• Developer Zone
• Lists Home
• FAQ

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

MySQL 4.0.24, a new version of the popular Open Source/Free Software 
Database Management System, has been released. It is now available in 
source and binary form for a number of platforms from our download pages 
at http://dev.mysql.com/downloads/ and mirror sites.

Note that not all mirror sites may be up to date at this point in time - 
if you can't find this version on some mirror, please try again later or 
choose another download site.

This is a bugfix release for the recent production version. It also 
includes fixes for recently reported potential security vulnerabilites in 
the creation of temporary table file names and the handling of User 
Defined Functions (UDFs). We would like to thank Stefano Di Paola 
<stefano.dipaola@stripped> for finding and reporting these to us.

Note that these changes affect the way in which User Defined Functions 
(UDF) are loaded. Please refer to the section "User-defined Function 
Security Precautions" in the manual:

http://dev.mysql.com/doc/mysql/en/udf-security.html

Please refer to our bug database at http://bugs.mysql.com/ for more
details about the individual bugs fixed in this version.


News from the ChangeLog:

Functionality added or changed:
   * Security improvement: The server creates `.frm', `.MYD', `.MYI',
     `.MRG', `.ISD', and `.ISM' table files only if a file with the
     same name does not already exist.

   * Security improvement: User-defined functions should have at least
     one symbol defined in addition to the `xxx' symbol that
     corresponds to the main `xxx()' function.  These auxiliary symbols
     correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()',
     `xxx_clear()', and `xxx_add()' functions.  `mysqld' by default no
     longer loads UDFs unless they have at least one auxiliary symbol
     defined in addition to the main symbol.
     The '--allow-suspicious-udfs' option controls
     whether UDFs that have only an `xxx' symbol can be loaded.  By
     default, the option is off.  `mysqld' also checks UDF filenames
     when it reads them from the `mysql.func' table and rejects those
     that contain directory pathname separator characters. (It already
     checked names as given in `CREATE FUNCTION' statements.)
     See the section in the manual on writing UDFs.

   * `InnoDB': Added configuration option and settable global variable
     `innodb_autoextend_increment' for setting the size in megabytes by
     which `InnoDB' tablespaces are extended when they become full.  The
     default value is 8, corresponding to the fixed increment of 8MB in
     previous versions of MySQL.

   * InnoDB: Do not acquire an internal `InnoDB' table lock in `LOCK
     TABLES' if `AUTOCOMMIT=1'. This helps in porting old `MyISAM'
     applications to `InnoDB'. `InnoDB' table locks in that case caused
     deadlocks very easily.

Bugs fixed:
   * `FOUND_ROWS()' returned an incorrect value after a `SELECT
     SQL_CALC_FOUND_ROWS DISTINCT' statement that selected constants
     and included `GROUP BY' and `LIMIT' clauses. (Bug #7945)

   * Queries of the form `(SELECT ...) ORDER BY ...' were being treated
     as a `UNION'.  This improperly resulted in only distinct values
     being returned (because `UNION' by default eliminates.) (Bug #7672)

   * Index cardinality was not being updated properly for `TEMPOARY'
     tables under some circumstances, such as `CREATE TABLE ... SELECT'
     followed by `ANALYZE TABLE'. (Bug #7519)

   * Fixed a server crash caused by `DELETE FROM TBL_NAME ...  WHERE
     ... ORDER BY TBL_NAME.COL_NAME' when the `ORDER BY' column was
     qualified with the table name. (Bug #8392)

   * Fixed a bug in `MATCH ... AGAINST' in natural language mode that
     could cause a server crash if the `FULLTEXT' index was not used in
     a join (`EXPLAIN' did not show `fulltext' join mode) and the
     search query matched no rows in the table (Bug #8522).

