-
mysql-5.5 (5.5.46-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.46 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819
CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861
CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
(Closes: #802564)
* Add fix-test-suite-failure-caused-by-arbitrary-date-in-the-future.patch.
Fix test suite failure caused by arbitrary date in the future.
Thanks to Marc Deslauriers <email address hidden>
-- Salvatore Bonaccorso <email address hidden> Fri, 23 Oct 2015 13:35:23 +0200
-
mysql-5.5 (5.5.44-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.44 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620
CVE-2015-2582
(Closes: #792445)
-- Salvatore Bonaccorso <email address hidden> Wed, 15 Jul 2015 17:00:27 +0200
-
mysql-5.5 (5.5.44-0+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.44 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- CVE-2015-4752 CVE-2015-4737 CVE-2015-2648 CVE-2015-2643 CVE-2015-2620
CVE-2015-2582
(Closes: #792445)
-- Salvatore Bonaccorso <email address hidden> Wed, 15 Jul 2015 22:01:14 +0200
-
mysql-5.5 (5.5.43-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Imported Upstream version 5.5.43 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2571
(Closes: #782645)
* Update copyright years for upstream files
-- Salvatore Bonaccorso <email address hidden> Sat, 18 Apr 2015 06:07:42 +0200
-
mysql-5.5 (5.5.42-1) unstable; urgency=medium
[ James Page ]
* SECURITY UPDATE: Update to 5.5.41 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0432,
CVE-2014-6568, CVE-2015-0374
(Closes: #775881).
* d/p/fix-func_math-test-failure.patch: Dropped, included upstream.
[ Akhil Mohan ]
* New upstream version, resolving date driven test failures in certs.
* Example option in log_slow_queries d/additions/my.cnf is deprecated
and replaced with options slow_query_log_file and slow_query_log.
(Closes: #677222)
-- James Page <email address hidden> Mon, 09 Feb 2015 14:12:44 +0000
-
mysql-5.5 (5.5.40-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.40 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463,
CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484,
CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496,
CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,
CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
(Closes: #765663, #769337)
* d/p/fix-mysqlhotcopy-test-failure.patch: Add return code 255 to the list
of allowable return codes for mysqlhotcopy tests.
* d/rules: Enable parallel builds.
-- James Page <email address hidden> Mon, 24 Nov 2014 16:31:57 +0000
-
mysql-5.5 (5.5.39-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.38 to fix security issues:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- CVE-2014-2494
- CVE-2014-4207
- CVE-2014-4258
- CVE-2014-4260
* New upstream release.
* d/p/fix-func_math-test-failure.patch: Fix for failing func_math test
(Closes: #753196, #746883).
-- James Page <email address hidden> Mon, 01 Sep 2014 13:20:20 +0100
-
mysql-5.5 (5.5.37-1) unstable; urgency=medium
* SECURITY UPDATE: Update to 5.5.37 to fix security issues (Closes: #744910)
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- CVE-2014-0001 (Closes: #737596).
- CVE-2014-0384
- CVE-2014-2419
- CVE-2014-2430
- CVE-2014-2431
- CVE-2014-2432
- CVE-2014-2436
- CVE-2014-2438
- CVE-2014-2440
* d/mysql-server-5.5.mysql.init: Fixup indentation on previous change
(Closes: #739846).
* d/rules: Always install apparmor profile, not just on Ubuntu
(Closes: #736087).
* d/control: Update for use of virtual-* packages for switching to/from
MySQL alternatives.
* d/watch,repack.*: Drop repackaging as upstream tarball is now DFSG
compliant.
-- James Page <email address hidden> Thu, 24 Apr 2014 18:03:59 +0100
-
mysql-5.5 (5.5.35+dfsg-2) unstable; urgency=low
[ Clint Byrum ]
* d/mysql-server-5.5.mysql.init: Increase timeout to 30s (Closes: #736452).
* d/mysql-server-5.5.postinst: Run mysql_install_db as mysql so tables are
not created as root (Closes: #737224).
