lp://staging/ubuntu/feisty-security/mysql-dfsg-5.0

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/feisty-security/mysql-dfsg-5.0
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

25. By Jamie Strandboge

no change build for -security upload

24. By Jamie Strandboge

* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
  using InnoDB
* debian/patches/91_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns
  error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
  DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/92_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to
  properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
  federated engine
* debian/patches/94_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc
  to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
  statements
* debian/patches/96_SECURITY_CVE-2007-3781.dpatch: fix to enforce access
  privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* References
  CVE-2007-5925
  CVE-2007-5969
  CVE-2007-6304
  CVE-2007-3781
  LP #172260

23. By Jamie Strandboge

* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/91_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
  res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/91_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
  DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/91_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
  overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/91_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
  sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
  password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
  check for blank password. Based on work by Soren Hansen.
* References
  CVE-2007-2583
  CVE-2007-2691
  CVE-2007-3780
  CVE-2007-3782
  Launchpad #119075

22. By Martin Pitt

* Package the Enterprise version again (.37 was a community version), since
  Debian and we have always done so. This brings in a few more bug fixes and
  makes functional derivations less likely.
* debian/README.Maintainer: Add pointer to upstream download URL, since it
  is very hard to find the Enterprise versions.
* Disable 33_scripts__mysql_create_system_tables__no_test.dpatch, since that
  script was removed upstream.
* debian/patches/41_scripts__mysql_install_db.sh__no_test.dpatch: Adapted to
  changed formatting in new upstream version.
* Remove debian/patches/86_PATH_MAX.dpatch, fixed upstream.
* Add debian/patches/90_org_tables_definition.dpatch: Fix local variable
  declaration in libmysqld/sql_parse.cc to fix compilation with
  EMBEDDED_LIBRARY.

21. By Martin Pitt

* New upstream bugfix release.
  - Fixes replication failure with auto-increment and on duplicate key
    update, a regression introduced into 5.0.24. (LP: #95821)
* debian/control: Set Ubuntu maintainer.
* debian/rules: Change comments from 'Debian etch' to 'Ubuntu 7.04'.

20. By Christian Hammers

Really fixed FTBFS on Sparc introduced with the "make -j" trick in
5.0.32-8 (thanks to Frank Lichtenheld). Closes: #415026

19. By Christian Hammers

* The last upload suffered from a regression that made NDB totally
  unusable and caused a dependency to libmysqlclient15-dev in the
  mysql-server-5.0 package. The relevant 85_* patch was re-added again.
  Closes: #406435
* Added lintian-overrides for an error that does not affect our packages.
  There are now only warnings and not errors left.

18. By Christian Hammers

* Fixed upstream regression in header files that lead to FTBFS for
  mysql-admin, mysql-query-browser and probably other pacakges.
  (thanks to Andreas Henriksson). Closes: #403081, #403082
* Fixed some upstream scripts by replacing /etc by /etc/mysql (thanks to
  Julien Antony). Closes: #401083
* Updated French Debconf translation (thanks to Christian Perrier).
  Closes: #401434
* Added Spanish Debconf translation (thanks to Javier Fernandez-Sanguino
  Pena). Closes: #401953
* Marked a Debconf question that is just a dummy and only internally
  used as not-needing-translation. Closes: #403163
* Fixed mysqlslowdump patch to not remove the usage() function (thanks
  to Monty Tailor).

17. By Matthias Klose

Rebuild using gcc-4.1_4.1.1-21ubuntu2. Ubuntu #66702.

16. By Christian Hammers

* New upstream version (switch to the MySQL Enterprise branch).
* Upstream bugfix for the Innodb performance bug:
  "Very poor performance with multiple queries running
   concurrently (Bug#15815)".
* Upstream bugfix for a possible server crash:
  "Selecting from a MERGE table could result in a server crash if the
   underlying tables had fewer indexes than the MERGE table itself
   (Bug#22937)"
* Upstream bugfies for *lot* of NDB problems.
* Upstream bugfix for Innodb optimizer bug. Closes: #397597
* Updated Italian Debconf translation (thanks to Luca Monducci).
  Closes: #401305
* Updated debian/watch file to MySQL Enterprise branch.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/karmic/mysql-dfsg-5.0
This branch contains Public information 
Everyone can see this information.

Subscribers