debian/0000775000000000000000000000000012777450437007210 5ustar debian/control0000664000000000000000000000346212777450551010615 0ustar Source: libdbd-mysql-perl Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Perl Group Uploaders: gregor herrmann , Krzysztof Krzyżaniak (eloy) , Ansgar Burchardt , Nicholas Bamber , Xavier Guimard Section: perl Priority: optional Build-Depends: debhelper (>= 9.20120312), libdbi-perl, libmysqlclient-dev, perl, zlib1g-dev Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libdbd-mysql-perl.git Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libdbd-mysql-perl.git Homepage: https://metacpan.org/release/DBD-mysql Package: libdbd-mysql-perl Architecture: any Depends: ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}, libdbi-perl Description: Perl5 database interface to the MySQL database DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming language and the MySQL programming API that comes with the MySQL relational database management system. Most functions provided by this programming API are supported. Some rarely used functions are missing, mainly because noone ever requested them. However supported features include: compression of data between server and client; timeouts; SSL; prepared statement support; server administration such as creating and dropping databases and restarting the server; auto-reconnection; utf8; bind type guessing; bind comment placeholders; automated insert ids; transactions; multiple result sets and multithreading. debian/libdbd-mysql-perl.lintian-overrides0000664000000000000000000000026712236523746016112 0ustar # long DSN # details can change from release to release libdbd-mysql-perl: manpage-has-errors-from-man usr/share/man/man3/DBD::mysql.3pm.gz 472: warning [p 5, 5.7i]: can't break line debian/changelog0000664000000000000000000005407412777450437011074 0ustar libdbd-mysql-perl (4.025-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via use after free - debian/patches/CVE-2014-9906.patch: properly handle free in dbdimp.c, added test to t/rt85919-fetch-lost-connection.t, t/rt86153-reconnect-fail-memory.t. - CVE-2014-9906 * SECURITY UPDATE: denial of service and possible code execution via use after free - debian/patches/CVE-2015-8949.patch: properly handle free in dbdimp.c. - CVE-2015-8949 * SECURITY UPDATE: unsafe sprintf w/variable length input - debian/patches/CVE-2016-1246.patch: don't use sprintf in dbdimp.c. - CVE-2016-1246 -- Marc Deslauriers Wed, 12 Oct 2016 11:04:46 -0400 libdbd-mysql-perl (4.025-1) unstable; urgency=low * Team upload * Imported Upstream version 4.025 + fixes misparsing of single quotes in comments (Closes: #311040) * updated years of upstream copyright * adapt lintian override about unbreakable line in manual * drop trailing slash from metacpan URLs * add a patch fixing bad whatis entry in README.pod * claim conformance with Policy 3.9.5 -- Damyan Ivanov Wed, 06 Nov 2013 22:52:31 +0200 libdbd-mysql-perl (4.024-1) unstable; urgency=low [ Axel Beckert ] * debian/copyright: migrate pre-1.0 format to 1.0 using "cme fix dpkg- copyright" [ Xavier Guimard ] * Imported Upstream version 4.024 * Update lintian-overrides offset * Remove patches now included in upstream -- Xavier Guimard Tue, 01 Oct 2013 21:13:45 +0200 libdbd-mysql-perl (4.023-1) unstable; urgency=low [ Salvatore Bonaccorso ] * Change Vcs-Git to canonical URI (git://anonscm.debian.org) * Change search.cpan.org based URIs to metacpan.org based URIs [ Xavier Guimard ] * Imported Upstream version 4.023 * Update debian/copyright years * Bump Standards-Version to 3.9.4 (no changes). * Correct copyright format error * Adapt patches offsets * Update spelling errors patch -- Xavier Guimard Sun, 19 May 2013 18:35:08 +0200 libdbd-mysql-perl (4.021-1) unstable; urgency=low * New upstream release. * debian/copyright: update to Copyright-Format 1.0. * Update years of packaging copyright. * Use debhelper 9.20120312 to get all hardening flags. * Bump Standards-Version to 3.9.3 (no changes). * Refresh lintian override (line number). * Refresh patches (offset, forward upstream). -- gregor herrmann Mon, 07 May 2012 18:09:52 +0200 libdbd-mysql-perl (4.020-1) unstable; urgency=low [ Ansgar Burchardt ] * debian/control: Fix typo in package description. (Closes: #626791) * debian/control: Convert Vcs-* fields to Git. [ Salvatore Bonaccorso ] * debian/copyright: Replace DEP5 Format-Specification URL from svn.debian.org to anonscm.debian.org URL. [ gregor herrmann ] * New upstream release. * Refresh patches (offset). * Update years of packaging copyright. * Switch to debhelper 8. -- gregor herrmann Sat, 27 Aug 2011 17:59:52 +0200 libdbd-mysql-perl (4.019-1) unstable; urgency=low * New upstream release * Refreshed patches -- Nicholas Bamber Sat, 14 May 2011 22:52:18 +0100 libdbd-mysql-perl (4.018-1) unstable; urgency=low [ Ansgar Burchardt ] * New upstream release: 4.017 * Use perl_dbi addon for dh. * Bump build-dependency on libdbi-perl to >= 1.612. * Email change: Ansgar Burchardt -> ansgar@debian.org [ Nicholas Bamber ] * Added myself to Uploaders * New upstream release: 4.018 * Raised standards version to 3.9.2 * Refreshed copyright * Refreshed patches * Removed version versioning of zlib1g-dev build dependency * Fix permissions in examples directory * Email change: Raphael Hertzog -> * Email change: gregor herrmann -> * Removed debian/clean and added rules to save and restore t/mysql.mtest * Rewrote long description * Stopped installing more bits of DBD::mysql::INSTALL and Bundle::DBD::mysql [ gregor herrmann ] * Email change: Tim Retout -> diocles@debian.org -- Nicholas Bamber Mon, 25 Apr 2011 20:51:48 +0100 libdbd-mysql-perl (4.016-1) unstable; urgency=low * New upstream release. -- Ansgar Burchardt Mon, 12 Jul 2010 19:29:27 +0900 libdbd-mysql-perl (4.015-1) unstable; urgency=low * New upstream release. + Fix issues with placeholders in comments. (Closes: #580479, #584428) * Bump Standards-Version to 3.9.0 (no changes). -- Ansgar Burchardt Sat, 10 Jul 2010 21:55:39 +0900 libdbd-mysql-perl (4.014-1) unstable; urgency=low * New upstream release. * Add dependency on perl-dbdapi-* (see #577209). + Needs build-dep on libdbi-perl (>= 1.610.90+is+1.609-1~). * Add myself to Uploaders. -- Ansgar Burchardt Sat, 24 Apr 2010 14:27:37 +0900 libdbd-mysql-perl (4.013-2) unstable; urgency=low * Build against libdbi-perl 1.610.90-1 -- Krzysztof Krzyżaniak (eloy) Fri, 09 Apr 2010 12:03:50 +0200 libdbd-mysql-perl (4.013-1) unstable; urgency=low [ Raphaël Hertzog ] * Remove myself from Uploaders. [ Tim Retout ] * New upstream version. * debian/control: + Remove versioning from perl Build-Depends. + Build-Depend on libmysqlclient-dev. [ gregor herrmann ] * Set Standards-Version to 3.8.4 (no changes). * debian/control: remove leading article from short description. * Refresh patch and add header. * Convert to source format 3.0 (quilt). Remove quilt framework. * debian/rules: convert to "dh". * Refresh lintian override. * Rename debhelper helper files in debian/ to $pkg.*. * Add new patch to fix a spelling mistake. * debian/copyright: use DEP5 format. -- gregor herrmann Sat, 06 Mar 2010 19:53:06 +0100 libdbd-mysql-perl (4.012-1) unstable; urgency=low [ Nathan Handler ] * debian/watch: Update to ignore development releases. [ Gunnar Wolf ] * Added myself as an uploader * New upstream release * Standards-version → 3.8.2 (no changes needed) * Added build-dependency on quilt * Fixed POD to avoid manpage errors. Thanks, lintian! -- Gunnar Wolf Mon, 20 Jul 2009 12:36:01 +0200 libdbd-mysql-perl (4.011-1) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * New upstream release * debian/control: add me to Uploaders, update Standards-Version to 3.8.1 narrow dependency libdbi-perl to (>= 1.607) (closes: #504648) * Update package to debhelper 7, update debian/rules * create debian/examples [ gregor herrmann ] * New upstream release. * debian/control: Changed: Switched Vcs-Browser field to ViewSVN (source stanza). * debian/control: Added: ${misc:Depends} to Depends: field. -- Krzysztof Krzyżaniak (eloy) Tue, 28 Apr 2009 23:46:50 +0200 libdbd-mysql-perl (4.008-1) unstable; urgency=low * New upstream release. * Set Standards-Version to 3.8.0 (no changes). * debian/control: wrap a long line. * Don't install INSTALL.POD any more. -- gregor herrmann Sat, 23 Aug 2008 14:48:22 -0300 libdbd-mysql-perl (4.007-1) unstable; urgency=low * New upstream release. * debian/copyright: use version-independent upstream source URL. * Refresh debian/rules, no functional changes, except: - the only test which doesn't need a local MySQL server is enabled - README isn't installed any more (only installation instructions) * Add a lintian override for a warning concerning a long line in a manpage which is caused by a long argument. * Add /me to Uploaders. -- gregor herrmann Mon, 19 May 2008 20:49:44 +0200 libdbd-mysql-perl (4.006-1) unstable; urgency=low [ Raphael Hertzog ] * Move myself to Uploaders and put the team as Maintainer. [ gregor herrmann ] * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser field (source stanza); Homepage field (source stanza). Removed: XS- Vcs-Svn fields. * New upstream release. * Set Standards-Version to 3.7.3 (no changes needed). * debian/watch: use dist-based URL. * debian/rules: - use $(CURDIR) instead of calling pwd - let install-stamp depend on build-stamp (instead of build) - merge "rm"s in clean target - add commented out test suite to build target and explain why it's not enabled (needs a local MySQL server) - remove call to sed that changed some characters in manpages (not needed any more) * debian/rules: delete /usr/share/perl5 only if it exists. [ Roberto C. Sanchez ] * Update to debhelper compatibility level 6. -- Roberto C. Sanchez Wed, 09 Jan 2008 22:56:37 -0500 libdbd-mysql-perl (4.005-1) unstable; urgency=low * New upstream release. -- gregor herrmann Sat, 14 Jul 2007 22:32:22 +0200 libdbd-mysql-perl (4.004-2) unstable; urgency=low * Now builds with SSL support. Closes: #429065 Apparently it doesn't need libssl-dev in Build-Depends. It doesn't link with the library, it just adds some more code that interacts with the server. * Add XS-Vcs-Browser fields in debian/control. -- Raphael Hertzog Fri, 15 Jun 2007 22:22:23 +0200 libdbd-mysql-perl (4.004-1) unstable; urgency=low * New upstream release. * Use debian/compat instead of DH_COMPAT. * Updated copyright file and converted it to UTF8. -- Raphael Hertzog Tue, 03 Apr 2007 19:37:25 +0200 libdbd-mysql-perl (3.0008-1) unstable; urgency=low * New upstream release. * Don't ignore result of make distclean. * Remove empty /usr/share/perl5 directory. -- gregor herrmann Sun, 19 Nov 2006 20:19:57 +0100 libdbd-mysql-perl (3.0007-1) unstable; urgency=low * New upstream release. -- gregor herrmann Sat, 9 Sep 2006 20:24:50 +0200 libdbd-mysql-perl (3.0006-1) unstable; urgency=low * New upstream release. * Set Debhelper Compatibility level to 5. * Added examples from eg/ directory to doc/examples/. -- gregor herrmann Sat, 17 Jun 2006 14:42:37 +0200 libdbd-mysql-perl (3.0004-1) unstable; urgency=low * New upstream release. * Updated Standards-Version to 3.7.2. -- Raphael Hertzog Thu, 25 May 2006 22:22:19 +0000 libdbd-mysql-perl (3.0002-2) unstable; urgency=low * Now links with libmysqlclient15 for Mysql 5.x support. Closes: #343774 -- Raphael Hertzog Tue, 20 Dec 2005 08:30:08 +0100 libdbd-mysql-perl (3.0002-1) unstable; urgency=low * New upstream release. Closes: #318931 * Conforms to policy 3.6.2. -- Raphael Hertzog Fri, 12 Aug 2005 12:28:03 +0200 libdbd-mysql-perl (2.9007-1) unstable; urgency=low * New upstream version. * Now links with libmysqlclient14 for MySQL 4.1 support. Closes: #310483 * Thus Build-Depends on libmysqlclient14-dev. -- Raphael Hertzog Wed, 25 May 2005 06:59:22 +0000 libdbd-mysql-perl (2.9006-1) unstable; urgency=medium * New upstream version. Closes: #293740 * This version has the fix for the mysql_auto_reconnect problem working only once. Closes: #227857 -- Raphael Hertzog Fri, 15 Apr 2005 10:56:34 +0200 libdbd-mysql-perl (2.9003-4) unstable; urgency=high * Switch again to libmysqlclient12-dev. It looks like the license issues are finally completely resolved. Closes: #298091 * High urgency upload to make it quickly into sarge. -- Raphael Hertzog Mon, 7 Mar 2005 08:11:52 +0100 libdbd-mysql-perl (2.9003-3) unstable; urgency=high * Link again libmysqlclient10-dev for sarge. Closes: #270769 * High urgency upload to make it quickly. -- Raphael Hertzog Thu, 9 Sep 2004 13:49:33 +0200 libdbd-mysql-perl (2.9003-2) unstable; urgency=low * Link against the main MySQL library again. The exception clause let people use the library