From 83aa22430179e013138386a383292257c069967e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 12 2017 12:53:20 +0000 Subject: import rh-mysql57-mysql-5.7.20-1.el7 --- diff --git a/.gitignore b/.gitignore index 98645ee..6deb4fb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/mysql-boost-5.7.19.tar.gz +SOURCES/mysql-boost-5.7.20.tar.gz diff --git a/.rh-mysql57-mysql.metadata b/.rh-mysql57-mysql.metadata index 0861135..6a5a5a7 100644 --- a/.rh-mysql57-mysql.metadata +++ b/.rh-mysql57-mysql.metadata @@ -1 +1 @@ -357769356761e040d8e3febbeb351ba95bde1a43 SOURCES/mysql-boost-5.7.19.tar.gz +1fcbaea0d75d71a8a868f518b5b0afaaa18c5cda SOURCES/mysql-boost-5.7.20.tar.gz diff --git a/SPECS/mysql.spec b/SPECS/mysql.spec index 58067b8..fc2382c 100644 --- a/SPECS/mysql.spec +++ b/SPECS/mysql.spec @@ -113,8 +113,8 @@ %endif Name: %{?scl_prefix}mysql -Version: 5.7.19 -Release: 6%{?with_debug:.debug}%{?dist} +Version: 5.7.20 +Release: 1%{?with_debug:.debug}%{?dist} Summary: MySQL client programs and shared libraries Group: Applications/Databases URL: http://www.mysql.com @@ -1096,9 +1096,17 @@ fi %endif %changelog +* Fri Oct 27 2017 Honza Horak - 5.7.20-1 +- Update to MySQL 5.7.20, for various fixes described at + https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html + Also fixes: CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 + CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 + CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 + Resolves: #1505114 + * Mon Oct 09 2017 Honza Horak - 5.7.19-6 - Clear previously set selinux equivalence rule, so the new one is used - Related: #1452707 + Related: #1451175 * Mon Aug 28 2017 Honza Horak - 5.7.19-5 - Do not use PIDFile directive in mysql@.service @@ -1118,42 +1126,41 @@ fi * Mon Jun 26 2017 Honza Horak - 5.7.18-2 - Run mysqld with correct context - Resolves: #1466474 + Resolves: #1461102 - Work-around for #1172683 is not needed any more, SELinux context is properly defined for mysqld_safe-scl-helper binary in selinux-policy package already. However, what we really need is context of mysqld, not mysqld_safe, so using mysqld-scl-helper instead and defining own context for this file. - Related: #1466474 + Related: #1461102 - Do not run mysql-check-socket script as mysql user, since then it cannot see other processes' open files, as per see fuser(1) man page. Since the script only reads data, running it as root on RHEL-6 does not cause any security issues. - Resolves: #1466477 + Resolves: #1461445 * Tue May 23 2017 Michal Schorm - 5.7.18-2 - Previous CVE fix was incomplete, fixed now -- CVEs fixed by this commit, #1445521: +- CVEs fixed by this commit, #1445520: CVE-2017-3312 -- Resolves: #1445521 * Mon May 15 2017 Michal Schorm - 5.7.18-1 - Udate to MySQL 5.7.18, for various fixes described at https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html -- CVEs fixed by this commit, #1445528: +- CVEs fixed by this commit, #1445527: CVE-2016-5483/CVE-2017-3600 CVE-2017-3308 CVE-2017-3309 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 -- CVEs fixed by this commit, #1445517: +- CVEs fixed by this commit, #1445518: CVE-2016-8327 CVE-2017-3238 CVE-2017-3244 CVE-2017-3251 CVE-2017-3256 CVE-2017-3257 CVE-2017-3258 CVE-2017-3273 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319 CVE-2017-3320 CVE-2017-3291 -- CVEs fixed by this commit, #1445521: +- CVEs fixed by this commit, #1445520: CVE-2017-3312 - 'force' option for 'rm' removed in specfile - Sample my-*.cnf are gone (removed by upstream) @@ -1161,11 +1168,11 @@ fi - Fixed SCL exit code processing ('set -e') - Following tests were disabled, for they started to fail or are unstable: main.datadir_permission main.m_i_db main.grant_user_lock -- Resolves: #1452514; MD5 in FIPS mode - #1452510; bundled() provides - #1452516; root privilege escalation - #1452511; rh-mysql57-mysqld@ wasn't made for scl - #1452707; typo in SELinux context +- Resolves: #1449689; MD5 in FIPS mode + #1396936; bundled() provides + #1451175; typo in SELinux context + #1449694; root privilege escalation + #1400702; rh-mysql57-mysqld@ wasn't made for scl * Mon Oct 17 2016 Jakub Dorňák - 5.7.16-1 - Udate to MySQL 5.7.16, for various fixes described at