Bug 212690 - databases/mysql57-server databases/mysql57-client update to 5.7.15 to fix CVE 2016-6662
Summary: databases/mysql57-server databases/mysql57-client update to 5.7.15 to fix CVE...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Thomas Zander
URL: https://dev.mysql.com/doc/relnotes/my...
Keywords: patch-ready
Depends on:
Blocks: 212612
  Show dependency treegraph
 
Reported: 2016-09-14 16:44 UTC by Mahdi Mokhtari
Modified: 2016-09-19 12:32 UTC (History)
1 user (show)

See Also:
riggs: merge-quarterly+


Attachments
Patch updates mysql ports to 5.7.15 (7.21 KB, patch)
2016-09-14 16:48 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Patch updates mysql ports to 5.7.15 and fixes build on 9.X (8.64 KB, patch)
2016-09-15 18:10 UTC, Mahdi Mokhtari
no flags Details | Diff
Complete Patch updates mysql ports to 5.7.15 and fixes build on 9.X (9.67 KB, patch)
2016-09-16 15:16 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-14 16:44:47 UTC
A bug is already opened for CVE 2016-6662 (code execution security issue on MySQL and its forks)
Oracle released fixed version on  5.7.15.
The attached patch upgrades ports (server and client) from 5.7.13 to 5.7.15
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-14 16:48:49 UTC
Created attachment 174783 [details]
Patch updates mysql ports to 5.7.15

QA done (poudriere and portlint were Okay)
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-14 16:49:51 UTC
Ready for a committer to take it :)
Comment 3 Thomas Zander freebsd_committer 2016-09-15 12:58:28 UTC
mysql57-client does not build on 9.3:

...
CMake Error at cmake/ssl.cmake:253 (MESSAGE):
  Cannot find appropriate system libraries for SSL.  Make sure you've
  specified a supported SSL version.  Consult the documentation for WITH_SSL
  alternatives
Call Stack (most recent call first):
  CMakeLists.txt:481 (MYSQL_CHECK_SSL)
...
-- Configuring incomplete, errors occurred!
See also "/wrkdirs/usr/ports/databases/mysql57-client/work/.build/CMakeFiles/CMakeOutput.log".
See also "/wrkdirs/usr/ports/databases/mysql57-client/work/.build/CMakeFiles/CMakeError.log".
*** [do-configure] Error code 1

Stop in /usr/ports/databases/mysql57-client.


mysql57-server does not build because of:
...
===>  Applying FreeBSD patches for mysql57-server-5.7.15
No file to patch.  Skipping...
1 out of 1 hunks ignored--saving rejects to rapid/plugin/x/mysqlx_error.cmake.rej
=> Patch patch-rapid_plugin_x_mysqlx__error.cmake failed to apply cleanly.
=> Patch(es) patch-CMakeLists.txt patch-client_CMakeLists.txt patch-cmake_plugin.cmake patch-cmake_ssl.cmake patch-cmd-line-utils_libedit_chartype.h patch-cmd-line-utils_libedit_vi.c patch-include_CMakeLists.txt patch-include_my__compare.h patch-include_my__thread__os__id.h patch-include_myisam.h patch-libmysql_CMakeLists.txt patch-libservices_CMakeLists.txt patch-man_CMakeLists.txt patch-mysys__ssl_my__default.cc patch-plugin_password__validation_validate__password.cc patch-rapid_plugin_x_CMakeLists.txt applied cleanly.
*** Error code 1

Stop.
make: stopped in /usr/ports/databases/mysql57-server

If you could build this successfully in poudriere, maybe the patch is incomplete?
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-15 18:08:32 UTC
(In reply to Thomas Zander from comment #3)
Yes, you're right!
I deleted patch-rapid_plugin_x_mysqlx__error.cmake as it was no longer needed, but i forgot to do `svn remove` before making patch :D

About build error on 9.X, it seems the Makefile has commits on head which i was not informed about.
BTW, i added a workaround to my patch that seems fixes build on 9.X
Comment 5 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-15 18:10:59 UTC
Created attachment 174807 [details]
Patch updates mysql ports to 5.7.15 and fixes build on 9.X

