Subject: CVS commit: pkgsrc/databases
From: Stoned Elipot
Date: 2006-08-31 14:42:42
Message id: 20060831124242.8F64A211CA@cvs.netbsd.org

Log Message:
Update mysql4-client and mysql4-server to version 4.1.21.

Most notably this version includes fixes for:
http://secunia.com/advisories/21259/
http://secunia.com/advisories/21506/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469

* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.

* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):

This is a bugfix release for the recent production release family.

Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)

Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)

Files:
RevisionActionfile
1.54modifypkgsrc/databases/mysql4-client/Makefile.common
1.14modifypkgsrc/databases/mysql4-client/PLIST
1.27modifypkgsrc/databases/mysql4-client/distinfo
1.5modifypkgsrc/databases/mysql4-client/patches/patch-ax
1.2modifypkgsrc/databases/mysql4-client/patches/patch-bd
1.31modifypkgsrc/databases/mysql4-server/Makefile
1.18modifypkgsrc/databases/mysql4-server/PLIST
1.25modifypkgsrc/databases/mysql4-server/distinfo
1.2modifypkgsrc/databases/mysql4-server/patches/patch-bd