Bug 206998 - databases/mysql57-{server,client}: Update to 5.7.12
Summary: databases/mysql57-{server,client}: Update to 5.7.12
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Thomas Zander
URL: https://reviews.freebsd.org/D6159
Keywords: needs-patch, needs-qa, patch, security
Depends on: 206215 206805 208634
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-07 09:07 UTC by Mahdi Mokhtari
Modified: 2016-05-07 02:03 UTC (History)
6 users (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly+


Attachments
patch upgrades mysql57 from 5.7.10 to 5.7.11 (9.46 KB, patch)
2016-02-07 09:07 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
patch upgrades mysql5.7.10 to 5.7.11 (7.68 KB, patch)
2016-02-07 13:43 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
patch upgrades mysql57 from 5.7.10 to 5.7.11 (1.64 KB, patch)
2016-02-09 02:00 UTC, Markus Kohlmeyer
no flags Details | Diff
Complete regenerated patch for mysql57-client (includes Madhi and mine patches) (11.79 KB, patch)
2016-02-09 15:00 UTC, Markus Kohlmeyer
no flags Details | Diff
Complete regenerated patch for mysql57-server (includes Madhi and mine patches) (20.39 KB, patch)
2016-02-09 15:00 UTC, Markus Kohlmeyer
no flags Details | Diff
Patch that updates mysql5.7.10 to mysql5.7.11 (using -boots distfile/ ZLIB radio_option, all libs set to system) (15.83 KB, patch)
2016-02-10 21:46 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
patch sets libs to system, adds radio option for zlib, bumps PORTREVISION to 5 (2.08 KB, patch)
2016-02-14 21:28 UTC, Markus Kohlmeyer
no flags Details | Diff
patch updates mysql to 5.7.11, depends on my prev patch (12.93 KB, patch)
2016-02-14 21:29 UTC, Markus Kohlmeyer
no flags Details | Diff
more bugfixes, enhancements, suggestions (3.47 KB, patch)
2016-02-15 01:53 UTC, Markus Kohlmeyer
no flags Details | Diff
reworked Makefile, may contain failures (5.71 KB, text/plain)
2016-02-15 14:19 UTC, Markus Kohlmeyer
no flags Details
Bumps MySQL to 5.7.11 using bundled boost (13.33 KB, patch)
2016-03-24 14:45 UTC, Markus Kohlmeyer
no flags Details | Diff
Reworked Makefiles (4.18 KB, patch)
2016-03-24 14:46 UTC, Markus Kohlmeyer
no flags Details | Diff
Fixed rc-script (mysql_install_db), added configureable mysql_confdir option to rc-script (2.67 KB, patch)
2016-03-24 14:48 UTC, Markus Kohlmeyer
no flags Details | Diff
Create and use default confdir (PREFIX/etc/mysql), added sample my.cnf to new confdir (5.50 KB, patch)
2016-03-24 14:49 UTC, Markus Kohlmeyer
no flags Details | Diff
Unbundle LIBLZ4 and make build PIC (1.29 KB, patch)
2016-03-24 14:50 UTC, Markus Kohlmeyer
no flags Details | Diff
Move most CMAKE_ARGS out of Makefile directly into MySQL buildsystem (8.38 KB, patch)
2016-03-24 14:50 UTC, Markus Kohlmeyer
no flags Details | Diff
patch for upgrade to mysql5.7.12 (46.58 KB, patch)
2016-04-14 20:27 UTC, Markus Kohlmeyer
no flags Details | Diff
patch for update to MySQL 5.7.12 (46.38 KB, patch)
2016-04-14 20:33 UTC, Markus Kohlmeyer
no flags Details | Diff
patch for update to MySQL 5.7.12 (47.87 KB, patch)
2016-04-14 22:07 UTC, Markus Kohlmeyer
no flags Details | Diff
patch for update to MySQL 5.7.12 (47.90 KB, patch)
2016-04-14 23:15 UTC, Markus Kohlmeyer
no flags Details | Diff
patch for update to MySQL 5.7.12 (47.89 KB, patch)
2016-04-15 15:51 UTC, Markus Kohlmeyer
no flags Details | Diff
patch to update mysql port to 5.7.12, QA Done (49.42 KB, patch)
2016-04-18 13:54 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Previous patch, added '--mysqld-file=${procname}' too (49.45 KB, patch)
2016-04-18 15:09 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Vuln.xml entry for patched CVES (3.22 KB, patch)
2016-04-23 12:04 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval? (ports-secteam)
Details | Diff
Poudriere log build failure stable/10 amd64 (361.46 KB, text/x-log)
2016-04-23 12:50 UTC, Thomas Zander
no flags Details
previous patch updated to require openssl port (48.88 KB, patch)
2016-05-05 11:30 UTC, Markus Kohlmeyer
no flags Details | Diff
previous patch updated to require openssl port, minor cleanup to last patch (48.83 KB, patch)
2016-05-05 14:56 UTC, Markus Kohlmeyer
no flags Details | Diff
Revised patch with USES=mysql:57 (49.04 KB, patch)
2016-05-06 10:00 UTC, Thomas Zander
mmokhi: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-07 09:07:10 UTC
Created attachment 166699 [details]
patch upgrades mysql57 from 5.7.10 to 5.7.11

upgrade of mysql57 port is provided in attached patch.

QA:
porttest: OK (poudriere: 9.3 10.1 11.0, all options of port, tested)
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-07 09:48:45 UTC
QA:
portlint OK
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-07 09:50:42 UTC
(In reply to Mahdi Mokhtari from comment #1)
with some false-positive warnings (NO ERROR) ("WARN: Don't set port_revision on NEW PORTS" however mysql57 isn't new port)

I think we can ignore this false-positive :D
Comment 3 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-07 13:43:45 UTC
Created attachment 166705 [details]
patch upgrades mysql5.7.10 to 5.7.11

Only cleaned some No-Op diffs from patch.
Also reset PORTREVISION to 0 (because it's a new version)
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-07 13:45:19 UTC
QA:
porttest: OK (poudriere: 9.3 10.1 11.0, all options of port, tested)
portlint: OK
Comment 5 Markus Kohlmeyer 2016-02-09 02:00:18 UTC
Created attachment 166778 [details]
patch upgrades mysql57 from 5.7.10 to 5.7.11


This patch updates only the Makefile and includes following fixes:
* Use mysql-boost-VERSION.SUFFIX instead of mysql-VERSION.SUFFIX
* Use bundled boost headers instead of unneeded extra download
* Use system libedit, libevent, zlib instead of bundled ones
* Define correct INSTALL_LAYOUT
Comment 6 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-09 05:00:44 UTC
(In reply to Markus Kohlmeyer from comment #5)

Thanks for your help in it :)

> * Use mysql-boost-VERSION.SUFFIX instead of mysql-VERSION.SUFFIX

I didn't get your meaning :D

I see some unanswered things in your patch:

0- using "+PORTREVISION?=	0" not needed, my patch only deletes "+PORTREVISION?=	3"

