pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q4]: pkgsrc/databases/mysql5-client Pullup ticket #2660 - ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7c0aa6c59f26
branches: pkgsrc-2008Q4
changeset: 552266:7c0aa6c59f26
user: tron <tron%pkgsrc.org@localhost>
date: Wed Jan 28 19:18:36 2009 +0000
description:
Pullup ticket #2660 - requested by he
mysql5-client: security patch
Revisions pulled up:
- databases/mysql5-client/Makefile 1.20
- databases/mysql5-client/distinfo 1.25-1.26
- databases/mysql5-client/patches/patch-bh 1.3
- databases/mysql5-client/patches/patch-bi 1.1
- databases/mysql5-client/patches/patch-bj 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed Jan 28 09:44:34 UTC 2009
Modified Files:
pkgsrc/databases/mysql5-client: Makefile distinfo
pkgsrc/databases/mysql5-client/patches: patch-bh
Added Files:
pkgsrc/databases/mysql5-client/patches: patch-bi patch-bj
Log Message:
Update from version 5.0.67nb1 to 5.0.67nb2.
Pkgsrc changes:
o Add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
o Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: he
Date: Wed Jan 28 10:30:53 UTC 2009
Modified Files:
pkgsrc/databases/mysql5-client: distinfo
Log Message:
Update from version 5.0.67nb1 to 5.0.67nb2.
Pkgsrc changes:
o Add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
o Bump PKGREVISION
(The regenerated patch checksums was overlooked initially - sorry!)
diffstat:
databases/mysql5-client/Makefile | 4 +-
databases/mysql5-client/distinfo | 6 +++-
databases/mysql5-client/patches/patch-bh | 41 ++++++++++++++++++++++++++++---
databases/mysql5-client/patches/patch-bi | 16 ++++++++++++
databases/mysql5-client/patches/patch-bj | 22 +++++++++++++++++
5 files changed, 81 insertions(+), 8 deletions(-)
diffs (129 lines):
diff -r af287b86e602 -r 7c0aa6c59f26 databases/mysql5-client/Makefile
--- a/databases/mysql5-client/Makefile Tue Jan 27 13:29:52 2009 +0000
+++ b/databases/mysql5-client/Makefile Wed Jan 28 19:18:36 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2008/09/18 12:49:40 tron Exp $
+# $NetBSD: Makefile,v 1.19.4.1 2009/01/28 19:18:36 tron Exp $
PKGNAME= ${DISTNAME:S/-/-client-/}
-PKGREVISION= 1
+PKGREVISION= 2
SVR4_PKGNAME= mysqc
COMMENT= MySQL 5, a free SQL database (client)
diff -r af287b86e602 -r 7c0aa6c59f26 databases/mysql5-client/distinfo
--- a/databases/mysql5-client/distinfo Tue Jan 27 13:29:52 2009 +0000
+++ b/databases/mysql5-client/distinfo Wed Jan 28 19:18:36 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2008/09/18 11:50:44 taca Exp $
+$NetBSD: distinfo,v 1.24.4.1 2009/01/28 19:18:36 tron Exp $
SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377
RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722
@@ -23,4 +23,6 @@
SHA1 (patch-as) = d301a449e67d786f9155673fdbb5e8bc2f19ee7d
SHA1 (patch-at) = 626c0f6926893aa05e261ca1921fb6a352819156
SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299
-SHA1 (patch-bh) = 663e07d27d59c6429278d9f179288d2d822f185c
+SHA1 (patch-bh) = 83f6f7f29636265e987fb00897a55290e2434643
+SHA1 (patch-bi) = 5d0132f4e053abfc6210cd2dc425186765acaad3
+SHA1 (patch-bj) = 1e00fab7db2f5ea04802053d41dedd2a356ea9ed
diff -r af287b86e602 -r 7c0aa6c59f26 databases/mysql5-client/patches/patch-bh
--- a/databases/mysql5-client/patches/patch-bh Tue Jan 27 13:29:52 2009 +0000
+++ b/databases/mysql5-client/patches/patch-bh Wed Jan 28 19:18:36 2009 +0000
@@ -1,8 +1,16 @@
-$NetBSD: patch-bh,v 1.2 2008/07/02 14:10:04 obache Exp $
+$NetBSD: patch-bh,v 1.2.10.1 2009/01/28 19:18:36 tron Exp $
+
+What was here before: workaround for our use of -ledit instead
+of the real readline (?).
