Most notably this version includes fixes for:
http://secunia.com/advisories/21259/http://secunia.com/advisories/21506/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
* Packages changes:
the script mysqldumpslow had been moved from the mysql4-client to the
mysql4-server.
* Changes since last packaged version (4.1.20)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for more details):
This is a bugfix release for the recent production release family.
Functionality added or changed:
- For spatial data types, the server formerly returned these as
VARSTRING values with a binary collation. Now the server returns
spatial values as BLOB values. (Bug#10166)
- Added the --set-charset option to mysqlbinlog to allow the
character set to be specified for processing binary log files.
(Bug#18351)
- For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now
shows the next AUTO_INCREMENT value to be generated. (Bug#19025)
- A warning now is issued if the client attempts to set the
SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)
- The mysqldumpslow script has been moved from client RPM packages
to server RPM packages. This corrects a problem where mysqldumpslow
could not be used with a client-only RPM install, because it depends
on my_print_defaults which is in the server RPM. (Bug#20216)
Bugs fixed:
- Security fix: On Linux, and possibly other platforms using
case-sensitive filesystems, it was possible for a user granted
rights on a database to create or access a database whose name
differed only from that of the first by the case of one or more
letters. (Bug#17647)
- Security fix: If a user has access to MyISAM table t, that user
can create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable,
you can start the server with the new --skip-merge option to disable
the MERGE storage engine. (Bug#15195)
- Security fix: Invalid arguments to DATE_FORMAT() caused a server
crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer
for discovering and reporting this problem to the Debian project
and to Christian Hammers from the Debian Team for notifying us of
it.
...
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html for
the complete
bug fix list)
Most notably this version includes fixes for
http://secunia.com/advisories/20365/
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903
The fix for the latter was provided in PR pkg/33616 by Cedric
Devillers, cedric dot devillers at script dottt univ-paris7 dot fr,
and is not part of the upstream version 4.1.20.
* Changes since last packaged version (4.1.19)
(see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details):
This is a security fix release for the previous production release
family. This release includes the security fix described later in
this section and a few other changes to resolve build problems,
relative to the last official MySQL release (4.1.19).
Bugs fixed:
- Security fix: An SQL-injection security hole has been found in
multi-byte encoding processing. The bug was in the server, incorrectly
parsing the string escaped with the mysql_real_escape_string() C
API function. (CVE-2006-2753, Bug#8378)
This vulnerability was discovered and reported by Josh Berkus
<josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of
the inter-project security collaboration of the OSDB consortium.
- The patch for Bug#8303 broke the fix for Bug#8378 and was undone.
(In string literals with an escape character (\) followed by a
multi-byte character that has a second byte of (\), the literal
was not interpreted correctly. The next byte now is escaped, not
the entire multi-byte character. This means it a strict reverse of
the mysql_real_escape_string() function.)
- The client libraries had not been compiled for position-indpendent
code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202,
Bug#18091)
- Running myisampack followed by myisamchk with the --unpack option
would corrupt the auto_increment key. (Bug#12633)
- Fix potential security vulnerabilities in the creation of temporary
table file names and the handling of User Defined Functions (UDFs).
More info: http://www.k-otik.com/english/advisories/2005/0252
Increased BUILDLINK_RECOMMENDED to 4.1.10a.
Functionality added or changed:
* The Mac OS X 10.3 installation disk images now include a MySQL
Preference Pane for the Mac OS X Control Panel that enables the user
to start and stop the MySQL server via the GUI and activate and
deactivate the automatic MySQL server startup on bootup.
* Seconds_Behind_Master will be NULL (which means ``unknown'')
if the slave SQL thread is not running, or if the slave I/O thread
is not running or not connected to master. It will be zero if the
SQL thread has caught up with the I/O thread. It no longer grows
indefinitely if the master is idle.
* InnoDB: Do not acquire an internal InnoDB table lock in LOCK
TABLES if AUTOCOMMIT=1. This helps in porting old MyISAM applications
to InnoDB. InnoDB table locks in that case caused deadlocks very easily.
* InnoDB: Print a more descriptive error and refuse to start InnoDB
if the size of `ibdata' files is smaller than what is stored in the
tablespace header; innodb_force_recovery overrides this.
* The MySQL server aborts immediately instead of simply issuing a
warning if it is started with the --log-bin option but cannot
initialize the binary log at startup (that is, an error occurs when
writing to the binary log file or binary log index file).
* The binary log file and binary log index file now behave like
MyISAM when there is a "disk full" or "quota exceeded" error. See
section A.4.3 How MySQL Handles a Full Disk.
Many bugfixes were fixed... see
http://dev.mysql.com/doc/mysql/en/News-4.1.9.html
* Make mysql4-client build on NetBSD 1.[56]*
* Don't install mysqld and friends in mysql4-client (eww!)
* Remove an unneeded patch.
* Remove duplicated files in mysql4-client's PLIST.
Also, use assembler functions when MACHINE_ARCH == i386.
This closes PR pkg/27154, pkg/27720, pkg/27744 and pkg/28035.
BTW, I tested them on NetBSD 1.6.2, 2.0_RC4 and -current.
Bump PKGREVISION for both packages.
MySQL version 4.1 offers dozens of important product enhancements
and new features, including support for:
* Subqueries and derived tables -- allowing users to search
complex data sets with greater ease and efficiency;
* A significantly faster and more flexible client-server protocol
with support for prepared statements, providing optimized query
execution and improved warning information;
* New GUI installer and configuration wizards for Linux and Windows,
making it easier for developers to set up and optimize their
MySQL databases;
* Encrypted client-server communication using OpenSSL (GPL),
greatly increasing security against malicious intrusion and
unauthorized access.
* A more highly-optimized MySQL server library with a smaller
memory footprint that performs significantly faster when embedded
in third-party software.
* Extensive Unicode support through the utf8 and ucs2 international
character sets for applications that require the use of local
languages;
* Industry-standard GIS spatial types for storing and managing
geographic data;
* Improved full text search and Help features.
release) and take maintainership.
Functionality added or changed:
# Print version_comment (from ./configure --comment during compilation)
when starting the server. E.g.: Version: '4.0.21-debug' socket:
'/tmp/mysql.sock' port: 0 Official MySQL Binary
# Made the MySQL server not react to signals SIGHUP and SIGQUIT on
Mac OS X 10.3. This is needed because under this OS, the MySQL server
receives lots of these signals (reported as Bug #2030).
# On Windows, the mysqld-nt and mysqld-max-nt servers now write error
messages to the Windows event log in addition to the MySQL error log.
Tons of bugfixes were fixed, more information:
http://dev.mysql.com/doc/mysql/en/News-4.0.21.html
most popular database language in the world. MySQL is a client-server
implementation that consists of a server daemon `mysqld' and many
different client programs/libraries.
The main goals of MySQL are speed and robustness.
The base upon which MySQL is built is a set of routines that have been
used in a highly demanding production environment for many years. While
MySQL is still in development it already offers a rich and highly useful
function set.
The official way to pronounce 'MySQL' is 'My Ess Que Ell' (Not MY-SEQUEL).
This package contains the MySQL server programs and libraries.
