Hello community, here is the log from the commit of package perl-DBD-mysql for openSUSE:Factory checked in at 2018-04-25 09:59:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-DBD-mysql (Old) and /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-DBD-mysql" Wed Apr 25 09:59:05 2018 rev:50 rq:599996 version:4.046 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-DBD-mysql/perl-DBD-mysql.changes 2017-11-19 11:06:29.594102920 +0100 +++ /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new/perl-DBD-mysql.changes 2018-04-25 09:59:09.715662812 +0200 @@ -1,0 +2,36 @@ +Wed Apr 18 15:35:43 UTC 2018 - kstreit...@suse.com + +- updated to 4.046 + 4.046 + * Version bump because of issue with META file in 4.045 release. + 4.045 + * Use API function for reconnect; fixes compilation on MariaDB + 10.2.6+. + * Fixed broken link to MySQL download page + * Spelling fixes + 4.044 + * Reapply https://github.com/perl5-dbi/DBD-mysql/pull/114 + "Improve SSL settings, reflect changes for BACKRONYM and + Riddle vulnerabilities, enforce SSL encryption when mysql_ssl=1 + is set" [bsc#1047059] [CVE-2017-10789] + * Fix parsing configure libs from mysql_config --libs output + in Makefile.PL. Libraries in mysql_config --libs output can be + specified by library name with the -l prefix or by absolute path + to library name without any prefix. Parameters must start with a + hyphen, so treat all options without leading hyphen in + mysql_config --libs output as libraries with full path. + Partially fixes bug + https://rt.cpan.org/Public/Bug/Display.html?id=100898 + * Return INTs with ZEROFILL as strings. + https://rt.cpan.org/Public/Bug/Display.html?id=118977 + * Correct require on relative path for perl 5.26. + https://github.com/perl5-dbi/DBD-mysql/pull/136 +- remove the following patches that are no longer needed: + * perl-DBD-mysql-4.043-CVE-2017-10788.patch + * perl-DBD-mysql-4.043-Fix-build-failures-for-MariaDB.patch +- add perl-DBD-mysql-4.046-fix_00base_test.patch to fix 00base test +- add Devel::CheckLib BuildRequires +- switch from libmysqlclient-devel to libmariadb-devel +- run spec-cleaner + +------------------------------------------------------------------- Old: ---- DBD-mysql-4.043.tar.gz perl-DBD-mysql-4.043-CVE-2017-10788.patch perl-DBD-mysql-4.043-Fix-build-failures-for-MariaDB.patch New: ---- DBD-mysql-4.046.tar.gz perl-DBD-mysql-4.046-fix_00base_test.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-DBD-mysql.spec ++++++ --- /var/tmp/diff_new_pack.tOVeZg/_old 2018-04-25 09:59:10.687627154 +0200 +++ /var/tmp/diff_new_pack.tOVeZg/_new 2018-04-25 09:59:10.691627007 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-DBD-mysql # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,30 +16,27 @@ # +%define cpan_name DBD-mysql Name: perl-DBD-mysql -Version: 4.043 +Version: 4.046 Release: 0 -%define cpan_name DBD-mysql Summary: MySQL driver for the Perl5 Database Interface (DBI) -License: Artistic-1.0 or GPL-1.0+ +License: Artistic-1.0 OR GPL-1.0-or-later Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/DBD-mysql/ -Source0: https://cpan.metacpan.org/authors/id/M/MI/MICHIELB/%{cpan_name}-%{version}.tar.gz +Source0: http://search.cpan.org/CPAN/authors/id/C/CA/CAPTTOFU/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml -# PATCH-FIX-UPSTREAM CVE-2017-10788 bsc#1047095 pmonrealgonza...@suse.com - DoS or possibly RCE through use-after-free -Patch1: perl-DBD-mysql-4.043-CVE-2017-10788.patch -# bsc#1067882 perl-DBD-mysql-4.043-Fix-build-failures-for-MariaDB.patch -Patch2: perl-DBD-mysql-4.043-Fix-build-failures-for-MariaDB.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch0: perl-DBD-mysql-4.046-fix_00base_test.patch BuildRequires: perl BuildRequires: perl-macros BuildRequires: perl(DBI) >= 1.609 +BuildRequires: perl(Devel::CheckLib) >= 1.09 BuildRequires: perl(Test::Deep) BuildRequires: perl(Test::Simple) >= 0.90 Requires: perl(DBI) >= 1.609 %{perl_requires} # MANUAL BEGIN -BuildRequires: libmysqlclient-devel +BuildRequires: libmariadb-devel # MANUAL END %description @@ -53,15 +50,13 @@ %prep %setup -q -n %{cpan_name}-%{version} find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 -%patch1 -p1 -%patch2 -p1 - +%patch0 -p1 %build -%{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" -%{__make} %{?_smp_mflags} +perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" +make %{?_smp_mflags} %check -%{__make} test +make %{?_smp_mflags} test %install %perl_make_install ++++++ DBD-mysql-4.043.tar.gz -> DBD-mysql-4.046.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/Changes new/DBD-mysql-4.046/Changes --- old/DBD-mysql-4.043/Changes 2017-06-29 11:25:19.000000000 +0200 +++ new/DBD-mysql-4.046/Changes 2018-02-07 02:57:21.000000000 +0100 @@ -1,3 +1,27 @@ +2018-02-06 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.045) +* Use API function for reconnect; fixes compilation on MariaDB 10.2.6+. + Fix provided by Pali. +* Fixed broken link to MySQL download page, provided by Mohammad S Anwar. +* Spelling fixes, provided by Ville Skyttä. + + +2018-01-22 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.044) +* Reapply https://github.com/perl5-dbi/DBD-mysql/pull/114 + "Improve SSL settings, reflect changes for BACKRONYM and + Riddle vulnerabilities, enforce SSL encryption when mysql_ssl=1 is set" + Thank you to Pali Rohar, Daniël van Eeden, Booking.com, et al:w +* Fix parsing configure libs from mysql_config --libs output in Makefile.PL + Libraries in mysql_config --libs output can be specified by library name + with the -l prefix or by absolute