head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.24
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.22
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.20
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.18
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.16
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.14
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.12
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.10
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.8
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.6
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.4
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.2
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.1.0.4
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2007.07.15.19.22.06;	author tron;	state dead;
branches;
next	1.1;

1.1
date	2007.05.21.04.40.00;	author xtraeme;	state Exp;
branches
	1.1.2.1
	1.1.4.1;
next	;

1.1.2.1
date	2007.05.21.04.40.00;	author salo;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2007.05.21.22.06.18;	author salo;	state Exp;
branches;
next	;

1.1.4.1
date	2007.07.28.16.46.38;	author ghen;	state dead;
branches;
next	;


desc
@@


1.2
log
@Update "mysql5-client" and "mysql5-server" packages to version 5.0.45.
Change since version 5.0.41:
- Functionality added or changed:
  - A new status variable, Com_call_procedure, indicates the number of calls
    to stored procedures. (Bug#27994)
  - NDB Cluster: The server source tree now includes scripts to simplify
    building MySQL with SCI support. For more information about SCI
    interconnects and these build scripts, see Section 15.9.1,
    Configuring MySQL Cluster to use SCI Sockets. (Bug#25470)
  - Prior to this release, when DATE values were compared with DATETIME values
    the time portion of the DATETIME value was ignored. Now a DATE value is
    coerced to the DATETIME type by adding the time portion as 00:00:00. To
    mimic the old behavior use the CAST() function in the following way:
    SELECT date_field = CAST(NOW() as DATE);. (Bug#28929)
- A large number of bugs including these security problems have been fixed:
  - A malformed password packet in the
    connection protocol could cause the server to crash. Thanks for Dormando
    for reporting this bug and providing details and a proof of concept.
    (Bug#28984)
  - CREATE TABLE LIKE did not require any privileges on the source table. Now
    it requires the SELECT privilege. (Bug#25578)
  - In addition, CREATE TABLE LIKE was not isolated from alteration by other
    connections, which resulted in various errors and incorrect binary log
    order when trying to execute concurrently a CREATE TABLE LIKE statement
    and either DDL statements on the source table or DML or DDL statements on
    the target table. (Bug#23667)
@
text
@$NetBSD: patch-bg,v 1.1 2007/05/21 04:40:00 xtraeme Exp $


--- sql/sql_parse.cc.orig	2007-05-21 04:56:56.000000000 +0200
+++ sql/sql_parse.cc	2007-05-21 04:59:31.000000000 +0200
@@@@ -3304,7 +3304,7 @@@@
 	*/
 	old_list= table[0];
 	new_list= table->next_local[0];
-	if (check_grant(thd, ALTER_ACL, &old_list, 0, 1, 0) ||
+	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, 1, 0) ||
 	    (!test_all_bits(table->next_local->grant.privilege,
 			    INSERT_ACL | CREATE_ACL) &&
 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0)))
@


1.1
log
@Update to 5.0.41. Amongst many fixes these vulnerabilities were
fixed:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692

And another patch adapted from a mailing list to fix:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691

See http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-41.html
To see all changes.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.4.1
log
@Pullup ticket 2146 - requested by tron
security update for mysql5

- pkgsrc/databases/mysql5-client/Makefile.common	1.25
- pkgsrc/databases/mysql5-client/PLIST			1.7
- pkgsrc/databases/mysql5-client/distinfo		1.19
- pkgsrc/databases/mysql5-client/patches/patch-ac	removed
- pkgsrc/databases/mysql5-client/patches/patch-ad	1.6
- pkgsrc/databases/mysql5-client/patches/patch-ae	1.9
- pkgsrc/databases/mysql5-client/patches/patch-bg	removed
- pkgsrc/databases/mysql5-server/PLIST			1.11
- pkgsrc/databases/mysql5-server/distinfo		1.16
- pkgsrc/databases/mysql5-server/patches/patch-aa	1.5
- pkgsrc/databases/mysql5-server/patches/patch-ac	removed
- pkgsrc/databases/mysql5-server/patches/patch-ah	1.6
- pkgsrc/databases/mysql5-server/patches/patch-ao	removed

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sun Jul 15 19:22:07 UTC 2007

   Modified Files:
	   pkgsrc/databases/mysql5-client: Makefile.common PLIST distinfo
	   pkgsrc/databases/mysql5-client/patches: patch-ad patch-ae
	   pkgsrc/databases/mysql5-server: PLIST distinfo
	   pkgsrc/databases/mysql5-server/patches: patch-aa patch-ah
   Removed Files:
	   pkgsrc/databases/mysql5-client/patches: patch-ac patch-bg
	   pkgsrc/databases/mysql5-server/patches: patch-ac patch-ao

