# MySQL server update wants to change Perl back to 5.24.4



## FKEinternet (Apr 23, 2018)

A week ago I updated lang/perl5 from perl5-5.24.3 to perl5-5.26.1 because of a vulnerability notification in my daily security run output.  I updated /etc/make.conf to set `DEFAULT_VERSIONS+=perl5=5.26` and thought "I wonder what this is going to break."  Today I found my answer:

```
# pkg install mysql57-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        perl5.24: 5.24.4

Installed packages to be UPGRADED:
        mysql57-server: 5.7.21_1 -> 5.7.22

Number of packages to be installed: 1
Number of packages to be upgraded: 1

The process will require 52 MiB more space.
27 MiB to be downloaded.

Proceed with this action? [y/N]:
```

As a side note, the day after doing the first lang/perl5 update there was another lang/perl5 vulnerability reported, but I wasn't able to use `pkg install` to update it to perl5-5.26.2 until today.

I'm going to build databases/mysql57-server from the ports tree so that it uses the installed/updated perl5-5.26.2 as configured in /etc/make.conf but it seems to me that the version available through `pkg` _should_ be built using the latest version of lang/perl5 already.  Is there something broken in the build process?


----------



## FKEinternet (Apr 23, 2018)

My original issue may be moot, but a new ones have arisen:

After re-reading the Unable to rebuild ports after upgrading Perl from 5.24 to 5.26.1 thread, I decided to run `pkg upgrade` and got

```
# pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (193 candidates): 100%
Processing candidates (193 candidates): 100%
The following 129 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        mysql56-client: 5.6.40
        p5-CGI: 4.38

Installed packages to be UPGRADED:
        zsh: 5.4.2_1 -> 5.5.1
        w3m: 0.5.3.20180125_1 -> 0.5.3.20180125_2
        unbound: 1.6.8_2 -> 1.7.0
        sudo: 1.8.22 -> 1.8.22_1
        sqlite3: 3.22.0_1 -> 3.23.0
        serf: 1.3.9_1 -> 1.3.9_3
        sendmail+tls+sasl2: 8.15.2_8 -> 8.15.2_10
        python36: 3.6.4 -> 3.6.5
        py34-setuptools: 38.5.1 -> 39.0.1
        py27-setuptools: 38.5.1 -> 39.0.1
        py27-pytz: 2018.3,1 -> 2018.4,1
        py27-pycparser: 2.10 -> 2.18
        py27-psutil: 5.4.3 -> 5.4.5
        py27-pip: 9.0.1 -> 9.0.3
        py27-josepy: 1.0.1 -> 1.1.0
        py27-ipaddress: 1.0.19 -> 1.0.22
        py27-idna: 2.5 -> 2.6
        py27-cffi: 1.11.2 -> 1.11.5
        py27-certifi: 2018.1.18 -> 2018.4.16
        py27-certbot: 0.21.1,1 -> 0.23.0,1
        py27-acme: 0.21.1,1 -> 0.23.0,1
        protobuf: 3.5.1.1 -> 3.5.2
        php56-zlib: 5.6.34 -> 5.6.35
        php56-zip: 5.6.34 -> 5.6.35
        php56-xsl: 5.6.34 -> 5.6.35
        php56-xmlwriter: 5.6.34 -> 5.6.35
        php56-xmlrpc: 5.6.34 -> 5.6.35
        php56-xmlreader: 5.6.34 -> 5.6.35
        php56-xml: 5.6.34 -> 5.6.35
        php56-wddx: 5.6.34 -> 5.6.35
        php56-tokenizer: 5.6.34 -> 5.6.35
        php56-tidy: 5.6.34 -> 5.6.35
        php56-sqlite3: 5.6.34 -> 5.6.35
        php56-sockets: 5.6.34 -> 5.6.35
        php56-soap: 5.6.34 -> 5.6.35
        php56-simplexml: 5.6.34 -> 5.6.35
        php56-session: 5.6.34 -> 5.6.35
        php56-recode: 5.6.34 -> 5.6.35
        php56-readline: 5.6.34 -> 5.6.35
        php56-pspell: 5.6.34 -> 5.6.35
        php56-posix: 5.6.34 -> 5.6.35
        php56-phar: 5.6.34 -> 5.6.35
        php56-pgsql: 5.6.34 -> 5.6.35
        php56-pecl-intl: 3.0.0_12 -> 3.0.0_13
        php56-pdo_sqlite: 5.6.34 -> 5.6.35
        php56-pdo_pgsql: 5.6.34 -> 5.6.35
        php56-pdo_odbc: 5.6.34 -> 5.6.35
        php56-pdo_mysql: 5.6.34 -> 5.6.35
        php56-pdo: 5.6.34 -> 5.6.35
        php56-pcntl: 5.6.34 -> 5.6.35
        php56-openssl: 5.6.34 -> 5.6.35
        php56-opcache: 5.6.34 -> 5.6.35
        php56-mysqli: 5.6.34 -> 5.6.35
        php56-mysql: 5.6.34 -> 5.6.35
        php56-mcrypt: 5.6.34 -> 5.6.35
        php56-mbstring: 5.6.34 -> 5.6.35
        php56-ldap: 5.6.34 -> 5.6.35
        php56-json: 5.6.34 -> 5.6.35
        php56-iconv: 5.6.34 -> 5.6.35
        php56-hash: 5.6.34 -> 5.6.35
        php56-gmp: 5.6.34 -> 5.6.35
        php56-gettext: 5.6.34 -> 5.6.35
        php56-gd: 5.6.34_1 -> 5.6.35
        php56-ftp: 5.6.34 -> 5.6.35
        php56-filter: 5.6.34 -> 5.6.35
        php56-fileinfo: 5.6.34 -> 5.6.35
        php56-exif: 5.6.34 -> 5.6.35
        php56-dom: 5.6.34 -> 5.6.35
        php56-dba: 5.6.34 -> 5.6.35
        php56-ctype: 5.6.34 -> 5.6.35
        php56-calendar: 5.6.34 -> 5.6.35
        php56-bz2: 5.6.34 -> 5.6.35
        php56-bcmath: 5.6.34 -> 5.6.35
        php56: 5.6.34 -> 5.6.35
        pciids: 20180219 -> 20180406
        p5-Net-SSLeay: 1.84 -> 1.85
        p5-Mozilla-CA: 20160104 -> 20180117
        p5-HTTP-Message: 6.15 -> 6.16
        p11-kit: 0.23.9 -> 0.23.10
        openldap-client: 2.4.45 -> 2.4.46
        oniguruma: 6.7.1 -> 6.8.1
        nspr: 4.18 -> 4.19
        mysql57-server: 5.7.21_1 -> 5.7.22
        mysql57-client: 5.7.21_1 -> 5.7.22
        mpfr: 3.1.6 -> 4.0.1
        mpc: 1.0.3 -> 1.1.0_1
        mod_php56: 5.6.34 -> 5.6.35
        lmdb: 0.9.21,1 -> 0.9.22,1
        llvm38: 3.8.1_9 -> 3.8.1_10
        libxslt: 1.1.29_1 -> 1.1.32
        libuv: 1.19.2 -> 1.20.1
        libgpg-error: 1.27 -> 1.28
        libatomic_ops: 7.6.0_1 -> 7.6.4
        java-zoneinfo: 2018.c -> 2018.d
        icu: 60.2_2,1 -> 61.1,1
        graphite2: 1.3.10 -> 1.3.11
        go: 1.10,1 -> 1.10.1,1
        glib: 2.50.3_1,1 -> 2.50.3_2,1
        git: 2.16.2 -> 2.17.0_3
        freetype2: 2.8_1 -> 2.9_1
        fontconfig: 2.12.1,1 -> 2.12.1_3,1
        e2fsprogs-libuuid: 1.43.9 -> 1.44.0
        curl: 7.58.0_3 -> 7.59.0
        cmake: 3.10.2 -> 3.11.0_2
        ca_root_nss: 3.35_2 -> 3.36.1
        boehm-gc: 7.6.2 -> 7.6.4
        binutils: 2.30_2,1 -> 2.30_3,1
        bind912: 9.12.0_3 -> 9.12.1
        apr: 1.6.3.1.6.1 -> 1.6.3.1.6.1_1
        alegreya-sans: 2.007,1 -> 2.008,1
        alegreya: 2.006 -> 2.007
        acme-client: 0.1.16_2 -> 0.1.16_3

Installed packages to be REINSTALLED:
        tcl86-8.6.8 (options changed)
        recode-3.6_13
        postgresql95-client-9.5.12
        p5-Term-ReadKey-2.37 (needed shared library changed)
        p5-Locale-gettext-1.07 (needed shared library changed)
        p5-HTML-Parser-3.72 (needed shared library changed)
        p5-GSSAPI-0.28_1 (needed shared library changed)
        p5-Filter-1.58 (needed shared library changed)
        p5-DBI-1.641 (needed shared library changed)
        p5-DBD-mysql-4.046 (options changed)
        p5-Crypt-SSLeay-0.72_3 (needed shared library changed)
        libpthread-stubs-0.4 (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:11:*')
        gnome_subr-1.0 (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:11:*')
        docbook-xsl-1.76.1,1 (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:11:*')
        aspell-0.60.6.1_7

Number of packages to be installed: 2
Number of packages to be upgraded: 112
Number of packages to be reinstalled: 15

The process will require 45 MiB more space.
385 MiB to be downloaded.

Proceed with this action? [y/N]:
```

