MySQL 5.0 series.
5.0.96
* yaSSL was upgraded from version 1.7.2 to 2.2.0.
5.0.95
* No change log entries.
5.0.94
* Some files in the MySQL Server sources containing legacy code still used the
LGPL license. Such files that were no longer in use have been removed. Any
such code that remains following this removal now appears under the GPL
only. (Bug #11896296)
References: See also Bug #11840513.
* Under some circumstances, the result of SUBSTRING_INDEX() incorrectly
depended on the contents of the previous row. (Bug #42404, Bug #11751514)
5.0.93
* Security Fix: The PolyFromWKB() function could crash the server when
improper WKB data was passed to the function. (Bug #51875, Bug #11759554,
CVE-2010-3840)
* Security Fix: Bug #36544 was fixed.
* Security Fix: Bug #49124 and Bug #11757121 were fixed.
* Two unused test files in storage/ndb/test/sql contained incorrect versions
of the GNU Lesser General Public License. The files and the directory
containing them have been removed. (Bug #11810224)
References: See also Bug #11810156.
* On FreeBSD and OpenBSD, the server incorrectly checked the range of the
system date, causing legal values to be rejected. (Bug #55755, Bug
#11763089)
Functionality added or changed:
* The time zone tables available at
http://dev.mysql.com/downloads/timezones.html have been
updated. These tables can be used on systems such as Windows or
HP-UX that do not include zoneinfo files. (Bug#40230)
Bugs fixed:
* Security Fix: During evaluation of arguments to extreme-value
functions (such as LEAST() and GREATEST()), type errors did not
propagate properly, causing the server to crash. (Bug#55826,
CVE-2010-3833)
* Security Fix: The server could crash after materializing a derived
table that required a temporary table for grouping. (Bug#55568,
CVE-2010-3834)
* Security Fix: A user-variable assignment expression that is
evaluated in a logical expression context can be precalculated in a
temporary table for GROUP BY. However, when the expression value is
used after creation of the temporary table, it was re-evaluated, not
read from the table and a server crash resulted. (Bug#55564,
CVE-2010-3835)
* Security Fix: Joins involving a table with a unique SET column could
cause a server crash. (Bug#54575, CVE-2010-3677)
* Security Fix: Pre-evaluation of LIKE predicates during view
preparation could cause a server crash. (Bug#54568, CVE-2010-3836)
* Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a
server crash. (Bug#54476, CVE-2010-3837)
* Security Fix: Queries could cause a server crash if the GREATEST()
or LEAST() function had a mixed list of numeric and LONGBLOB
arguments, and the result of such a function was processed using an
intermediate temporary table. (Bug#54461, CVE-2010-3838)
* Security Fix: Using EXPLAIN with queries of the form SELECT
... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server
crash. (Bug#52711, CVE-2010-3682)
* InnoDB Storage Engine: Creating or dropping a table with 1023
transactions active caused an assertion failure. (Bug#49238)
* The make_binary_distribution target to make could fail on some
platforms because the lines generated were too long for the
shell. (Bug#54590)
* A client could supply data in chunks to a prepared statement
parameter other than of type TEXT or BLOB using the
mysql_stmt_send_long_data() C API function (or
COM_STMT_SEND_LONG_DATA command). This led to a crash because other
data types are not valid for long data. (Bug#54041)
* Builds of the embedded mysqld would fail due to a missing element of
the struct NET. (Bug#53908, Bug#53912)
* The definition of the MY_INIT macro in my_sys.h included an
extraneous semicolon, which could cause compilation
failure. (Bug#53906)
* If the remote server for a FEDERATED table could not be accessed,
queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333)
* mysqld could fail during execution when using SSL. (Bug#34236)
* Threads that were calculating the estimated number of records for a
range scan did not respond to the KILL statement. That is, if a
range join type is possible (even if not selected by the optimizer
as a join type of choice and thus not shown by EXPLAIN), the query
in the statistics state (shown by the SHOW PROCESSLIST) did not
respond to the KILL statement. (Bug#25421)
This release fixes a large number of bugs and security vulnerabilities
including SA37372.
For detailed list of all the changes since 5.0.67 have a look here, please:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
For complete changes, please refer
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html.
Here is a part of it.
