Subject: PR/33616 CVS commit: pkgsrc/databases
To: None <,,>
From: Stoned Elipot <>
List: pkgsrc-bugs
Date: 06/19/2006 08:00:04
The following reply was made to PR pkg/33616; it has been noted by GNATS.

From: Stoned Elipot <>
Subject: PR/33616 CVS commit: pkgsrc/databases
Date: Mon, 19 Jun 2006 07:53:00 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	seb
 Date:		Mon Jun 19 07:53:00 UTC 2006
 Modified Files:
 	pkgsrc/databases/mysql4-client: Makefile.common distinfo
 	pkgsrc/databases/mysql4-server: distinfo
 Added Files:
 	pkgsrc/databases/mysql4-client/patches: patch-bd patch-be
 	pkgsrc/databases/mysql4-server/patches: patch-bd patch-be
 Log Message:
 Update mysql4-client and mysql4-server to version 4.1.20.
 Most notably this version includes fixes for
 The fix for the latter was provided in PR pkg/33616 by Cedric
 Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
 and is not part of the upstream version 4.1.20.
 * Changes since last packaged version (4.1.19)
 (see for me details):
 This is a security fix release for the previous production release
 family.  This release includes the security fix described later in
 this section and a few other changes to resolve build problems,
 relative to the last official MySQL release (4.1.19).
 Bugs fixed:
 - Security fix: An SQL-injection security hole has been found in
 multi-byte encoding processing. The bug was in the server, incorrectly
 parsing the string escaped with the mysql_real_escape_string() C
 API function. (CVE-2006-2753, Bug#8378)
  This vulnerability was discovered and reported by Josh Berkus
  <> and Tom Lane <> as part of
  the inter-project security collaboration of the OSDB consortium.
 - The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
 (In string literals with an escape character (\) followed by a
 multi-byte character that has a second byte of (\), the literal
 was not interpreted correctly. The next byte now is escaped, not
 the entire multi-byte character. This means it a strict reverse of
 the mysql_real_escape_string() function.)
 - The client libraries had not been compiled for position-indpendent
 code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
 - Running myisampack followed by myisamchk with the --unpack option
 would corrupt the auto_increment key. (Bug#12633)
 To generate a diff of this commit:
 cvs rdiff -r1.52 -r1.53 pkgsrc/databases/mysql4-client/Makefile.common
 cvs rdiff -r1.25 -r1.26 pkgsrc/databases/mysql4-client/distinfo
 cvs rdiff -r0 -r1.1 pkgsrc/databases/mysql4-client/patches/patch-bd \
 cvs rdiff -r1.23 -r1.24 pkgsrc/databases/mysql4-server/distinfo
 cvs rdiff -r0 -r1.1 pkgsrc/databases/mysql4-server/patches/patch-bd \
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.