Commit graph

66 commits

Author SHA1 Message Date
taca
9efce66df2 Update mysql5-{client,server} package to 5.0.91.
For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.

Here is security related changes.

* Security Fix: The server failed to check the table name argument of
  a COM_FIELD_LIST command packet for validity and compliance to
  acceptable table name standards. This could be exploited to bypass
  almost all forms of checks for privileges and table-level grants by
  providing a specially crafted table name argument to COM_FIELD_LIST.

  In MySQL 5.0 and above, this allowed an authenticated user with
  SELECT privileges on one table to obtain the field definitions of
  any table in all other databases and potentially of other MySQL
  instances accessible from the server's file system.

  Additionally, for MySQL version 5.1 and above, an authenticated user
  with DELETE or SELECT privileges on one table could delete or read
  content from any other table in all databases on this server, and
  potentially of other MySQL instances accessible from the server's
  file system. (Bug#53371, CVE-2010-1848)

* Security Fix: The server was susceptible to a buffer-overflow attack
  due to a failure to perform bounds checking on the table name
  argument of a COM_FIELD_LIST command packet. By sending long data
  for the table name, a buffer is overflown, which could be exploited
  by an authenticated user to inject malicious code. (Bug#53237,
  CVE-2010-1850)

* Security Fix: The server could be tricked into reading packets
  indefinitely if it received a packet larger than the maximum size of
  one packet. (Bug#50974, CVE-2010-1849)
2010-06-02 13:34:45 +00:00
taca
9f10abba62 Update mysql5-client and mysql5-server package to version 5.0.90.
This release many bug fixes and DoS security problem (CVE-2009-4484).

Plese refer these URL in detail.

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html

There some minor pkgsrc change to prevent compile time warnings.
2010-02-18 15:46:10 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
wiz
662a258e1b Remove workaround for compiler bug in gcc2 on sparc64. 2010-01-16 17:57:36 +00:00
tron
9cff5b2d19 Update "mysql5-client" and "mysql5-server" package to version 5.0.88.
This release fixes a large number of bugs and security vulnerabilities
including SA37372.

For detailed list of all the changes since 5.0.67 have a look here, please:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
2009-11-26 16:33:29 +00:00
tron
96da61893e Set license to gnu-gpl-v2. 2009-07-19 13:14:21 +00:00
joerg
0268c554bd Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
wiz
272d51cc21 Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.

Reported by Robert Elz in PR 41345.
2009-05-20 00:58:05 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
adrianp
c841e3444d Fix for ssl support on OpenSolaris 2009-02-11 00:16:41 +00:00
he
a3af885dba Update from version 5.0.67nb1 to 5.0.67nb2.
Pkgsrc changes:

 o Add patch from http://bugs.mysql.com/file.php?id=9232,
   referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
   vulnerability recorded in
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
 o Bump PKGREVISION

(The regenerated patch checksums was overlooked initially - sorry!)
2009-01-28 10:30:53 +00:00
he
3fdd776152 Update from version 5.0.67nb1 to 5.0.67nb2.
Pkgsrc changes:

 o Add patch from http://bugs.mysql.com/file.php?id=9232,
   referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
   vulnerability recorded in
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
 o Bump PKGREVISION
2009-01-28 09:44:34 +00:00
sketch
ca0b5dc686 I'll take maintainership. 2008-09-20 07:13:22 +00:00
tron
a98245a423 Fix path to Perl interpreter in the installed scripts. Bump package
revision because of this fix.
2008-09-18 12:49:40 +00:00
taca
9ae23cc08c Update mysql5-client pacakge to 5.0.67.
For complete changes, please refer
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html.
Here is a part of it.


Functionality added or changed:

Security Enhancement:

  To enable stricter control over the location from which user-defined
  functions can be loaded, the plugin_dir system variable has been
  backported from MySQL 5.1. If the value is non-empty, user-defined
  function object files can be loaded only from the directory named by this
  variable. If the value is empty, the behavior that is used before 5.0.67
  applies: The UDF object files must be located in a directory that is
  searched by your system's dynamic linker. (Bug#37428)

Important Change: Incompatible Change:

  The FEDERATED storage engine is now disabled by default in the .cnf files
  shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
  forth). This affects server behavior only if you install one of these
  files. (Bug#37069)

Cluster API: Important Change:

  Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes
  rather than kilobytes, it has been renamed to page_size_bytes. The name
  page_size_kb is now deprecated and thus subject to removal in a future
  release, although it currently remains supported for reasons of backward
  compatibility. See The Ndb_logevent_type Type, for more information about
  NDB_LE_MemoryUsage. (Bug#30271)

Important Change:

  Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE
  with respect to detection and handling of tables with incompatible .frm
  files (files created with a different version of the MySQL server). These
  changes also affect mysqlcheck because that program uses CHECK TABLE and
  REPAIR table, and thus also mysql_upgrade because that program invokes
  mysqlcheck.
2008-09-18 11:50:44 +00:00
obache
81498b80b4 GNU readline was removed from DragonFly base now and it needs the same treatment
as NetBSD - both use libedit emulation of the libreadline now.

