[debian-mysql] Bug#837883: Bug#837883: mysql-server-5.7: Please upgrade to 5.7.15+ to fix recently discovered security issues

Bjoern Boschman bjoern at boschman.de
Mon Oct 3 16:17:58 UTC 2016


Hi Lars,

unfortunatelly I always get an error while building with sbuild
unfortunatelly always during cleanup?
https://www.boschman.de/~jesusch/tmp/mysql-5.7_5.7.15-1_amd64.build

Cheers
B

On Mon, Sep 19, 2016 at 8:22 AM Lars Tangvald <lars.tangvald at oracle.com>
wrote:

> I've pushed a change to README.Maintainer to debian/master, adding
> instructions for sbuild and dep8. Could you please test it and see if it
> works for you?
>
> I think debian/master should be good to go for an upload to unstable.
>
> Robie: Are we missing anything for this?
>
> --
>
> Lars
>
> On 09/17/2016 01:42 PM, Bjoern Boschman wrote:
>
> sounds good - any news on uploading mysql-5.7 to unstable?
>
> On Fri, Sep 16, 2016 at 5:13 PM Lars Tangvald <lars.tangvald at oracle.com>
> wrote:
>
> I've fixed two issues with the dep8 testing; the test dependency noted
> below and a workaround for a change in perl behavior introduced for
> https://www.debian.org/security/2016/dsa-3628
>
> I think I have a decent recipe for setting up dep8 testing, and it's
> important to run it to uncover such issues before trying to do an upload,
> so I think I can add it to the README.Maintainer file we discussed.
> I use a virtualbox vm with Ubuntu 16.04 to run it, so I don't think you
> require anything special beyond reasonably up-to-date autopkgtest and
> related packages.
>
> --
> Lars
>
> ----- lars.tangvald at oracle.com wrote:
> >
>
> Yeah. We do have one for libmysqlclient-dev, but it's not been maintained.
>
> Also, there are test failures in 5.7.15, but it's due to a test dependency
> change:
>
> main.myisam_explain_json_non_select_all and
> main.myisam_explain_json_non_select_nonemysql-test-run fail if the package
> libjson-perl is not installed.
>
> They were the only two tests that were written in python, and for 5.7.15
> they were rewritten to perl, meaning the python dep in the testsuite
> package should no longer be needed, but needs to be replaced with
> libjson-perl.
> >
>
> --
>
> Lars
> >
>
> >
> > On 09/15/2016 02:29 PM, Bjoern Boschman wrote:
> >
>
> > maybe we should start some README.Maintaner like pkg-voip guys have?
> https://anonscm.debian.org/viewvc/pkg-voip/README?view=co
>
> >
> >
> >
> > On Thu, Sep 15, 2016 at 1:49 PM Lars Tangvald <lars.tangvald at oracle.com>
> wrote:
> >
>
> I struggle to get it stable myself (the run I started failed to even start
> the mtr suite...), and I pretty much have to start from scratch every time.
> > Robie helped me get it working a while back, so hopefully I just need to
> recreate the testbeds :)
> >
> > --
> > Lars
>
> >
> On 09/15/2016 01:20 PM, Bjoern Boschman wrote:
> >
>
> > No, I did not.
> afaik I'd need KVM to run those tests?
> > basically I'm not familiar with dep8 :/
>
> >
> >
> > On Thu, Sep 15, 2016 at 1:01 PM Lars Tangvald <lars.tangvald at oracle.com>
> wrote:
> >
>
> Thanks, Bjoern. Did you run the dep8 test suite as well (I just started a
> full test run now, so no big deal either way)?
>
> --
>
> Lars
> >
>
> >
> On 09/15/2016 12:54 PM, Bjoern Boschman wrote:
> >
>
> > Hi,
>
> >
> I've updated the git repo after I did a successful build on jessie.
> Someone with upload rights just needs to create a ~experimental tag and
> upload it.
>
> >
> @pkg-mysql: what's the plan for uploading mysql-5.7 to unstable?
>
> >
> Cheers
> B
>
> >
> >
> > On Thu, Sep 15, 2016 at 9:54 AM Eric Valette <eric.valette at free.fr>
> wrote:
> >
>
> Package: mysql-server-5.7
> > Version: 5.7.13-1~exp1
> > Severity: grave
> > Tags: upstream security
> > Justification: user security hole
> >
> > CVE-2016-6662
> >
> > -- System Information:
> > Debian Release: stretch/sid
> >   APT prefers unstable
> >   APT policy: (500, 'unstable'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 4.4.20 (SMP w/8 CPU cores; PREEMPT)
> > Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: systemd (via /run/systemd/system)
> >
> > Versions of packages mysql-server-5.7 depends on:
> > ii  adduser                3.115
> > ii  bsdutils               1:2.28.2-1
> > ii  debconf [debconf-2.0]  1.5.59
> > ii  init-system-helpers    1.44
> > ii  libc6                  2.24-2
> > ii  libgcc1                1:6.2.0-3
> > ii  libmecab2              0.996-2
> > ii  libstdc++6             6.2.0-3
> > ii  lsb-base               9.20160629
> > ii  mysql-client-5.7       5.7.13-1~exp1
> > ii  mysql-common           5.8+1.0.0
> > ii  mysql-server-core-5.7  5.7.13-1~exp1
> > ii  passwd                 1:4.2-3.1
> > ii  perl                   5.22.2-5
> > ii  psmisc                 22.21-2.1+b1
> > ii  zlib1g                 1:1.2.8.dfsg-2+b1
> >
> > Versions of packages mysql-server-5.7 recommends:
> > ii  libhtml-template-perl  2.95-2
> >
> > Versions of packages mysql-server-5.7 suggests:
> > ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-3
> > ii  s-nail [mailx]     14.8.10-1
> > pn  tinyca             <none>
> >
> > -- debconf information:
> >   mysql-server-5.7/postrm_remove_databases: false
> >   mysql-server-5.7/start_on_boot: true
> >   mysql-server/no_upgrade_when_using_ndb:
> >   mysql-server-5.7/nis_warning:
> >   mysql-server-5.7/really_downgrade: false
> >   mysql-server/password_mismatch:
> >
> > _______________________________________________
> > pkg-mysql-maint mailing list
> > pkg-mysql-maint at lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
> >
>
>
> >
> >
>
> _______________________________________________
> pkg-mysql-maint mailing listpkg-mysql-maint at lists.alioth.debian.orghttp://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>
>
> >
>
>
> >
>
>
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20161003/23eb77fd/attachment-0001.html>


More information about the pkg-mysql-maint mailing list