Re:

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dan Langille <dan_at_langille.org>
Date: Sat, 29 May 2021 13:40:37 UTC
On Sun, May 16, 2021, at 5:55 AM, Xin Li via freebsd-database wrote:
> 
> 
> On 5/2/21 10:44 AM, Dan Langille wrote:
> > On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
> >> The ports collection still has MySQL server versions 5.7.33 and
> >> 8.0.23.
> >>
> >> The VuXML database has had an entry for mysql since April 20 that
> >> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
> >> sounds rather severe:
> >>
> >>    This Critical Patch Update contains 49 new security patches for
> >>    Oracle MySQL. 10 of these vulnerabilities may be remotely
> >>    exploitable without authentication, i.e., may be exploited over a
> >>    network without requiring user credentials.  The highest CVSS v3.1
> >>    Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
> >>
> >> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
> >>
> >> Any idea when the port will be updated?
> >>
> >> It might be good to update this promptly just in case someone wants to
> >> run some sort of serious mysql application in production.
> > 
> > MySQL is not an easy port to maintain. I have tried.
> > 
> > Some months ago, under similar circumstances, I tried to patch the port to help the 
> > maintainer.  I failed. It was not as simple as bumping the PORTVERSION,
> > running `make makesum`, followed by a `poudriere testport`.
> > 
> > That's when I decided to leave it to the port maintainer who knows what
> > they are doing and is familiar with the port.  I am sure they would appreciate
> > help though. If someone CAN provide patches, that is always helpful
> 
> I've took some time to update the mysql80-server port to 8.0.25.
> 
> Note that I have only build-tested it and have not tested it with real
> data, yet (will do tomorrow-ish when I have some time).  This drops LLVM
> 9 dependency for most 13.x users.  If you have a spare system,
> especially if you have a set up with replication, please do give it some
> tests and let us know if it works for you.

No replication in use, but I updated my MySQL 8.0 instance May 20 and it has been working fine since.

It is used for Bacula Regression testing: https://regress.bacula.org/index.php?project=Bacula-9.6&date=2021-05-29

Thank you.

--
  Dan Langille
  dan@langille.org