Accepted mysql-dfsg-5.0 5.0.24a-9 (source)

Ubuntu Installer archive at ubuntu.com
Wed Oct 11 23:19:05 BST 2006


Accepted:
 OK: mysql-dfsg-5.0_5.0.24a.orig.tar.gz
 OK: mysql-dfsg-5.0_5.0.24a-9.diff.gz
 OK: mysql-dfsg-5.0_5.0.24a-9.dsc
     -> Component: main Section: misc

Origin: Debian/unstable
Format: 1.7
Date: Wed,  11 Oct 2006 23:17:53 +0100
Source: mysql-dfsg-5.0
Binary: mysql-client, mysql-client-5.0, mysql-server-5.0, libmysqlclient15-dev, mysql-server, mysql-common, libmysqlclient15off
Architecture: source
Version: 5.0.24a-9
Distribution: edgy
Urgency: high
Maintainer: Christian Hammers <ch at debian.org>
Changed-By: Adam Conrad <adconrad at 0c3.net>
Closes: 298295 316127 368639 368661 377651 377651 378949 379199 380271 381038 381043 382778 383700 384047 384221 384399 384798 385119 385348 385669 385874 385947 386274 387369 387481 388262 388491 388941 389443 390315 390692 390980
Changes: 
 mysql-dfsg-5.0 (5.0.24a-9) unstable; urgency=medium
 .
   * Having expire_logs_days enabled but log-bin not crashes the server. Using
     both or none of those options is safe. To prevent this happening during the 
     nightly log rotation via /etc/logrotate.d/mysql the initscript checks for 
     malicious combination of options. See: #368547
   * The Sarge package "mysql-server" which used to include the mysqld daemon
     may still be in unselected-configured state (i.e. after a remove but not
     purge) in which case its now obsolete cronscript has to be moved away
     (thanks to Charles Lepple). Closes: #385669
   * Updated Danish Debconf translation (thanks to Claus Hindsgaul).
     Closes: #390315
   * Updated Frensh Debconf translation (thanks to Christian Perrier).
     Closes: #390980
 .
 mysql-dfsg-5.0 (5.0.24a-8) unstable; urgency=low
 .
   * (broken upload)
 .
 mysql-dfsg-5.0 (5.0.24a-7) unstable; urgency=low
 .
   * Stopped mysql_config from announcing unnecessary library dependencies
     which until now cause "NEEDED" dependencies in the "readelf -d" output
     of libraries who only depend on libmysqlclient.so (thanks to Michal
     Cihar). Closes: #390692
 .
 mysql-dfsg-5.0 (5.0.24a-6) unstable; urgency=low
 .
   [sean finney]
   * finally add support for setting a root password at install.
     while this is not a random password as requested in one bug
     report, we believe it is the best solution and provides a
     means to set a random password via preseeding if it's really
     desired (Closes: #316127, #298295).
 .
 mysql-dfsg-5.0 (5.0.24a-5) unstable; urgency=low
 .
   * Added ${shlibs:Depends} to debian/control section libmysqlclient-dev as it
     contains the experimental /usr/lib/mysql/libndbclient.so.0.0.0.
   * Bumped standards version to 3.7.2.
   * Added LSB info section to init scripts.
   * Rephrased Debconf templates as suggested by lintian.
   * Added benchmark suite in /usr/share/mysql/sql-bench/.
   * The mysql.timezone* tables are now filled by the postinst script (thanks
     to Mark Sheppard). Closes: #388491
   * Moved Debconf install notes to README.Debian. Displaying them with
     medium priority was a bug anyway. Closes: #388941
   * Replaced /usr/bin/mysql_upgrade by /usr/bin/mysql_upgrade_shell in
     /etc/mysql/debian-start.sh as it works without errors (thanks to Javier
     Kohen). Closes: #389443
 .
 mysql-dfsg-5.0 (5.0.24a-4) unstable; urgency=high
 .
   * libmysqlclient.so.15 from 5.0.24 accidentaly exports some symbols that are
     historically exported by OpenSSL's libcrypto.so. This bug was supposed to
     be fixed in 5.0.24a bug according to the mysql bug tracking system will
     only be fixed in 5.0.25 so I backported the patch. People already reported
     crashing apps due to this (thanks to Duncan Simpson). See also: #385348
     Closes: #388262
   * Fixed BLOCKSIZE to BLOCK_SIZE in initscript (thanks to Bruno Muller).
     Closes: #385947
   * Added hint to "--extended-insert=0" to mysqldump manpage (thanks to Martin
     Schulze).
   * Documented the meaning of "NDB" in README.Debian (thanks to Dan Jacobson).
     Closes: #386274
   * Added patch to build on hurd-i386 (thanks to Cyril Brulebois). Closes: #387369
   * Fixed debian-start script to work together with the recend LSB modifications in
     the initscript (thanks to wens). Closes: #387481
   * Reverted tmpdir change in my.cnf back to /tmp to comply with FHS (thanks
     to Alessandro Valente). Closes: #382778
   * Added logcheck filter rule (thanks to Paul Wise). Closes: #381043
   * I will definetly not disable InnoDB but added a note to the default my.cnf
     that disabling it saves about 100MB virtual memory (thanks to Olivier
     Berger). Closes: #384399
   * Added thread_cache_size=8 to default my.cnf as this variable seems to have
     a negligible memory footprint but can improve performance when lots of
     threads connect simultaneously as often seen on web servers.
 .
 mysql-dfsg-5.0 (5.0.24a-3) unstable; urgency=low
 .
   * Fixed potential tempfile problem in the newly added mysqlreport script.
 .
 mysql-dfsg-5.0 (5.0.24a-2) unstable; urgency=low
 .
   * Added "mysqlreport" (GPL'ed) from hackmysql.com.
   * Temporarily disabled expire_days option as it causes the server
     to crash. See #368547
   * Made output of init scripts LSB compliant (thanks to David Haerdeman).
     Closes: #385874
 .
 mysql-dfsg-5.0 (5.0.24a-1) unstable; urgency=high
 .
   * New upstream version.
   * The shared library in the 5.0.24 upstream release accidently exported 
     some symbols that are also exported by the OpenSSL libraries (notably
     BN_bin2bn) causing unexpected behaviour in applications using these 
     functions (thanks to Peter Cernak). Closes: #385348
   * Added note about possible crash on certain i486 clone CPUs.
   * Made recipient address of startup mysqlcheck output configurable
     (thanks to Mattias Guns). Closes: #385119
 .
 mysql-dfsg-5.0 (5.0.24-3) unstable; urgency=high
 .
   * SECURITY:
     CVE-2006-4226:
     When run on case-sensitive filesystems, MySQL allows remote
     authenticated users to create or access a database when the database 
     name differs only in case from a database for which they have
     permissions.
     CVE-2006-4227:
     MySQL evaluates arguments of suid routines in the security context of
     the routine's definer instead of the routine's caller, which allows
     remote authenticated users to gain privileges through a routine that 
     has been made available using GRANT EXECUTE.
     Thanks to Stefan Fritsch for reporting. Closes: #384798
 .
 mysql-dfsg-5.0 (5.0.24-2) unstable; urgency=high
 .
   * 5.0.24-1 introduced an ABI incompatibility, which this patch reverts.
     Programs compiled against 5.0.24-1 are not compatible with any other
     version and needs a rebuild.
     This bug already caused a lot of segfaults and crashes in various 
     programs. Thanks to Chad MILLER from MySQL for quickly providing a patch.
     The shlibdeps version has been increased to 5.0.24-2.
     Closes: #384047, #384221, #383700
 .
 mysql-dfsg-5.0 (5.0.24-1) unstable; urgency=high
  
