CVS commit: pkgsrc/databases/p5-DBD-mysql

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Nov 28 22:45:44 UTC 2016

Modified Files:
        pkgsrc/databases/p5-DBD-mysql: Makefile distinfo

Log Message:
Updated p5-DBD-mysql to 4.041.

2016-11-28 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.041)
* Fix use-after-free for repeated fetchrow_arrayref calls when
  mysql_server_prepare=1

  Function dbd_st_fetch() via Renew() can reallocate output buffer for
  mysql_stmt_fetch() call. But it does not update pointer to that buffer in
  imp_sth->stmt structure initialized by mysql_stmt_bind_result() function.
  That leads to use-after-free in any mysql function which access
  imp_sth->stmt structure (e.g. mysql_stmt_fetch()).

  This patch fix this problem and properly updates pointer in imp_sth->stmt
  structure after Renew() call.
  This is a medium level security issue to which the Debian security team
  assigned identifier CVE-2016-1251. Discovered and fixed by Pali Rohár.

* auto_reconnect now also matches  CR_SERVER_LOST, previously this only
  matched CR_SERVER_GONE.
  Fixes http://bugs.mysql.com/bug.php?id=27613
  Fix suggested by Wouter de Jong.
* Fix compilation fixes (Pali Rohár).


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/databases/p5-DBD-mysql/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/databases/p5-DBD-mysql/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/databases/p5-DBD-mysql/Makefile
diff -u pkgsrc/databases/p5-DBD-mysql/Makefile:1.67 pkgsrc/databases/p5-DBD-mysql/Makefile:1.68
--- pkgsrc/databases/p5-DBD-mysql/Makefile:1.67 Sun Nov 20 06:40:41 2016
+++ pkgsrc/databases/p5-DBD-mysql/Makefile      Mon Nov 28 22:45:44 2016
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.67 2016/11/20 06:40:41 wen Exp $
+# $NetBSD: Makefile,v 1.68 2016/11/28 22:45:44 wiz Exp $
 
-DISTNAME=      DBD-mysql-4.040
+DISTNAME=      DBD-mysql-4.041
 PKGNAME=       p5-${DISTNAME}
 CATEGORIES=    databases perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=DBD/}

Index: pkgsrc/databases/p5-DBD-mysql/distinfo
diff -u pkgsrc/databases/p5-DBD-mysql/distinfo:1.27 pkgsrc/databases/p5-DBD-mysql/distinfo:1.28
--- pkgsrc/databases/p5-DBD-mysql/distinfo:1.27 Sun Nov 20 06:40:41 2016
+++ pkgsrc/databases/p5-DBD-mysql/distinfo      Mon Nov 28 22:45:44 2016
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.27 2016/11/20 06:40:41 wen Exp $
+$NetBSD: distinfo,v 1.28 2016/11/28 22:45:44 wiz Exp $
 
-SHA1 (DBD-mysql-4.040.tar.gz) = edbd76b915d35930c9a4bda67f0b4a6090d4308e
-RMD160 (DBD-mysql-4.040.tar.gz) = a808fcc5eb0b8f0b091138f073fe5b3a6db7dff7
-SHA512 (DBD-mysql-4.040.tar.gz) = 43ed530e568ace51030ba36b3013fffaa19ae7c463d05f595f0343ea58e79801eac1c6ae280de343d280e043581f349306d960a153160f24e8457028866e474f
-Size (DBD-mysql-4.040.tar.gz) = 149783 bytes
+SHA1 (DBD-mysql-4.041.tar.gz) = b6b6fe61380787fc298f997d0eac1ba8a6e06684
+RMD160 (DBD-mysql-4.041.tar.gz) = 9e1c9c5f97d138422450c86f8fab5087b34f4d6c
+SHA512 (DBD-mysql-4.041.tar.gz) = 8663c58f1dec273869ef5d3ee663d80cb36fa87b1956318fff07a4a801aaecc395510a8f31b7a51b823f7e9d6a73ebf13894c1b7f7b27fdc3f3956e6aba34777
+Size (DBD-mysql-4.041.tar.gz) = 150508 bytes