1- what is the point of using "-DINSTALL_LAYOUT=STANDALONE"


I will merge useful points of your patch (such as libedit,ibevent,etc) in mine and after test i'll approve+ it :D

But still i'm in doubt in some points (eg, why we use libedit instead of readline).
Because using bundled ones makes port more independent :)
Comment 7 Markus Kohlmeyer 2016-02-09 11:34:56 UTC
Some short explanations of my suggested changes:

* DISTNAME, WRKSRC and -DWITH_BOOST see http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html#mysqld-5-7-11-compiling

* -DINSTALL_LAYOUT is strictly not needed because it's currently default but that may change in future, so just to be safe

* -DWITH_LIBEVENT, -DWITH_ZLIB, -DWITH_LIBEDIT should be system because the bundled ones are outdated, buggy and possibly insecure

* readline is not used (bundled) by mysql itself anymore, but libedit is, so libedit is the right way to go

* See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198812 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206215 for more explanations why we should use system libs/headers instead of bundled ones

* boost is the only lib/headers where we should use the bundled one, since the current version in ports (1.55) as well as the upcoming version (1.60) are currently incompatible with mysql
Comment 8 Markus Kohlmeyer 2016-02-09 11:40:42 UTC
(In reply to Markus Kohlmeyer from comment #7)

s/WITH_LIBEDIT/WITH_EDITLINE/
Comment 9 Markus Kohlmeyer 2016-02-09 15:00:05 UTC
Created attachment 166801 [details]
Complete regenerated patch for mysql57-client (includes Madhi and mine patches)
Comment 10 Markus Kohlmeyer 2016-02-09 15:00:47 UTC
Created attachment 166802 [details]
Complete regenerated patch for mysql57-server (includes Madhi and mine patches)
Comment 11 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-10 21:42:17 UTC
(In reply to Markus Kohlmeyer from comment #10)
Thanks for your opinions/helps.

Your patch causes orphaned files (also fails linting QA [portlint])
Also fails to configure on 9.3 (i think maybe because of libevent, though I'm not sure)

I will fix that and merge that with mine.
Also I'll Add option for choose between system/bundled ZLib (sure system will be default :D) just like OpenSSL one. for other libs no options needed IMO because libevent and editline aren't "bundled vs system" or bundled ones are not safe at all so i will make them system by default.
Comment 12 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-10 21:46:51 UTC
Created attachment 166853 [details]
Patch that updates mysql5.7.10 to mysql5.7.11 (using -boots distfile/ ZLIB radio_option, all libs set to system)

Merged My patch to upgrade and Markus' options/opinions.

All libs defaulted to system ones (but boost, which is used in mysql-boost-5.7.11 dist-file as Markus suggested ;D)

A Radio option added to let user choose between system ZLib or bundled [as it was for SSL type] (sure system ZLib is default ;D)

QA:
porttest: OK (poudriere: 9.3 10.1 11.0, all options of port, tested)
portlint: OK
Comment 13 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-10 21:47:59 UTC
Thanks to everyone :)
Now it's up to a port-committer, IMO :D
Comment 14 Markus Kohlmeyer 2016-02-10 23:24:43 UTC
Looks good now, thanks for your work Mahdi.
Comment 15 Thomas Zander freebsd_committer 2016-02-13 18:01:27 UTC
@Mokhi: If you set the report status to "in progress", committers won't take it because they assume that someone else is already "in the progress of qa/committing". Keeping it "open" until it is assigned to an actual person helps getting attention.

There is an issue with the current version of the patch. While system libz and libedit are picked up correctly, LOCALBASE/libevent is not used. Could you investigate and update the patch accordingly? Thanks.
Comment 16 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-13 18:58:20 UTC
(In reply to Thomas Zander from comment #15)
> @Mokhi: If you set the report status to "in progress", committers won't take it because they assume that someone else is already "in the progress of qa/committing". Keeping it "open" until it is assigned to an actual person helps getting attention.

Oh, i didn't know this, thanks for your emphasize :D

> There is an issue with the current version of the patch. While system libz and libedit are picked up correctly, LOCALBASE/libevent is not used. Could you investigate and update the patch accordingly? Thanks.

it uses system libevent now.
i checked it in several ways and I'm 100% sure about this :)
if you mean we can see in "make configure" log it finds LIBEDIT and LIBZ in system dirs.
but we don't see libevent (or event.h), there's an explanation for this, they just don't "MESSAGE" out anything to say this.
But if you delete LIB_DEPEND line and build it using poudriere on FBSD9.3, it fails because no "SYSTEM"libevent found.

If status verbosity matters i can patch MySQL CMake-script to make it verbose about libevent too (i actually didn't get why MySQL-guys didn't have consistency in their script-writing [to have same verbosity in same levels] :D)

If you mean other meaning than what i interpreted from your phrase ("LOCALBASE/libevent is not used"), please explain more.


Thanks a lot, Mokhi.
Comment 17 Thomas Zander freebsd_committer 2016-02-13 19:21:36 UTC
(In reply to Mahdi Mokhtari from comment #16)

Regarding the libevent issue, I was not referring to it not being mentioned during configure. I noticed this when building it in poudriere:

===========================================================================
====>> Checking shared library dependencies
 0x0000000000000001 (NEEDED)             Shared library: [libc++.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.7]
 0x0000000000000001 (NEEDED)             Shared library: [libcxxrt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libedit.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.5]
 0x0000000000000001 (NEEDED)             Shared library: [librt.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libthr.so.3]
 0x0000000000000001 (NEEDED)             Shared library: [libz.so.6]
=======================<phase: deinstall      >============================
===>  Deinstalling for mysql57-client
===>   Deinstalling mysql57-client-5.7.11

So, poudriere believes it does use libz.so and libedit.so, but not libevent.so.

I quickly checked the installed package for dynamic link to libevent.so:

# pkg info -l mysql57-client | egrep "/local/bin|lib*.so" | xargs ldd | grep event 
ldd: /usr/local/bin/mysql_config: not a dynamic executable
#

So far, it seems poudriere was right. Build log also does not indicate a static link to libevent.a.

I did not check whether it dlopen()s libevent.so during runtime, but I do not see it compile-time-linking to system libevent here.

I am happy to continue testing if you have any hints, of course.
Comment 18 Markus Kohlmeyer 2016-02-13 20:02:12 UTC
libevent is used/linked when -DWITH_INNODB_MEMCACHED=1 (default is 0)
Comment 19 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-13 20:45:47 UTC
(In reply to Markus Kohlmeyer from comment #18)
it don't be used with statically built-in InnoDB inside mysql as engine ?
Comment 20 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-13 20:46:11 UTC
(In reply to Thomas Zander from comment #17)

@Thomas
I've even checked libevent.cmake, and put logs there, it detects system libevent and doesn't use bundled one at all.

