Subject: CVS commit: pkgsrc/databases/mysqld_exporter
From: Benny Siegert
Date: 2023-12-22 18:36:04
Message id: 20231222173604.BA285FA42@cvs.NetBSD.org

Log Message:
mysqld_exporter: update to 0.15.1 (security)

This fixes the following vulnerabilities:

Vulnerability #1: GO-2023-1571
    Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2023-1571
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.0.0-20210525063256-abc453219eb5
    Fixed in: golang.org/x/net@v0.7.0

Vulnerability #2: GO-2022-1130
    Authentication bypass in github.com/prometheus/exporter-toolkit
  More info: https://pkg.go.dev/vuln/GO-2022-1130
  Module: github.com/prometheus/exporter-toolkit
    Found in: github.com/prometheus/exporter-toolkit@v0.7.1
    Fixed in: github.com/prometheus/exporter-toolkit@v0.8.2

0.15.1
------
Rebuild for dependency updates

0.15.0
------
BREAKING CHANGES:

The exporter no longer supports the monolithic DATA_SOURCE_NAME environment
variable.  To configure connections to MySQL you can either use a my.cnf style
config file or command line arguments.

For example:

export MYSQLD_EXPORTER_PASSWORD=secret
mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=exporter

We have also dropped some internal scrape metrics:

    mysql_exporter_scrapes_total
    mysql_exporter_scrape_errors_total
    mysql_last_scrape_failed

The default client configuration file is now .my.cnf in the process working
directory. Use --config.my-cnf="$HOME/.my.cnf" to retain the previous \ 
default.

Files:
RevisionActionfile
1.37modifypkgsrc/databases/mysqld_exporter/Makefile
1.5modifypkgsrc/databases/mysqld_exporter/distinfo
1.2modifypkgsrc/databases/mysqld_exporter/go-modules.mk