No subject

Xin Li delphij at delphij.net
Sun May 16 09:55:28 UTC 2021 


On 5/2/21 10:44 AM, Dan Langille wrote:
> On Sat, May 1, 2021, at 10:02 PM, Curtis Villamizar wrote:
>> The ports collection still has MySQL server versions 5.7.33 and
>> 8.0.23.
>>
>> The VuXML database has had an entry for mysql since April 20 that
>> affects mysql57-server < 5.7.34 and mysql80-server < 8.0.24.  It
>> sounds rather severe:
>>
>>    This Critical Patch Update contains 49 new security patches for
>>    Oracle MySQL. 10 of these vulnerabilities may be remotely
>>    exploitable without authentication, i.e., may be exploited over a
>>    network without requiring user credentials.  The highest CVSS v3.1
>>    Base Score of vulnerabilities affecting Oracle MySQL is 9.8.
>>
>> See http://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
>>
>> Any idea when the port will be updated?
>>
>> It might be good to update this promptly just in case someone wants to
>> run some sort of serious mysql application in production.
> 
> MySQL is not an easy port to maintain. I have tried.
> 
> Some months ago, under similar circumstances, I tried to patch the port to help the 
> maintainer.  I failed. It was not as simple as bumping the PORTVERSION,
> running `make makesum`, followed by a `poudriere testport`.
> 
> That's when I decided to leave it to the port maintainer who knows what
> they are doing and is familiar with the port.  I am sure they would appreciate
> help though. If someone CAN provide patches, that is always helpful

I've took some time to update the mysql80-server port to 8.0.25.

Note that I have only build-tested it and have not tested it with real
data, yet (will do tomorrow-ish when I have some time).  This drops LLVM
9 dependency for most 13.x users.  If you have a spare system,
especially if you have a set up with replication, please do give it some
tests and let us know if it works for you.

Cheers,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-database-mysql80-server-update-to-8.0.25.patch
Type: text/x-patch
Size: 12320 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-database/attachments/20210516/cccb6ec3/attachment.bin>

More information about the freebsd-database mailing list