Date: Sat, 29 May 2021 09:40:37 -0400 From: "Dan Langille" <dan@langille.org> To: d@delphij.net, "Xin Li" <freebsd-database@freebsd.org>, "Jochen Neumeister" <joneum@FreeBSD.org> Cc: "Xin Li" <delphij@delphij.net> Subject: Re: Message-ID: <a6141644-fd4a-4810-89a3-3107d89ecdf3@www.fastmail.com> In-Reply-To: <192b6704-d8f5-f780-9916-3f310015c0f3@delphij.net> References: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13> <956930fc-5209-4ec2-95fa-19fd44a26672@www.fastmail.com> <192b6704-d8f5-f780-9916-3f310015c0f3@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--82cb4b7b5f76456283aa159fc2a965b9 Content-Type: text/plain On Sun, May 16, 2021, at 5:55 AM, Xin Li via freebsd-database wrote: > > > On 5/2/21 10:44 AM, Dan Langille wrote: > > On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote: > >> The ports collection still has MySQL server versions 5.7.33 and > >> 8.0.23. > >> > >> The VuXML database has had an entry for mysql since April 20 that > >> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24. It > >> sounds rather severe: > >> > >> This Critical Patch Update contains 49 new security patches for > >> Oracle MySQL. 10 of these vulnerabilities may be remotely > >> exploitable without authentication, i.e., may be exploited over a > >> network without requiring user credentials. The highest CVSS v3.1 > >> Base Score of vulnerabilities affecting Oracle MySQL is 9.8. > >> > >> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html > >> > >> Any idea when the port will be updated? > >> > >> It might be good to update this promptly just in case someone wants to > >> run some sort of serious mysql application in production. > > > > MySQL is not an easy port to maintain. I have tried. > > > > Some months ago, under similar circumstances, I tried to patch the port to help the > > maintainer. I failed. It was not as simple as bumping the PORTVERSION, > > running `make makesum`, followed by a `poudriere testport`. > > > > That's when I decided to leave it to the port maintainer who knows what > > they are doing and is familiar with the port. I am sure they would appreciate > > help though. If someone CAN provide patches, that is always helpful > > I've took some time to update the mysql80-server port to 8.0.25. > > Note that I have only build-tested it and have not tested it with real > data, yet (will do tomorrow-ish when I have some time). This drops LLVM > 9 dependency for most 13.x users. If you have a spare system, > especially if you have a set up with replication, please do give it some > tests and let us know if it works for you. No replication in use, but I updated my MySQL 8.0 instance May 20 and it has been working fine since. It is used for Bacula Regression testing: https://regress.bacula.org/index.php?project=Bacula-9.6&date=2021-05-29 Thank you. -- Dan Langille dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a6141644-fd4a-4810-89a3-3107d89ecdf3>