Branch: refs/heads/master Home: https://github.com/perl5-dbi/dbi Commit: 32398bff24f054f4e9b48b97ecb70ce72267296c https://github.com/perl5-dbi/dbi/commit/32398bff24f054f4e9b48b97ecb70ce72267296c Author: Jens Rehsack <s...@netbsd.org> Date: 2020-10-06 (Tue, 06 Oct 2020)
Changed paths: M lib/DBD/File.pm M lib/DBI/DBD/SqlEngine.pm Log Message: ----------- DBD/File,DBI/DBD/SqlEngine: bump copyright year Bump copyright years for both since there has been done work in meantime ... including intended f_dir= fix for CVE-2014-10401 Signed-off-by: Jens Rehsack <s...@netbsd.org> Commit: 27b10b5c3aacabc091046beaba478e671bb6111c https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c Author: Jens Rehsack <s...@netbsd.org> Date: 2020-10-06 (Tue, 06 Oct 2020) Changed paths: M t/51dbm_file.t Log Message: ----------- t/51dbm_file.t: add test from RT#99508 Add test with f_dir="something-not-existing" as reported in RT#99508 to verify when it's fixed for real. Signed-off-by: Jens Rehsack <s...@netbsd.org> Commit: 19d0fb169eed475e1c053e99036b8668625cfa94 https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94 Author: Jens Rehsack <s...@netbsd.org> Date: 2020-10-21 (Wed, 21 Oct 2020) Changed paths: M lib/DBD/File.pm Log Message: ----------- lib/DBD/File.pm: fix CVE-2014-10401 Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and figure out that DBI->parse_dsn is the wrong helper to parse our attributes in DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes parse_dsn to bailout. Parsing on our own similar to parse_dsn shows the way out. Signed-off-by: Jens Rehsack <s...@netbsd.org> Commit: 12e3b14f54524ca81498f40cfa3678604429b2d6 https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6 Author: H.Merijn Brand <pe...@tux.freedom.nl> Date: 2020-10-28 (Wed, 28 Oct 2020) Changed paths: M lib/DBD/File.pm M lib/DBI/DBD/SqlEngine.pm M t/51dbm_file.t Log Message: ----------- Merge pull request #93 from rehsack/f_dir-dsn-string-params Fix for CVE-2014-10401 Compare: https://github.com/perl5-dbi/dbi/compare/deacbb28b81f...12e3b14f5452