Update from version 5.0.67nb1 to 5.0.67nb2. Pkgsrc changes: o Add patch from http://bugs.mysql.com/file.php?id=9232, referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the vulnerability recorded in http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456. o Bump PKGREVISIONdiff -r1.19 -r1.20 pkgsrc/databases/mysql5-client/Makefile
(he)
| @@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.19 2008/09/18 12:49:40 tron Exp $ | 1 | # $NetBSD: Makefile,v 1.20 2009/01/28 09:44:34 he Exp $ | |
| 2 | 2 | |||
| 3 | PKGNAME= ${DISTNAME:S/-/-client-/} | 3 | PKGNAME= ${DISTNAME:S/-/-client-/} | |
| 4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
| 5 | SVR4_PKGNAME= mysqc | 5 | SVR4_PKGNAME= mysqc | |
| 6 | COMMENT= MySQL 5, a free SQL database (client) | 6 | COMMENT= MySQL 5, a free SQL database (client) | |
| 7 | 7 | |||
| 8 | CONFLICTS= {mysql-client-[0-9]*,mysql3-client-[0-9]*} | 8 | CONFLICTS= {mysql-client-[0-9]*,mysql3-client-[0-9]*} | |
| 9 | 9 | |||
| 10 | PKG_DESTDIR_SUPPORT= user-destdir | 10 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 11 | 11 | |||
| 12 | .include "Makefile.common" | 12 | .include "Makefile.common" | |
| 13 | 13 | |||
| 14 | CONFIGURE_ARGS+= --without-extra-tools | 14 | CONFIGURE_ARGS+= --without-extra-tools | |
| 15 | CONFIGURE_ARGS+= --without-server | 15 | CONFIGURE_ARGS+= --without-server | |
| 16 | CONFIGURE_ARGS+= --enable-thread-safe-client | 16 | CONFIGURE_ARGS+= --enable-thread-safe-client | |
| 17 | UNWRAP_FILES+= scripts/mysql_config | 17 | UNWRAP_FILES+= scripts/mysql_config |
| @@ -1,26 +1,28 @@ | @@ -1,26 +1,28 @@ | |||
| 1 | $NetBSD: distinfo,v 1.24 2008/09/18 11:50:44 taca Exp $ | 1 | $NetBSD: distinfo,v 1.25 2009/01/28 09:44:34 he Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377 | 3 | SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377 | |
| 4 | RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722 | 4 | RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722 | |
| 5 | Size (mysql-5.0.67.tar.gz) = 28370810 bytes | 5 | Size (mysql-5.0.67.tar.gz) = 28370810 bytes | |
| 6 | SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | 6 | SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | |
| 7 | SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7 | 7 | SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7 | |
| 8 | SHA1 (patch-ac) = 7e7034f64f8337e459fe16611db8d7854c02931e | 8 | SHA1 (patch-ac) = 7e7034f64f8337e459fe16611db8d7854c02931e | |
| 9 | SHA1 (patch-ad) = 430b8ae2d13598eec90cfdc73d37d932dd97f217 | 9 | SHA1 (patch-ad) = 430b8ae2d13598eec90cfdc73d37d932dd97f217 | |
| 10 | SHA1 (patch-ae) = 74c830dddf3517ebc2226dc166b61a33f83b04da | 10 | SHA1 (patch-ae) = 74c830dddf3517ebc2226dc166b61a33f83b04da | |
| 11 | SHA1 (patch-af) = b36307e554df858412c52ae53753c62d9761aaad | 11 | SHA1 (patch-af) = b36307e554df858412c52ae53753c62d9761aaad | |
