diff options
author | seb <seb@pkgsrc.org> | 2006-08-31 12:42:42 +0000 |
---|---|---|
committer | seb <seb@pkgsrc.org> | 2006-08-31 12:42:42 +0000 |
commit | 8713e488fb194a478fcb7ece8aa125ad7fc0708c (patch) | |
tree | 8078930397430056ab57bfe432bfc6bf5e77288f /databases/mysql4-client/patches | |
parent | 5a4461f9929531ec1522f5e953cd485311e7d9aa (diff) | |
download | pkgsrc-8713e488fb194a478fcb7ece8aa125ad7fc0708c.tar.gz |
Update mysql4-client and mysql4-server to version 4.1.21.
Most notably this version includes fixes for:
http://secunia.com/advisories/21259/
http://secunia.com/advisories/21506/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
Diffstat (limited to 'databases/mysql4-client/patches')
-rw-r--r-- | databases/mysql4-client/patches/patch-ax | 4 | ||||
-rw-r--r-- | databases/mysql4-client/patches/patch-bd | 21 |
2 files changed, 12 insertions, 13 deletions
diff --git a/databases/mysql4-client/patches/patch-ax b/databases/mysql4-client/patches/patch-ax index 7aa5716315b..59383de546a 100644 --- a/databases/mysql4-client/patches/patch-ax +++ b/databases/mysql4-client/patches/patch-ax @@ -1,4 +1,4 @@ -$NetBSD: patch-ax,v 1.4 2005/09/26 22:34:49 xtraeme Exp $ +$NetBSD: patch-ax,v 1.5 2006/08/31 12:42:42 seb Exp $ --- scripts/Makefile.in.orig 2005-09-26 23:51:54.000000000 +0200 +++ scripts/Makefile.in 2005-09-26 23:52:22.000000000 +0200 @@ -26,7 +26,7 @@ $NetBSD: patch-ax,v 1.4 2005/09/26 22:34:49 xtraeme Exp $ +bin_SCRIPTS = msql2mysql mysql_config mysql_fix_privilege_tables \ + mysql_setpermission mysql_zap mysqlaccess mysqlbug \ + mysql_convert_table_format mysql_find_rows mysqlhotcopy \ -+ mysqldumpslow mysql_explain_log mysql_tableinfo \ ++ mysql_explain_log mysql_tableinfo \ mysql_create_system_tables noinst_SCRIPTS = make_binary_distribution \ diff --git a/databases/mysql4-client/patches/patch-bd b/databases/mysql4-client/patches/patch-bd index e93414ae717..39e83012da2 100644 --- a/databases/mysql4-client/patches/patch-bd +++ b/databases/mysql4-client/patches/patch-bd @@ -1,6 +1,6 @@ -$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ +$NetBSD: patch-bd,v 1.2 2006/08/31 12:42:42 seb Exp $ ---- tests/mysql_client_test.c.orig 2006-05-24 18:00:37.000000000 +0000 +--- tests/mysql_client_test.c.orig 2006-07-19 15:10:41.000000000 +0000 +++ tests/mysql_client_test.c @@ -22,6 +22,7 @@ ***************************************************************************/ @@ -10,12 +10,13 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ #include <my_sys.h> #include <mysql.h> #include <errmsg.h> -@@ -11745,6 +11746,49 @@ static void test_bug12744() +@@ -11855,6 +11856,48 @@ static void test_bug15613() + mysql_stmt_close(stmt); } - /* ++/* + Bug #17667: An attacker has the opportunity to bypass query logging. -+*/ ++ */ + +static void test_bug17667() +{ @@ -55,16 +56,14 @@ $NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ + myquery(rc); +} + -+ -+/* - Bug#11718: query with function, join and order by returns wrong type - */ -@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= { + /* + Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer +@@ -12130,6 +12173,7 @@ static struct my_tests_st my_tests[]= { { "test_bug11718", test_bug11718 }, { "test_bug12925", test_bug12925 }, { "test_bug15613", test_bug15613 }, + { "test_bug17667", test_bug17667 }, + { "test_bug20152", test_bug20152 }, { 0, 0 } }; - |