mysql-dfsg-5.0 5.0.24a-9 source package in Ubuntu
Changelog
mysql-dfsg-5.0 (5.0.24a-9) unstable; urgency=medium
* Having expire_logs_days enabled but log-bin not crashes the server. Using
both or none of those options is safe. To prevent this happening during the
nightly log rotation via /etc/logrotate.d/mysql the initscript checks for
malicious combination of options. See: #368547
* The Sarge package "mysql-server" which used to include the mysqld daemon
may still be in unselected-configured state (i.e. after a remove but not
purge) in which case its now obsolete cronscript has to be moved away
(thanks to Charles Lepple). Closes: #385669
* Updated Danish Debconf translation (thanks to Claus Hindsgaul).
Closes: #390315
* Updated Frensh Debconf translation (thanks to Christian Perrier).
Closes: #390980
mysql-dfsg-5.0 (5.0.24a-8) unstable; urgency=low
* (broken upload)
mysql-dfsg-5.0 (5.0.24a-7) unstable; urgency=low
* Stopped mysql_config from announcing unnecessary library dependencies
which until now cause "NEEDED" dependencies in the "readelf -d" output
of libraries who only depend on libmysqlclient.so (thanks to Michal
Cihar). Closes: #390692
mysql-dfsg-5.0 (5.0.24a-6) unstable; urgency=low
[sean finney]
* finally add support for setting a root password at install.
while this is not a random password as requested in one bug
report, we believe it is the best solution and provides a
means to set a random password via preseeding if it's really
desired (Closes: #316127, #298295).
mysql-dfsg-5.0 (5.0.24a-5) unstable; urgency=low
* Added ${shlibs:Depends} to debian/control section libmysqlclient-dev as it
contains the experimental /usr/lib/mysql/libndbclient.so.0.0.0.
* Bumped standards version to 3.7.2.
* Added LSB info section to init scripts.
* Rephrased Debconf templates as suggested by lintian.
* Added benchmark suite in /usr/share/mysql/sql-bench/.
* The mysql.timezone* tables are now filled by the postinst script (thanks
to Mark Sheppard). Closes: #388491
* Moved Debconf install notes to README.Debian. Displaying them with
medium priority was a bug anyway. Closes: #388941
* Replaced /usr/bin/mysql_upgrade by /usr/bin/mysql_upgrade_shell in
/etc/mysql/debian-start.sh as it works without errors (thanks to Javier
Kohen). Closes: #389443
mysql-dfsg-5.0 (5.0.24a-4) unstable; urgency=high
* libmysqlclient.so.15 from 5.0.24 accidentaly exports some symbols that are
historically exported by OpenSSL's libcrypto.so. This bug was supposed to
be fixed in 5.0.24a bug according to the mysql bug tracking system will
only be fixed in 5.0.25 so I backported the patch. People already reported
crashing apps due to this (thanks to Duncan Simpson). See also: #385348
Closes: #388262
* Fixed BLOCKSIZE to BLOCK_SIZE in initscript (thanks to Bruno Muller).
Closes: #385947
* Added hint to "--extended-insert=0" to mysqldump manpage (thanks to Martin
Schulze).
* Documented the meaning of "NDB" in README.Debian (thanks to Dan Jacobson).
Closes: #386274
* Added patch to build on hurd-i386 (thanks to Cyril Brulebois). Closes: #387369
* Fixed debian-start script to work together with the recend LSB modifications in
the initscript (thanks to wens). Closes: #387481
* Reverted tmpdir change in my.cnf back to /tmp to comply with FHS (thanks
to Alessandro Valente). Closes: #382778
* Added logcheck filter rule (thanks to Paul Wise). Closes: #381043
* I will definetly not disable InnoDB but added a note to the default my.cnf
that disabling it saves about 100MB virtual memory (thanks to Olivier
Berger). Closes: #384399
* Added thread_cache_size=8 to default my.cnf as this variable seems to have
a negligible memory footprint but can improve performance when lots of
threads connect simultaneously as often seen on web servers.
mysql-dfsg-5.0 (5.0.24a-3) unstable; urgency=low
* Fixed potential tempfile problem in the newly added mysqlreport script.
mysql-dfsg-5.0 (5.0.24a-2) unstable; urgency=low
* Added "mysqlreport" (GPL'ed) from hackmysql.com.
* Temporarily disabled expire_days option as it causes the server
to crash. See #368547
* Made output of init scripts LSB compliant (thanks to David Haerdeman).
Closes: #385874
mysql-dfsg-5.0 (5.0.24a-1) unstable; urgency=high
* New upstream version.
* The shared library in the 5.0.24 upstream release accidently exported
some symbols that are also exported by the OpenSSL libraries (notably
BN_bin2bn) causing unexpected behaviour in applications using these
functions (thanks to Peter Cernak). Closes: #385348
* Added note about possible crash on certain i486 clone CPUs.
* Made recipient address of startup mysqlcheck output configurable
(thanks to Mattias Guns). Closes: #385119
mysql-dfsg-5.0 (5.0.24-3) unstable; urgency=high
* SECURITY:
CVE-2006-4226:
When run on case-sensitive filesystems, MySQL allows remote
authenticated users to create or access a database when the database
name differs only in case from a database for which they have
permissions.
