| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security update
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.83
- pkgsrc/databases/phpmyadmin/distinfo 1.44
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Aug 21 07:50:02 UTC 2010
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.10.1.
Changes since version 2.11.10:
- [setup] Fixed output sanitizing in setup script, see PMASA-2010-4 for
more details.
- [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.43 -r1.44 pkgsrc/databases/phpmyadmin/distinfo
|
|
databases/mysql51-client: security update
databases/mysql51-server: security update
Revisions pulled up:
- databases/mysql51-client/Makefile.common 1.10
- databases/mysql51-client/distinfo 1.6
- databases/mysql51-client/patches/patch-ap 1.2
- databases/mysql51-server/PLIST 1.7
- databases/mysql51-server/Makefile 1.6
- databases/mysql51-server/distinfo 1.8-1.9
- databases/mysql51-server/patches/patch-ae 1.2
- databases/mysql51-server/patches/patch-aj 1.2
- databases/mysql51-server/patches/patch-ak 1.2
- databases/mysql51-server/patches/patch-ay 1.3
- databases/mysql51-server/patches/patch-az 1.1
- databases/mysql51-server/patches/patch-ba 1.1
- databases/mysql51-server/patches/patch-bb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 11 23:18:04 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common distinfo
pkgsrc/databases/mysql51-client/patches: patch-ap
pkgsrc/databases/mysql51-server: PLIST distinfo
pkgsrc/databases/mysql51-server/patches: patch-aj patch-ak
Removed Files:
pkgsrc/databases/mysql51-server/patches: patch-ay
Log Message:
Update mysql51-client and mysql51-server to 5.1.49.
Please refer http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
for full changes.
* InnoDB Plugin has been upgraded to version 1.0.10. This version is
considered of General Availability (GA) quality.
In this release, the InnoDB Plugin is included in source and binary
distributions, except RHEL3, RHEL4, SuSE 9 (x86, x86_64, ia64), and
generic Linux RPM packages. It also does not work for FreeBSD 6 and
HP-UX or for Linux on generic ia64.
Bugs fixed:
* Security Fix: After changing the values of the innodb_file_format or
innodb_file_per_table configuration parameters, DDL statements could
cause a server crash. (Bug#55039)
* Security Fix: Joins involving a table with with a unique SET column
could cause a server crash. (Bug#54575)
* Security Fix: Incorrect handling of NULL arguments could lead to a
crash for IN() or CASE operations when NULL arguments were either
passed explicitly as arguments (for IN()) or implicitly generated by
the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477)
* Security Fix: A malformed argument to the BINLOG statement could
result in Valgrind warnings or a server crash. (Bug#54393)
* Security Fix: Use of TEMPORARY InnoDB tables with nullable columns
could cause a server crash. (Bug#54044)
* Security Fix: The server could crash if there were alternate reads
from two indexes on a table using the HANDLER interface. (Bug#54007)
* Security Fix: Using EXPLAIN with queries of the form SELECT
... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server
crash. (Bug#52711)
* Security Fix: LOAD DATA INFILE did not check for SQL errors and sent
an OK packet even when errors were already reported. Also, an assert
related to client-server protocol checking in debug servers
sometimes was raised when it should not have been. (Bug#52512)
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 13 14:25:35 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-server: Makefile distinfo
pkgsrc/databases/mysql51-server/patches: patch-ae
Added Files:
pkgsrc/databases/mysql51-server/patches: patch-ay patch-az patch-ba
patch-bb
Log Message:
Fix some my_time_t (long) v.s. time_t problem introduced MySQL 5.1.49.
This problem results mysqld to exit on start up.
5.1/i386 5.1/amd64 5.99.38/i386 5.99.38/amd64
my_time_t int32_t int64_t int32_t int64_t
time_t int32_t int32_t int64_t int64_t
I confirmed to mysqld running on these four case except 5.99.38/i386.
Bump PKG_REVISION.
|
|
security update
Revisions pulled up:
- pkgsrc/databases/openldap/Makefile 1.135
- pkgsrc/databases/openldap/Makefile.common 1.26
- pkgsrc/databases/openldap/distinfo 1.78
- pkgsrc/databases/openldap-client/PLIST 1.8
- pkgsrc/databases/openldap-cloak/Makefile 1.8
- pkgsrc/databases/openldap-doc/Makefile 1.20
- pkgsrc/databases/openldap-nops/Makefile 1.10
- pkgsrc/databases/openldap-server/Makefile 1.26
- pkgsrc/databases/openldap-smbk5pwd/Makefile 1.8
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jul 24 11:15:18 UTC 2010
Modified Files:
pkgsrc/databases/openldap: Makefile Makefile.common distinfo
pkgsrc/databases/openldap-client: PLIST
pkgsrc/databases/openldap-cloak: Makefile
pkgsrc/databases/openldap-doc: Makefile
pkgsrc/databases/openldap-nops: Makefile
pkgsrc/databases/openldap-server: Makefile
pkgsrc/databases/openldap-smbk5pwd: Makefile
Log Message:
Update to OpenLDAP 2.4.23, now the "stable" release.
OpenLDAP 2.4.23 Release (2010/06/30)
Fixed libldap to return server's error code (ITS#6569)
Fixed libldap memleaks (ITS#6568)
Fixed liblutil off-by-one with delta (ITS#6541)
Fixed slapd acls with glued databases (ITS#6468)
Fixed slapd syncrepl rid logging (ITS#6533)
Fixed slapd modrdn handling of invalid values (ITS#6570)
Fixed slapd-bdb hasSubordinates computation (ITS#6549)
Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-ldap to return control responses (ITS#6530)
Fixed slapo-ppolicy to use Debug (ITS#6566)
Fixed slapo-refint to zero out freed DN vals (ITS#6572)
Fixed slapo-rwm to use Debug (ITS#6566)
Fixed slapo-sssvlv to use Debug (ITS#6566)
Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
Fixed slapo-valsort to use Debug (ITS#6566)
Fixed contrib/nssov network.c missing patch (ITS#6562)
Build Environment
Fixed test043 attribute sorting (ITS#6553)
Documentation
slapd-config(5) note default rootdn (ITS#6546)
OpenLDAP 2.4.22 Release (2010/04/24)
Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
Added slapd tools selective iterations (ITS#6442)
Added slapd syncrepl TCP keepalive (ITS#6389)
Added slapo-ldap idassert-passthru (ITS#6456)
Added slapo-pbind
Fixed libldap gmtime re-entrancy (ITS#6262)
Fixed libldap gssapi off by one error (ITS#6223)
Fixed libldap GnuTLS serial length (ITS#6460)
Fixed libldap MozNSS context and PEM support (ITS#6432)
Fixed libldap referral on bind behavior(ITS#6510)
Fixed slapd acl non-entry internal searches (ITS#6481)
Fixed slapd acl attrval style initialization (ITS#6520)
Fixed slapd certificateListValidate (ITS#6466)
Fixed slapd empty URI parsing (ITS#6465)
Fixed slapd glued misplaced entries (ITS#6506)
Fixed slapd glued paged cookies (ITS#6507)
Fixed slapd glued paged results (ITS#6504)
Fixed slapd gmtime re-entrancy (ITS#6262)
Fixed slapd to ignore controls with unrecognized flags (ITS#6480)
Fixed slapd entry ownership (ITS#5340)
Fixed slapd sasl auxprop_lookup (ITS#6441)
Fixed slapd sasl auxprop ssf (ITS#5195)
Fixed slapd syncrepl for attributes with no matching rule (ITS#6458)
Fixed slapd syncrepl for unknown attrs and delta-sync (ITS#6473)
Fixed slapd syncrepl loop with moddn (ITS#6472)
Fixed slapo-accesslog to not replicate internal purges (ITS#6519)
Fixed slapd-bdb contextCSN updates from updatedn (ITS#6469)
Fixed slapd-bdb lockobj zeroing (ITS#6501)
Fixed slapd-ldap/meta control criticality (ITS#6523)
Fixed slapd-ldap/meta with ordered values (ITS#6516)
Fixed slapo-collect entry ownership (ITS#5340,ITS#6423)
Fixed slapo-dds with NULL backend (ITS#6490)
Fixed slapo-dynlist entry ownership (ITS#5340,ITS#6423)
Fixed slapo-memberof attr count (ITS#6508)
Fixed slapo-pcache to release its own entries (ITS#6484)
Fixed slapo-pcache with NULL backend (ITS#6490)
Fixed slapo-rwm entry release handling (ITS#6484)