In the list of installed packages to be UPGRADED is mysql57-client: 5.7.21_1 -> 5.7.22. 

Why then is mysql56-client: 5.6.40 going to be installed?
Can the two clients be installed simultaneously?  (I would be surprised)
Will anything break if I uninstall mysql56-client: 5.6.40 after doing the upgrade?


----------



## ShelLuser (Apr 24, 2018)

Don't mix ports and binary packages. That will always cause more trouble than it's worth. And if you use pkg to install software (well, the `pkg install` command) then you don't need /etc/make.conf at all.

As to why this is happening... There could be multiple reasons.

You mixed ports and packages severely and now several package dependencies are messed up. The best solution would be to chose which installation you're going to use and then stick with that. Optionally a re-install of several packages might be required.

You're not using the latest package repository (see /etc/pkg/FreeBSD.conf) but quaterly. That always runs behind because it gets updated every three months or so (though security updates should be quicker I assume, not sure). Editing the config file should do the trick there.


----------



## obsigna (Apr 24, 2018)

FKEinternet said:


> ...
> As a side note, the day after doing the first perl5 update there was another perl5 vulnerability reported, but I wasn't able to use `pkg install` to update it to perl5-5.26.2 until today.
> ...


The vulnerability of lang/perl5.5.26 has been already fixed in the latest binary pkg repository.

Perhaps, you might want to switch to that latest repository. In order to achieve this, create & edit the path+file /usr/local/etc/pkg/repos/FreeBSD.conf with the following content:

```
FreeBSD: {
  url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest",
}
```

Then execute the command `pkg upgrade` once again.


----------



## FKEinternet (Apr 24, 2018)

I ended up running `pkg upgrade` which deinstalled mysql57-server and mysql57-client as I suspected would happen.  I then reinstalled mysql57-server:

```
# pkg install mysql57-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (2 conflicting)
  - mysql57-client-5.7.22 conflicts with mysql56-client-5.6.40 on /usr/local/bin/mysql
  - mysql57-client-5.7.22 conflicts with mysql56-client-5.6.40 on /usr/local/bin/mysql
Checking integrity... done (0 conflicting)
The following 5 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        opendmarc-1.3.2
        p5-DBD-mysql-4.046
        mysql56-client-5.6.40

New packages to be INSTALLED:
        mysql57-server: 5.7.22
        mysql57-client: 5.7.22

Number of packages to be removed: 3
Number of packages to be installed: 2

The process will require 148 MiB more space.

Proceed with this action? [y/N]: y
[1/5] Deinstalling opendmarc-1.3.2...
[1/5] Deleting files for opendmarc-1.3.2: 100%
[2/5] Deinstalling p5-DBD-mysql-4.046...
[2/5] Deleting files for p5-DBD-mysql-4.046: 100%
[3/5] Deinstalling mysql56-client-5.6.40...
[3/5] Deleting files for mysql56-client-5.6.40: 100%
[4/5] Installing mysql57-client-5.7.22...
[4/5] Extracting mysql57-client-5.7.22: 100%
[5/5] Installing mysql57-server-5.7.22...
===> Creating groups.
Using existing group 'mysql'.
===> Creating users
Using existing user 'mysql'.
[5/5] Extracting mysql57-server-5.7.22: 100%
Message from mysql57-client-5.7.22:

* * * * * * * * * * * * * * * * * * * * * * * *

This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server

* * * * * * * * * * * * * * * * * * * * * * * *
Message from mysql57-server-5.7.22:

*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************
```