Did you tried to use options(ie, engines) ?
Or did you build it by bundled libevent too? and see if using libevent in dynamic or static shown in poudriere (I'm in doubt it'd be shown in a case, as i did and saw no result :\)

BTW, it seems it detects system libevent (as i put verbosity logs in MySQL-guys CMake-script ans ensured about this) but i dunno how it uses it (and I'm asking it from MySQL-developers)

I don't think it's currently a fatal problem (although you're the boss :D), if you see nothing fatal, i think you can commit it (and i'll patch/revise it if there was actually problem with this [i don't think there is even with 0.001% ;D])(In reply to Markus Kohlmeyer from comment #18)
Comment 21 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-13 20:58:08 UTC
@Markus: You're definitely right mate :D
@Thomas:
From MySQL-developer guys i was referred to Docs that says:

     * -DWITH_LIBEVENT=string
       Which libevent library to use. Permitted values are
       bundled (default), system, and yes. If you specify system
       or yes, the system libevent library is used if present.
       If the system library is not found, the bundled libevent
       library is used. The libevent library is required by
       InnoDB memcached.
Comment 22 Kubilay Kocak freebsd_committer freebsd_triage 2016-02-14 12:09:21 UTC
As discussed and decided on IRC with Mahdi, the changes bundled in from other issues will be removed, leaving only the version update.
Comment 23 Kubilay Kocak freebsd_committer freebsd_triage 2016-02-14 12:09:52 UTC
Comment on attachment 166853 [details]
Patch that updates mysql5.7.10 to mysql5.7.11 (using -boots distfile/ ZLIB radio_option, all libs set to system)

Pending patch that only includes version update, with updated QA confirmation
Comment 24 Markus Kohlmeyer 2016-02-14 21:28:10 UTC
Created attachment 166996 [details]
patch sets libs to system, adds radio option for zlib, bumps PORTREVISION to 5
Comment 25 Markus Kohlmeyer 2016-02-14 21:29:48 UTC
Created attachment 166997 [details]
patch updates mysql to 5.7.11, depends on my prev patch
Comment 26 Markus Kohlmeyer 2016-02-15 01:53:23 UTC
Created attachment 167010 [details]
more bugfixes, enhancements, suggestions

* Radio options for libedit, libevent, lz4 
* Add keyrings directory
* Set build type to RELEASE (avoids bloading debugcode and optimizes compilation, gets faster server)
* Set correct sysconfdir
* Enable PIC
* Disable unit tests
Comment 27 Markus Kohlmeyer 2016-02-15 02:11:09 UTC
We should also add some dependency checking for bundled vs system libs
Comment 28 Markus Kohlmeyer 2016-02-15 14:19:08 UTC
Created attachment 167027 [details]
reworked Makefile, may contain failures

This my first try to rewrite the Makefile to contain proper options and dependency checking.
It is imho not commit-ready and may contain failures.
Maybe it is of some help anyway.
Comment 29 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 14:49:53 UTC
(In reply to Markus Kohlmeyer from comment #28)

That would be okay, though many .if conditions can/should be replaced with shorter form and some lint problem should be solved.

In addition, 
In my chat with Kubilay we decided to solve every problem in its own issue.
So, We shouldnt bundle all changes in one patch (unless there's no issue for that).
And we have to wait for blocking issues(PRs) to be done too. :D

Thanks ;D
Comment 30 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 16:43:44 UTC
(In reply to Markus Kohlmeyer from comment #28)

Can you please explain, why options for LZ or libEvent needed
And also Why a condition (".if ${PORT_OPTIONS:MSSL_SYSTEM}") for using bundled_ssl ?

:D
Thanks
Comment 31 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 16:46:20 UTC
(In reply to Mahdi Mokhtari from comment #30)
As you started Re-writing Makefile, i'm keen to know, The changes you suggest are to be added respecting to MySQL57 update ? (to 5.7.11)
Comment 32 Markus Kohlmeyer 2016-02-15 17:10:58 UTC
Just ignore my last rewritten Makefile for now, it is too buggy at the moment.

I am working on a less buggy Makefile rewrite once 5.7.11 is finally in tree/ports, so we don't have to mess with too many changes at once.

Sorry for the mess :(
Comment 33 Markus Kohlmeyer 2016-02-15 17:12:33 UTC
Comment on attachment 167027 [details]
reworked Makefile, may contain failures

revoked, too buggy
Comment 34 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 17:32:34 UTC
(In reply to Markus Kohlmeyer from comment #33)
you made work extra easier ;D, thanks
Comment 36 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 18:04:32 UTC
(In reply to Markus Kohlmeyer from comment #35)
Our approach is totally using system libs instead of bundled libs :)
My point is just not having options for every single of them but just for important ones (SSL, LIBZ, and maybe one option to choose between editline/readline). :D
Comment 37 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-02-15 18:05:57 UTC
(In reply to Markus Kohlmeyer from comment #35)
And thanks for useful links, personally i'll read/study them :)
Comment 38 Markus Kohlmeyer 2016-03-13 15:32:28 UTC
Any progress?
Comment 39 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-03-13 16:02:53 UTC
(In reply to Markus Kohlmeyer from comment #38)
Waiting for dependencies to be committed.
Sorry if it's taking time more than expected.
Comment 40 Markus Kohlmeyer 2016-03-13 16:13:35 UTC
boost-libs-1.60? Won't work without extra patches for MySQL-5.7.11 (works *only* with boost-libs 1.59)
Comment 41 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-03-13 19:32:18 UTC
(In reply to Markus Kohlmeyer from comment #40)
boost-libs-1.60?
I didn't talk about it! 
I meant dependencies of this "issue".

I don't mind to make mysql57 to work with boost160. (at least for now :D)
Comment 42 Markus Kohlmeyer 2016-03-13 21:18:44 UTC
Bugfix 206805 is already in tree and should be removed as depend.
Who has to commit 198812, maybe somebody should send him/her a reminder?
Comment 43 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-03-14 08:28:12 UTC
(In reply to Markus Kohlmeyer from comment #42)
206805 is in tree, but because of 'merge-quarterly' flag it's still open. (maybe we can omit it from dependencies)

About 198812, i will drop mail (and i dropped before :D) dunno why he doesn't respond, maybe he is extra busy.
BTW, i personally am so sorry because of this.
Comment 44 Markus Kohlmeyer 2016-03-24 14:45:43 UTC
Created attachment 168565 [details]
Bumps MySQL to 5.7.11 using bundled boost
Comment 45 Markus Kohlmeyer 2016-03-24 14:46:45 UTC
Created attachment 168566 [details]
Reworked Makefiles
Comment 46 Markus Kohlmeyer 2016-03-24 14:48:04 UTC
Created attachment 168567 [details]
Fixed rc-script (mysql_install_db), added configureable mysql_confdir option to rc-script
Comment 47 Markus Kohlmeyer 2016-03-24 14:49:15 UTC
Created attachment 168568 [details]
Create and use default confdir (PREFIX/etc/mysql), added sample my.cnf to new confdir
Comment 48 Markus Kohlmeyer 2016-03-24 14:50:01 UTC
Created attachment 168570 [details]
Unbundle LIBLZ4 and make build PIC
Comment 49 Markus Kohlmeyer 2016-03-24 14:50:52 UTC
Created attachment 168572 [details]
Move most CMAKE_ARGS out of Makefile directly into MySQL buildsystem
Comment 50 Markus Kohlmeyer 2016-03-24 14:54:58 UTC
This is a patchset to fully upgrade MySQL to 5.7.11 and fixing all outstanding bugs.
Additionally providing a well tested (in production since MySQL 5.0) my.cnf.sample

