databases/db5: strip bins, nuke SQL opt, abandon port
(cherry picked from commit 91b6c73155beee2b2573b1dac2cf44153d34ac02)
(cherry picked from commit 64fde89d49029e00b86e66041f3dfda16725ead7)
(squashed into one commit, these are interdependent)
Security: CVE-2019-8457
The SQL option is vulnerable, and since this feature was always marked
experimental, nuke it, and backport to 2022Q1.
If someone needs the SQL interface in spite of its vulnerability,
please use: pkg lock -y db5.
MFH: 2022Q1
I am marking the port for expiry and abandoning it because I will no
longer spend the increasing efforts to play hide and seek with Oracle's
patches, or backport sometimes bigger Linux distro patches (Red Hat,
Debian, who else?), or otherwise put up with how they have changed
availability of patches, documentation, or important information.
FOR db5 USERS:
One option is to upgrade to db18, but note that db versions 6 and 18
are under the Affero GNU GPL v3 license, with implications for,
among others, software-as-a-service, and distributability of packages
linking against db. This is in stark contrast with db5's Sleepycat license.
POTENTIAL MAINTAINERS:
If someone wants to adopt this, review all the various patches in the
major other BSD distros and Linux distros, check if their patches can be
licensed under a sufficiently liberal license (ideally, MIT-like or
Sleepycat) and see what you need to import.