!136 Update to 8.0.37 for fix CVEs

From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

RPM-GPG-KEY-mysql-2023

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGU2rNoBEACSi5t0nL6/Hj3d0PwsbdnbY+SqLUIZ3uWZQm6tsNhvTnahvPPZ
+BGdl99iWYTt2KmXp0KeN2s9pmLKkGAbacQP1RqzMFnoHawSMf0qTUVjAvhnI4+qz
+MDjTNSBq9fa3nHmOYxownnrRkpiQUM/yD7/JmVENgwWb6akZeGYrXch9jd4XV3t8
+OD6TGzTedTki0TDNr6YZYhC7jUm9fK9Zs299pzOXSxRRNGd+3H9gbXizrBu4L/3l
+UrNf//rM7OvV9Ho7u9YYyAQ3L3+OABK9FKHNhrpi8Q0cbhvWkD4oCKJ+YZ54XrOG
+0YTg/YUAs5/3//FATI1sWdtLjJ5pSb0onV3LIbarRTN8lC4Le/5kd3lcot9J8b3E
+MXL5p9OGW7wBfmNVRSUI74Vmwt+v9gyp0Hd0keRCUn8lo/1V0YD9i92KsE+/IqoY
+Tjnya/5kX41jB8vr1ebkHFuJ404+G6ETd0owwxq64jLIcsp/GBZHGU0RKKAo9DRL
+H7rpQ7PVlnw8TDNlOtWt5EJlBXFcPL+NgWbqkADAyA/XSNeWlqonvPlYfmasnAHA
+pMd9NhPQhC7hJTjCiAwG8UyWpV8Dj07DHFQ5xBbkTnKH2OrJtguPqSNYtTASbsWz
+09S8ujoTDXFT17NbFM2dMIiq0a4VQB3SzH13H2io9Cbg/TzJrJGmwgoXgwARAQAB
+tDZNeVNRTCBSZWxlYXNlIEVuZ2luZWVyaW5nIDxteXNxbC1idWlsZEBvc3Mub3Jh
+Y2xlLmNvbT6JAlQEEwEIAD4WIQS8pDQXw7SF3RKOxtS3s7eIqNN4XAUCZTas2gIb
+AwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC3s7eIqNN4XLzoD/9P
+lpWtfHlI8eQTHwGsGIwFA+fgipyDElapHw3MO+K9VOEYRZCZSuBXHJe9kjGEVCGU
+DrfImvgTuNuqYmVUV+wyhP+w46W/cWVkqZKAW0hNp0TTvu3eDwap7gdk80VF24Y2
+Wo0bbiGkpPiPmB59oybGKaJ756JlKXIL4hTtK3/hjIPFnb64Ewe4YLZyoJu0fQOy
+A8gXuBoalHhUQTbRpXI0XI3tpZiQemNbfBfJqXo6LP3/LgChAuOfHIQ8alvnhCwx
+hNUSYGIRqx+BEbJw1X99Az8XvGcZ36VOQAZztkW7mEfH9NDPz7MXwoEvduc61xwl
+MvEsUIaSfn6SGLFzWPClA98UMSJgF6sKb+JNoNbzKaZ8V5w13msLb/pq7hab72HH
+99XJbyKNliYj3+KA3q0YLf+Hgt4Y4EhIJ8x2+g690Np7zJF4KXNFbi1BGloLGm78
+akY1rQlzpndKSpZq5KWw8FY/1PEXORezg/BPD3Etp0AVKff4YdrDlOkNB7zoHRfF
+HAvEuuqti8aMBrbRnRSG0xunMUOEhbYS/wOOTl0g3bF9NpAkfU1Fun57N96Us2T9
+gKo9AiOY5DxMe+IrBg4zaydEOovgqNi2wbU0MOBQb23Puhj7ZCIXcpILvcx9ygjk
+ONr75w+XQrFDNeux4Znzay3ibXtAPqEykPMZHsZ2sbkCDQRlNqzaARAAsdvBo8WR
+qZ5WVVk6lReD8b6Zx83eJUkV254YX9zn5t8KDRjYOySwS75mJIaZLsv0YQjJk+5r
+t10tejyCrJIFo9CMvCmjUKtVbgmhfS5+fUDRrYCEZBBSa0Dvn68EBLiHugr+SPXF
+6o1hXEUqdMCpB6oVp6X45JVQroCKIH5vsCtw2jU8S2/IjjV0V+E/zitGCiZaoZ1f
+6NG7ozyFep1CSAReZu/sssk0pCLlfCebRd9Rz3QjSrQhWYuJa+eJmiF4oahnpUGk
+txMD632I9aG+IMfjtNJNtX32MbO+Se+cCtVc3cxSa/pR+89a3cb9IBA5tFF2Qoek
+hqo/1mmLi93Xn6uDUhl5tVxTnB217dBT27tw+p0hjd9hXZRQbrIZUTyh3+8EMfmA
+jNSIeR+th86xRd9XFRr9EOqrydnALOUr9cT7TfXWGEkFvn6ljQX7f4RvjJOTbc4j
+JgVFyu8K+VU6u1NnFJgDiNGsWvnYxAf7gDDbUSXEuC2anhWvxPvpLGmsspngge4y
+l+3nv+UqZ9sm6LCebR/7UZ67tYz3p6xzAOVgYsYcxoIUuEZXjHQtsYfTZZhrjUWB
+J09jrMvlKUHLnS437SLbgoXVYZmcqwAWpVNOLZf+fFm4IE5aGBG5Dho2CZ6ujngW
+9Zkn98T1d4N0MEwwXa2V6T1ijzcqD7GApZUAEQEAAYkCPAQYAQgAJhYhBLykNBfD
+tIXdEo7G1Lezt4io03hcBQJlNqzaAhsMBQkDwmcAAAoJELezt4io03hcXqMP/01a
+PT3A3Sg7oTQoHdCxj04ELkzrezNWGM+YwbSKrR2LoXR8zf2tBFzc2/Tl98V0+68f
+/eCvkvqCuOtq4392Ps23j9W3r5XG+GDOwDsx0gl0E+Qkw07pwdJctA6efsmnRkjF
+2YVO0N9MiJA1tc8NbNXpEEHJZ7F8Ri5cpQrGUz/AY0eae2b7QefyP4rpUELpMZPj
+c8Px39Fe1DzRbT+5E19TZbrpbwlSYs1iCzS5YGFmpCRyZcLKXo3zS6N22+82cnRB
+SPPipiO6WaQawcVMlQO1SX0giB+3/DryfN9VuIYd1EWCGQa3O0MVu6o5KVHwPgl9
+R1P6xPZhurkDpAd0b1s4fFxin+MdxwmG7RslZA9CXRPpzo7/fCMW8sYOH15DP+Yf
+UckoEreBt+zezBxbIX2CGGWEV9v3UBXadRtwxYQ6sN9bqW4jm1b41vNA17b6CVH6
+sVgtU3eN+5Y9an1e5jLD6kFYx+OIeqIIId/TEqwS61csY9aav4j4KLOZFCGNU0FV
+ji7NQewSpepTcJwfJDOzmtiDP4vol1ApJGLRwZZZ9PB6wsOgDOoP6sr0YrDI/NNX
+2RyXXbglnQ1yJZVSH3/3eo6knG2qTthUKHCRDNKdy9Qqc1x4WWWtSRjh+zX8AvJK
+2q1rVLH2/3ilxe9wcAZUlaj3id3TxquAlud4lWDz
+=h5nH
+-----END PGP PUBLIC KEY BLOCK-----

