lp://staging/ubuntu/feisty-updates/mysql-dfsg-5.0

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

25. By Jamie Strandboge on 2008-03-19

no change build for -security upload

24. By Jamie Strandboge on 2007-12-19

* SECURITY UPDATE: denial of service via crafted CONTAINS operation when
  using InnoDB
* debian/patches/91_SECURITY_CVE-2007-5925.dpatch: make sure innodb returns
  error on unsupported operations (db0err.h, page0cur.h, ha_innodb.cc)
* SECURITY UPDATE: privilege escalation using symlinks when using DATA
  DIRECTORY and INDEX DIRECTORY options via a RENAME TABLE statement
* debian/patches/92_SECURITY_CVE-2007-5969.dpatch: fix for my_symlink2.c to
  properly check symlinks when performing a rename operation
* SECURITY UPDATE: denial of service via SHOW TABLE STATUS query in
  federated engine
* debian/patches/94_SECURITY_CVE-2007-6304.dpatch: fix for ha_federated.cc
  to to return error if the response doesn't have enough columns
* SECURITY UPDATE: information disclosure when using CREATE TABLE LIKE
  statements
* debian/patches/96_SECURITY_CVE-2007-3781.dpatch: fix to enforce access
  privileges (sql_parse.cc, handler.h, sql_yacc.yy)
* References
  CVE-2007-5925
  CVE-2007-5969
  CVE-2007-6304
  CVE-2007-3781
  LP #172260

23. By Jamie Strandboge on 2007-10-03

* SECURITY UPDATE: denial of service via crafted IF clause
* debian/patches/91_CVE-2007-2583.dpatch: fix sql/item_cmpfunc.cc to verify
  res is not NULL
* SECURITY UPDATE: privilege escalation
* debian/patches/91_CVE-2007-2691.dpatch: fix sql/sql_parse.cc to make sure
  DROP privileges are required when using RENAME TABLE statements
* SECURITY UPDATE: denial of service via crafted authentication request
* debian/patches/91_CVE-2007-3780.dpatch: fix sql/sql_parse.cc to not
  overflow a signed char
* SECURITY UPDATE: privilege escalation via views
* debian/patches/91_CVE-2007-3782.dpatch: fix sql/sql_prepare.cc and
  sql/sql_update.cc to properly verify access privileges to external tables
* SECURITY UPDATE: warn on startup if root mysql account has a blank
  password. debian/mysql-server-5.0.mysql.init: supply 'reset-password' and
  check for blank password. Based on work by Soren Hansen.
* References
  CVE-2007-2583
  CVE-2007-2691
  CVE-2007-3780
  CVE-2007-3782
  Launchpad #119075

22. By Martin Pitt on 2007-04-03

* Package the Enterprise version again (.37 was a community version), since
  Debian and we have always done so. This brings in a few more bug fixes and
  makes functional derivations less likely.
* debian/README.Maintainer: Add pointer to upstream download URL, since it
  is very hard to find the Enterprise versions.
* Disable 33_scripts__mysql_create_system_tables__no_test.dpatch, since that
  script was removed upstream.
* debian/patches/41_scripts__mysql_install_db.sh__no_test.dpatch: Adapted to
  changed formatting in new upstream version.
* Remove debian/patches/86_PATH_MAX.dpatch, fixed upstream.
* Add debian/patches/90_org_tables_definition.dpatch: Fix local variable
  declaration in libmysqld/sql_parse.cc to fix compilation with
  EMBEDDED_LIBRARY.

21. By Martin Pitt on 2007-04-02

* New upstream bugfix release.
  - Fixes replication failure with auto-increment and on duplicate key
    update, a regression introduced into 5.0.24. (LP: #95821)
* debian/control: Set Ubuntu maintainer.
* debian/rules: Change comments from 'Debian etch' to 'Ubuntu 7.04'.

20. By Christian Hammers on 2007-03-18

Really fixed FTBFS on Sparc introduced with the "make -j" trick in
5.0.32-8 (thanks to Frank Lichtenheld). Closes: #415026

19. By Christian Hammers on 2007-01-09

* The last upload suffered from a regression that made NDB totally
  unusable and caused a dependency to libmysqlclient15-dev in the
  mysql-server-5.0 package. The relevant 85_* patch was re-added again.
  Closes: #406435
* Added lintian-overrides for an error that does not affect our packages.
  There are now only warnings and not errors left.

18. By Christian Hammers on 2006-12-03

* Fixed upstream regression in header files that lead to FTBFS for
  mysql-admin, mysql-query-browser and probably other pacakges.
  (thanks to Andreas Henriksson). Closes: #403081, #403082
* Fixed some upstream scripts by replacing /etc by /etc/mysql (thanks to
  Julien Antony). Closes: #401083
* Updated French Debconf translation (thanks to Christian Perrier).
  Closes: #401434
* Added Spanish Debconf translation (thanks to Javier Fernandez-Sanguino
  Pena). Closes: #401953
* Marked a Debconf question that is just a dummy and only internally
  used as not-needing-translation. Closes: #403163
* Fixed mysqlslowdump patch to not remove the usage() function (thanks
  to Monty Tailor).

17. By Matthias Klose on 2006-12-14

Rebuild using gcc-4.1_4.1.1-21ubuntu2. Ubuntu #66702.

16. By Christian Hammers on 2006-12-02

* New upstream version (switch to the MySQL Enterprise branch).
* Upstream bugfix for the Innodb performance bug:
  "Very poor performance with multiple queries running
   concurrently (Bug#15815)".
* Upstream bugfix for a possible server crash:
  "Selecting from a MERGE table could result in a server crash if the
   underlying tables had fewer indexes than the MERGE table itself
   (Bug#22937)"
* Upstream bugfies for *lot* of NDB problems.
* Upstream bugfix for Innodb optimizer bug. Closes: #397597
* Updated Italian Debconf translation (thanks to Luca Monducci).
  Closes: #401305
* Updated debian/watch file to MySQL Enterprise branch.