Re: git: 64fde89d4902 - main - databases/db5: nuke SQL option and abandon port
Date: Mon, 07 Feb 2022 20:31:13 UTC
On 1/26/22 15:01, Matthias Andree wrote: > The branch main has been updated by mandree: > > URL:https://cgit.FreeBSD.org/ports/commit/?id=64fde89d49029e00b86e66041f3dfda16725ead7 > > commit 64fde89d49029e00b86e66041f3dfda16725ead7 > Author: Matthias Andree<mandree@FreeBSD.org> > AuthorDate: 2022-01-26 22:41:18 +0000 > Commit: Matthias Andree<mandree@FreeBSD.org> > CommitDate: 2022-01-26 22:59:35 +0000 > > databases/db5: nuke SQL option and abandon port > > Security: CVE-2019-8457 > > The SQL option is vulnerable, and since this feature was always marked > experimental, nuke it, and backport to 2022Q1. > If someone needs the SQL interface in spite of its vulnerability, > please use: pkg lock -y db5. > > MFH: 2022Q1 > > I am marking the port for expiry and abandoning it because I will no > longer spend the increasing efforts to play hide and seek with Oracle's > patches, or backport sometimes bigger Linux distro patches (Red Hat, > Debian, who else?), or otherwise put up with how they have changed > availability of patches, documentation, or important information. > > FOR db5 USERS: > > One option is to upgrade to db18, but note that db versions 6 and 18 > are under the Affero GNU GPL v3 license, with implications for, > among others, software-as-a-service, and distributability of packages > linking against db. This is in stark contrast with db5's Sleepycat license. > > POTENTIAL MAINTAINERS: > > If someone wants to adopt this, review all the various patches in the > major other BSD distros and Linux distros, check if their patches can be > licensed under a sufficiently liberal license (ideally, MIT-like or > Sleepycat) and see what you need to import. I see that this change leaves us with the BDB_DEFAULT version of bdb marked for deprecation (see appended). Should the default change to 18? Craig Message from db5-5.3.28_8: -- ===> NOTICE: The db5 port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://docs.freebsd.org/en/articles/contributing/#ports-contributing -- ===> NOTICE: This port is deprecated; you may wish to reconsider installing it: EOLd, potential security issues, maybe use db18 instead. It is scheduled to be removed on or after 2022-06-30.