Upgrade mysql to 8.0.43 for fixing 24 CVEs (microsoft#14375)

Co-authored-by: kgodara912 <[email protected]>

Author: BinduSri-6522866

SPECS/mysql/mysql.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "mysql-boost-8.0.42.tar.gz": "c2aa67c618edfa1bc379107fe819ca8e94cba5d85f156d1053b8fedc88cc5f8f"
+  "mysql-boost-8.0.43.tar.gz": "85fd5c3ac88884dc5ac4522ce54ad9c11a91f9396fecaa27152c757a3e6e936f"
  }
 }

SPECS/mysql/mysql.spec

@@ -1,14 +1,13 @@
 Summary:        MySQL.
 Name:           mysql
-Version:        8.0.42
+Version:        8.0.43
 Release:        1%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/Databases
 URL:            https://www.mysql.com
 Source0:        https://dev.mysql.com/get/Downloads/MySQL-8.0/%{name}-boost-%{version}.tar.gz
-Patch0:         CVE-2012-5627.nopatch
 # Patch can be removed after upgrading MySQL to 8.4+
 # or switching to system Protobuf 3.25+ with the 'WITH_PROTOBUF=system' option.
 Patch1:         CVE-2024-2410.patch
@@ -104,17 +103,23 @@ fi
 %files devel
 %{_libdir}/*.so
 %{_libdir}/*.a
-%{_libdir}/private/icudt73l/brkitr/*.res
-%{_libdir}/private/icudt73l/brkitr/*.brk
-%{_libdir}/private/icudt73l/brkitr/*.dict
-%{_libdir}/private/icudt73l/unames.icu
-%{_libdir}/private/icudt73l/cnvalias.icu
-%{_libdir}/private/icudt73l/uemoji.icu
-%{_libdir}/private/icudt73l/ulayout.icu
+%{_libdir}/private/icudt77l/brkitr/*.res
+%{_libdir}/private/icudt77l/brkitr/*.brk
+%{_libdir}/private/icudt77l/brkitr/*.dict
+%{_libdir}/private/icudt77l/unames.icu
+%{_libdir}/private/icudt77l/cnvalias.icu
+%{_libdir}/private/icudt77l/uemoji.icu
+%{_libdir}/private/icudt77l/ulayout.icu
 %{_includedir}/*
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Wed Jul 23 2025 BinduSri Adabala <[email protected]> - 8.0.43-1
+- Upgrade to 8.0.43 to fix CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50081, CVE-2025-50082,
+  CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50091, CVE-2025-50092,CVE-2025-50093,
+  CVE-2025-50094, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099,CVE-2025-50100, CVE-2025-50101, CVE-2025-50102,
+  CVE-2025-50104, CVE-2025-53023
+
 * Wed Jun 04 2025 Kanishk Bansal <[email protected]> - 8.0.42-1
 - Upgrade to 8.0.42 to fix CVE-2025-30687, CVE-2025-30705, CVE-2025-30699, CVE-2025-30681, CVE-2025-30721, CVE-2025-21581, 
   CVE-2025-30685, CVE-2025-30704, CVE-2025-30703, CVE-2025-30683, CVE-2025-30689, CVE-2025-21579, CVE-2025-30695, CVE-2025-21585,
@@ -123,7 +128,7 @@ fi
 - Remove patch for CVE-2025-0725
 - Exclude merge_large_tests in package test.
 
-* Tue Mar 26 2025 Kanishk Bansal <[email protected]> - 8.0.41-1
+* Wed Mar 26 2025 Kanishk Bansal <[email protected]> - 8.0.41-1
 - Upgrade to 8.0.41 to fix CVE-2025-21490
 - Remove patch for CVE-2024-9681
 - Refresh patch for CVE-2025-0725

cgmanifest.json

@@ -13803,8 +13803,8 @@
         "type": "other",
         "other": {
           "name": "mysql",
-          "version": "8.0.42",
-          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.42.tar.gz"
+          "version": "8.0.43",
+          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.43.tar.gz"
         }
       }
     },