From 033844c44df13da70d9ca19e4ad057b9e730aef6 Mon Sep 17 00:00:00 2001 From: Ryan Coe Date: Mon, 10 Jun 2019 16:30:25 -0700 Subject: [PATCH] package/mariadb: security bump to version 10.3.15 The licensing text in README.md has changed slightly. The reference to COPYING.LESSER has been removed. The file itself has been gone for awhile now. COPYING.thirdparty has also been renamed to THIRDPARTY. Release notes: https://mariadb.com/kb/en/library/mariadb-10315-release-notes/ Changelog: https://mariadb.com/kb/en/mariadb-10315-changelog/ Fixes the following security vulnerabilities: CVE-2019-2614 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2019-2627 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2019-2628 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Signed-off-by: Ryan Coe Signed-off-by: Thomas Petazzoni --- package/mariadb/mariadb.hash | 12 ++++++------ package/mariadb/mariadb.mk | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package/mariadb/mariadb.hash b/package/mariadb/mariadb.hash index db24f7bb9b..1f478013c8 100644 --- a/package/mariadb/mariadb.hash +++ b/package/mariadb/mariadb.hash @@ -1,9 +1,9 @@ -# From https://downloads.mariadb.org/mariadb/10.3.13 -md5 603ce42e35b9a688f2cca05275acb5cb mariadb-10.3.13.tar.gz -sha1 08467885412184e99b835732913d445fd2c4b1b3 mariadb-10.3.13.tar.gz -sha256 b2aa857ef5b84f85a7ea60a1eac7b34c0ca5151c71a0d44ce2d7fb028d71459a mariadb-10.3.13.tar.gz -sha512 3cbd93291aa43b235e5b81d953ea69fb32df54fb518f922f69b5485952f01fae693c77b0efac37f414ed7ff132d3b58f899812bdb7be8a5b344c3640e2c3a0dd mariadb-10.3.13.tar.gz +# From https://downloads.mariadb.org/mariadb/10.3.15 +md5 08edd8b5060a181e6dd3c6aac23218cd mariadb-10.3.15.tar.gz +sha1 134f6a1ee6bf3048580eca945a51cb3c9bda7cbe mariadb-10.3.15.tar.gz +sha256 27f391a54d544f93850d4edfb3ef1b4cf24f8e27e61e51727b0e7d31bb4d6968 mariadb-10.3.15.tar.gz +sha512 35332ac32cba27fef1b4ddd2209236853f4309756fd121fbdbd2b6be0651e817cedc80e276b89ccfa4bc76760811434fab45a4d380d0ebd500c7d9bd7377fe93 mariadb-10.3.15.tar.gz # Hash for license files -sha256 43f4b5b13cecbbdb04a180cbf6c2bd64237819d1a32165b7d475c1b392e6a8d1 README.md +sha256 a4665c1189fe31e0bbc27e9b55439df7dad6e99805407fe58d78da7aabe678f8 README.md sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk index 356dd29af3..cfb08eb664 100644 --- a/package/mariadb/mariadb.mk +++ b/package/mariadb/mariadb.mk @@ -4,7 +4,7 @@ # ################################################################################ -MARIADB_VERSION = 10.3.13 +MARIADB_VERSION = 10.3.15 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library) # Tarball no longer contains LGPL license text -- 2.30.2