From nobody Wed Jan 26 23:01:59 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C48E3198BCF4; Wed, 26 Jan 2022 23:02:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JkfP506Lxz3MD1; Wed, 26 Jan 2022 23:02:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643238121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Pp8+6qi9V+81cANHOLeXUQkE22+98QGQqk1LEAM92Dk=; b=ZOBXtQTu7xCB/nU9wleoGnaqtynpwIGU8o4CfyJf/Mqq/8ETRnusTnC5mhWvBPRHJ/ODxE 2h7RhKUv/f4tZ3jXHvddh8maf3VutTI1OllqLIh/aYO/TfGr+6vBzb9Rxl8sHdnj/SUVsp prfJiGldxhQFubrwteooETaZ49yF97eL5U2WbX3TgkAnrfy6rinK3RjTAl0bYjpsvkPKt8 j7Kcsb0VUN7hwtZmC1Cd0yX2EzZ5+Cb5I8OIQlrkqA0azKfj6xoAqmpq0C5IZYlXbBZymh Ddi+wHX5y0qVtnruDmmKf23AaBDijG+bggaksrxEQgcsj5iIXRSb1QzBlb/d3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C6ED3761; Wed, 26 Jan 2022 23:01:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20QN1x9Y006454; Wed, 26 Jan 2022 23:01:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20QN1xnD006453; Wed, 26 Jan 2022 23:01:59 GMT (envelope-from git) Date: Wed, 26 Jan 2022 23:01:59 GMT Message-Id: <202201262301.20QN1xnD006453@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 64fde89d4902 - main - databases/db5: nuke SQL option and abandon port List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 64fde89d49029e00b86e66041f3dfda16725ead7 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643238121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Pp8+6qi9V+81cANHOLeXUQkE22+98QGQqk1LEAM92Dk=; b=BgOyrWwMEvXzzX2WOnOOpu0qMrIvDHntuX3xi+aeNo+Hg7NDkrHnZCsw8eIOIkV5J5D4/w 3YhTqoo86cSgeJmcVC9kZR7AhPXzWTHNXw2W2Pm3CiqOXYV2ZNiQ0nhLmEk7Gf43hnpgam rtc1+R7c7dFl2VDSlCVbwbGjqOsQWZb5iDLO3VVNDIxObDLbzzSjDSVyPbyohKKkk8xhXl qKUcj6KXdkfPODwxO76PJ5hLNpFnJ+2R5dm7JW/JZFmyXN09//rvUsc9C38sWxFcAo9Dp0 d2nZ5SeI25wg66gHGVgs0hdcXlI4bLP3xBiwiSeyVrJt75AcFMvyl+PCRz17Xw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643238121; a=rsa-sha256; cv=none; b=rYyfFLoy639bsEEws3NN74uwjPshDiUTDmoxvFmtXQ5gNscj1thW/ze0AXPZpspdNIgOrK 2P9y1laWuEBRyZXHpkqLHhwHZM8FfzBwOr4A5GMohY5IiVtDG+yUMCpaof0l9zHa/vF68q BOQGjt40LgrCWdA5yaFKIalsVGf4a3IdQrInBNFX0nzjAembxgowlzuN6k2zkz3aMtnNFD ivR90aaISjTCLcqK8bhk04v/5arnD3ltX1bOuUknNbpwifSCcBFSo6W8Rxr8XKRyoLrdDe 971oU1X5fVKYKVUQYAlLx26NmYw7ffyfNZPSGwKOzJwM/CIbmjSpJuZe2wEbEA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=64fde89d49029e00b86e66041f3dfda16725ead7 commit 64fde89d49029e00b86e66041f3dfda16725ead7 Author: Matthias Andree AuthorDate: 2022-01-26 22:41:18 +0000 Commit: Matthias Andree CommitDate: 2022-01-26 22:59:35 +0000 databases/db5: nuke SQL option and abandon port Security: CVE-2019-8457 The SQL option is