path to library name without any prefix. + Parameters must start with a hyphen, so treat all options without leading + hyphen in mysql_config --libs output as libraries with full path. + Partially fixes bug https://rt.cpan.org/Public/Bug/Display.html?id=100898 + Fix by Pali Rohár. +* Return INTs with ZEROFILL as strings. Reported by Knarf, fix by Pali Rohár. + https://rt.cpan.org/Public/Bug/Display.html?id=118977 +* Correct require on relative path for perl 5.26. Fix by Grinnz. + https://github.com/perl5-dbi/DBD-mysql/pull/136 + 2017-06-29 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.043) YOUR ATTENTION PLEASE, THIS IS A REVERT TO 4.041 @@ -409,7 +433,7 @@ 2010-07-10 Patrick Galbraith <patg at patg dot net> (4.016) * Disabled mysql_bind_type_guessing due to one performance issue - querying on a indexed character column unquoted will mean the index + querying on an indexed character column unquoted will mean the index is not used * Fixed int types that should be bools @@ -1424,7 +1448,7 @@ * Makefile.lib (InitializeMysql): Modified order of -I statements (Inside MySQL distribution it can happen that headers of recently installed DBI versions are used instead of the correct headers.) - * nodbd/nodbd.xs.in, nodbd/typemap: Supressed warning for + * nodbd/nodbd.xs.in, nodbd/typemap: Suppressed warning for undef'd argument in connect method. (Chris Holt, <x...@migraine.stanford.edu>) * nodbd/nodbd.xs.in: Fixed definition of 'HOST' attribute @@ -1679,7 +1703,7 @@ Added the memory bug patch to this. 96.06.18 Added pod documentation to mysql.pm and the possibility - to retreive insert_id. This was done by Nathan Torkington. + to retrieve insert_id. This was done by Nathan Torkington. Fixed memory bug that sql results never was freed. Now a result is freed when one calls the 'finish' action. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/MANIFEST new/DBD-mysql-4.046/MANIFEST --- old/DBD-mysql-4.043/MANIFEST 2017-06-29 23:10:33.000000000 +0200 +++ new/DBD-mysql-4.046/MANIFEST 2018-02-08 21:46:46.000000000 +0100 @@ -70,11 +70,15 @@ t/89async-method-check.t t/90no-async.t t/91errcheck.t +t/92ssl_optional.t +t/92ssl_backronym_vulnerability.t +t/92ssl_riddle_vulnerability.t t/99_bug_server_prepare_blob_null.t t/lib.pl t/manifest.t t/mysql.dbtest t/pod.t +t/rt118977-zerofill.t t/rt25389-bin-case.t t/rt50304-column_info_parentheses.t t/rt61849-bind-param-buffer-overflow.t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/META.json new/DBD-mysql-4.046/META.json --- old/DBD-mysql-4.043/META.json 2017-06-29 23:10:33.000000000 +0200 +++ new/DBD-mysql-4.046/META.json 2018-02-08 21:46:46.000000000 +0100 @@ -3,8 +3,8 @@ "author" : [ "Patrick Galbraith <p...@patg.net>" ], - "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150010", + "dynamic_config" : 0, + "generated_by" : "ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150005", "license" : [ "perl_5" ], @@ -47,21 +47,27 @@ }, "release_status" : "stable", "resources" : { + "bugtracker" : { + "web" : "https://github.com/perl5-dbi/DBD-mysql/issues" + }, "homepage" : "http://dbi.perl.org/", "license" : [ "http://dev.perl.org/licenses/" ], "repository" : { - "url" : "https://github.com/perl5-dbi/DBD-mysql" + "type" : "git", + "url" : "https://github.com/perl5-dbi/DBD-mysql.git", + "web" : "https://github.com/perl5-dbi/DBD-mysql" }, "x_IRC" : "irc://irc.perl.org/#dbi", "x_MailingList" : "mailto:dbi-...@perl.org" }, - "version" : "4.043", + "version" : "4.046", "x_contributors" : [ "Alexandr Ciornii <alexcho...@gmail.com>", "Alexey Molchanov <alexey.molcha...@portaone.com>", "Amiri Barksdale at Home <am...@roosterpirates.com>", + "Andrew Miller <ikari7...@yahoo.com>", "Aran Deltac <bluef...@gmail.com>", "Bernt M. Johnsen <bernt.john...@oracle.com>", "Chase Whitener <chase.white...@infotechfl.com>", @@ -72,12 +78,14 @@ "Dagfinn Ilmari Mannsåker <ilm...@ilmari.org>", "Daisuke Murase <types...@cpan.org>", "Damyan Ivanov <d...@debian.org>", + "Dan Book <gri...@gmail.com>", "Daniël van Eeden <daniel.vanee...@booking.com>", + "Dave Lambley <davel@isosceles.(none)>", "David Farrell <davidnmfarr...@gmail.com>", "David Steinbrunner <dsteinbrun...@pobox.com>", "Giovanni Bechis <giova...@bigio.snb.it>", "Graham Ollis <plice...@cpan.org>", - "H.Merijn Brand <h.m.br...@xs4all.nl>", + "H.Merijn Brand - Tux <h.m.br...@xs4all.nl>", "Hanno <ha...@gentoo.org>", "James McCoy <james...@jamessan.com>", "Jim Winstead <j...@trainedmonkey.com>", @@ -88,6 +96,7 @@ "Matthew Horsfall (alh) <wolfs...@gmail.com>", "Michiel Beijen <michiel.bei...@gmail.com>", "Mike Pomraning <m...@pilcrow.madison.wi.us>", + "Mohammad S Anwar <mohammad.an...@yahoo.com>", "Pali <p...@cpan.org>", "Patrick Galbraith <p...@patg.net>", "Perlover <perlo...@perlover.com>", @@ -105,6 +114,7 @@ "Taro Kobayashi <9re.3...@gmail.com>", "Tatsuhiko Miyagawa <miyag...@bulknews.net>", "Tim Mullin <t...@cpanel.net>", + "Ville Skyttä <ville.sky...@iki.fi>", "Vladimir Marek <vlma...@volny.cz>", "katyavoid <katyav...@gmail.com>", "kmx <k...@cpan.org>", @@ -112,5 +122,5 @@ "zefram <zef...@fysh.org>", "zentooo <ankera...@gmail.com>" ], - "x_serialization_backend" : "JSON::PP version 2.27300" + "x_serialization_backend" : "JSON::PP version 2.27300_01" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/META.yml new/DBD-mysql-4.046/META.yml --- old/DBD-mysql-4.043/META.yml 2017-06-29 23:10:32.000000000 +0200 +++ new/DBD-mysql-4.046/META.yml 2018-02-08 21:46:46.000000000 +0100 @@ -10,8 +10,8 @@ configure_requires: DBI: '1.609' Data::Dumper: '0' -dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150010' +dynamic_config: 0 +generated_by: 'ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150005' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -27,14 +27,16 @@ resources: IRC: irc://irc.perl.org/#dbi MailingList: mailto:dbi-...