Bug 234984

Summary: databases/mysql80-server: Update to 8.0.14 fixes multiple CVE
Product: Ports & Packages Reporter: Markus Kohlmeyer <rootservice>
Component: Individual Port(s)Assignee: Mahdi Mokhtari <mmokhi>
Status: Closed FIXED    
Severity: Affects Many People Keywords: security
Priority: --- Flags: mmokhi: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL

Description Markus Kohlmeyer 2019-01-15 23:57:37 UTC 
The (upcumming) update to MySQL 8.0.14 fixes several security issues:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-20 19:21:12 UTC 
(In reply to Markus Kohlmeyer from comment #0)
Hi,
Just to confirm.
This is not released yet, right? (Or I coulddn't find distfiles in any MASTER_SITES?)
Comment 2 Markus Kohlmeyer 2019-01-21 10:06:29 UTC 
Yes, it's not yet released:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/
Comment 3 Markus Kohlmeyer 2019-01-21 10:30:29 UTC 
Not officially released, but present on official CDN:
https://cdn.mysql.com/Downloads/MySQL-8.0/mysql-boost-8.0.14.tar.gz
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-21 20:15:51 UTC 
Hi,

Thanks for confirmation.
Last night I got notifications about it.
I'm working on upgrade.
Probably after easier mysql56 and 57 ones :)
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-01-26 18:36:23 UTC 
A commit references this bug:

Author: mmokhi
Date: Sat Jan 26 18:36:17 UTC 2019
New revision: 491308
URL: https://svnweb.freebsd.org/changeset/ports/491308

Log:
  databases/mysql80-{client, server}: Update to latest release 8.0.14
  This update (released on Jan 21st) includes:
  Bugs Fixed:
    Important Change: Fix importing a dump from a MySQL 5.7 server 8.0 failure.
      (ER_WRONG_VALUE_FOR_VAR, when an unsupported [by 8.0] SQL mode was used).
      The behavior of the server in such circumstances now depends on the setting of the
      `pseudo_slave_mode` system variable.
      If this is false, the server rejects the mode setting with ER_UNSUPPORTED_SQL_MODE.
      Otherwise, server just gives a warning. (Bug #90337, Bug #27828236).

    InnoDB: Properly initialize the static thread-local 'tables' variable in
      the TempTable storage engine (on Solaris X86) was not properly initialized.
      (Bug #28987365)

    InnoDB: Fix incorrect lock order caused a deadlock when one thread attempted to
      drop a table while another created an encrypted tablespace. (Bug #28774259)

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-14.html

  While here, Adapt some local patches with new upstream changes.

  PR:		234984
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/databases/mysql80-client/Makefile
  head/databases/mysql80-client/files/patch-CMakeLists.txt
  head/databases/mysql80-client/files/patch-man_CMakeLists.txt
  head/databases/mysql80-client/files/patch-utilities_CMakeLists.txt
  head/databases/mysql80-server/Makefile
  head/databases/mysql80-server/distinfo
  head/databases/mysql80-server/files/patch-CMakeLists.txt
  head/databases/mysql80-server/files/patch-client_CMakeLists.txt
  head/databases/mysql80-server/files/patch-libmysql_CMakeLists.txt
  head/databases/mysql80-server/files/patch-man_CMakeLists.txt
  head/databases/mysql80-server/files/patch-sql_conn__handler_socket__connection.cc
  head/databases/mysql80-server/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-01-26 18:42:29 UTC 
A commit references this bug:

Author: mmokhi
Date: Sat Jan 26 18:42:25 UTC 2019
New revision: 491309
URL: https://svnweb.freebsd.org/changeset/ports/491309

Log:
  MFH: r491308

  databases/mysql80-{client, server}: Update to latest release 8.0.14
  This update (released on Jan 21st) includes:
  Bugs Fixed:
    Important Change: Fix importing a dump from a MySQL 5.7 server 8.0 failure.
      (ER_WRONG_VALUE_FOR_VAR, when an unsupported [by 8.0] SQL mode was used).
      The behavior of the server in such circumstances now depends on the setting of the
      `pseudo_slave_mode` system variable.
      If this is false, the server rejects the mode setting with ER_UNSUPPORTED_SQL_MODE.
      Otherwise, server just gives a warning. (Bug #90337, Bug #27828236).

    InnoDB: Properly initialize the static thread-local 'tables' variable in
      the TempTable storage engine (on Solaris X86) was not properly initialized.
      (Bug #28987365)

    InnoDB: Fix incorrect lock order caused a deadlock when one thread attempted to
      drop a table while another created an encrypted tablespace. (Bug #28774259)

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-14.html

  While here, Adapt some local patches with new upstream changes.

  PR:		234984
  Sponsored by:	The FreeBSD Foundation

  Approved by:	ports-secteam (feld, CVE-patch blanket)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/databases/mysql80-client/Makefile
  branches/2019Q1/databases/mysql80-client/files/patch-CMakeLists.txt
  branches/2019Q1/databases/mysql80-client/files/patch-man_CMakeLists.txt
  branches/2019Q1/databases/mysql80-client/files/patch-utilities_CMakeLists.txt
  branches/2019Q1/databases/mysql80-server/Makefile
  branches/2019Q1/databases/mysql80-server/distinfo
  branches/2019Q1/databases/mysql80-server/files/patch-CMakeLists.txt
  branches/2019Q1/databases/mysql80-server/files/patch-client_CMakeLists.txt
  branches/2019Q1/databases/mysql80-server/files/patch-libmysql_CMakeLists.txt
  branches/2019Q1/databases/mysql80-server/files/patch-man_CMakeLists.txt
  branches/2019Q1/databases/mysql80-server/files/patch-sql_conn__handler_socket__connection.cc
  branches/2019Q1/databases/mysql80-server/pkg-plist
Comment 7 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-26 18:46:56 UTC 
Committed, Thanks.