---
- branch: pkgsrc-2010Q1
  date: Wed May 26 17:13:53 UTC 2010
  files:
  - new: 1.4.2.2
    old: 1.4.2.1
    path: pkgsrc/databases/mysql51-client/Makefile.common
    pathrev: pkgsrc/databases/mysql51-client/Makefile.common@1.4.2.2
    type: modified
  - new: 1.1.1.1.2.2
    old: 1.1.1.1.2.1
    path: pkgsrc/databases/mysql51-client/distinfo
    pathrev: pkgsrc/databases/mysql51-client/distinfo@1.1.1.1.2.2
    type: modified
  - new: 1.3.2.2
    old: 1.3.2.1
    path: pkgsrc/databases/mysql51-server/Makefile
    pathrev: pkgsrc/databases/mysql51-server/Makefile@1.3.2.2
    type: modified
  - new: 1.2.2.2
    old: 1.2.2.1
    path: pkgsrc/databases/mysql51-server/PLIST
    pathrev: pkgsrc/databases/mysql51-server/PLIST@1.2.2.2
    type: modified
  - new: 1.2.2.3
    old: 1.2.2.2
    path: pkgsrc/databases/mysql51-server/distinfo
    pathrev: pkgsrc/databases/mysql51-server/distinfo@1.2.2.3
    type: modified
  - new: '0'
    old: 1.1.2.2
    path: pkgsrc/databases/mysql51-server/patches/patch-av
    pathrev: pkgsrc/databases/mysql51-server/patches/patch-av@0
    type: deleted
  - new: 1.1.2.2
    old: '0'
    path: pkgsrc/databases/mysql51-server/patches/patch-ay
    pathrev: pkgsrc/databases/mysql51-server/patches/patch-ay@1.1.2.2
    type: added
  id: 20100526T171353Z.93605acb011773603eed6ebf521957ddc4fa1c36
  log: "Pullup ticket #3129 - requested by taca\ndatabases/mysql51-client: security
    update\ndatabases/mysql51-server: security update\n\nRevisions pulled up:\n- databases/mysql51-client/Makefile.common\t1.6-1.8\n-
    databases/mysql51-client/distinfo\t\t1.3-1.4\n- databases/mysql51-server/Makefile\t\t1.5\n-
    databases/mysql51-server/PLIST\t\t1.4-1.5\n- databases/mysql51-server/distinfo\t\t1.4-1.6\n-
    databases/mysql51-server/patches/patch-av\tdelete\n- databases/mysql51-server/patches/patch-ay\t1.1\n---\nModule
    Name:\tpkgsrc\nCommitted By:\ttaca\nDate:\t\tSat Apr 24 15:59:24 UTC 2010\n\nModified
    Files:\n\tpkgsrc/databases/mysql51-client: Makefile.common distinfo\n\tpkgsrc/databases/mysql51-server:
    Makefile PLIST distinfo\nRemoved Files:\n\tpkgsrc/databases/mysql51-server/patches:
    patch-av\n\nLog Message:\nUpdate mysql51-client/mysql51-server package to 5.1.46.\n\nThis
    is maintainous release and please refer for full changes:\n\n\thttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html\n---\nModule
    Name:\tpkgsrc\nCommitted By:\tobache\nDate:\t\tFri Apr 30 06:03:36 UTC 2010\n\nModified
    Files:\n\tpkgsrc/databases/mysql51-client: Makefile.common\n\nLog Message:\nInterix
    GNU cc doesn't support `-fPIC'.\n---\nModule Name:\tpkgsrc\nCommitted By:\ttaca\nDate:\t\tWed
    May 26 01:52:22 UTC 2010\n\nModified Files:\n\tpkgsrc/databases/mysql51-client:
    Makefile.common distinfo\n\tpkgsrc/databases/mysql51-server: PLIST distinfo\nAdded
    Files:\n\tpkgsrc/databases/mysql51-server/patches: patch-ay\n\nLog Message:\nUpdate
    mysql51-{client,server} package to 5.1.47.\n\nFor full changes, see http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html.\n\nHere
    is important changes:\n\nInnoDB Plugin Notes:\n\n    * InnoDB Plugin has been
    upgraded to version 1.0.8. This version\n      is considered of General Availability
    (GA) quality. InnoDB\n      Plugin Change History, may contain information in
    addition to\n      those changes reported here.\n\n      In this release, the
    InnoDB Plugin is included in source and\n      binary distributions, except RHEL3,
    RHEL4, SuSE 9 (x86, x86_64,\n      ia64), and generic Linux RPM packages. It also
    does not work for\n      FreeBSD 6 and HP-UX or for Linux on generic ia64.\n\nFunctionality
    added or changed:\n\n    * InnoDB stores redo log records in a hash table during\n
    \     recovery. On 64-bit systems, this hash table was 1/8 of the\n      buffer
    pool size. To reduce memory usage, the dimension of the\n      hash table was
    reduced to 1/64 of the buffer pool size (or 1/128\n      on 32-bit systems). (Bug#53122)\n\nSecurity
    fixed:\n\n    * Security Fix: The server failed to check the table name argument\n
    \     of a COM_FIELD_LIST command packet for validity and compliance\n      to
    acceptable table name standards. This could be exploited to\n      bypass almost
    all forms of checks for privileges and table-level\n      grants by providing
    a specially crafted table name argument to\n      COM_FIELD_LIST.\n\n      In
    MySQL 5.0 and above, this allowed an authenticated user with\n      SELECT privileges
    on one table to obtain the field definitions\n      of any table in all other
    databases and potentially of other\n      MySQL instances accessible from the
    server's file system.\n\n      Additionally, for MySQL version 5.1 and above,
    an authenticated\n    user with DELETE or SELECT privileges on one table could
    delete or\n    read content from any other table in all databases on this server,\n
    \   and potentially of other MySQL instances accessible from the\n    server's
    file system. (Bug#53371, CVE-2010-1848)\n\n    * Security Fix: The server was
    susceptible to a buffer-overflow\n      attack due to a failure to perform bounds
    checking on the table\n      name argument of a COM_FIELD_LIST command packet.
    By sending\n      long data for the table name, a buffer is overflown, which could\n
    \     be exploited by an authenticated user to inject malicious\n      code. (Bug#53237,
    CVE-2010-1850)\n\n    * Security Fix: The server could be tricked into reading
    packets\n      indefinitely if it received a packet larger than the maximum\n
    \     size of one packet. (Bug#50974, CVE-2010-1849)\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2010Q1] pkgsrc/databases'
  unixtime: '1274894033'
  user: tron