in connection with other free software licenses like the perl artistic one. -- Raphael Hertzog Wed, 24 Mar 2004 08:20:00 +0100 libdbd-mysql-perl (2.9003-1) unstable; urgency=low * New upstream version. -- Raphael Hertzog Mon, 8 Dec 2003 13:47:35 +0000 libdbd-mysql-perl (2.1027-1) unstable; urgency=low * New upstream version. -- Raphael Hertzog Mon, 9 Jun 2003 12:47:21 +0000 libdbd-mysql-perl (2.1026-3) unstable; urgency=medium * Switch to use libmysqlclient10 which is LGPL. Updated build-depends accordingly. Closes: #189164 Latest libmysqlclient is GPL-only and thus can't be used for any project which is non-GPL. As DBD::mysql is probably used by dozen of non-GPL programs I decided to link it against the last LGPL version kindly resurrected by Steve Langasek: https://alioth.debian.org/projects/libmysql-lgpl/ * Sorry if this does mean that you're going to lack some features integrated in the latest libs, but you should whine against the upstream decision to switch to GPL ... -- Raphael Hertzog Sun, 20 Apr 2003 13:28:50 +0000 libdbd-mysql-perl (2.1026-2) unstable; urgency=medium * Updated section to perl. * Recompile to correctly link with libmysqlclient12. Updated build-depends to force build with libmysqlcient-dev (>= 4.0.12-3). * Added libssl-dev to the build dependencies. Closes: #188851 -- Raphael Hertzog Sun, 13 Apr 2003 15:53:30 +0000 libdbd-mysql-perl (2.1026-1) unstable; urgency=low * New upstream release. Closes: #188539 * Recompiled with latest mysql lib. -- Raphael Hertzog Fri, 11 Apr 2003 17:20:47 +0200 libdbd-mysql-perl (2.1020-2) unstable; urgency=low * Mysql->errno works now. Thanks to Nils Rennebarth. Closes: #168967 * Uploaded to unstable since I've received no useful feedback with experimental. Let's see if something breaks ... -- Raphael Hertzog Sun, 17 Nov 2002 01:41:03 +0100 libdbd-mysql-perl (2.1020-1) experimental; urgency=low * New upstream version. Closes: #167286 * This is completely different codebase than the old module, thus I prefer to upload to experimental first. -- Raphael Hertzog Sat, 2 Nov 2002 10:04:29 +0100 libdbd-mysql-perl (1.2219-6) unstable; urgency=low * Updated the copyright notice. Closes: #157565 -- Raphael Hertzog Mon, 26 Aug 2002 12:30:29 +0200 libdbd-mysql-perl (1.2219-5) unstable; urgency=low * Compiled with perl 5.8. -- Raphael Hertzog Wed, 31 Jul 2002 18:22:04 +0000 libdbd-mysql-perl (1.2219-4) unstable; urgency=low * More fixes wrt the insertid that is now long long. Closes: #147715 -- Raphael Hertzog Wed, 22 May 2002 09:29:13 +0200 libdbd-mysql-perl (1.2219-3) unstable; urgency=low * Patched the real dbdimp.c instead of the template. So the compilation lost my change. :-( -- Raphael Hertzog Fri, 17 May 2002 16:41:44 +0200 libdbd-mysql-perl (1.2219-2) unstable; urgency=low * Updated sprintf calls to match the type returned by mysql_insert_id & mysql_affected_rows. Closes: #147092 -- Raphael Hertzog Thu, 16 May 2002 00:54:04 +0200 libdbd-mysql-perl (1.2219-1) unstable; urgency=low * New upstream release. -- Raphael Hertzog Tue, 30 Apr 2002 15:23:54 +0200 libdbd-mysql-perl (1.2216-2) unstable; urgency=medium * Added zlib1g-dev to build depends. Closes: #100798 -- Raphael Hertzog Thu, 14 Jun 2001 09:14:51 +0200 libdbd-mysql-perl (1.2216-1) unstable; urgency=medium * New upstream version. Closes: #98682 -- Raphael Hertzog Fri, 25 May 2001 22:12:57 +0200 libdbd-mysql-perl (1.2215-3) unstable; urgency=medium * Adapted to the latest perl policy which brings back perl in its "perl" package. * Complies with policy 3.5.2. -- Raphael Hertzog Wed, 21 Feb 2001 22:09:53 +0100 libdbd-mysql-perl (1.2215-2) unstable; urgency=low * Recompiled with perl-5.6. Closes: #77403 -- Raphael Hertzog Sun, 19 Nov 2000 15:58:42 +0100 libdbd-mysql-perl (1.2215-1) unstable; urgency=low * New upstream version. * Recompiled with libmysqlclient10. Closes: #74423, #74496 * Hopefully, the sparc recompile will be ok this time. Closes: #71012 -- Raphael Hertzog Sun, 19 Nov 2000 15:58:18 +0100 libdbd-mysql-perl (1.2214-1) unstable; urgency=low * Non maintainer upload. * New upstream version. -- Guillaume Morin Thu, 27 Jul 2000 15:29:49 +0200 libdbd-mysql-perl (1.2202-5) unstable; urgency=low * Recompiled with libmysqlclient9. Closes: #66964 -- Raphael Hertzog Thu, 13 Jul 2000 14:17:22 +0200 libdbd-mysql-perl (1.2202-4) unstable; urgency=low * Removed dbimon.1 too. Closes: #47979 -- Raphael Hertzog Tue, 26 Oct 1999 00:10:22 +0200 libdbd-mysql-perl (1.2202-3) unstable; urgency=low * Removed unuseful /usr/bin/dbimon. Closes: #45071 -- Raphael Hertzog Fri, 17 Sep 1999 14:43:17 +0200 libdbd-mysql-perl (1.2202-2) unstable; urgency=low * Policy 3.0.1 compliance. Built with debhelper 2.0.40. -- Raphael Hertzog Thu, 9 Sep 1999 12:06:37 +0200 libdbd-mysql-perl (1.2202-1) unstable; urgency=low * New maintainer. * New upstream version. * libdbd-msql-perl and libdbd-mysql-perl have now separate source packages. * libdbd-mysql-perl is now in main. * Acknowledged the previous NMU. Closes: #41533, #35545, #36665 Closes: #36790, #40524, #38430 (in gnudip) -- Raphael Hertzog Fri, 30 Jul 1999 14:34:51 +0200 msql-mysql-modules (1.2017-1.1) unstable; urgency=low * NMU for the perl upgrade. Closes: #41527, #41533 * Corrected the rules files to conform to perl policy 1.0.1. * Upgraded standards-version to 2.5.1. * Compiled with perl-5.005. * Compiled with the latest mysql libs. Closes: #35545, #36665, #36790, #40524 * Moved libdbd-mysql-perl to main since it doesn't depend on anything non-free. Closes: #38430 in the gnudip package ... * In fact moved the source to main and libdbd-msql-perl to contrib ... -- Raphael Hertzog Tue, 20 Jul 1999 23:30:17 +0200 msql-mysql-modules (1.2017-1) unstable; urgency=low * New upstream version. * Rebuild for new mysql layout. Fixes: #35345, #36665, #36790 * Comment-out #include as this is for a msql we don't have.. -- Ben Gertzfield Thu, 13 May 1999 12:28:11 -0700 msql-mysql-modules (1.2012-1) unstable; urgency=low * New upstream version. * Bumped dependancy on libdbi-perl to >= 1.02-1 for upgrade purposes. -- Ben Gertzfield Mon, 28 Dec 1998 15:41:28 -0800 msql-mysql-modules (1.2005-1) unstable; urgency=low * New upstream version. Note that 1.2003-2 wasn't uploaded due to a problem with upper-case letters in the source name. -- Ben Gertzfield Tue, 13 Oct 1998 13:19:17 -0700 msql-mysql-modules (1.2003-2) unstable; urgency=low * The msql and mysql DBD drivers have always been in the same source; Martin Schulze convinced me to merge them back together properly. Msql-Mysql-modules is the real name of the upstream source. * Now makes the libdbd-msql-perl package as well as the libdbd-mysql-perl package. -- Ben Gertzfield Fri, 25 Sep 1998 12:09:40 -0700 libdbd-mysql-perl (1.2003-1) unstable; urgency=low * New upstream version, recompiled against libdbi-perl 1.02. * Upgraded Standards-Version to 2.4.0.0. * Removed call to dh_du in debian/rules. * Made build not ask any interactive questions with the kludge IN_MYSQL_DISTRIBUTION=true . * Changed rm debian/tmp/usr/lib/perl5/DBD/mSQL.pm to rm -f just in case it's still there some day. * Made the upstream ChangeLog be installed as /usr/doc/libdbi-mysql-perl/changelog -- Ben Gertzfield Thu, 24 Sep 1998 12:01:58 -0700 libdbd-mysql-perl (1.1832-1) unstable; urgency=low * New upstream version. * Now dynamically linked against mysql libraries. -- Ben Gertzfield Wed, 15 Jul 1998 23:23:31 -0700 libdbd-mysql-perl (1.1827-1) unstable; urgency=low * New upstream version. -- Ben Gertzfield Wed, 4 Mar 1998 01:12:07 -0800 libdbd-mysql-perl (1.1826-2) unstable; urgency=low * Removed call to dh_makeshlibs. Heh. Whoops. Fixes lintian warning. * Rebuilt with debhelper 0.60, fixes bad permission lintian warnings. * Added in patch from mdorman@law.miami.edu to fix building on Alpha. Fixes bug #18072. -- Ben Gertzfield Wed, 11 Feb 1998 13:27:54 -0800 libdbd-mysql-perl (1.1826-1) unstable; urgency=low * New upstream version. * Added in upstream changelog. Fixes bug #17511. -- Ben Gertzfield Sun, 1 Feb 1998 11:53:23 -0800 libdbd-mysql-perl (1.1821-2) unstable; urgency=low * Removed msql files mistakenly left in the package, bug #16784. -- Ben Gertzfield Wed, 7 Jan 1998 20:23:57 -0800 libdbd-mysql-perl (1.1821-1) unstable; urgency=low * New maintainer. * New upstream version. * Compiled to work with new libdbi-perl. -- Ben Gertzfield Mon, 29 Dec 1997 13:55:12 -0800 libdbd-mysql-perl (1.65-2) unstable; urgency=low * New maintainer * Move to contrib -- Scott Hanson Mon, 27 Oct 1997 08:44:44 +0100 libdbd-mysql-perl (1.65-1) unstable; urgency=low * New upstream version * Recompiled with libc6, mysql 3.20.29, and perl 5.004.02 * Upgraded to Standards Version 2.3.0.0 * Fixed description -- Christian Schwarz Thu, 11 Sep 1997 22:01:45 +0200 libdbd-mysql-perl (1.63.1-1) unstable; urgency=low * New upstream version. -- Christian Schwarz Sat, 3 May 1997 17:29:12 +0200 libdbd-mysql-perl (1.1-1) unstable; urgency=low * Initial Release. -- Christian Schwarz Sun, 13 Apr 1997 22:51:11 +0200 Local variables: mode: debian-changelog End: debian/source/0000775000000000000000000000000011614473750010500 5ustar debian/source/format0000664000000000000000000000001411614473750011706 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212010726770010370 0ustar 9 debian/patches/0000775000000000000000000000000012777450525010635 5ustar debian/patches/series0000664000000000000000000000011512777450404012043 0ustar fix-whatis.patch CVE-2014-9906.patch CVE-2015-8949.patch CVE-2016-1246.patch debian/patches/fix-whatis.patch0000664000000000000000000000071712236525440013733 0ustar Description: fix whatis entry of README.pod Otherwise the manual page has no real whatis entry (name - short description) Author: Damyan Ivanov Bug: https://rt.cpan.org/Ticket/Display.html?id=90101 --- a/README.pod +++ b/README.pod @@ -1,7 +1,6 @@ -=head1 DBD::mysql - database driver for Perl - -This is the Perl L driver for access to MySQL databases. +=head1 NAME +DBD::mysql - MySQL database driver for Perl L =head2 Usage debian/patches/CVE-2014-9906.patch0000664000000000000000000001451512777450524013271 0ustar Description: fix denial of service and possible code execution via use after free Bug: https://rt.cpan.org/Public/Bug/Display.html?id=97625 Origin: backport, https://github.com/perl5-dbi/DBD-mysql/commit/c570f90b0aa6911ebf56da4595a5be86603c6923 Origin: backport, https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc Origin: backport, https://github.com/perl5-dbi/DBD-mysql/commit/283c5dfc42c530aab06ad032cf25b816c0e70780 WARNING: this patch contains dos-style line endings, editing it may break it Index: libdbd-mysql-perl-4.025/dbdimp.c =================================================================== --- libdbd-mysql-perl-4.025.orig/dbdimp.c 2013-10-25 02:00:33.000000000 -0400 +++ libdbd-mysql-perl-4.025/dbdimp.c 2016-10-12 11:04:20.175955202 -0400 @@ -1940,8 +1940,13 @@ /* sock was allocated with mysql_init() fixes: https://rt.cpan.org/Ticket/Display.html?id=86153 - */ + Safefree(sock); + + rurban: No, we still need this handle later in mysql_dr_error(). + RT #97625. It will be freed as imp_dbh->pmysql in dbd_db_destroy(), + which is called by the DESTROY handler. + */ } return result; } @@ -1978,6 +1983,8 @@ char* user; char* password; char* mysql_socket; + int result; + int fresh = 0; D_imp_xxh(dbh); /* TODO- resolve this so that it is set only if DBI is 1.607 */ @@ -2026,10 +2033,16 @@ port ? port : "NULL"); if (!imp_dbh->pmysql) { + fresh = 1; Newz(908, imp_dbh->pmysql, 1, MYSQL); } - return mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, + result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, password, dbname, imp_dbh) ? TRUE : FALSE; + if (fresh && !result) { + /* Prevent leaks, but do not free in case of a reconnect. See #97625 */ + Safefree(imp_dbh->pmysql); + } + return result; } @@ -2081,8 +2094,9 @@ if (!my_login(aTHX_ dbh, imp_dbh)) { - do_error(dbh, mysql_errno(imp_dbh->pmysql), - mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); + if(imp_dbh->pmysql) + do_error(dbh, mysql_errno(imp_dbh->pmysql), + mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); return FALSE; } Index: libdbd-mysql-perl-4.025/t/rt85919-fetch-lost-connection.t =================================================================== --- libdbd-mysql-perl-4.025.orig/t/rt85919-fetch-lost-connection.t 2013-10-17 15:23:09.000000000 -0400 +++ libdbd-mysql-perl-4.025/t/rt85919-fetch-lost-connection.t 2016-10-12 11:04:20.171955162 -0400 @@ -1,44 +1,61 @@ -use strict; -use warnings; -use DBI; -use Test::More; -use lib 't', '.'; -use vars qw($table $test_dsn $test_user $test_password $mdriver); -require 'lib.pl'; - -my $dbh; -eval {$dbh= DBI->connect($test_dsn, $test_user, $test_password, - { RaiseError => 1, PrintError => 0, AutoCommit => 0 });}; -if ($@) { - plan skip_all => "ERROR: $@. Can't continue test"; -} -my $sth; -my $ok = eval { - print "Connecting...