From ffb74a2feb70ec7b06d4264b04905931a75719ea Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:52:57 -0400
Subject: [PATCH] [AUTOPATCHER-CORE] Upgrade mysql to 8.0.40 Fix multiple CVEs
 (#10785)

Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
---
 SPECS/mysql/mysql.signatures.json |  4 ++--
 SPECS/mysql/mysql.spec            | 10 +++++++++-
 cgmanifest.json                   |  4 ++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/SPECS/mysql/mysql.signatures.json b/SPECS/mysql/mysql.signatures.json
index 531b9d7eb76..c15e83c7f22 100644
--- a/SPECS/mysql/mysql.signatures.json
+++ b/SPECS/mysql/mysql.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "mysql-boost-8.0.36.tar.gz": "429c5f69f3722e31807e74119d157a023277af210bfee513443cae60ebd2a86d"
+    "mysql-boost-8.0.40.tar.gz": "eb34a23d324584688199b4222242f4623ea7bca457a3191cd7a106c63a7837d9"
   }
-}
\ No newline at end of file
+}
diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec
index 11e29f1fcf9..480665946a4 100644
--- a/SPECS/mysql/mysql.spec
+++ b/SPECS/mysql/mysql.spec
@@ -1,6 +1,6 @@
 Summary:        MySQL.
 Name:           mysql
-Version:        8.0.36
+Version:        8.0.40
 Release:        1%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
@@ -83,6 +83,14 @@ make test
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Fri Oct 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 8.0.40-1
+- Auto-upgrade to 8.0.40 - Fix multiple CVEs -- CVE-2024-21193, CVE-2024-21194, CVE-2024-21162, CVE-2024-21157, CVE-2024-21130,
+  CVE-2024-20996, CVE-2024-21129, CVE-2024-21159, CVE-2024-21135, CVE-2024-21173, CVE-2024-21160, CVE-2024-21125, CVE-2024-21134,
+  CVE-2024-21127, CVE-2024-21142, CVE-2024-21166, CVE-2024-21163, CVE-2024-21203, CVE-2024-21219, CVE-2024-21247, CVE-2024-21237,
+  CVE-2024-21231, CVE-2024-21213, CVE-2024-21218, CVE-2024-21197, CVE-2024-21230, CVE-2024-21207, CVE-2024-21201, CVE-2024-21198,
+  CVE-2024-21238, CVE-2024-21196, CVE-2024-21239, CVE-2024-21199, CVE-2024-21241, CVE-2024-21236, CVE-2024-21212, CVE-2024-21096,
+  CVE-2024-21171, CVE-2024-21165, CVE-2023-46219
+
 * Thu Feb 22 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 8.0.36-1
 - Auto-upgrade to 8.0.36
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 5553bf330f2..ef7b02a9099 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13502,8 +13502,8 @@
         "type": "other",
         "other": {
           "name": "mysql",
-          "version": "8.0.36",
-          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.36.tar.gz"
+          "version": "8.0.40",
+          "downloadUrl": "https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-boost-8.0.40.tar.gz"
         }
       }
     },