From owner-freebsd-database@freebsd.org  Sun May  2 02:03:43 2021
Return-Path: <owner-freebsd-database@freebsd.org>
Delivered-To: freebsd-database@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1F9B55E0AE8;
 Sun,  2 May 2021 02:03:43 +0000 (UTC)
 (envelope-from curtis@orleans.occnc.com)
Received: from mta5-tap0.andover.occnc.com (mta5-tap0.andover.occnc.com
 [IPv6:2600:2c00:b000:2500::151])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mta5.andover.occnc.com",
 Issuer "OCCNC secondary CA (ca1a2a)" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FXqCK5Xltz3QJw;
 Sun,  2 May 2021 02:03:41 +0000 (UTC)
 (envelope-from curtis@orleans.occnc.com)
Received: from harbor2.v6cc2.occnc.com (harbor2-cc2.v6cc2.occnc.com
 [IPv6:2603:3005:5602:8af2::231])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 (Authenticated sender: curtis@occnc.com)
 by mta5-tap0.andover.occnc.com (Postfix) with ESMTPSA id C2A7E270F3;
 Sat,  1 May 2021 22:03:33 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orleans.occnc.com;
 s=curtis-orleans-20210422-132019; t=1619921013;
 bh=W5Zy486dAeG15ntgD3/mwPUYHbopSPsFTwqP55pQBT8=;
 h=To:cc:Reply-To:Subject:From:Date;
 b=NzFLaJNGtE9e3nwsF/XjXNvcvV8NzWGLHoz+oVO6gOwL87mn/KRam4bzpr4uDrtqg
 67XGq0J3omaOMl9gUGt7Qk4f+JudCx3nTPBdMWRVmJxskTeUd2CibZAsiE+9wNhVgy
 0SzJxfN9cU+b9CYKDpZM3gkhRuMP3eyKAi99f8+C2E2w6/pSCbHywUuGhtBbTSb3ml
 w2K6hY0ukMt711pFheTFAcBTAWqU6Wz+ZJTu8dPNHMeI2cnGbZjotAIgKayUEKKTnp
 f53Q8fIANRq5RCSHKXVWByOlnU/O/dmf/odhff+aAHea+FDu/TmINaHH97JTQ/Jl3X
 JBVKOJ2rSRVHA==
To: joneum@FreeBSD.org, freebsd-database@freebsd.org, freebsd-ports@freebsd.org
cc: Curtis Villamizar <curtis@orleans.occnc.com>
Reply-To: Curtis Villamizar <curtis@orleans.occnc.com>
Subject: 
From: Curtis Villamizar <curtis@orleans.occnc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <53354.1619920975.1@harbor2-cc2.v6cc2.occnc.com>
Date: Sat, 01 May 2021 22:02:55 -0400
X-Rspamd-Queue-Id: 4FXqCK5Xltz3QJw
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=orleans.occnc.com header.s=curtis-orleans-20210422-132019
 header.b=NzFLaJNG; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of curtis@orleans.occnc.com designates
 2600:2c00:b000:2500::151 as permitted sender)
 smtp.mailfrom=curtis@orleans.occnc.com
X-Spamd-Result: default: False [2.00 / 15.00];
 HAS_REPLYTO(0.00)[curtis@orleans.occnc.com];
 RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2600:2c00:b000:2500::/64];
 DKIM_TRACE(0.00)[orleans.occnc.com:+]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2600:2c00:b000:2500::151:from];
 ASN(0.00)[asn:7349, ipnet:2600:2c00:b000::/36, country:US];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[orleans.occnc.com:s=curtis-orleans-20210422-132019];
 REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; NEURAL_SPAM_SHORT(1.00)[0.999];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[occnc.com];
 SPAMHAUS_ZRD(0.00)[2600:2c00:b000:2500::151:from:127.0.2.255];
 MISSING_MID(2.50)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 EMPTY_SUBJECT(1.00)[]; RCVD_COUNT_TWO(0.00)[2];
 RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-database,freebsd-ports]
X-Mailman-Approved-At: Sun, 02 May 2021 11:27:43 +0000
X-BeenThere: freebsd-database@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Database use and development under FreeBSD
 <freebsd-database.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-database/>
List-Post: <mailto:freebsd-database@freebsd.org>
List-Help: <mailto:freebsd-database-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 02:03:43 -0000

The ports collection still has MySQL server versions 5.7.33 and
8.0.23.

