Update from version 5.0.67nb1 to 5.0.67nb2.

Pkgsrc changes:

 o Add patch from http://bugs.mysql.com/file.php?id=9232,
   referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
   vulnerability recorded in
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
 o Bump PKGREVISION

5 files changed, 81 insertions, 8 deletions

diff --git a/databases/mysql5-client/Makefile b/databases/mysql5-client/Makefile
index 9635e755b13..d93d2179b37 100644
--- a/databases/mysql5-client/Makefile
+++ b/databases/mysql5-client/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2008/09/18 12:49:40 tron Exp $
+# $NetBSD: Makefile,v 1.20 2009/01/28 09:44:34 he Exp $
 
 PKGNAME=		${DISTNAME:S/-/-client-/}
-PKGREVISION=		1
+PKGREVISION=		2
 SVR4_PKGNAME=		mysqc
 COMMENT=		MySQL 5, a free SQL database (client)
 
diff --git a/databases/mysql5-client/distinfo b/databases/mysql5-client/distinfo
index 81990ec876f..0b6ace0def5 100644
--- a/databases/mysql5-client/distinfo
+++ b/databases/mysql5-client/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2008/09/18 11:50:44 taca Exp $
+$NetBSD: distinfo,v 1.25 2009/01/28 09:44:34 he Exp $
 
 SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377
 RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722
@@ -23,4 +23,6 @@ SHA1 (patch-ar) = b55373d58540975e24af14b13640e26c4c756923
 SHA1 (patch-as) = d301a449e67d786f9155673fdbb5e8bc2f19ee7d
 SHA1 (patch-at) = 626c0f6926893aa05e261ca1921fb6a352819156
 SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299
-SHA1 (patch-bh) = 663e07d27d59c6429278d9f179288d2d822f185c
+SHA1 (patch-bh) = b5457d2f039ab6788bc9e5f859dcf71f0cb0582c
+SHA1 (patch-bi) = fb174073be8cef39370cf56331b93429ab2a0e24
+SHA1 (patch-bj) = 77952b4dff57a9755021d815c7dbfdbccf97df05
diff --git a/databases/mysql5-client/patches/patch-bh b/databases/mysql5-client/patches/patch-bh
index dc21363367c..40020c87620 100644
--- a/databases/mysql5-client/patches/patch-bh
+++ b/databases/mysql5-client/patches/patch-bh
@@ -1,8 +1,16 @@
-$NetBSD: patch-bh,v 1.2 2008/07/02 14:10:04 obache Exp $
+$NetBSD: patch-bh,v 1.3 2009/01/28 09:44:34 he Exp $
 
---- client/mysql.cc.orig	2007-05-21 05:45:33.000000000 +0200
-+++ client/mysql.cc	2007-05-21 05:46:28.000000000 +0200
-@@ -1415,7 +1415,11 @@
+What was here before: workaround for our use of -ledit instead
+of the real readline (?).
+
+New: add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
+
+--- client/mysql.cc.orig	2008-08-04 12:19:04.000000000 +0000
++++ client/mysql.cc
+@@ -2263,7 +2263,11 @@ static char **new_mysql_completion (cons
  */
  
  #if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE)
@@ -14,3 +22,28 @@ $NetBSD: patch-bh,v 1.2 2008/07/02 14:10:04 obache Exp $
  #else
  char *no_completion()
  #endif
+@@ -3361,9 +3365,12 @@ print_table_data_html(MYSQL_RES *result)
+   {
+     while((field = mysql_fetch_field(result)))
+     {
+-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
+-					 (field->name[0] ? field->name : 
+-					  " &nbsp; ") : "NULL"));
++      tee_fputs("<TH>", PAGER);
++      if (field->name && field->name[0])
++        xmlencode_print(field->name, field->name_length);
++      else
++        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
++      tee_fputs("</TH>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);
+   }
+@@ -3374,7 +3381,7 @@ print_table_data_html(MYSQL_RES *result)
+     for (uint i=0; i < mysql_num_fields(result); i++)
+     {
+       (void) tee_fputs("<TD>", PAGER);
+-      safe_put_field(cur[i],lengths[i]);
++      xmlencode_print(cur[i], lengths[i]);
+       (void) tee_fputs("</TD>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);
diff --git a/databases/mysql5-client/patches/patch-bi b/databases/mysql5-client/patches/patch-bi
new file mode 100644
index 00000000000..2693b755633
--- /dev/null
+++ b/databases/mysql5-client/patches/patch-bi
@@ -0,0 +1,16 @@
+$NetBSD: patch-bi,v 1.1 2009/01/28 09:44:34 he Exp $
+
+Add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in 
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456. 
+
+--- mysql-test/r/mysql.result.orig	2008-08-04 12:32:17.000000000 +0000
++++ mysql-test/r/mysql.result
+@@ -180,4 +180,6 @@ ERROR at line 1: DELIMITER cannot contai
+ 1
+ This is a file starting with UTF8 BOM 0xEFBBBF
+ This is a file starting with UTF8 BOM 0xEFBBBF
++<TABLE BORDER=1><TR><TH>&lt;</TH></TR><TR><TD>&lt; &amp; &gt;</TD></TR></TABLE>
++End of 5.1 tests
+ End of 5.0 tests
diff --git a/databases/mysql5-client/patches/patch-bj b/databases/mysql5-client/patches/patch-bj
new file mode 100644
index 00000000000..e58236ae038
--- /dev/null
+++ b/databases/mysql5-client/patches/patch-bj
@@ -0,0 +1,22 @@
+$NetBSD: patch-bj,v 1.1 2009/01/28 09:44:34 he Exp $
+
+Add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
+
+--- mysql-test/t/mysql.test.orig	2008-08-04 12:32:17.000000000 +0000
++++ mysql-test/t/mysql.test
+@@ -290,4 +290,12 @@ EOF
+ --exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug29323.sql 2>&1
+ remove_file $MYSQLTEST_VARDIR/tmp/bug29323.sql;
+ 
++
++#
++# Bug #27884: mysql --html does not quote HTML special characters in output
++# 
++--exec $MYSQL --html test -e "select '< & >' as \`<\`"
++
++--echo
++--echo End of 5.1 tests
+ --echo End of 5.0 tests