Bug 234983 - databases/mysql57-server: Update to 5.7.25 fixes multiple CVE
Summary: databases/mysql57-server: Update to 5.7.25 fixes multiple CVE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mahdi Mokhtari
URL: https://www.oracle.com/technetwork/se...
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-01-15 23:55 UTC by Markus Kohlmeyer
Modified: 2019-01-21 21:01 UTC (History)
0 users

See Also:
mmokhi: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Kohlmeyer 2019-01-15 23:55:29 UTC
The (upcumming) update to MySQL 5.7.25 fixes several security issues:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-20 19:21:45 UTC
Hi,
Just to confirm.
This is not released yet, right? (Or I coulddn't find distfiles in any MASTER_SITES?)
Comment 2 Markus Kohlmeyer 2019-01-21 10:06:55 UTC
Yes, it's not yet released:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/
Comment 3 Markus Kohlmeyer 2019-01-21 10:30:58 UTC
Not officially released, but present on official CDN:
https://cdn.mysql.com/Downloads/MySQL-5.7/mysql-boost-5.7.25.tar.gz
Comment 4 Mahdi Mokhtari freebsd_committer freebsd_triage 2019-01-21 20:14:42 UTC
Hi,

Thanks for confirmation.
Last night I got notifications about it.
I'm working on upgrades :)
Comment 5 commit-hook freebsd_committer 2019-01-21 20:41:22 UTC
A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:40:49 UTC 2019
New revision: 490897
URL: https://svnweb.freebsd.org/changeset/ports/490897

Log:
  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/databases/mysql57-client/Makefile
  head/databases/mysql57-server/Makefile
  head/databases/mysql57-server/distinfo
Comment 6 commit-hook freebsd_committer 2019-01-21 20:52:32 UTC
A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:52:19 UTC 2019
New revision: 490899
URL: https://svnweb.freebsd.org/changeset/ports/490899

Log:
  MFH: r490897

  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

  Approved by:	ports-secteam (feld, CVE-patch blanket)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/databases/mysql57-client/Makefile
  branches/2019Q1/databases/mysql57-server/Makefile
  branches/2019Q1/databases/mysql57-server/distinfo