diff --git a/.gitignore b/.gitignore
index d836308..28f1300 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/mysql-boost-8.0.13.tar.gz
+SOURCES/mysql-boost-8.0.17.tar.gz
diff --git a/.mysql.metadata b/.mysql.metadata
index e43b40f..b695da0 100644
--- a/.mysql.metadata
+++ b/.mysql.metadata
@@ -1 +1 @@
-c4109cb99c1a70d1d1bb54a9934f44c68b51dad3 SOURCES/mysql-boost-8.0.13.tar.gz
+8395df42d93e2030fcef862bb096831b24ed5c28 SOURCES/mysql-boost-8.0.17.tar.gz
diff --git a/SOURCES/mysql-paths.patch b/SOURCES/mysql-paths.patch
index 078782f..b850109 100644
--- a/SOURCES/mysql-paths.patch
+++ b/SOURCES/mysql-paths.patch
@@ -26,8 +26,8 @@ index f5ac0bf2..cd3132de 100644
    SET(INSTALL_LIBDIR_RPM                "lib64")
 diff --git a/mysys_ssl/my_default.cc b/mysys_ssl/my_default.cc
 index 1317e362..cfa0feb7 100644
---- a/mysys_ssl/my_default.cc
-+++ b/mysys_ssl/my_default.cc
+--- a/mysys/my_default.cc
++++ b/mysys/my_default.cc
 @@ -1570,12 +1570,12 @@ static const char **init_default_directories(MEM_ROOT *alloc) {
  
  #else
@@ -48,17 +48,8 @@ diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
 index c1202103..06a055b1 100644
 --- a/scripts/CMakeLists.txt
 +++ b/scripts/CMakeLists.txt
-@@ -315,7 +315,7 @@ ENDIF(UNIX)
- 
- SET(bindir ${prefix}/${INSTALL_BINDIR})
- SET(sbindir ${prefix}/${INSTALL_SBINDIR})
--SET(libexecdir ${prefix}/${INSTALL_SBINDIR})
-+SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR})
- SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
- IF(INSTALL_LAYOUT MATCHES "STANDALONE")
-   SET(localstatedir ${prefix}/data)
-@@ -324,9 +324,9 @@ ELSE()
- ENDIF()
+@@ -315,9 +315,9 @@ ENDIF(UNIX)
+ ENDIF(UNIX)
  
  SET(prefix "${CMAKE_INSTALL_PREFIX}")
 -SET(sysconfdir ${prefix})
@@ -67,8 +58,8 @@ index c1202103..06a055b1 100644
 -SET(libexecdir ${prefix}/${INSTALL_SBINDIR})
 +SET(libexecdir ${prefix}/${INSTALL_LIBEXECDIR})
  SET(datadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
- SET(pkgdatadir ${prefix}/${INSTALL_MYSQLSHAREDIR})
  SET(libsubdir  ${INSTALL_LIBDIR})
+ SET(pkgincludedir ${prefix}/${INSTALL_INCLUDEDIR})
 diff --git a/scripts/mysqld_multi.sh b/scripts/mysqld_multi.sh
 index 5ad36e7b..5dd032f2 100644
 --- a/scripts/mysqld_multi.sh
diff --git a/SOURCES/mysql-router.patch b/SOURCES/mysql-router.patch
deleted file mode 100644
index bb7aed3..0000000
--- a/SOURCES/mysql-router.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Do not build MySQL Router.
-It is a set of tools and libraries used for the InnoDB cluster.
-
-However without MySQL SHELL it can't be operated.
-We don't pack the MySQL SHELL, so don´t build the router at all.
-
---- mysql-8.0.13/CMakeLists.txt    2018-10-07 10:44:22.000000000 +0200
-+++ mysql-8.0.13/CMakeLists.txt_patched    2018-10-23 03:10:01.490792624 +0200
-@@ -1046,7 +1046,7 @@ CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/sql/s
-
- # depends on mysql_version.h to exist
- IF(NOT WITHOUT_SERVER)
--  ADD_SUBDIRECTORY(router)
-+#  ADD_SUBDIRECTORY(router)
- ENDIF()
-
- GET_PROPERTY(CWD_DEFINITIONS DIRECTORY PROPERTY COMPILE_DEFINITIONS)
diff --git a/SOURCES/mysql-s390-tsc.patch b/SOURCES/mysql-s390-tsc.patch
index 7e5eee3..8437ed7 100644
--- a/SOURCES/mysql-s390-tsc.patch
+++ b/SOURCES/mysql-s390-tsc.patch
@@ -17,7 +17,7 @@ index ec8e855..c3408b1 100644
 --- a/mysys/my_rdtsc.cc
 +++ b/mysys/my_rdtsc.cc
 @@ -204,6 +204,13 @@ ulonglong my_timer_cycles(void) {
-     __asm __volatile__("mrs %[rt],cntvct_el0" : [rt] "=r"(result));
+     __asm __volatile__("mrs %[rt],cntvct_el0" : [ rt ] "=r"(result));
      return result;
    }
 +#elif defined(__GNUC__) && defined(__s390__)
diff --git a/SOURCES/mysql-sharedir.patch b/SOURCES/mysql-sharedir.patch
index cb1f1dc..72fe369 100644
--- a/SOURCES/mysql-sharedir.patch
+++ b/SOURCES/mysql-sharedir.patch
@@ -1,28 +1,22 @@
 diff --git a/mysql-test/CMakeLists.txt b/mysql-test/CMakeLists.txt
-index 7c1e82b5..a92ba915 100644
+index 1eb22c37..e200d4eb 100644
 --- a/mysql-test/CMakeLists.txt
 +++ b/mysql-test/CMakeLists.txt
-@@ -56,6 +56,10 @@ INSTALL(
+@@ -56,6 +56,9 @@ INSTALL(
  ENDIF()
  