The VuXML database has had an entry for mysql since April 20 that
affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
sounds rather severe:

   This Critical Patch Update contains 49 new security patches for
   Oracle MySQL. 10 of these vulnerabilities may be remotely
   exploitable without authentication, i.e., may be exploited over a
   network without requiring user credentials.  The highest CVSS v3.1
   Base Score of vulnerabilities affecting Oracle MySQL is 9.8.

See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html

Any idea when the port will be updated?

It might be good to update this promptly just in case someone wants to
run some sort of serious mysql application in production.

Curtis

ps - I copied freebsd-ports since there is no recent activity on
freebsd-database other than some spam in January and the mailing list
appears to be unused.  And btw - yes I know to update using git.

From owner-freebsd-database@freebsd.org  Sun May  2 17:45:33 2021
Return-Path: <owner-freebsd-database@freebsd.org>
Delivered-To: freebsd-database@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4F48062B854
 for <freebsd-database@mailman.nyi.freebsd.org>;
 Sun,  2 May 2021 17:45:33 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
 [66.111.4.29])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FYD642VmMz4sQx
 for <freebsd-database@freebsd.org>; Sun,  2 May 2021 17:45:31 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id DCF205C0107
 for <freebsd-database@freebsd.org>; Sun,  2 May 2021 13:45:31 -0400 (EDT)
Received: from imap36 ([10.202.2.86])
 by compute4.internal (MEProxy); Sun, 02 May 2021 13:45:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h=
 mime-version:message-id:in-reply-to:references:date:from:to
 :subject:content-type; s=fm1; bh=rx8WTG3kUfzuyRM9O3dw/vNTT+KWVbR
 9WPdwNgAD1rw=; b=k49XhGWVrcQgKj31gq2xRtDkxB0+q3EWDBJr4Yz8wASXDh3
 7Hu0aCyrPBhnphrD6Rd6mpLdUtLtV45Wgu5S6AX71tVIrRyYTG22HL6n/DZIScAb
 jao28up6KWS8beSTmi7JgCrR7zlDfIHksrWw4jMnpidG/9P2+hMKxjfhdMuvR0CT
 9uVUk3JUkEhR80J9yCxv6W3M6t6fXoxjbN1QGqq0oRPvucycEnkQI/p8xhtrQ1KK
 IKbV97x5bc+cnwD/ZxP2Jvv45YGO8zYdcXyOPRd+C6dk6qmXgYJy+oblCYdjmZFy
 nBdZpzIcHY+mKiclMShjlkscYcbCmN3QXfoHSUw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=rx8WTG
 3kUfzuyRM9O3dw/vNTT+KWVbR9WPdwNgAD1rw=; b=vQuyzdRenklcB+esZnQ2Mk
 pQ+BHzg8Tsx34HBuW4+lQgdzA3Ox6nzTnVUiXtwZlFT5JmisbPAaR0T+Un9GtagW
 z1PEbr0tkJ0C9P4HcESdti4Qgc2Ar3kfQ74inRLQOgF0yr1h48GeOy6FK5p42jB3
 BOlly1LYTkJQUO0xGqWQYR6KPeos/euvKE549Ou7wH78bJXAcUcl7qp0Yb9pHta6
 4O9Gtj9hnllBRusfRdDYrfKiFoVAI6I2Q3vgqI369EFxk7v6vHdi2i77RGilUqBo
 Z8IqD/K+0COUc200wQTplbTRGFV11nKed6v/zEMJpO3aFgs1kJQqs0PL/nI5lrbQ
 ==
X-ME-Sender: <xms:O-WOYBjocqxs0xe_Wj31oGpVhP_VQhTvsmyGJnwK6hQzNIEZuf7Sgw>
 <xme:O-WOYGB-iLduCV5iXhLwYhEj-u7ywKOmryAWOxQRlYNsoOi52hlp5ulRu8M3H0R4-
 nQa_qEk1BGq8oO5Kg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdefvddgvdefucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd
 ertderredtnecuhfhrohhmpedfffgrnhcunfgrnhhgihhllhgvfdcuoegurghnsehlrghn
 ghhilhhlvgdrohhrgheqnecuggftrfgrthhtvghrnhepieefhefgvdekheffheduhefhhf
 fhfeeiueekteelffevgeeuudeuieeiudeuvdelnecuffhomhgrihhnpehfrhgvvggsshgu
 rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh
 epuggrnheslhgrnhhgihhllhgvrdhorhhg
X-ME-Proxy: <xmx:O-WOYBFniH5PTRPxUDuQRalD656fIxWEsL5Gq3zLZFiynX985ePXOg>
 <xmx:O-WOYGSUPHMlJLceCn2TXXvWfSUlMaLtL7hNQz3MFLj3LdWYMNJovQ>
 <xmx:O-WOYOzKkD6rJaScNkSV98V_izFu8E1Rfd1Ui8N34Gc9Eo8u814CsA>