Changelog:
Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168565
* Bumps MySQL to 5.7.11 using bundled boost

Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168566
* Reworked Makefiles, no functional changes, but needs rebuild
* PORTREVISION bumped

Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168567
* Fixed rc-script (mysql_install_db)
* Added configureable mysql_confdir option to rc-script
* PORTREVISION bumped

Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168568
* Create and use default confdir (PREFIX/etc/mysql)
* Added sample my.cnf to new confdir
* PORTREVISION bumped

Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168570
* Unbundle LIBLZ4 and make build PIC
* PORTREVISION bumped

Patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168572
* Move most CMAKE_ARGS out of Makefile directly into MySQL buildsystem
  by patching the FREEBSD install layout (cmake/install_layout.cmake)
* This patch should be sent upstream to Oracle
* PORTREVISION bumped


Build and tests done only on FreeBSD 10.2/10.3 (in production for two weeks)

Hopefully this helps.
Comment 51 Markus Kohlmeyer 2016-03-24 15:10:04 UTC
Forgot to mention, that users should be advised (ports/UPDATING and/or pkg-message) to move their existing my.cnf to PREFIX/etc/mysql/my.cnf and overlook it for any needed changes.
Comment 52 Markus Kohlmeyer 2016-04-12 17:07:57 UTC
Should i rebase my patchset to go directly to 5.7.12?
Comment 53 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-12 18:20:40 UTC
(In reply to Markus Kohlmeyer from comment #52)
I actually had a plan to do that, and also re-base patches regarding to latest changes that was made recently.

I'd be very happy if you do this. (Also please comment your QA-pass confirmations too).
I suggest you to wait for dependencies to be committed to make you works easier.
Though I'm thinking about revising my decision about depending our MySQL57 works to 56 (cause ale@ seems to be extra busy and this made us lost tracking of 5.7.11).
What you think about this ?

Thanks and regards, Mokhi.
Comment 54 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-12 18:23:02 UTC
(In reply to Mahdi Mokhtari from comment #53)
Also please mark out-dated patches as obsoletes.
After your rebasing I'll reword title/subject of bug as 'Update to 5.7.12'.

Again, thanks for your helps in it ;)
Comment 55 Markus Kohlmeyer 2016-04-12 18:40:22 UTC
OK, i will rework the patches for 5.7.12 and also try to backport them to last 5.6.

QA is not mine, but i'll do build and runtime checks on my 10.3 production system for 5.7 and on a virtual 10.3 testing maschine for 5.6.

QA like portlint, poudriere etc have to be done by others, sorry.


Do you prefer multiple patches like the last ones or one big all-in-one patch?
Comment 56 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-12 19:22:29 UTC
(In reply to Markus Kohlmeyer from comment #55)
> OK, i will rework the patches for 5.7.12 and also try to backport them to last 5.6.

> QA is not mine, but i'll do build and runtime checks on my 10.3 production system for 5.7 and on a virtual 10.3 testing maschine for 5.6.

> QA like portlint, poudriere etc have to be done by others, sorry.
No problem, i'll do QA myself ;)
I suggest we do focus on 5.7 and not wait for 5.6 as its approve+ may take long time (and we miss 5.7.12 like we missed 5.7.11)

> Do you prefer multiple patches like the last ones or one big all-in-one patch?
Basically, i think principle of working with issue-tracking is to have simple small issues/patches in seperate.
I suggest not have a big patch that doesn't show which issue it's trying to fix.
I suggest if there are unrelated issues are being fixed in these patches, open issue for them, attach patches, And I'll immediately approve+ ;)
And with this strategy we'll have only one patch that really is for upgrade to 5.7.12 process.

What do you think about this ?
Comment 57 Markus Kohlmeyer 2016-04-12 19:45:40 UTC
OK, then i'll prepare a series of as small as possible patches (issue by issue) starting with the plain update to 5.7.12 and then REVbumping for each issue.

BTW: When i'm at it, should i also unbundle zlib ultimately by reverting https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198812 and setting -DWITH_ZLIB to system as we do with the other libs?
Comment 58 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-12 20:32:12 UTC
(In reply to Markus Kohlmeyer from comment #57)
The patch at "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198812" unbundles ZLIB, i think.
If you mean how to make our work independent from mysql56, no worries i'll talk ppl to come and take part of this that relates to us and commit it (in this case issue will remain open because of 5.6, but we can continue our work cause 5.7 will be committed)
Did i got our meaning correctly ?
Comment 59 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-12 20:32:30 UTC
(In reply to Mahdi Mokhtari from comment #58)
*our -> your
Comment 60 Markus Kohlmeyer 2016-04-12 21:54:59 UTC
Yes, i got it (before).

I mean that i would remove the configure option to choose between bundled and system zlib as introduced by 198812



I stumbled over the first bug in 5.7.12:
We have to disable the new rapid protocol (default is enable) as it will pull in system boost instead of the bundled boost and therefor fails to build. This should be reported upstream to Oracle.
Comment 61 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-13 10:22:24 UTC
(In reply to Markus Kohlmeyer from comment #60)
> I mean that i would remove the configure option to choose between bundled and system zlib as introduced by 198812
I believe letting it stay as is now, will help us focus on handing as more issues as possible.
I suggest let is be as is now (cause at least it works and i confirm its QA), after all other works done, we can change it.

> I stumbled over the first bug in 5.7.12:
We have to disable the new rapid protocol (default is enable) as it will pull in system boost instead of the bundled boost and therefor fails to build. This should be reported upstream to Oracle.
Okay i'll look at logs you attached at "208759" and will report it ;)
Comment 62 Markus Kohlmeyer 2016-04-13 10:47:35 UTC
(In reply to Mahdi Mokhtari from comment #61)

208759 is a different issue which seems to be a problem of libressl

The rapid plugin/protocol issue is, that when it is enabled, it uses the system headers for boost (1.55/1.60) instead of the bunndled ones (1.59) ignoring the -DWITH_BOOST configure option. This breaks the build becaause of version mismatch and incompatibility.
Comment 63 Markus Kohlmeyer 2016-04-13 10:51:58 UTC
To reproduce the rapid issue use https://bugs.freebsd.org/bugzilla/attachment.cgi?id=169269 and remove the -DWITH_RAPID line from mysql57-server/Makefile
Comment 64 Markus Kohlmeyer 2016-04-14 20:27:42 UTC
Created attachment 169320 [details]
patch for upgrade to mysql5.7.12

