diff options
| author | seb <seb@pkgsrc.org> | 2006-06-19 07:52:59 +0000 |
|---|---|---|
| committer | seb <seb@pkgsrc.org> | 2006-06-19 07:52:59 +0000 |
| commit | acfe05af4ec5215f0d05f206a6d2f401bdde41f9 (patch) | |
| tree | 61a1c4d14895f0383ee8d5364638cc1dd4c97836 /databases/mysql4-client/patches | |
| parent | df1fa912fae2ea2603abcd6ed2827d4de2c2662b (diff) | |
| download | pkgsrc-acfe05af4ec5215f0d05f206a6d2f401bdde41f9.tar.gz | |
Update mysql4-client and mysql4-server to version 4.1.20.
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
Diffstat (limited to 'databases/mysql4-client/patches')
| -rw-r--r-- | databases/mysql4-client/patches/patch-bd | 70 | ||||
| -rw-r--r-- | databases/mysql4-client/patches/patch-be | 13 |
2 files changed, 83 insertions, 0 deletions
diff --git a/databases/mysql4-client/patches/patch-bd b/databases/mysql4-client/patches/patch-bd new file mode 100644 index 00000000000..e93414ae717 --- /dev/null +++ b/databases/mysql4-client/patches/patch-bd @@ -0,0 +1,70 @@ +$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $ + +--- tests/mysql_client_test.c.orig 2006-05-24 18:00:37.000000000 +0000 ++++ tests/mysql_client_test.c +@@ -22,6 +22,7 @@ + ***************************************************************************/ + + #include <my_global.h> ++#include <mysqld_error.h> + #include <my_sys.h> + #include <mysql.h> + #include <errmsg.h> +@@ -11745,6 +11746,49 @@ static void test_bug12744() + } + + /* ++ Bug #17667: An attacker has the opportunity to bypass query logging. ++*/ ++ ++static void test_bug17667() ++{ ++ NET *net= &mysql->net; ++ int rc; ++ myheader("test_bug17667"); ++ ++ /* I. Prepare the table */ ++ mysql_real_query(mysql, "drop table if exists t1", 23); ++ ++ rc= mysql_real_query(mysql, "create table t1 (i int)", 23); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == 0); ++ ++ mysql_real_query(mysql, "insert into t1 (i) values (1)", 29); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == 0); ++ ++ mysql_real_query(mysql, "insert into /* NUL=\0 */ t1 (i) values (2)", 41); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == ER_PARSE_ERROR); ++ ++ mysql_real_query(mysql, "/* NUL=\0 */ insert into t1 (i) values (3)", 41); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == ER_PARSE_ERROR); ++ ++ mysql_real_query(mysql, "insert into /* TAB=\t */ t1 (i) values (4)", 41); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == 0); ++ ++ mysql_real_query(mysql, "/* TAB=\t */ insert into t1 (i) values (5)", 41); ++ myquery(rc); ++ DIE_UNLESS(net->last_errno == 0); ++ ++ /* II. Cleanup */ ++ rc= mysql_real_query(mysql, "drop table t1", 13); ++ myquery(rc); ++} ++ ++ ++/* + Bug#11718: query with function, join and order by returns wrong type + */ + +@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= { + { "test_bug11718", test_bug11718 }, + { "test_bug12925", test_bug12925 }, + { "test_bug15613", test_bug15613 }, ++ { "test_bug17667", test_bug17667 }, + { 0, 0 } + }; + diff --git a/databases/mysql4-client/patches/patch-be b/databases/mysql4-client/patches/patch-be new file mode 100644 index 00000000000..64998b911c8 --- /dev/null +++ b/databases/mysql4-client/patches/patch-be @@ -0,0 +1,13 @@ +$NetBSD: patch-be,v 1.1 2006/06/19 07:53:00 seb Exp $ + +--- sql/sql_lex.cc.orig 2006-05-24 18:00:37.000000000 +0000 ++++ sql/sql_lex.cc +@@ -892,6 +892,8 @@ int yylex(void *arg, void *yythd) + while (lex->ptr != lex->end_of_query && + ((c=yyGet()) != '*' || yyPeek() != '/')) + { ++ if (c == '\0') ++ return(ABORT_SYM); // NULLs illegal even in comments + if (c == '\n') + lex->yylineno++; + } |