| 12 | SHA1 (patch-ag) = 076ab47225b66bc6d8472ec48f808641afdb780d | 12 | SHA1 (patch-ag) = 076ab47225b66bc6d8472ec48f808641afdb780d | |
| 13 | SHA1 (patch-ah) = 18f9bb2c6d9b88d04b9ade6177212ab2ed21b4d7 | 13 | SHA1 (patch-ah) = 18f9bb2c6d9b88d04b9ade6177212ab2ed21b4d7 | |
| 14 | SHA1 (patch-ai) = 317c20011478c631b7d150bf84e82c9c5fbb0a76 | 14 | SHA1 (patch-ai) = 317c20011478c631b7d150bf84e82c9c5fbb0a76 | |
| 15 | SHA1 (patch-aj) = 1b831b1c7a616eba7d27f362a7c885ce6b853bbb | 15 | SHA1 (patch-aj) = 1b831b1c7a616eba7d27f362a7c885ce6b853bbb | |
| 16 | SHA1 (patch-al) = b77d3ebb9602a33e11d22190f26ea93fd6fb533d | 16 | SHA1 (patch-al) = b77d3ebb9602a33e11d22190f26ea93fd6fb533d | |
| 17 | SHA1 (patch-am) = 7fc6533477e6a0e826765106dd8d1b27cbc5695e | 17 | SHA1 (patch-am) = 7fc6533477e6a0e826765106dd8d1b27cbc5695e | |
| 18 | SHA1 (patch-an) = 49d1c45e549c7f39a2830401621458f9a5eb46bc | 18 | SHA1 (patch-an) = 49d1c45e549c7f39a2830401621458f9a5eb46bc | |
| 19 | SHA1 (patch-ao) = f69d47177787bd4b69fc8f81344b6e43fcdc5d88 | 19 | SHA1 (patch-ao) = f69d47177787bd4b69fc8f81344b6e43fcdc5d88 | |
| 20 | SHA1 (patch-ap) = fc4246e829a3b53b27ff2c6f5572eb4b13a277e5 | 20 | SHA1 (patch-ap) = fc4246e829a3b53b27ff2c6f5572eb4b13a277e5 | |
| 21 | SHA1 (patch-aq) = 18ed036f2df801124b8c717822ffc9c1224b27e3 | 21 | SHA1 (patch-aq) = 18ed036f2df801124b8c717822ffc9c1224b27e3 | |
| 22 | SHA1 (patch-ar) = b55373d58540975e24af14b13640e26c4c756923 | 22 | SHA1 (patch-ar) = b55373d58540975e24af14b13640e26c4c756923 | |
| 23 | SHA1 (patch-as) = d301a449e67d786f9155673fdbb5e8bc2f19ee7d | 23 | SHA1 (patch-as) = d301a449e67d786f9155673fdbb5e8bc2f19ee7d | |
| 24 | SHA1 (patch-at) = 626c0f6926893aa05e261ca1921fb6a352819156 | 24 | SHA1 (patch-at) = 626c0f6926893aa05e261ca1921fb6a352819156 | |
| 25 | SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299 | 25 | SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299 | |
| 26 | SHA1 (patch-bh) = 663e07d27d59c6429278d9f179288d2d822f185c | 26 | SHA1 (patch-bh) = b5457d2f039ab6788bc9e5f859dcf71f0cb0582c | |
| 27 | SHA1 (patch-bi) = fb174073be8cef39370cf56331b93429ab2a0e24 | |||
| 28 | SHA1 (patch-bj) = 77952b4dff57a9755021d815c7dbfdbccf97df05 |
| @@ -1,16 +1,49 @@ | @@ -1,16 +1,49 @@ | |||
| 1 | $NetBSD: patch-bh,v 1.2 2008/07/02 14:10:04 obache Exp $ | 1 | $NetBSD: patch-bh,v 1.3 2009/01/28 09:44:34 he Exp $ | |
| 2 | 2 | |||
| 3 | --- client/mysql.cc.orig 2007-05-21 05:45:33.000000000 +0200 | 3 | What was here before: workaround for our use of -ledit instead | |
| 4 | +++ client/mysql.cc 2007-05-21 05:46:28.000000000 +0200 | 4 | of the real readline (?). | |
| 5 | @@ -1415,7 +1415,11 @@ | 5 | ||
| 6 | New: add patch from http://bugs.mysql.com/file.php?id=9232, | |||
| 7 | referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the | |||
| 8 | vulnerability recorded in | |||
| 9 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456. | |||
| 10 | ||||
| 11 | --- client/mysql.cc.orig 2008-08-04 12:19:04.000000000 +0000 | |||
