Created attachment 252294 [details] git diff of mysql update Here is the update, tested in poudriere amd64 FreeBSD 13 and 14.
(In reply to mickael.maillot from comment #0) Thank you for patch. I can make after I updated Makefile and distfiles. but I can't make install on 15-current. % make DISABLE_VULNERABILITIES=yes <=== security/vuxml/vuln/2024.xml is incorrect.(See below) % make reinstall ===> Switching to root credentials for 'deinstall' target Password: ===> Deinstalling for mysql80-server ===> Deinstalling mysql80-server-8.0.35_1 Checking integrity... done (0 conflicting) Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): Installed packages to be REMOVED: mysql80-server: 8.0.35_1 Number of packages to be removed: 1 The operation will free 194 MiB. [1/1] Deinstalling mysql80-server-8.0.35_1... [1/1] Deleting files for mysql80-server-8.0.35_1: 100% ==> You should manually remove the "mysql" user. ==> You should manually remove the "mysql" group You may need to manually remove /usr/local/etc/mysql/my.cnf if it is no longer needed. ===> Returning to user credentials ===> Installing for mysql80-server-8.0.39 ===> Checking if mysql80-server is already installed ===> Switching to root credentials for 'install' target Password: ===> Registering installation for mysql80-server-8.0.39 pkg-static: Unable to access file /usr/ports/databases/mysql80-server/work/stage/usr/local/lib/mysql/private/libprotobuf-lite.so.3.19.4:No such file or directory pkg-static: Unable to access file /usr/ports/databases/mysql80-server/work/stage/usr/local/lib/mysql/private/libprotobuf.so.3.19.4:No such file or directory pkg-static: Unable to access file /usr/ports/databases/mysql80-server/work/stage/usr/local/lib/mysql/libprotobuf-lite.so.3.19.4:No such file or directory *** Error code 1 Stop. make[3]: stopped making "fake-pkg security-check" in /usr/ports/databases/mysql80-server *** Error code 1 Stop. make[2]: stopped making "/usr/ports/databases/mysql80-server/work/.install_done.mysql._usr_local" in /usr/ports/databases/mysql80-server *** Error code 1 Stop. make[1]: stopped making "deinstall install" in /usr/ports/databases/mysql80-server *** Error code 1 Stop. make: stopped making "reinstall" in /usr/ports/databases/mysql80-server % ======== P.S. security/vuxml in f073a58b1ff96a86b1a4385745f094e4cd87a0ca is incorrect. % git diff f073a58b1ff96a86b1a4385745f094e4cd87a0ca^..f073a58b1ff96a86b1a4385745f094e4cd87a0ca diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index ccf1845b6581..d05e597df78e 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,52 @@ + <vuln vid="3b018063-4358-11ef-b611-84a93843eb75"> + <topic>MySQL -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>mysql80-client</name> + <range><lt>8.0.38</lt></range> + </package> + <package> + <name>mysql80-server</name> + <range><lt>8.0.38</lt></range> + </package> + <package> + <name>mysql81-client</name> + <range><lt>8.1.1</lt></range> + </package> + <package> + <name>mysql80-server</name> <======= mysql81-server + <range><lt>8.1.1</lt></range> + </package> (snip)
Created attachment 252314 [details] update v2 i previously missed some files
(In reply to Masachika ISHIZUKA from comment #1) Sorry. This is my mistake. After updating pkg-plist, it works fine on 15-current.
