| List: | Internals | « Previous MessageNext Message » | |
| From: | jon | Date: | June 23 2005 4:28am |
| Subject: | bk commit - mysqldoc@docsrva tree (jon:1.2859) | ||
| View as plain text | |||
Below is the list of changes that have just been committed into a local mysqldoc repository of jon. When jon does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://www.mysql.com/doc/I/n/Installing_source_tree.html ChangeSet 1.2859 05/06/23 12:27:57 jon@stripped +3 -0 1. news-5-0-8, news-4-1-13: Documented security bugfix for Windows versions (Bug#9148, CAN-2005-0799); removed reference to this fix in news-5-0-7. 2. Fixed formatting for bug# refs - these should be "Bug[space]#nnnn" in order to be auto-converted to links. 3. Synced refman-4.1 and refman-5.0 trees. refman/news.xml 1.21 05/06/23 12:27:55 jon@stripped +88 -55 1. news-5-0-8, news-4-1-13: Documented security bugfix for Windows versions (Bug#9148, CAN-2005-0799); removed reference to this fix in news-5-0-7. 2. Fixed formatting for bug# refs - these should be "Bug[space]#nnnn" in order to be auto-converted to links. refman-5.0/news.xml 1.17 05/06/23 12:27:54 jon@stripped +88 -55 Synced with refman. refman-4.1/news.xml 1.17 05/06/23 12:27:54 jon@stripped +88 -55 Synced with refman. # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: jon # Host: gigan.site # Root: /home/jon/bk/mysqldoc --- 1.16/refman-4.1/news.xml 2005-06-23 02:56:55 +10:00 +++ 1.17/refman-4.1/news.xml 2005-06-23 12:27:54 +10:00 @@ -264,28 +264,50 @@ <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + <emphasis role="bold">Note</emphasis>: Although this bug was + thought to be fixed previously, it was later discovered to be + present in the MySQL 5.0.7-beta release for Windows. (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para><literal>SELECT * FROM <replaceable>table</replaceable></literal> returned incorrect results when called from a stored procedure, where <replaceable>table</replaceable> had a primary key. - (Bug#10136)</para> + (Bug #10136)</para> </listitem> <listitem> <para>When used in defining a view, the <literal>TIME_FORMAT()</literal> function failed with calculated values, for example, when passed - the value returned by <literal>SEC_TO_TIME()</literal>. (Bug#7521) + the value returned by <literal>SEC_TO_TIME()</literal>. (Bug #7521) </para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem><para> @@ -309,7 +331,7 @@ An <literal>ORDER BY</literal> clause sometimes had no effect on the ordering of a result when selecting specific columns (as opposed to using <literal>SELECT *</literal>) from a view. - (Bug#7422) + (Bug #7422) </para></listitem> <listitem><para> @@ -318,27 +340,27 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> Calling a stored procedure that made use of an <literal>INSERT ... SELECT ... UNION SELECT ...</literal> query caused a server crash. - (Bug#11060) + (Bug #11060) </para></listitem> <listitem><para> Selecting from a view defined using <literal>SELECT SUM(DISTINCT ...)</literal> caused an error; attempting to execute a <literal>SELECT * FROM INFORMATION_SCHEMA.TABLES</literal> query - after defining such a view crashed the server. (Bug#7015) + after defining such a view crashed the server. (Bug #7015) </para></listitem> <listitem><para> The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -432,63 +454,63 @@ <listitem> <para>MySQL Cluster: Connections between data nodes and management nodes were not being closed following shutdown of - <literal>ndb_mgmd</literal>. (Bug#11132)</para> + <literal>ndb_mgmd</literal>. (Bug #11132)</para> </listitem> <listitem><para> MySQL Cluster: <literal>mysqld</literal> processes would not reconnect to cluster following restart of <literal>ndb_mgmd</literal>. - (Bug#11221) + (Bug #11221) </para></listitem> <listitem><para> MySQL Cluster: Fixed problem whereby data nodes would fail to - restart on 64-bit Solaris (Bug#9025) + restart on 64-bit Solaris (Bug #9025) </para></listitem> <listitem><para> MySQL Cluster: Calling <literal>ndb_select_count()</literal> crashed the cluster when running on Red Hat Enterprise - 4/64-bit/Opteron. (Bug#10058) + 4/64-bit/Opteron. (Bug #10058) </para></listitem> <listitem><para> MySQL Cluster: Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup - inconsistent