When I tried to reinstall opendmarc, it wanted to reinstall mysql56-client, as I expected:

```
# pkg install opendmarc
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        opendmarc: 1.3.2
        p5-DBD-mysql: 4.046
        mysql56-client: 5.6.40

Number of packages to be installed: 3

The process will require 39 MiB more space.
109 KiB to be downloaded.

Proceed with this action? [y/N]: n
```

One more test proved that p5-DBD-mysql was the ultimate agent that wanted to reinstall mysql56-client.  I built p5-DBD-mysql from the ports tree, then was able to reinstall opendmar without any further complaints:

```
# pkg install opendmarc
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        opendmarc: 1.3.2

Number of packages to be installed: 1

109 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching opendmarc-1.3.2.txz: 100%  109 KiB 111.4kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing opendmarc-1.3.2...
[1/1] Extracting opendmarc-1.3.2: 100%
```




ShelLuser said:


> Don't mix ports and binary packages.



That's great in theory, but here's a case where it won't work:

```
# pkg install p5-DBD-mysql
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        gcc47: 4.7.4_9,1
        mysql56-client: 5.6.40

Installed packages to be REINSTALLED:
        p5-DBD-mysql-4.046 (options changed)

Number of packages to be installed: 2
Number of packages to be reinstalled: 1

The process will require 130 MiB more space.
22 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching gcc47-4.7.4_9,1.txz: 100%   22 MiB   7.9MB/s    00:03
Checking integrity... done (1 conflicting)
  - mysql56-client-5.6.40 conflicts with mysql57-client-5.7.22 on /usr/local/bin/mysql
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 5 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        mysql57-server-5.7.22
        mysql57-client-5.7.22

New packages to be INSTALLED:
        mysql56-client: 5.6.40
        gcc47: 4.7.4_9,1

Installed packages to be REINSTALLED:
        p5-DBD-mysql-4.046 (options changed)

Number of packages to be removed: 2
Number of packages to be installed: 2
Number of packages to be reinstalled: 1

The operation will free 57 MiB.

Proceed with this action? [y/N]: n
```

It turns out I've already got a /usr/local/etc/pkg/repos/FreeBSD.conf that contains

```
FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  enabled: yes
}
```

This explains why I'm able to install security updates immediately upon finding notifications in my daily security run output, rather than having to wait for the quarterly releases to have them visible.

I've sent an email to the p5-DBD-mysql maintainer listed in the `pkg info` output to alert them of this problem.


----------



## SirDice (Apr 24, 2018)

FKEinternet said:


> I've sent an email to the p5-DBD-mysql maintainer listed in the  pkg info output to alert them of this problem.


The only problem is a failure to understand that the official packages are always built using the defaults, and the default MySQL version is 5.6. This isn't a problem with the package. It's because you are deviating from the defaults and are trying to mix non-default ports with default packages.

You basically have three options, the first is to use the official packages for everything and accept the defaults (that means MySQL 5.6). The second is to build everything from ports, so you can change the defaults (and switch to MySQL 5.7). And the third is to set up your own repository using your settings.


----------



## PacketMan (Apr 24, 2018)

SirDice said:


> And the third is to set up your own repository using your settings.



This seems to be a perfect case to use ports-mgmt/synth  or ports-mgmt/poudriere .


----------



## SirDice (Apr 24, 2018)

Wozzeck.Live said:


> AS TODAY DEFAULT VERSION FOR PERL5 IS 5.24


Actually, the default is 5.26: https://svnweb.freebsd.org/ports/head/Mk/bsd.default-versions.mk?revision=465965&view=markup
The quarterly packages have been updated just after that: https://svnweb.freebsd.org/ports/branches/2018Q2/Mk/?view=log

So ports, latest and quarterly packages all default to Perl 5.26 since three weeks ago.

In any case, the Perl issue was only a minor issue that resulted in updates to MySQL. And this is where the fun began, the OP wants to use MySQL 5.7 and default is 5.6. Now he's struggling and fighting with packages that depend on MySQL 5.6 and ports that are forced to MySQL 5.7.


----------



## FKEinternet (Apr 30, 2018)

SirDice said:


> The only problem is a failure to understand that the official packages are always built using the defaults, and the default MySQL version is 5.6. ...



Perhaps my problem is with the default package.  As noted on FreshPorts

```
pkg-message:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
```

(I meant to post this at the time the rest of this thread was happening, but apparently I got distracted before hitting "Post Reply"...)


----------