  
-+# Expand some paths in the perl scripts correctly
-+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/lib/My/ConfigFactory.pm ${CMAKE_CURRENT_SOURCE_DIR}/lib/My/ConfigFactory.pm @ONLY)
++# Expand some paths in the perl script correctly
 +CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/mysql-test-run.pl ${CMAKE_CURRENT_SOURCE_DIR}/mysql-test-run.pl @ONLY)
 +
  IF(NOT ${CMAKE_SOURCE_DIR} STREQUAL ${CMAKE_BINARY_DIR})
    # Enable running mtr from build directory
-   CONFIGURE_FILE(
+   FIND_PROGRAM(PERL_EXECUTABLE perl
 diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
-index 8c058527..7acd8534 100755
+index 05a504da..9cdc2cda 100755
 --- a/mysql-test/mysql-test-run.pl
 +++ b/mysql-test/mysql-test-run.pl
-@@ -1479,11 +1479,11 @@ sub command_line_setup {
-   }
- 
-   # Look for language files and charsetsdir, use same share
--  $path_language = mtr_path_exists("$bindir/share/mysql", "$bindir/share");
-+  $path_language = mtr_path_exists("$bindir/@INSTALL_MYSQLSHAREDIR@", "$bindir/share/mysql", "$bindir/share");
+@@ -1626,7 +1626,7 @@ sub command_line_setup {
    my $path_share = $path_language;
  
    @share_locations =
diff --git a/SPECS/mysql.spec b/SPECS/mysql.spec
index ce1eb70..0a7fdaa 100644
--- a/SPECS/mysql.spec
+++ b/SPECS/mysql.spec
@@ -125,8 +125,8 @@
 %endif
 
 Name:             %{?scl_prefix}mysql
-Version:          8.0.13
-Release:          1%{?with_debug:.debug}%{?dist}
+Version:          8.0.17
+Release:          3%{?with_debug:.debug}%{?dist}
 Summary:          MySQL client programs and shared libraries
 URL:              http://www.mysql.com
 
@@ -168,7 +168,6 @@ Patch5:           %{pkgnamepatch}-paths.patch
 # Patches specific for this mysql package
 Patch51:          %{pkgnamepatch}-chain-certs.patch
 Patch52:          %{pkgnamepatch}-sharedir.patch
-Patch53:          %{pkgnamepatch}-router.patch
 Patch75:          %{pkgnamepatch}-arm32-timer.patch
 Patch76:          %{pkgnamepatch}-header-file-include.patch
 
@@ -248,7 +247,7 @@ Requires:         bash coreutils grep
 Requires:         %{name}-common%{?_isa} = %{sameevr}
 %{?scl:Requires:%scl_runtime}
 
-Provides:         bundled(boost) = 1.67
+Provides:         bundled(boost) = 1.69
 %if %{with bundled_protobuf}
 Provides:         bundled(protobuf) = 2.6.1
 %endif
@@ -462,13 +461,12 @@ the MySQL sources.
 %patch5 -p1
 %patch51 -p1
 %patch52 -p1
-%patch53 -p1
 %patch75 -p1
 %patch76 -p1
 %patch126 -p1
 
 # Patch Boost
-pushd boost/boost_1_67_0
+pushd boost/boost_1_69_0
 %patch115 -p0
 %patch125 -p1
 popd
@@ -576,6 +574,8 @@ cp %{SOURCE41} mysql-sysnice.te
 
 
 %build
+%{set_build_flags}
+
 make -f /usr/share/selinux/devel/Makefile mysql-sysnice.te mysql-sysnice.pp
 # fail quickly and obviously if user tries to build as root
 %if %runselftest
@@ -642,6 +642,7 @@ cmake .. \
 %ifarch s390 s390x
          -DUSE_LD_GOLD=OFF \
 %endif
+         -DWITH_ROUTER=OFF \
          -DWITH_SYSTEM_LIBS=ON \
 %if %{with bundled_re2}
          -DWITH_RE2=bundled \
@@ -657,11 +658,13 @@ cmake .. \
          -DREPRODUCIBLE_BUILD=OFF \
          -DCMAKE_C_FLAGS="%{optflags} -pie %{?with_debug: -fno-strict-overflow -Wno-unused-result -Wno-unused-function -Wno-unused-but-set-variable}" \
          -DCMAKE_CXX_FLAGS="%{optflags} -pie %{?with_debug: -fno-strict-overflow -Wno-unused-result -Wno-unused-function -Wno-unused-but-set-variable}" \
-         -DCMAKE_EXE_LINKER_FLAGS="-pie" \
+         -DCMAKE_EXE_LINKER_FLAGS="-pie %{build_ldflags}" \
 %{?with_debug: -DWITH_DEBUG=1}\
 %{?with_debug: -DMYSQL_MAINTAINER_MODE=0}\
          -DTMPDIR=/var/tmp \
-         %{?_hardened_build:-DWITH_MYSQLD_LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"}
+         -DWITH_MYSQLD_LDFLAGS="%{build_ldflags}" \
+         -DCMAKE_C_LINK_FLAGS="%{build_ldflags}" \
+         -DCMAKE_CXX_LINK_FLAGS"%{build_ldflags}"
 