mysql-boost-8.0.37.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEvKQ0F8O0hd0SjsbUt7O3iKjTeFwFAmYJokEACgkQt7O3iKjT
+eFzuPA/8DIiNVe5c8dxp+rjGMrJ2DpoATskQ4l0amQ4uI9sN/OzImnJSe6PktPAw
+Ct6emNlU733l7n71k+1LmS3eAY3b7c+6pa2+IPKKzGU0kBKYbJBc7SBzs8rNsh3Q
+EelZ6Khy9ZNLZIVke8qp80m2Vn2T25fS8VpqV8U5Oo+WrVaek1/xtUeDyxgJL0yu
+E/1xTztulVePN81z8sq1tLhHddfRt06yTzcOj/Iuq0tBao4AAMqHqYN4H69ztNBo
+RUUjrFp95FM6GWvFzA8QoPxHat4JpC0Trnb9kXayNORiLb5y+Achsw9/Q30tCnQR
+l2tteJkAJ2ZXrdCiFIB2U7SB+8IVO3JFYYLC+HNxdgf+fqPc97V+AsRSIXL2GslR
+SnZ24Tn0w75ZmQvRsLlF2s+YIdA+sgsLG8rccXiQKT49C0zqbA2ah9sm7jKuqBIy
+Hv5sqjzvho3h1O2wSCPrOXyLaXmg7smnjw0dYUZuX2VxhoOWeg6Y8OWka1a8RX9i
+Xa10WAcccFmgYzK+MqblXnzJIrSbZBNCZ6tMPjc8ouTT5w0e9z4iaqJbGx45poLP
+JHZnWh5KKxMVEZ+Suiuzhw0IWXUBjKLJwArenWBEk9oxeTHC6CiQBqfLqsSQd9sL
+6efpNmoqrQj8TG/64UWlo86K7hxZdYfTp0dbfe/9IrpEks1PWCs=
+=pODp
+-----END PGP SIGNATURE-----