* Update to MySQL 5.7.12
* Use the new mysql-boost-5.7.x.tar.gz distfiles
* Unbundling all libs except boost and protobuf
* Fix issue with RAPID and boost
* Fix rc-script (mysql_install_db)
* Added configureable mysql_confdir option to rc-script
* Create and use new default confdir (PREFIX/etc/mysql)
* Added new sample my.cnf to newly created confdir
* Added temporary fallback for past my.cnf default location
* Make the build PIC to enhance security and avoid bugs like 208759
Comment 65 Markus Kohlmeyer 2016-04-14 20:33:52 UTC
Created attachment 169321 [details]
patch for update to MySQL 5.7.12

* Update to MySQL 5.7.12
* Use the new mysql-boost-5.7.x.tar.gz distfiles
* Unbundling all libs except boost and protobuf
* Fix issue with RAPID and boost
* Fix rc-script (mysql_install_db)
* Added configureable mysql_confdir option to rc-script
* Create and use new default confdir (PREFIX/etc/mysql)
* Added new sample my.cnf to newly created confdir
* Added temporary fallback for past my.cnf default location
* Make the build PIC to enhance security and avoid bugs like 208759
Comment 66 Markus Kohlmeyer 2016-04-14 22:07:42 UTC
Created attachment 169324 [details]
patch for update to MySQL 5.7.12

* Update to MySQL 5.7.12
* Use the new mysql-boost-5.7.x.tar.gz distfiles
* Unbundling all libs except boost and protobuf
* Fix issue with RAPID and boost
* Fix rc-script (mysql_install_db)
* Added configureable mysql_confdir option to rc-script
* Create and use new default confdir (PREFIX/etc/mysql)
* Added new sample my.cnf to newly created confdir
* Added temporary fallback for past my.cnf default location
* Make the build PIC to enhance security and avoid bugs like 208759
Comment 67 Markus Kohlmeyer 2016-04-14 23:15:58 UTC
Created attachment 169325 [details]
patch for update to MySQL 5.7.12

This should be the final version of the patch, sorry for the mess.


Builds, installs and runs fine on 10.3.

QA will be done by Mahdi Mokhtari
Comment 68 Markus Kohlmeyer 2016-04-15 15:51:11 UTC
Created attachment 169343 [details]
patch for update to MySQL 5.7.12

Small update of patch as discussed with maintainer by mail

Thanks for the great team-work!
Comment 69 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-18 13:52:06 UTC
Hi.
Finally i successfully did QA :) \o/
QA:
portlint: Okay with no error
poudriere: Okay for FreeBSD 11.X 10.X 9.X

For 9.X there was small problems, that made me add little parts to previous patch.
Nothing serious was not omitted from previous, just moved some parts to right sections of MAkefiles to convince portlint and added little patch for FreeBSD9.X specifically ;)

I'll attach new patch :D
Comment 70 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-18 13:54:03 UTC
Created attachment 169433 [details]
patch to update mysql port to 5.7.12, QA Done

Patch generated with Svn diff to against HEAD to make comitting process easier :)
Comment 71 Markus Kohlmeyer 2016-04-18 14:42:14 UTC
Two things you missed in your patch:

* mysql57-server/files/mysql-server.in
  mysql_install_db_args needs --mysqld-file=${procname}

* mysql57-server/Makefile
  post-extract is not needed,
  or i missed the references for why that files must be removed
Comment 72 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-18 14:59:52 UTC
(In reply to Markus Kohlmeyer from comment #71)
> * mysql57-server/files/mysql-server.in
>  mysql_install_db_args needs --mysqld-file=${procname}
I didn't change this file !
Just applied you patch and made my changes on Makefile and added little patch file too.
Was this change applied in your previous patch?
BTW i'll add it right now :)

> * mysql57-server/Makefile
>  post-extract is not needed,
>  or i missed the references for why that files must be removed
these files are autogenerated files and will be generated during build-time.
I'm not sure why mysql-dev didnt deleted these, but not deleting these files results in build failure on 10.1 and 9.X.
I'll inform mysql-dev, but till then let is stay there IMO :)
Comment 73 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-18 15:09:52 UTC
Created attachment 169437 [details]
Previous patch, added '--mysqld-file=${procname}' too

(In reply to Markus Kohlmeyer from comment #71)
>  mysql_install_db_args needs --mysqld-file=${procname}
Added ;)
Yet, i can't understand how it changed from your patch while i didnt change it :D
Comment 74 Markus Kohlmeyer 2016-04-18 16:19:29 UTC
OK, thanks for the clarification.

208634 can be commited right away without REVbump since it changes nothing functional, only cosmetic.
Comment 75 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-18 16:36:29 UTC
(In reply to Markus Kohlmeyer from comment #74)
> OK, thanks for the clarification.
np ;), thanks for all helps you've done for this port :D
It was great team work indeed ;)

> 208634 can be commited right away without REVbump since it changes nothing functional, only cosmetic.
I see no problem too.
Specially because, after applying this current issue, REVs should be reset to EMPTY (being omitted) and bug 208634 should committed before this current issue :)

BTW, thanks again (and good job ;D).
I think, the only thing we should do, is waiting for this to be committed in.
Comment 76 Markus Kohlmeyer 2016-04-20 12:45:49 UTC
This has to go in now, as this update fixes 29 CVE
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL
Comment 77 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-20 12:56:53 UTC
(In reply to Markus Kohlmeyer from comment #76)
I agree :)
Comment 78 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-20 17:53:31 UTC
 	
reassigned it to "FreeBSD ports mailing list" so that a port-committer can take it to commit :)
Comment 79 Markus Kohlmeyer 2016-04-20 23:21:35 UTC
As a reminder for port commiters:

This update fixes 29 CVE for MySQL <5.7.12 of which at least 4 are remotely exploitable without authentication:

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL


Changelog:
* Update to MySQL 5.7.12
* Use the new mysql-boost-5.7.x.tar.gz distfiles
* Unbundling all libs except boost and protobuf
* Fix build problem with RAPID and boost
* Fix rc-script (mysql_install_db)
* Added configureable mysql_confdir option to rc-script
* Create and use new default confdir (PREFIX/etc/mysql)
* Added new sample my.cnf to newly created confdir
* Added temporary fallback for past my.cnf default location
* Make the build PIC to enhance security
Comment 80 Jason Unovitch freebsd_committer 2016-04-22 01:30:23 UTC
Tag appropriately with security per Oracle Critical Patch Update Advisory - April 2016:

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

"MySQL Server, version(s) 5.5.48 and prior, 5.6.29 and prior, 5.7.11 and prior"
Comment 81 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 08:27:19 UTC
FWIW, Regarding to CVEs solved with this upgrade, I'm working on VuXML for solved/patched issues :)
Comment 82 Thomas Zander freebsd_committer 2016-04-23 10:52:43 UTC
(In reply to Mahdi Mokhtari from comment #78)

This does not build on a standard stable/10 amd64 box due to the SSL linking issue:

[ 65%] Linking C static library libmysqlclient.a
cd /wrkdirs/usr/ports/databases/mysql57-client/work/.build/libmysql && /usr/local/bin/cmake -P CMakeFiles/mysqlclient.dir/cmake_clean_target.cmake
--- libmysql/CMakeFiles/libmysql.dir/all ---
/usr/bin/ld: /usr/lib/libssl.a(ssl_err.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC
/usr/lib/libssl.a: could not read symbols: Bad value
--- libmysql/CMakeFiles/mysqlclient.dir/all ---
cd /wrkdirs/usr/ports/databases/mysql57-client/work/.build/libmysql && /usr/local/bin/cmake -E cmake_link_script CMakeFiles/mysqlclient.dir/link.txt --verbose=1
--- libmysql/CMakeFiles/libmysql.dir/all ---
c++: error: linker command failed with exit code 1 (use -v to see invocation)
*** [libmysql/libmysqlclient.so.20] Error code 1

It may have been resolved for libressl, but by dafault, the port still links to base ssl and the above error occurs.
Comment 83 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 12:04:32 UTC
Created attachment 169592 [details]
Vuln.xml entry for patched CVES
Comment 84 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 12:05:42 UTC
(In reply to Thomas Zander from comment #82)
It builds okay on 10.3 and 10.1.
I can attach build logs if it helps.
Comment 85 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 12:07:23 UTC
(In reply to Thomas Zander from comment #82)
I think the problem you're talking about, is because bug 208759.
I'm not sure the fix of bug 208759 went into 10/stable or not ?
Comment 86 Thomas Zander freebsd_committer 2016-04-23 12:13:30 UTC
(In reply to Mahdi Mokhtari from comment #85)

Bug 208759 only discusses the libressl port. At least the audit trail from this bug does not say anything about changing the cflags for openssl in base.
Does this build for you? With openssl in base on stable/10 amd64?
Comment 87 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 12:33:29 UTC
(In reply to Thomas Zander from comment #86)
I've tested on 10.3-release and 10.1.
Gonna test for 10/stable now ...
Comment 88 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 12:34:18 UTC
FWIW.
As I told before, i've tested on 11-current 10.3 10.1 and 9.X/stable
Comment 89 Thomas Zander freebsd_committer 2016-04-23 12:50:35 UTC
Created attachment 169598 [details]
Poudriere log build failure stable/10 amd64

Build log attached for your review.
Comment 90 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 14:13:51 UTC
(In reply to Thomas Zander from comment #89)
Mine builds okay on 10.3 i386 poudriere.
Can you please do a test on it too?
I'm doing a test on 10.3 amd64 myself again.
Comment 91 Thomas Zander freebsd_committer 2016-04-23 16:11:56 UTC
10.3-R/amd64 builds fine here too
Comment 92 Thomas Zander freebsd_committer 2016-04-23 16:12:26 UTC
(In reply to Thomas Zander from comment #91)

Rubbish. I mean 10.3-R/i386 builds fine here, sorry.
Comment 93 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-23 17:40:26 UTC
(In reply to Thomas Zander from comment #92)
10.X-stable/i386 builds fine here too.
Maybe problem is with amd64s.
Let me check it (if you've checked such thing on any platforms please feedback here ;D)
Comment 94 Markus Kohlmeyer 2016-04-28 10:35:46 UTC
What are the results of your investigations? Can we get this committed soon or are we waiting for new patches?

If openssl from base is the problem, we can depend on ports openssl/libressl until base is fixed.

Please keep in mind that this update fixes several critical remote exploits, so it has to go in tree asap.
Comment 95 Thomas Zander freebsd_committer 2016-04-28 20:38:24 UTC
Return to pool, so any ports committer can grab as soon as revised patch becomes available.
Comment 96 Bernard Spil freebsd_committer 2016-04-30 12:09:44 UTC
Vuxml entry handled in D6159
Comment 97 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-04-30 12:13:56 UTC
(In reply to Bernard Spil from comment #96)
Thanks :)
I've attached link to URL:
Comment 98 Markus Kohlmeyer 2016-05-04 22:47:26 UTC
Maybe i missed something, therefor let me ask again:
What is the current state of this update?
I mean, it contains fixes for several serious security bugs and the update is imho ready for more than two weeks now.
Comment 99 Thomas Zander freebsd_committer 2016-05-05 05:55:25 UTC
(In reply to Markus Kohlmeyer from comment #98)

What is currently missing is maintainer's decision what to do with the build failures on amd64. In comment 93 he indicated that he was going to investigate the best solution.
Comment 100 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-05 08:35:00 UTC
(In reply to Thomas Zander from comment #99)
AFAIU, it can be solved if you re-build openssl-base with -fPIC, but it has heavy cost cause if you rebuild that you maybe have to rebuild all things that are depended on it.
I reported upstream, but no answer yet :(
I tried to find out why it needs ssl as shared (and why versions before didn't force it)? But still I found no difference.

sorry for my delay for solving it.
Comment 101 Markus Kohlmeyer 2016-05-05 09:21:13 UTC
(In reply to Thomas Zander from comment #89)
You are building with ccache, can you confirm this without ccache?

Maybe the same cause as https://lists.freebsd.org/pipermail/freebsd-ports/2013-September/085851.html
Comment 102 Thomas Zander freebsd_committer 2016-05-05 10:21:15 UTC
(In reply to Markus Kohlmeyer from comment #101)

Just tested without ccache, same issue.

The linker tells us already what the problem is. It wants libssl to be compiled with -fPIC. This is not done by default in the base system. We cannot tell users to rebuild parts of the base system with non-default flags to make a port work. Remaining options:
1) patch mysql57 sources / build system
2) Use openssl from ports. It's already in the Makefile for pre-10.x systems. Just tested it for 10.3 amd64. Compiles like a charm.
3) Something entirely different
Comment 103 Markus Kohlmeyer 2016-05-05 11:30:15 UTC
Created attachment 169982 [details]
previous patch updated to require openssl port


This is the previous patch updated to require openssl/libressl ports by setting WITH_OPENSSL_PORT in the Makefile.

Please test it and report back, thanks.
Comment 104 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-05 14:17:48 UTC
(In reply to Markus Kohlmeyer from comment #103)
About openssl from ports, what if users installed it for some other applications ?
Should we force them to reinstall it ?
I personally think "1) patch mysql57 sources / build system" is better option.
What you think about it ?
Comment 105 Markus Kohlmeyer 2016-05-05 14:38:47 UTC
If openssl/libressl from ports is already installed it will not be rebuild, so everything is fine.

We can reintroduce the option to choose between openssl from base or ports once the linking problem is fixed upstream (which will not be before 5.7.13 or even later).
Comment 106 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-05 14:48:42 UTC
(In reply to Markus Kohlmeyer from comment #105)
I dont say it will rebuild it, but i ask if ssl of port is already installed and was not built with -fPIC, building process will fail, doesnt ?
If you're sure it doesnt fail, we can force Makefile to only choose port-ssl then.
Seems okay for you ?
Comment 107 Markus Kohlmeyer 2016-05-05 14:56:03 UTC
Created attachment 169994 [details]
previous patch updated to require openssl port, minor cleanup to last patch


Ah, i see your point now.