if the binlog contained inserts. (Bug#11166) + inconsistent if the binlog contained inserts. (Bug #11166) </para></listitem> <listitem><para> MySQL Cluster: Cluster would time out and crash after first query - on 64-bit Solaris 9. (Bug#8918) + on 64-bit Solaris 9. (Bug #8918) </para></listitem> <listitem><para> MySQL Cluster: <literal>ndb_mgm</literal> client <literal>show</literal> command displayed incorrect output after - master data node failure. (Bug#11050) + master data node failure. (Bug #11050) </para></listitem> <listitem><para> MySQL Cluster: A delete performed as part of a transaction caused - an erroneous result. (Bug#11133) + an erroneous result. (Bug #11133) </para></listitem> <listitem><para> MySQL Cluster: Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without providing any - error messages. (Bug#10294) + error messages. (Bug #10294) </para></listitem> <listitem><para> MySQL Cluster: When using dynamically allocated ports on Linux, - cluster would hang on initial startup. (Bug#10893) + cluster would hang on initial startup. (Bug #10893) </para></listitem> <listitem><para> MySQL Cluster: Setting TransactionInactiveTimeout= 0 did not result - in an infinite timeout. (Bug#11290) + in an infinite timeout. (Bug #11290) </para></listitem> </itemizedlist> @@ -711,15 +733,6 @@ </para></listitem> <listitem><para> - Fixed server crash on Windows caused by <literal>USE - <replaceable>db_name</replaceable></literal> where - <replaceable>db_name</replaceable> is a Windows device name such as - <literal>LPT1</literal> or <literal>PRN</literal>. - (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink>) - (Bug #9148) - </para></listitem> - - <listitem><para> Triggers were not being activated for multiple-table <literal>UPDATE</literal> or <literal>DELETE</literal> statements. (Bug #5860) @@ -4295,26 +4308,46 @@ describe the issue that was fixed. Use past tense. --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para>Last insert expected from a query of the form <literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> would fail. - (Bug#9728)</para> + (Bug #9728)</para> </listitem> <listitem> <para><literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> - produced inaccurate results. (Bug#10886)</para> + produced inaccurate results. (Bug #10886)</para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> <listitem><para> @@ -4338,7 +4371,7 @@ The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -6803,7 +6836,7 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> @@ -7014,7 +7047,7 @@ If <literal>STMT_ATTR_UPDATE_MAX_LENGTH</literal> is set for a prepared statement, <literal>mysql_stmt_store_result()</literal> updates <literal>field->max_length</literal> for numeric columns - as well. (Bug#6096) + as well. (Bug #6096) </para></listitem> <listitem><para> @@ -7181,17 +7214,17 @@ <listitem><para> Fixed a bug with <literal>FOUND_ROWS()</literal> used together with - <literal>LIMIT</literal> clause in prepared statements. (Bug#6088) + <literal>LIMIT</literal> clause in prepared statements. (Bug #6088) </para></listitem> <listitem><para> Fixed a bug with <literal>NATURAL JOIN</literal> in prepared - statements. (Bug#6046). + statements. (Bug #6046). </para></listitem> <listitem><para> Fixed a bug in join of tables from different databases having - columns with identical names (prepared statements). (Bug#6050) + columns with identical names (prepared statements). (Bug #6050) </para></listitem> <listitem><para> @@ -10943,7 +10976,7 @@ <listitem><para> Fixed support for C API function <literal>mysql_list_fields()</literal>, which was accidentally - broken in 4.0.22 (Bug#6761) + broken in 4.0.22 (Bug #6761) </para></listitem> <listitem><para> @@ -11948,7 +11981,7 @@ <listitem><para> Fixed a harmless buffer overflow in <filename>replace</filename> - utility. (Bug# 3541) + utility. (Bug #3541) </para></listitem> <listitem><para> @@ -32069,23 +32102,23 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#10711) (Bug#9363) (Bug#8918) (Bug#10058) (Bug#9025) Cluster + (Bug #10711) (Bug #9363) (Bug #8918) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32343,28 +32376,28 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#9025) Data nodes failed to restart on 64-bit Solaris. + (Bug #9025) Data