08:15 joneum 

databases/mysq56-{client, server}: Update to latest release 5.7.30

Bugs Fixed:
- InnoDB: The row_upd_clust_rec_by_insert function, which marks a clustered
index record as deleted and inserts an updated version of the record into the
clustered index, passed an incorrect n_ext value (the total number of external
fields) to lower level functions, causing an assertion failure.
- InnoDB: An operation performed with the innodb_buffer_pool_evict debug
variable set to uncompressed caused an assertion failure.
- InnoDB: An add column operation caused an assertion failure. The failure was
due to a dangling pointer.
- nnoDB: Updating certain InnoDB system variables that take string values raised
invalid read errors during Valgrind testing.
- InnoDB: An insert statement on a table with a spatial index raised a record
type mismatch assertion due to a tuple corruption.
- InnoDB: A function that calculates undo log record size could calculate an
incorrect length value in the case of a corrupted undo log record, resulting in
a malloc failure. Assertion code was added to detect incorrect calculations.
- Replication: While an SQL statement was in the process of being rewritten for
the binary log so that sensitive information did not appear in plain text, if a
SHOW PROCESSLIST statement was used to inspect the query, the query could become
corrupted when it was written to the binary log, causing replication to stop.
The process of rewriting the query is now kept private, and the query thread is
updated only when rewriting is complete.
- Replication: When a GRANT or REVOKE statement is only partially executed, an
incident event is logged in the binary log, which makes the replication slave's
applier thread stop so that the slave can be reconciled manually with the
master. Previously, if a failed GRANT or REVOKE statement was the first
statement executed in the session, no GTID was applied to the incident event
(because the cache manager did not yet exist for the session), causing an error
on the replication slave. Also, no incident event was logged in the situation
where a GRANT statement created a user but then failed because the privileges
had been specified incorrectly, again causing an error on the replication slave.
Both these issues have now been fixed.
- Replication: When a replication slave has a generated column that the master
does not have in that table, with a secondary index on the generated column, the
generated expression should be evaluated and the value stored by the storage
engine in the secondary index. When row-based binary logging is in use, the
replication slave assigns default values to any fields that are not in the
master's definition of the table. In the case of a generated column, which does
not have a default value, the slave was previously assigning a null or a zero
value to the column. This value was then stored by the storage engine in the
secondary index, causing both the table and the index to become corrupted. To
fix this issue, generated columns in a table on a replication slave are now
re-evaluated before the values are sent to the storage engine.
- Replication: In the event of an unplanned disconnection of a replication slave
from the master, the reference to the master's dump thread might not be removed
from the list of registered slaves, in which case statements that accessed the
list of slaves would fail. The issue has now been fixed.
- Replication: With the settings binlog_format=MIXED,
tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT
query involving a transactional storage engine omitted any columns with a null
value from the row image written to the binary log. This happened because when
processing INSERT ... SELECT statements, the columns were marked for inserts
before the binary logging format was selected. The issue has now been fixed.

Full Changelog: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html

MFH:		2020Q2
Security:	21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security:	622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Sponsored by:	Netzkommune GmbH

 

14:40 riggs 

Update to 5.7.12, fixing 31 partially critical vulnerabilities

List of vulnerabilities is documented on:
http://vuxml.freebsd.org/freebsd/8c2b2f11-0ebe-11e6-b55e-b499baebfeaf.html
CVE IDs see below.

PR:		206998
Submitted by:	mokhi64@gmail.com (maintainer)
Reviewed by:	rootservice@gmail.com
Approved by:	mokhi64@gmail.com (maintainer)
MFH:		2016Q2
Security:	CVE-2016-0705
		CVE-2016-0639
		CVE-2015-3194
		CVE-2016-0640
		CVE-2016-0641
		CVE-2016-3461
		CVE-2016-2047
		CVE-2016-0642
		CVE-2016-0643
		CVE-2016-0644
		CVE-2016-0646
		CVE-2016-0647
		CVE-2016-0648
		CVE-2016-0649
		CVE-2016-0650
		CVE-2016-0652
		CVE-2016-0653
		CVE-2016-0654
		CVE-2016-0655
		CVE-2016-0656
		CVE-2016-0657
		CVE-2016-0658
		CVE-2016-0651
		CVE-2016-0659
		CVE-2016-0661
		CVE-2016-0662
		CVE-2016-0663
		CVE-2016-0665
		CVE-2016-0666
		CVE-2016-0667
		CVE-2016-0668

 

20:02 pi 

databases/mysql57-client, databases/mysql57-server:
	re-add for proper repo-copy

PR:		204607

 

12:08 marino 

databases/mysql57-*: Support DragonFly

PR:	204607