mysql.spec

@@ -29,11 +29,11 @@
 %bcond_without conflicts
 %global sameevr   %{?epoch:%{epoch}:}%{version}-%{release}
 Name:                mysql
-Version:             8.0.35
-Release:             3
+Version:             8.0.37
+Release:             1
 Summary:             MySQL client programs and shared libraries
 URL:                 http://www.mysql.com
-License:             GPLv2 with exceptions and LGPLv2 and BSD-2-Clause
+License:             GPL-2.0-or-later AND LGPL-2.1-only AND BSL-1.0 AND GPL-1.0-or-later OR Artistic-1.0-Perl AND BSD-2-Clause
 Source0:             https://cdn.mysql.com/Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz
 Source2:             mysql_config_multilib.sh
 Source3:             my.cnf.in
@@ -48,10 +48,8 @@ Source17:            mysql-wait-stop.sh
 Source18:            mysql@.service.in
 Source30:            %{pkgnamepatch}.rpmlintrc
 Source31:            server.cnf.in
-Source32:            %{name}-boost-%{version}.tar.gz.aa
-Source33:            %{name}-boost-%{version}.tar.gz.ab
-Source34:            %{name}-boost-%{version}.tar.gz.ac
-Source35:            %{name}-boost-%{version}.tar.gz.ad
+Source32:            https://cdn.mysql.com/Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz.asc
+Source33:            https://repo.mysql.com/RPM-GPG-KEY-mysql-2023
 Patch1:              %{pkgnamepatch}-install-test.patch
 Patch3:              %{pkgnamepatch}-file-contents.patch
 Patch4:              %{pkgnamepatch}-scripts.patch
@@ -84,7 +82,7 @@ BuildRequires:       perl(Getopt::Long) perl(if) perl(IO::File) perl(IO::Handle)
 BuildRequires:       perl(IO::Socket::INET) perl(IPC::Open3) perl(JSON) perl(lib) perl(LWP::Simple)
 BuildRequires:       perl(Memoize) perl(Net::Ping) perl(POSIX) perl(Socket) perl(strict)
 BuildRequires:       perl(Sys::Hostname) perl(Test::More) perl(Time::HiRes) perl(Time::localtime)
-BuildRequires:       perl(warnings) systemd m4 chrpath
+BuildRequires:       perl(warnings) systemd m4 chrpath gnupg2 wget
 Requires:            bash coreutils grep %{name}-common%{?_isa} = %{sameevr}
 Provides:            bundled(boost) = %{boost_bundled_version}
 %if %{with mysql_names}
@@ -216,9 +214,10 @@ The package provides Docs for development of MySQL applications.
 
 
 %prep
-cd ../SOURCES
-cat %{SOURCE32} %{SOURCE33} %{SOURCE34} %{SOURCE35} > %{SOURCE0}
-cd ..
+# download source0 and gpg check
+wget -qO %{SOURCE0} https://user-repo.openeuler.openatom.cn/lfs-tar/mysql/mysql-boost-%{version}.tar.gz
+gpg --import %{SOURCE33}
+gpg --verify %{SOURCE32} %{SOURCE0}
 %setup -q -n mysql-%{version}
 %patch1 -p1
 %patch3 -p1
@@ -550,6 +549,17 @@ fi
 %{_mandir}/man1/mysql_config.1*
 
 %changelog
+* Tue May 07 2024 wangkai <13474090681@163.com> - 8.0.37-1
+- Update to 8.0.37 for fix CVEs(CVE-2024-20964,CVE-2024-20971,CVE-2024-20976,
+  CVE-2024-20973,CVE-2024-20978,CVE-2024-20981,CVE-2024-20962,CVE-2024-20977,
+  CVE-2024-20963,CVE-2024-20965,CVE-2024-20972,CVE-2024-20961,CVE-2024-20982,
+  CVE-2024-20970,CVE-2024-20967,CVE-2024-20984,CVE-2024-20974,CVE-2024-20966,
+  CVE-2024-20960,CVE-2024-20985,CVE-2024-20969,CVE-2024-21000,CVE-2024-21069,
+  CVE-2024-21009,CVE-2024-21087,CVE-2024-21047,CVE-2024-20998,CVE-2024-21013,
+  CVE-2024-21060,CVE-2024-21008,CVE-2024-21102,CVE-2024-21054,CVE-2024-21062,
+  CVE-2024-20994,CVE-2024-21096,CVE-2024-21061,CVE-2024-20993,CVE-2024-21055,
+  CVE-2024-21057,CVE-2023-6129)
+
 * Fri Mar 22 2024 laokz <zhangkai@iscas.ac.cn> - 8.0.35-3
 - Add riscv64 to fix-protobuf-version-22-and-up.patch