[debian-mysql] Security updates for MySQL 5.6 and 5.7 in unstable

Lars Tangvald lars.tangvald at oracle.com
Fri Jan 20 20:05:45 UTC 2017


----- anbe at debian.org wrote:

> Hi Lars,
> 
> > We've prepared security updates for MySQL in unstable (5.6.35 and
> 5.7.17) for Oracle's January Critical Patch Update, but need
> sponsorship for the upload.
> 
> I've sponsored 5.6. I didn't care about lintian that much here, since
> I 
> hope that mysql-5.6 can be removed from the archive in the near
> future, 
> so focus your work on 5.7.
> (5.7 does not build on the non-linux architectures, while 5.6 does,
> which will soon be the last blocker for removal)
> 
> For 5.7 lintian spews out a lot of things, below you find a filtered
> list.
> There are also a lot of spelling errors reported, these should be
> fixed
> upstream, I'm not listing them here.
> (Run lintian yourself to get the full list and more detailed
> descriptions
> of the individual issues.)
> 
> The major points that should be fixed are IMHO:
> 
> * add yourself to Uploaders (interpret this as "I take responsibility
> for this package as (Co-)Maintainer" not "I have upload permissions")
> * update debian/copyright (maybe some files were moved around?) and
> ensure it contains up-to-date information
> * add an override for
>   E: libmysqld-dev: depends-on-obsolete-package depends:
> libmysqlclient-dev (>= 5.7.17-1) => default-libmysqlclient-dev
> * update the overrides where line numbers changed
> * fix whatever you like
> * ignore (don't override) everything else
> 
> To work around the false positive
>   spelling-error-in-copyright Boost Boost (duplicate word) Boost
> I'd suggest to add the version to the license name as in
> 
> Files: ...
> Copyright: ...
> License: Boost-1.0
> 
> License: Boost-1.0
>  Boost Software License - Version 1.0 - August 17th, 2003
> ...
> 
> I: mysql-5.7 source: xs-testsuite-header-in-debian-control
> xs-testsuite
> P: mysql-5.7 source: source-contains-prebuilt-windows-binary
> mysql-test/std_data/bug21542698.dat
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/storage/Storage.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/storage/Storage.swf
> P: mysql-5.7 source: source-contains-prebuilt-flash-project
> storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.fla
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.fla
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.swf
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/av/resources/audio.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/av/resources/audio.swf
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/av/resources/video.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/av/resources/video.swf
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/form/resources/fileuploader.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/form/resources/fileuploader.swf
> P: mysql-5.7 source: source-contains-prebuilt-flash-object
> storage/ndb/mcc/frontend/dojo/dojox/form/resources/uploader.swf
> E: mysql-5.7 source: source-is-missing
> storage/ndb/mcc/frontend/dojo/dojox/form/resources/uploader.swf
> W: mysql-5.7 source: changelog-should-mention-nmu
> W: mysql-5.7 source: source-nmu-has-incorrect-version-number 5.7.17-1
> I: mysql-5.7 source: no-complete-debconf-translation
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/graph-compare-results.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/ndb/bin/* (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/binary-configure.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/my-huge.cnf.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/my-innodb-heavy-4G.cnf.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/my-large.cnf.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/my-medium.cnf.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/my-small.cnf.sh (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> BUILD-CMAKE (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> INSTALL-SOURCE (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> INSTALL-WIN-SOURCE (paragraph at line 156)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> mysql-test/lib/My/SafeProcess/safe_process.pl (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/config.huge.ini.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/config.medium.ini.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/config.small.ini.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/RHEL4-SElinux/* (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/MySQL-shared-compat.spec.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/mysql.spec.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/mysql.5.7.*.spec (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/ndb-config-2-node.ini.sh (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> tests/* (paragraph at line 215)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> cmd-line-utils/readline/* (paragraph at line 314)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> cmd-line-utils/libedit/readline/* (paragraph at line 322)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> scripts/mysqlaccess.sh (paragraph at line 354)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> scripts/mysql_fix_extensions.sh (paragraph at line 354)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> scripts/mysql_setpermission.sh (paragraph at line 354)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/* (paragraph at line 354)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/ndb/test/run-test/atrt-clear-result.sh (paragraph at line
