percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7

Updates for galera and xtrabackup will also be required to support updating percona-xtradb-cluster-5.6

percona-galera-3: 3.19

percona-xtrabackup: 2.3.5 or later

https://www.percona.com/doc/percona-xtradb-cluster/5.6/release-notes/Percona-XtraDB-Cluster-5.6.32-25.17.html

Test packages for zesty here:

  https://launchpad.net/~james-page/+archive/ubuntu/percona/+packages

I've tested upgrades from the current zesty versions (in a three unit cluster) to the new versions of pxc, xtrabackup and galera in the PPA from #4. This included a sample dataset export from one of the QA OpenStack clouds that we run; package upgrade was clean, with units only dropping from the cluster when the mysqld was down during the package upgrade - mix of old and new versions appeared to be OK during the upgrade process.

Also performed the same testing for xenial based on packages in the PPA (same target versions as for zesty).

George

Could you confirm what the percona policy is on behavioural changes within a pxc series between point release updates? I think we understand what happens in the Oracle sourced base MySQL, but have less understanding of what happens in the Percona overlays in percona-server and percona-xtradb-cluster.

From #debian-openstack:

<georgelorch> jamespage, well, as you already know, PXC is based pn PS, which is based on MySQL, so PXC inherits all changed that occur along the chain. We do not have a stone cut policy on small features improvements within a minor series but generally anything significant must go into the next major series release. So no, minor updates are not limited to bugs only. New features and improvements might come in as well. Anything that might be a major difference like file format changes, deprecation or changing of option behaviors, etc... must only go into new major series releases.

<jamespage> georgelorch: right that's what I guessed but wanted to make sure - that's reflected in the release notes for 5.6 say

<georgelorch> Honestly I have never seen those guidelines documented anywhere, but that is what we have lived by for my 5 years or so here at Percona. Release notes though are detailed and accurate, at no time will we ever try to 'sneak something through' by not documenting, if it happens, it is a mistake and not intentional.

<rbasak> georgelorch: thanks. So for the feature changes, are there any changes that may change behaviour to users in a way that the user doesn't want?

georgelorch: for example, 5.6.34-26.19 deprecated some options. Is that going to cause users any grief if they want to continue using them? Or for example does the change to wsrep_desync_count affect any behaviour from users' perspectives in a way they may not want?

<georgelorch> rbasak, what do you mean, on minor/point update, the general rule is that users should never even know that an update happened unless absolutely unavoidable to say fix some security issue.
that one I can not answer, I do not work on PXC so really have no idea what it does.
generally though deprecating an option mid series means the option should still be there, just not responsive in the same way and will go away next major release. Some of that is us, some we inherit from our upstreams.

<rbasak> Thanks. "users should never even know..." is what I was looking for :)

<georgelorch> +1

<jamespage> James Page georgelorch: thankyou for clarifying that!

<georgelorch> there are always exceptions, but that is the rule that we go by

As the primary driver for the stable updates is to resolve the outstanding CVE's since 5.6.21 (which is not an inconsiderable list) its been suggested that this be handled as a security update via the security team.

Subscribed the ubuntu-security team for further information.

As far as the FFe is concerned, it'd be good to run through the SRU test case on Zesty too prior to uploading, but: ack.

Thanks Iain - uploads made to zesty including the long list of CVE's these uploads resolve.

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu1

---------------
percona-galera-3 (3.19-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch,
      gcc6.patch: Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:46:27 +0000

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu1

---------------
percona-xtrabackup (2.3.7-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new upstream release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and xxd.
  * d/control,compat: Bumped debhelper compat level to 9.
  * d/control: Bumped Standards-Version to 3.9.8.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:45:14 +0000

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/control: Add BD on dh-python.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).
  * d/repack.sh: Switch tar file compression to bz2.
  * d/*: wrap-and-sort.
  * d/control,compat: Bump debhelper compat level to 9.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:41:46 +0000

@ubuntu-security-sponsors

I've placed all of the required package updates for xenial and yakkety in;

  https://launchpad.net/~james-page/+archive/ubuntu/pxc-march-2017

James: thanks for preparing these. I'm copying them over to the security team's proposed ppa (https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/) and will get an archive admin to copy the binaries into the respective -proposed pockets when they are ready.

James, these have now been published to xenial-proposed and yakkety-proposed. Thanks!

