Hello community, here is the log from the commit of package perl-DBD-mysql for openSUSE:Factory checked in at 2016-10-10 16:23:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-DBD-mysql (Old) and /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-DBD-mysql" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-DBD-mysql/perl-DBD-mysql.changes 2016-09-05 21:22:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new/perl-DBD-mysql.changes 2016-10-10 16:23:48.000000000 +0200 @@ -1,0 +2,13 @@ +Tue Oct 4 05:17:34 UTC 2016 - [email protected] + +- updated to 4.037 + see /usr/share/doc/packages/perl-DBD-mysql/Changes + + 2016-10-03 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037) + * Security release to patch possible buffer overflow in prepared + statements. Reported and fixed by Pali Rohár. This vulnerability + is present in all releases at least back to versions 3.0 of the + driver, which were released in 2005. + The CVE identifier for this vulnerability is CVE-2016-1246. + +------------------------------------------------------------------- Old: ---- DBD-mysql-4.036.tar.gz New: ---- DBD-mysql-4.037.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-DBD-mysql.spec ++++++ --- /var/tmp/diff_new_pack.OY4Ylr/_old 2016-10-10 16:23:51.000000000 +0200 +++ /var/tmp/diff_new_pack.OY4Ylr/_new 2016-10-10 16:23:51.000000000 +0200 @@ -17,7 +17,7 @@ Name: perl-DBD-mysql -Version: 4.036 +Version: 4.037 Release: 0 %define cpan_name DBD-mysql Summary: MySQL driver for the Perl5 Database Interface (DBI) ++++++ DBD-mysql-4.036.tar.gz -> DBD-mysql-4.037.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/Changes new/DBD-mysql-4.037/Changes --- old/DBD-mysql-4.036/Changes 2016-08-23 07:58:39.000000000 +0200 +++ new/DBD-mysql-4.037/Changes 2016-10-03 08:52:35.000000000 +0200 @@ -1,3 +1,10 @@ +2016-10-03 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037) +* Security release to patch possible buffer overflow in prepared + statements. Reported and fixed by Pali Rohár. This vulnerability + is present in all releases at least back to versions 3.0 of the + driver, which were released in 2005. + The CVE identifier for this vulnerability is CVE-2016-1246. + 2016-08-23 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.036) Stable version, to include all changes since 4.035. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/META.json new/DBD-mysql-4.037/META.json --- old/DBD-mysql-4.036/META.json 2016-08-23 07:58:58.000000000 +0200 +++ new/DBD-mysql-4.037/META.json 2016-10-03 08:53:48.000000000 +0200 @@ -4,7 +4,7 @@ "Patrick Galbraith <[email protected]>" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150005", + "generated_by" : "ExtUtils::MakeMaker version 7.1001, CPAN::Meta::Converter version 2.150005", "license" : [ "perl_5" ], @@ -22,7 +22,10 @@ "prereqs" : { "build" : { "requires" : { - "ExtUtils::MakeMaker" : "0" + "ExtUtils::MakeMaker" : "0", + "Test::Deep" : "0", + "Test::Simple" : "0.90", + "Time::HiRes" : "0" } }, "configure" : { @@ -36,13 +39,6 @@ "DBI" : "1.609", "perl" : "5.008001" } - }, - "test" : { - "requires" : { - "Test::Deep" : "0", - "Test::Simple" : "0.90", - "Time::HiRes" : "0" - } } }, "release_status" : "stable", @@ -57,7 +53,7 @@ "x_IRC" : "irc://irc.perl.org/#dbi", "x_MailingList" : "mailto:[email protected]"; }, - "version" : "4.036", + "version" : "4.037", "x_contributors" : [ "Alexandr Ciornii <[email protected]>", "Alexey Molchanov <[email protected]>", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/META.yml new/DBD-mysql-4.037/META.yml --- old/DBD-mysql-4.036/META.yml 2016-08-23 07:58:58.000000000 +0200 +++ new/DBD-mysql-4.037/META.yml 2016-10-03 08:53:48.000000000 +0200 @@ -11,7 +11,7 @@ DBI: '1.609' Data::Dumper: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150005' +generated_by: 'ExtUtils::MakeMaker version 7.1001, CPAN::Meta::Converter version 2.150005' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -30,7 +30,7 @@ homepage: http://dbi.perl.org/ license: http://dev.perl.org/licenses/ repository: https://github.com/perl5-dbi/DBD-mysql -version: '4.036' +version: '4.037' x_contributors: - 'Alexandr Ciornii <[email protected]>' - 'Alexey Molchanov <[email protected]>' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/dbdimp.c new/DBD-mysql-4.037/dbdimp.c --- old/DBD-mysql-4.036/dbdimp.c 2016-08-01 08:26:44.000000000 +0200 +++ new/DBD-mysql-4.037/dbdimp.c 2016-10-03 08:52:35.000000000 +0200 @@ -4783,7 +4783,7 @@ int rc; int param_num= SvIV(param); int idx= param_num - 1; - char err_msg[64]; + char *err_msg; D_imp_xxh(sth); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION @@ -4826,9 +4826,9 @@ { if (! looks_like_number(value)) { - sprintf(err_msg, + err_msg = SvPVX(sv_2mortal(newSVpvf( "Binding non-numeric field %d, value %s as a numeric!", - param_num, neatsvpv(value,0)); + param_num, neatsvpv(value,0)))); do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/lib/Bundle/DBD/mysql.pm new/DBD-mysql-4.037/lib/Bundle/DBD/mysql.pm --- old/DBD-mysql-4.036/lib/Bundle/DBD/mysql.pm 2016-08-23 07:58:39.000000000 +0200 +++ new/DBD-mysql-4.037/lib/Bundle/DBD/mysql.pm 2016-10-03 08:52:35.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '4.036'; +our $VERSION = '4.037'; 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.036/lib/DBD/mysql.pm new/DBD-mysql-4.037/lib/DBD/mysql.pm --- old/DBD-mysql-4.036/lib/DBD/mysql.pm 2016-08-23 07:58:39.000000000 +0200 +++ new/DBD-mysql-4.037/lib/DBD/mysql.pm 2016-10-03 08:52:35.000000000 +0200 @@ -15,7 +15,7 @@ # SQL_DRIVER_VER is formatted as dd.dd.dddd # for version 5.x please switch to 5.00(_00) version numbering # keep $VERSION in Bundle/DBD/mysql.pm in sync -our $VERSION = '4.036'; +our $VERSION = '4.037'; bootstrap DBD::mysql $VERSION;
