diff options
| author | salo <salo@pkgsrc.org> | 2006-09-13 13:35:59 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2006-09-13 13:35:59 +0000 |
| commit | f12219f5749a85dab584ea8487c840e3d752ddc7 (patch) | |
| tree | 17b64fdda4b83c0e80c4ef8fd6efa867883d4ba6 | |
| parent | 9c134a179f28501184274e95b0630aae89ba646b (diff) | |
| download | pkgsrc-f12219f5749a85dab584ea8487c840e3d752ddc7.tar.gz | |
Pullup ticket 1823 - requested by seb
security update for mysql4
Revisions pulled up:
- pkgsrc/databases/mysql4-client/Makefile.common 1.54
- pkgsrc/databases/mysql4-client/PLIST 1.14
- pkgsrc/databases/mysql4-client/distinfo 1.27
- pkgsrc/databases/mysql4-client/patches/patch-ax 1.5
- pkgsrc/databases/mysql4-client/patches/patch-bd 1.2
- pkgsrc/databases/mysql4-server/Makefile 1.31
- pkgsrc/databases/mysql4-server/PLIST 1.18
- pkgsrc/databases/mysql4-server/distinfo 1.25
- pkgsrc/databases/mysql4-server/patches/patch-bd 1.2
Module Name: pkgsrc
Committed By: seb
Date: Thu Aug 31 12:42:42 UTC 2006
Modified Files:
pkgsrc/databases/mysql4-client: Makefile.common PLIST distinfo
pkgsrc/databases/mysql4-client/patches: patch-ax patch-bd
pkgsrc/databases/mysql4-server: Makefile PLIST distinfo
pkgsrc/databases/mysql4-server/patches: patch-bd
Log Message:
Update mysql4-client and mysql4-server to version 4.1.21.
Most notably this version includes fixes for:
http://secunia.com/advisories/21259/
http://secunia.com/advisories/21506/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
| -rw-r--r-- | databases/mysql4-client/Makefile.common | 4 | ||||
| -rw-r--r-- | databases/mysql4-client/PLIST | 3 | ||||
| -rw-r--r-- | databases/mysql4-client/distinfo | 12 | ||||
| -rw-r--r-- | databases/mysql4-client/patches/patch-ax | 4 | ||||
| -rw-r--r-- | databases/mysql4-client/patches/patch-bd | 21 | ||||
| -rw-r--r-- | databases/mysql4-server/Makefile | 5 | ||||
| -rw-r--r-- | databases/mysql4-server/PLIST | 15 | ||||
| -rw-r--r-- | databases/mysql4-server/distinfo | 10 | ||||
| -rw-r--r-- | databases/mysql4-server/patches/patch-bd | 21 |
9 files changed, 53 insertions, 42 deletions
diff --git a/databases/mysql4-client/Makefile.common b/databases/mysql4-client/Makefile.common index ef08f31f621..1ed2e20c482 100644 --- a/databases/mysql4-client/Makefile.common +++ b/databases/mysql4-client/Makefile.common @@ -1,6 +1,6 @@ -# $NetBSD: Makefile.common,v 1.53 2006/06/19 07:52:59 seb Exp $ +# $NetBSD: Makefile.common,v 1.53.2.1 2006/09/13 13:35:59 salo Exp $ -DISTNAME= mysql-4.1.20 +DISTNAME= mysql-4.1.21 CATEGORIES= databases MASTER_SITES= ${MASTER_SITE_MYSQL:=MySQL-4.1/} diff --git a/databases/mysql4-client/PLIST b/databases/mysql4-client/PLIST index 67e45e50d25..8164cd01633 100644 --- a/databases/mysql4-client/PLIST +++ b/databases/mysql4-client/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.13 2006/05/26 18:25:34 seb Exp $ +@comment $NetBSD: PLIST,v 1.13.2.1 2006/09/13 13:35:59 salo Exp $ bin/msql2mysql bin/mysql bin/mysql_config @@ -16,7 +16,6 @@ bin/mysqlbinlog bin/mysqlbug bin/mysqlcheck bin/mysqldump -bin/mysqldumpslow