@perl.org + bugtracker: https://github.com/perl5-dbi/DBD-mysql/issues homepage: http://dbi.perl.org/ license: http://dev.perl.org/licenses/ - repository: https://github.com/perl5-dbi/DBD-mysql -version: '4.043' + repository: https://github.com/perl5-dbi/DBD-mysql.git +version: '4.046' x_contributors: - 'Alexandr Ciornii <alexcho...@gmail.com>' - 'Alexey Molchanov <alexey.molcha...@portaone.com>' - 'Amiri Barksdale at Home <am...@roosterpirates.com>' + - 'Andrew Miller <ikari7...@yahoo.com>' - 'Aran Deltac <bluef...@gmail.com>' - 'Bernt M. Johnsen <bernt.john...@oracle.com>' - 'Chase Whitener <chase.white...@infotechfl.com>' @@ -45,12 +47,14 @@ - 'Dagfinn Ilmari Mannsåker <ilm...@ilmari.org>' - 'Daisuke Murase <types...@cpan.org>' - 'Damyan Ivanov <d...@debian.org>' + - 'Dan Book <gri...@gmail.com>' - 'Daniël van Eeden <daniel.vanee...@booking.com>' + - 'Dave Lambley <davel@isosceles.(none)>' - 'David Farrell <davidnmfarr...@gmail.com>' - 'David Steinbrunner <dsteinbrun...@pobox.com>' - 'Giovanni Bechis <giova...@bigio.snb.it>' - 'Graham Ollis <plice...@cpan.org>' - - 'H.Merijn Brand <h.m.br...@xs4all.nl>' + - 'H.Merijn Brand - Tux <h.m.br...@xs4all.nl>' - 'Hanno <ha...@gentoo.org>' - 'James McCoy <james...@jamessan.com>' - 'Jim Winstead <j...@trainedmonkey.com>' @@ -61,6 +65,7 @@ - 'Matthew Horsfall (alh) <wolfs...@gmail.com>' - 'Michiel Beijen <michiel.bei...@gmail.com>' - 'Mike Pomraning <m...@pilcrow.madison.wi.us>' + - 'Mohammad S Anwar <mohammad.an...@yahoo.com>' - 'Pali <p...@cpan.org>' - 'Patrick Galbraith <p...@patg.net>' - 'Perlover <perlo...@perlover.com>' @@ -78,6 +83,7 @@ - 'Taro Kobayashi <9re.3...@gmail.com>' - 'Tatsuhiko Miyagawa <miyag...@bulknews.net>' - 'Tim Mullin <t...@cpanel.net>' + - 'Ville Skyttä <ville.sky...@iki.fi>' - 'Vladimir Marek <vlma...@volny.cz>' - 'katyavoid <katyav...@gmail.com>' - 'kmx <k...@cpan.org>' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/Makefile.PL new/DBD-mysql-4.046/Makefile.PL --- old/DBD-mysql-4.043/Makefile.PL 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/Makefile.PL 2018-02-04 21:46:33.000000000 +0100 @@ -21,7 +21,7 @@ { local ($::test_host, $::test_port, $::test_user, $::test_socket, $::test_password, $::test_db, $::test_force_embedded); -eval { require "t/mysql.mtest"; 1; } || eval { require "../t/mysql.mtest"; 1; } and do { +eval { require "./t/mysql.mtest"; 1; } || eval { require "../t/mysql.mtest"; 1; } and do { $opt->{'testhost'} = $::test_host; $opt->{'testport'} = $::test_port; $opt->{'testuser'} = $::test_user; @@ -376,12 +376,19 @@ LICENSE => 'perl', MIN_PERL_VERSION => '5.008001', META_MERGE => { + 'meta-spec' => { version => 2 }, + dynamic_config => 0, resources => { - repository => 'https://github.com/perl5-dbi/DBD-mysql', - MailingList => 'mailto:dbi-...@perl.org', - license => 'http://dev.perl.org/licenses/', - homepage => 'http://dbi.perl.org/', - IRC => 'irc://irc.perl.org/#dbi', + repository => { + type => 'git', + url => 'https://github.com/perl5-dbi/DBD-mysql.git', + web => 'https://github.com/perl5-dbi/DBD-mysql', + }, + bugtracker => { web => 'https://github.com/perl5-dbi/DBD-mysql/issues' }, + x_MailingList => 'mailto:dbi-...@perl.org', + license => ['http://dev.perl.org/licenses/'], + homepage => 'http://dbi.perl.org/', + x_IRC => 'irc://irc.perl.org/#dbi', }, x_contributors => [ # a list of our awesome contributors generated from git @@ -391,6 +398,7 @@ 'Alexandr Ciornii <alexcho...@gmail.com>', 'Alexey Molchanov <alexey.molcha...@portaone.com>', 'Amiri Barksdale at Home <am...@roosterpirates.com>', + 'Andrew Miller <ikari7...@yahoo.com>', 'Aran Deltac <bluef...@gmail.com>', 'Bernt M. Johnsen <bernt.john...@oracle.com>', 'Chase Whitener <chase.white...@infotechfl.com>', @@ -401,12 +409,14 @@ 'Dagfinn Ilmari Mannsåker <ilm...@ilmari.org>', 'Daisuke Murase <types...@cpan.org>', 'Damyan Ivanov <d...@debian.org>', + 'Dan Book <gri...@gmail.com>', 'Daniël van Eeden <daniel.vanee...@booking.com>', + 'Dave Lambley <davel@isosceles.(none)>', 'David Farrell <davidnmfarr...@gmail.com>', 'David Steinbrunner <dsteinbrun...@pobox.com>', 'Giovanni Bechis <giova...@bigio.snb.it>', 'Graham Ollis <plice...@cpan.org>', - 'H.Merijn Brand <h.m.br...@xs4all.nl>', + 'H.Merijn Brand - Tux <h.m.br...@xs4all.nl>', 'Hanno <ha...@gentoo.org>', 'James McCoy <james...@jamessan.com>', 'Jim Winstead <j...@trainedmonkey.com>', @@ -417,6 +427,7 @@ 'Matthew Horsfall (alh) <wolfs...@gmail.com>', 'Michiel Beijen <michiel.bei...@gmail.com>', 'Mike Pomraning <m...@pilcrow.madison.wi.us>', + 'Mohammad S Anwar <mohammad.an...@yahoo.com>', 'Pali <p...@cpan.org>', 'Patrick Galbraith <p...@patg.net>', 'Perlover <perlo...@perlover.com>', @@ -434,6 +445,7 @@ 'Taro Kobayashi <9re.3...@gmail.com>', 'Tatsuhiko Miyagawa <miyag...@bulknews.net>', 'Tim Mullin <t...@cpanel.net>', + 'Ville Skyttä <ville.sky...@iki.fi>', 'Vladimir Marek <vlma...@volny.cz>', 'katyavoid <katyav...@gmail.com>', 'kmx <k...