Functionality added or changed:
Security Enhancement:
To enable stricter control over the location from which user-defined
functions can be loaded, the plugin_dir system variable has been
backported from MySQL 5.1. If the value is non-empty, user-defined
function object files can be loaded only from the directory named by this
variable. If the value is empty, the behavior that is used before 5.0.67
applies: The UDF object files must be located in a directory that is
searched by your system's dynamic linker. (Bug#37428)
Important Change: Incompatible Change:
The FEDERATED storage engine is now disabled by default in the .cnf files
shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
forth). This affects server behavior only if you install one of these
files. (Bug#37069)
Cluster API: Important Change:
Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes
rather than kilobytes, it has been renamed to page_size_bytes. The name
page_size_kb is now deprecated and thus subject to removal in a future
release, although it currently remains supported for reasons of backward
compatibility. See The Ndb_logevent_type Type, for more information about
NDB_LE_MemoryUsage. (Bug#30271)
Important Change:
Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE
with respect to detection and handling of tables with incompatible .frm
files (files created with a different version of the MySQL server). These
changes also affect mysqlcheck because that program uses CHECK TABLE and
REPAIR table, and thus also mysql_upgrade because that program invokes
mysqlcheck.
Change since version 5.0.41:
- Functionality added or changed:
- A new status variable, Com_call_procedure, indicates the number of calls
to stored procedures. (Bug#27994)
- NDB Cluster: The server source tree now includes scripts to simplify
building MySQL with SCI support. For more information about SCI
interconnects and these build scripts, see Section 15.9.1,
Configuring MySQL Cluster to use SCI Sockets. (Bug#25470)
- Prior to this release, when DATE values were compared with DATETIME values
the time portion of the DATETIME value was ignored. Now a DATE value is
coerced to the DATETIME type by adding the time portion as 00:00:00. To
mimic the old behavior use the CAST() function in the following way:
SELECT date_field = CAST(NOW() as DATE);. (Bug#28929)
- A large number of bugs including these security problems have been fixed:
- A malformed password packet in the
connection protocol could cause the server to crash. Thanks for Dormando
for reporting this bug and providing details and a proof of concept.
(Bug#28984)
- CREATE TABLE LIKE did not require any privileges on the source table. Now
it requires the SELECT privilege. (Bug#25578)
- In addition, CREATE TABLE LIKE was not isolated from alteration by other
connections, which resulted in various errors and incorrect binary log
order when trying to execute concurrently a CREATE TABLE LIKE statement
and either DDL statements on the source table or DML or DDL statements on
the target table. (Bug#23667)
* Added the SHOW PROFILES and SHOW PROFILE statements to display statement
profile data, and the accompanying INFORMATION_SCHEMA.PROFILING table.
* Added the Uptime_since_flush_status status variable, which indicates the
number of seconds since the most recent FLUSH STATUS statement.
* Incompatible change in DATE_FORMAT().
* NDB Cluster: The LockPagesInMainMemory configuration parameter has changed
its type and possible values.
* The bundled yaSSL library was upgraded to version 1.5.8.
* The --skip-thread-priority option now is enabled by default for binary Mac
OS X distributions. Use of thread priorities degrades performance on Mac OS X.
* Added the --disable-grant-options option to configure.
* Bug fixes.
Changes since version 5.0.22:
- Security fix: If a user has access to MyISAM table t, that user can
create a MERGE table m that accesses t. However, if the user's
privileges on t are subsequently revoked, the user can continue to
access t by doing so through m. If this behavior is undesirable, you
can start the server with the new --skip-merge option to disable the
MERGE storage engine. (Bug#15195)
- In the INFORMATION_SCHEMA.ROUTINES table the ROUTINE_DEFINITION
column now is defined as NULL rather than NOT NULL. Also, NULL rather
than the empty string is returned as the column value if the user does
not have sufficient privileges to see the routine
definition. (Bug#20230)
- Several other bug fixes
Full listing of changes:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
Notable changes include:
- Security enhancement: Added the global max_prepared_stmt_count system
variable to limit the total number of prepared statements in the
server.
- The default for the innodb_thread_concurrency system variable was
changed to 8.
- Fixes for CVE-2006-1516, CVE-2006-1517 and CVE-2006-1518.
And a lot of bug fixes.
MySQL is a SQL (Structured Query Language) database server. SQL is the
most popular database language in the world. MySQL is a client-server
implementation that consists of a server daemon `mysqld' and many
different client programs/libraries.
The main goals of MySQL are speed and robustness.
The base upon which MySQL is built is a set of routines that have been
used in a highly demanding production environment for many years. While
MySQL is still in development it already offers a rich and highly useful
function set.
The official way to pronounce 'MySQL' is 'My Ess Que Ell' (Not MY-SEQUEL).
This package contains the MySQL client programs and libraries.
