CVS commit: [pkgsrc-2010Q4] pkgsrc/databases

["Steven Drake" <sbd%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   sbd
Date:           Tue Mar  1 08:28:33 UTC 2011

Modified Files:
        pkgsrc/databases/mysql5-client [pkgsrc-2010Q4]: Makefile.common
            distinfo
        pkgsrc/databases/mysql5-client/patches [pkgsrc-2010Q4]: patch-ad
            patch-af
        pkgsrc/databases/mysql5-server [pkgsrc-2010Q4]: PLIST distinfo
        pkgsrc/databases/mysql5-server/patches [pkgsrc-2010Q4]: patch-aa
            patch-ag patch-ah

Log Message:
Pullup ticket #3366 - requested by taca
databases/mysql5-{client,server} security fixes.

Revisions pulled up:
- databases/mysql5-client/Makefile.common                       1.41
- databases/mysql5-client/distinfo                              1.30
- databases/mysql5-client/patches/patch-ad                      1.8
- databases/mysql5-client/patches/patch-af                      1.9
- databases/mysql5-server/PLIST                                 1.17
- databases/mysql5-server/distinfo                              1.26
- databases/mysql5-server/patches/patch-aa                      1.7
- databases/mysql5-server/patches/patch-ag                      1.9
- databases/mysql5-server/patches/patch-ah                      1.8
---
Module Name:    pkgsrc
Module Name:    pkgsrc
Committed By:   taca
Date:           Sat Feb 26 02:58:56 UTC 2011

Modified Files:
        pkgsrc/databases/mysql5-client: Makefile.common distinfo
        pkgsrc/databases/mysql5-client/patches: patch-ad patch-af
        pkgsrc/databases/mysql5-server: PLIST distinfo
        pkgsrc/databases/mysql5-server/patches: patch-aa patch-ag patch-ah

Log Message:
Update mysql5-{client,server} pacakge to 5.0.92.

Functionality added or changed:

* The time zone tables available at
  http://dev.mysql.com/downloads/timezones.html have been
  updated. These tables can be used on systems such as Windows or
  HP-UX that do not include zoneinfo files. (Bug#40230)

Bugs fixed:

* Security Fix: During evaluation of arguments to extreme-value
  functions (such as LEAST() and GREATEST()), type errors did not
  propagate properly, causing the server to crash. (Bug#55826,
  CVE-2010-3833)

* Security Fix: The server could crash after materializing a derived
  table that required a temporary table for grouping. (Bug#55568,
  CVE-2010-3834)

* Security Fix: A user-variable assignment expression that is
  evaluated in a logical expression context can be precalculated in a
  temporary table for GROUP BY. However, when the expression value is
  used after creation of the temporary table, it was re-evaluated, not
  read from the table and a server crash resulted. (Bug#55564,
  CVE-2010-3835)

* Security Fix: Joins involving a table with a unique SET column could
  cause a server crash. (Bug#54575, CVE-2010-3677)

* Security Fix: Pre-evaluation of LIKE predicates during view
  preparation could cause a server crash. (Bug#54568, CVE-2010-3836)

* Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a
  server crash. (Bug#54476, CVE-2010-3837)

* Security Fix: Queries could cause a server crash if the GREATEST()
  or LEAST() function had a mixed list of numeric and LONGBLOB
  arguments, and the result of such a function was processed using an
  intermediate temporary table. (Bug#54461, CVE-2010-3838)

* Security Fix: Using EXPLAIN with queries of the form SELECT
  ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server
  crash. (Bug#52711, CVE-2010-3682)

* InnoDB Storage Engine: Creating or dropping a table with 1023
  transactions active caused an assertion failure. (Bug#49238)

* The make_binary_distribution target to make could fail on some
  platforms because the lines generated were too long for the
  shell. (Bug#54590)

* A client could supply data in chunks to a prepared statement
  parameter other than of type TEXT or BLOB using the
  mysql_stmt_send_long_data() C API function (or
  COM_STMT_SEND_LONG_DATA command). This led to a crash because other
  data types are not valid for long data. (Bug#54041)

* Builds of the embedded mysqld would fail due to a missing element of
  the struct NET. (Bug#53908, Bug#53912)

* The definition of the MY_INIT macro in my_sys.h included an
  extraneous semicolon, which could cause compilation
  failure. (Bug#53906)

* If the remote server for a FEDERATED table could not be accessed,
  queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333)

* mysqld could fail during execution when using SSL. (Bug#34236)

* Threads that were calculating the estimated number of records for a
  range scan did not respond to the KILL statement. That is, if a
  range join type is possible (even if not selected by the optimizer
  as a join type of choice and thus not shown by EXPLAIN), the query
  in the statistics state (shown by the SHOW PROCESSLIST) did not
  respond to the KILL statement. (Bug#25421)


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/databases/mysql5-client/Makefile.common
cvs rdiff -u -r1.29 -r1.29.6.1 pkgsrc/databases/mysql5-client/distinfo
cvs rdiff -u -r1.7 -r1.7.30.1 pkgsrc/databases/mysql5-client/patches/patch-ad
cvs rdiff -u -r1.8 -r1.8.8.1 pkgsrc/databases/mysql5-client/patches/patch-af
cvs rdiff -u -r1.16 -r1.16.8.1 pkgsrc/databases/mysql5-server/PLIST
cvs rdiff -u -r1.25 -r1.25.6.1 pkgsrc/databases/mysql5-server/distinfo
cvs rdiff -u -r1.6 -r1.6.8.1 pkgsrc/databases/mysql5-server/patches/patch-aa
cvs rdiff -u -r1.8 -r1.8.8.1 pkgsrc/databases/mysql5-server/patches/patch-ag
cvs rdiff -u -r1.7 -r1.7.8.1 pkgsrc/databases/mysql5-server/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.