t/06attrs.t | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 fix lc_all to c in tests
 Fix LC_ALL to C for the error messages in the statement handle tests

t/40profile.t | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 a ntp clock adjustment of -0.00967s lead to ftbfs.

t/80proxy.t | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 syslogd isn't necessarily on the buildds

DBI.pm | 2 1 + 1 - 0 !
lib/DBD/Gofer/Policy/Base.pm | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 fix spelling mistakes in the pod

DBI.xs | 17 13 + 4 - 0 !
Driver.xst | 84 52 + 32 - 0 !
2 files changed, 65 insertions(+), 36 deletions(-)

 fix memory corruption in xs functions when perl stack is reallocated
 Macro ST(*) returns pointer to Perl stack. Other Perl functions which use
 Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer
 returned by ST(*) macro is invalid.
 .
 Construction like this:
 .
 ST(0) = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password, attribs) ? &PL_sv_yes : &PL_sv_no;
 .
 where dbd_db_login6_sv() driver function calls eval may lead to
 reallocating Perl stack and therefore invalidating ST(0) pointer.
 So that construction would cause memory corruption as left part of
 assignment is resolved prior executing dbd_db_login6_sv() function.
 .
 Correct way how to handle this problem: First call dbd_db_login6_sv()
 function and then call ST(0) to retrieve stack pointer.
 .
 In this patch are fixes all occurrences of such constructions.
 .
 When running perl under valgrind I got memory corruption in DBD::ODBC
 driver in that dbd_db_login6_sv() function due to above problem.

DBI.xs | 9 4 + 5 - 0 !
t/02dbidrv.t | 12 11 + 1 - 0 !
2 files changed, 15 insertions(+), 6 deletions(-)

 fix a buffer overflow on an overlong dbd class name
 dbih_setup_handle() in DBI.xs does:
 .
 static void
 dbih_setup_handle(pTHX_ SV *orv, char *imp_class, SV *parent, SV *imp_datasv)
 {
     [...]
     char imp_mem_name[300];
     [...]
     strcpy(imp_mem_name, imp_class);
     strcat(imp_mem_name, "_mem");
     [...]
 }
 .
 If imp_class argument string value is longer than 300 - strlen("_mem")
 - 1 bytes, a data will be written past imp_mem_name[] array. The
 imp_class comes from DBD driver class name (DBI::_new_drh ->
 _new_handle() -> dbih_setup_handle()).
 .
 People usually do not use so long package names (e.g. DBD::ExampleP
 calls DBI::_new_drh() in lib/DBD/ExampleP.pm), so the risk is low.
 .
 Reproducer:
 .
 $ perl -MDBI -e 'DBI::_new_drh(q{x} x 300, {}, 0)'
 *** buffer overflow detected ***: perl terminated
 Aborted (core dumped)
 .
 https://rt.cpan.org/Ticket/Display.html?id=130191

DBI.xs | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 fix a null profile dereference in dbi_profile()
 hv_fetch() documentation requires checking for NULL and the code does
 that. But then calls SvOK(profile) uncoditionally two lines later.
 This patch fixes it.

t/51dbm_file.t | 23 23 + 0 - 0 !
1 file changed, 23 insertions(+)

 [1/2] t/51dbm_file.t: add test from rt#99508

lib/DBD/File.pm | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 [2/2] lib/dbd/file.pm: fix cve-2014-10401