nodes failed to restart on 64-bit Solaris. </para></listitem> <listitem><para> - (Bug#11166) Insert records were incorrectly applied by + (Bug #11166) Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup inconsistent if the binlog contained inserts. </para></listitem> <listitem><para> - (Bug#8918) (Bug#9363) (Bug#10711) (Bug#10058) (Bug#9025) Cluster + (Bug #8918) (Bug #9363) (Bug #10711) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32372,30 +32405,30 @@ </para></listitem> <listitem><para> - (Bug#10190) When making a backup of a cluster where + (Bug #10190) When making a backup of a cluster where <literal>NumberOfReplicas</literal> was equal to 1, the backup's metadata was corrupted. (Linux) </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#11133) A delete operation performed as part of a transaction + (Bug #11133) A delete operation performed as part of a transaction caused an erroneous result. </para></listitem> <listitem><para> - (Bug#10294) Not allowing sufficient parallelism in cluster + (Bug #10294) Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without generating any error messages. </para></listitem> <listitem><para> - (Bug#11290) Setting TransactionInactiveTimeout= 0 did not result in + (Bug #11290) Setting TransactionInactiveTimeout= 0 did not result in an infinite timeout. </para></listitem> --- 1.16/refman-5.0/news.xml 2005-06-23 02:56:56 +10:00 +++ 1.17/refman-5.0/news.xml 2005-06-23 12:27:54 +10:00 @@ -264,28 +264,50 @@ <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + <emphasis role="bold">Note</emphasis>: Although this bug was + thought to be fixed previously, it was later discovered to be + present in the MySQL 5.0.7-beta release for Windows. (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para><literal>SELECT * FROM <replaceable>table</replaceable></literal> returned incorrect results when called from a stored procedure, where <replaceable>table</replaceable> had a primary key. - (Bug#10136)</para> + (Bug #10136)</para> </listitem> <listitem> <para>When used in defining a view, the <literal>TIME_FORMAT()</literal> function failed with calculated values, for example, when passed - the value returned by <literal>SEC_TO_TIME()</literal>. (Bug#7521) + the value returned by <literal>SEC_TO_TIME()</literal>. (Bug #7521) </para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem><para> @@ -309,7 +331,7 @@ An <literal>ORDER BY</literal> clause sometimes had no effect on the ordering of a result when selecting specific columns (as opposed to using <literal>SELECT *</literal>) from a view. - (Bug#7422) + (Bug #7422) </para></listitem> <listitem><para> @@ -318,27 +340,27 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> Calling a stored procedure that made use of an <literal>INSERT ... SELECT ... UNION SELECT ...</literal> query caused a server crash. - (Bug#11060) + (Bug #11060) </para></listitem> <listitem><para> Selecting from a view defined using <literal>SELECT SUM(DISTINCT ...)</literal> caused an error; attempting to execute a <literal>SELECT * FROM INFORMATION_SCHEMA.TABLES</literal> query - after defining such a view crashed the server. (Bug#7015) + after defining such a view crashed the server. (Bug #7015) </para></listitem> <listitem><para> The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -432,63 +454,63 @@ <listitem> <para>MySQL Cluster: Connections between data nodes and management nodes were not being closed following shutdown of - <literal>ndb_mgmd</literal>. (Bug#11132)</para> + <literal>ndb_mgmd</literal>. (Bug #11132)</para> </listitem> <listitem><para> MySQL Cluster: <literal>mysqld</literal> processes would not reconnect to cluster following restart of <literal>ndb_mgmd</literal>. - (Bug#11221) + (Bug #11221) </para></listitem> <listitem><para> MySQL Cluster: Fixed problem whereby data nodes would fail to - restart on 64-bit Solaris (Bug#9025) + restart on 64-bit Solaris (Bug #9025) </para></listitem> <listitem><para> MySQL Cluster: Calling <literal>ndb_select_count()</literal> crashed the cluster when running on Red Hat Enterprise - 4/64-bit/Opteron. (Bug#10058) + 4/64-bit/Opteron. (Bug #10058) </para></listitem> <listitem><para> MySQL Cluster: Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup - inconsistent if the binlog