Branch: refs/heads/master
  Home:   https://github.com/perl5-dbi/dbi
  Commit: 32398bff24f054f4e9b48b97ecb70ce72267296c
      
https://github.com/perl5-dbi/dbi/commit/32398bff24f054f4e9b48b97ecb70ce72267296c
  Author: Jens Rehsack <s...@netbsd.org>
  Date:   2020-10-06 (Tue, 06 Oct 2020)

  Changed paths:
    M lib/DBD/File.pm
    M lib/DBI/DBD/SqlEngine.pm

  Log Message:
  -----------
  DBD/File,DBI/DBD/SqlEngine: bump copyright year

Bump copyright years for both since there has been done work in meantime ...
including intended f_dir= fix for CVE-2014-10401

Signed-off-by: Jens Rehsack <s...@netbsd.org>


  Commit: 27b10b5c3aacabc091046beaba478e671bb6111c
      
https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c
  Author: Jens Rehsack <s...@netbsd.org>
  Date:   2020-10-06 (Tue, 06 Oct 2020)

  Changed paths:
    M t/51dbm_file.t

  Log Message:
  -----------
  t/51dbm_file.t: add test from RT#99508

Add test with f_dir="something-not-existing" as reported in RT#99508
to verify when it's fixed for real.

Signed-off-by: Jens Rehsack <s...@netbsd.org>


  Commit: 19d0fb169eed475e1c053e99036b8668625cfa94
      
https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94
  Author: Jens Rehsack <s...@netbsd.org>
  Date:   2020-10-21 (Wed, 21 Oct 2020)

  Changed paths:
    M lib/DBD/File.pm

  Log Message:
  -----------
  lib/DBD/File.pm: fix CVE-2014-10401

Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and
figure out that DBI->parse_dsn is the wrong helper to parse our attributes in
DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes
parse_dsn to bailout.

Parsing on our own similar to parse_dsn shows the way out.

Signed-off-by: Jens Rehsack <s...@netbsd.org>


  Commit: 12e3b14f54524ca81498f40cfa3678604429b2d6
      
https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6
  Author: H.Merijn Brand <pe...@tux.freedom.nl>
  Date:   2020-10-28 (Wed, 28 Oct 2020)

  Changed paths:
    M lib/DBD/File.pm
    M lib/DBI/DBD/SqlEngine.pm
    M t/51dbm_file.t

  Log Message:
  -----------
  Merge pull request #93 from rehsack/f_dir-dsn-string-params

Fix for CVE-2014-10401


Compare: https://github.com/perl5-dbi/dbi/compare/deacbb28b81f...12e3b14f5452

Reply via email to