[pkgsrc/trunk]: pkgsrc/databases Update mysql4-client and mysql4-server to ve...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/databases Update mysql4-client and mysql4-server to ve...
From: seb <seb%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 03:38:46 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/1f60e8912132
branches:  trunk
changeset: 514853:1f60e8912132
user:      seb <seb%pkgsrc.org@localhost>
date:      Mon Jun 19 07:52:59 2006 +0000

description:
Update mysql4-client and mysql4-server to version 4.1.20.

Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903

The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.

* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):

This is a security fix release for the previous production release
family.  This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).

Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
 This vulnerability was discovered and reported by Josh Berkus
 <josh%postgresql.org@localhost> and Tom Lane <tgl%sss.pgh.pa.us@localhost> as part of
 the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)

diffstat:

 databases/mysql4-client/Makefile.common  |   4 +-
 databases/mysql4-client/distinfo         |  10 ++-
 databases/mysql4-client/patches/patch-bd |  70 ++++++++++++++++++++++++++++++++
 databases/mysql4-client/patches/patch-be |  13 +++++
 databases/mysql4-server/distinfo         |  10 ++-
 databases/mysql4-server/patches/patch-bd |  70 ++++++++++++++++++++++++++++++++
 databases/mysql4-server/patches/patch-be |  13 +++++
 7 files changed, 180 insertions(+), 10 deletions(-)

diffs (238 lines):

diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-client/Makefile.common
--- a/databases/mysql4-client/Makefile.common   Mon Jun 19 02:28:52 2006 +0000
+++ b/databases/mysql4-client/Makefile.common   Mon Jun 19 07:52:59 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile.common,v 1.52 2006/05/26 18:25:34 seb Exp $
+# $NetBSD: Makefile.common,v 1.53 2006/06/19 07:52:59 seb Exp $
 
-DISTNAME=              mysql-4.1.19
+DISTNAME=              mysql-4.1.20
 CATEGORIES=            databases
 MASTER_SITES=          ${MASTER_SITE_MYSQL:=MySQL-4.1/}
 
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-client/distinfo
--- a/databases/mysql4-client/distinfo  Mon Jun 19 02:28:52 2006 +0000
+++ b/databases/mysql4-client/distinfo  Mon Jun 19 07:52:59 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.25 2006/05/26 18:25:34 seb Exp $
+$NetBSD: distinfo,v 1.26 2006/06/19 07:52:59 seb Exp $
 