CVE-2006-4227:
MySQL evaluates arguments of suid routines in the security context of
the routine's definer instead of the routine's caller, which allows
remote authenticated users to gain privileges through a routine that
has been made available using GRANT EXECUTE.
Thanks to Stefan Fritsch for reporting. Closes: #384798
mysql-dfsg-5.0 (5.0.24-2) unstable; urgency=high
* 5.0.24-1 introduced an ABI incompatibility, which this patch reverts.
Programs compiled against 5.0.24-1 are not compatible with any other
version and needs a rebuild.
This bug already caused a lot of segfaults and crashes in various
programs. Thanks to Chad MILLER from MySQL for quickly providing a patch.
The shlibdeps version has been increased to 5.0.24-2.
Closes: #384047, #384221, #383700
mysql-dfsg-5.0 (5.0.24-1) unstable; urgency=high
* SECURITY: Upstream fixes a security bug which allows a user to continue
accessing a table using a MERGE TABLE after the right to direct access to
the database has been revoked (CVE-2006-4031, MySQL bug #15195).
(Well they did not exactly fixed it, they documented the behaviour and
allow the admin to disable merge table alltogether...). Closes: #380271
* SECURITY: Applied patch that fixes a possibly insecure filehandling
in the recently added mysql_upgrade binary file (MySQL bug #10320).
* New upstream version.
- Fixes nasty MySQL bug #19618 that leads to crashes when using
"SELECT ... WHERE ... not in (1, -1)" (e.g. vbulletin was affected).
- Fixes upstream bug #16803 so that linking ~/.mysql_history to /dev/null
now has the desired effect of having no history.
* Really fixed the runlevels. Closes: #377651
* Added patch for broken upstream handling of "host=" to mysql_upgrade.c.
* Adjusted /etc/mysql/debian-start to new mysql_upgrade.c
mysql-dfsg-5.0 (5.0.22-5) unstable; urgency=low
* Added further line to the logcheck ignore files (thanks to Paul Wise).
Closes: #381038
mysql-dfsg-5.0 (5.0.22-4) unstable; urgency=low
* Upstream fixes a bug in the (never released) version 5.0.23 which could
maybe used to crash the server if the mysqlmanager daemon is in use
which is not yet the default in Debian. (CVE-2006-3486 *DISPUTED*)
* Changed runlevel priority of mysqld from 20 to 19 so that it gets started
before apache and proftpd etc. which might depend on an already running
database server (thanks to Martin Gruner). Closes: #377651
* Added patch which sets PATH_MAX in ndb (thanks to Cyril Brulebois).
Closes: #378949
* Activated YaSSL as licence issues are settled according to:
http://bugs.mysql.com/?id=16755. This also closes the FTBFS bug
regarding OpenSSL as it is discouraged to use now. Closes: #368639
* Removed SSL-MINI-HOWTO as the official documentation is good enough now.
* mysql_upgrade no longer gives --password on the commandline which would
be insecure (thanks to Dean Gaudet). Closes: #379199
* Adjusted debian/patches/45* to make consecutive builds in the same source
tree possible (thanks to Bob Tanner). Closes: #368661
* mysql-server-5.0 is now suggesting tinyca as yaSSL is enabled and tinyca
was found to be really cool :)
* Moved tempdir from /tmp to /var/tmp as it will more likely have enough
free space as /tmp is often on the root partition and /var or at least
/var/tmp is on a bigger one.
-- Adam Conrad <adconrad@0c3.net> Wed, 11 Oct 2006 23:17:53 +0100
Upload details
- Uploaded by:
- Adam Conrad
- Uploaded to:
- Edgy
- Original maintainer:
- Christian Hammers
- Architectures:
- any
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| mysql-dfsg-5.0_5.0.24a.orig.tar.gz | 17.8 MiB | c260e34e582bed5818e1a8361959dcca2aac09ecc93cf4ae2d4c18f67ec93a54 |
| mysql-dfsg-5.0_5.0.24a-9.diff.gz | 136.8 KiB | 86148a963cc7876ec749052d60aecaa19c0f424a7342e8414bc3070a5e9b6366 |
| mysql-dfsg-5.0_5.0.24a-9.dsc | 1.1 KiB | f1c3e2455acd6d57a468aa44d5d983291ac7b8188618f49e3b1b1e44c1f377f5 |
Binary packages built by this source
- libmysqlclient15-dev: No summary available for libmysqlclient15-dev in ubuntu edgy.
No description available for libmysqlclient1
5-dev in ubuntu edgy.
- libmysqlclient15off: No summary available for libmysqlclient15off in ubuntu edgy.
No description available for libmysqlclient15off in ubuntu edgy.
- mysql-client: No summary available for mysql-client in ubuntu feisty.
No description available for mysql-client in ubuntu feisty.
- mysql-client-5.0: No summary available for mysql-client-5.0 in ubuntu feisty.
No description available for mysql-client-5.0 in ubuntu feisty.
- mysql-common: No summary available for mysql-common in ubuntu feisty.
No description available for mysql-common in ubuntu feisty.
- mysql-server: No summary available for mysql-server in ubuntu edgy.
No description available for mysql-server in ubuntu edgy.
- mysql-server-5.0: No summary available for mysql-server-5.0 in ubuntu feisty.
No description available for mysql-server-5.0 in ubuntu feisty.