 cmake .. -LAH
 
@@ -734,13 +737,7 @@ install -p -m 644 scripts/mysql-scripts-common %{buildroot}%{_libexecdir}/mysql-
 install -D -p -m 0644 scripts/server.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
 install -D -p -m 0644 %{SOURCE32} %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-default-authentication-plugin.cnf
 
-# mysql-test includes one executable that doesn't belong under /usr/share,
-# so move it and provide a symlink
-mv %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process %{buildroot}%{_bindir}
-ln -s ../../../../../bin/my_safe_process %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process
-
 rm %{buildroot}%{_libdir}/mysql/*.a
-rm %{buildroot}%{_datadir}/%{pkg_name}/magic
 rm %{buildroot}%{_datadir}/%{pkg_name}/mysql.server
 rm %{buildroot}%{_datadir}/%{pkg_name}/mysqld_multi.server
 rm %{buildroot}%{_mandir}/man1/comp_err.1*
@@ -824,7 +821,7 @@ polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian}
 %endif
 
 %if %{without test}
-rm %{buildroot}%{_bindir}/{mysql_client_test,mysqlxtest,my_safe_process}
+rm %{buildroot}%{_bindir}/{mysql_client_test,mysqlxtest,mysqltest_safe_process}
 rm -r %{buildroot}%{_datadir}/mysql-test
 rm %{buildroot}%{_mandir}/man1/mysql_client_test.1*
 %endif
@@ -859,8 +856,7 @@ mans= ; for bin in $mysql_binaries; do mans+=" man1/$bin.1.gz" ; done
 # Creating syspath without prefix for mysql-server package
 mysql_server_binaries='ibd2sdi innochecksum my_print_defaults myisam_ftdump
 myisamchk myisamlog myisampack mysql_secure_installation mysql_ssl_rsa_setup
-mysql_tzinfo_to_sql mysql_upgrade mysqldumpslow perror
-resolve_stack_dump resolveip'
+mysql_tzinfo_to_sql mysql_upgrade mysqldumpslow perror'
 
 %scl_syspaths_install_wrappers -n mysql-server -m script -p bin $mysql_server_binaries
 
@@ -1088,8 +1084,6 @@ fi
 %{_bindir}/mysqldumpslow
 %{_bindir}/innochecksum
 %{_bindir}/perror
-%{_bindir}/resolve_stack_dump
-%{_bindir}/resolveip
 
 %config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
 %config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-default-authentication-plugin.cnf
@@ -1128,8 +1122,6 @@ fi
 %{_mandir}/man1/mysqlman.1*
 %{_mandir}/man1/innochecksum.1*
 %{_mandir}/man1/perror.1*
-%{_mandir}/man1/resolve_stack_dump.1*
-%{_mandir}/man1/resolveip.1*
 %{_mandir}/man1/lz4_decompress.1*
 %{_mandir}/man1/zlib_decompress.1*
 %{_mandir}/man8/mysqld.8*
@@ -1179,7 +1171,7 @@ fi
 %{_bindir}/mysql_client_test
 %{_bindir}/mysqltest
 %{_bindir}/mysqlxtest
-%{_bindir}/my_safe_process
+%{_bindir}/mysqltest_safe_process
 %attr(-,mysql,mysql) %{_datadir}/mysql-test
 %endif
 
@@ -1190,6 +1182,27 @@ fi
 %endif
 
 %changelog
+* Fri Aug 02 2019 Matej Mužila <mmuzila@redhat.com> - 8.0.17-3
+- Use RELRO hardening on all binaries
+- Resolves: #1734420
+
+* Tue Jul 30 2019 Matej Mužila <mmuzila@redhat.com> - 8.0.17-2
+- Use RELRO hardening on all binaries
+- Resolves: #1734420
+
+* Thu Jul 25 2019 Matej Mužila <mmuzila@redhat.com> - 8.0.17-1
+- Rebase to 8.0.17
+- Resolves: #1732042
+- CVEs fixed:
+  CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741
+  CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755
+  CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780
+  CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795
+  CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801
+  CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810
+  CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819
+  CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879
+
 * Wed Dec 12 2018 Michal Schorm <mschorm@redhat.com> - 8.0.13-1
 - Rebase to 8.0.13
 - ICU patch removed; upstreamed