@cpan.org>', @@ -578,7 +590,7 @@ if ($param eq 'libs') { my (@libs, @ldflags); for (split ' ', $str) { - if (/^-[Ll]/) { push @libs, $_ } + if (/^-[Ll]/ || /^[^\-]/) { push @libs, $_ } else { push @ldflags, $_ } } $str = "@libs"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/dbdimp.c new/DBD-mysql-4.046/dbdimp.c --- old/DBD-mysql-4.043/dbdimp.c 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/dbdimp.c 2018-02-04 21:46:33.000000000 +0100 @@ -1506,6 +1506,29 @@ } \ } +static void set_ssl_error(MYSQL *sock, const char *error) +{ + const char *prefix = "SSL connection error: "; + STRLEN prefix_len; + STRLEN error_len; + + sock->net.last_errno = CR_SSL_CONNECTION_ERROR; + strcpy(sock->net.sqlstate, "HY000"); + + prefix_len = strlen(prefix); + if (prefix_len > sizeof(sock->net.last_error) - 1) + prefix_len = sizeof(sock->net.last_error) - 1; + memcpy(sock->net.last_error, prefix, prefix_len); + + error_len = strlen(error); + if (prefix_len + error_len > sizeof(sock->net.last_error) - 1) + error_len = sizeof(sock->net.last_error) - prefix_len - 1; + if (prefix_len + error_len > 100) + error_len = 100 - prefix_len; + memcpy(sock->net.last_error + prefix_len, error, error_len); + + sock->net.last_error[prefix_len + error_len] = 0; +} /*************************************************************************** * @@ -1746,12 +1769,17 @@ if ((svp = hv_fetch(hv, "mysql_skip_secure_auth", 22, FALSE)) && *svp && SvTRUE(*svp)) { +#if LIBMYSQL_VERSION_ID > SECURE_AUTH_LAST_VERSION + croak("mysql_skip_secure_auth not supported"); +#endif +#if MYSQL_VERSION_ID <= SECURE_AUTH_LAST_VERSION my_bool secauth = 0; if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "imp_dbh->mysql_dr_connect: Skipping" \ " secure auth\n"); mysql_options(sock, MYSQL_SECURE_AUTH, &secauth); +#endif } if ((svp = hv_fetch(hv, "mysql_read_default_file", 23, FALSE)) && *svp && SvTRUE(*svp)) @@ -1898,28 +1926,34 @@ } #endif + if ((svp = hv_fetch(hv, "mysql_ssl", 9, FALSE)) && *svp && SvTRUE(*svp)) + { + my_bool ssl_enforce = 1; #if defined(DBD_MYSQL_WITH_SSL) && !defined(DBD_MYSQL_EMBEDDED) && \ (defined(CLIENT_SSL) || (MYSQL_VERSION_ID >= 40000)) - if ((svp = hv_fetch(hv, "mysql_ssl", 9, FALSE)) && *svp) - { - if (SvTRUE(*svp)) - { char *client_key = NULL; char *client_cert = NULL; char *ca_file = NULL; char *ca_path = NULL; char *cipher = NULL; STRLEN lna; -#if MYSQL_VERSION_ID >= SSL_VERIFY_VERSION && MYSQL_VERSION_ID <= SSL_LAST_VERIFY_VERSION - /* - New code to utilise MySQLs new feature that verifies that the - server's hostname that the client connects to matches that of - the certificate - */ - my_bool ssl_verify_true = 0; - if ((svp = hv_fetch(hv, "mysql_ssl_verify_server_cert", 28, FALSE)) && *svp) - ssl_verify_true = SvTRUE(*svp); -#endif + unsigned int ssl_mode; + my_bool ssl_verify = 0; + my_bool ssl_verify_set = 0; + + /* Verify if the hostname we connect to matches the hostname in the certificate */ + if ((svp = hv_fetch(hv, "mysql_ssl_verify_server_cert", 28, FALSE)) && *svp) { + #if defined(HAVE_SSL_VERIFY) || defined(HAVE_SSL_MODE) + ssl_verify = SvTRUE(*svp); + ssl_verify_set = 1; + #else + set_ssl_error(sock, "mysql_ssl_verify_server_cert=1 is not supported"); + return NULL; + #endif + } + if ((svp = hv_fetch(hv, "mysql_ssl_optional", 18, FALSE)) && *svp) + ssl_enforce = !SvTRUE(*svp); + if ((svp = hv_fetch(hv, "mysql_ssl_client_key", 20, FALSE)) && *svp) client_key = SvPV(*svp, lna); @@ -1941,13 +1975,104 @@ mysql_ssl_set(sock, client_key, client_cert, ca_file, ca_path, cipher); -#if MYSQL_VERSION_ID >= SSL_VERIFY_VERSION && MYSQL_VERSION_ID <= SSL_LAST_VERIFY_VERSION - mysql_options(sock, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &ssl_verify_true); -#endif + + if (ssl_verify && !(ca_file || ca_path)) { + set_ssl_error(sock, "mysql_ssl_verify_server_cert=1 is not supported without mysql_ssl_ca_file or mysql_ssl_ca_path"); + return NULL; + } + + #ifdef HAVE_SSL_MODE + + if (!ssl_enforce) + ssl_mode = SSL_MODE_PREFERRED; + else if (ssl_verify) + ssl_mode = SSL_MODE_VERIFY_IDENTITY; + else if (ca_file || ca_path) + ssl_mode = SSL_MODE_VERIFY_CA; + else + ssl_mode = SSL_MODE_REQUIRED; + if (mysql_options(sock, MYSQL_OPT_SSL_MODE, &ssl_mode) != 0) { + set_ssl_error(sock, "Enforcing SSL encryption is not supported"); + return NULL; + } + + #else + + if (ssl_enforce) { + #if defined(HAVE_SSL_MODE_ONLY_REQUIRED) + ssl_mode = SSL_MODE_REQUIRED; + if (mysql_options(sock, MYSQL_OPT_SSL_MODE, &ssl_mode) != 0) { + set_ssl_error(sock, "Enforcing SSL encryption is not supported"); + return NULL; + } + #elif defined(HAVE_SSL_ENFORCE) + if (mysql_options(sock, MYSQL_OPT_SSL_ENFORCE, &ssl_enforce) != 0) { + set_ssl_error(sock, "Enforcing SSL encryption is not supported"); + return NULL; + } + #elif defined(HAVE_SSL_VERIFY) + if (!ssl_verify_also_enforce_ssl()) { + set_ssl_error(sock, "Enforcing SSL encryption is not supported"); + return NULL; + } + if (ssl_verify_set && !ssl_verify) { + set_ssl_error(sock, "Enforcing SSL encryption is not supported without mysql_ssl_verify_server_cert=1"); + return NULL; + } + ssl_verify = 1; + #else + set_ssl_error(sock, "Enforcing SSL encryption is not supported"); + return NULL; + #endif + } + + #ifdef HAVE_SSL_VERIFY + if (!ssl_enforce && ssl_verify && ssl_verify_also_enforce_ssl()) { + set_ssl_error(sock, "mysql_ssl_optional=1 with mysql_ssl_verify_server_cert=1 is not supported"); + return NULL; + } + #endif + + if (ssl_verify) { + if (!ssl_verify_usable() && ssl_enforce && ssl_verify_set) { + set_ssl_error(sock, "mysql_ssl_verify_server_cert=1 is broken by current version of MySQL client"); + return NULL; + } + #ifdef HAVE_SSL_VERIFY + if (mysql_options(sock, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &ssl_verify) != 0) { + set_ssl_error(sock, "mysql_ssl_verify_server_cert=1 is not supported"); + return NULL; + } + #else + set_ssl_error(sock, "mysql_ssl_verify_server_cert=1 is not