Fixed slapo-rwm memory handling with rewrites (ITS#6526)
Fixed slapo-rwm olcRwmMap handling (ITS#6436)
Fixed slapo-rwm entry ownership (ITS#5340,ITS#6423)
Fixed slapo-syncprov memory leak (ITS#6459)
Fixed slapo-translucent counter increment (ITS#6497)
Fixed slapo-valsort entry ownership (ITS#5340,ITS#6423)
Fixed contrib/sha2 adds mechs for more hashes (ITS#6433)
Fixed contrib/nssov to use nss-pam-ldapd (ITS#6488)
Build Environment
Added back-ldif, back-null test support (ITS#5810)
Documentation
admin24 avoid explicit moduleload statements (ITS#6486)
admin24 broken link fixes (ITS#6493,ITS#6515)
slapd.access(5) val.regex explanation (ITS#5804)
To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 pkgsrc/databases/openldap/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/openldap/Makefile.common
cvs rdiff -u -r1.77 -r1.78 pkgsrc/databases/openldap/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/openldap-client/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/openldap-cloak/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/databases/openldap-doc/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/openldap-nops/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/openldap-server/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/openldap-smbk5pwd/Makefile
|
|
databases/mysql51-client: security update
databases/mysql51-server: security update
Revisions pulled up:
- databases/mysql51-client/Makefile.common 1.9
- databases/mysql51-client/distinfo 1.5
- databases/mysql51-server/PLIST 1.6
- databases/mysql51-server/distinfo 1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 5 03:15:04 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common distinfo
pkgsrc/databases/mysql51-server: PLIST distinfo
Log Message:
Update mysql51-{client,server} package to 5.1.48.
Secunia Advisory SA40333 (http://secunia.com/advisories/40333/) reports
that this release fixes DoS problem and it refers:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
http://bugs.mysql.com/bug.php?id=53804
But news-5-1-48.html dosen't contains about bug id 53804...
Anyway, please refer http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
for full changes.
|
|
error, and to sync with reality.
|
|
|
|
* tokyocabinet.strstr() added
* document fix
(previous version is not available anymore)
|
|
document fix.
(previous version is not available anymore)
|
|
some fixes.
previous version is not available anymore.
|
|
Bug fixes release.
2010-04-27 Mikio Hirabayashi <hirarin@gmail.com>
* tcbdb.c (tcbdboutlist): a bug related to reorganizing tree was fixed.
- Release: 1.4.45
2010-04-23 Mikio Hirabayashi <hirarin@gmail.com>
* tcbdb.c (tcbdbrangefwm): a bug related to empty list was fixed.
* tcadb.c (tcadbmulopen): a bug related to handling table indices was fixed.
- Release: 1.4.44
|
|
PR#43429
|
|
Also add some patches to remove use of deprecated symbols and fix other
problems when looking for or compiling against libpng-1.4.x.
|
|
Upstream changes:
1.0025 Jun 6 12:46:00 2010 PDT
(This version is compatible with 1.0024)
- Fixed t/39_singletons.t to work on Windows.
1.0024 May 30 14:25:00 2010 PDT
(This version is compatible with 1.0023)
- Stale references (objects blessed into DBM::Deep::Null), which
have always supposed to act like undef, now compare equal to
undef, "" and 0. $stale_ref eq "" used to return false, even
though "$stale_ref" was the empty string.
- If you assign a stale reference to a database location,
DBM::Deep now warns and assigns undef, instead of dying with
obscure error messages.
- Using a stale reference as a hash or array ref now causes an
error with a more helpful message.
|
|
|
|
activerecord-cassandra is a Cassandra adapter for ActiveRecord.
|
|
|
|
This is the Ruby implementation of the Cassandra database client.