\n"; - ok( $sth = $dbh->do('SET wait_timeout = 5'), 'set wait_timeout'); - print "Sleeping...\n"; - sleep 7; - my $sql = 'SELECT 1'; - if (1) { - ok( $sth = $dbh->prepare($sql), 'prepare SQL'); - ok( $sth->execute(), 'execute SQL'); - my @res = $sth->fetchrow_array(); - is ( $res[0], undef, 'no rows returned'); - ok( $sth->finish(), 'finish'); - $sth = undef; - } - else { - print "Selecting...\n"; - my @res = $dbh->selectrow_array($sql); - } - $dbh->disconnect(); - $dbh = undef; - 1; -}; -if (not $ok) { - is ( $DBI::err, 2006, 'Received error 2006' ); - is ( $DBI::errstr, 'MySQL server has gone away', 'Received MySQL server has gone away'); - eval { $sth->finish(); } if defined $sth; - eval { $dbh->disconnect(); } if defined $dbh; -} -done_testing(); +use strict; +use warnings; +use DBI; +use Test::More; +use lib 't', '.'; +use vars qw($table $test_dsn $test_user $test_password $mdriver); +require 'lib.pl'; + +my $dbh; +eval {$dbh= DBI->connect($test_dsn, $test_user, $test_password, + { RaiseError => 1, PrintError => 0, AutoCommit => 0 });}; +if ($@) { + plan skip_all => "ERROR: $@. Can't continue test"; +} +my $sth; +my $ok = eval { + print "Connecting...\n"; + ok( $sth = $dbh->do('SET wait_timeout = 5'), 'set wait_timeout'); + print "Sleeping...\n"; + sleep 7; + my $sql = 'SELECT 1'; + if (1) { + ok( $sth = $dbh->prepare($sql), 'prepare SQL'); + ok( $sth->execute(), 'execute SQL'); + my @res = $sth->fetchrow_array(); + is ( $res[0], undef, 'no rows returned'); + ok( $sth->finish(), 'finish'); + $sth = undef; + } + else { + print "Selecting...\n"; + my @res = $dbh->selectrow_array($sql); + } + $dbh->disconnect(); + $dbh = undef; + 1; +}; +if (not $ok) { + is ( $DBI::err, 2006, 'Received error 2006' ); + is ( $DBI::errstr, 'MySQL server has gone away', 'Received MySQL server has gone away'); + eval { $sth->finish(); } if defined $sth; + eval { $dbh->disconnect(); } if defined $dbh; +} + +if (0) { + # This causes the use=after-free crash in RT #97625. + # different testcase by killing the service. which is of course + # not doable in a general testscript and highly system dependent. + system(qw(sudo service mysql start)); + use DBI; + my $dbh = DBI->connect("DBI:mysql:database=test:port=3306"); + $dbh->{mysql_auto_reconnect} = 1; # without this is works + my $select = sub { $dbh->do(q{SELECT 1}) for 1 .. 10; }; + $select->(); + system qw(sudo service mysql stop); + $select->(); + ok(1, "dbh did not crash on closed connection"); + system(qw(sudo service mysql start)); +} + +done_testing(); Index: libdbd-mysql-perl-4.025/t/rt86153-reconnect-fail-memory.t =================================================================== --- libdbd-mysql-perl-4.025.orig/t/rt86153-reconnect-fail-memory.t 2013-10-25 02:07:15.000000000 -0400 +++ libdbd-mysql-perl-4.025/t/rt86153-reconnect-fail-memory.t 2016-10-12 11:04:14.703901252 -0400 @@ -63,6 +63,7 @@ $ok++; } else { + diag "$prev_size => $size" if $ENV{TEST_VERBOSE}; $not_ok++; } } debian/patches/CVE-2015-8949.patch0000664000000000000000000000222612777450377013302 0ustar From 2e1cbd0034cf0041f832ba81d07c24db886782d8 Mon Sep 17 00:00:00 2001 From: Hanno Date: Sat, 14 Nov 2015 23:06:12 +0100 Subject: [PATCH] Fix use after free error. --- dbdimp.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) Index: libdbd-mysql-perl-4.025/dbdimp.c =================================================================== --- libdbd-mysql-perl-4.025.orig/dbdimp.c 2016-10-12 10:48:05.893858006 -0400 +++ libdbd-mysql-perl-4.025/dbdimp.c 2016-10-12 10:48:05.889857967 -0400 @@ -2038,10 +2038,6 @@ } result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, password, dbname, imp_dbh) ? TRUE : FALSE; - if (fresh && !result) { - /* Prevent leaks, but do not free in case of a reconnect. See #97625 */ - Safefree(imp_dbh->pmysql); - } return result; } @@ -2094,9 +2090,12 @@ if (!my_login(aTHX_ dbh, imp_dbh)) { - if(imp_dbh->pmysql) + if(imp_dbh->pmysql) { do_error(dbh, mysql_errno(imp_dbh->pmysql), mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); + Safefree(imp_dbh->pmysql); + + } return FALSE; } debian/patches/CVE-2016-1246.patch0000664000000000000000000000233212777450404013247 0ustar From 7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 Mon Sep 17 00:00:00 2001 From: Pali Date: Sun, 2 Oct 2016 22:09:26 +0200 Subject: [PATCH] Do not use unsafe sprintf w/variable length input This can cause a buffer overflow to occur when reporting error message about validation of (untrusted) user input parameters. --- dbdimp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: libdbd-mysql-perl-4.025/dbdimp.c =================================================================== --- libdbd-mysql-perl-4.025.orig/dbdimp.c 2016-10-12 10:48:14.661943408 -0400 +++ libdbd-mysql-perl-4.025/dbdimp.c 2016-10-12 10:48:14.661943408 -0400 @@ -4654,7 +4654,7 @@ int rc; int param_num= SvIV(param); int idx= param_num - 1; - char err_msg[64]; + char *err_msg; D_imp_xxh(sth); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION @@ -4696,9 +4696,9 @@ { if (! looks_like_number(value)) { - sprintf(err_msg, + err_msg = SvPVX(sv_2mortal(newSVpvf( "Binding non-numeric field %d, value %s as a numeric!", - param_num, neatsvpv(value,0)); + param_num, neatsvpv(value,0)))); do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL); } } debian/copyright0000664000000000000000000000444412236524054011134 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: DBD-mysql Upstream-Contact: Patrick Galbraith Source: https://metacpan.org/release/DBD-mysql Files: * Copyright: 2004-2013, Patrick Galbraith [large portions] 2003-2005, Rudolf Lippan [large portions] 1997-2003, Jochen Wiedmann [large portions] 2004-2006, Alexey Stroganov [large portions] 1994-1997, Alligator Descartes, Gary Shea, Andreas König, Tim Bunce License: Artistic or GPL-1+ Files: Makefile.PL Comment: portions of this file Copyright: 2005, MySQL AB & MySQL Finland AB & TCX DataKonsult AB License: GPL-2+ Files: debian/* Copyright: 1997-1999, Ben Gertzfield 1997, Christian Schwarz 1997, Scott Hanson 1999-2007, Raphael Hertzog 2000, Guillaume Morin 2006-2012, gregor herrmann 2008, Roberto C. Sanchez 2009, Gunnar Wolf 2009, Tim Retout 2009-2010, Krzysztof Krzyżaniak (eloy) 2010-2011, Ansgar Burchardt 2011, Nicholas Bamber 2012-2013, Xavier Guimard License: Artistic or GPL-1+ License: Artistic This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License, which comes with Perl. . On Debian systems, the complete text of the Artistic License can be found in `/usr/share/common-licenses/Artistic'. License: GPL-1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. . On Debian systems, the complete text of version 2 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/watch0000664000000000000000000000015312236524062010222 0ustar version=3 https://metacpan.org/release/DBD-mysql .*/DBD-mysql-v?(\d[\d.]+)\.(?:tar(?:\.gz|\.bz2)?|tgz|zip) debian/libdbd-mysql-perl.examples0000664000000000000000000000000511614473750014256 0ustar eg/* debian/rules0000775000000000000000000000220711627064424010257 0ustar #!/usr/bin/make -f PACKAGE = $(shell dh_listpackages) TMP = $(CURDIR)/debian/$(PACKAGE) PROB_FILE = mysql.mtest %: dh $@ --with perl_dbi override_dh_auto_configure: ! [ -e t/$(PROB_FILE) ] || mv t/$(PROB_FILE) debian/$(PROB_FILE).save dh_auto_configure -- --ssl --testuser=test override_dh_auto_test: dh_auto_test -- TEST_FILES='t/00base.t' override_dh_auto_install: dh_auto_install find $(TMP)/usr -name 'dbimon*' | xargs -r rm -f find $(TMP)/usr -name '*.pod' | xargs -r chmod 0644 [ ! -f $(TMP)/usr/lib/perl5/DBD/mysql/INSTALL.pod ] || $(RM) -v $(TMP)/usr/lib/perl5/DBD/mysql/INSTALL.pod [ ! -d $(TMP)/usr/lib/perl5/Bundle/ ] || $(RM) -vrf $(TMP)/usr/lib/perl5/Bundle/ [ ! -f $(TMP)/usr/share/man/man3/Bundle::DBD::mysql.3pm ] || $(RM) -v $(TMP)/usr/share/man/man3/Bundle::DBD::mysql.3pm [ ! -f $(TMP)/usr/share/man/man3/DBD::mysql::INSTALL.3pm ] || $(RM) -v $(TMP)/usr/share/man/man3/DBD::mysql::INSTALL.3pm override_dh_installexamples: dh_installexamples chmod a+x $(TMP)/usr/share/doc/$(PACKAGE)/examples/*.pl override_dh_clean: dh_clean ! [ -e debian/$(PROB_FILE).save ] \ || mv debian/$(PROB_FILE).save t/$(PROB_FILE)