-----BEGIN PGP SIGNED MESSAGE-----
MySQL 4.0.24, a new version of the popular Open Source/Free Software
Database Management System, has been released. It is now available in
source and binary form for a number of platforms from our download pages
at http://dev.mysql.com/downloads/ and mirror sites.
Note that not all mirror sites may be up to date at this point in time -
if you can't find this version on some mirror, please try again later or
choose another download site.
This is a bugfix release for the recent production version. It also
includes fixes for recently reported potential security vulnerabilites in
the creation of temporary table file names and the handling of User
Defined Functions (UDFs). We would like to thank Stefano Di Paola
<stefano.dipaola@stripped> for finding and reporting these to us.
Note that these changes affect the way in which User Defined Functions
(UDF) are loaded. Please refer to the section "User-defined Function
Security Precautions" in the manual:
Please refer to our bug database at http://bugs.mysql.com/ for more
details about the individual bugs fixed in this version.
News from the ChangeLog:
Functionality added or changed:
* Security improvement: The server creates `.frm', `.MYD', `.MYI',
`.MRG', `.ISD', and `.ISM' table files only if a file with the
same name does not already exist.
* Security improvement: User-defined functions should have at least
one symbol defined in addition to the `xxx' symbol that
corresponds to the main `xxx()' function. These auxiliary symbols
correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()',
`xxx_clear()', and `xxx_add()' functions. `mysqld' by default no
longer loads UDFs unless they have at least one auxiliary symbol
defined in addition to the main symbol.
The '--allow-suspicious-udfs' option controls
whether UDFs that have only an `xxx' symbol can be loaded. By
default, the option is off. `mysqld' also checks UDF filenames
when it reads them from the `mysql.func' table and rejects those
that contain directory pathname separator characters. (It already
checked names as given in `CREATE FUNCTION' statements.)
See the section in the manual on writing UDFs.
* `InnoDB': Added configuration option and settable global variable
`innodb_autoextend_increment' for setting the size in megabytes by
which `InnoDB' tablespaces are extended when they become full. The
default value is 8, corresponding to the fixed increment of 8MB in
previous versions of MySQL.
* InnoDB: Do not acquire an internal `InnoDB' table lock in `LOCK
TABLES' if `AUTOCOMMIT=1'. This helps in porting old `MyISAM'
applications to `InnoDB'. `InnoDB' table locks in that case caused
deadlocks very easily.
* `FOUND_ROWS()' returned an incorrect value after a `SELECT
SQL_CALC_FOUND_ROWS DISTINCT' statement that selected constants
and included `GROUP BY' and `LIMIT' clauses. (Bug #7945)
* Queries of the form `(SELECT ...) ORDER BY ...' were being treated
as a `UNION'. This improperly resulted in only distinct values
being returned (because `UNION' by default eliminates.) (Bug #7672)
* Index cardinality was not being updated properly for `TEMPOARY'
tables under some circumstances, such as `CREATE TABLE ... SELECT'
followed by `ANALYZE TABLE'. (Bug #7519)
* Fixed a server crash caused by `DELETE FROM TBL_NAME ... WHERE
... ORDER BY TBL_NAME.COL_NAME' when the `ORDER BY' column was
qualified with the table name. (Bug #8392)
* Fixed a bug in `MATCH ... AGAINST' in natural language mode that
could cause a server crash if the `FULLTEXT' index was not used in
a join (`EXPLAIN' did not show `fulltext' join mode) and the
search query matched no rows in the table (Bug #8522).
* Platform and architecture information in version information
produced for `--version' option on Windows was always `Win95/Win98
(i32)'. More accurately determine platform as `Win32' or `Win64'
for 32-bit or 64-bit Windows, and architecture as `ia32' for x86,
`ia64' for Itanium, and `axp' for Alpha. (Bug #4445)
* `InnoDB': Honor the `--tmpdir' startup option when creating
temporary files. Previously, `InnoDB' temporary files were always
created in the temporary directory of the operating system. On
Netware, `InnoDB' will continue to ignore `--tmpdir'. (Bug #5822)
* Fixed an optimization problem that allowed a negative number to be
stored in a `DOUBLE UNSIGNED' column when it was assigned a value
from a signed `DOUBLE' column. (Bug #7700)
* Fixed a failure of multiple-table updates to replicate properly on
slave servers when `--replicate-*-table' options had been
specified. (Bug #7011)
* Renamed `set_bit()' and `clear_bit()' functions in source code to
avoid a conflict with functions of the same names in Linux kernel
header files. (Bug #7971)
* Part of the information being used to cache access-permission
lookups was not always reinitialized properly, particularly for
connections from localhost on Windows. The result was connection
failures that appeared to occur randomly. (Bug #5569)
* Corrected a problem with the `QUOTE()' function returning bad
results. (Bug #8248)
* Fixed a problem where `INSERT INTO ...SELECT' failed when the
source and target table were the same. (Bug #6034)
* Fixed a problem where RPM installation on Linux as a
non-privileged user would result in incomplete installation. (Bug
* Change thread stack size used for building Linx RPM distributions
to avoid warnings about stack size during server startup. (Bug
* InnoDB: Use native `tmpfile()' function on Netware. All InnoDB
temporary files are created under `sys:\tmp'. Previously, InnoDB
temporary files were never deleted on Netware.
* Fixed a symlink vulnerability in the `mysqlaccess' script.
Reported by Javier Fernandez-Sanguino Pena and Debian Security
Audit Team (http://www.debian.org/security/audit). (CAN-2005-0004
* Fixed support for C API function `mysql_list_fields()', which was
accidentally broken in 4.0.22 (Bug#6761)
* Make `query_cache_wlock_invalidate' system variable visible in
`SHOW VARIABLES' output. (Bug #7594)
* Fixed a bug which caused `FROM_UNIXTIME()' function to return
`NULL' for zero argument instead of the Epoch. (Bug #7515)
* Now in datetime values two digit year is interpreted as year in
20th or 21st century even with zero month and day. (Bug #7297)
* Fixed a bug in `QUOTE' function when used in conjunction with some
other string functions. This lead to severe buffer overflow and
server crashing. (Bug #7495)
* InnoDB: Fixed a bug: 32-bit `mysqld' binaries built on HP-UX-11 did
not work with `InnoDB' files greater than 2 GB in size. (Bug #6189)
* Fixed that, when encountering a "disk full" or "quota exceeded"
write error, `MyISAM' sometimes didn't sleep and retry the write,
thus resulting in a corrupted table. (Bug #7714)
* Fixed that a slave could crash after replicating many `ANALYZE
TABLE', `OPTIMIZE TABLE', or `REPAIR TABLE' statements from the
master. (Bug #6461, Bug #7658)
* Fixed a bug where MySQL was allowing concurrent updates (inserts,
deletes) to a table if binary logging is enabled. Changed to
ensure that all updates are executed in a serialized fashion,
because they are executed serialized when binlog is replayed. (Bug
* Fixed a bug that caused the slave to stop on statements that
produced an error on the master. (Bug #8412)
* Documented problem with using `mysqldump' in 4.0.x to dump
`TIMESTAMP(2)' and `TIMESTAMP(4)' column types. (Bug #6530)
Lenz Grimmer <lenz@stripped>
Senior Production Engineer
MySQL GmbH, http://www.mysql.de/
Are you MySQL certified? http://www.mysql.com/certification/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
|• MySQL 4.0.24 has been released||Lenz Grimmer||11 Mar|