Started to test, will try to update this today
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=25218e3b201c76abaddfa852ffb2e417976fef3a commit 25218e3b201c76abaddfa852ffb2e417976fef3a Author: Oleksii Samorukov <samm@FreeBSD.org> AuthorDate: 2024-07-31 08:05:50 +0000 Commit: Oleksii Samorukov <samm@FreeBSD.org> CommitDate: 2024-07-31 08:07:34 +0000 databases/mysql80-server: Update to 8.0.39 - fixes multiple CVEs - fixed startup error with large table set PR: 280455 databases/mysql80-server/Makefile | 7 ++--- databases/mysql80-server/distinfo | 6 ++-- .../mysql80-server/files/patch-CMakeLists.txt | 33 +++++++++------------- .../files/patch-client_CMakeLists.txt | 16 +++++------ ...out.cmake => patch-cmake_install__layout.cmake} | 14 ++++----- .../files/patch-cmake_os_FreeBSD.cmake | 4 +-- .../mysql80-server/files/patch-cmake_plugin.cmake | 4 +-- .../mysql80-server/files/patch-cmake_ssl.cmake | 6 ++-- ...e_internal_cctz_src_time__zone__format.cc (new) | 11 ++++++++ .../files/patch-include_dh__ecdh__config.h | 8 +++--- .../files/patch-include_my__compare.h | 4 +-- .../files/patch-include_my__stacktrace.h | 4 +-- .../files/patch-include_my__thread__os__id.h | 4 +-- .../mysql80-server/files/patch-include_myisam.h | 4 +-- .../files/patch-libmysql_CMakeLists.txt | 10 +++---- .../files/patch-libservices_CMakeLists.txt | 4 +-- .../mysql80-server/files/patch-man_CMakeLists.txt | 8 +++--- .../files/patch-mysys_my__default.cc | 12 ++++---- .../mysql80-server/files/patch-mysys_my__kdf.cc | 6 ++-- ...ugin_password__validation_validate__password.cc | 4 +-- .../files/patch-plugin_x_CMakeLists.txt | 6 ++-- ...t_authentication_sha256__scramble__generator.cc | 4 +-- .../files/patch-plugin_x_configure.cmake | 6 ++-- ...sql_harness_net__ts_impl_kqueue__io__service.h} | 4 +-- ...arness_include_mysql_harness_net__ts_internet.h | 4 +-- .../patch-router_src_harness_src_CMakeLists.txt | 8 +++--- ...-router_src_harness_src_tls__client__context.cc | 4 +-- .../patch-router_src_harness_src_tls__context.cc | 10 +++---- ...-router_src_harness_src_tls__server__context.cc | 6 ++-- .../files/patch-router_src_http_src_CMakeLists.txt | 8 +++--- .../files/patch-router_src_io_src_CMakeLists.txt | 4 +-- .../patch-router_src_router_src_CMakeLists.txt | 4 +-- .../files/patch-scripts_CMakeLists.txt | 8 +++--- .../files/patch-sql_auth_sha2__password__common.cc | 4 +-- .../files/patch-sql_auth_sql__authorization.cc | 4 +-- .../patch-sql_conn__handler_socket__connection.cc | 6 ++-- databases/mysql80-server/files/patch-sql_mysqld.cc | 4 +-- .../files/patch-sql_ssl__init__callback.cc | 6 ++-- .../mysql80-server/files/patch-sql_sys__vars.cc | 8 +++--- .../files/patch-storage_innobase_include_srv0mon.h | 4 +-- .../patch-storage_innobase_include_ut0crc32.h | 6 ++-- .../files/patch-storage_innobase_ut_crc32.cc | 14 ++++----- .../files/patch-storage_myisam_mi__dynrec.cc | 4 +-- ...temptable_include_temptable_lock__free__type.h} | 8 +++--- .../files/patch-support-files_CMakeLists.txt | 12 ++++---- .../files/patch-utilities_CMakeLists.txt | 10 +++---- databases/mysql80-server/pkg-plist | 6 ++-- 47 files changed, 172 insertions(+), 169 deletions(-)
Thank you, test passed, PR merged
Thank you for this update - it has greatly reduced the amount of red in my monitoring page.
But there is a mistake: + <package> + <name>mysql80-server</name> <======= mysql81-server + <range><lt>8.1.1</lt></range> + </package> and now pkg audit show worng problems: server1# pkg audit mysql80-server-8.0.40 mysql80-server-8.0.40 is vulnerable: MySQL -- Multiple vulnerabilities WWW: https://vuxml.FreeBSD.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html 1 problem(s) in 1 installed package(s) found.
(In reply to Kirill from comment #8) Wrong entry in vuxml file: + <package> + <name>mysql80-server</name> + <range><lt>8.1.1</lt></range> + </package> add brnrd@FreeBSD.org to cc