Dear MySQL users, MySQL Community Server 5.0.67, a new version of the popular Open Source Database Management System, has been released. The release is now available in source and binary form for a number of platforms from our download pages at
http://dev.mysql.com/downloads/ and mirror sites. Note that not all mirror sites may be up to date at this point in time, so if you can't find this version on some mirror, please try again later or choose another download site. We welcome and appreciate your feedback, bug reports, bug fixes, patches etc.: http://forge.mysql.com/wiki/Contributing The following section lists important, incompatible and security changes since the previous MySQL Community Server 5.0.51b release. The full changelog including many more fixes can be viewed online at http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html Important Functionality added or changed: * Security Enhancement: To enable stricter control over the location from which user-defined functions can be loaded, the plugin_dir system variable has been backported from MySQL 5.1. If the value is non-empty, user-defined function object files can be loaded only from the directory named by this variable. If the value is empty, the behavior that is used before 5.0.67 applies: The UDF object files must be located in a directory that is searched by your system's dynamic linker. (Bug#37428: http://bugs.mysql.com/37428) * Important Change: Incompatible Change: The FEDERATED storage engine is now disabled by default in the .cnf files shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so forth). This affects server behavior only if you install one of these files. (Bug#37069: http://bugs.mysql.com/37069) * Cluster API: Important Change: Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes rather than kilobytes, it has been renamed to page_size_bytes. The name page_size_kb is now deprecated and thus subject to removal in a future release, although it currently remains supported for reasons of backward compatibility. See The Ndb_logevent_type Type (http://dev.mysql.com/doc/ndbapi/en/ndb-logevent-type.html), for more information about NDB_LE_MemoryUsage. (Bug#30271: http://bugs.mysql.com/30271) * Important Change: Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE with respect to detection and handling of tables with incompatible .frm files (files created with a different version of the MySQL server). These changes also affect mysqlcheck because that program uses CHECK TABLE and REPAIR table, and thus also mysql_upgrade because that program invokes mysqlcheck. + If your table was created by a different version of the MySQL server than the one you are currently running, CHECK TABLE ... FOR UPGRADE indicates that the table has an .frm file with an incompatible version. In this case, the result set returned by CHECK TABLE contains a line with a Msg_type value of error and a Msg_text value of Table upgrade required. Please do "REPAIR TABLE `tbl_name`" to fix it! + REPAIR TABLE without USE_FRM upgrades the .frm file to the current version. + If you use REPAIR TABLE ...USE_FRM and your table was created by a different version of the MySQL server than the one you are currently running, REPAIR TABLE will not attempt to repair the table. In this case, the result set returned by REPAIR TABLE contains a line with a Msg_type value of error and a Msg_text value of Failed repairing incompatible .FRM file. Previously, use of REPAIR TABLE ...USE_FRM with a table created by a different version of the MySQL server risked the loss of all rows in the table. (Bug#36055: http://bugs.mysql.com/36055) Important bugs fixed: * Important Change: Security Fix: It was possible to circumvent privileges through the creation of MyISAM tables employing the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY pathname is now disallowed. (Bug#32167: http://bugs.mysql.com/32167, CVE-2008-2079 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079)) * Security Fix: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL. Note The proof-of-concept exploit is freely available on the Internet. Everyone with a vulnerable MySQL configuration is advised to upgrade immediately. (Bug#33814: http://bugs.mysql.com/33814, CVE-2008-0226 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226), CVE-2008-0227 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227)) * Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points. MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111: http://bugs.mysql.com/32111, CVE-2007-5969 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969)) * Security Fix: ALTER VIEW retained the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view. Now ALTER VIEW is allowed only to the original definer or users with the SUPER privilege. (Bug#29908: http://bugs.mysql.com/29908) * Security Fix: When using a FEDERATED table, the local server could be forced to crash if the remote server returned a result with fewer columns than