| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Suggested by pancake@ in PR #28573
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
the upper version.
|
|
|
|
Lots of bug fixes, see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html
|
|
salo feel free to update it and fix the security vulnerabilities.
|
|
|
|
|
|
Most notably this version includes fixes for:
http://secunia.com/advisories/21259/
http://secunia.com/advisories/21506/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
|
|
Lots of changes since last packaged version (4.1.15), please see:
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-18.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-17.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-16.html
Most notably this version includes a fix for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
While here install more man pages and merge mysql4-client/patches/patch-ad
into mysql4-client/patches/patch-af.
|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
that they look nicer.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
* List the info files directly in the PLIST.
|
|
only with GNU as(1).
XXX this condition should probably be reversed to the positive case,
XXX not the negative case so that it works on more platforms.
|
|
|
|
it in the mysql packages.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
the symbol naming is wrong, so no --enable-assembler will get it built.)
|
|
Please see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-15.html
for more information about bugfixes/changes.
|
|
|
|
|
|
Lots of changes, please see
http://dev.mysql.com/doc/mysql/en/news-4-1-14.html
for more information.
|
|
PR#30678 and PR#30364.
|
|
Lots of changes, see http://dev.mysql.com/doc/mysql/en/news-4-1-13.html
for a detailed description.
|
|
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
|
|
include dir is automatically available in ${CPPFLAGS}, following
the example of postgres74-lib.
|
|
Lots of changes and bugs fixed, see
http://dev.mysql.com/doc/mysql/en/news-4-1-12.html
for more information.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
portable shell constructs.
|
|
which can take multiple values -- "pax" or "gtar". The default value
of EXTRACT_USING is "pax", which more closely matches reality since
before, we were using bootstrap "tar" for ${GTAR} and it was actually
pax-as-tar. Also, stop pretending pax-as-tar from the bootstrap kit
or on NetBSD is GNU tar. Lastly, in bsd.pkg.extract.mk, note whether
we need "pax" or "gtar" depending on what we need to extract the
distfiles.
|
|
|
|
Lots of bugfixes and new functionality was added, more info:
http://dev.mysql.com/doc/mysql/en/news-4-1-11.html
|
|
- Fix potential security vulnerabilities in the creation of temporary
table file names and the handling of User Defined Functions (UDFs).
More info: http://www.k-otik.com/english/advisories/2005/0252
Increased BUILDLINK_RECOMMENDED to 4.1.10a.
|
|
o Explain how to start mysqld correctly, PKG_RCD_SCRIPTS {dis,en}abled;
closes PR pkg/29579.
|
|
|
|
|
|
A lot of bugfixes and functionality was added... please see:
http://dev.mysql.com/doc/mysql/en/news-4-1-10.html
|
|
vulnerability in the mysqlaccess script.
Bump PKGREVISION and BUILDLINK_RECOMMENDED.
|
|
Functionality added or changed:
* The Mac OS X 10.3 installation disk images now include a MySQL
Preference Pane for the Mac OS X Control Panel that enables the user
to start and stop the MySQL server via the GUI and activate and
deactivate the automatic MySQL server startup on bootup.
* Seconds_Behind_Master will be NULL (which means ``unknown'')
if the slave SQL thread is not running, or if the slave I/O thread
is not running or not connected to master. It will be zero if the
SQL thread has caught up with the I/O thread. It no longer grows
indefinitely if the master is idle.
* InnoDB: Do not acquire an internal InnoDB table lock in LOCK
TABLES if AUTOCOMMIT=1. This helps in porting old MyISAM applications
to InnoDB. InnoDB table locks in that case caused deadlocks very easily.
* InnoDB: Print a more descriptive error and refuse to start InnoDB
if the size of `ibdata' files is smaller than what is stored in the
tablespace header; innodb_force_recovery overrides this.
* The MySQL server aborts immediately instead of simply issuing a
warning if it is started with the --log-bin option but cannot
initialize the binary log at startup (that is, an error occurs when
writing to the binary log file or binary log index file).
* The binary log file and binary log index file now behave like
MyISAM when there is a "disk full" or "quota exceeded" error. See
section A.4.3 How MySQL Handles a Full Disk.
Many bugfixes were fixed... see
http://dev.mysql.com/doc/mysql/en/News-4.1.9.html
|
|
by mysql-client. This should fix problem reported by Stoned Elipot.
|
|
Please check http://dev.mysql.com/doc/mysql/en/News-4.1.8.html to
see the list of changes, new features added and a bunch of bugs were
fixed.
|
|
to the perl executable.
|
|
|
|
mysql*-client! explain which are the required packages to run the script.
|
