234983 – databases/mysql57-server: Update to 5.7.25 fixes multiple CVE

Bug 234983 - databases/mysql57-server: Update to 5.7.25 fixes multiple CVE

Summary: databases/mysql57-server: Update to 5.7.25 fixes multiple CVE

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Mahdi Mokhtari

URL:	https://www.oracle.com/technetwork/se...
Keywords:	security

Depends on:
Blocks:

Reported:	2019-01-15 23:55 UTC by Markus Kohlmeyer
Modified:	2019-01-21 21:01 UTC (History)
CC List:	0 users

See Also:

Flags:	mmokhi: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus Kohlmeyer 2019-01-15 23:55:29 UTC

The (upcumming) update to MySQL 5.7.25 fixes several security issues:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL

Comment 1 Mahdi Mokhtari freebsd_committer

2019-01-20 19:21:45 UTC

Hi,
Just to confirm.
This is not released yet, right? (Or I coulddn't find distfiles in any MASTER_SITES?)

Comment 2 Markus Kohlmeyer 2019-01-21 10:06:55 UTC

Yes, it's not yet released:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/

Comment 3 Markus Kohlmeyer 2019-01-21 10:30:58 UTC

Not officially released, but present on official CDN:
https://cdn.mysql.com/Downloads/MySQL-5.7/mysql-boost-5.7.25.tar.gz

Comment 4 Mahdi Mokhtari freebsd_committer

2019-01-21 20:14:42 UTC

Hi,

Thanks for confirmation.
Last night I got notifications about it.
I'm working on upgrades :)

Comment 5 commit-hook freebsd_committer

2019-01-21 20:41:22 UTC

A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:40:49 UTC 2019
New revision: 490897
URL: https://svnweb.freebsd.org/changeset/ports/490897

Log:
  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/databases/mysql57-client/Makefile
  head/databases/mysql57-server/Makefile
  head/databases/mysql57-server/distinfo

Comment 6 commit-hook freebsd_committer

2019-01-21 20:52:32 UTC

A commit references this bug:

Author: mmokhi
Date: Mon Jan 21 20:52:19 UTC 2019
New revision: 490899
URL: https://svnweb.freebsd.org/changeset/ports/490899

Log:
  MFH: r490897

  databases/mysql57-{client, server}: Update to latest release 5.7.25
  This update (released on Jan 21st) includes:
  Deprecation:
    -Tools resolveip and resolve_stack_dump utilities are now deprecated.
      (Will be removed on MySQL8.0).
  Bugfix:
    -Fix a memory leak caused by a dangling pointer. (Bug #28693568)
    -Fix mishandling of SIGHUP by server could result in a server exit.
      (Bug #27966483, Bug #90742).
    -Correct potential incorrect out-of-memory checks performed by parser.
      (Bug #25633994).

  More info from upstream:
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html

  PR:		234983
  Reported by:	 Markus Kohlmeyer < rootservice@gmail.com >
  Sponsored by:	The FreeBSD Foundation

  Approved by:	ports-secteam (feld, CVE-patch blanket)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/databases/mysql57-client/Makefile
  branches/2019Q1/databases/mysql57-server/Makefile
  branches/2019Q1/databases/mysql57-server/distinfo