Bug 234983

Summary: databases/mysql57-server: Update to 5.7.25 fixes multiple CVE
Product: Ports & Packages Reporter: Markus Kohlmeyer <rootservice>
Component: Individual Port(s)Assignee: Mahdi Mokhtari <mmokhi>
Status: Closed FIXED    
Severity: Affects Many People Keywords: security
Priority: --- Flags: mmokhi: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL

Description Markus Kohlmeyer 2019-01-15 23:55:29 UTC 
The (upcumming) update to MySQL 5.7.25 fixes several security issues:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-20 19:21:45 UTC 
Hi,
Just to confirm.
This is not released yet, right? (Or I coulddn't find distfiles in any MASTER_SITES?)
Comment 2 Markus Kohlmeyer 2019-01-21 10:06:55 UTC 
Yes, it's not yet released:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/
Comment 3 Markus Kohlmeyer 2019-01-21 10:30:58 UTC 
Not officially released, but present on official CDN:
https://cdn.mysql.com/Downloads/MySQL-5.7/mysql-boost-5.7.25.tar.gz
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-21 20:14:42 UTC 
Hi,

Thanks for confirmation.
Last night I got notifications about it.
I'm working on upgrades :)
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-01-21 20:41:22 UTC 
A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:40:49 UTC 2019
New revision: 490897
URL: https://svnweb.freebsd.org/changeset/ports/490897

Log:
  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/databases/mysql57-client/Makefile
  head/databases/mysql57-server/Makefile
  head/databases/mysql57-server/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-01-21 20:52:32 UTC 
A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:52:19 UTC 2019
New revision: 490899
URL: https://svnweb.freebsd.org/changeset/ports/490899

Log:
  MFH: r490897

  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

  Approved by:	ports-secteam (feld, CVE-patch blanket)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/databases/mysql57-client/Makefile
  branches/2019Q1/databases/mysql57-server/Makefile
  branches/2019Q1/databases/mysql57-server/distinfo