Oracle released MySQL 5.7.22 which fixes multiple CVEs
A commit references this bug: Author: mmokhi Date: Fri Apr 20 10:47:55 UTC 2018 New revision: 467819 URL: https://svnweb.freebsd.org/changeset/ports/467819 Log: mysql57-{client, server}: Update port to 5.7.22 This update includes fixes for multiple CVEs including: CVE-2018-2755 in replication component, MySQL protocol CVE-2018-2805 in GIS extention CVE-2018-2782 in InnoDB and more info on http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL PR: 227621 Reported by: Markus Kohlmeyer <rootservice@gmail.com> Sponsored by: Netzkommune GmbH Changes: head/databases/mysql57-client/Makefile head/databases/mysql57-server/Makefile head/databases/mysql57-server/distinfo head/databases/mysql57-server/pkg-plist
Thanks committed.
I'm having trouble building MySQL since the upgrade to 5.7.22. Please let me know if you'd like me to open a new bug for this. The error is /usr/local/libexec/ccache/c++ -fPIC -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -isystem /usr/local/include -Wall -Wextra -Wformat-security -Wvla -Woverloaded-virtual -Wno-unused-parameter -Wno-null-conversion -Wno-unused-private-field -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -isystem /usr/local/include -DDBUG_OFF -fPIC -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -L/usr/local/lib -Wl,-rpath,/usr/local/lib -fstack-protector -shared -o authentication_ldap_sasl_client.so CMakeFiles/authentication_ldap_sasl_client.dir/auth_ldap_sasl_client.cc.o CMakeFiles/authentication_ldap_sasl_client.dir/log_client.cc.o -pthread -L/usr/local/lib -R/usr/local/lib -lsasl2 c++: error: unknown argument: '-R/usr/local/lib' *** Error code 1 The offending hunk appears to be --- mysql-5.7.21/libmysql/authentication_ldap/CMakeLists.txt 2017-12-27 22:46:26. 000000000 -0500 +++ mysql-5.7.22/libmysql/authentication_ldap/CMakeLists.txt 2018-03-04 08:40:40. 000000000 -0500 @@ -48,7 +53,9 @@ # IF someone like can build the cyrus sasl library on windows and build LDAP authen tication sasl client as well. IF (CMAKE_SYSTEM_NAME MATCHES "SunOS") SET(SASL_LIBRARY "sasl") -ELSE () +ELSEIF(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") + SET(SASL_LIBRARY "-L/usr/local/lib -R/usr/local/lib -lsasl2") +ELSE() SET(SASL_LIBRARY "sasl2") ENDIF ()
(In reply to John W. O'Brien from comment #3) Thanks for reporting. I already tested it and haven't seen the mismatch. gonna look at it deeper. About your question for new PR, I think it's fine, We can track the issue here :D
Created attachment 192730 [details] pourdiere testport output showing build failure (In reply to Mahdi Mokhtari from comment #4) Thank you. Here is the full testport output from my system. Let me know what other information I could provide to help narrow it down. FWIW, I located the full upstream patch, though I don't what what the bug number in the summary references. https://github.com/mysql/mysql-server/commit/4bae6fe90b3d2514ffc3386442db73af613bedc1
(In reply to John W. O'Brien from comment #5) Thanks for the build-log. I was to write the hunk you pasted isn't in our patch-set anymore because it was merged to upstream (and this part was existing in CMake-script from older releases). Anyway, I tried the build with all different options on 11.x and CURRENT, and comparing it to your build-log I see maybe it's something 10.4-related. (as you can check my log here: https://dpaste.de/BwCN#L2039 it uses the -R flag without any problems on 11.1 `:D). I'll play with it more (and I'd appreciate if you can also do a clean-env build on 10.4 as well, if it's not already and clean-env ``:D). I'll update you on any discoveries ASASP :D
Ok, yes. With a new fresh 10.4 jail setup, I confirm the issue exist on 10.4 (and only on that :D). I'll try to patch it :)
Fixed in r468035 :) thanks for reporting :) [I close it, but feel free to re-open it in case there was issue regarding this].
A commit references this bug: Author: mmokhi Date: Sun May 6 16:03:05 UTC 2018 New revision: 469236 URL: https://svnweb.freebsd.org/changeset/ports/469236 Log: MFH: r467819 r468035 mysql57-{client, server}: Update port to 5.7.22 This update includes fixes for multiple CVEs including: CVE-2018-2755 in replication component, MySQL protocol CVE-2018-2805 in GIS extention CVE-2018-2782 in InnoDB and more info on http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL PR: 227621 Reported by: Markus Kohlmeyer <rootservice@gmail.com> Sponsored by: Netzkommune GmbH databases/mysql57-client: Fix build with 10.x default compiler/linker The upstream seems merged our local-patches but added a -R flag to its `c++` [actually ld] command. The -R $DIR is like -rpath on 11.x and CURRENT bases but not on 10.x We then use -rpath to make sure it works on all supported bases. Reported by: John W. O'Brien <john@saltant.com> Sponsored by: Netzkommune GmbH Approved by: ports-secteam (feld) Changes: _U branches/2018Q2/ branches/2018Q2/databases/mysql57-client/Makefile branches/2018Q2/databases/mysql57-client/files/patch-libmysql_authentication__ldap_CMakeLists.txt branches/2018Q2/databases/mysql57-server/Makefile branches/2018Q2/databases/mysql57-server/distinfo branches/2018Q2/databases/mysql57-server/pkg-plist