|
|
Changes since 0.6.1:
* fix contrib/word_count build. (CASSANDRA-992)
* split CommitLogExecutorService into BatchCommitLogExecutorService and
PeriodicCommitLogExecutorService (CASSANDRA-1014)
* add latency histograms to CFSMBean (CASSANDRA-1024)
* make resolving timestamp ties deterministic by using value bytes
as a tiebreaker (CASSANDRA-1039)
* Add option to turn off Hinted Handoff (CASSANDRA-894)
* fix windows startup (CASSANDRA-948)
* make concurrent_reads, concurrent_writes configurable at runtime via JMX
(CASSANDRA-1060)
* disable GCInspector on non-Sun JVMs (CASSANDRA-1061)
* fix tombstone handling in sstable rows with no other data (CASSANDRA-1063)
* fix size of row in spanned index entries (CASSANDRA-1056)
* install json2sstable, sstable2json, and sstablekeys to Debian package
* StreamingService.StreamDestinations wouldn't empty itself after streaming
finished (CASSANDRA-1076)
* added Collections.shuffle(splits) before returning the splits in
ColumnFamilyInputFormat (CASSANDRA-1096)
* do not recalculate cache capacity post-compaction if it's been manually
modified (CASSANDRA-1079)
* better defaults for flush sorter + writer executor queue sizes
(CASSANDRA-1100)
* windows scripts for SSTableImport/Export (CASSANDRA-1051)
* windows script for nodetool (CASSANDRA-1113)
* expose PhiConvictThreshold (CASSANDRA-1053)
* make repair of RF==1 a no-op (CASSANDRA-1090)
* improve default JVM GC options (CASSANDRA-1014)
* fix SlicePredicate serialization inside Hadoop jobs (CASSANDRA-1049)
|
|
Changes:
* Add index length support for MySQL. #1852 [Emili Parreno, Pratik Naik]
* find_or_create_by_attr(value, ...) works when attr is protected.
#4457 [Santiago Pastorino, Marc-Andr\xc3\xa9 Lafortune]
* JSON supports a custom root option: to_json(:root => 'custom') #4515
[Jatinder Singh]
* Destroy uses optimistic locking. If lock_version on the record
you're destroying doesn't match lock_version in the database, a
StaleObjectError is raised. #1966 [Curtis Hawthorne]
* To prefix the table names of all models in a module, define
self.table_name_pr efix on the module. #4032 [Andrew White]
* Association inverses for belongs_to, has_one, and
has_many. Optimization to re duce database queries. #3533 [Murray
Steele]
* MySQL: add_ and change_column support positioning. #3286 [Ben Marini]
* Reset your Active Record counter caches with the reset_counter_cache
class method. #1211 [Mike Breen, Gabe da Silveira]
|
|
Bump PKGREVISION.
Noted by Ryo HAYASAKA in pkg PR/43428
|
|
Changes:
### 1.3.0 / 2010-06-06
* Enhancements
* Complete rewrite of C-based adapter from SWIG to hand-crafted one
[tenderlove]
See API_CHANGES document for details.
This closes: Bug #27300, Bug #27241, Patch #16020
* Improved UTF, Unicode, M17N, all that handling and proper BLOB
handling [tenderlove, nurse]
* Added support for type translations [tenderlove]
@db.translator.add_translator('sometime') do |type, thing|
'output' # this will be returned as value for that column
end
* Experimental
* Added API to access and load extensions. [kashif]
These functions maps directly into SQLite3 own enable_load_extension()
and load_extension() C-API functions. See SQLite3::Database API
documentation for details.
This closes: Patches #9178
* Bugfixes
* Corrected gem dependencies (runtime and development)
* Fixed threaded tests [Alexey Borzenkov]
* Removed GitHub gemspec
* Fixed "No definition for" warnings from RDoc
* Generate zip and tgz files for releases
* Added Luis Lavena as gem Author (maintainer)
* Prevent mkmf interfere with Mighty Snow Leopard
* Allow extension compilation search for common lib paths [kashif]
(lookup /usr/local, /opt/local and /usr)
* Corrected extension compilation under MSVC [romuloceccon]
* Define load_extension functionality based on availability [tenderlove]
* Deprecation notices for Database#query. Fixes RF #28192
|
|
|
|
|
|
For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.
Here is security related changes.
* Security Fix: The server failed to check the table name argument of
a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to bypass
almost all forms of checks for privileges and table-level grants by
providing a specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated user
with DELETE or SELECT privileges on one table could delete or read
content from any other table in all databases on this server, and
potentially of other MySQL instances accessible from the server's
file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow attack
due to a failure to perform bounds checking on the table name
argument of a COM_FIELD_LIST command packet. By sending long data
for the table name, a buffer is overflown, which could be exploited
by an authenticated user to inject malicious code. (Bug#53237,
CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size of
one packet. (Bug#50974, CVE-2010-1849)
|
|
|
|
|
|
|
|
* Support for Berkeley DB 5.0.