[ Robie Basak ]
* Re-sync relevant Ubuntu changes:
- d/control: Make innotop usable without installing Suggests.
- d/rules: Build with debug symbols.
- d/{additions/my.cnf,mysql-server-5.5.mysql-server.logrotate}:
Write an error log and logrotate it.
- d/control,rules,apparmor-profile,mysql-server-5.5.files:
Add AppArmor profile (Closes: #736087).
- d/control: Move mailx from Recommends to Suggests.
- d/control,d/tests/*: Add DEP-8 tests.
- d/control: Re-add mysql-testsuite metapackage.
[ James Page ]
* d/control: Drop Nicholas from Uploaders, MIA (Closes: #739361).
-- James Page <email address hidden> Wed, 19 Feb 2014 12:37:01 +0000
-
mysql-5.5 (5.5.35+dfsg-1) unstable; urgency=low
[ Clint Byrum ]
* Drop creation of insecure database permissions (Closes: #732306):
- d/p/33_scripts__mysql_create_system_tables__no_test.patch,
d/p/41_scripts__mysql_install_db.sh__no_test.patch,
d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
package, inadvertently dropped in 5.5 transition. This
removes the global anonymous access to the database which
is a security concern.
[ James Page ]
* New upstream release:
- d/p/fix-racey-rpltests.patch: Dropped - no longer required.
- d/p/50_mysql-test__db_test.patch: Add extra permissions to
mysql-run-tests.pl for test_% accounts, fixing failing tests.
- d/p/*: Refreshed patches.
- SECURITY UPDATE:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- CVE-2013-5891
- CVE-2013-5908
- CVE-2014-0386
- CVE-2014-0393
- CVE-2014-0401
- CVE-2014-0402
- CVE-2014-0412
- CVE-2014-0420
- CVE-2014-0437
* Sync changes from NMU 5.5.33+dfsg-0+wheezy1:
- d/NEWS: Add NEWS file to document changes needed to existing databases
to drop insecure database permissions.
- SECURITY UPDATE: Insecure creation of the credential file debian.cnf.
- d/mysql-server-5.5.postinst: Set umask to 066 before creating
debian.cnf file (Closes: #711600).
- CVE-2013-2162
- d/copyright: Update copyright years for upstream files.
* d/control: Update VCS field for new git location.
* d/control: Add myself to Uploaders.
* d/*: Wrap and sort.
* d/control: Bumped Standards-Version, no changes.
-- James Page <email address hidden> Sat, 18 Jan 2014 21:38:18 +0000
-
mysql-5.5 (5.5.33+dfsg-1) unstable; urgency=low
* d/rules, d/control: Remove gcc-4.4 dependency and disable X86
assembly in taocrypt. (Closes: #707280) (Closes: #678252)
* d/patches/fix-mips64el-ftbfs.patch: Fix FTBFS on mips64el.
(Closes: #719196) Thanks YunQuiang Su.
* New upstream release.
SECURITY UPDATE: CVE-2013-1861 CVE-2013-3783 CVE-2013-3793
CVE-2013-3804 CVE-2013-3802 CVE-2013-3809 CVE-2013-3812
(Closes: #706715) (Closes: #712730)
* d/patches/work_around_failing_rpl_deadlock.patch: Test suite
changes upstream have left some connections active. This
patch fixes that. Thanks Kristian Nielsen!
* d/patches/fix-racey-rpltests.patch: Fix from Oracle for failing
tests.
-- Clint Byrum <email address hidden> Thu, 26 Sep 2013 09:14:47 -0700
-
mysql-5.5 (5.5.31+dfsg-1) unstable; urgency=high
* New upstream release.
SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532
CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511
CVE-2013-2391 CVE-2013-1502
- Patches refreshed.
- d/p/yassl.patch - dropped, applied upstream
- d/p/debian-mdev382-fixup.patch: dropped, fixed upstream.
-- Clint Byrum <email address hidden> Mon, 06 May 2013 12:22:55 -0700
-
mysql-5.5 (5.5.30+dfsg-1.1) unstable; urgency=low
* Non-maintainer upload.