> 354)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest1.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest1a.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest1b.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest2.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest2a.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> sql-bench/innotest2b.sh (paragraph at line 383)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/btr/btr0sea.c (paragraph at line 393)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/include/os0sync.h (paragraph at line 393)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/log/log0log.c (paragraph at line 393)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/row/row0sel.c (paragraph at line 393)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/btr/btr0cur.c (paragraph at line 402)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/buf/buf0buf.c (paragraph at line 402)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> support-files/mysql-multi.server.sh (paragraph at line 433)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/pars/pars0grm.c (paragraph at line 445)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/srv/srv0start.c (paragraph at line 451)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/os/os0file.c (paragraph at line 464)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> include/t_ctype.h (paragraph at line 470)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> dbug/dbug_long.h (paragraph at line 499)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/srv/srv0srv.c (paragraph at line 556)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> storage/innobase/ut/ut0rbt.c (paragraph at line 562)
> I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright
> tests/mail_to_db.pl (paragraph at line 606)
> W: mysql-5.7 source: missing-field-in-dep5-copyright copyright (empty
> field, paragraph at line 742)
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/CMakeLists.txt
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control.cc
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control_coordinator.cc
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control_coordinator.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control_data.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control_interfaces.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_control_memory.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_delay.cc
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_delay.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/connection_delay_api.h
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/security_context_wrapper.cc
> W: mysql-5.7 source: file-without-copyright-information
> plugin/connection_control/security_context_wrapper.h
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 314
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 383
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 420
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 458
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 551
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 556
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 562
> I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph
> at line 606
> I: mysql-server-5.7: hardening-no-fortify-functions
> usr/lib/mysql/plugin/auth_socket.so
> I: mysql-server-5.7: hardening-no-fortify-functions
> usr/lib/mysql/plugin/rewriter.so
> I: mysql-server-5.7: debian-news-entry-uses-asterisk
> I: mysql-server-5.7: unused-debconf-template
> mysql-server-5.7/really_downgrade
> I: mysql-server-5.7: unused-debconf-template
> mysql-server-5.7/nis_warning
> I: mysql-server-5.7: unused-debconf-template
> mysql-server-5.7/start_on_boot
> W: mysql-server-5.7: spelling-error-in-readme-debian username username
> (duplicate word) username
> E: mysql-server-5.7:
> depends-on-essential-package-without-using-version depends: bsdutils
> W: mysql-server-5.7: manpage-has-errors-from-man
> usr/share/man/man1/mysqlbinlog.1.gz 1893: warning [p 13, 5.3i, div
> `3tbd3,2', 0.8i]: can't break line
> I: mysql-server-5.7: systemd-service-file-missing-documentation-key
> lib/systemd/system/mysql.service
> I: mysql-server-5.7: unused-override manpage-has-errors-from-man
> usr/share/man/man1/mysqlbinlog.1.gz 1979: warning [p 13, 2.7i, div
> `3tbd3,2', 0.8i]: can't break line
> I: mysql-server-core-5.7: debian-news-entry-uses-asterisk
> I: mysql-server-core-5.7: conflicts-with-version mysql-client-5.5 (<<
> 5.6)
> I: mysql-source-5.7: debian-news-entry-uses-asterisk
> I: mysql-client-5.7: debian-news-entry-uses-asterisk
> W: mysql-client-5.7: spelling-error-in-readme-debian completition
> completion
> W: mysql-client-5.7: manpage-has-errors-from-man
> usr/share/man/man1/mysqladmin.1.gz 34: warning [p 1, 1.5i]: can't
> break line
> W: mysql-client-5.7: manpage-has-errors-from-man
> usr/share/man/man1/mysqldump.1.gz 1520: warning [p 9, 10.7i, div
> `3tbd3,1', 0.3i]: can't break line
> I: mysql-client-5.7: unused-override manpage-has-errors-from-man
> usr/share/man/man1/mysqladmin.1.gz 37: warning [p 1, 1.5i]: can't
> break line
> I: mysql-client-5.7: unused-override manpage-has-errors-from-man
> usr/share/man/man1/mysqldump.1.gz 1623: warning [p 9, 10.2i, div
> `3tbd3,1', 0.3i]: can't break line
> I: mysql-client-core-5.7: debian-news-entry-uses-asterisk
> I: mysql-testsuite: debian-news-entry-uses-asterisk
> I: mysql-testsuite: using-first-person-in-description line 4: we
> I: libmysqlclient20: debian-news-entry-uses-asterisk
> X: libmysqlclient20: shlib-calls-exit
> usr/lib/x86_64-linux-gnu/libmysqlclient.so.20.3.4
> I: mysql-testsuite-5.7: hardening-no-fortify-functions
> usr/lib/mysql/plugin/auth.so
> I: mysql-testsuite-5.7: hardening-no-fortify-functions
> usr/lib/mysql/plugin/qa_auth_server.so
> I: mysql-testsuite-5.7: debian-news-entry-uses-asterisk
> W: mysql-testsuite-5.7: script-not-executable
> usr/lib/mysql-test/suite/sysschema/t/fn_format_path-master.sh
> I: libmysqlclient-dev: debian-news-entry-uses-asterisk
> I: libmysqld-dev: debian-news-entry-uses-asterisk
> E: libmysqld-dev: depends-on-obsolete-package depends:
> libmysqlclient-dev (>= 5.7.17-1) => default-libmysqlclient-dev
> I: mysql-server: debian-news-entry-uses-asterisk
> I: mysql-client: debian-news-entry-uses-asterisk
> 
> Andreas
> 
> PS: please keep me Cc:ed, I'm not subscribed to the list

Thanks!

I'll see we can get the patches for the non-linux platforms working again, and go through the lintian issues:

About libmysqld-dev: I can pretty much guarantee this wouldn't work with default-libmysqlclient-dev, since that will point to mariadb's client library. Why is it marked as obsolete when it's part of src:mysql-5.7?

--
Lars



More information about the pkg-mysql-maint mailing list