lp://staging/ubuntu/maverick-security/mysql-5.1

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

20. By Marc Deslauriers on 2012-02-22

* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/61_CVE-2010-3833.dpatch
  - debian/patches/61_CVE-2010-3834.dpatch
  - debian/patches/61_CVE-2010-3835.dpatch
  - debian/patches/61_CVE-2010-3836.dpatch
  - debian/patches/61_CVE-2010-3837.dpatch
  - debian/patches/61_CVE-2010-3838.dpatch
  - debian/patches/61_CVE-2010-3839.dpatch
  - debian/patches/61_CVE-2010-3840.dpatch
  - debian/patches/60_abi-check-include.dpatch
  - debian/patches/62_disable_longfilename_test.dpatch
  - debian/patches/90_fix_testsuite_for_installed_env.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

19. By Marc Deslauriers on 2010-11-09

* SECURITY UPDATE: denial of service via incorrect propagation of type
  errors.
  - debian/patches/61_CVE-2010-3833.dpatch: properly check for execution
    errors in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/61_CVE-2010-3834.dpatch: handle temporary tables in
    sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
  expression.
  - debian/patches/61_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
    Add tests to mysql-test/*.
  - CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/61_CVE-2010-3836.dpatch: make sure we're not in view
    preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/61_CVE-2010-3837.dpatch: create a copy of the order
    structures in sql/item_sum.cc, sql/table.h. Add tests to
    mysql-test/*.
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/61_CVE-2010-3838.dpatch: handle REAL_RESULT in
    sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
  joins.
  - debian/patches/61_CVE-2010-3839.dpatch: fix nesting in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/61_CVE-2010-3840.dpatch: improve data handling in
    sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840
* debian/patches/62_disable_longfilename_test.dpatch: disable the
  partition_rename_longfilename test as it fails when building with
  sbuild and schroots.

18. By Clint Byrum on 2010-09-08

raising kill timeout to 300 to help avoid table corruption (LP: #620441)

17. By Jamie Strandboge on 2010-08-21

debian/apparmor-profile: fix syntax error introduced in last upload
and remove added redundant access rule. LP: #622010, LP: #594932

16. By Chuck Short on 2010-08-20

[Clint Byrum]
* Installing mysql_config_pic in /usr/bin so users of libmysqld-pic
  can extract the appropriate compile flags. (LP: #605021)

[Chuck Short]
* debian/mysql-server.5.1.postinst: Specify the mysql user when installing
  the mysql databases. (LP: #591875)
* debian/apparmor-profile: Update apparmor profile for mysql plugins.
  (LP: #594932, #619172)

15. By Steve Beattie on 2010-08-12

* New patch: 99_fix_testsuite_for_installed_env.dpatch: fix
  mysql-testsuite to work with the installation location (LP: #617461)
* debian/apparmor-profile: add mmap access to mysql plugin location
  (LP: #617463)

14. By Jamie Strandboge on 2010-08-12

debian/rules: doy. Put dh_apparmor in binary-arch so more than just
i386 has the benefit of AppArmor protection, really fixing LP: #616417

13. By Jamie Strandboge on 2010-08-11

debian/control: Build-Depends on debhelper 7.4.20ubuntu6, which has a
fix that prevented debhelper from creating the necessary output in
postinst (LP: #616417)

12. By Jamie Strandboge on 2010-08-06

* convert to using dh_apparmor:
  - debian/rules, debian/mysql-server-5.1.postinst: use dh_apparmor
  - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
* debian/mysql-server-5.1.postrm: since it doesn't use DEBHELPER, update
  to what we have in debhelper
* debian/apparmor-profile: update for local include

11. By Chuck Short on 2010-08-04

* Merge from debian unstable:
  + debian/control:
     * Update maintainer according to spec.
     * Move section from "misc" to "database".
     * Added libmysqlclient16-dev an empty transitional package.
     * Added mysql-client-core-5.1 package.
     * Suggest mailx for mysql-server-5.1
     * Add mysql-testsuite package so you can run the testsuite seperately.
  + debian/additions/my.cnf:
    * Remove language options. Error message files are located in a different directory in Mysql
      5.0. Setting the language option to use /usr/share/mysql/english breaks Mysql 5.0. Both 5.0
      and 5.1 use a different value that works. (LP: #316974)
  + Add apparmor profile:
    + debian/apparmor-profile: apparmor-profile
    + debian/rules, debian/mysql-server-5.1.files: install apparmor profile
    + debian/mysql-server-5.1.dirs: add etc/apparmor.d/fore-complain
    + debian/mysql-server-5.1.postrm: remove symlink in force-complain/ on purge.
    + debian/mysql-server-5.1.README.Debian: add apparmor documentation.
    + debian/additions/my.cnf: Add warning about apparmor. (LP: #201799)
    + debian/mysql-server-5.1.postinst: reload apparmor profiles
  * Convert the package from sysvinit to upstart:
    + debian/mysql-server-5.1.mysql.upstart: Add upstart script.
    + debian/mysql-server-5.1.mysql.init: Dropped, unused now with upstart.
    + debian/additions/mysqld_safe_syslog.cnf: Dropped, unused now with upstart.
    + debian/additons/my.cnf: Remove pid declaration and setup error logging to /var/log/mysql since
      we're not piping anything around logger anymore.
    + debian/rules, debian/mysql-server-5.1.logcheck.ignore.{paranoid,worstation},
      debian/mysql-server-5.1.logcheck.ignore.server: : Remove references to mysqld_safe
    + debian/patches/38_scripts_mysqld_safe.sh_signals.dpatch: Dropped
  * Added -fno-strict-aliasing to CFLAGS to get around mysql testsuite build failures.
  * Add Apport hook (LP: #354188):
    + debian/mysql-server-5.1.py: apport package hook
    + debian/rules: Make it installable
  * debian/mysql-server-5.1.mysql-server.logrotate: Check to see if mysql is running before
    running logrotate. (LP: #513135)
  * Make the testsuite installable. (LP: #530752)
    + debian/mysql-server-5.1.files, debian/rules: install apport package hook
  * debian/mysql-server-5.1.preinst: Set mysql user's home directory
    to /nonexistent to protect against having the /var/lib/mysql
    user-writeable. If an attacker can trick mysqld into creating
    dot files in the home directory, he could do .rhost-like attacks
    on the system. (LP: #293258)
  * debian/control: mysql-client-5.1 should depend on mysql-core-client-5.1.
    (LP: #590952)