vulnerable, and since this feature was always marked experimental, nuke it, and backport to 2022Q1. If someone needs the SQL interface in spite of its vulnerability, please use: pkg lock -y db5. MFH: 2022Q1 I am marking the port for expiry and abandoning it because I will no longer spend the increasing efforts to play hide and seek with Oracle's patches, or backport sometimes bigger Linux distro patches (Red Hat, Debian, who else?), or otherwise put up with how they have changed availability of patches, documentation, or important information. FOR db5 USERS: One option is to upgrade to db18, but note that db versions 6 and 18 are under the Affero GNU GPL v3 license, with implications for, among others, software-as-a-service, and distributability of packages linking against db. This is in stark contrast with db5's Sleepycat license. POTENTIAL MAINTAINERS: If someone wants to adopt this, review all the various patches in the major other BSD distros and Linux distros, check if their patches can be licensed under a sufficiently liberal license (ideally, MIT-like or Sleepycat) and see what you need to import. --- databases/db5/Makefile | 16 +++++++--------- databases/db5/pkg-plist | 18 ------------------ 2 files changed, 7 insertions(+), 27 deletions(-) diff --git a/databases/db5/Makefile b/databases/db5/Makefile index 2b9082e1120e..9c8e8d0f84fd 100644 --- a/databases/db5/Makefile +++ b/databases/db5/Makefile @@ -2,7 +2,7 @@ PORTNAME= db5 PORTVERSION= 5.3.28 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= databases java MASTER_SITES= https://download.oracle.com/berkeley-db/ PKGNAMEPREFIX?= @@ -11,7 +11,10 @@ PKGNAMEPREFIX?= DISTNAME= db-${PORTVERSION} DIST_SUBDIR= bdb -MAINTAINER= mandree@FreeBSD.org +DEPRECATED= EOLd, upstream hiding patches, potential security issues +EXPIRATION_DATE=2022-06-30 + +MAINTAINER= ports@FreeBSD.org COMMENT= Oracle Berkeley DB, revision ${BDBVER} LICENSE= SLEEPYCAT @@ -38,12 +41,11 @@ PLIST_SUB= BDBMAJ=${BDBMAJ} BDBVER=${BDBVER} MAKE_ARGS+= docdir=${DOCSDIR} CFLAGS+= -Wall -Wextra -OPTIONS_DEFINE= CRYPTO DEBUG L10N SQL JAVA TCL DOCS +OPTIONS_DEFINE= CRYPTO DEBUG L10N JAVA TCL DOCS OPTIONS_DEFAULT=CRYPTO OPTIONS_SUB= yes CRYPTO_DESC= Cryptography support L10N_DESC= Localization support (EXPERIMENTAL) -SQL_DESC= Enable SQL API (EXPERIMENTAL) PORTDOCS= * @@ -52,8 +54,6 @@ DBLIBS= libdb libdb_cxx libdb_stl DEBUG_CONFIGURE_ENABLE= debug umrw CRYPTO_CONFIGURE_WITH= cryptography=yes L10N_CONFIGURE_ENABLE= localization -SQL_CONFIGURE_ENABLE= sql sql_codegen -SQL_VARS= DBLIBS+=libdb_sql JAVA_USE= java # db5 is incompatible with openjdk8 and causes