Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 18 Jul 2015 20:55:23 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r392451 - in head/databases: mariadb-client mariadb-server
Message-ID:  <201507182055.t6IKtNbD070554@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: feld
Date: Sat Jul 18 20:55:22 2015
New Revision: 392451
URL: https://svnweb.freebsd.org/changeset/ports/392451

Log:
  Bump PORTREVISION of the client and add pkg-message to warn about
  CVE-2015-3152 which will not get patched
  
  Security:	CVE-2015-3152
  Security:	36bd352d-299b-11e5-86ff-14dae9d210b8

Added:
  head/databases/mariadb-client/pkg-message   (contents, props changed)
Modified:
  head/databases/mariadb-client/Makefile
  head/databases/mariadb-server/Makefile

Modified: head/databases/mariadb-client/Makefile
==============================================================================
--- head/databases/mariadb-client/Makefile	Sat Jul 18 20:30:49 2015	(r392450)
+++ head/databases/mariadb-client/Makefile	Sat Jul 18 20:55:22 2015	(r392451)
@@ -2,6 +2,7 @@
 
 PORTNAME=	mariadb
 PKGNAMESUFFIX=	53-client
+PORTREVISION=	7
 
 UNIQUENAME=	${PORTNAME}${PKGNAMESUFFIX}
 
@@ -24,6 +25,7 @@ CONFLICTS=	mariadb5[4-9]-client-* \
 
 PATCHDIR=	${.CURDIR}/files
 PLIST=		${.CURDIR}/pkg-plist
+PKGMESSAGE=	${.CURDIR}/pkg-message
 
 MANS=	mysql_config.1 mysql_upgrade.1 mysql.1 mysqladmin.1 \
 	mysqlbinlog.1 mysqlbug.1 mysqlcheck.1 \

Added: head/databases/mariadb-client/pkg-message
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/databases/mariadb-client/pkg-message	Sat Jul 18 20:55:22 2015	(r392451)
@@ -0,0 +1,15 @@
+* * * * * * * * * * * * * * * * * * * * * * * *
+
+Please be aware the database client is vulnerable
+to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
+You may find more information at the following URL:
+
+http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
+
+Although this database client is not listed as
+"affected", it is vulnerable and will not be 
+receiving a patch. Please take note of this when
+deploying this software.
+
+* * * * * * * * * * * * * * * * * * * * * * * *
+

Modified: head/databases/mariadb-server/Makefile
==============================================================================
--- head/databases/mariadb-server/Makefile	Sat Jul 18 20:30:49 2015	(r392450)
+++ head/databases/mariadb-server/Makefile	Sat Jul 18 20:55:22 2015	(r392451)
@@ -2,7 +2,7 @@
 
 PORTNAME=	mariadb
 PORTVERSION=	5.3.12
-PORTREVISION=	6
+PORTREVISION?=	6
 CATEGORIES=	databases ipv6
 MASTER_SITES=	http://ftp.osuosl.org/pub/mariadb/${PORTNAME}-${PORTVERSION}/kvm-tarbake-jaunty-x86/ \
 		http://mirrors.supportex.net/mariadb/${PORTNAME}-${PORTVERSION}/kvm-tarbake-jaunty-x86/ \



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507182055.t6IKtNbD070554>