---- client/mysql.cc.orig 2007-05-21 05:45:33.000000000 +0200
-+++ client/mysql.cc 2007-05-21 05:46:28.000000000 +0200
-@@ -1415,7 +1415,11 @@
+New: add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
+
+--- client/mysql.cc.orig 2008-08-04 12:19:04.000000000 +0000
++++ client/mysql.cc
+@@ -2263,7 +2263,11 @@ static char **new_mysql_completion (cons
*/
#if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE)
@@ -14,3 +22,28 @@
#else
char *no_completion()
#endif
+@@ -3361,9 +3365,12 @@ print_table_data_html(MYSQL_RES *result)
+ {
+ while((field = mysql_fetch_field(result)))
+ {
+- tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ?
+- (field->name[0] ? field->name :
+- " ") : "NULL"));
++ tee_fputs("<TH>", PAGER);
++ if (field->name && field->name[0])
++ xmlencode_print(field->name, field->name_length);
++ else
++ tee_fputs(field->name ? " " : "NULL", PAGER);
++ tee_fputs("</TH>", PAGER);
+ }
+ (void) tee_fputs("</TR>", PAGER);
+ }
+@@ -3374,7 +3381,7 @@ print_table_data_html(MYSQL_RES *result)
+ for (uint i=0; i < mysql_num_fields(result); i++)
+ {
+ (void) tee_fputs("<TD>", PAGER);
+- safe_put_field(cur[i],lengths[i]);
++ xmlencode_print(cur[i], lengths[i]);
+ (void) tee_fputs("</TD>", PAGER);
+ }
+ (void) tee_fputs("</TR>", PAGER);
diff -r af287b86e602 -r 7c0aa6c59f26 databases/mysql5-client/patches/patch-bi
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql5-client/patches/patch-bi Wed Jan 28 19:18:36 2009 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-bi,v 1.1.2.2 2009/01/28 19:18:36 tron Exp $
+
+Add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
+
+--- mysql-test/r/mysql.result.orig 2008-08-04 12:32:17.000000000 +0000
++++ mysql-test/r/mysql.result
+@@ -180,4 +180,6 @@ ERROR at line 1: DELIMITER cannot contai
+ 1
+ This is a file starting with UTF8 BOM 0xEFBBBF
+ This is a file starting with UTF8 BOM 0xEFBBBF
++<TABLE BORDER=1><TR><TH><</TH></TR><TR><TD>< & ></TD></TR></TABLE>
++End of 5.1 tests
+ End of 5.0 tests
diff -r af287b86e602 -r 7c0aa6c59f26 databases/mysql5-client/patches/patch-bj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql5-client/patches/patch-bj Wed Jan 28 19:18:36 2009 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-bj,v 1.1.2.2 2009/01/28 19:18:36 tron Exp $
+
+Add patch from http://bugs.mysql.com/file.php?id=9232,
+referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
+vulnerability recorded in
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
+
+--- mysql-test/t/mysql.test.orig 2008-08-04 12:32:17.000000000 +0000
++++ mysql-test/t/mysql.test
+@@ -290,4 +290,12 @@ EOF
+ --exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug29323.sql 2>&1
+ remove_file $MYSQLTEST_VARDIR/tmp/bug29323.sql;
+
++
++#
++# Bug #27884: mysql --html does not quote HTML special characters in output
++#
++--exec $MYSQL --html test -e "select '< & >' as \`<\`"
++
++--echo
++--echo End of 5.1 tests
+ --echo End of 5.0 tests
Home |
Main Index |
Thread Index |
Old Index