Ubuntu
mysql-dfsg-5.0 package

Change logs for mysql-dfsg-5.0 source package in Jaunty

  1. Jaunty (9.04)
  2. Change log 
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.5) jaunty-security; urgency=low

  * SECURITY UPDATE: privilege check bypass via crafted table name argument
    to COM_FIELD_LIST
    - debian/patches/102_CVE-2010-1848.dpatch: check table name in
      sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
    - CVE-2010-1848
  * SECURITY UPDATE: denial of service via large packets
    - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
      sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
    - CVE-2010-1849
  * SECURITY UPDATE: arbitrary code execution via crafted table name
    argument to COM_FIELD_LIST
    - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
      sql/sql_parse.cc.
    - CVE-2010-1850
  * SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
    - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
      myisam/mi_delete_table.c, add tests to mysql-test/*.
    - CVE-2010-1626
 -- Marc Deslauriers <email address hidden>   Thu, 27 May 2010 11:52:10 -0400
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.3) jaunty-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting in the command-line client
    - debian/patches/93_CVE-2008-4456.dpatch: use xmlencode_print in
      client/mysql.cc, add test to mysql-test/*.
    - CVE-2008-4456
  * SECURITY UPDATE: format string vulnerabilities in the dispatch_command
    function
    - debian/patches/94_CVE-2009-2446.dpatch: use correct format string in
      sql/sql_parse.cc, add test to tests/mysql_client_test.c.
    - CVE-2009-2446
  * SECURITY UPDATE: denial of service via certain SELECT statements with
    subqueries and statements that use the GeomFromWKB function
    - debian/patches/95_CVE-2009-4019.dpatch: return proper errors in
      sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
      null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
    - CVE-2009-4019
  * SECURITY UPDATE: privilege restriction bypass via incorrect calculation
    of the mysql_unpacked_real_data_home value
    - debian/patches/96_CVE-2009-4030.dpatch: fix initialization order in
      sql/mysqld.cc.
    - CVE-2009-4030
  * SECURITY UPDATE: arbitrary code execution via yassl stack overflow
    - debian/patches/97_CVE-2009-4484.dpatch: validate lengths in
      extra/yassl/taocrypt/src/asn.*.
    - CVE-2009-4484
  * debian/patches/92_ssl_test_cert.dpatch: disabled patch as certs are now
    expired.
  * debian/patches/98_ssl_test_certs.dpatch: update certificates in the
    test suite as they are expired. The new certs expire 2015-01-28.
 -- Marc Deslauriers <email address hidden>   Mon, 08 Feb 2010 08:50:16 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.2) jaunty-proposed; urgency=low

  * debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch: wait in the
    SIGHUP trap to avoid killing an existing mysqld process when a HUP signal
    is sent to mysqld_safe. (LP: #326768)

 -- Mathias Gug <email address hidden>   Mon, 11 May 2009 22:41:44 -0400
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10.1) jaunty-proposed; urgency=low

  * debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch:
    - Don't trap sighup as it's causing mysqld to refresh while it has
      open connections. (LP: #326768)

 -- Mario Limonciello <email address hidden>   Tue, 05 May 2009 13:28:47 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10) jaunty; urgency=low

  * debian/mysql-server-5.0.postinst: Clear out the second password
    when setting up mysql. (LP: #344816)

 -- Chuck Short <email address hidden>   Mon, 30 Mar 2009 14:59:35 -0400
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu9) jaunty; urgency=low

  * debian/apparmor-profile: add 'network tcp' and access to
    /var/run/samba/winbindd_privileged/pipe (LP: #306886)
  * debian/apparmor-profile: add '/var/log/mysql.log rw' and
    '/var/log/mysql.err rw' (LP: #348532)

 -- Jamie Strandboge <email address hidden>   Wed, 25 Mar 2009 11:47:10 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu8) jaunty; urgency=low

  * debian/apparmor-profile: add 'capability sys_resource' so that
    settings in /etc/mysql/my.cnf will work properly (LP: #306541)

 -- Jamie Strandboge <email address hidden>   Tue, 17 Mar 2009 18:04:05 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu7) jaunty; urgency=low

  * Revert 56-mysqlhotcopy-invalid-dbtable.dpatch: The behavior of
    $dbh->tables() has changed. Instead of returning a simple
    "tablename" it returns a full "databasename.tablename". LP: #296952

 -- Andreas Olsson <email address hidden>   Sat, 31 Jan 2009 22:34:54 +0100
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu6) jaunty; urgency=low

  [ Andreas Olsson <email address hidden> ]
  * Modifies debian-start.inc.sh to support ANSI mode (LP: #310211)

 -- Dustin Kirkland <email address hidden>   Thu, 12 Feb 2009 14:39:04 -0600
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu5) jaunty; urgency=low

  [ Andreas Olsson ]
  * debian/patches/92_ssl_test_cert.dpatch: Re-generated the PKI files needed
    for the tests.
    (LP: #323755)

 -- Mathias Gug <email address hidden>   Tue, 03 Feb 2009 04:36:21 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu4) jaunty; urgency=low

  * debian/additions/my.cnf: remove language option. Error message files are
    located in a different directory in MySQL 5.1. Setting the language option
    to use /usr/share/mysql/ breaks 5.1. Both 5.0 and 5.1 use a default value
    that works. (LP: #316974).