   Log Message:
   Update "mysql5-client" and "mysql5-server" packages to version 5.0.45.
   Change since version 5.0.41:
   - Functionality added or changed:
     - A new status variable, Com_call_procedure, indicates the number of calls
       to stored procedures. (Bug#27994)
     - NDB Cluster: The server source tree now includes scripts to simplify
       building MySQL with SCI support. For more information about SCI
       interconnects and these build scripts, see Section 15.9.1,
       Configuring MySQL Cluster to use SCI Sockets. (Bug#25470)
     - Prior to this release, when DATE values were compared with DATETIME values
       the time portion of the DATETIME value was ignored. Now a DATE value is
       coerced to the DATETIME type by adding the time portion as 00:00:00. To
       mimic the old behavior use the CAST() function in the following way:
       SELECT date_field = CAST(NOW() as DATE);. (Bug#28929)
   - A large number of bugs including these security problems have been fixed:
     - A malformed password packet in the
       connection protocol could cause the server to crash. Thanks for Dormando
       for reporting this bug and providing details and a proof of concept.
       (Bug#28984)
     - CREATE TABLE LIKE did not require any privileges on the source table. Now
       it requires the SELECT privilege. (Bug#25578)
     - In addition, CREATE TABLE LIKE was not isolated from alteration by other
       connections, which resulted in various errors and incorrect binary log
       order when trying to execute concurrently a CREATE TABLE LIKE statement
       and either DDL statements on the source table or DML or DDL statements on
       the target table. (Bug#23667)
@
text
@d1 1
a1 1
$NetBSD: patch-bg,v 1.1 2007/05/21 04:40:00 xtraeme Exp $
@


1.1.2.1
log
@file patch-bg was added on branch pkgsrc-2007Q1 on 2007-05-21 22:06:18 +0000
@
text
@d1 14
@


1.1.2.2
log
@Pullup ticket 2094 - requested by xtraeme
security update for mysql5

Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile			1.10
- pkgsrc/databases/mysql5-client/Makefile.common		1.21
- pkgsrc/databases/mysql5-client/PLIST				1.6
- pkgsrc/databases/mysql5-client/distinfo			1.18
- pkgsrc/databases/mysql5-client/patches/patch-ac		1.5
- pkgsrc/databases/mysql5-client/patches/patch-ae		1.8
- pkgsrc/databases/mysql5-client/patches/patch-au		removed
- pkgsrc/databases/mysql5-client/patches/patch-bg		1.1
- pkgsrc/databases/mysql5-client/patches/patch-bh		1.1
- pkgsrc/databases/mysql5-server/PLIST				1.10
- pkgsrc/databases/mysql5-server/distinfo			1.15
- pkgsrc/databases/mysql5-server/patches/patch-ac		1.6
- pkgsrc/databases/mysql5-server/patches/patch-ah		1.5
- pkgsrc/databases/mysql5-server/patches/patch-ak		1.3
- pkgsrc/databases/mysql5-server/patches/patch-am		1.3
- pkgsrc/databases/mysql5-server/patches/patch-an		1.3

   Module Name:		pkgsrc
   Committed By:	xtraeme
   Date:		Mon May 21 04:40:01 UTC 2007

   Modified Files:
   	pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST
   distinfo pkgsrc/databases/mysql5-client/patches: patch-ac patch-ae
   	pkgsrc/databases/mysql5-server: PLIST distinfo
   	pkgsrc/databases/mysql5-server/patches: patch-ac patch-ah patch-ak
   	    patch-am patch-an
   Added Files:
   	pkgsrc/databases/mysql5-client/patches: patch-bg patch-bh
   Removed Files:
   	pkgsrc/databases/mysql5-client/patches: patch-au

   Log Message:
   Update to 5.0.41. Amongst many fixes these vulnerabilities were
   fixed:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692

   And another patch adapted from a mailing list to fix:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691

   See http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-41.html
   To see all changes.
@
text
@a0 14
$NetBSD: patch-bg,v 1.1 2007/05/21 04:40:00 xtraeme Exp $


--- sql/sql_parse.cc.orig	2007-05-21 04:56:56.000000000 +0200
+++ sql/sql_parse.cc	2007-05-21 04:59:31.000000000 +0200
@@@@ -3304,7 +3304,7 @@@@
 	*/
 	old_list= table[0];
 	new_list= table->next_local[0];
-	if (check_grant(thd, ALTER_ACL, &old_list, 0, 1, 0) ||
+	if (check_grant(thd, ALTER_ACL | DROP_ACL, &old_list, 0, 1, 0) ||
 	    (!test_all_bits(table->next_local->grant.privilege,
 			    INSERT_ACL | CREATE_ACL) &&
 	     check_grant(thd, INSERT_ACL | CREATE_ACL, &new_list, 0, 1, 0)))
@