-SHA1 (mysql-4.1.19.tar.gz) = a1ceee918232891e795be3122ad88fed36c700d5
-RMD160 (mysql-4.1.19.tar.gz) = 8da54a0fa1f024237521de644af32821c6376fab
-Size (mysql-4.1.19.tar.gz) = 17349799 bytes
+SHA1 (mysql-4.1.20.tar.gz) = 78cf1e2ab7f97cc33f0eb92bd581cd1472a409fe
+RMD160 (mysql-4.1.20.tar.gz) = 0db1eaeed752be2faeae3b99f0c54a23d00f4e5d
+Size (mysql-4.1.20.tar.gz) = 17319370 bytes
 SHA1 (patch-aa) = adc6956d4be304db61aa0323061143fffc1b9751
 SHA1 (patch-ab) = 0959e0ba7316e4fe00b656d7af2d8c2c04ed296f
 SHA1 (patch-af) = fd55cd066ac78601dc12002959d2bfafe243f65b
@@ -13,3 +13,5 @@
 SHA1 (patch-ba) = bd34391e522ae12ee63ec6a734f7a31116b2918d
 SHA1 (patch-bb) = 242c97ab4658838a6001d9c288e01209abfcee77
 SHA1 (patch-bc) = 31c933a03e2b05aeaff1d89d3fa542aad663e96a
+SHA1 (patch-bd) = 3ff14eacca7b10f819c8d31852bf5395e992b26a
+SHA1 (patch-be) = 1ba51c75cec53cb4bd6d1b5e71f776869cc340ac
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-client/patches/patch-bd
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql4-client/patches/patch-bd  Mon Jun 19 07:52:59 2006 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $
+
+--- tests/mysql_client_test.c.orig     2006-05-24 18:00:37.000000000 +0000
++++ tests/mysql_client_test.c
+@@ -22,6 +22,7 @@
+ ***************************************************************************/
+ 
+ #include <my_global.h>
++#include <mysqld_error.h>
+ #include <my_sys.h>
+ #include <mysql.h>
+ #include <errmsg.h>
+@@ -11745,6 +11746,49 @@ static void test_bug12744()
+ }
+ 
+ /*
++  Bug #17667: An attacker has the opportunity to bypass query logging.
++*/
++
++static void test_bug17667()
++{
++  NET *net= &mysql->net;
++  int rc;
++  myheader("test_bug17667");
++
++  /* I. Prepare the table */
++  mysql_real_query(mysql,     "drop table if exists t1", 23);
++
++  rc= mysql_real_query(mysql, "create table t1 (i int)", 23);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "insert into t1 (i) values (1)", 29);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "insert into /* NUL=\0 */ t1 (i) values (2)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
++
++  mysql_real_query(mysql,     "/* NUL=\0 */ insert into t1 (i) values (3)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
++
++  mysql_real_query(mysql,     "insert into /* TAB=\t */ t1 (i) values (4)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "/* TAB=\t */ insert into t1 (i) values (5)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  /* II. Cleanup */
++  rc= mysql_real_query(mysql, "drop table t1", 13);
++  myquery(rc);
++}
++
++
++/*
+   Bug#11718: query with function, join and order by returns wrong type
+ */
+ 
+@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug11718", test_bug11718 },
+   { "test_bug12925", test_bug12925 },
+   { "test_bug15613", test_bug15613 },
++  { "test_bug17667", test_bug17667 },
+   { 0, 0 }
+ };
+ 
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-client/patches/patch-be
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql4-client/patches/patch-be  Mon Jun 19 07:52:59 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-be,v 1.1 2006/06/19 07:53:00 seb Exp $
+
+--- sql/sql_lex.cc.orig        2006-05-24 18:00:37.000000000 +0000
++++ sql/sql_lex.cc
+@@ -892,6 +892,8 @@ int yylex(void *arg, void *yythd)
+       while (lex->ptr != lex->end_of_query &&
+            ((c=yyGet()) != '*' || yyPeek() != '/'))
+       {
++      if (c == '\0')
++        return(ABORT_SYM);            // NULLs illegal even in comments
+       if (c == '\n')
+         lex->yylineno++;
+       }
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-server/distinfo
--- a/databases/mysql4-server/distinfo  Mon Jun 19 02:28:52 2006 +0000
+++ b/databases/mysql4-server/distinfo  Mon Jun 19 07:52:59 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.23 2006/05/26 18:25:34 seb Exp $
+$NetBSD: distinfo,v 1.24 2006/06/19 07:53:00 seb Exp $
 