supported"); + return NULL; + #endif + } + + #endif + client_flag |= CLIENT_SSL; +#else + if ((svp = hv_fetch(hv, "mysql_ssl_optional", 18, FALSE)) && *svp) + ssl_enforce = !SvTRUE(*svp); + if (ssl_enforce) + { + set_ssl_error(sock, "mysql_ssl=1 is not supported and mysql_ssl_optional is not enabled."); + return NULL; + } + else + { + do_warn(dbh, SL_ERR_NOTAVAILBLE, "mysql_ssl is set but SSL support is not available."); + } +#endif } - } + else + { +#ifdef HAVE_SSL_MODE + unsigned int ssl_mode = SSL_MODE_DISABLED; + mysql_options(sock, MYSQL_OPT_SSL_MODE, &ssl_mode); #endif + } #if (MYSQL_VERSION_ID >= 32349) /* * MySQL 3.23.49 disables LOAD DATA LOCAL by default. Use @@ -1979,6 +2104,16 @@ if (result) { + /* + we turn off Mysql's auto reconnect and handle re-connecting ourselves + so that we can keep track of when this happens. + */ +#if MYSQL_VERSION_ID >= 50013 + my_bool reconnect = FALSE; + mysql_options(result, MYSQL_OPT_RECONNECT, &reconnect); +#else + result->reconnect = 0; +#endif #if MYSQL_VERSION_ID >=SERVER_PREPARE_VERSION /* connection succeeded. */ /* imp_dbh == NULL when mysql_dr_connect() is called from mysql.xs @@ -1992,12 +2127,6 @@ imp_dbh->async_query_in_flight = NULL; } #endif - - /* - we turn off Mysql's auto reconnect and handle re-connecting ourselves - so that we can keep track of when this happens. - */ - result->reconnect=0; } else { /* @@ -3842,6 +3971,9 @@ buffer->is_null= (my_bool*) &(fbh->is_null); buffer->error= (my_bool*) &(fbh->error); + if (fields[i].flags & ZEROFILL_FLAG) + buffer->buffer_type = MYSQL_TYPE_STRING; + switch (buffer->buffer_type) { case MYSQL_TYPE_DOUBLE: buffer->buffer_length= sizeof(fbh->ddata); @@ -4249,23 +4381,29 @@ switch (mysql_to_perl_type(fields[i].type)) { case MYSQL_TYPE_DOUBLE: - /* Coerce to dobule and set scalar as NV */ - (void) SvNV(sv); - SvNOK_only(sv); + if (!(fields[i].flags & ZEROFILL_FLAG)) + { + /* Coerce to dobule and set scalar as NV */ + (void) SvNV(sv); + SvNOK_only(sv); + } break; case MYSQL_TYPE_LONG: case MYSQL_TYPE_LONGLONG: - /* Coerce to integer and set scalar as UV resp. IV */ - if (fields[i].flags & UNSIGNED_FLAG) - { - (void) SvUV(sv); - SvIOK_only_UV(sv); - } - else + if (!(fields[i].flags & ZEROFILL_FLAG)) { - (void) SvIV(sv); - SvIOK_only(sv); + /* Coerce to integer and set scalar as UV resp. IV */ + if (fields[i].flags & UNSIGNED_FLAG) + { + (void) SvUV(sv); + SvIOK_only_UV(sv); + } + else + { + (void) SvIV(sv); + SvIOK_only(sv); + } } break; @@ -4446,12 +4584,8 @@ if (imp_sth->stmt) { - if (mysql_stmt_close(imp_sth->stmt)) - { - do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), - mysql_stmt_error(imp_sth->stmt), - mysql_stmt_sqlstate(imp_sth->stmt)); - } + mysql_stmt_close(imp_sth->stmt); + imp_sth->stmt= NULL; } #endif @@ -5021,7 +5155,7 @@ buffer_is_unsigned= 1; if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), - " SCALAR type %"IVdf" ->%"IVdf"<- IS A INT NUMBER\n", + " SCALAR type %"IVdf" ->%"IVdf"<- IS AN INT NUMBER\n", sql_type, *(IV *)buffer); break; @@ -5274,7 +5408,7 @@ IV_PUSH(t->sql_datatype); /* SQL_DATATYPE*/ IV_PUSH(t->sql_datetime_sub); /* SQL_DATETIME_SUB*/ - IV_PUSH(t->interval_precision); /* INTERVAL_PERCISION */ + IV_PUSH(t->interval_precision); /* INTERVAL_PRECISION */ IV_PUSH(t->native_type); IV_PUSH(t->is_num); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/dbdimp.h new/DBD-mysql-4.046/dbdimp.h --- old/DBD-mysql-4.043/dbdimp.h 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/dbdimp.h 2018-02-04 21:46:33.000000000 +0100 @@ -47,14 +47,11 @@ #define LIMIT_PLACEHOLDER_VERSION 50007 #define GEO_DATATYPE_VERSION 50007 #define NEW_DATATYPE_VERSION 50003 -#define SSL_VERIFY_VERSION 50023 -#define SSL_LAST_VERIFY_VERSION 50799 #define MYSQL_VERSION_5_0 50001 /* This is to avoid the ugly #ifdef mess in dbdimp.c */ #if MYSQL_VERSION_ID < SQL_STATE_VERSION #define mysql_sqlstate(svsock) (NULL) #endif - /* * This is the versions of libmysql that supports MySQL Fabric. */ @@ -75,10 +72,62 @@ #define mysql_warning_count(svsock) 0 #endif +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 80001 +#define my_bool bool +#endif + #define true 1 #define false 0 /* + * Check which SSL settings are supported by API at compile time + */ + +/* Use mysql_options with MYSQL_OPT_SSL_VERIFY_SERVER_CERT */ +#if ((MYSQL_VERSION_ID >= 50023 && MYSQL_VERSION_ID < 50100) || MYSQL_VERSION_ID >= 50111) && (MYSQL_VERSION_ID < 80000 || defined(MARIADB_BASE_VERSION)) +#define HAVE_SSL_VERIFY +#endif + +/* Use mysql_options with MYSQL_OPT_SSL_ENFORCE */ +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50703 && MYSQL_VERSION_ID < 80000 && MYSQL_VERSION_ID != 60000 +#define HAVE_SSL_ENFORCE +#endif + +/* Use mysql_options with MYSQL_OPT_SSL_MODE */ +#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID != 60000 +#define HAVE_SSL_MODE +#endif + +/* Use mysql_options with MYSQL_OPT_SSL_MODE, but only SSL_MODE_REQUIRED is supported */ +#if !defined(MARIADB_BASE_VERSION) && ((MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID < 50700) || (MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID < 50600)) +#define HAVE_SSL_MODE_ONLY_REQUIRED +#endif + +/* + * Check which SSL settings are supported by API at runtime + */ + +/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT automatically enforce SSL mode */ +static inline bool ssl_verify_also_enforce_ssl(void) { +#ifdef MARIADB_BASE_VERSION + my_ulonglong version = mysql_get_client_version(); + return ((version >= 50544 && version < 50600) || (version >= 100020 && version < 100100) || version >= 