with the operating system from MySQL:
sys_eval - executes an arbitrary command, and returns it's output.
sys_exec - executes an arbitrary command, and returns it's exit code.
sys_get - gets the value of an environment variable.
sys_set - create an environment variable, or update the value of an
existing environment variable.
Use lib_mysqludf_sys_info() to obtain information about the currently
installed version of lib_mysqludf_sys.
WWW: http://www.mysqludf.org/lib_mysqludf_sys
PR: ports/163216
Submitted by: David Cornejo <dave@dogwood.com>
- Digest::SHA is in core since 5.9.3
- Module::Pluggable is in core since 5.8.9
- Use TEST_DEPENDS for Test::Exception
- Bump PORTREVISION for dependency change
release with minor security corrections.
Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20
announcements on http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
ChangeLog:
3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download
For the port:
Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.
PR: ports/163290
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
- p5-ExtUtils-MakeMaker>=6.42 (not 6.52) is already in all supported Perl releases
- p5-ExtUtils-MakeMaker is not a RUN_DEPENDS here
- Add TEST_DEPENDS
- Bump PORTREVISION for dependency change
Feature safe: yes
active branches of the PostgreSQL object-relational database system,
including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23.
This release contains 52 fixes to version 9.1, and a smaller number of
fixes to older versions, including:
- Fix bugs in information_schema.referential_constraints view**
- Correct collations for citext columns and indexes**
- Prevent possible crash when joining to a scalar function
- Prevent transitory data corruption of GIN indexes after a crash
- Prevent data corruption on TOAST columns when copying data
- Fix failures during hot standby startup
- Correct another "variable not found in subplan target list" bug
- Fix bug with sorting on aggregate expressions in windowing functions
- Multiple bug fixes for pg_upgrade
- Change Foreign Key creation order to better support
self-referential keys**
- Multiple bug fixes to CREATE EXTENSION
- Ensure that function return type and data returned from PL/perl agree
- Ensure that PL/perl strings are always UTF-8
- Assorted bug fixes for various Extensions
- Updates to the time zone database, particularly to CST6
Changes marked with ** above require additional, post-update steps in
order to fix all described issues.
URL: http://www.postgresql.org/docs/current/static/release.html
Also, fix a pthread problem in the FreeBSD port. [1]
PR: 160580 [1]
Feature safe: yes
The purpose of DBIx::Safe is to give controlled, limited access to an
application, rather than simply passing it a raw database handle through DBI.
DBIx::Safe acts as a wrapper to the database, by only allowing through the
commands you tell it to. It filters all things related to the database handle -
methods and attributes.
The typical usage is for your application to create a database handle via a
normal DBI call to new(), then pass that to DBIx::Safe->new(), which will return
you a DBIx::Safe object. After specifying exactly what is and what is not
allowed, you can pass the object to the untrusted application. The object will
act very similar to a DBI database handle, and in most cases can be used
interchangeably.
By default, nothing is allowed to run at all. There are many things you can
control. You can specify which SQL commands are allowed, by indicating the first
word in the SQL statement (e.g. 'SELECT'). You can specify which database
methods are allowed to run (e.g. 'ping'). You can specify a regular expression
that allows matching SQL statements to run (e.g. 'qr{SET TIMEZONE}'). You can
specify a regular expression that is NOT allowed to run (e.g. qr(UPDATE xxx}).
Finally, you can indicate which database attributes are allowed to be read and
changed (e.g. 'PrintError'). For all of the above, there are matching methods to
remove them as well.
WWW: http://search.cpan.org/dist/DBIx-Safe/
Feature safe: yes
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes
