[ 09:37 brnrd  ]

• 469620 databases/mariadb101-server/Makefile
• 469620 databases/mariadb101-server/distinfo
• 469620 databases/mariadb101-server/files/patch-MDEV-15961
• 469620 databases/mariadb101-server/files/patch-sql-common_client.c
• 469620 databases/mariadb101-server/pkg-plist

databases/mariadb101-server: Security update to 10.1.33

 - Fix build on aarch64 [1]
 - Remove ${name}_limits for 11-STABLE [2]

PR:             227628 [1], 227434 [2], 228148 [3]
Submitted by:   Naram Qashat <cyberbotx cyberbotx com> [1]
Submitted by:   0mp [2]
Reported by:    Miroslav Lachman <000 fbsd quip cz> [3]
MFH:            2018Q2
Security:       57aec168-453e-11e8-8777-b499baebfeaf

[ 01:03 grembo  ]

• 459808 databases/mariadb101-client/files/patch-sql-common_client.c
• 459808 databases/mariadb101-server/Makefile
• 459808 databases/mariadb101-server/files/patch-sql-common_client.c
• 459808 databases/mariadb102-client/Makefile
• 459808 databases/mariadb102-client/files/patch-sql-common_client.c
• 459808 databases/mariadb102-server/Makefile
• 459808 databases/mariadb102-server/files/patch-sql-common_client.c

Fix databases/mariadb* hostname verification when building against LibreSSL

LibreSSL imported X509_check_host from BoringSSL. Unlike OpenSSL,
it doesn't calculate the length of the hostname passed in case
chklen/namelen == 0. This means that the check in MariaDB always
fails if built against LibreSSL. This forces adminstrators to disable
hostname verification, which weakens security (hence the MFH request below).

Note that the fix has no negative implications if built against OpenSSL,
as its implementation calls strlen(hostname) in case namelen == 0.

See also https://github.com/MariaDB/server/pull/562

Approved by:	ssl blanket
MFH:		2018Q1