-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
MySQL 4.0.24, a new version of the popular Open Source/Free Software Database Management System, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://dev.mysql.com/downloads/ and mirror sites. Note that not all mirror sites may be up to date at this point in time - if you can't find this version on some mirror, please try again later or choose another download site. This is a bugfix release for the recent production version. It also includes fixes for recently reported potential security vulnerabilites in the creation of temporary table file names and the handling of User Defined Functions (UDFs). We would like to thank Stefano Di Paola <[EMAIL PROTECTED]> for finding and reporting these to us. Note that these changes affect the way in which User Defined Functions (UDF) are loaded. Please refer to the section "User-defined Function Security Precautions" in the manual: http://dev.mysql.com/doc/mysql/en/udf-security.html Please refer to our bug database at http://bugs.mysql.com/ for more details about the individual bugs fixed in this version. News from the ChangeLog: Functionality added or changed: * Security improvement: The server creates `.frm', `.MYD', `.MYI', `.MRG', `.ISD', and `.ISM' table files only if a file with the same name does not already exist. * Security improvement: User-defined functions should have at least one symbol defined in addition to the `xxx' symbol that corresponds to the main `xxx()' function. These auxiliary symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()', `xxx_clear()', and `xxx_add()' functions. `mysqld' by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol. The '--allow-suspicious-udfs' option controls whether UDFs that have only an `xxx' symbol can be loaded. By default, the option is off. `mysqld' also checks UDF filenames when it reads them from the `mysql.func' table and rejects those that contain directory pathname separator characters. (It already checked names as given in `CREATE FUNCTION' statements.) See the section in the manual on writing UDFs. * `InnoDB': Added configuration option and settable global variable `innodb_autoextend_increment' for setting the size in megabytes by which `InnoDB' tablespaces are extended when they become full. The default value is 8, corresponding to the fixed increment of 8MB in previous versions of MySQL. * InnoDB: Do not acquire an internal `InnoDB' table lock in `LOCK TABLES' if `AUTOCOMMIT=1'. This helps in porting old `MyISAM' applications to `InnoDB'. `InnoDB' table locks in that case caused deadlocks very easily. Bugs fixed: * `FOUND_ROWS()' returned an incorrect value after a `SELECT SQL_CALC_FOUND_ROWS DISTINCT' statement that selected constants and included `GROUP BY' and `LIMIT' clauses. (Bug #7945) * Queries of the form `(SELECT ...) ORDER BY ...' were being treated as a `UNION'. This improperly resulted in only distinct values being returned (because `UNION' by default eliminates.) (Bug #7672) * Index cardinality was not being updated properly for `TEMPOARY' tables under some circumstances, such as `CREATE TABLE ... SELECT' followed by `ANALYZE TABLE'. (Bug #7519) * Fixed a server crash caused by `DELETE FROM TBL_NAME ... WHERE ... ORDER BY TBL_NAME.COL_NAME' when the `ORDER BY' column was qualified with the table name. (Bug #8392) * Fixed a bug in `MATCH ... AGAINST' in natural language mode that could cause a server crash if the `FULLTEXT' index was not used in a join (`EXPLAIN' did not show `fulltext' join mode) and the search query matched no rows in the table (Bug #8522). * Platform and architecture information in version information produced for `--version' option on Windows was always `Win95/Win98 (i32)'. More accurately determine platform as `Win32' or `Win64' for 32-bit or 64-bit Windows, and architecture as `ia32' for x86, `ia64' for Itanium, and `axp' for Alpha. (Bug #4445) * `InnoDB': Honor the `--tmpdir' startup option when creating temporary files. Previously, `InnoDB' temporary files were always created in the temporary directory of the operating system. On Netware, `InnoDB' will continue to ignore `--tmpdir'. (Bug #5822) * Fixed an optimization problem that allowed a negative number to be stored in a `DOUBLE UNSIGNED' column when it was assigned a value from a signed `DOUBLE' column. (Bug #7700) * Fixed a failure of multiple-table updates to replicate properly on slave servers when `--replicate-*-table' options had been specified. (Bug #7011) * Renamed `set_bit()' and `clear_bit()' functions in source code to avoid a conflict with functions of the same names in Linux kernel header files. (Bug #7971) * Part of the information being used to cache access-permission lookups was not always reinitialized properly, particularly for connections from localhost on Windows. The result was connection failures that appeared to occur randomly. (Bug #5569) * Corrected a problem with the `QUOTE()' function returning bad results. (Bug #8248) * Fixed a problem where `INSERT INTO ...SELECT' failed when the source and target table were the same. (Bug #6034) * Fixed a problem where RPM installation on Linux as a non-privileged user would result in incomplete installation. (Bug #7347) * Change thread stack size used for building Linx RPM distributions to avoid warnings about stack size during server startup. (Bug #6226) * InnoDB: Use native `tmpfile()' function on Netware. All InnoDB temporary files are created under `sys:\tmp'. Previously, InnoDB temporary files were never deleted on Netware. * Fixed a symlink vulnerability in the `mysqlaccess' script. Reported by Javier Fernandez-Sanguino Pena and Debian Security Audit Team (http://www.debian.org/security/audit). (CAN-2005-0004 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004)) * Fixed support for C API function `mysql_list_fields()', which was accidentally broken in 4.0.22 (Bug#6761) * Make `query_cache_wlock_invalidate' system variable visible in `SHOW VARIABLES' output. (Bug #7594) * Fixed a bug which caused `FROM_UNIXTIME()' function to return `NULL' for zero argument instead of the Epoch. (Bug #7515) * Now in datetime values two digit year is interpreted as year in 20th or 21st century even with zero month and day. (Bug #7297) * Fixed a bug in `QUOTE' function when used in conjunction with some other string functions. This lead to severe buffer overflow and server crashing. (Bug #7495) * InnoDB: Fixed a bug: 32-bit `mysqld' binaries built on HP-UX-11 did not work with `InnoDB' files greater than 2 GB in size. (Bug #6189) * Fixed that, when encountering a "disk full" or "quota exceeded" write error, `MyISAM' sometimes didn't sleep and retry the write, thus resulting in a corrupted table. (Bug #7714) * Fixed that a slave could crash after replicating many `ANALYZE TABLE', `OPTIMIZE TABLE', or `REPAIR TABLE' statements from the master. (Bug #6461, Bug #7658) * Fixed a bug where MySQL was allowing concurrent updates (inserts, deletes) to a table if binary logging is enabled. Changed to ensure that all updates are executed in a serialized fashion, because they are executed serialized when binlog is replayed. (Bug #7879) * Fixed a bug that caused the slave to stop on statements that produced an error on the master. (Bug #8412) * Documented problem with using `mysqldump' in 4.0.x to dump `TIMESTAMP(2)' and `TIMESTAMP(4)' column types. (Bug #6530) Bye, LenZ - -- Lenz Grimmer <[EMAIL PROTECTED]> Senior Production Engineer MySQL GmbH, http://www.mysql.de/ Hamburg, Germany Are you MySQL certified? http://www.mysql.com/certification/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCMcsHSVDhKrJykfIRAjZlAJ9CkOgaxhX7UGTZMyTlnXG1iKNsmQCggPrn z2fuYHBOGbhut4OJLNBHstg= =n5ca -----END PGP SIGNATURE----- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
