[pkgsrc/trunk]: pkgsrc/databases Update mysql5-{client,server} package to 5.0...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f68ec8b0ac0a
branches:  trunk
changeset: 576149:f68ec8b0ac0a
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed Jun 02 13:34:45 2010 +0000

description:
Update mysql5-{client,server} package to 5.0.91.


For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.

Here is security related changes.

* Security Fix: The server failed to check the table name argument of
  a COM_FIELD_LIST command packet for validity and compliance to
  acceptable table name standards. This could be exploited to bypass
  almost all forms of checks for privileges and table-level grants by
  providing a specially crafted table name argument to COM_FIELD_LIST.

  In MySQL 5.0 and above, this allowed an authenticated user with
  SELECT privileges on one table to obtain the field definitions of
  any table in all other databases and potentially of other MySQL
  instances accessible from the server's file system.

  Additionally, for MySQL version 5.1 and above, an authenticated user
  with DELETE or SELECT privileges on one table could delete or read
  content from any other table in all databases on this server, and
  potentially of other MySQL instances accessible from the server's
  file system. (Bug#53371, CVE-2010-1848)

* Security Fix: The server was susceptible to a buffer-overflow attack
  due to a failure to perform bounds checking on the table name
  argument of a COM_FIELD_LIST command packet. By sending long data
  for the table name, a buffer is overflown, which could be exploited
  by an authenticated user to inject malicious code. (Bug#53237,
  CVE-2010-1850)

* Security Fix: The server could be tricked into reading packets
  indefinitely if it received a packet larger than the maximum size of
  one packet. (Bug#50974, CVE-2010-1849)

diffstat:

 databases/mysql5-client/Makefile.common |  7 ++++---
 databases/mysql5-client/buildlink3.mk   |  4 ++--
 databases/mysql5-client/distinfo        |  8 ++++----
 databases/mysql5-server/distinfo        |  8 ++++----
 4 files changed, 14 insertions(+), 13 deletions(-)

diffs (70 lines):

diff -r 594933ef07cb -r f68ec8b0ac0a databases/mysql5-client/Makefile.common
--- a/databases/mysql5-client/Makefile.common   Wed Jun 02 13:34:34 2010 +0000
+++ b/databases/mysql5-client/Makefile.common   Wed Jun 02 13:34:45 2010 +0000
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile.common,v 1.38 2010/02/18 15:46:10 taca Exp $
+# $NetBSD: Makefile.common,v 1.39 2010/06/02 13:34:45 taca Exp $
 #
 # used by databases/mysql5-client/Makefile
 # used by databases/mysql5-server/Makefile
 #
 
-DISTNAME=              mysql-5.0.90
+DISTNAME=              mysql-5.0.91
 CATEGORIES=            databases
-MASTER_SITES=          ${MASTER_SITE_MYSQL:=MySQL-5.0/}
+MASTER_SITES=          http://downloads.mysql.com/archives/mysql-5.0/ \
+                       ${MASTER_SITE_MYSQL:=MySQL-5.0/}
 
 MAINTAINER=            sketch%NetBSD.org@localhost
 HOMEPAGE=              http://www.mysql.com/
diff -r 594933ef07cb -r f68ec8b0ac0a databases/mysql5-client/buildlink3.mk
--- a/databases/mysql5-client/buildlink3.mk     Wed Jun 02 13:34:34 2010 +0000
+++ b/databases/mysql5-client/buildlink3.mk     Wed Jun 02 13:34:45 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.15 2010/02/18 15:46:10 taca Exp $
+# $NetBSD: buildlink3.mk,v 1.16 2010/06/02 13:34:45 taca Exp $
 
 BUILDLINK_TREE+=       mysql-client
 
@@ -6,7 +6,7 @@
 MYSQL_CLIENT_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.mysql-client+=   mysql-client>=5.0.15
-BUILDLINK_ABI_DEPENDS.mysql-client+=   mysql-client>=5.0.90
+BUILDLINK_ABI_DEPENDS.mysql-client+=   mysql-client>=5.0.91
 BUILDLINK_PKGSRCDIR.mysql-client?=     ../../databases/mysql5-client
 BUILDLINK_LIBDIRS.mysql-client?=       lib/mysql
 BUILDLINK_INCDIRS.mysql-client?=       include/mysql
diff -r 594933ef07cb -r f68ec8b0ac0a databases/mysql5-client/distinfo
--- a/databases/mysql5-client/distinfo  Wed Jun 02 13:34:34 2010 +0000
+++ b/databases/mysql5-client/distinfo  Wed Jun 02 13:34:45 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.28 2010/02/18 15:46:10 taca Exp $
+$NetBSD: distinfo,v 1.29 2010/06/02 13:34:45 taca Exp $
 
-SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f
-RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf
-Size (mysql-5.0.90.tar.gz) = 22299626 bytes
+SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e
+RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db
+Size (mysql-5.0.91.tar.gz) = 22340514 bytes
 SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec
 SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7
 SHA1 (patch-ac) = 66b6d0ffd3011df1dcf8f3be7f7300e975635d95
diff -r 594933ef07cb -r f68ec8b0ac0a databases/mysql5-server/distinfo
--- a/databases/mysql5-server/distinfo  Wed Jun 02 13:34:34 2010 +0000
+++ b/databases/mysql5-server/distinfo  Wed Jun 02 13:34:45 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.24 2010/02/18 15:46:10 taca Exp $
+$NetBSD: distinfo,v 1.25 2010/06/02 13:34:45 taca Exp $
 
-SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f
-RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf
-Size (mysql-5.0.90.tar.gz) = 22299626 bytes
+SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e
+RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db
+Size (mysql-5.0.91.tar.gz) = 22340514 bytes
 SHA1 (patch-aa) = f52745512abfb2c2d43715975f76c2f454ed93e5
 SHA1 (patch-ab) = 7c51a0214c3e6205605047c72b07eac6792600db
 SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71