   * Platform and architecture information in version information
     produced for `--version' option on Windows was always `Win95/Win98
     (i32)'.  More accurately determine platform as `Win32' or `Win64'
     for 32-bit or 64-bit Windows, and architecture as `ia32' for x86,
     `ia64' for Itanium, and `axp' for Alpha. (Bug #4445)

   * `InnoDB': Honor the `--tmpdir' startup option when creating
     temporary files.  Previously, `InnoDB' temporary files were always
     created in the temporary directory of the operating system.  On
     Netware, `InnoDB' will continue to ignore `--tmpdir'.  (Bug #5822)

   * Fixed an optimization problem that allowed a negative number to be
     stored in a `DOUBLE UNSIGNED' column when it was assigned a value
     from a signed `DOUBLE' column. (Bug #7700)

   * Fixed a failure of multiple-table updates to replicate properly on
     slave servers when `--replicate-*-table' options had been
     specified.  (Bug #7011)

   * Renamed `set_bit()' and `clear_bit()' functions in source code to
     avoid a conflict with functions of the same names in Linux kernel
     header files.  (Bug #7971)

   * Part of the information being used to cache access-permission
     lookups was not always reinitialized properly, particularly for
     connections from localhost on Windows. The result was connection
     failures that appeared to occur randomly.  (Bug #5569)

   * Corrected a problem with the `QUOTE()' function returning bad
     results.  (Bug #8248)

   * Fixed a problem where `INSERT INTO ...SELECT' failed when the
     source and target table were the same. (Bug #6034)

   * Fixed a problem where RPM installation on Linux as a
     non-privileged user would result in incomplete installation. (Bug
     #7347)

   * Change thread stack size used for building Linx RPM distributions
     to avoid warnings about stack size during server startup. (Bug
     #6226)

   * InnoDB: Use native `tmpfile()' function on Netware.  All InnoDB
     temporary files are created under `sys:\tmp'.  Previously, InnoDB
     temporary files were never deleted on Netware.

   * Fixed a symlink vulnerability in the `mysqlaccess' script.
     Reported by Javier Fernandez-Sanguino Pena and Debian Security
     Audit Team (http://www.debian.org/security/audit).  (CAN-2005-0004
     (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004))

   * Fixed support for C API function `mysql_list_fields()', which was
     accidentally broken in 4.0.22 (Bug#6761)

   * Make `query_cache_wlock_invalidate' system variable visible in
     `SHOW VARIABLES' output. (Bug #7594)

   * Fixed a bug which caused `FROM_UNIXTIME()' function to return
     `NULL' for zero argument instead of the Epoch. (Bug #7515)

   * Now in datetime values two digit year is interpreted as year in
     20th or 21st century even with zero month and day. (Bug #7297)

   * Fixed a bug in `QUOTE' function when used in conjunction with some
     other string functions. This lead to severe buffer overflow and
     server crashing. (Bug #7495)

   * InnoDB: Fixed a bug: 32-bit `mysqld' binaries built on HP-UX-11 did
     not work with `InnoDB' files greater than 2 GB in size. (Bug #6189)

   * Fixed that, when encountering a "disk full" or "quota exceeded"
     write error, `MyISAM' sometimes didn't sleep and retry the write,
     thus resulting in a corrupted table. (Bug #7714)

   * Fixed that a slave could crash after replicating many `ANALYZE
     TABLE', `OPTIMIZE TABLE', or `REPAIR TABLE' statements from the
     master. (Bug #6461, Bug #7658)

   * Fixed a bug where MySQL was allowing concurrent updates (inserts,
     deletes) to a table if binary logging is enabled. Changed to
     ensure that all updates are executed in a serialized fashion,
     because they are executed serialized when binlog is replayed. (Bug
     #7879)

   * Fixed a bug that caused the slave to stop on statements that
     produced an error on the master. (Bug #8412)

   * Documented problem with using `mysqldump' in 4.0.x to dump
     `TIMESTAMP(2)' and `TIMESTAMP(4)' column types. (Bug #6530)

Bye,
	LenZ
- -- 
 Lenz Grimmer <lenz@stripped>
 Senior Production Engineer
 MySQL GmbH, http://www.mysql.de/
 Hamburg, Germany
 Are you MySQL certified?  http://www.mysql.com/certification/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCMcsHSVDhKrJykfIRAjZlAJ9CkOgaxhX7UGTZMyTlnXG1iKNsmQCggPrn
z2fuYHBOGbhut4OJLNBHstg=
=n5ca
-----END PGP SIGNATURE-----