bin/mysqlhotcopy bin/mysqlimport bin/mysqlmanager-pwgen diff --git a/databases/mysql4-client/distinfo b/databases/mysql4-client/distinfo index b17c5cea7b5..e6cdbacf026 100644 --- a/databases/mysql4-client/distinfo +++ b/databases/mysql4-client/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.26 2006/06/19 07:52:59 seb Exp $ +$NetBSD: distinfo,v 1.26.2.1 2006/09/13 13:35:59 salo Exp $ -SHA1 (mysql-4.1.20.tar.gz) = 78cf1e2ab7f97cc33f0eb92bd581cd1472a409fe -RMD160 (mysql-4.1.20.tar.gz) = 0db1eaeed752be2faeae3b99f0c54a23d00f4e5d -Size (mysql-4.1.20.tar.gz) = 17319370 bytes +SHA1 (mysql-4.1.21.tar.gz) = ec761b42d640e4dd051bff939fdcd2895b0e2591 +RMD160 (mysql-4.1.21.tar.gz) = a8e92bb3b1371cde3fd938482b34cb597403debf +Size (mysql-4.1.21.tar.gz) = 17624947 bytes SHA1 (patch-aa) = adc6956d4be304db61aa0323061143fffc1b9751 SHA1 (patch-ab) = 0959e0ba7316e4fe00b656d7af2d8c2c04ed296f SHA1 (patch-af) = fd55cd066ac78601dc12002959d2bfafe243f65b SHA1 (patch-av) = 5bb6b9e90b6537d4fad71fb575986b49e56161e0 SHA1 (patch-aw) = 8e7ad98457ab0b2b96d18cc414b6a773eb564dcc -SHA1 (patch-ax) = 639f60616609b342a44ebd6ae6269a40c4db0767 +SHA1 (patch-ax) = 9ad64516523d6052dca586c6a427a1c64921b891 SHA1 (patch-ay) = fa4a55fa0df5b92823f2390e42fe46e728aadb25 SHA1 (patch-ba) = bd34391e522ae12ee63ec6a734f7a31116b2918d SHA1 (patch-bb) = 242c97ab4658838a6001d9c288e01209abfcee77 SHA1 (patch-bc) = 31c933a03e2b05aeaff1d89d3fa542aad663e96a -SHA1 (patch-bd) = 3ff14eacca7b10f819c8d31852bf5395e992b26a +SHA1 (patch-bd) = 2070c5946ceea4c1b79ce290d359a811996ce454 SHA1 (patch-be) = 1ba51c75cec53cb4bd6d1b5e71f776869cc340ac diff --git a/databases/mysql4-client/patches/patch-ax b/databases/mysql4-client/patches/patch-ax index 7aa5716315b..2654ee5d306 100644 --- a/databases/mysql4-client/patches/patch-ax +++ b/databases/mysql4-client/patches/patch-ax @@ -1,4 +1,4 @@ -$NetBSD: patch-ax,v 1.4 2005/09/26 22:34:49 xtraeme Exp $ +$NetBSD: patch-ax,v 1.4.6.1 2006/09/13 13:35:59 salo Exp $ --- scripts/Makefile.in.orig 2005-09-26 23:51:54.000000000 +0200 +++ scripts/Makefile.in 2005-09-26 23:52:22.000000000 +0200 @@ -26,7 +26,7 @@ $NetBSD: patch-ax,v 1.4 2005/09/26 22:34:49 xtraeme Exp $ +bin_SCRIPTS = msql2mysql mysql_config mysql_fix_privilege_tables \ + mysql_setpermission mysql_zap mysqlaccess mysqlbug \ + mysql_convert_table_format mysql_find_rows mysqlhotcopy \ -+ mysqldumpslow mysql_explain_log mysql_tableinfo \ ++ mysql_explain_log mysql_tableinfo \ mysql_create_system_tables noinst_SCRIPTS = make_binary_distribution \ diff --git a/databases/mysql4-client/patches/patch-bd b/databases/mysql4-client/patches/patch-bd index e93414ae717..f467b9b3bf8 100644 --- a/databases/mysql4-client/patches/patch-bd +++ b/databases/mysql4-client/patches/patch-bd @@ -1,6 +1,6 @@ -$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ +$NetBSD: patch-bd,v 1.1.2.1 2006/09/13 13:35:59 salo Exp $ ---- tests/mysql_client_test.c.orig 2006-05-24 18:00:37.000000000 +0000 +--- tests/mysql_client_test.c.orig 2006-07-19 15:10:41.000000000 +0000 +++ tests/mysql_client_test.c @@ -22,6 +22,7 @@ ***************************************************************************/ @@ -10,12 +10,13 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ #include <my_sys.h> #include <mysql.h> #include <errmsg.h> -@@ -11745,6 +11746,49 @@ static void test_bug12744() +@@ -11855,6 +11856,48 @@ static void test_bug15613() + mysql_stmt_close(stmt); } - /* ++/* + Bug #17667: An attacker has the opportunity to bypass query logging. -+*/ ++ */ + +static void test_bug17667() +{ @@ -55,16 +56,14 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ + myquery(rc); +} + -+ -+/* - Bug#11718: query with function, join and order by returns wrong type - */ -@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= { + /* + Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer +@@ -12130,6 +12173,7 @@ static struct my_tests_st my_tests[]= { { "test_bug11718", test_bug11718 }, { "test_bug12925", test_bug12925 }, { "test_bug15613", test_bug15613 }, + { "test_bug17667", test_bug17667 }, + { "test_bug20152", test_bug20152 }, { 0, 0 } }; - diff --git a/databases/mysql4-server/Makefile b/databases/mysql4-server/Makefile index db49327b929..781573c7e00 100644 --- a/databases/mysql4-server/Makefile +++ b/databases/mysql4-server/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.30 2006/05/26 18:25:34 seb Exp $ +# $NetBSD: Makefile,v 1.30.2.1 2006/09/13 13:35:59 salo Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} SVR4_PKGNAME= mysqs @@ -45,11 +45,12 @@ post-configure: post-build: cd ${WRKSRC}/scripts && ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} \ - ${MAKE_FLAGS} mysqld_safe mysql_install_db + ${MAKE_FLAGS} mysqld_safe mysql_install_db mysqldumpslow post-install: ${INSTALL_SCRIPT} ${WRKSRC}/scripts/mysqld_safe ${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/scripts/mysql_install_db ${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/mysqldumpslow ${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/support-files/mysql.server ${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/scripts/mysql_secure_installation.sh \ ${PREFIX}/bin/mysql_secure_installation diff --git a/databases/mysql4-server/PLIST b/databases/mysql4-server/PLIST index 6b9d73c85e8..e8e4683d670 100644 --- a/databases/mysql4-server/PLIST +++ b/databases/mysql4-server/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.17 2006/05/26 18:25:34 seb Exp $ +@comment $NetBSD: PLIST,v 1.17.2.1 2006/09/13 13:35:59 salo Exp $ bin/comp_err bin/isamchk bin/isamlog @@ -14,6 +14,7 @@ bin/mysql_secure_installation bin/mysql_tzinfo_to_sql bin/mysql_waitpid bin/mysqld_safe +bin/mysqldumpslow bin/pack_isam bin/perror bin/replace @@ -57,6 +58,7 @@ share/mysql-test/include/have_archive.inc share/mysql-test/include/have_bdb.inc share/mysql-test/include/have_big5.inc share/mysql-test/include/have_blackhole.inc +share/mysql-test/include/have_case_sensitive_file_system.inc share/mysql-test/include/have_compress.inc share/mysql-test/include/have_cp1250_ch.inc share/mysql-test/include/have_cp932.inc @@ -134,6 +136,7 @@ share/mysql-test/r/blackhole.result