IllegalArgument # exceptions during build @@ -83,6 +83,7 @@ post-patch: post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/db5/db_* + ${RM} -r ${STAGEDIR}${DOCSDIR}/bdb-sql .for i in ${DBLIBS} ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${PORTNAME}/${i}-${BDBVER}.so.0 ${LN} -s -f ${PORTNAME}/${i}-${BDBVER}.so.0 ${STAGEDIR}${PREFIX}/lib @@ -101,9 +102,6 @@ post-install-JAVA-off: ${RM} -r ${STAGEDIR}${DOCSDIR}/${i}/JAVA .endfor -post-install-SQL-off: - ${RM} -r ${STAGEDIR}${DOCSDIR}/bdb-sql - post-install-TCL-on: echo "package ifneeded Db_tcl ${BDBVER} \ [list load [file join $$dir libdb_tcl-${BDBVER}.so]] \ diff --git a/databases/db5/pkg-plist b/databases/db5/pkg-plist index 4786815e655c..2a94abad7208 100644 --- a/databases/db5/pkg-plist +++ b/databases/db5/pkg-plist @@ -9,12 +9,10 @@ bin/db5/db_log_verify bin/db5/db_printlog bin/db5/db_recover bin/db5/db_replicate -%%SQL%%bin/db5/db_sql_codegen bin/db5/db_stat bin/db5/db_tuner bin/db5/db_upgrade bin/db5/db_verify -%%SQL%%bin/db5/dbsql bin/db_archive-%%BDBMAJ%% bin/db_archive-%%BDBVER%% bin/db_checkpoint-%%BDBMAJ%% @@ -37,8 +35,6 @@ bin/db_recover-%%BDBMAJ%% bin/db_recover-%%BDBVER%% bin/db_replicate-%%BDBMAJ%% bin/db_replicate-%%BDBVER%% -%%SQL%%bin/db_sql_codegen-%%BDBMAJ%% -%%SQL%%bin/db_sql_codegen-%%BDBVER%% bin/db_stat-%%BDBMAJ%% bin/db_stat-%%BDBVER%% bin/db_tuner-%%BDBMAJ%% @@ -47,12 +43,9 @@ bin/db_upgrade-%%BDBMAJ%% bin/db_upgrade-%%BDBVER%% bin/db_verify-%%BDBMAJ%% bin/db_verify-%%BDBVER%% -%%SQL%%bin/dbsql-%%BDBMAJ%% -%%SQL%%bin/dbsql-%%BDBVER%% include/db5/db.h include/db5/db_185.h include/db5/db_cxx.h -%%SQL%%include/db5/dbsql.h include/db5/dbstl_base_iterator.h include/db5/dbstl_common.h include/db5/dbstl_container.h @@ -89,13 +82,6 @@ lib/db5/libdb_cxx.so %%JAVA%%lib/db5/libdb_java.a %%JAVA%%lib/db5/libdb_java.so %%JAVA%%lib/db5/libdb_java-%%BDBMAJ%%.so -%%SQL%%lib/db5/libdb_sql-%%BDBVER%%.a -%%SQL%%lib/db5/libdb_sql-%%BDBVER%%.so -%%SQL%%lib/db5/libdb_sql-%%BDBVER%%.so.0 -%%SQL%%lib/db5/libdb_sql-%%BDBVER%%.so.0.0.0 -%%SQL%%lib/db5/libdb_sql.a -%%SQL%%lib/db5/libdb_sql.so -%%SQL%%lib/db5/libdb_sql-%%BDBMAJ%%.so lib/db5/libdb_stl-%%BDBVER%%.a lib/db5/libdb_stl-%%BDBVER%%.so lib/db5/libdb_stl-%%BDBVER%%.so.0 @@ -115,10 +101,6 @@ lib/libdb_cxx-%%BDBVER%%.so.0 %%JAVA%%lib/libdb_java-%%BDBMAJ%%.so.0 %%JAVA%%lib/libdb_java-%%BDBVER%%.so %%JAVA%%lib/libdb_java-%%BDBVER%%.so.0 -%%SQL%%lib/libdb_sql-%%BDBMAJ%%.so -%%SQL%%lib/libdb_sql-%%BDBMAJ%%.so.0 -%%SQL%%lib/libdb_sql-%%BDBVER%%.so -%%SQL%%lib/libdb_sql-%%BDBVER%%.so.0 lib/libdb_stl-%%BDBMAJ%%.so lib/libdb_stl-%%BDBMAJ%%.so.0 lib/libdb_stl-%%BDBVER%%.so