diff options
| author | seb <seb@pkgsrc.org> | 2006-06-19 07:52:59 +0000 |
|---|---|---|
| committer | seb <seb@pkgsrc.org> | 2006-06-19 07:52:59 +0000 |
| commit | 83499fbef4a32eab46cb00fb12dcbe519faac6b7 (patch) | |
| tree | 61a1c4d14895f0383ee8d5364638cc1dd4c97836 /databases/mysql4-client/Makefile.common | |
| parent | 3d3e981e74dbcf122590c740e1511e0d0a735643 (diff) | |
| download | pkgsrc-83499fbef4a32eab46cb00fb12dcbe519faac6b7.tar.gz | |
Update mysql4-client and mysql4-server to version 4.1.20.
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
Diffstat (limited to 'databases/mysql4-client/Makefile.common')
| -rw-r--r-- | databases/mysql4-client/Makefile.common | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/databases/mysql4-client/Makefile.common b/databases/mysql4-client/Makefile.common index 77179d774b1..ef08f31f621 100644 --- a/databases/mysql4-client/Makefile.common +++ b/databases/mysql4-client/Makefile.common @@ -1,6 +1,6 @@ -# $NetBSD: Makefile.common,v 1.52 2006/05/26 18:25:34 seb Exp $ +# $NetBSD: Makefile.common,v 1.53 2006/06/19 07:52:59 seb Exp $ -DISTNAME= mysql-4.1.19 +DISTNAME= mysql-4.1.20 CATEGORIES= databases MASTER_SITES= ${MASTER_SITE_MYSQL:=MySQL-4.1/} |