expected. (Bug#29801: http://bugs.mysql.com/29801) * Security Enhancement: It was possible to force an error message of excessive length which could lead to a buffer overflow. This has been made no longer possible as a security precaution. (Bug#32707: http://bugs.mysql.com/32707) * Incompatible Change: With ONLY_FULL_GROUP_BY SQL mode enabled, queries such as SELECT a FROM t1 HAVING COUNT(*)>2 were not being rejected as they should have been. This fix results in the following behavior: + There is a check against mixing group and non-group columns only when ONLY_FULL_GROUP_BY is enabled. + This check is done both for the select list and for the HAVING clause if there is one. This behavior differs from previous versions as follows: + Previously, the HAVING clause was not checked when ONLY_FULL_GROUP_BY was enabled; now it is checked. + Previously, the select list was checked even when ONLY_FULL_GROUP_BY was not enabled; now it is checked only when ONLY_FULL_GROUP_BY is enabled. (Bug#31794: http://bugs.mysql.com/31794) * Incompatible Change: The MySQL 5.0.50 patch for this bug was reverted because it changed the behavior of a General Availability MySQL release. (Bug#30234: http://bugs.mysql.com/30234) See also Bug#27525: http://bugs.mysql.com/27525 * Incompatible Change: Several type-preserving functions and operators returned an incorrect result type that does not match their argument types: COALESCE(), IF(), IFNULL(), LEAST(), GREATEST(), CASE. These now aggregate using the precise SQL types of their arguments rather than the internal type. In addition, the result type of the STR_TO_DATE() function is now DATETIME by default. (Bug#27216: http://bugs.mysql.com/27216) * Incompatible Change: It was possible for option files to be read twice at program startup, if some of the standard option file locations turned out to be the same directory. Now duplicates are removed from the list of files to be read. Also, users could not override system-wide settings using ~/.my.cnf because SYSCONFDIR/my.cnf was read last. The latter file now is read earlier so that ~/.my.cnf can override system-wide settings. The fix for this problem had a side effect such that on Unix, MySQL programs looked for options in ~/my.cnf rather than the standard location of ~/.my.cnf. That problem was addressed as Bug#38180: http://bugs.mysql.com/38180. (Bug#20748: http://bugs.mysql.com/20748) * Important Change: MySQL Cluster: AUTO_INCREMENT columns had the following problems when used in NDB tables: + The AUTO_INCREMENT counter was not updated correctly when such a column was updated. + AUTO_INCREMENT values were not prefetched beyond statement boundaries. + AUTO_INCREMENT values were not handled correctly with INSERT IGNORE statements. + After being set, ndb_autoincrement_prefetch_sz showed a value of 1, regardless of the value it had actually been set to. As part of this fix, the behavior of ndb_autoincrement_prefetch_sz has changed. Setting this to less than 32 no longer has any effect on prefetching within statements (where IDs are now always obtained in batches of 32 or more), but only between statements. The default value for this variable has also changed, and is now 1. (Bug#25176: http://bugs.mysql.com/25176, Bug#31956: http://bugs.mysql.com/31956, Bug#32055: http://bugs.mysql.com/32055) * Important Change: Replication: When the master crashed during an update on a transactional table while in AUTOCOMMIT mode, the slave failed. This fix causes every transaction (including AUTOCOMMIT transactions) to be recorded in the binlog as starting with a BEGIN and ending with a COMMIT or ROLLBACK. (Bug#26395: http://bugs.mysql.com/26395) * Important Change: It was possible to use FRAC_SECOND as a synonym for MICROSECOND with DATE_ADD(), DATE_SUB(), and INTERVAL; now, using FRAC_SECOND with anything other than TIMESTAMPADD() or TIMESTAMPDIFF() produces a syntax error. It is now possible (and preferable) to use MICROSECOND with TIMESTAMPADD() and TIMESTAMPDIFF(), and FRAC_SECOND is now deprecated. (Bug#33834: http://bugs.mysql.com/33834) * Important Change: The server no longer issues warnings for truncation of excess spaces for values inserted into CHAR columns. This reverts a change in the previous release that caused warnings to be issued. (Bug#30059: http://bugs.mysql.com/30059) * Replication: Important Note: Network timeouts between the master and the slave could result in corruption of the relay log. This fix rectifies a long-standing replication issue when using unreliable networks, including replication over wide area networks such as the Internet. If you experience reliability issues and see many You have an error in your SQL syntax errors on replication slaves, we strongly recommend that you upgrade to a MySQL version which includes this fix. (Bug#26489: http://bugs.mysql.com/26489) Enjoy! -- Jonathan Perkin, Product Engineering, MySQL Database Technology Group, Sun Microsystems -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]