* Drop support for Python 3.0.
* Now you can use TMPDIR env variable to override default
test directory ("/tmp").
* Versioning of C API. If you use the code from C, please
check the bsddb_api->api_version number against
PYBSDDB_API_VERSION macro.
* In C code, the bsddb_api->dbsequence_type component is always available,
even if the Berkeley DB version used doesn't support sequences. In that
case, the component will be NULL.
* In C code, "DBSequenceObject_Check()" macro always exists, even if the
Berkeley DB version used doesn't suport sequences. In that case, the test
macro always returns "false".
* For a long time, the API has been accesible via C using "_bsddb.api" or
"_pybsddb.api". If you are using Python >=2.7, you acquire access to that
API via the new Capsule protocol (see "bsddb.h"). If you use the C API and
upgrade to Python 2.7 and up, you must update the access code (see
"bsddb.h"). The Capsule protocol is not supported in Python 3.0, but
pybsddb 5.0.x doesn't support Python 3.0 anymore.
* Capsule support was buggy. The string passed in to PyCapsule_New() must
outlive the capsule.
* Solve an "Overflow" warning in the testsuite running under python 2.3.
* When doing a complete full-matrix test, any warning will be considered
an error.
|
|
|
|
|
|
|
|
data. The software is distributed in source code form, and developers can
compile and link the source code into a single library for inclusion
directly in their applications.
Developers may choose to store data in any of several different storage
structures to satisfy the requirements of a particular application. In
database terminology, these storage structures and the code that operates on
them are called access methods. The library includes support for the
following access methods:
* B+tree: Stores keys in sorted order, using either a programmer-supplied
ordering function or a default function that does lexicographical
ordering of keys. Applications may perform equality or range searches.
* Hashing: Stores records in a hash table for fast searches based on
strict equality. Extended Linear Hashing modifies the hash function
used by the table as new records are inserted, in order to keep buckets
underfull in the steady state.
* Fixed and Variable-Length Records: Stores fixed- or variable-length
records in sequential order. Record numbers may be immutable or
mutable, i.e., permitting new records to be inserted between existing
records or requiring that new records be added only at the end of the
database.
|
|
* The log file format changed in 11gR2.
* Replication Manager sites can specify one or more possible client-to-client
peers.
* Added resource management feature in all Berkeley DB APIs to automatically
manage cursor and database handles by closing them when they are not
required, if they are not yet closed.
* Added a SQL interface to the Berkeley DB library. The interface is based on -
and a drop-in-replacement for - the SQLite API. It can be accessed via a
command line utility, a C API, or existing APIs built for SQLite.
* Added hash databases support to the DB->compact interface.
* Renamed the "db_sql" utility to "db_sql_codegen". This utility is not built
by default. To build this utility, enter --enable-sql_codegen as an argument
to configure.
* Added transactional support in db_sql_codegen utility. Specify TRANSACTIONAL
or NONTRANSACTIONAL in hint comments in SQL statement, db_sql_codegen
enable/disable transaction in generated code accordingly.
* Added the feature read-your-writes consistency that allows client application
to check, or wait for a specific transaction to be replicated from the master
before reading database.
* Added DB log verification feature, accessible via the API and a new utility.
This feature can help debugging and analysis.
* Added support for applications to assign master/client role explicitly at any
time. Replication Manager can now be configured not to initiate elections.
* more...
|
|
|
|
0.9.11
-----
Allow passing SASL interaction options
This adds a hash parameter "options" to LDAP::Conn.sasl_bind, which
can take :authzid, :authcid, and :realm (and corresponding strings),
for SASL authentication.
Also, refactored the rb_scan_args inside rb_ldap_conn_sasl_bind to use
C's case fallthrough, leading to less code repetition.
|
|
Sun Apr 25 2010 version 0.99991 released
* detect HAVE_LONG_LONG for builds with unixODBC
* UTF-8 coding/decoding fix for range 0x80..0xBF
Thu Feb 18 2010 version 0.9999 released
* integrated Bosko Ivanisevic's fixes in ext/utf8/extconf.rb
and test/test.rb and test/utf8/test.rb
|
|
For full changes, see http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html.
