Branch: refs/heads/master
Home: https://github.com/perl5-dbi/dbi
Commit: 32398bff24f054f4e9b48b97ecb70ce72267296c
https://github.com/perl5-dbi/dbi/commit/32398bff24f054f4e9b48b97ecb70ce72267296c
Author: Jens Rehsack <sno@netbsd.org>
Date: 2020-10-06 (Tue, 06 Oct 2020)
Changed paths:
M lib/DBD/File.pm
M lib/DBI/DBD/SqlEngine.pm
Log Message:
-----------
DBD/File,DBI/DBD/SqlEngine: bump copyright year
Bump copyright years for both since there has been done work in meantime ...
including intended f_dir= fix for CVE-2014-10401
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Commit: 27b10b5c3aacabc091046beaba478e671bb6111c
https://github.com/perl5-dbi/dbi/commit/27b10b5c3aacabc091046beaba478e671bb6111c
Author: Jens Rehsack <sno@netbsd.org>
Date: 2020-10-06 (Tue, 06 Oct 2020)
Changed paths:
M t/51dbm_file.t
Log Message:
-----------
t/51dbm_file.t: add test from RT#99508
Add test with f_dir="something-not-existing" as reported in RT#99508
to verify when it's fixed for real.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Commit: 19d0fb169eed475e1c053e99036b8668625cfa94
https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94
Author: Jens Rehsack <sno@netbsd.org>
Date: 2020-10-21 (Wed, 21 Oct 2020)
Changed paths:
M lib/DBD/File.pm
Log Message:
-----------
lib/DBD/File.pm: fix CVE-2014-10401
Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and
figure out that DBI->parse_dsn is the wrong helper to parse our attributes in
DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes
parse_dsn to bailout.
Parsing on our own similar to parse_dsn shows the way out.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Commit: 12e3b14f54524ca81498f40cfa3678604429b2d6
https://github.com/perl5-dbi/dbi/commit/12e3b14f54524ca81498f40cfa3678604429b2d6
Author: H.Merijn Brand <perl5@tux.freedom.nl>
Date: 2020-10-28 (Wed, 28 Oct 2020)
Changed paths:
M lib/DBD/File.pm
M lib/DBI/DBD/SqlEngine.pm
M t/51dbm_file.t
Log Message:
-----------
Merge pull request #93 from rehsack/f_dir-dsn-string-params
Fix for CVE-2014-10401
Compare: https://github.com/perl5-dbi/dbi/compare/deacbb28b81f...12e3b14f5452