Patch provided by Hasso Tepper in PR 39059.
2008-07-02 14:10:04 +00:00
martti
e9a27bcc0e Updated mysql to 5.0.51b
* Security fixes
* Other bug fixes

See also:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51a.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51b.html
2008-06-30 12:01:47 +00:00
joerg
a8a3c01339 Explicitly add pax dependency in those Makefiles that use it (or have
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
2008-05-25 21:42:20 +00:00
jlam
d10fc61853 + Remove explicit naming of "-lncurses -ltermcap" as the way to get
the termcap libraries.  Including termcap.buildlink3.mk (indirectly
  through including readline/buildlink3.mk) will do the right thing.

+ Remove readline dependency from Makefile.common and add it into
  mysql5-client/Makefile.  Only the -client package needs and uses
  readline.  The -server package only "needs" it to placate the
  configure script, but none of its installed binaries are linked
  against it.

+ Add full DESTDIR support to the -client and -server packages.

Bump the PKGREVISION of mysql5-client to 3.

The PKGREVISION of mysql5-server remains unchanged since there are
no user-visible changes to the binary package.
2008-03-06 16:50:38 +00:00
rillig
ab11d07c64 Added some patches to fix the use of the sigsend() function, which is
not available on NetBSD.
2008-01-22 00:41:59 +00:00
tnn
ad6ceadd25 Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
2008-01-18 05:06:18 +00:00
tron
587fffecb1 Remove directory "share/doc/mysql" during deinstallation. Problem noted
by Geert Hendrickx in private e-mail. Bump package revision.
2007-12-17 16:30:29 +00:00
tron
9f33908b1f Update "mysql5-client" and "mysql5-server" packages to version 5.0.51.
This version fixes a lot of bugs including the security vulnerability
reported in CVE-2007-5969.

A complete list of the changes can be found here:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
2007-12-14 13:36:52 +00:00
jnemeth
2b295a11ea AUTO_MKDIRS from Rumko on pkgsrc-users@ 2007-12-08 22:26:24 +00:00
tnn
24d5b54409 Fix abusers of LOWER_OPSYS to check OPSYS or MACHINE_PLATFORM instead. 2007-10-16 23:48:58 +00:00
rillig
30f4f960a2 The file manual.chm is installed additionally, since it is much more
comfortable to browse than the GNU info file.

PKGREVISION++
2007-10-14 17:43:33 +00:00
rillig
2ebf77daa8 The mysql.info file is not rebuilt anymore, so it is safe to install the
documentation.

PKGREVISION++
2007-10-12 14:32:45 +00:00
tron
114020c045 Update "mysql5-client" and "mysql5-server" packages to version 5.0.45.
Change since version 5.0.41:
- Functionality added or changed:
  - A new status variable, Com_call_procedure, indicates the number of calls
    to stored procedures. (Bug#27994)
  - NDB Cluster: The server source tree now includes scripts to simplify
    building MySQL with SCI support. For more information about SCI
    interconnects and these build scripts, see Section 15.9.1,
    Configuring MySQL Cluster to use SCI Sockets. (Bug#25470)
  - Prior to this release, when DATE values were compared with DATETIME values
    the time portion of the DATETIME value was ignored. Now a DATE value is
    coerced to the DATETIME type by adding the time portion as 00:00:00. To
    mimic the old behavior use the CAST() function in the following way:
    SELECT date_field = CAST(NOW() as DATE);. (Bug#28929)
- A large number of bugs including these security problems have been fixed:
  - A malformed password packet in the
    connection protocol could cause the server to crash. Thanks for Dormando
    for reporting this bug and providing details and a proof of concept.
    (Bug#28984)
  - CREATE TABLE LIKE did not require any privileges on the source table. Now
    it requires the SELECT privilege. (Bug#25578)
  - In addition, CREATE TABLE LIKE was not isolated from alteration by other
    connections, which resulted in various errors and incorrect binary log
    order when trying to execute concurrently a CREATE TABLE LIKE statement
    and either DDL statements on the source table or DML or DDL statements on
    the target table. (Bug#23667)
2007-07-15 19:22:06 +00:00
adrianp
56ad964245 Add an options.mk for SSL support
Suggested by pancake@ in PR #28573
2007-07-09 22:27:35 +00:00
xtraeme
b0b3690231 Drop maintainership. 2007-07-09 20:01:44 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
xtraeme
17385e04b4 Update to 5.0.41. Amongst many fixes these vulnerabilities were
fixed:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692

And another patch adapted from a mailing list to fix:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691

See http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-41.html
To see all changes.
2007-05-21 04:39:59 +00:00
tron
698420c064 Fix build problem under NetBSD (-i386 3.1). 2007-03-12 12:33:12 +00:00
adam
e7547647b6 Changes 5.0.37:
* Added the SHOW PROFILES and SHOW PROFILE statements to display statement
  profile data, and the accompanying INFORMATION_SCHEMA.PROFILING table.