| 12 | +++ client/mysql.cc | |||
| 13 | @@ -2263,7 +2263,11 @@ static char **new_mysql_completion (cons | |||
| 6 | */ | 14 | */ | |
| 7 | 15 | |||
| 8 | #if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE) | 16 | #if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE) | |
| 9 | +# if defined(__NetBSD__) || defined(__DragonFly__) | 17 | +# if defined(__NetBSD__) || defined(__DragonFly__) | |
| 10 | +int no_completion(const char *, int) | 18 | +int no_completion(const char *, int) | |
| 11 | +# else | 19 | +# else | |
| 12 | char *no_completion(const char*,int) | 20 | char *no_completion(const char*,int) | |
| 13 | +# endif | 21 | +# endif | |
| 14 | #else | 22 | #else | |
| 15 | char *no_completion() | 23 | char *no_completion() | |
| 16 | #endif | 24 | #endif | |
| 25 | @@ -3361,9 +3365,12 @@ print_table_data_html(MYSQL_RES *result) | |||
| 26 | { | |||
| 27 | while((field = mysql_fetch_field(result))) | |||
| 28 | { | |||
| 29 | - tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? | |||
| 30 | - (field->name[0] ? field->name : | |||
| 31 | - " ") : "NULL")); | |||
| 32 | + tee_fputs("<TH>", PAGER); | |||
| 33 | + if (field->name && field->name[0]) | |||
| 34 | + xmlencode_print(field->name, field->name_length); | |||
| 35 | + else | |||
| 36 | + tee_fputs(field->name ? " " : "NULL", PAGER); | |||
| 37 | + tee_fputs("</TH>", PAGER); | |||
| 38 | } | |||
| 39 | (void) tee_fputs("</TR>", PAGER); | |||
| 40 | } | |||
| 41 | @@ -3374,7 +3381,7 @@ print_table_data_html(MYSQL_RES *result) | |||
| 42 | for (uint i=0; i < mysql_num_fields(result); i++) | |||
| 43 | { | |||
| 44 | (void) tee_fputs("<TD>", PAGER); | |||
| 45 | - safe_put_field(cur[i],lengths[i]); | |||
| 46 | + xmlencode_print(cur[i], lengths[i]); | |||
| 47 | (void) tee_fputs("</TD>", PAGER); | |||
| 48 | } | |||
| 49 | (void) tee_fputs("</TR>", PAGER); |
$NetBSD: patch-bi,v 1.1 2009/01/28 09:44:34 he Exp $
Add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
--- mysql-test/r/mysql.result.orig 2008-08-04 12:32:17.000000000 +0000
+++ mysql-test/r/mysql.result
@@ -180,4 +180,6 @@ ERROR at line 1: DELIMITER cannot contai
1
This is a file starting with UTF8 BOM 0xEFBBBF
This is a file starting with UTF8 BOM 0xEFBBBF
+<TABLE BORDER=1><TR><TH><</TH></TR><TR><TD>< & ></TD></TR></TABLE>
+End of 5.1 tests
End of 5.0 tests
$NetBSD: patch-bj,v 1.1 2009/01/28 09:44:34 he Exp $
Add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.
--- mysql-test/t/mysql.test.orig 2008-08-04 12:32:17.000000000 +0000
+++ mysql-test/t/mysql.test
@@ -290,4 +290,12 @@ EOF
--exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug29323.sql 2>&1
remove_file $MYSQLTEST_VARDIR/tmp/bug29323.sql;
+
+#
+# Bug #27884: mysql --html does not quote HTML special characters in output
+#
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+
+--echo
+--echo End of 5.1 tests
--echo End of 5.0 tests