [Buildroot] [PATCH 1/1] mariadb: security bump version to 10.3.11 Thomas Petazzoni
2019-01-18 14:58 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181229011219.851-1-bluemrp9@gmail.com \
--to=bluemrp9@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox