Hi Paul, Great work and big thanks for the findings. But indeed, this change in mariadb_lib.c is a functional change which should have never made it in a security update. :(
Regards Rai Am 23.02.2023 um 17:17 schrieb Paul Boddie: > Hello again, > > I looked at the packaging repository for libmariadb3 and found the following > commit importing the upstream sources for 10.3.38: > > https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commit/773fb3e04ffae2b4868876be632fb7244329e7c3 > > Looking at the diff, I found the following change to > libmariadb/libmariadb/mariadb_lib.c: > > @@ -3879,7 +3881,7 @@ int STDCALL mysql_set_server_option(MYSQL *mysql, > > ulong STDCALL mysql_get_client_version(void) > { > - return MARIADB_VERSION_ID; > + return MARIADB_PACKAGE_VERSION_ID; > } > > ulong STDCALL mysql_hex_string(char *to, const char *from, unsigned long len) > > This appears to be what the Qt bug report is describing: > > "MariaDB 10.6 changed the mysql_get_client_version output to return the > library version (30200 as of 10.6.3) instead of the server version" > > https://bugreports.qt.io/browse/QTBUG-95071 > > So, it seems that the changes to MariaDB 10.6 have leaked into 10.3, thus > causing this issue. > > Paul Rainald Lampl