Pre-upgrade test deployment (xenial and yakkety):

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.21-25.8 active 3 percona-cluster jujucharms 253 ubuntu
pxc-y 5.6.21-25.8 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready
pxc-y/0* active idle 3 10.5.26.95 3306/tcp Unit is ready
pxc-y/1 active idle 4 10.5.26.96 3306/tcp Unit is ready
pxc-y/2 active idle 5 10.5.26.94 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova
3 started 10.5.26.95 7c07ca24-f18f-44d5-abda-ca79802b4c1a yakkety nova
4 started 10.5.26.96 bd1e7fb9-dcab-4cc3-9287-fdf5ed884b7e yakkety nova
5 started 10.5.26.94 fcf8e2cc-1185-4b22-b166-a7966f04b337 yakkety nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer
cluster pxc-y pxc-y peer

Xenial post upgrade checks:

$ mysql -u root -pXXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.34-79.1-79.1 Percona XtraDB Cluster (GPL), Release 5.6.34-26.19.4c779b7, wsrep_26.19

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show status like 'wsrep%';
+------------------------------+-------------------------------------------------+
| Variable_name | Value |
+------------------------------+-------------------------------------------------+
| wsrep_local_state_uuid | 8d308825-07cc-11e7-9cd5-1bf73b7ccbf0 |
| wsrep_protocol_version | 7 |
| wsrep_last_committed | 0 |
| wsrep_replicated | 0 |
| wsrep_replicated_bytes | 0 |
| wsrep_repl_keys | 0 |
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 6 |
| wsrep_received_bytes | 1459 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 0 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 0.000000 ...

Xenial status check post upgrade:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer

(note that charm deployment checks units are healthy and in sync - good status indicated in 'Unit is ready' message).

Yakkety post upgrade sync check:

mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.34-79.1-79.1 Percona XtraDB Cluster (GPL), Release 5.6.34-26.19.4c779b7, wsrep_26.19

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show status like 'wsrep%';
+------------------------------+-------------------------------------------------+
| Variable_name | Value |
+------------------------------+-------------------------------------------------+
| wsrep_local_state_uuid | 9fbaa3b6-07cc-11e7-804b-bf92e2159677 |
| wsrep_protocol_version | 7 |
| wsrep_last_committed | 0 |
| wsrep_replicated | 0 |
| wsrep_replicated_bytes | 0 |
| wsrep_repl_keys | 0 |
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 6 |
| wsrep_received_bytes | 1459 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 0 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 0.000000 ...

Yakkety post upgrade juju status check:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
pxc-y 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
pxc-y/0* active idle 3 10.5.26.95 3306/tcp Unit is ready
pxc-y/1 active idle 4 10.5.26.96 3306/tcp Unit is ready
pxc-y/2 active idle 5 10.5.26.94 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
3 started 10.5.26.95 7c07ca24-f18f-44d5-abda-ca79802b4c1a yakkety nova
4 started 10.5.26.96 bd1e7fb9-dcab-4cc3-9287-fdf5ed884b7e yakkety nova
5 started 10.5.26.94 fcf8e2cc-1185-4b22-b166-a7966f04b337 yakkety nova

Relation Provides Consumes Type
cluster pxc-y pxc-y peer

Also validated that newer pxc version works correctly with percona status check integration via ocf resources when used with corosync and pacemaker:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu
pxc-hacluster active 3 hacluster jujucharms 33 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
  pxc-hacluster/1 active idle 10.5.26.91 Unit is ready and clustered
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
  pxc-hacluster/2 active idle 10.5.26.92 Unit is ready and clustered
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready
  pxc-hacluster/0* active idle 10.5.26.93 Unit is ready and clustered

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer
ha percona-cluster pxc-hacluster subordinate
hanode pxc-hacluster pxc-hacluster peer

and crm output

Last updated: Mon Mar 13 09:37:08 2017 Last change: Mon Mar 13 09:33:42 2017 by hacluster via crmd on juju-0b3a19-pxc-testing-0
Stack: corosync
Current DC: juju-0b3a19-pxc-testing-2 (version 1.1.14-70404b0) - partition with quorum
3 nodes and 4 resources configured

Online: [ juju-0b3a19-pxc-testing-0 juju-0b3a19-pxc-testing-1 juju-0b3a19-pxc-testing-2 ]

Full list of resources:

 Resource Group: grp_percona_cluster
     res_mysql_vip (ocf::heartbeat:IPaddr2): Started juju-0b3a19-pxc-testing-0
 Clone Set: cl_mysql_monitor [res_mysql_monitor]
     Started: [ juju-0b3a19-pxc-testing-0 juju-0b3a19-pxc-testing-1 juju-0b3a19-pxc-testing-2 ]

@Steve

I've performed the upgrade checks as outlined in the original bug report test plan.

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu0.16.10.1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:38:21 +0000

The verification of the Stable Release Update for percona-xtradb-cluster-5.6 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu0.16.10.1

---------------
percona-galera-3 (3.19-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch:
      Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.
  * d/p/fix-unaligned-checksum.patch: avoid unaligned access and FTBFS
    on armhf.

 -- James Page <email address hidden> Mon, 06 Mar 2017 13:17:35 +0000

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu0.16.10.1

---------------
percona-xtrabackup (2.3.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and vim-common.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:42:42 +0000

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu0.16.04.1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:38:21 +0000

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu0.16.04.1

---------------
percona-galera-3 (3.19-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch:
      Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.
  * d/p/fix-unaligned-checksum.patch: avoid unaligned access and FTBFS
    on armhf.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:45:23 +0000

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu0.16.04.1

---------------
percona-xtrabackup (2.3.7-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and vim-common.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:42:42 +0000