2006-10-08 15:29:07 by Roland Illig | Files touched by this commit (2) |
Log message:
Fixed "test ==".
|
2006-08-31 14:42:42 by Stoned Elipot | Files touched by this commit (9) |
Log message:
Update mysql4-client and mysql4-server to version 4.1.21.
Most notably this version includes fixes for:
http://secunia.com/advisories/21259/
http://secunia.com/advisories/21506/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
|
2006-07-09 01:11:17 by Johnny C. Lam | Files touched by this commit (877) |
Log message:
Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
2006-07-09 00:39:49 by Johnny C. Lam | Files touched by this commit (877) |
Log message:
Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
2006-06-19 09:53:00 by Stoned Elipot | Files touched by this commit (7) |
Log message:
Update mysql4-client and mysql4-server to version 4.1.20.
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
|
2006-05-26 20:25:34 by Stoned Elipot | Files touched by this commit (19) |
Log message:
Update mysql4-client and mysql4-server to version 4.1.19.
Lots of changes since last packaged version (4.1.15), please see:
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-18.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-17.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-16.html
Most notably this version includes a fix for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
While here install more man pages and merge mysql4-client/patches/patch-ad
into mysql4-client/patches/patch-af.
|
2006-04-22 11:22:18 by Roland Illig | Files touched by this commit (231) |
Log message:
Removed the superfluous "quotes" and 'quotes' from variables that don't
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
2006-04-12 12:27:47 by Roland Illig | Files touched by this commit (749) |
Log message:
Aligned the last line of the buildlink3.mk files with the first line, so
that they look nicer.
|
2006-04-06 08:23:06 by Jeremy C. Reed | Files touched by this commit (1147) |
Log message:
Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
2006-03-30 05:44:44 by Johnny C. Lam | Files touched by this commit (120) |
Log message:
* Honor PKGINFODIR.
* List the info files directly in the PLIST.
|