From owner-freebsd-database@freebsd.org  Sun May  2 17:45:33 2021
Return-Path: <owner-freebsd-database@freebsd.org>
Delivered-To: freebsd-database@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4F48062B854
 for <freebsd-database@mailman.nyi.freebsd.org>;
 Sun,  2 May 2021 17:45:33 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
 [66.111.4.29])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FYD642VmMz4sQx
 for <freebsd-database@freebsd.org>; Sun,  2 May 2021 17:45:31 +0000 (UTC)
 (envelope-from dan@langille.org)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id DCF205C0107
 for <freebsd-database@freebsd.org>; Sun,  2 May 2021 13:45:31 -0400 (EDT)
Received: from imap36 ([10.202.2.86])
 by compute4.internal (MEProxy); Sun, 02 May 2021 13:45:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h=
 mime-version:message-id:in-reply-to:references:date:from:to
 :subject:content-type; s=fm1; bh=rx8WTG3kUfzuyRM9O3dw/vNTT+KWVbR
 9WPdwNgAD1rw=; b=k49XhGWVrcQgKj31gq2xRtDkxB0+q3EWDBJr4Yz8wASXDh3
 7Hu0aCyrPBhnphrD6Rd6mpLdUtLtV45Wgu5S6AX71tVIrRyYTG22HL6n/DZIScAb
 jao28up6KWS8beSTmi7JgCrR7zlDfIHksrWw4jMnpidG/9P2+hMKxjfhdMuvR0CT
 9uVUk3JUkEhR80J9yCxv6W3M6t6fXoxjbN1QGqq0oRPvucycEnkQI/p8xhtrQ1KK
 IKbV97x5bc+cnwD/ZxP2Jvv45YGO8zYdcXyOPRd+C6dk6qmXgYJy+oblCYdjmZFy
 nBdZpzIcHY+mKiclMShjlkscYcbCmN3QXfoHSUw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=rx8WTG
 3kUfzuyRM9O3dw/vNTT+KWVbR9WPdwNgAD1rw=; b=vQuyzdRenklcB+esZnQ2Mk
 pQ+BHzg8Tsx34HBuW4+lQgdzA3Ox6nzTnVUiXtwZlFT5JmisbPAaR0T+Un9GtagW
 z1PEbr0tkJ0C9P4HcESdti4Qgc2Ar3kfQ74inRLQOgF0yr1h48GeOy6FK5p42jB3
 BOlly1LYTkJQUO0xGqWQYR6KPeos/euvKE549Ou7wH78bJXAcUcl7qp0Yb9pHta6
 4O9Gtj9hnllBRusfRdDYrfKiFoVAI6I2Q3vgqI369EFxk7v6vHdi2i77RGilUqBo
 Z8IqD/K+0COUc200wQTplbTRGFV11nKed6v/zEMJpO3aFgs1kJQqs0PL/nI5lrbQ
 ==
X-ME-Sender: <xms:O-WOYBjocqxs0xe_Wj31oGpVhP_VQhTvsmyGJnwK6hQzNIEZuf7Sgw>
 <xme:O-WOYGB-iLduCV5iXhLwYhEj-u7ywKOmryAWOxQRlYNsoOi52hlp5ulRu8M3H0R4-
 nQa_qEk1BGq8oO5Kg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdefvddgvdefucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd
 ertderredtnecuhfhrohhmpedfffgrnhcunfgrnhhgihhllhgvfdcuoegurghnsehlrghn
 ghhilhhlvgdrohhrgheqnecuggftrfgrthhtvghrnhepieefhefgvdekheffheduhefhhf
 fhfeeiueekteelffevgeeuudeuieeiudeuvdelnecuffhomhgrihhnpehfrhgvvggsshgu
 rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh
 epuggrnheslhgrnhhgihhllhgvrdhorhhg
X-ME-Proxy: <xmx:O-WOYBFniH5PTRPxUDuQRalD656fIxWEsL5Gq3zLZFiynX985ePXOg>
 <xmx:O-WOYGSUPHMlJLceCn2TXXvWfSUlMaLtL7hNQz3MFLj3LdWYMNJovQ>
 <xmx:O-WOYOzKkD6rJaScNkSV98V_izFu8E1Rfd1Ui8N34Gc9Eo8u814CsA>
 <xmx:O-WOYJ_JmaO_bCI6u3o7ZNsdRSEV_EMB17qPMelY9E2yatksibbBtw>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
 id 2E24410E048A; Sun,  2 May 2021 13:45:30 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-403-gbc3c488b23-fm-20210419.005-gbc3c488b
Mime-Version: 1.0
Message-Id: <956930fc-5209-4ec2-95fa-19fd44a26672@www.fastmail.com>
In-Reply-To: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
References: <cmu-lmtpd-625865-1619954868-0@sloti36d2t13>
Date: Sun, 02 May 2021 13:44:44 -0400
From: "Dan Langille" <dan@langille.org>
To: freebsd-database@freebsd.org
Subject: Re: 
Content-Type: text/plain
X-Rspamd-Queue-Id: 4FYD642VmMz4sQx
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=langille.org header.s=fm1 header.b=k49XhGWV;
 dkim=pass header.d=messagingengine.com header.s=fm2 header.b=vQuyzdRe;
 dmarc=pass (policy=none) header.from=langille.org;
 spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.29
 as permitted sender) smtp.mailfrom=dan@langille.org
X-Spamd-Result: default: False [-2.59 / 15.00]; XM_UA_NO_VERSION(0.01)[];
 MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29];
 TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4];
 DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+];
 DMARC_POLICY_ALLOW(-0.50)[langille.org,none];
 NEURAL_HAM_SHORT(-1.00)[-1.000];
 RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.29:from];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US];
 RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[];
 SUBJECT_ENDS_SPACES(0.50)[];
 R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm2];
 FREEFALL_USER(0.00)[dan]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-database@freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1];
 RWL_MAILSPIKE_VERYGOOD(0.00)[66.111.4.29:from];
 MAILMAN_DEST(0.00)[freebsd-database]; MID_RHS_WWW(0.50)[]
X-BeenThere: freebsd-database@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Database use and development under FreeBSD
 <freebsd-database.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-database/>
List-Post: <mailto:freebsd-database@freebsd.org>
List-Help: <mailto:freebsd-database-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-database>, 
 <mailto:freebsd-database-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 17:45:33 -0000

On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
> The ports collection still has MySQL server versions 5.7.33 and
> 8.0.23.
> 
> The VuXML database has had an entry for mysql since April 20 that
> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
> sounds rather severe:
> 
>    This Critical Patch Update contains 49 new security patches for
>    Oracle MySQL. 10 of these vulnerabilities may be remotely
>    exploitable without authentication, i.e., may be exploited over a
>    network without requiring user credentials.  The highest CVSS v3.1
>    Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
> 
> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
> 
> Any idea when the port will be updated?
> 
> It might be good to update this promptly just in case someone wants to
> run some sort of serious mysql application in production.

MySQL is not an easy port to maintain. I have tried.

Some months ago, under similar circumstances, I tried to patch the port to help the 
maintainer.  I failed. It was not as simple as bumping the PORTVERSION,
running `make makesum`, followed by a `poudriere testport`.

That's when I decided to leave it to the port maintainer who knows what
they are doing and is familiar with the port.  I am sure they would appreciate
help though. If someone CAN provide patches, that is always helpful

Thank you.

-- 
  Dan Langille
  dan@langille.org