* d/p/yassl.patch - patch for CVE-2013-0169 (Closes: #699886)
-- Michael Stapelberg <email address hidden> Sun, 14 Apr 2013 12:45:53 +0200
-
mysql-5.5 (5.5.30+dfsg-1) unstable; urgency=low
* New upstream release.
* d/p/debian-mdev382-fixup.patch - patch from MariaDB, Thanks
Kristian Nielsen. resolves CVE-2012-4414 (Closes: #698068)
-- Clint Byrum <email address hidden> Sun, 24 Mar 2013 16:22:56 -0700
-
mysql-5.5 (5.5.29+dfsg-1) unstable; urgency=low
[ Clint Byrum ]
* d/mysql-server-5.5.postinst: Patch from Alex Bligh to fix privilege
regression that was introduced in the switch from 5.1 to 5.5.
(Closes: #692871)
* New upstream release. (Closes: #695001) Refreshed patches.
-- Nicholas Bamber <email address hidden> Fri, 11 Jan 2013 15:29:53 +0000
-
mysql-5.5 (5.5.28+dfsg-1) unstable; urgency=low
* New upstream release (resolves CVE-2012-3163, CVE-2012-3158, CVE-2012-3177,
CVE-2012-3147, CVE-2012-3166, CVE-2012-3173, CVE-2012-3144, CVE-2012-3150,
CVE-2012-3180, CVE-2012-3149, CVE-2012-3156, CVE-2012-3167, CVE-2012-3197,
CVE-2012-3160) (Closes: #690778)
* Removed debian/patches/73_mysqlcheck_tests.patch and
debian/patches/2_main_openssl_1.patch as they did not apply cleanly and did
not seem to be required any longer
* Refreshed patches and updated headers:
- debian/patches/73_mysqlcheck_tests.patch
- debian/patches/94_spelling.patch
- debian/patches/70_mysql_va_list.patch
-- Nicholas Bamber <email address hidden> Sun, 28 Oct 2012 09:22:24 +0000
-
mysql-5.5 (5.5.24+dfsg-9) unstable; urgency=low
* Danish debconf translation (Closes: #684566)
* Turkish debconf translation (Closes: #688294)
* Loosened versioned dependency between mysql-server-5.5 and
mysql-server-core-5.5, hopefully (Closes: #686803)
* Restored zlib1g-dev (>= 1:1.1.3-5) as a build dependency
and made the use of system libz explicit in debian/rules
-- Nicholas Bamber <email address hidden> Sat, 22 Sep 2012 15:01:11 +0100
-
mysql-5.5 (5.5.24+dfsg-8) unstable; urgency=low
* Updated debian/copyright after analysis from development version
of license-reconcile (Closes: #682311)
- 'Comments' field to corrected to 'Comment'
- Missing paragraphs for '*', 'debian/*' and for the mysqlreport
and innotop scripts
- Removed duplicate entries from Files listings
- Added clause for files licensed under BSD (4-clause)
- Clarified 'BSD (3 clause) GPL-2' as being 'BSD (3 clause) or GPL-2'
* Updated Slovak debconf translation (Closes: #684644)
-- Nicholas Bamber <email address hidden> Tue, 04 Sep 2012 06:56:24 +0100
-
mysql-5.5 (5.5.24+dfsg-7) unstable; urgency=low
* Updated Turkish debconf translation (Closes: #683733)
* Use xz compression for binary packages (Closes: #684146)
-- Nicholas Bamber <email address hidden> Sat, 11 Aug 2012 21:02:27 +0100
-
mysql-5.5 (5.5.24+dfsg-6) unstable; urgency=low
* Updated Czech debconf translation (Closes: #681711)
-- Nicholas Bamber <email address hidden> Sun, 29 Jul 2012 13:04:46 +0100
-
mysql-5.5 (5.5.24+dfsg-5) unstable; urgency=medium
* Spanish debconf translation (Closes: #679053)
-- Nicholas Bamber <email address hidden> Sat, 14 Jul 2012 13:36:13 +0100
-
mysql-5.5 (5.5.24+dfsg-4) unstable; urgency=low
* Made DFSG repacking mechanism independent of local installs, improved
the documentation and added debian/README.source