Since we recently had security updates to openssl/libressl in ports, they should be build already with -fPIC and if not, users should rebuild/update openssl/libressl anyhow, so i don't see a real problem for us here now.
Comment 108 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-05 17:31:57 UTC
(In reply to Markus Kohlmeyer from comment #79)
But what if user doesn't like to rebuild their ssl with -fPIC? Should we force them? Is it correct option to do?
Comment 109 Markus Kohlmeyer 2016-05-05 18:06:14 UTC
IMHO, as i don't know the FreeBSD policy or best practice in such cases:
I would care on security and not on users missing critical updates.
But again: That is IMHO only.

Maybe ports-secteam@ should decide what to do?


I myself tested only on FreeBSD 10.3-RELEASE amd64 / 10-STABLE amd64 with current security/openssl (1.0.2h) and security/libressl (2.3.4) and all four builds had no problems.



BTW: I can't even understand why after about 20 years -fPIC is not the default, same for SSP.
Comment 110 Thomas Zander freebsd_committer 2016-05-05 20:06:05 UTC
(In reply to Mahdi Mokhtari from comment #108)

The whole thing a complete non-issue with openssl from ports!
Building mysql57 with the default port/package of openssl just works. No rebuilding ssl, no tweaking, no nothing.
The ONLY thing that needs to be done is for YOU to change the mysql port to use openssl from ports instead of the base openssl.
Comment 111 Markus Kohlmeyer 2016-05-05 20:12:27 UTC
(In reply to Thomas Zander from comment #110)

That change is done in my last patch.
Comment 112 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-06 05:58:39 UTC
(In reply to Markus Kohlmeyer from comment #111)
Then if build was okay for your 10.3-amd 64 without any problems.
We can force this version to use ports' openssl/libressl.
Then let me do a QA on patch an I'll approve it.
Comment 113 Thomas Zander freebsd_committer 2016-05-06 10:00:59 UTC
Created attachment 170041 [details]
Revised patch with USES=mysql:57

Tiny revision of Markus's patch: Recently, USE_MYSQL has been deprecated on head. It is still being evaluated, that's why I kept the .ifdef USE_MYSQL check in, but replaced USE/WANT_MYSQL with USES+=mysql:57

Port builds fine here on 9.3 and 10.3, i386 and amd64.
Comment 114 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-06 13:31:23 UTC
Comment on attachment 170041 [details]
Revised patch with USES=mysql:57

Okay, portlint QA is okay too :)
thanks for revision Thomas.
Good job all ;)

Approve+ed
Comment 115 Markus Kohlmeyer 2016-05-06 14:18:43 UTC
Thanks for your work too.
Comment 116 commit-hook freebsd_committer 2016-05-06 14:40:43 UTC
A commit references this bug:

Author: riggs
Date: Fri May  6 14:40:05 UTC 2016
New revision: 414707
URL: https://svnweb.freebsd.org/changeset/ports/414707

Log:
  Update to 5.7.12, fixing 31 partially critical vulnerabilities

  List of vulnerabilities is documented on:
  http://vuxml.freebsd.org/freebsd/8c2b2f11-0ebe-11e6-b55e-b499baebfeaf.html
  CVE IDs see below.

  PR:		206998
  Submitted by:	mokhi64@gmail.com (maintainer)
  Reviewed by:	rootservice@gmail.com
  Approved by:	mokhi64@gmail.com (maintainer)
  MFH:		2016Q2
  Security:	CVE-2016-0705
  		CVE-2016-0639
  		CVE-2015-3194
  		CVE-2016-0640
  		CVE-2016-0641
  		CVE-2016-3461
  		CVE-2016-2047
  		CVE-2016-0642
  		CVE-2016-0643
  		CVE-2016-0644
  		CVE-2016-0646
  		CVE-2016-0647
  		CVE-2016-0648
  		CVE-2016-0649
  		CVE-2016-0650
  		CVE-2016-0652
  		CVE-2016-0653
  		CVE-2016-0654
  		CVE-2016-0655
  		CVE-2016-0656
  		CVE-2016-0657
  		CVE-2016-0658
  		CVE-2016-0651
  		CVE-2016-0659
  		CVE-2016-0661
  		CVE-2016-0662
  		CVE-2016-0663
  		CVE-2016-0665
  		CVE-2016-0666
  		CVE-2016-0667
  		CVE-2016-0668

Changes:
  head/databases/mysql57-client/Makefile
  head/databases/mysql57-client/files/patch-CMakeLists.txt
  head/databases/mysql57-client/files/patch-client_CMakeLists.txt
  head/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake
  head/databases/mysql57-client/files/patch-cmake_os_DragonFly.cmake
  head/databases/mysql57-client/files/patch-cmd-line-utils_libedit_chartype.h
  head/databases/mysql57-client/files/patch-cmd-line-utils_libedit_vi.c
  head/databases/mysql57-client/files/patch-extra_CMakeLists.txt
  head/databases/mysql57-client/files/patch-include_CMakeLists.txt
  head/databases/mysql57-client/files/patch-include_my__compare.h
  head/databases/mysql57-client/files/patch-include_myisam.h
  head/databases/mysql57-client/files/patch-libmysql_CMakeLists.txt
  head/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc
  head/databases/mysql57-client/files/patch-scripts_CMakeLists.txt
  head/databases/mysql57-client/files/patch-storage_myisam_mi__dynrec.c
  head/databases/mysql57-client/files/patch-support-files_CMakeLists.txt
  head/databases/mysql57-client/pkg-plist
  head/databases/mysql57-server/Makefile
  head/databases/mysql57-server/distinfo
  head/databases/mysql57-server/files/my.cnf.sample.in
  head/databases/mysql57-server/files/mysql-server.in
  head/databases/mysql57-server/files/patch-CMakeLists.txt
  head/databases/mysql57-server/files/patch-client_CMakeLists.txt
  head/databases/mysql57-server/files/patch-cmake_plugin.cmake
  head/databases/mysql57-server/files/patch-cmd-line-utils_libedit_chartype.h
  head/databases/mysql57-server/files/patch-cmd-line-utils_libedit_vi.c
  head/databases/mysql57-server/files/patch-include_CMakeLists.txt
  head/databases/mysql57-server/files/patch-include_my__compare.h
  head/databases/mysql57-server/files/patch-include_my__thread__os__id.h
  head/databases/mysql57-server/files/patch-include_myisam.h
  head/databases/mysql57-server/files/patch-libmysql_CMakeLists.txt
  head/databases/mysql57-server/files/patch-libservices_CMakeLists.txt
  head/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc
  head/databases/mysql57-server/files/patch-plugin_password__validation_validate__password.cc
  head/databases/mysql57-server/files/patch-rapid_plugin_x_CMakeLists.txt
  head/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake
  head/databases/mysql57-server/files/patch-rapid_unittest_gunit_xplugin_CMakeLists.txt
  head/databases/mysql57-server/files/patch-scripts_CMakeLists.txt
  head/databases/mysql57-server/files/patch-sql_CMakeLists.txt
  head/databases/mysql57-server/files/patch-sql_conn__handler_socket__connection.cc
  head/databases/mysql57-server/files/patch-sql_json__dom.h
  head/databases/mysql57-server/files/patch-sql_sql__view.cc
  head/databases/mysql57-server/files/patch-sql_sys__vars.cc
  head/databases/mysql57-server/files/patch-storage_innobase_buf_buf0buf.cc
  head/databases/mysql57-server/files/patch-storage_innobase_dict_dict0stats.cc
  head/databases/mysql57-server/files/patch-storage_innobase_include_srv0mon.h
  head/databases/mysql57-server/files/patch-storage_innobase_sync_sync0debug.cc
  head/databases/mysql57-server/files/patch-storage_myisam_mi__dynrec.c
  head/databases/mysql57-server/files/patch-support-files_CMakeLists.txt
  head/databases/mysql57-server/files/rapid_plugin-patch-_x_mysqlxtest__src_mysqlxtest.cc
  head/databases/mysql57-server/pkg-message
  head/databases/mysql57-server/pkg-plist
Comment 117 commit-hook freebsd_committer 2016-05-06 18:01:09 UTC
A commit references this bug:

Author: riggs
Date: Fri May  6 18:00:43 UTC 2016
New revision: 414715
URL: https://svnweb.freebsd.org/changeset/ports/414715

Log:
  MFH: r414707

  Update to 5.7.12, fixing 31 partially critical vulnerabilities

  List of vulnerabilities is documented on:
  http://vuxml.freebsd.org/freebsd/8c2b2f11-0ebe-11e6-b55e-b499baebfeaf.html
  CVE IDs see below.

  PR:		206998
  Submitted by:	mokhi64@gmail.com (maintainer)
  Reviewed by:	rootservice@gmail.com
  Approved by:	ports-secteam (feld), mokhi64@gmail.com (maintainer)
  Security:	CVE-2016-0705
  		CVE-2016-0639
  		CVE-2015-3194
  		CVE-2016-0640
  		CVE-2016-0641
  		CVE-2016-3461
  		CVE-2016-2047
  		CVE-2016-0642
  		CVE-2016-0643
  		CVE-2016-0644
  		CVE-2016-0646
  		CVE-2016-0647
  		CVE-2016-0648
  		CVE-2016-0649
  		CVE-2016-0650
  		CVE-2016-0652
  		CVE-2016-0653
  		CVE-2016-0654
  		CVE-2016-0655
  		CVE-2016-0656
  		CVE-2016-0657
  		CVE-2016-0658
  		CVE-2016-0651
  		CVE-2016-0659
  		CVE-2016-0661
  		CVE-2016-0662
  		CVE-2016-0663
  		CVE-2016-0665
  		CVE-2016-0666
  		CVE-2016-0667
  		CVE-2016-0668

Changes:
_U  branches/2016Q2/
  branches/2016Q2/databases/mysql57-client/Makefile
  branches/2016Q2/databases/mysql57-client/files/patch-CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-client_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake
  branches/2016Q2/databases/mysql57-client/files/patch-cmake_os_DragonFly.cmake
  branches/2016Q2/databases/mysql57-client/files/patch-cmd-line-utils_libedit_chartype.h
  branches/2016Q2/databases/mysql57-client/files/patch-cmd-line-utils_libedit_vi.c
  branches/2016Q2/databases/mysql57-client/files/patch-extra_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-include_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-include_my__compare.h
  branches/2016Q2/databases/mysql57-client/files/patch-include_myisam.h
  branches/2016Q2/databases/mysql57-client/files/patch-libmysql_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-man_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc
  branches/2016Q2/databases/mysql57-client/files/patch-scripts_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/files/patch-storage_myisam_mi__dynrec.c
  branches/2016Q2/databases/mysql57-client/files/patch-support-files_CMakeLists.txt
  branches/2016Q2/databases/mysql57-client/pkg-plist
  branches/2016Q2/databases/mysql57-server/Makefile
  branches/2016Q2/databases/mysql57-server/distinfo
  branches/2016Q2/databases/mysql57-server/files/my.cnf.sample.in
  branches/2016Q2/databases/mysql57-server/files/mysql-server.in
  branches/2016Q2/databases/mysql57-server/files/patch-CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-client_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-cmake_plugin.cmake
  branches/2016Q2/databases/mysql57-server/files/patch-cmd-line-utils_libedit_chartype.h
  branches/2016Q2/databases/mysql57-server/files/patch-cmd-line-utils_libedit_vi.c
  branches/2016Q2/databases/mysql57-server/files/patch-include_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-include_my__compare.h
  branches/2016Q2/databases/mysql57-server/files/patch-include_my__thread__os__id.h
  branches/2016Q2/databases/mysql57-server/files/patch-include_myisam.h
  branches/2016Q2/databases/mysql57-server/files/patch-libmysql_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-libservices_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc
  branches/2016Q2/databases/mysql57-server/files/patch-plugin_password__validation_validate__password.cc
  branches/2016Q2/databases/mysql57-server/files/patch-rapid_plugin_x_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake
  branches/2016Q2/databases/mysql57-server/files/patch-rapid_unittest_gunit_xplugin_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-scripts_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-sql_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/patch-sql_conn__handler_socket__connection.cc
  branches/2016Q2/databases/mysql57-server/files/patch-sql_json__dom.h
  branches/2016Q2/databases/mysql57-server/files/patch-sql_sql__view.cc
  branches/2016Q2/databases/mysql57-server/files/patch-sql_sys__vars.cc
  branches/2016Q2/databases/mysql57-server/files/patch-storage_innobase_buf_buf0buf.cc
  branches/2016Q2/databases/mysql57-server/files/patch-storage_innobase_dict_dict0stats.cc
  branches/2016Q2/databases/mysql57-server/files/patch-storage_innobase_include_srv0mon.h
  branches/2016Q2/databases/mysql57-server/files/patch-storage_innobase_sync_sync0debug.cc
  branches/2016Q2/databases/mysql57-server/files/patch-storage_myisam_mi__dynrec.c
  branches/2016Q2/databases/mysql57-server/files/patch-support-files_CMakeLists.txt
  branches/2016Q2/databases/mysql57-server/files/rapid_plugin-patch-_x_mysqlxtest__src_mysqlxtest.cc
  branches/2016Q2/databases/mysql57-server/pkg-message
  branches/2016Q2/databases/mysql57-server/pkg-plist
Comment 118 Thomas Zander freebsd_committer 2016-05-06 18:04:09 UTC
This was a tough piece of work. Thanks Markus and Mokhi for pushing and getting it ready! Well done!
Comment 119 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-05-07 02:03:56 UTC
(In reply to Thomas Zander from comment #118)
(In reply to Markus Kohlmeyer from comment #115)
Thanks :) good job ;)