Here is important changes:
InnoDB Plugin Notes:
* InnoDB Plugin has been upgraded to version 1.0.8. This version
is considered of General Availability (GA) quality. InnoDB
Plugin Change History, may contain information in addition to
those changes reported here.
In this release, the InnoDB Plugin is included in source and
binary distributions, except RHEL3, RHEL4, SuSE 9 (x86, x86_64,
ia64), and generic Linux RPM packages. It also does not work for
FreeBSD 6 and HP-UX or for Linux on generic ia64.
Functionality added or changed:
* InnoDB stores redo log records in a hash table during
recovery. On 64-bit systems, this hash table was 1/8 of the
buffer pool size. To reduce memory usage, the dimension of the
hash table was reduced to 1/64 of the buffer pool size (or 1/128
on 32-bit systems). (Bug#53122)
Security fixed:
* Security Fix: The server failed to check the table name argument
of a COM_FIELD_LIST command packet for validity and compliance
to acceptable table name standards. This could be exploited to
bypass almost all forms of checks for privileges and table-level
grants by providing a specially crafted table name argument to
COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions
of any table in all other databases and potentially of other
MySQL instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated
user with DELETE or SELECT privileges on one table could delete or
read content from any other table in all databases on this server,
and potentially of other MySQL instances accessible from the
server's file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow
attack due to a failure to perform bounds checking on the table
name argument of a COM_FIELD_LIST command packet. By sending
long data for the table name, a buffer is overflown, which could
be exploited by an authenticated user to inject malicious
code. (Bug#53237, CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum
size of one packet. (Bug#50974, CVE-2010-1849)
|
|
Upstream changes:
1.0023 May 9 14:33:00 2010 PDT
(This version is compatible with 1.0022)
- The DBI back end no longer dies with ?<80><98>Use of uninitialized value
$_ in lc?<80><99> in perl 5.12.0. Thanks to Ansgar Burchardt for finding
and fixing this problem.
1.0022 Apr 25 18:40:00 2010 PDT
(This version is compatible with 1.0021)
- Singleton support has been re-enabled in the File back end.
- t/43_transaction_maximum.t was still failing on some systems
(see http://www.cpantesters.org/cpan/report/7151810), so now we
try to detect the maximum number of files we can open.
1.0021 Apr 18 18:28:00 2010 PDT
(This version is compatible with 1.0020)
- Correct spelling mistakes in the documentation (thanks to Gregor
Herrmann for the corrections and to Ansgar Burchardt for passing
them on) (RT#56520)
- MANIFEST now lists the test libs so they get included in the
distribution (RT#56512)
- It no longer crashes in perl 5.6.2.
1.0020 Feb 16 22:00:00 2010 EST
(This version is compatible with 1.0016)
- Fixed t/43_transaction_maximum.t so that it doesn't error out on systems
which cannot fork > 255 children at one time.
- Improved code coverage
- Added t/96_virtual_functions.t which helps describe what actually
needs to be overridden in a new plugin.
1.0019_003 Feb 16 22:00:00 2010 EST
(This is the third developer release for 1.0020.)
(This version is compatible with 1.0016)
- Fixed problem where "./Build test" wouldn't actually -do- anything.
- (No-one apparently tried to install this till Steven Lembark. Thanks!)
- Fixed speed regression with keys in the File backend.
- Introduced in 1.0019_002 to fix #50541
- Thanks, SPROUT!
- (RT #53575) Recursion failure in STORE (Thanks, SPROUT)
- Merged the rest of the fixes from 1.0015 and 1.0016
- Thanks to our new co-maintainer, SPROUT! :)
- Had to turn off singleton support in the File backend because the caching
was causing havoc with transactions. Turning on fatal warnings does give
apparently important information.
- Oh - forgot to mention that fatal warnings are now on in all files.
1.0019_002 Jan 05 22:30:00 2010 EST
(This is the second developer release for 1.0020.)
(This version is compatible with 1.0014)
- Fixed bug where attempting to store a value tied to something other than
DBM::Deep would leave the file flocked.
- Added support for DBD::SQLite
- Build.PL has been extended to support sqlite vs. mysql
- Storage::DBI now detects between the two DBDs
- (RT #51888) Applied POD patch (Thanks, FWIE!)
- (RT #44981) Added VERSION to ::Array, ::Engine, and ::Hash
- Removed extraneous slashes from POD links (Thanks ilmari!)