contained inserts. (Bug#11166) + inconsistent if the binlog contained inserts. (Bug #11166) </para></listitem> <listitem><para> MySQL Cluster: Cluster would time out and crash after first query - on 64-bit Solaris 9. (Bug#8918) + on 64-bit Solaris 9. (Bug #8918) </para></listitem> <listitem><para> MySQL Cluster: <literal>ndb_mgm</literal> client <literal>show</literal> command displayed incorrect output after - master data node failure. (Bug#11050) + master data node failure. (Bug #11050) </para></listitem> <listitem><para> MySQL Cluster: A delete performed as part of a transaction caused - an erroneous result. (Bug#11133) + an erroneous result. (Bug #11133) </para></listitem> <listitem><para> MySQL Cluster: Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without providing any - error messages. (Bug#10294) + error messages. (Bug #10294) </para></listitem> <listitem><para> MySQL Cluster: When using dynamically allocated ports on Linux, - cluster would hang on initial startup. (Bug#10893) + cluster would hang on initial startup. (Bug #10893) </para></listitem> <listitem><para> MySQL Cluster: Setting TransactionInactiveTimeout= 0 did not result - in an infinite timeout. (Bug#11290) + in an infinite timeout. (Bug #11290) </para></listitem> </itemizedlist> @@ -711,15 +733,6 @@ </para></listitem> <listitem><para> - Fixed server crash on Windows caused by <literal>USE - <replaceable>db_name</replaceable></literal> where - <replaceable>db_name</replaceable> is a Windows device name such as - <literal>LPT1</literal> or <literal>PRN</literal>. - (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink>) - (Bug #9148) - </para></listitem> - - <listitem><para> Triggers were not being activated for multiple-table <literal>UPDATE</literal> or <literal>DELETE</literal> statements. (Bug #5860) @@ -4295,26 +4308,46 @@ describe the issue that was fixed. Use past tense. --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para>Last insert expected from a query of the form <literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> would fail. - (Bug#9728)</para> + (Bug #9728)</para> </listitem> <listitem> <para><literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> - produced inaccurate results. (Bug#10886)</para> + produced inaccurate results. (Bug #10886)</para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> <listitem><para> @@ -4338,7 +4371,7 @@ The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -6803,7 +6836,7 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> @@ -7014,7 +7047,7 @@ If <literal>STMT_ATTR_UPDATE_MAX_LENGTH</literal> is set for a prepared statement, <literal>mysql_stmt_store_result()</literal> updates <literal>field->max_length</literal> for numeric columns - as well. (Bug#6096) + as well. (Bug #6096) </para></listitem> <listitem><para> @@ -7181,17 +7214,17 @@ <listitem><para> Fixed a bug with <literal>FOUND_ROWS()</literal> used together with - <literal>LIMIT</literal> clause in prepared statements. (Bug#6088) + <literal>LIMIT</literal> clause in prepared statements. (Bug #6088) </para></listitem> <listitem><para> Fixed a bug with <literal>NATURAL JOIN</literal> in prepared - statements. (Bug#6046). + statements. (Bug #6046). </para></listitem> <listitem><para> Fixed a bug in join of tables from different databases having - columns with identical names (prepared statements). (Bug#6050) + columns with identical names (prepared statements). (Bug #6050) </para></listitem> <listitem><para> @@ -10943,7 +10976,7 @@ <listitem><para> Fixed support for C API function <literal>mysql_list_fields()</literal>, which was accidentally - broken in 4.0.22 (Bug#6761) + broken in 4.0.22 (Bug #6761) </para></listitem> <listitem><para> @@ -11948,7 +11981,7 @@ <listitem><para> Fixed a harmless buffer overflow in <filename>replace</filename> - utility. (Bug# 3541) + utility. (Bug #3541) </para></listitem> <listitem><para> @@ -32069,23 +32102,23 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#10711) (Bug#9363) (Bug#8918) (Bug#10058) (Bug#9025) Cluster + (Bug #10711) (Bug #9363) (Bug #8918) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32343,28 +32376,28 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#9025) Data nodes failed to restart on 64-bit Solaris. + (Bug #9025) Data nodes failed to