No subject
Dan Langille
dan at langille.org
Sun May 2 17:45:33 UTC 2021
On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
> The ports collection still has MySQL server versions 5.7.33 and
> 8.0.23.
>
> The VuXML database has had an entry for mysql since April 20 that
> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24. It
> sounds rather severe:
>
> This Critical Patch Update contains 49 new security patches for
> Oracle MySQL. 10 of these vulnerabilities may be remotely
> exploitable without authentication, i.e., may be exploited over a
> network without requiring user credentials. The highest CVSS v3.1
> Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
>
> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
>
> Any idea when the port will be updated?
>
> It might be good to update this promptly just in case someone wants to
> run some sort of serious mysql application in production.
MySQL is not an easy port to maintain. I have tried.
Some months ago, under similar circumstances, I tried to patch the port to help the
maintainer. I failed. It was not as simple as bumping the PORTVERSION,
running `make makesum`, followed by a `poudriere testport`.
That's when I decided to leave it to the port maintainer who knows what
they are doing and is familiar with the port. I am sure they would appreciate
help though. If someone CAN provide patches, that is always helpful
Thank you.
--
Dan Langille
dan at langille.org
More information about the freebsd-database
mailing list