 <xmx:O-WOYJ_JmaO_bCI6u3o7ZNsdRSEV_EMB17qPMelY9E2yatksibbBtw>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id 2E24410E048A; Sun,  2 May 2021 13:45:30 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-403-gbc3c488b23-fm-20210419.005-gbc3c488b
Mime-Version: 1.0
Message-Id: <956930fc-5209-4ec2-95fa-19fd44a26672@www.fastmail.com>
In-Reply-To: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
References: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
Date: Sun, 02 May 2021 13:44:44 -0400
From: "Dan Langille" <dan@langille.org>
To: freebsd-database@freebsd.org
Subject: Re: 
Content-Type: text/plain
X-Rspamd-Queue-Id: 4FYD642VmMz4sQx
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=langille.org header.s=fm1 header.b=k49XhGWV;
 dkim=pass header.d=messagingengine.com header.s=fm2 header.b=vQuyzdRe;
 dmarc=pass (policy=none) header.from=langille.org;
 spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.29
 as permitted sender) smtp.mailfrom=dan@langille.org
X-Spamd-Result: default: False [-2.59 / 15.00]; XM_UA_NO_VERSION(0.01)[];
 MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29];
 TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4];
 DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+];
 DMARC_POLICY_ALLOW(-0.50)[langille.org,none];
 NEURAL_HAM_SHORT(-1.00)[-1.000];
 RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.29:from];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US];
 RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[];
 SUBJECT_ENDS_SPACES(0.50)[];
 R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm2];
 FREEFALL_USER(0.00)[dan]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-database@freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1];
 RWL_MAILSPIKE_VERYGOOD(0.00)[66.111.4.29:from];
 MAILMAN_DEST(0.00)[freebsd-database]; MID_RHS_WWW(0.50)[]
X-BeenThere: freebsd-database@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Database use and development under FreeBSD
 <freebsd-database.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-database/>
List-Post: <mailto:freebsd-database@freebsd.org>
List-Help: <mailto:freebsd-database-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 17:45:33 -0000

On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
> The ports collection still has MySQL server versions 5.7.33 and
> 8.0.23.
> 
> The VuXML database has had an entry for mysql since April 20 that
> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
> sounds rather severe:
> 
>    This Critical Patch Update contains 49 new security patches for
>    Oracle MySQL. 10 of these vulnerabilities may be remotely
>    exploitable without authentication, i.e., may be exploited over a
>    network without requiring user credentials.  The highest CVSS v3.1
>    Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
> 
> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
> 
> Any idea when the port will be updated?
> 
> It might be good to update this promptly just in case someone wants to
> run some sort of serious mysql application in production.

MySQL is not an easy port to maintain. I have tried.

Some months ago, under similar circumstances, I tried to patch the port to help the 
maintainer.  I failed. It was not as simple as bumping the PORTVERSION,
running `make makesum`, followed by a `poudriere testport`.

That's when I decided to leave it to the port maintainer who knows what
they are doing and is familiar with the port.  I am sure they would appreciate
help though. If someone CAN provide patches, that is always helpful

Thank you.

-- 
  Dan Langille
  dan@langille.org