From nobody Sat May 29 13:40:37 2021
X-Original-To: freebsd-database@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 43E76DBEDAF
	for <freebsd-database@mlmmj.nyi.freebsd.org>; Sat, 29 May 2021 13:41:22 +0000 (UTC)
	(envelope-from dan@langille.org)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4FsjPs3mT5z3C9p;
	Sat, 29 May 2021 13:41:21 +0000 (UTC)
	(envelope-from dan@langille.org)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
	by mailout.west.internal (Postfix) with ESMTP id BBF4DC14;
	Sat, 29 May 2021 09:41:19 -0400 (EDT)
Received: from imap36 ([10.202.2.86])
  by compute6.internal (MEProxy); Sat, 29 May 2021 09:41:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h=
	mime-version:message-id:in-reply-to:references:date:from:to:cc
	:subject:content-type; s=fm1; bh=bl2E7bmpLYnHvJC9CHRPfbF+nVINWZu
	OHU130XEL5Kk=; b=flZGk+W35ZhvaNSbPqSQJR6VMZ9Dw0uKzZjaC1Kn8BZsBgz
	3gnhW+kjahxRrFCR0LGS9gpD7NiHXx6mlhiClQ1gMdlQ+lXvfZA6muAuP28An1h2
	h6LOJxyaJrCdlg3gYXVzZbEgxeoX35+bODZ73sYREcOZFsCL4V8ulrc+cV7hosbM
	UrYkV8dG9XLbTOQf4RdPGRo5L1k4J+iQYYO4bg8kTs1yttsqABWJgNOxDnJ7V5nf
	QATz0DzwgWa1Altfe4KkrdEgTCD3iPbWusxVQhWwgUmnlWivy+UMIWXQVqqXRPO4
	izJncBuHY2XCfCVNK1NJoOYlFZSASRZXkUxrWsA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bl2E7b
	mpLYnHvJC9CHRPfbF+nVINWZuOHU130XEL5Kk=; b=l04/1XBD1TcGwtOiwQyA9a
	19323LwTWK/LOreIEzj/6qNXZP20Mr48dQQAPIES/GK1nEMzBODav8ZfWoweqe/6
	7j+4er3abtxS2Xcfuu33u9gAjQM6/AkQ1KjDXf8vizMQp3AiVZDhX6EfL5+knvS/
	3BSR+TG9xzV/uGeapPF3OXs2akJJ+jsHoHr8kIvO7DqHxaNRxd+/ZTfMvMncfTo4
	KlhNnuv4T6QH0ROhFzLgcwd/R5ifgpXmmSNnnvZJCp4JbaLIoRE24CjQ10RzTIQ2
	O/eE/DJB+DgjQJm4SZljAMm3EgnruEEWC3bDGdbOCLiF2lvy4qtwUgFke7sOcIlg
	==
X-ME-Sender: <xms:f0SyYOQJ-YOAY6ehosM__ldDfZigbUrkmAcMtN74-2-xw3VBa5chLA>
    <xme:f0SyYDwqEg6IG1EyKGX2oeHRNKXeK66RO9WVa8XKxmad_4Mxvu3yvviQPC-IU-19M
    6EAu6mgKh9WGlejDg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdekledgieekucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepofgfggfkjghffffhvffutgesrgdtreerreertdenucfhrhhomhepfdffrghn
    ucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhgihhllhgvrdhorhhgqeenucggtffrrg
    htthgvrhhnpeejveeuhedvieffjedvhfdvkeffgeegleeiveffffetkeekffekteelteev
    hfekgeenucffohhmrghinhepfhhrvggvsghsugdrohhrghdpsggrtghulhgrrdhorhhgne
    cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrnhes
    lhgrnhhgihhllhgvrdhorhhg
X-ME-Proxy: <xmx:f0SyYL07Xj41LY3OcEh67klNHE6J-bjJBrYkbwZZeQ3lp8SNdmiJkQ>
    <xmx:f0SyYKCp6nTPm_NzZnxmdStVUmEj8uFy3MEWbQ3reMRRFli-A_aLUA>
    <xmx:f0SyYHi9E_i_CKFtEupVQCBG1cd_uB4ZyvKrG04zMsi_x276up_ldA>
    <xmx:f0SyYNboUx8jE6IUMeXV9AMRrhXEIdxA69i1cUBtAHCUt2ut7rgRmQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 048D610E0089; Sat, 29 May 2021 09:41:18 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-468-gdb53729b73-fm-20210517.001-gdb53729b
List-Id: Database use and development under FreeBSD <freebsd-database.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-database
List-Help: <mailto:freebsd-database+help@freebsd.org>
List-Post: <mailto:freebsd-database@freebsd.org>
List-Subscribe: <mailto:freebsd-database+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-database+unsubscribe@freebsd.org>
Sender: owner-freebsd-database@freebsd.org
Mime-Version: 1.0
Message-Id: <a6141644-fd4a-4810-89a3-3107d89ecdf3@www.fastmail.com>
In-Reply-To: <192b6704-d8f5-f780-9916-3f310015c0f3@delphij.net>
References: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
 <956930fc-5209-4ec2-95fa-19fd44a26672@www.fastmail.com>
 <192b6704-d8f5-f780-9916-3f310015c0f3@delphij.net>
Date: Sat, 29 May 2021 09:40:37 -0400
From: "Dan Langille" <dan@langille.org>
To: d@delphij.net, "Xin Li" <freebsd-database@freebsd.org>,
 "Jochen Neumeister" <joneum@FreeBSD.org>
Cc: "Xin Li" <delphij@delphij.net>
Subject: Re: 
Content-Type: multipart/alternative;
 boundary=82cb4b7b5f76456283aa159fc2a965b9
X-Rspamd-Queue-Id: 4FsjPs3mT5z3C9p
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=langille.org header.s=fm1 header.b=flZGk+W3;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=l04/1XBD;
	dmarc=pass (policy=none) header.from=langille.org;
	spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 64.147.123.19 as permitted sender) smtp.mailfrom=dan@langille.org
X-Spamd-Result: default: False [-2.54 / 15.00];
	 XM_UA_NO_VERSION(0.01)[];
	 TO_DN_SOME(0.00)[];
	 MV_CASE(0.50)[];
	 R_SPF_ALLOW(-0.20)[+ip4:64.147.123.19];
	 RCVD_COUNT_THREE(0.00)[4];
	 DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+];
	 DMARC_POLICY_ALLOW(-0.50)[langille.org,none];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.19:from];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US];
	 RCVD_TLS_LAST(0.00)[];
	 ARC_NA(0.00)[];
	 SUBJECT_ENDS_SPACES(0.50)[];
	 R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm2];
	 FREEFALL_USER(0.00)[dan];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[4];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	 MANY_INVISIBLE_PARTS(0.05)[1];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 RWL_MAILSPIKE_VERYGOOD(0.00)[64.147.123.19:from];
	 MAILMAN_DEST(0.00)[freebsd-database];
	 MID_RHS_WWW(0.50)[]
X-ThisMailContainsUnwantedMimeParts: Y