 -- Mathias Gug <email address hidden>   Thu, 29 Jan 2009 16:01:31 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu3) jaunty; urgency=low

  * debian/additions/my.cnf: remove skip-bdb option. This option is not
    available in 5.1 anymore. Moreover 5.0 isn't build with the BerkeleyDB
    engine. (LP: #316849)
  * debian/mysql-sever-core-5.0.files: move character sets files to -core as
    they're required for mysqld to properly support character sets.

 -- Mathias Gug <email address hidden>   Wed, 21 Jan 2009 19:41:14 -0500
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu2) jaunty; urgency=low

  * Create mysql-server-core-5.0 package for files needed by Akonadi

 -- Jonathan Riddell <email address hidden>   Fri, 16 Jan 2009 11:34:29 +0000
  • mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu1) jaunty; urgency=low

  * No change upload. Rebuild so that libmysqlclient15-dev is again available
    in jaunty. mysql-dfsg-5.1_5.1.30-2ubuntu1 provided a libmysqlclient15-dev
    transitional package. -2ubuntu2 doesn't provide libmysqlclient15-dev
    anymore. (LP: #316280).

 -- Mathias Gug <email address hidden>   Tue, 13 Jan 2009 13:24:13 -0500
  • mysql-dfsg-5.0 (5.0.75-1ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - Set maintainer to Ubuntu Core dev. Move Debian maintainer to
      XSBC-Original-Maintainer.
    - Add a mysql-doc-5.0 as a Suggest to mysql-client-5.0 mysql-server-5.0
      and libmysql15-dev
    - Prepend XS-Original- to Vcs-{Browser, SVN}.
    - Fix man page conflicts with mysql-doc-5.0 when upgrading from gutsy
      for mysql-server-5.0, mysql-client-5.0, and libmysqlclient15-dev
      packages.
    - Replaces and Conflicts apparmour-profiles << 2.1+1075-0ubuntu4 to allow
      proper upgrades from gutsy.
    - Lower mailx from a Recommends to a Suggests, which is pulling in
      exim4 on all installs fo mysql-server. (LP: #259477)
   * debian/rules:
     - Apply same configuration options on lopia as for i386.
     - Replace --with-comment="Debian" with --with-comment"Ubuntu".
   * debian/additions/my.cnf:
     - Add note about the "/etc/mysql/conf.d" directory in my.cnf.
     - Add warning about apparmor. (LP: #201799)
   * Follow ApparmorProfileMigration and force apparmor complain mode on some
     upgrades (LP: #203531)
     - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
     - debian/mysql-server-5.0.dirs: add etc/apparmor.d/force-complain
     - debian/mysql-server-5.0.preinst: create symlink for force-complain/
       on pre-feisty upgrades, upgrades where apparmor-profiles profile is
       unchanged (ie non-enforcing) and upgrades where the profile doesn't
       exist.
     - debian/mysql-server-5.0.postrm: remove symlink in force-complain/ on
       purge.

mysql-dfsg-5.0 (5.0.75-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    + debian/patches/33_scripts__mysql_create_system_tables__no_test.dpatch
  * Remove patches:
    + debian/patches/50_fix_agg_functions.dpatch

 -- Chuck Short <email address hidden>   Tue, 06 Jan 2009 22:04:12 +0000
  • mysql-dfsg-5.0 (5.0.75-0ubuntu1) jaunty; urgency=low

  * New upstream release.
  * debian/rules
    + Add -fno-strict-aliasing to fix FTBFS failures in the mysql
      testsuite.
  * Dropped debian/patches/80_fix_user_setup_on_localhost.dpatch. Already
    fixed upstream.

 -- Chuck Short <email address hidden>   Tue, 06 Jan 2009 08:59:29 -0500
  • mysql-dfsg-5.0 (5.0.67-0ubuntu6) intrepid; urgency=low

  * Clean up mysql apparmor profile. (LP: #270663)

 -- Chuck Short <email address hidden>   Thu, 18 Sep 2008 09:37:56 -0400