restart on 64-bit Solaris. </para></listitem> <listitem><para> - (Bug#11166) Insert records were incorrectly applied by + (Bug #11166) Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup inconsistent if the binlog contained inserts. </para></listitem> <listitem><para> - (Bug#8918) (Bug#9363) (Bug#10711) (Bug#10058) (Bug#9025) Cluster + (Bug #8918) (Bug #9363) (Bug #10711) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32372,30 +32405,30 @@ </para></listitem> <listitem><para> - (Bug#10190) When making a backup of a cluster where + (Bug #10190) When making a backup of a cluster where <literal>NumberOfReplicas</literal> was equal to 1, the backup's metadata was corrupted. (Linux) </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#11133) A delete operation performed as part of a transaction + (Bug #11133) A delete operation performed as part of a transaction caused an erroneous result. </para></listitem> <listitem><para> - (Bug#10294) Not allowing sufficient parallelism in cluster + (Bug #10294) Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without generating any error messages. </para></listitem> <listitem><para> - (Bug#11290) Setting TransactionInactiveTimeout= 0 did not result in + (Bug #11290) Setting TransactionInactiveTimeout= 0 did not result in an infinite timeout. </para></listitem> --- 1.20/refman/news.xml 2005-06-23 02:56:56 +10:00 +++ 1.21/refman/news.xml 2005-06-23 12:27:55 +10:00 @@ -264,28 +264,50 @@ <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + <emphasis role="bold">Note</emphasis>: Although this bug was + thought to be fixed previously, it was later discovered to be + present in the MySQL 5.0.7-beta release for Windows. (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para><literal>SELECT * FROM <replaceable>table</replaceable></literal> returned incorrect results when called from a stored procedure, where <replaceable>table</replaceable> had a primary key. - (Bug#10136)</para> + (Bug #10136)</para> </listitem> <listitem> <para>When used in defining a view, the <literal>TIME_FORMAT()</literal> function failed with calculated values, for example, when passed - the value returned by <literal>SEC_TO_TIME()</literal>. (Bug#7521) + the value returned by <literal>SEC_TO_TIME()</literal>. (Bug #7521) </para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem><para> @@ -309,7 +331,7 @@ An <literal>ORDER BY</literal> clause sometimes had no effect on the ordering of a result when selecting specific columns (as opposed to using <literal>SELECT *</literal>) from a view. - (Bug#7422) + (Bug #7422) </para></listitem> <listitem><para> @@ -318,27 +340,27 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> Calling a stored procedure that made use of an <literal>INSERT ... SELECT ... UNION SELECT ...</literal> query caused a server crash. - (Bug#11060) + (Bug #11060) </para></listitem> <listitem><para> Selecting from a view defined using <literal>SELECT SUM(DISTINCT ...)</literal> caused an error; attempting to execute a <literal>SELECT * FROM INFORMATION_SCHEMA.TABLES</literal> query - after defining such a view crashed the server. (Bug#7015) + after defining such a view crashed the server. (Bug #7015) </para></listitem> <listitem><para> The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -432,63 +454,63 @@ <listitem> <para>MySQL Cluster: Connections between data nodes and management nodes were not being closed following shutdown of - <literal>ndb_mgmd</literal>. (Bug#11132)</para> + <literal>ndb_mgmd</literal>. (Bug #11132)</para> </listitem> <listitem><para> MySQL Cluster: <literal>mysqld</literal> processes would not reconnect to cluster following restart of <literal>ndb_mgmd</literal>. - (Bug#11221) + (Bug #11221) </para></listitem> <listitem><para> MySQL Cluster: Fixed problem whereby data nodes would fail to - restart on 64-bit Solaris (Bug#9025) + restart on 64-bit Solaris (Bug #9025) </para></listitem> <listitem><para> MySQL Cluster: Calling <literal>ndb_select_count()</literal> crashed the cluster when running on Red Hat Enterprise - 4/64-bit/Opteron. (Bug#10058) + 4/64-bit/Opteron. (Bug #10058) </para></listitem> <listitem><para> MySQL Cluster: Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup - inconsistent if the binlog contained inserts. (Bug#11166) + inconsistent