* Setting the gcc/g++ version to 4.4 on i386 platforms and removed
patch disabling tests (Closes: #674267) but see #678252 for follow
up from upstream
* Danish debconf translation (Closes: #599483)
-- Nicholas Bamber <email address hidden> Thu, 21 Jun 2012 13:36:40 +0100
-
mysql-5.5 (5.5.24+dfsg-3) unstable; urgency=high
* Added versioned dependency on initscripts and revert /var/run
to /run change (Closes: #676560)
-- Nicholas Bamber <email address hidden> Thu, 07 Jun 2012 23:29:32 +0100
-
mysql-5.5 (5.5.24+dfsg-2) unstable; urgency=low
* Really bumped the version in shlibs
-- Nicholas Bamber <email address hidden> Mon, 04 Jun 2012 23:03:35 +0100
-
mysql-5.5 (5.5.24+dfsg-1) unstable; urgency=low
* New upstream release. Fixes CVE-2012-2102 mysql DoS by authenticated user
* Updated Portuguese translation (Closes: #674953)
* Updated Swedish translation (Closes: #675108)
* Updated German translation (Closes: #675766)
* Refreshed spelling patch
* Added patch to libmysql/CMakeLists.txt to restore symbol versioning
and bumped dependency in shlibs (Closes: #660686)
* Ensured that /etc/mysql/conf.d is installed as part of mysql-common
so that client programs work without a co-located server (Closes: #672359)
* Added versioned Breaks clause against amarok (cf. #675304)
-- Nicholas Bamber <email address hidden> Mon, 04 Jun 2012 18:17:04 +0100
-
mysql-5.5 (5.5.23+dfsg-2) unstable; urgency=low
* Fixing regular expression in tests to guard against build path containing
the '+' symbol (Closes: #674210)
* Disabled certain SSL tests pending investigation (cf. #674267)
* Updated French translation (Closes: #674025)
* Updated Dutch translation (Closes: #674124)
* Updated Russian translation (Closes: #674189)
-- Nicholas Bamber <email address hidden> Fri, 25 May 2012 23:38:16 +0100
-
mysql-5.5 (5.5.23+dfsg-1) unstable; urgency=low
* Revert having libssl-dev as a build dependency and changed
WITH_SSL option to 'bundled' from 'yes' (Closes: #590905)
and (Closes: #673865)
* Standardized debian/watch and get-orig-source and made DFSG exclusion
of Docs/mysql.info explicit (Closes: #673528)
* Located and installed upstream changelog
-- Nicholas Bamber <email address hidden> Tue, 22 May 2012 21:42:39 +0100
-
mysql-5.5 (5.5.23-2) unstable; urgency=low
* Stopped overriding the -j build parameter (Closes: #512964)
* Stopped testing for /proc filesystem. It is no longer used
for determining the number of CPUs.
* Removed unnecessary build dependencies:
- procps as it is required by cmake, cf. #96768
- zlib1g newer version required by cmake
- libtool obsoleted by cmake
- file required by debhelper
* Migrated libmysqld-dev, libmysqld-pic, libmysqlclient18 to using
dh_install rather than dh_movefiles
* Changed /var/run to /run as required by Debian Policy 3.9.3 (9.1.1)
* Raised standards version to 3.9.3
* Moved '-e' from shebang line to explicit 'set -e' as requested by lintian
* Restored ha_example.so to mysql-server-5.5 but added Breaks/Replaces
clauses (cf. LP: #912487) and (Closes: #666721)
* Added additional Breaks/Replaces clauses for other clashes:
- mysql-server-5.5 overwrites perror from mysql-client-5.1
- mysql-server-core-5.5 overwrites my_print_defaults from mysql-client-5.1
-- Nicholas Bamber <email address hidden> Tue, 08 May 2012 05:59:09 +0100