* Added the Uptime_since_flush_status status variable, which indicates the
  number of seconds since the most recent FLUSH STATUS statement.

* Incompatible change in DATE_FORMAT().

* NDB Cluster: The LockPagesInMainMemory configuration parameter has changed
  its type and possible values.

* The bundled yaSSL library was upgraded to version 1.5.8.

* The --skip-thread-priority option now is enabled by default for binary Mac
  OS X distributions. Use of thread priorities degrades performance on Mac OS X.

* Added the --disable-grant-options option to configure.

* Bug fixes.
2007-03-11 18:42:27 +00:00
wiz
51c8ea8d62 pkglint USE_LANGUAGES cleanup. Patch from Sergey Svishchev. 2007-02-22 19:30:02 +00:00
xtraeme
7cbd0bb3ad Update to 5.0.27:
This is a bugfix release for the current production release family.

MySQL 5.0.26 introduced an ABI incompatibility, which this release
reverts. Programs compiled against 5.0.26 are not compatible with
any other version and must be recompiled.
2006-12-10 04:12:17 +00:00
schwarz
580fd77aac added patches for IRIX 5 2006-10-28 07:45:51 +00:00
salo
4db1fe9de5 regen. 2006-10-15 08:59:37 +00:00
salo
332eea34b1 missing rcsid. (hi xtraeme!) 2006-10-15 08:58:15 +00:00
xtraeme
f6ba2ed96b regen with right checksums. 2006-10-14 18:46:51 +00:00
xtraeme
12846e7b06 Update to the long awaited 5.0.26 release, codenamed "houston we have
a problem with vulnerabilities".

Please see the following URLs for changes:

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-26.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html

Two patches were sent upstream, I hope to get them in the next version.
2006-10-14 18:41:34 +00:00
rillig
b53bfa612e Fixed "test ==". 2006-10-08 13:29:06 +00:00
xtraeme
925185c2b5 Bump BUILDLINK_ABI_DEPENDS to 5.0.24a to make sure all dependent
packages are linked to this version.
2006-09-02 12:36:04 +00:00
xtraeme
912bfebe97 Update mysql5-* to 5.0.24a.
This is a bugfix release for the current production release family.
It replaces MySQL 5.0.24.

Changes from 5.0.24 to 5.0.24a:

MySQL 5.0.24 introduced an ABI incompatibility, which this release reverts.
Programs compiled against 5.0.24 are not compatible with any other version
and must be recompiled.

Closing of temporary tables failed if binary logging was not enabled.

For statements that have a DEFINER clause such as CREATE TRIGGER or
CREATE VIEW, long usernames or hostnames could cause a buffer overflow.

Pathname separator and device characters were not correctly parameterized
for NetWare, causing mysqld startup errors.

mysqld could crash when closing temporary tables.
2006-09-02 12:32:12 +00:00
tron
e855b44068 Update "mysql5-client" and "mysql5-server" packages to version 5.0.24.
Changes since version 5.0.22:
- Security fix: If a user has access to MyISAM table t, that user can
  create a MERGE table m that accesses t. However, if the user's
  privileges on t are subsequently revoked, the user can continue to
  access t by doing so through m. If this behavior is undesirable, you
  can start the server with the new --skip-merge option to disable the
  MERGE storage engine. (Bug#15195)
- In the INFORMATION_SCHEMA.ROUTINES table the ROUTINE_DEFINITION
  column now is defined as NULL rather than NOT NULL. Also, NULL rather
  than the empty string is returned as the column value if the user does
  not have sufficient privileges to see the routine
  definition. (Bug#20230)
- Several other bug fixes
2006-08-06 16:30:40 +00:00
jlam
c16221a4db Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.

For example, "make show-buildlink3" in fonts/Xft2 displays:

	zlib
	fontconfig
	    iconv
	    zlib
	    freetype2
	    expat
	freetype2
	Xrender
	    renderproto
2006-07-08 23:10:35 +00:00
jlam
9430e49307 Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
2006-07-08 22:38:58 +00:00
jklos
490aef7c55 Added Darwin to the list of OSes which shouldn't try to build MySQL using
i386 assembler.
2006-06-06 21:18:55 +00:00
tron
8b4d215e94 Update "mysql5-client" and "mysql5-server" packages to version 5.0.22.
This upgrade fixes the SQL injection vulnerability reported in SA20365.
2006-06-03 15:29:13 +00:00
tron
a28eb68a05 Fix build problem under Mac OS X by repairing broken OpenSSL (shared)
library detection.
2006-05-19 23:01:02 +00:00