Here is the new patch.
I did QA (poudriere) on 9.X and 10.X again.
It seems Okay and was finished fine.
Comment 6 Thomas Zander freebsd_committer 2016-09-16 11:01:02 UTC
====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: include/mysql/mysqlx_error.h
Error: Orphaned: include/mysql/mysqlx_version.h
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1

Stop.
make: stopped in /usr/ports/databases/mysql57-server
====>> Error: check-plist failures detected
Comment 7 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 11:22:09 UTC
(In reply to Thomas Zander from comment #6)
Can you please also write the FreeBSD version you've built on, and option you used please?
Comment 8 Thomas Zander freebsd_committer 2016-09-16 11:27:56 UTC
(In reply to Mahdi Mokhtari from comment #7)

This was in a 10-stable poudriere jail. You should be able to verify using "poudriere testport".
Comment 9 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 11:43:30 UTC
(In reply to Thomas Zander from comment #8)
I've built it on freebsd-10.3 as well as freebsd-9.3, using poudriere testport, with all options enabled.
It was done okay, without even a warning.
Comment 10 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 11:44:28 UTC
(In reply to Mahdi Mokhtari from comment #9)
I just started new build on 10.3 jail with poudriere, different make-config options this time.
Comment 11 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 13:11:49 UTC
OMG!
I just find out, i forgot to do `svn add databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake` before doing `svn diff` again :)
That's why the mysql_error.h is being produced in your build.
I'm sorry for my error!
I'm gonna update the patch.
Comment 12 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 15:16:15 UTC
Created attachment 174839 [details]
Complete Patch updates mysql ports to 5.7.15 and fixes build on 9.X

Here is the complete version of the patch i made on my local tree.
I hope i didn't forget any other points :)

As i said before (and tested again), I tested in on Poudriere with jails 9.X and 10.X and it is fine.
Comment 13 commit-hook freebsd_committer 2016-09-16 15:55:55 UTC
A commit references this bug:

Author: riggs
Date: Fri Sep 16 15:55:17 UTC 2016
New revision: 422257
URL: https://svnweb.freebsd.org/changeset/ports/422257

Log:
  Update to upstream version 5.7.15; fixes zero-day remote vuln CVE-2016-6662

  PR:		212690
  Submitted by:	mokhi64@gmail.com (maintainer)
  MFH:		2016Q3
  Security:	CVE 2016-6662

Changes:
  head/databases/mysql57-client/Makefile
  head/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake
  head/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc
  head/databases/mysql57-server/Makefile
  head/databases/mysql57-server/distinfo
  head/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc
  head/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake
  head/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake
  head/databases/mysql57-server/files/patch-sql_CMakeLists.txt
Comment 14 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-09-16 16:14:35 UTC
(In reply to commit-hook from comment #13)
Thanks Thomas :)
Comment 15 commit-hook freebsd_committer 2016-09-19 12:29:08 UTC
A commit references this bug:

Author: riggs
Date: Mon Sep 19 12:28:55 UTC 2016
New revision: 422430
URL: https://svnweb.freebsd.org/changeset/ports/422430

Log:
  MFH: r422257

  Update to upstream version 5.7.15; fixes zero-day remote vuln CVE-2016-6662

  PR:		212690
  Submitted by:	mokhi64@gmail.com (maintainer)
  Security:	CVE 2016-6662

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/databases/mysql57-client/Makefile
  branches/2016Q3/databases/mysql57-client/files/patch-cmake_build__configurations_compiler__options.cmake
  branches/2016Q3/databases/mysql57-client/files/patch-mysys__ssl_my__default.cc
  branches/2016Q3/databases/mysql57-server/Makefile
  branches/2016Q3/databases/mysql57-server/distinfo
  branches/2016Q3/databases/mysql57-server/files/mysql-server.in
  branches/2016Q3/databases/mysql57-server/files/patch-mysys__ssl_my__default.cc
  branches/2016Q3/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__configure.cmake
  branches/2016Q3/databases/mysql57-server/files/patch-rapid_plugin_x_mysqlx__error.cmake
  branches/2016Q3/databases/mysql57-server/files/patch-sql_CMakeLists.txt
  branches/2016Q3/databases/mysql57-server/pkg-message
  branches/2016Q3/databases/mysql57-server/pkg-plist