patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
+ Remove explicit naming of "-lncurses -ltermcap" as the way to get
the termcap libraries. Including termcap.buildlink3.mk (indirectly
through including readline/buildlink3.mk) will do the right thing.
+ Remove readline dependency from Makefile.common and add it into
mysql4-client/Makefile. Only the -client package needs and uses
readline. The -server package only "needs" it to placate the
configure script, but none of its installed binaries are linked
against it.
+ Add full DESTDIR support to the -client and -server packages.
Bump the PKGREVISION of mysql4-client to 3.
The PKGREVISION of mysql4-server remains unchanged since there are
no user-visible changes to the binary package.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Most notably this version includes fixes for:
http://secunia.com/advisories/21259/http://secunia.com/advisories/21506/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
only with GNU as(1).
XXX this condition should probably be reversed to the positive case,
XXX not the negative case so that it works on more platforms.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
which can take multiple values -- "pax" or "gtar". The default value
of EXTRACT_USING is "pax", which more closely matches reality since
before, we were using bootstrap "tar" for ${GTAR} and it was actually
pax-as-tar. Also, stop pretending pax-as-tar from the bootstrap kit
or on NetBSD is GNU tar. Lastly, in bsd.pkg.extract.mk, note whether
we need "pax" or "gtar" depending on what we need to extract the
distfiles.
- Fix potential security vulnerabilities in the creation of temporary
table file names and the handling of User Defined Functions (UDFs).
More info: http://www.k-otik.com/english/advisories/2005/0252
Increased BUILDLINK_RECOMMENDED to 4.1.10a.
Functionality added or changed:
* The Mac OS X 10.3 installation disk images now include a MySQL
Preference Pane for the Mac OS X Control Panel that enables the user
to start and stop the MySQL server via the GUI and activate and
deactivate the automatic MySQL server startup on bootup.
* Seconds_Behind_Master will be NULL (which means ``unknown'')
if the slave SQL thread is not running, or if the slave I/O thread
is not running or not connected to master. It will be zero if the
SQL thread has caught up with the I/O thread. It no longer grows
indefinitely if the master is idle.
* InnoDB: Do not acquire an internal InnoDB table lock in LOCK
TABLES if AUTOCOMMIT=1. This helps in porting old MyISAM applications
to InnoDB. InnoDB table locks in that case caused deadlocks very easily.
* InnoDB: Print a more descriptive error and refuse to start InnoDB
if the size of `ibdata' files is smaller than what is stored in the
tablespace header; innodb_force_recovery overrides this.
* The MySQL server aborts immediately instead of simply issuing a
warning if it is started with the --log-bin option but cannot
initialize the binary log at startup (that is, an error occurs when
writing to the binary log file or binary log index file).
* The binary log file and binary log index file now behave like
MyISAM when there is a "disk full" or "quota exceeded" error. See
section A.4.3 How MySQL Handles a Full Disk.
Many bugfixes were fixed... see
http://dev.mysql.com/doc/mysql/en/News-4.1.9.html
* Use PTHREAD_AUTO_VARS=no to disable linking to libpthread all programs
and libraries, which is wrong.
* Set USE_LIBTOOL and GNU_CONFIGURE before including bsd.prefs.mk, so
the test for _OPSYS_MAX_CMDLEN is not skipped.
Bump PKGREVISION to each package respectively
(mysql-client and mysql4-client), closes PR pkg/28162 and PR pkg/28222.
* Make mysql4-client build on NetBSD 1.[56]*
* Don't install mysqld and friends in mysql4-client (eww!)
* Remove an unneeded patch.
* Remove duplicated files in mysql4-client's PLIST.
Also, use assembler functions when MACHINE_ARCH == i386.
This closes PR pkg/27154, pkg/27720, pkg/27744 and pkg/28035.
BTW, I tested them on NetBSD 1.6.2, 2.0_RC4 and -current.
Bump PKGREVISION for both packages.