-SHA1 (mysql-4.1.19.tar.gz) = a1ceee918232891e795be3122ad88fed36c700d5
-RMD160 (mysql-4.1.19.tar.gz) = 8da54a0fa1f024237521de644af32821c6376fab
-Size (mysql-4.1.19.tar.gz) = 17349799 bytes
+SHA1 (mysql-4.1.20.tar.gz) = 78cf1e2ab7f97cc33f0eb92bd581cd1472a409fe
+RMD160 (mysql-4.1.20.tar.gz) = 0db1eaeed752be2faeae3b99f0c54a23d00f4e5d
+Size (mysql-4.1.20.tar.gz) = 17319370 bytes
 SHA1 (patch-aa) = f32ae7bbf91ce4edaeccf20789d60ecca82eb062
 SHA1 (patch-ab) = 45f97d4e449c76e46cacba246d5dc9ac8417ec44
 SHA1 (patch-ac) = fd49d78012d6410263da38fb97a8e0369f98c62d
@@ -16,3 +16,5 @@
 SHA1 (patch-as) = 516460b0aa9f641d74f83c5514f258a980033e41
 SHA1 (patch-aw) = e89b4ada1a6efa2d8fb2ddaed8eaca6a59603d38
 SHA1 (patch-ax) = c73f0d59c9e079abc8fc16965297257cb8f8a592
+SHA1 (patch-bd) = 3ff14eacca7b10f819c8d31852bf5395e992b26a
+SHA1 (patch-be) = 1ba51c75cec53cb4bd6d1b5e71f776869cc340ac
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-server/patches/patch-bd
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql4-server/patches/patch-bd  Mon Jun 19 07:52:59 2006 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-bd,v 1.1 2006/06/19 07:53:00 seb Exp $
+
+--- tests/mysql_client_test.c.orig     2006-05-24 18:00:37.000000000 +0000
++++ tests/mysql_client_test.c
+@@ -22,6 +22,7 @@
+ ***************************************************************************/
+ 
+ #include <my_global.h>
++#include <mysqld_error.h>
+ #include <my_sys.h>
+ #include <mysql.h>
+ #include <errmsg.h>
+@@ -11745,6 +11746,49 @@ static void test_bug12744()
+ }
+ 
+ /*
++  Bug #17667: An attacker has the opportunity to bypass query logging.
++*/
++
++static void test_bug17667()
++{
++  NET *net= &mysql->net;
++  int rc;
++  myheader("test_bug17667");
++
++  /* I. Prepare the table */
++  mysql_real_query(mysql,     "drop table if exists t1", 23);
++
++  rc= mysql_real_query(mysql, "create table t1 (i int)", 23);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "insert into t1 (i) values (1)", 29);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "insert into /* NUL=\0 */ t1 (i) values (2)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
++
++  mysql_real_query(mysql,     "/* NUL=\0 */ insert into t1 (i) values (3)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
++
++  mysql_real_query(mysql,     "insert into /* TAB=\t */ t1 (i) values (4)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  mysql_real_query(mysql,     "/* TAB=\t */ insert into t1 (i) values (5)", 41);
++  myquery(rc);
++  DIE_UNLESS(net->last_errno == 0);
++
++  /* II. Cleanup */
++  rc= mysql_real_query(mysql, "drop table t1", 13);
++  myquery(rc);
++}
++
++
++/*
+   Bug#11718: query with function, join and order by returns wrong type
+ */
+ 
+@@ -12078,6 +12122,7 @@ static struct my_tests_st my_tests[]= {
+   { "test_bug11718", test_bug11718 },
+   { "test_bug12925", test_bug12925 },
+   { "test_bug15613", test_bug15613 },
++  { "test_bug17667", test_bug17667 },
+   { 0, 0 }
+ };
+ 
diff -r 45b1e92f1d92 -r 1f60e8912132 databases/mysql4-server/patches/patch-be
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql4-server/patches/patch-be  Mon Jun 19 07:52:59 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-be,v 1.1 2006/06/19 07:53:00 seb Exp $
+
+--- sql/sql_lex.cc.orig        2006-05-24 18:00:37.000000000 +0000
++++ sql/sql_lex.cc
+@@ -892,6 +892,8 @@ int yylex(void *arg, void *yythd)
+       while (lex->ptr != lex->end_of_query &&
+            ((c=yyGet()) != '*' || yyPeek() != '/'))
+       {
++      if (c == '\0')
++        return(ABORT_SYM);            // NULLs illegal even in comments
+       if (c == '\n')
+         lex->yylineno++;
+       }
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated mail/dovecot to 1.0beta9nb2.
Next by Date: [pkgsrc/trunk]: pkgsrc/audio/gmpc Needs msgfmt.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated mail/dovecot to 1.0beta9nb2.
Next by Thread: [pkgsrc/trunk]: pkgsrc/audio/gmpc Needs msgfmt.
Indexes:
Home | Main Index | Thread Index | Old Index