[debian-mysql] Security updates for MySQL 5.6 and 5.7 in unstable
Andreas Beckmann
anbe at debian.org
Fri Jan 20 16:09:32 UTC 2017
Hi Lars,
> We've prepared security updates for MySQL in unstable (5.6.35 and 5.7.17) for Oracle's January Critical Patch Update, but need sponsorship for the upload.
I've sponsored 5.6. I didn't care about lintian that much here, since I
hope that mysql-5.6 can be removed from the archive in the near future,
so focus your work on 5.7.
(5.7 does not build on the non-linux architectures, while 5.6 does,
which will soon be the last blocker for removal)
For 5.7 lintian spews out a lot of things, below you find a filtered list.
There are also a lot of spelling errors reported, these should be fixed
upstream, I'm not listing them here.
(Run lintian yourself to get the full list and more detailed descriptions
of the individual issues.)
The major points that should be fixed are IMHO:
* add yourself to Uploaders (interpret this as "I take responsibility for this package as (Co-)Maintainer" not "I have upload permissions")
* update debian/copyright (maybe some files were moved around?) and ensure it contains up-to-date information
* add an override for
E: libmysqld-dev: depends-on-obsolete-package depends: libmysqlclient-dev (>= 5.7.17-1) => default-libmysqlclient-dev
* update the overrides where line numbers changed
* fix whatever you like
* ignore (don't override) everything else
To work around the false positive
spelling-error-in-copyright Boost Boost (duplicate word) Boost
I'd suggest to add the version to the license name as in
Files: ...
Copyright: ...
License: Boost-1.0
License: Boost-1.0
Boost Software License - Version 1.0 - August 17th, 2003
...
I: mysql-5.7 source: xs-testsuite-header-in-debian-control xs-testsuite
P: mysql-5.7 source: source-contains-prebuilt-windows-binary mysql-test/std_data/bug21542698.dat
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/storage/Storage.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/storage/Storage.swf
P: mysql-5.7 source: source-contains-prebuilt-flash-project storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.fla
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.fla
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/storage/storage_dialog.swf
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/av/resources/audio.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/av/resources/audio.swf
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/av/resources/video.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/av/resources/video.swf
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/form/resources/fileuploader.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/form/resources/fileuploader.swf
P: mysql-5.7 source: source-contains-prebuilt-flash-object storage/ndb/mcc/frontend/dojo/dojox/form/resources/uploader.swf
E: mysql-5.7 source: source-is-missing storage/ndb/mcc/frontend/dojo/dojox/form/resources/uploader.swf
W: mysql-5.7 source: changelog-should-mention-nmu
W: mysql-5.7 source: source-nmu-has-incorrect-version-number 5.7.17-1
I: mysql-5.7 source: no-complete-debconf-translation
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/graph-compare-results.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/ndb/bin/* (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/binary-configure.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/my-huge.cnf.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/my-innodb-heavy-4G.cnf.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/my-large.cnf.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/my-medium.cnf.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/my-small.cnf.sh (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright BUILD-CMAKE (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright INSTALL-SOURCE (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright INSTALL-WIN-SOURCE (paragraph at line 156)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright mysql-test/lib/My/SafeProcess/safe_process.pl (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/config.huge.ini.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/config.medium.ini.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/config.small.ini.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/RHEL4-SElinux/* (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/MySQL-shared-compat.spec.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/mysql.spec.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/mysql.5.7.*.spec (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/ndb-config-2-node.ini.sh (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright tests/* (paragraph at line 215)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright cmd-line-utils/readline/* (paragraph at line 314)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright cmd-line-utils/libedit/readline/* (paragraph at line 322)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright scripts/mysqlaccess.sh (paragraph at line 354)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright scripts/mysql_fix_extensions.sh (paragraph at line 354)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright scripts/mysql_setpermission.sh (paragraph at line 354)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/* (paragraph at line 354)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/ndb/test/run-test/atrt-clear-result.sh (paragraph at line 354)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest1.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest1a.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest1b.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest2.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest2a.