share/mysql-test/r/bool.result share/mysql-test/r/bulk_replace.result share/mysql-test/r/case.result +share/mysql-test/r/case_sensitive_file_system.require share/mysql-test/r/cast.result share/mysql-test/r/check.result share/mysql-test/r/check_var_limit.require @@ -299,6 +302,7 @@ share/mysql-test/r/lock_multi.result share/mysql-test/r/lock_tables_lost_commit.result share/mysql-test/r/lowercase0.require share/mysql-test/r/lowercase2.require +share/mysql-test/r/lowercase_fs_off.result share/mysql-test/r/lowercase_table.result share/mysql-test/r/lowercase_table2.result share/mysql-test/r/lowercase_table3.result @@ -311,6 +315,7 @@ share/mysql-test/r/multi_statement.result share/mysql-test/r/multi_update.result share/mysql-test/r/myisam-blob.result share/mysql-test/r/myisam.result +share/mysql-test/r/mysql_client.result share/mysql-test/r/mysql_protocols.result share/mysql-test/r/mysqlbinlog.result share/mysql-test/r/mysqlbinlog2.result @@ -319,6 +324,7 @@ share/mysql-test/r/mysqltest.result share/mysql-test/r/ndb_alter_table.result share/mysql-test/r/ndb_autodiscover.result share/mysql-test/r/ndb_autodiscover2.result +share/mysql-test/r/ndb_autodiscover3.result share/mysql-test/r/ndb_basic.result share/mysql-test/r/ndb_blob.result share/mysql-test/r/ndb_cache.result @@ -332,9 +338,11 @@ share/mysql-test/r/ndb_index_unique.result share/mysql-test/r/ndb_insert.result share/mysql-test/r/ndb_limit.result share/mysql-test/r/ndb_load.result +share/mysql-test/r/ndb_loaddatalocal.result share/mysql-test/r/ndb_lock.result share/mysql-test/r/ndb_minmax.result share/mysql-test/r/ndb_multi.result +share/mysql-test/r/ndb_rename.result share/mysql-test/r/ndb_replace.result share/mysql-test/r/ndb_restore.result share/mysql-test/r/ndb_subquery.result @@ -703,6 +711,7 @@ share/mysql-test/t/lock.test share/mysql-test/t/lock_multi.test share/mysql-test/t/lock_tables_lost_commit-master.opt share/mysql-test/t/lock_tables_lost_commit.test +share/mysql-test/t/lowercase_fs_off.test share/mysql-test/t/lowercase_table-master.opt share/mysql-test/t/lowercase_table.test share/mysql-test/t/lowercase_table2.test @@ -723,6 +732,7 @@ share/mysql-test/t/multi_update.test share/mysql-test/t/myisam-blob-master.opt share/mysql-test/t/myisam-blob.test share/mysql-test/t/myisam.test +share/mysql-test/t/mysql_client.test share/mysql-test/t/mysql_client_test.test share/mysql-test/t/mysql_protocols.test share/mysql-test/t/mysqlbinlog-master.opt @@ -734,6 +744,7 @@ share/mysql-test/t/ndb_alter_table.test share/mysql-test/t/ndb_autodiscover.test share/mysql-test/t/ndb_autodiscover2-master.opt share/mysql-test/t/ndb_autodiscover2.test +share/mysql-test/t/ndb_autodiscover3.test share/mysql-test/t/ndb_basic.test share/mysql-test/t/ndb_blob.test share/mysql-test/t/ndb_cache.test @@ -746,9 +757,11 @@ share/mysql-test/t/ndb_index_unique.test share/mysql-test/t/ndb_insert.test share/mysql-test/t/ndb_limit.test share/mysql-test/t/ndb_load.test +share/mysql-test/t/ndb_loaddatalocal.test share/mysql-test/t/ndb_lock.test share/mysql-test/t/ndb_minmax.test share/mysql-test/t/ndb_multi.test +share/mysql-test/t/ndb_rename.test share/mysql-test/t/ndb_replace.test share/mysql-test/t/ndb_restore.test share/mysql-test/t/ndb_subquery.test diff --git a/databases/mysql4-server/distinfo b/databases/mysql4-server/distinfo index 0486747abdf..a2648e7e971 100644 --- a/databases/mysql4-server/distinfo +++ b/databases/mysql4-server/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.24 2006/06/19 07:53:00 seb Exp $ +$NetBSD: distinfo,v 1.24.2.1 2006/09/13 13:35:59 salo Exp $ -SHA1 (mysql-4.1.20.tar.gz) = 78cf1e2ab7f97cc33f0eb92bd581cd1472a409fe -RMD160 (mysql-4.1.20.tar.gz) = 0db1eaeed752be2faeae3b99f0c54a23d00f4e5d -Size (mysql-4.1.20.tar.gz) = 17319370 bytes +SHA1 (mysql-4.1.21.tar.gz) = ec761b42d640e4dd051bff939fdcd2895b0e2591 +RMD160 (mysql-4.1.21.tar.gz) = a8e92bb3b1371cde3fd938482b34cb597403debf +Size (mysql-4.1.21.tar.gz) = 17624947 bytes SHA1 (patch-aa) = f32ae7bbf91ce4edaeccf20789d60ecca82eb062 SHA1 (patch-ab) = 45f97d4e449c76e46cacba246d5dc9ac8417ec44 SHA1 (patch-ac) = fd49d78012d6410263da38fb97a8e0369f98c62d @@ -16,5 +16,5 @@ SHA1 (patch-ar) = 93cb95b5e4e290fccbaba8d8bd0b66f115868eed SHA1 (patch-as) = 516460b0aa9f641d74f83c5514f258a980033e41 SHA1 (patch-aw) = e89b4ada1a6efa2d8fb2ddaed8eaca6a59603d38 SHA1 (patch-ax) = c73f0d59c9e079abc8fc16965297257cb8f8a592 -SHA1 (patch-bd) = 3ff14eacca7b10f819c8d31852bf5395e992b26a +SHA1 (patch-bd) = 2070c5946ceea4c1b79ce290d359a811996ce454 SHA1 (patch-be) = 1ba51c75cec53cb4bd6d1b5e71f776869cc340ac diff --git a/databases/mysql4-server/patches/patch-bd b/databases/mysql4-server/patches/patch-bd index e93414ae717..f467b9b3bf8 100644 --- a/databases/mysql4-server/patches/patch-bd +++ b/databases/mysql4-server/patches/patch-bd @@ -1,6 +1,6 @@ -$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ +$NetBSD: patch-bd,v 1.1.2.1 2006/09/13 13:35:59 salo Exp $ ---- tests/mysql_client_test.c.orig 2006-05-24 18:00:37.000000000 +0000 +--- tests/mysql_client_test.c.orig 2006-07-19 15:10:41.000000000 +0000 +++ tests/mysql_client_test.c @@ -22,6 +22,7 @@ ***************************************************************************/ @@ -10,12 +10,13 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ #include <my_sys.h> #include <mysql.h> #include <errmsg.h> -@@ -11745,6 +11746,49 @@ static void test_bug12744() +@@ -11855,6 +11856,48 @@ static void test_bug15613() + mysql_stmt_close(stmt); } - /* ++/* + Bug #17667: An attacker has the opportunity to bypass query logging. -+*/ ++ */ + +static void test_bug17667() +{ @@ -55,16 +56,14 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ + myquery(rc); +} + -+ -+/* - Bug#11718: query with function, join and order by returns wrong type - */ -@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= { + /* + Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer +@@ -12130,6 +12173,7 @@ static struct my_tests_st my_tests[]= { { "test_bug11718", test_bug11718 }, { "test_bug12925", test_bug12925 }, { "test_bug15613", test_bug15613 }, + { "test_bug17667", test_bug17667 }, + { "test_bug20152", test_bug20152 }, { 0, 0 } }; - |