From 12276decbb01407353934586469005ced557375f Mon Sep 17 00:00:00 2001 From: sbd Date: Tue, 1 Mar 2011 08:28:32 +0000 Subject: Pullup ticket #3366 - requested by taca databases/mysql5-{client,server} security fixes. Revisions pulled up: - databases/mysql5-client/Makefile.common 1.41 - databases/mysql5-client/distinfo 1.30 - databases/mysql5-client/patches/patch-ad 1.8 - databases/mysql5-client/patches/patch-af 1.9 - databases/mysql5-server/PLIST 1.17 - databases/mysql5-server/distinfo 1.26 - databases/mysql5-server/patches/patch-aa 1.7 - databases/mysql5-server/patches/patch-ag 1.9 - databases/mysql5-server/patches/patch-ah 1.8 --- Module Name: pkgsrc Module Name: pkgsrc Committed By: taca Date: Sat Feb 26 02:58:56 UTC 2011 Modified Files: pkgsrc/databases/mysql5-client: Makefile.common distinfo pkgsrc/databases/mysql5-client/patches: patch-ad patch-af pkgsrc/databases/mysql5-server: PLIST distinfo pkgsrc/databases/mysql5-server/patches: patch-aa patch-ag patch-ah Log Message: Update mysql5-{client,server} pacakge to 5.0.92. Functionality added or changed: * The time zone tables available at http://dev.mysql.com/downloads/timezones.html have been updated. These tables can be used on systems such as Windows or HP-UX that do not include zoneinfo files. (Bug#40230) Bugs fixed: * Security Fix: During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash. (Bug#55826, CVE-2010-3833) * Security Fix: The server could crash after materializing a derived table that required a temporary table for grouping. (Bug#55568, CVE-2010-3834) * Security Fix: A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. (Bug#55564, CVE-2010-3835) * Security Fix: Joins involving a table with a unique SET column could cause a server crash. (Bug#54575, CVE-2010-3677) * Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a server crash. (Bug#54568, CVE-2010-3836) * Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash. (Bug#54476, CVE-2010-3837) * Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table. (Bug#54461, CVE-2010-3838) * Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711, CVE-2010-3682) * InnoDB Storage Engine: Creating or dropping a table with 1023 transactions active caused an assertion failure. (Bug#49238) * The make_binary_distribution target to make could fail on some platforms because the lines generated were too long for the shell. (Bug#54590) * A client could supply data in chunks to a prepared statement parameter other than of type TEXT or BLOB using the mysql_stmt_send_long_data() C API function (or COM_STMT_SEND_LONG_DATA command). This led to a crash because other data types are not valid for long data. (Bug#54041) * Builds of the embedded mysqld would fail due to a missing element of the struct NET. (Bug#53908, Bug#53912) * The definition of the MY_INIT macro in my_sys.h included an extraneous semicolon, which could cause compilation failure. (Bug#53906) * If the remote server for a FEDERATED table could not be accessed, queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333) * mysqld could fail during execution when using SSL. (Bug#34236) * Threads that were calculating the estimated number of records for a range scan did not respond to the KILL statement. That is, if a range join type is possible (even if not selected by the optimizer as a join type of choice and thus not shown by EXPLAIN), the query in the statistics state (shown by the SHOW PROCESSLIST) did not respond to the KILL statement. (Bug#25421) --- databases/mysql5-server/patches/patch-ag | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'databases/mysql5-server/patches/patch-ag') diff --git a/databases/mysql5-server/patches/patch-ag b/databases/mysql5-server/patches/patch-ag index 71495e50a9a..54ad0625530 100644 --- a/databases/mysql5-server/patches/patch-ag +++ b/databases/mysql5-server/patches/patch-ag @@ -1,10 +1,10 @@ -$NetBSD: patch-ag,v 1.8 2010/02/18 15:46:10 taca Exp $ +$NetBSD: patch-ag,v 1.8.8.1 2011/03/01 08:28:33 sbd Exp $ ---- man/Makefile.in.orig 2010-01-15 09:53:44.000000000 +0000 +--- man/Makefile.in.orig 2011-01-25 11:31:45.000000000 +0000 +++ man/Makefile.in -@@ -349,7 +349,7 @@ yassl_h_ln_cmd = @yassl_h_ln_cmd@ - yassl_libs = @yassl_libs@ +@@ -350,7 +350,7 @@ yassl_libs = @yassl_libs@ yassl_taocrypt_extra_cxxflags = @yassl_taocrypt_extra_cxxflags@ + yassl_thread_cxxflags = @yassl_thread_cxxflags@ zlib_dir = @zlib_dir@ -man1_MANS = @man1_files@ +man1_MANS = mysqld_multi.1 -- cgit v1.2.3