From owner-svn-ports-head@freebsd.org Mon Jul 20 14:25:05 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 086FD9A5B72 for ; Mon, 20 Jul 2015 14:25:05 +0000 (UTC) (envelope-from feld@feld.me) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA3071E8F for ; Mon, 20 Jul 2015 14:25:04 +0000 (UTC) (envelope-from feld@feld.me) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E6D4920998 for ; Mon, 20 Jul 2015 10:25:02 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Mon, 20 Jul 2015 10:25:02 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=feld.me; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=fxnW3rwEF8xACByQmOlXHHvYIeI=; b=vrz76j krAxMjUFNVCUyDWc8CCq6wyLMtV8FvroS9wWf6bEu4w9Ch4U7Aq+VELMii2CanYu gLObnHyTXTPrbsHV6dUA+7Cq2RYBEZ8nBuAq9X3vTAKBbp44bT7p73JZCYvoaucf RF9qxptsP0uztLy8fHRwW1XPpzm3ngHphfdww= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=fxnW3rwEF8xACBy QmOlXHHvYIeI=; b=OEWtfIjACqCYztbpwk+g4pgTDu+2GXlNhDwiFYWYCUtz050 JoCyG/WCXH0B4wWSrdgK4icpJxa6YmSunR6uEn9CkMP467gTHHwVp1uP8NQEqyje Cll+X75c7CeO8++YHvxVtmmJ1BN9YLM+6OcuysHnyl59BbqMKB/kGRNuRYlc= Received: by web3.nyi.internal (Postfix, from userid 99) id B8EFB10CCD8; Mon, 20 Jul 2015 10:25:02 -0400 (EDT) Message-Id: <1437402302.2488388.328231881.4A5FC74D@webmail.messagingengine.com> X-Sasl-Enc: Hpqr0xEd8rRzjjAeEAxt6oQGzA6mvMQ68m7xBBic8FdX 1437402302 From: Mark Felder To: Erwin Lansing Cc: Alex Dupre , ports-secteam@FreeBSD.org, svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-63a5d8c6 In-Reply-To: <1437141130.3630805.326264393.3E18DDC3@webmail.messagingengine.com> References: <201507151349.t6FDn5Sf079974@svnmir.geo.freebsd.org> <20150717081711.GS63119@droso.dk> <55A8D138.2050901@FreeBSD.org> <20150717101036.GX63119@droso.dk> <77EB147A-D6C1-4D3B-9CF6-6E4793F0EA0F@feld.me> <20150717124545.GY63119@droso.dk> <1437141130.3630805.326264393.3E18DDC3@webmail.messagingengine.com> Subject: Re: svn commit: r392140 - head/databases/mysql56-server Date: Mon, 20 Jul 2015 09:25:02 -0500 X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2015 14:25:05 -0000 On Fri, Jul 17, 2015, at 08:52, Mark Felder wrote: > > > On Fri, Jul 17, 2015, at 07:45, Erwin Lansing wrote: > > On Fri, Jul 17, 2015 at 05:30:47AM -0500, Mark Felder wrote: > > > > > > > On Jul 17, 2015, at 05:10, Erwin Lansing wrote: > > > > > > > > On Fri, Jul 17, 2015 at 11:56:08AM +0200, Alex Dupre wrote: > > > >> Erwin Lansing wrote: > > > >>>> URL: https://svnweb.freebsd.org/changeset/ports/392140 > > > >>>> > > > >>>> Log: > > > >>>> Update to 5.6.25 release. > > > >>> > > > >>> Does this by any change fix this vulnerability? > > > >> > > > >> No, probably they are not going to fix this "vulnerability" because, > > > >> even if it wasn't a great security choice and in fact it changed in > > > >> mysql 5.7, it was the intended and documented behavior: > > > >> > > > >> > > > >>> For MySQL client programs, this option permits but does not require the client to connect to the server using SSL. Therefore, this option is not sufficient in itself to cause an SSL connection to be used. For example, if you specify this option for a client program but the server has not been configured to enable SSL connections, the client falls back to an unencrypted connection. > > > >> > > > > > > > > Currently, the VuXML entry prohibits the installation of the mysql, mariadb, > > > > and percona servers in any version. Adding ports-secteam for advice on > > > > how to handle this situation. > > > > > > > > > > You're right, this entry is stopping all MySQL installations... However, mariadb55 and mariadb10 could both be bumped to versions that are not affected. > > > > > > If we want to remove this blocker perhaps a pkg-install message would be sufficient? > > > > > > > That sounds like a good compromise, so users at least are aware of the > > issue and can take their precautions, without preventing them from > > installing. > > > > In order to get the pkg-install message distributed we will have to bump > PORTREVISION. Any objections? > This was completed. Let me know if I've created any fires, but I couldn't see any.