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright sql-bench/innotest2b.sh (paragraph at line 383)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/btr/btr0sea.c (paragraph at line 393)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/include/os0sync.h (paragraph at line 393)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/log/log0log.c (paragraph at line 393)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/row/row0sel.c (paragraph at line 393)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/btr/btr0cur.c (paragraph at line 402)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/buf/buf0buf.c (paragraph at line 402)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright support-files/mysql-multi.server.sh (paragraph at line 433)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/pars/pars0grm.c (paragraph at line 445)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/srv/srv0start.c (paragraph at line 451)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/os/os0file.c (paragraph at line 464)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright include/t_ctype.h (paragraph at line 470)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright dbug/dbug_long.h (paragraph at line 499)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/srv/srv0srv.c (paragraph at line 556)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright storage/innobase/ut/ut0rbt.c (paragraph at line 562)
I: mysql-5.7 source: wildcard-matches-nothing-in-dep5-copyright tests/mail_to_db.pl (paragraph at line 606)
W: mysql-5.7 source: missing-field-in-dep5-copyright copyright (empty field, paragraph at line 742)
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/CMakeLists.txt
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control.cc
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control_coordinator.cc
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control_coordinator.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control_data.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control_interfaces.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_control_memory.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_delay.cc
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_delay.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/connection_delay_api.h
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/security_context_wrapper.cc
W: mysql-5.7 source: file-without-copyright-information plugin/connection_control/security_context_wrapper.h
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 314
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 383
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 420
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 458
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 551
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 556
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 562
I: mysql-5.7 source: unused-file-paragraph-in-dep5-copyright paragraph at line 606
I: mysql-server-5.7: hardening-no-fortify-functions usr/lib/mysql/plugin/auth_socket.so
I: mysql-server-5.7: hardening-no-fortify-functions usr/lib/mysql/plugin/rewriter.so
I: mysql-server-5.7: debian-news-entry-uses-asterisk
I: mysql-server-5.7: unused-debconf-template mysql-server-5.7/really_downgrade
I: mysql-server-5.7: unused-debconf-template mysql-server-5.7/nis_warning
I: mysql-server-5.7: unused-debconf-template mysql-server-5.7/start_on_boot
W: mysql-server-5.7: spelling-error-in-readme-debian username username (duplicate word) username
E: mysql-server-5.7: depends-on-essential-package-without-using-version depends: bsdutils
W: mysql-server-5.7: manpage-has-errors-from-man usr/share/man/man1/mysqlbinlog.1.gz 1893: warning [p 13, 5.3i, div `3tbd3,2', 0.8i]: can't break line
I: mysql-server-5.7: systemd-service-file-missing-documentation-key lib/systemd/system/mysql.service
I: mysql-server-5.7: unused-override manpage-has-errors-from-man usr/share/man/man1/mysqlbinlog.1.gz 1979: warning [p 13, 2.7i, div `3tbd3,2', 0.8i]: can't break line
I: mysql-server-core-5.7: debian-news-entry-uses-asterisk
I: mysql-server-core-5.7: conflicts-with-version mysql-client-5.5 (<< 5.6)
I: mysql-source-5.7: debian-news-entry-uses-asterisk
I: mysql-client-5.7: debian-news-entry-uses-asterisk
W: mysql-client-5.7: spelling-error-in-readme-debian completition completion
W: mysql-client-5.7: manpage-has-errors-from-man usr/share/man/man1/mysqladmin.1.gz 34: warning [p 1, 1.5i]: can't break line
W: mysql-client-5.7: manpage-has-errors-from-man usr/share/man/man1/mysqldump.1.gz 1520: warning [p 9, 10.7i, div `3tbd3,1', 0.3i]: can't break line
I: mysql-client-5.7: unused-override manpage-has-errors-from-man usr/share/man/man1/mysqladmin.1.gz 37: warning [p 1, 1.5i]: can't break line
I: mysql-client-5.7: unused-override manpage-has-errors-from-man usr/share/man/man1/mysqldump.1.gz 1623: warning [p 9, 10.2i, div `3tbd3,1', 0.3i]: can't break line
I: mysql-client-core-5.7: debian-news-entry-uses-asterisk
I: mysql-testsuite: debian-news-entry-uses-asterisk
I: mysql-testsuite: using-first-person-in-description line 4: we
I: libmysqlclient20: debian-news-entry-uses-asterisk
X: libmysqlclient20: shlib-calls-exit usr/lib/x86_64-linux-gnu/libmysqlclient.so.20.3.4
I: mysql-testsuite-5.7: hardening-no-fortify-functions usr/lib/mysql/plugin/auth.so
I: mysql-testsuite-5.7: hardening-no-fortify-functions usr/lib/mysql/plugin/qa_auth_server.so
I: mysql-testsuite-5.7: debian-news-entry-uses-asterisk
W: mysql-testsuite-5.7: script-not-executable usr/lib/mysql-test/suite/sysschema/t/fn_format_path-master.sh
I: libmysqlclient-dev: debian-news-entry-uses-asterisk
I: libmysqld-dev: debian-news-entry-uses-asterisk
E: libmysqld-dev: depends-on-obsolete-package depends: libmysqlclient-dev (>= 5.7.17-1) => default-libmysqlclient-dev
I: mysql-server: debian-news-entry-uses-asterisk
I: mysql-client: debian-news-entry-uses-asterisk
Andreas
PS: please keep me Cc:ed, I'm not subscribed to the list
More information about the pkg-mysql-maint
mailing list