if the binlog contained inserts. (Bug #11166) </para></listitem> <listitem><para> MySQL Cluster: Cluster would time out and crash after first query - on 64-bit Solaris 9. (Bug#8918) + on 64-bit Solaris 9. (Bug #8918) </para></listitem> <listitem><para> MySQL Cluster: <literal>ndb_mgm</literal> client <literal>show</literal> command displayed incorrect output after - master data node failure. (Bug#11050) + master data node failure. (Bug #11050) </para></listitem> <listitem><para> MySQL Cluster: A delete performed as part of a transaction caused - an erroneous result. (Bug#11133) + an erroneous result. (Bug #11133) </para></listitem> <listitem><para> MySQL Cluster: Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without providing any - error messages. (Bug#10294) + error messages. (Bug #10294) </para></listitem> <listitem><para> MySQL Cluster: When using dynamically allocated ports on Linux, - cluster would hang on initial startup. (Bug#10893) + cluster would hang on initial startup. (Bug #10893) </para></listitem> <listitem><para> MySQL Cluster: Setting TransactionInactiveTimeout= 0 did not result - in an infinite timeout. (Bug#11290) + in an infinite timeout. (Bug #11290) </para></listitem> </itemizedlist> @@ -711,15 +733,6 @@ </para></listitem> <listitem><para> - Fixed server crash on Windows caused by <literal>USE - <replaceable>db_name</replaceable></literal> where - <replaceable>db_name</replaceable> is a Windows device name such as - <literal>LPT1</literal> or <literal>PRN</literal>. - (<ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink>) - (Bug #9148) - </para></listitem> - - <listitem><para> Triggers were not being activated for multiple-table <literal>UPDATE</literal> or <literal>DELETE</literal> statements. (Bug #5860) @@ -4295,26 +4308,46 @@ describe the issue that was fixed. Use past tense. --> <listitem> + <para><emphasis role="bold">Security fix</emphasis>: On Windows + systems, a user with any of the following privileges + <itemizedlist> + <listitem><para><literal>REFERENCES</literal></para></listitem> + <listitem><para><literal>CREATE TEMPORARY TABLES</literal></para></listitem> + <listitem><para><literal>GRANT OPTION</literal></para></listitem> + <listitem><para><literal>CREATE</literal></para></listitem> + <listitem><para><literal>SELECT</literal></para></listitem> + </itemizedlist> + on <literal>*.*</literal> could crash <literal>mysqld</literal> by + issuing a <literal>USE LPT1;</literal> or + <literal>USEPRN;</literal> command. In addition, any of the + commands <literal>USE NUL;</literal>, <literal>USE CON;</literal>, + <literal>USE COM1;</literal>, or <literal>USE AUX;</literal> would + report success even though the database was not in fact changed. + (Bug #9148, + <ulink url="http://cve.mitre.org/cvename.cgi?name=CAN-2005-0799">CAN-2005-0799</ulink></para> + </listitem> + + <listitem> <para>Last insert expected from a query of the form <literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> would fail. - (Bug#9728)</para> + (Bug #9728)</para> </listitem> <listitem> <para><literal>INSERT ... SELECT ... ON DUPLICATE KEY UPDATE</literal> - produced inaccurate results. (Bug#10886)</para> + produced inaccurate results. (Bug #10886)</para> </listitem> <listitem> <para><literal>SELECT DISTINCT ... GROUP BY <replaceable>constant</replaceable></literal> returned multiple - rows (it should return a single row). (Bug#8614)</para> + rows (it should return a single row). (Bug #8614)</para> </listitem> <listitem> <para>Queries of the form <literal>UPDATE ... (SELECT ... ) SET ...</literal> run on a replication master would crash all the - slaves. (Bug#10442)</para> + slaves. (Bug #10442)</para> </listitem> <listitem><para> @@ -4338,7 +4371,7 @@ The <command>mysql</command> client would output a prompt twice following input of very long strings, because it incorrectly assumed that a call to the <command>_cgets()</command> function - would clear the input buffer. (Bug#10840) + would clear the input buffer. (Bug #10840) </para></listitem> <listitem><para> @@ -6803,7 +6836,7 @@ TABLE</literal>, <literal>DROP DATABASE</literal>, and <literal>CREATE DATABASE</literal>) were not being written to the binary log after a <literal>ROLLBACK</literal>. This also caused - problems