(if you rather read a website than plain text, this is also on my site: https://huntingbears.nl/2017/03/02/dbdmysql-even-more-utf8-issues-fixed-super-ci/)
In my previous mail (https://huntingbears.nl/2016/12/14/dbdmysql-all-your-utf-8-bugs-are-belong-to-us/) I explained how many utf-8 related issues are now fixed in the latest DBD::mysql development release, and I asked for feedback and testing from our users. Even better utf-8 handling ---------------------------------- I'm happy to inform you that, thanks to your feedback, we've now released yet another development version, with even more UTF8 issues fixed. Tanabe Yoshinori reported that column names and database warnings were not properly encoded and prolific contributor Pali Rohár fixed that issue, and much more. Serialization issue under taint mode ---------------------------------------------- One other issue which was reported by amavisd users has to do with how perl stores values internally under taint mode, which is the default way amavisd is run. This is now fixed, see for more information https://github.com/perl5-dbi/DBD-mysql/issues/78 Extreme CI testing setup -------------------------------- And Pali also modified our Travis setup so we now do continuous integration testing not only on many different perl versions, but also using many different MySQL and MariaDB versions. This uncovered many smaller and larger issues and we can compile again all the way back with MySQL against version 4 if you would want that (and we had multiple people wanting that and filing bug reports for this in the past). See our .travis.yml file here: https://github.com/perl5-dbi/DBD-mysql/blob/master/.travis.yml This also lead to Pali discovering a use-after-free security issue in libmysqlclient which was fixed in MySQL 5.6 and up but still present in 5.5 and also in MariaDB. It got assigned CVE identifier CVE-2017-3302 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302 - see for more info this thread on oss-security: http://www.openwall.com/lists/oss-security/2017/02/11/11 . Your feedback is welcome! ---------------------------------- Find the full change log below; when all is well on Wednesday 8th of March we'll release the stable version 4.042, including all these changes, as well as the changes from the previous post. You can leave your feedback via the DBI-users mailing list: http://lists.perl.org/list/dbi-users.html or using our GitHub page: https://github.com/perl5-dbi/DBD-mysql/ 2017-02-28 change log of version 4.041_2 ---------------------------------------------------------- * Statement handle now also has mysql_sock attribute, just as database handle. (by Pali) * Fix type conversions for magic types. Issue reported by Dmitriy Yatsenko and Giovanni Bechis, fix by Pali. https://lists.amavis.org/pipermail/amavis-users/2016-December/004674.html https://github.com/perl5-dbi/DBD-mysql/issues/78 * Fix UTF8-encoding of table names, field names, warnings and error messages. Reported by Tanabe Yoshinori, fix by Pali. https://rt.cpan.org/Public/Bug/Display.html?id=120141 * Fix mysql_auto_reconnect when using mysql_server_prepare (pali). Reported by Vladimir Marek. https://github.com/perl5-dbi/DBD-mysql/pull/95 * Improve regex for removing database from dsn (pali) https://rt.cpan.org/Public/Bug/Display.html?id=118837 * Locate MySQL libs using Devel::CheckLib (pali) * Support async on Windows (pali) * Fix test suite on range of older and newer MySQL and MariaDB versions (https://github.com/perl5-dbi/DBD-mysql/pull/87) * Fix compilation on MySQL 4.1 (pali) * Do not leak dangling pointer to mysql result (pali) * Fix logic when assigning to variable bind_comment_placeholders (pali) * mysql_fd() still returned file descriptor after closing connection. Reported by Larry Leszczynski, fixed by Pali Rohár. (https://rt.cpan.org/Public/Bug/Display.html?id=110983) * Fix parsing configure libs from mysql_config --libs output in Makefile.PL Libraries in mysql_config --libs output can be specified by library name with the -l prefix or by absolute path to library name without any prefix. Parameters must start with a hyphen, so treat all options without leading hyphen in mysql_config --libs output as libraries with full path. Partially fixes bug https://rt.cpan.org/Public/Bug/Display.html?id=100898 Fix by Pali Rohár. * Fix support for magic scalars (pali) (https://github.com/perl5-dbi/DBD-mysql/pull/76)