--82cb4b7b5f76456283aa159fc2a965b9
Content-Type: text/plain

On Sun, May 16, 2021, at 5:55 AM, Xin Li via freebsd-database wrote:
> 
> 
> On 5/2/21 10:44 AM, Dan Langille wrote:
> > On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
> >> The ports collection still has MySQL server versions 5.7.33 and
> >> 8.0.23.
> >>
> >> The VuXML database has had an entry for mysql since April 20 that
> >> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
> >> sounds rather severe:
> >>
> >>    This Critical Patch Update contains 49 new security patches for
> >>    Oracle MySQL. 10 of these vulnerabilities may be remotely
> >>    exploitable without authentication, i.e., may be exploited over a
> >>    network without requiring user credentials.  The highest CVSS v3.1
> >>    Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
> >>
> >> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
> >>
> >> Any idea when the port will be updated?
> >>
> >> It might be good to update this promptly just in case someone wants to
> >> run some sort of serious mysql application in production.
> > 
> > MySQL is not an easy port to maintain. I have tried.
> > 
> > Some months ago, under similar circumstances, I tried to patch the port to help the 
> > maintainer.  I failed. It was not as simple as bumping the PORTVERSION,
> > running `make makesum`, followed by a `poudriere testport`.
> > 
> > That's when I decided to leave it to the port maintainer who knows what
> > they are doing and is familiar with the port.  I am sure they would appreciate
> > help though. If someone CAN provide patches, that is always helpful
> 
> I've took some time to update the mysql80-server port to 8.0.25.
> 
> Note that I have only build-tested it and have not tested it with real
> data, yet (will do tomorrow-ish when I have some time).  This drops LLVM
> 9 dependency for most 13.x users.  If you have a spare system,
> especially if you have a set up with replication, please do give it some
> tests and let us know if it works for you.

No replication in use, but I updated my MySQL 8.0 instance May 20 and it has been working fine since.

It is used for Bacula Regression testing: https://regress.bacula.org/index.php?project=Bacula-9.6&date=2021-05-29

Thank you.

--
  Dan Langille
  dan@langille.org