Update mysql51-{client,server} package to 5.1.47.

For full changes, see http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html.

Here is important changes:


InnoDB Plugin Notes:

    * InnoDB Plugin has been upgraded to version 1.0.8. This version
      is considered of General Availability (GA) quality. InnoDB
      Plugin Change History, may contain information in addition to
      those changes reported here.

      In this release, the InnoDB Plugin is included in source and
      binary distributions, except RHEL3, RHEL4, SuSE 9 (x86, x86_64,
      ia64), and generic Linux RPM packages. It also does not work for
      FreeBSD 6 and HP-UX or for Linux on generic ia64.

Functionality added or changed:

    * InnoDB stores redo log records in a hash table during
      recovery. On 64-bit systems, this hash table was 1/8 of the
      buffer pool size. To reduce memory usage, the dimension of the
      hash table was reduced to 1/64 of the buffer pool size (or 1/128
      on 32-bit systems). (Bug#53122)

Security fixed:

    * Security Fix: The server failed to check the table name argument
      of a COM_FIELD_LIST command packet for validity and compliance
      to acceptable table name standards. This could be exploited to
      bypass almost all forms of checks for privileges and table-level
      grants by providing a specially crafted table name argument to
      COM_FIELD_LIST.

      In MySQL 5.0 and above, this allowed an authenticated user with
      SELECT privileges on one table to obtain the field definitions
      of any table in all other databases and potentially of other
      MySQL instances accessible from the server's file system.

      Additionally, for MySQL version 5.1 and above, an authenticated
    user with DELETE or SELECT privileges on one table could delete or
    read content from any other table in all databases on this server,
    and potentially of other MySQL instances accessible from the
    server's file system. (Bug#53371, CVE-2010-1848)

    * Security Fix: The server was susceptible to a buffer-overflow
      attack due to a failure to perform bounds checking on the table
      name argument of a COM_FIELD_LIST command packet. By sending
      long data for the table name, a buffer is overflown, which could
      be exploited by an authenticated user to inject malicious
      code. (Bug#53237, CVE-2010-1850)

    * Security Fix: The server could be tricked into reading packets
      indefinitely if it received a packet larger than the maximum
      size of one packet. (Bug#50974, CVE-2010-1849)

1 files changed, 5 insertions, 4 deletions

diff --git a/databases/mysql51-server/distinfo b/databases/mysql51-server/distinfo
index 3d12a05f4a8..58f39f6d1ad 100644
--- a/databases/mysql51-server/distinfo
+++ b/databases/mysql51-server/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.5 2010/05/08 20:48:37 wiz Exp $
+$NetBSD: distinfo,v 1.6 2010/05/26 01:52:22 taca Exp $
 
-SHA1 (mysql-5.1.46.tar.gz) = 5df6cf8a24b80cb74301c8275b26391262c5ff76
-RMD160 (mysql-5.1.46.tar.gz) = 1237834db314282f6213724ed3f249d1443c41ad
-Size (mysql-5.1.46.tar.gz) = 23510197 bytes
+SHA1 (mysql-5.1.47.tar.gz) = 9ea8b2cfedb366b884eaeb37757de1cdbbd85b45
+RMD160 (mysql-5.1.47.tar.gz) = ee399fe1ba393c9cd4c19ec43ccea68a6a9f43e3
+Size (mysql-5.1.47.tar.gz) = 23817441 bytes
 SHA1 (patch-aa) = 2a5321738e637a56e57cd6b1b40908d2bf275506
 SHA1 (patch-ab) = 39ca30e2e78645bb6975d057ace30e8c91e6e405
 SHA1 (patch-ac) = bfb6eec77d7c5aa8d2b849632769005dcf2e272c
@@ -25,3 +25,4 @@ SHA1 (patch-at) = 307a0785190f8bc175226ce83288cc85f7da4631
 SHA1 (patch-au) = 51291771b994d199fb6de6a17dd7809a7bf39b68
 SHA1 (patch-aw) = 93ba34d66fd054fbcf9e1eb3a042770d4d6820ec
 SHA1 (patch-ax) = dbf68af2d2ded85140aac3602d4f6ce5d68cc78a
+SHA1 (patch-ay) = df6c75d7a1b27a046dac7467fb5e44be4e35281c