!85 Upgrade mysql to 8.0.28 to fix cves

From: @song-jintang Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-05-19 07:22:51 +00:00 · 2022-05-19 07:22:51 +00:00 · ccf1f04300
commit ccf1f04300
parent 1116e29d10 bd15df36f9
3 changed files with 19 additions and 3 deletions
--- a/mysql-boost-8.0.28.tar.gz
+++ b/mysql-boost-8.0.28.tar.gz
--- a/mysql-boost-8.0.29.tar.gz
+++ b/mysql-boost-8.0.29.tar.gz
--- a/mysql.spec
+++ b/mysql.spec
@ -16,7 +16,7 @@
 %bcond_without test
 %bcond_with config
 %bcond_with debug
-%global boost_bundled_version 1.73.0
+%global boost_bundled_version 1.77.0
 %global daemon_name mysqld
 %global daemon_no_prefix mysqld
 %global pidfiledir %{_rundir}/%{daemon_name}
@ -29,12 +29,12 @@
 %bcond_without conflicts
 %global sameevr   %{?epoch:%{epoch}:}%{version}-%{release}
 Name:                mysql
-Version:             8.0.28
+Version:             8.0.29
 Release:             1
 Summary:             MySQL client programs and shared libraries
 URL:                 http://www.mysql.com
 License:             GPLv2 with exceptions and LGPLv2 and BSD
-Source0:             https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz
+Source0:             https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-boost-%{version}.tar.gz
 Source2:             mysql_config_multilib.sh
 Source3:             my.cnf.in
 Source6:             README.mysql-docs
@ -48,6 +48,10 @@ Source17:            mysql-wait-stop.sh
 Source18:            mysql@.service.in
 Source30:            %{pkgnamepatch}.rpmlintrc
 Source31:            server.cnf.in
+Source32:           %{name}-boost-%{version}.tar.gz.aa
+Source33:           %{name}-boost-%{version}.tar.gz.ab
+Source34:           %{name}-boost-%{version}.tar.gz.ac
+Source35:           %{name}-boost-%{version}.tar.gz.ad
 Patch1:              %{pkgnamepatch}-install-test.patch
 Patch3:              %{pkgnamepatch}-file-contents.patch
 Patch4:              %{pkgnamepatch}-scripts.patch
@ -60,6 +64,7 @@ Patch80:             %{pkgnamepatch}-fix-includes-robin-hood.patch
 Patch81:             disable-moutline-atomics-for-aarch64.patch
 Patch115:            boost-1.58.0-pool.patch
 Patch125:            boost-1.57.0-mpl-print.patch
+
 BuildRequires:       cmake gcc-c++ libaio-devel libedit-devel libevent-devel libicu-devel lz4
 BuildRequires:       lz4-devel mecab-devel bison libzstd-devel
 %ifnarch aarch64 %{arm} s390 s390x
@ -208,6 +213,9 @@ The package provides Docs for development of MySQL applications.


 %prep
+cd ../SOURCES
+cat %{SOURCE32} %{SOURCE33} %{SOURCE34} %{SOURCE35} | tar xj
+cd ..
 %setup -q -n mysql-%{version}
 %patch1 -p1
 %patch3 -p1
@ -535,6 +543,14 @@ fi
 %{_mandir}/man1/mysql_config.1*

 %changelog
+*Mon May 9 2022 jintang song<jintang.song@epro.com.cn> - 8.0.29-1
+- Upgrade mysql to 8.0.29,fix CVES:'CVE-2022-21423 CVE-2022-21451 
+  CVE-2022-21444 CVE-2022-21460 CVE-2022-21417 CVE-2022-21427 CVE-2022-21414 
+  CVE-2022-21435 CVE-2022-21452 CVE-2022-21413 CVE-2022-21462 CVE-2022-21412 
+  CVE-2022-21415 CVE-2022-21437 CVE-2022-21438 CVE-2022-21436 CVE-2022-21418 
+  CVE-2022-21459 CVE-2022-21478 CVE-2022-21479 CVE-2022-21440 CVE-2022-21425 
+  CVE-2022-21457 CVE-2022-21454 CVE-2022-21483 CVE-2022-21482 CVE-2022-21484 
+  CVE-2022-21485 CVE-2022-21486 CVE-2022-21489 CVE-2022-21490
 * Tue Jan 25 2022 yaoxin <yaoxin30@huawei.com> - 8.0.28-1
 - Upgrade mysql to 8.0.28 to fix cves.