100106); +#else + return false; +#endif +} + +/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT is not vulnerable (CVE-2016-2047) and can be used */ +static inline bool ssl_verify_usable(void) { + my_ulonglong version = mysql_get_client_version(); +#ifdef MARIADB_BASE_VERSION + return ((version >= 50547 && version < 50600) || (version >= 100023 && version < 100100) || version >= 100110); +#else + return ((version >= 50549 && version < 50600) || (version >= 50630 && version < 50700) || version >= 50712); +#endif +} + +/* * The following are return codes passed in $h->err in case of * errors by DBD::mysql. */ @@ -105,7 +154,8 @@ AS_ERR_EMBEDDED, TX_ERR_AUTOCOMMIT, TX_ERR_COMMIT, - TX_ERR_ROLLBACK + TX_ERR_ROLLBACK, + SL_ERR_NOTAVAILBLE, }; @@ -224,7 +274,7 @@ /* * The dbd_describe uses this structure for storing * fields meta info. - * Added ddata, ldata, lldata for accomodate + * Added ddata, ldata, lldata for accommodate * being able to use different data types * 12.02.20004 PMG */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/lib/Bundle/DBD/mysql.pm new/DBD-mysql-4.046/lib/Bundle/DBD/mysql.pm --- old/DBD-mysql-4.043/lib/Bundle/DBD/mysql.pm 2017-06-29 11:16:04.000000000 +0200 +++ new/DBD-mysql-4.046/lib/Bundle/DBD/mysql.pm 2018-02-08 21:46:02.000000000 +0100 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '4.043'; +our $VERSION = '4.046'; 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/lib/DBD/mysql/INSTALL.pod new/DBD-mysql-4.046/lib/DBD/mysql/INSTALL.pod --- old/DBD-mysql-4.043/lib/DBD/mysql/INSTALL.pod 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/lib/DBD/mysql/INSTALL.pod 2018-02-04 21:46:33.000000000 +0100 @@ -618,7 +618,7 @@ =head3 Build MySQL clients under Cygwin: download the MySQL LINUX source from -L<http://www.mysql.com/downloads/index.html>, +L<https://www.mysql.com/downloads>, unpack mysql-<version>.tar.gz into some tmp location and from this directory run configure: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/lib/DBD/mysql.pm new/DBD-mysql-4.046/lib/DBD/mysql.pm --- old/DBD-mysql-4.043/lib/DBD/mysql.pm 2017-06-29 11:16:05.000000000 +0200 +++ new/DBD-mysql-4.046/lib/DBD/mysql.pm 2018-02-08 21:38:30.000000000 +0100 @@ -15,7 +15,7 @@ # SQL_DRIVER_VER is formatted as dd.dd.dddd # for version 5.x please switch to 5.00(_00) version numbering # keep $VERSION in Bundle/DBD/mysql.pm in sync -our $VERSION = '4.043'; +our $VERSION = '4.046'; bootstrap DBD::mysql $VERSION; @@ -1160,9 +1160,13 @@ =item mysql_ssl A true value turns on the CLIENT_SSL flag when connecting to the MySQL -database: +server and enforce SSL encryption. A false value (which is default) +disable SSL encryption with the MySQL server. - mysql_ssl=1 +When enabling SSL encryption you should set also other SSL options, +at least mysql_ssl_ca_file or mysql_ssl_ca_path. + + mysql_ssl=1 mysql_ssl_verify_server_cert=1 mysql_ssl_ca_file=/path/to/ca_cert.pem This means that your communication with the server will be encrypted. @@ -1170,21 +1174,71 @@ DBD::mysql; this is the default starting version 4.034. See L<DBD::mysql::INSTALL> for more details. -If you turn mysql_ssl on, you might also wish to use the following -flags: +=item mysql_ssl_ca_file + +The path to a file in PEM format that contains a list of trusted SSL +certificate authorities. + +When set MySQL server certificate is checked that it is signed by some +CA certificate in the list. Common Name value is not verified unless +C<mysql_ssl_verify_server_cert> is enabled. + +=item mysql_ssl_ca_path + +The path to a directory that contains trusted SSL certificate authority +certificates in PEM format. + +When set MySQL server certificate is checked that it is signed by some +CA certificate in the list. Common Name value is not verified unless +C<mysql_ssl_verify_server_cert> is enabled. + +Please note that this option is supported only if your MySQL client was +compiled with OpenSSL library, and not with default yaSSL library. + +=item mysql_ssl_verify_server_cert + +Checks the server's Common Name value in the certificate that the server +sends to the client. The client verifies that name against the host name +the client uses for connecting to the server, and the connection fails if +there is a mismatch. For encrypted connections, this option helps prevent +man-in-the-middle attacks. + +Verification of the host name is disabled by default. =item mysql_ssl_client_key +The name of the SSL key file in PEM format to use for establishing +a secure connection. + =item mysql_ssl_client_cert -=item mysql_ssl_ca_file - -=item mysql_ssl_ca_path +The name of the SSL certificate file in PEM format to use for +establishing a secure connection. =item mysql_ssl_cipher -These are used to specify the respective parameters of a call -to mysql_ssl_set, if mysql_ssl is turned on. +A list of permissible ciphers to use for connection encryption. If no +cipher in the list is supported, encrypted connections will not work. + + mysql_ssl_cipher=AES128-SHA + mysql_ssl_cipher=DHE-RSA-AES256-SHA:AES128-SHA + +=item mysql_ssl_optional + +Setting C<mysql_ssl_optional> to true disables strict SSL enforcement +and makes SSL connection optional. This option opens security hole +for man-in-the-middle attacks. Default value is false which means +that C<mysql_ssl> set to true enforce SSL encryption. + +This option was introduced in 4.043 version of DBD::mysql. Due to +L<The BACKRONYM|http://backronym.fail/> and L<The Riddle|http://riddle.link/> +vulnerabilities in libmysqlclient library, enforcement of SSL +encryption was not