with replication. (Bug#6883) + problems with replication. (Bug #6883) </para></listitem> <listitem><para> @@ -7014,7 +7047,7 @@ If <literal>STMT_ATTR_UPDATE_MAX_LENGTH</literal> is set for a prepared statement, <literal>mysql_stmt_store_result()</literal> updates <literal>field->max_length</literal> for numeric columns - as well. (Bug#6096) + as well. (Bug #6096) </para></listitem> <listitem><para> @@ -7181,17 +7214,17 @@ <listitem><para> Fixed a bug with <literal>FOUND_ROWS()</literal> used together with - <literal>LIMIT</literal> clause in prepared statements. (Bug#6088) + <literal>LIMIT</literal> clause in prepared statements. (Bug #6088) </para></listitem> <listitem><para> Fixed a bug with <literal>NATURAL JOIN</literal> in prepared - statements. (Bug#6046). + statements. (Bug #6046). </para></listitem> <listitem><para> Fixed a bug in join of tables from different databases having - columns with identical names (prepared statements). (Bug#6050) + columns with identical names (prepared statements). (Bug #6050) </para></listitem> <listitem><para> @@ -10943,7 +10976,7 @@ <listitem><para> Fixed support for C API function <literal>mysql_list_fields()</literal>, which was accidentally - broken in 4.0.22 (Bug#6761) + broken in 4.0.22 (Bug #6761) </para></listitem> <listitem><para> @@ -11948,7 +11981,7 @@ <listitem><para> Fixed a harmless buffer overflow in <filename>replace</filename> - utility. (Bug# 3541) + utility. (Bug #3541) </para></listitem> <listitem><para> @@ -32069,23 +32102,23 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#10711) (Bug#9363) (Bug#8918) (Bug#10058) (Bug#9025) Cluster + (Bug #10711) (Bug #9363) (Bug #8918) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32343,28 +32376,28 @@ </para></listitem> <listitem><para> - (Bug#10956) More than 7 node restarts with + (Bug #10956) More than 7 node restarts with <literal>--initial</literal> caused cluster to fail. </para></listitem> <listitem><para> - (Bug#9826) (Bug #10948) Schema change (<literal>DROP + (Bug #9826) (Bug #10948) Schema change (<literal>DROP TABLE</literal>, <literal>ALTER TABLE</literal>) crashed HPUX and PPC32. </para></listitem> <listitem><para> - (Bug#9025) Data nodes failed to restart on 64-bit Solaris. + (Bug #9025) Data nodes failed to restart on 64-bit Solaris. </para></listitem> <listitem><para> - (Bug#11166) Insert records were incorrectly applied by + (Bug #11166) Insert records were incorrectly applied by <literal>ndb_restore</literal>, thus making restoration from backup inconsistent if the binlog contained inserts. </para></listitem> <listitem><para> - (Bug#8918) (Bug#9363) (Bug#10711) (Bug#10058) (Bug#9025) Cluster + (Bug #8918) (Bug #9363) (Bug #10711) (Bug #10058) (Bug #9025) Cluster would time out and crash after first query; setting DataMemory to more than 2GB prevented cluster from starting; calling <literal>ndb_select_count()</literal> crashed the cluster. (64-bit @@ -32372,30 +32405,30 @@ </para></listitem> <listitem><para> - (Bug#10190) When making a backup of a cluster where + (Bug #10190) When making a backup of a cluster where <literal>NumberOfReplicas</literal> was equal to 1, the backup's metadata was corrupted. (Linux) </para></listitem> <listitem><para> - (Bug#9945) <literal>ALTER TABLE</literal> caused server crash. + (Bug #9945) <literal>ALTER TABLE</literal> caused server crash. (Linux/390) </para></listitem> <listitem><para> - (Bug#11133) A delete operation performed as part of a transaction + (Bug #11133) A delete operation performed as part of a transaction caused an erroneous result. </para></listitem> <listitem><para> - (Bug#10294) Not allowing sufficient parallelism in cluster + (Bug #10294) Not allowing sufficient parallelism in cluster configuration (e.g. <literal>NoOfTransactions</literal> too small) caused <literal>ndb_restore</literal> to fail without generating any error messages. </para></listitem> <listitem><para> - (Bug#11290) Setting TransactionInactiveTimeout= 0 did not result in + (Bug #11290) Setting TransactionInactiveTimeout= 0 did not result in an infinite timeout. </para></listitem>
| Thread | ||
|---|---|---|
| • bk commit - mysqldoc@docsrva tree (jon:1.2859) | jon | 23 Jun |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 1.074 sec. using MySQL 5.1.14-beta-log