- (RT #50541) Fixed bug in clear() for hashes in the File backend.
- This has caused a regression in speed for clear() when clearing
large hashes using running with the File backend. ->clear() (on my
machine) now takes ( N / 40 ) ** (1.66) seconds. So, clearing 4000
keys (as is the test in t/03_bighash.t) would take ~2070 seconds.
- (RT #40782) Fixed bug when handling a key of '0' (Thanks Sterling!)
- (RT #48031) Fixed bug with localized $, (Thanks, SPROUT!)
1.0019_001 Dec 31 22:00:00 2009 EST
(This is the first developer release for 1.0020.)
(This version is compatible with 1.0014)
- DBM::Deep has been refactored to allow for multiple engines. There are two
engines built so far:
- File (the original engine)
- DBI (an engine based on DBI)
- The DBI engine has only been tested on MySQL and isn't transactional.
- InnoDB sucks horribly. When run in a sufficient isolation mode, it
creates deadlocks.
- A custom Build.PL has been written to allow for running tests under
CPAN.pm against the various engines.
- This also allows running the long tests under CPAN.pm
- This has meant a ton of refactoring. Hopefullly, this refactoring will
allow finding some of the niggly bugs more easily. Those tests have not
been enabled yet. That's the next developer release.
- Hopefully, this multi-engine support will allow deprecation of the file
format in the future.
|
|
* Only use lo_import_with_oid if Postgres libraries are 8.4 or better
Changes 2.17.0:
* Do not automatically ROLLBACK on a failed pg_cancel
* Added support for new lo_import_with_oid function.
* Don't limit stored user name to \w in tests
* Allow tests to support versions back to Postgres 7.4
|
|
* Fix the "quiet log" query in the status server.
* Call Stored Procedures in EnterpriseDB in an anonymous
block to prevent errors with out/inout parameters.
* Fix an error when working with packages on EnterpriseDB in 'postgres' mode.
* Prevent a crash if the user cancels a restore operation.
* Fix the refresh of a dropped function.
* Fix a crash bug seen when closing the debugger parameter dialog on OSX.
* Fix to only show Storage value if the value is different from the type's
default value.
* Fix uncalled attempt to "change" array data types in dlgColumn.
* Fix a crash that could occur if viewing a table with no rows in the Edit Grid.
* Fix a crash occuring when a function with a parameter with a default is
selected.
* Don't offer debugging options to non-superusers on Postgres Plus Advanced
Server < 8.4 which doesn't have support for user debugging.
* Fix the saving and reverse engineering of parameters for database, table,
and function.
* Specify the schema of the table/function to restore if pg_restore's release
is 8.2 or later.
* Fix the reverse engineering of a rule.
* Fix the status server window on Mac OS X.
* Fix the recent files, by notifying each frmQuery to update their recent files.
Same support for macros and favourites.
* Fix the canvas resizing with really big table.
* Add the missing RULEs for VIEWs in SQL pane.
* More...
|
|
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix data corruption during WAL replay of ALTER ... SET TABLESPACE
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Apply per-function GUC settings while running the language
validator for the function
* Do constraint exclusion for inherited "UPDATE" and "DELETE" target
tables when constraint_exclusion = partition
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Fix erroneous handling of %r parameter in recovery_end_command
* Ensure the archiver process responds to changes in archive_command
as soon as possible
* Fix pl/pgsql's CASE statement to not fail when the case expression
is a query that returns no rows
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Handle empty-string connect parameters properly in ecpg
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Avoid formatting failure in psql when running in a locale context
that doesn't match the client_encoding
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Apply per-function GUC settings while running the language
validator for the function
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Ensure the archiver process responds to changes in archive_command
as soon as possible
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
changes:
-bugfixes
-translation updates
|
|
0.9.10
-----
Added controls and referral extraction to #search_ext and #search_ext2.
|
|
|
|
This module does not currently offer fetch method that is
available in the RRDs module. It does however create RRD files
with a sensible set of default RRA (Round Robin Archive)
definitions, and can dynamically add new data source names to an
existing RRD file.
This module is ideal for quick and simple storage of data within
an RRD file if you do not need to, nor want to, bother defining
custom RRA definitions.
|
|
|
|
modules default and PLIST broken now.
So, specify some configure option to build as before.
|
|
From Alexander Polakov in PR 43280.
|