possbile and therefore C<mysql_ssl_optional=1> +was effectively set for all DBD::mysql versions prior to 4.043. +Starting with 4.043, DBD::mysql with C<mysql_ssl=1> could refuse +connection to MySQL server if underlaying libmysqlclient library is +vulnerable. Option C<mysql_ssl_optional> can be used to make SSL +connection vulnerable. =item mysql_local_infile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/mysql.xs new/DBD-mysql-4.046/mysql.xs --- old/DBD-mysql-4.043/mysql.xs 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/mysql.xs 2018-02-04 21:46:33.000000000 +0100 @@ -285,7 +285,7 @@ #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION /* - * Globaly enabled using of server side prepared statement + * Globally enabled using of server side prepared statement * for dbh->do() statements. It is possible to force driver * to use server side prepared statement mechanism by adding * 'mysql_server_prepare' attribute to do() method localy: @@ -416,11 +416,8 @@ if (bind) Safefree(bind); - if(mysql_stmt_close(stmt)) - { - fprintf(stderr, "\n failed while closing the statement"); - fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); - } + mysql_stmt_close(stmt); + stmt= NULL; if (retval == -2) /* -2 means error */ { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/92ssl_backronym_vulnerability.t new/DBD-mysql-4.046/t/92ssl_backronym_vulnerability.t --- old/DBD-mysql-4.043/t/92ssl_backronym_vulnerability.t 1970-01-01 01:00:00.000000000 +0100 +++ new/DBD-mysql-4.046/t/92ssl_backronym_vulnerability.t 2018-01-14 15:28:35.000000000 +0100 @@ -0,0 +1,24 @@ +use strict; +use warnings; + +use Test::More; +use DBI; + +use vars qw($test_dsn $test_user $test_password); +use lib 't', '.'; +require "lib.pl"; + +my $dbh = DbiTestConnect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 1 }); +my $have_ssl = eval { $dbh->selectrow_hashref("SHOW VARIABLES WHERE Variable_name = 'have_ssl'") }; +$dbh->disconnect(); +plan skip_all => 'Server supports SSL connections, cannot test false-positive enforcement' if $have_ssl and $have_ssl->{Value} eq 'YES'; + +plan tests => 4; + +$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 0, mysql_ssl => 1 }); +ok(!defined $dbh, 'DBD::mysql refused connection to non-SSL server with mysql_ssl=1 and correct user and password'); +is($DBI::err, 2026, 'DBD::mysql error message is SSL related') or diag('Error message: ' . ($DBI::errstr || 'unknown')); + +$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 0, mysql_ssl => 1, mysql_ssl_verify_server_cert => 1, mysql_ssl_ca_file => "" }); +ok(!defined $dbh, 'DBD::mysql refused connection to non-SSL server with mysql_ssl=1, mysql_ssl_verify_server_cert=1 and correct user and password'); +is($DBI::err, 2026, 'DBD::mysql error message is SSL related') or diag('Error message: ' . ($DBI::errstr || 'unknown')); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/92ssl_optional.t new/DBD-mysql-4.046/t/92ssl_optional.t --- old/DBD-mysql-4.043/t/92ssl_optional.t 1970-01-01 01:00:00.000000000 +0100 +++ new/DBD-mysql-4.046/t/92ssl_optional.t 2018-01-22 20:53:00.000000000 +0100 @@ -0,0 +1,23 @@ +use strict; +use warnings; + +use Test::More; +use DBI; + +use vars qw($test_dsn $test_user $test_password); +use lib 't', '.'; +require "lib.pl"; + +my $dbh = DbiTestConnect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 1 }); +my $have_ssl = eval { $dbh->selectrow_hashref("SHOW VARIABLES WHERE Variable_name = 'have_ssl'") }; +$dbh->disconnect(); +plan skip_all => 'Server supports SSL connections, cannot test fallback to plain text' if $have_ssl and $have_ssl->{Value} eq 'YES'; + +plan tests => 2; + +$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 1, RaiseError => 0, mysql_ssl => 1, mysql_ssl_optional => 1 }); +ok(defined $dbh, 'DBD::mysql supports mysql_ssl_optional=1 and connect via plain text protocol when SSL is not supported by server') or diag('Error code: ' . ($DBI::err || 'none') . "\n" . 'Error message: ' . ($DBI::errstr || 'unknown')); + +$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 1, RaiseError => 0, mysql_ssl => 1, mysql_ssl_optional => 1, mysql_ssl_ca_file => "" }); +ok(defined $dbh, 'DBD::mysql supports mysql_ssl_optional=1 and connect via plain text protocol when SSL is not supported by server even with mysql_ssl_ca_file') or diag('Error code: ' . ($DBI::err || 'none') . "\n" . 'Error message: ' . ($DBI::errstr || 'unknown')); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/92ssl_riddle_vulnerability.t new/DBD-mysql-4.046/t/92ssl_riddle_vulnerability.t --- old/DBD-mysql-4.043/t/92ssl_riddle_vulnerability.t 1970-01-01 01:00:00.000000000 +0100 +++ new/DBD-mysql-4.046/t/92ssl_riddle_vulnerability.t 2018-01-14 15:28:35.000000000 +0100 @@ -0,0 +1,24 @@ +use strict; +use warnings; + +use Test::More; +use DBI; + +use vars qw($test_dsn $test_user $test_password); +use lib 't', '.'; +require "lib.pl"; + +my $dbh = DbiTestConnect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 1 }); +my $have_ssl = eval { $dbh->selectrow_hashref("SHOW VARIABLES WHERE Variable_name = 'have_ssl'") }; +$dbh->disconnect(); +plan skip_all => 'Server supports SSL connections, cannot test false-positive enforcement' if $have_ssl and $have_ssl->{Value} eq 'YES'; + +plan tests => 4; + +$dbh = DBI->connect($test_dsn, '4yZ73s9qeECdWi', '64heUGwAsVoNqo', { PrintError => 0, RaiseError => 0, mysql_ssl => 1 }); +ok(!defined $dbh, 'DBD::mysql refused connection to non-SSL server with mysql_ssl=1 and incorrect user and password'); +is($DBI::err, 2026, 'DBD::mysql error message is SSL