!73 Upgrade mysql to 8.0.27 for fix CVES

From: @starlet-dx Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-11-25 03:16:09 +00:00 · 2021-11-25 03:16:09 +00:00 · 162492e822
commit 162492e822
parent ed001d9f50 91139f545b
2 changed files with 19 additions and 11 deletions
--- a/0000-mysql-add-fstack-protector-strong.patch
+++ b/0000-mysql-add-fstack-protector-strong.patch
@ -1,14 +1,14 @@
-From d770dfea36dcbe8d63ad0819e796d180ab2ea638 Mon Sep 17 00:00:00 2001
+From cb5dfd6d62419ce6d84bed6600eca7d894fd683b Mon Sep 17 00:00:00 2001

 ---
- cmake/build_configurations/compiler_options.cmake | 2 ++
- 1 file changed, 2 insertions(+)
+ cmake/build_configurations/compiler_options.cmake | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/cmake/build_configurations/compiler_options.cmake b/cmake/build_configurations/compiler_options.cmake
-index a319983..aea15a3 100644
+index a30eafe1..d93575bd 100644
 --- a/cmake/build_configurations/compiler_options.cmake
 +++ b/cmake/build_configurations/compiler_options.cmake
-@@ -45,6 +45,7 @@ IF(UNIX)
+@@ -38,6 +38,7 @@ IF(UNIX)
   # Default GCC flags
   IF(MY_COMPILER_IS_GNU)
     SET(COMMON_C_FLAGS               "-fno-omit-frame-pointer")
@ -16,14 +16,15 @@ index a319983..aea15a3 100644
     # Disable inline optimizations for valgrind testing to avoid false positives
     IF(WITH_VALGRIND)
       STRING_PREPEND(COMMON_C_FLAGS  "-fno-inline ")
-@@ -55,6 +56,7 @@ IF(UNIX)
+@@ -47,7 +48,7 @@ IF(UNIX)
+       STRING_APPEND(COMMON_C_FLAGS   " -ffp-contract=off")
     ENDIF()
 
-     SET(COMMON_CXX_FLAGS             "-std=c++14 -fno-omit-frame-pointer")
-+    SET(COMMON_CXX_FLAGS               "-fstack-protector-strong")
+-    SET(COMMON_CXX_FLAGS             "-std=c++17 -fno-omit-frame-pointer")
+    SET(COMMON_CXX_FLAGS             "-std=c++17 -fno-omit-frame-pointer -fstack-protector-strong")
     # Disable inline optimizations for valgrind testing to avoid false positives
     IF(WITH_VALGRIND)
       STRING_PREPEND(COMMON_CXX_FLAGS  "-fno-inline ")
 -- 
-2.23.0
+2.27.0

--- a/mysql.spec
+++ b/mysql.spec
@ -6,8 +6,8 @@
 %global pkgnamepatch mysql
 %global boost_bundled_version 1.73.0
 Name:              mysql
-Version:           8.0.26
-Release:           2
+Version:           8.0.27
+Release:           1
 License:           GPLv2 with exceptions and LGPLv2 and BSD
 Summary:           The world's most popular open source database
 URL:               http://www.mysql.com/
@ -113,6 +113,13 @@ fi
 %exclude /usr/lib/debug

 %changelog
+* Wed Nov 24 yaoxin <yaoxin30@huawei.com> - 8.0.27-1
+- Upgrade mysql to 8.0.27,fix CVES:CVE-2021-2471 CVE-2021-2478 CVE-2021-2479
+  CVE-2021-2481  CVE-2021-35546 CVE-2021-35575 CVE-2021-35577 CVE-2021-35591
+  CVE-2021-35596 CVE-2021-35597 CVE-2021-35602 CVE-2021-35604 CVE-2021-35607
+  CVE-2021-35608 CVE-2021-35610 CVE-2021-35612 CVE-2021-35618
+  CVE-2021-35621-to-CVE-2021-35628 CVE-2021-35630-to-CVE-2021-35648
+
 * Mon Aug 23 2021 herengui <herengui@uniontech.com> - 8.0.26-2
 - The user mysql should not be deleted when mysql is uninstalled
  Set the mysql user/group to use a fixed uid/gid 27