   * SECURITY: Upstream fixes a security bug which allows a user to continue
     accessing a table using a MERGE TABLE after the right to direct access to
     the database has been revoked (CVE-2006-4031, MySQL bug #15195).
     (Well they did not exactly fixed it, they documented the behaviour and
     allow the admin to disable merge table alltogether...). Closes: #380271
   * SECURITY: Applied patch that fixes a possibly insecure filehandling
     in the recently added mysql_upgrade binary file (MySQL bug #10320).
   * New upstream version.
     - Fixes nasty MySQL bug #19618 that leads to crashes when using
       "SELECT ... WHERE ... not in (1, -1)" (e.g. vbulletin was affected).
     - Fixes upstream bug #16803 so that linking ~/.mysql_history to /dev/null
       now has the desired effect of having no history.
   * Really fixed the runlevels. Closes: #377651
   * Added patch for broken upstream handling of "host=" to mysql_upgrade.c.
   * Adjusted /etc/mysql/debian-start to new mysql_upgrade.c
 .
 mysql-dfsg-5.0 (5.0.22-5) unstable; urgency=low
 .
   * Added further line to the logcheck ignore files (thanks to Paul Wise).
     Closes: #381038
 .
 mysql-dfsg-5.0 (5.0.22-4) unstable; urgency=low
 .
   * Upstream fixes a bug in the (never released) version 5.0.23 which could
     maybe used to crash the server if the mysqlmanager daemon is in use
     which is not yet the default in Debian. (CVE-2006-3486 *DISPUTED*)
   * Changed runlevel priority of mysqld from 20 to 19 so that it gets started
     before apache and proftpd etc. which might depend on an already running
     database server (thanks to Martin Gruner). Closes: #377651
   * Added patch which sets PATH_MAX in ndb (thanks to Cyril Brulebois).
     Closes: #378949
   * Activated YaSSL as licence issues are settled according to:
     http://bugs.mysql.com/?id=16755. This also closes the FTBFS bug
     regarding OpenSSL as it is discouraged to use now. Closes: #368639
   * Removed SSL-MINI-HOWTO as the official documentation is good enough now.
   * mysql_upgrade no longer gives --password on the commandline which would
     be insecure (thanks to Dean Gaudet). Closes: #379199
   * Adjusted debian/patches/45* to make consecutive builds in the same source
     tree possible (thanks to Bob Tanner). Closes: #368661
   * mysql-server-5.0 is now suggesting tinyca as yaSSL is enabled and tinyca
     was found to be really cool :)
   * Moved tempdir from /tmp to /var/tmp as it will more likely have enough
     free space as /tmp is often on the root partition and /var or at least
     /var/tmp is on a bigger one.
Files: 
 9641fcc4f34b4a2651d1aabb3b72a971 18663598 misc optional mysql-dfsg-5.0_5.0.24a.orig.tar.gz
 df9e3b756f3fcac267863f4b27fa03d9 140056 misc optional mysql-dfsg-5.0_5.0.24a-9.diff.gz
 a13e109a169c3831a16a86b8f57522f0 1093 misc optional mysql-dfsg-5.0_5.0.24a-9.dsc





More information about the edgy-changes mailing list