related') or diag('Error message: ' . ($DBI::errstr || 'unknown')); + +$dbh = DBI->connect($test_dsn, '4yZ73s9qeECdWi', '64heUGwAsVoNqo', { PrintError => 0, RaiseError => 0, mysql_ssl => 1, mysql_ssl_verify_server_cert => 1, mysql_ssl_ca_file => "" }); +ok(!defined $dbh, 'DBD::mysql refused connection to non-SSL server with mysql_ssl=1, mysql_ssl_verify_server_cert=1 and incorrect user and password'); +is($DBI::err, 2026, 'DBD::mysql error message is SSL related') or diag('Error message: ' . ($DBI::errstr || 'unknown')); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/lib.pl new/DBD-mysql-4.046/t/lib.pl --- old/DBD-mysql-4.043/t/lib.pl 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/t/lib.pl 2018-01-22 20:53:00.000000000 +0100 @@ -53,6 +53,28 @@ } } +sub DbiTestConnect { + return (eval { DBI->connect(@_) } or do { + my $err; + if ( $@ ) { + $err = $@; + $err =~ s/ at \S+ line \d+\s*$//; + } + if ( not $err ) { + $err = $DBI::errstr; + $err = "unknown error" unless $err; + my $user = $_[1]; + my $dsn = $_[0]; + $dsn =~ s/^DBI:mysql://; + $err = "DBI connect('$dsn','$user',...) failed: $err"; + } + if ( $ENV{CONNECTION_TESTING} ) { + BAIL_OUT "no database connection: $err"; + } else { + plan skip_all => "no database connection: $err"; + } + }); +} # # Print a DBI error message diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/rt118977-zerofill.t new/DBD-mysql-4.046/t/rt118977-zerofill.t --- old/DBD-mysql-4.043/t/rt118977-zerofill.t 1970-01-01 01:00:00.000000000 +0100 +++ new/DBD-mysql-4.046/t/rt118977-zerofill.t 2018-01-14 17:08:48.000000000 +0100 @@ -0,0 +1,24 @@ +use strict; +use warnings; + +use Test::More; +use DBI; + +use vars qw($test_dsn $test_user $test_password); +require "t/lib.pl"; + +my $dbh = eval { DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 1, RaiseError => 1 }) }; +plan skip_all => "no database connection" if $@ or not $dbh; + +plan tests => 4*2; + +for my $mysql_server_prepare (0, 1) { + + $dbh->{mysql_server_prepare} = $mysql_server_prepare; + + ok $dbh->do("DROP TABLE IF EXISTS t"); + ok $dbh->do("CREATE TEMPORARY TABLE t(id smallint(5) unsigned zerofill)"); + ok $dbh->do("INSERT INTO t(id) VALUES(1)"); + is $dbh->selectcol_arrayref("SELECT id FROM t")->[0], "00001"; + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/DBD-mysql-4.043/t/rt61849-bind-param-buffer-overflow.t new/DBD-mysql-4.046/t/rt61849-bind-param-buffer-overflow.t --- old/DBD-mysql-4.043/t/rt61849-bind-param-buffer-overflow.t 2017-06-29 10:59:39.000000000 +0200 +++ new/DBD-mysql-4.046/t/rt61849-bind-param-buffer-overflow.t 2018-02-04 21:46:33.000000000 +0100 @@ -16,4 +16,4 @@ my $sth = $dbh->prepare("select * from unknown_table where id=?"); eval { $sth->bind_param(1, $INSECURE_VALUE_FROM_USER, 3) }; like $@, qr/Binding non-numeric field 1, value '$INSECURE_VALUE_FROM_USER' as a numeric!/, "bind_param failed on incorrect numeric value"; -pass "perl interpretor did not crashed"; +pass "perl interpreter did not crash"; ++++++ cpanspec.yml ++++++ --- /var/tmp/diff_new_pack.tOVeZg/_old 2018-04-25 09:59:10.847621285 +0200 +++ /var/tmp/diff_new_pack.tOVeZg/_new 2018-04-25 09:59:10.847621285 +0200 @@ -8,7 +8,7 @@ # foo.patch: -p1 # bar.patch: preamble: |- - BuildRequires: libmysqlclient-devel + BuildRequires: libmariadb-devel #post_prep: |- # hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'` # sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL ++++++ perl-DBD-mysql-4.046-fix_00base_test.patch ++++++ >From 051748825e77172677d9e3b319b870c3c0a70a38 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Fri, 14 Jul 2017 14:13:50 +0200 Subject: [PATCH] Fix build failures for MariaDB 10.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit <mariadb_version.h> does not exist in mariadb-5.5.26. Do not include it explicitly. Instead rely on including <mysql.h> that transitively includes <mariadb_version.h> or <mysql_version.h>. This makes this patch more portable. Signed-off-by: Petr Písař <ppi...@redhat.com> --- dbdimp.c | 7 +++++++ mysql.xs | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) # Fixed in 4.045 #diff --git a/dbdimp.c b/dbdimp.c #index 71251da..97fa9c4 100644 #--- a/dbdimp.c #+++ b/dbdimp.c #@@ -2104,6 +2104,9 @@ MYSQL *mysql_dr_connect( # # if (result) # { #+#if MYSQL_VERSION_ID >= 50013 #+ my_bool reconnect= 1; #+#endif # #if MYSQL_VERSION_ID >=SERVER_PREPARE_VERSION # /* connection succeeded. */ # /* imp_dbh == NULL when mysql_dr_connect() is called from mysql.xs #@@ -2122,7 +2125,11 @@ MYSQL *mysql_dr_connect( # we turn off Mysql's auto reconnect and handle re-connecting ourselves # so that we can keep track of when this happens. # */ #+#if MYSQL_VERSION_ID >= 50013 #+ mysql_options(result, MYSQL_OPT_RECONNECT, &reconnect); #+#else # result->reconnect=0; #+#endif # } # else { # /* diff --git a/mysql.xs b/mysql.xs index 60cf9c6..750c763 100644 --- a/mysql.xs +++ b/mysql.xs @@ -787,7 +787,7 @@ dbd_mysql_get_info(dbh, sql_info_type) D_imp_dbh(dbh); IV type = 0; SV* retsv=NULL; -#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50709 +#if MYSQL_VERSION_ID >= 50709 /* MariaDB 10 is not MySQL source level compatible so this only applies to MySQL*/ IV buffer_len; #endif @@ -819,7 +819,7 @@ dbd_mysql_get_info(dbh, sql_info_type) retsv = newSVpvn("`", 1); break; case SQL_MAXIMUM_STATEMENT_LENGTH: -#if !defined(MARIADB_BASE_VERSION) && MYSQL_VERSION_ID >= 50709 +#if MYSQL_VERSION_ID >= 50709 /* MariaDB 10 is not MySQL source level compatible so this only applies to MySQL*/ /* mysql_get_option() was added in mysql 5.7.3 */ -- 2.13.6