Log message:
Updated databases/mysql55-{client,server} to 5.5.55
---------------------------------------------------
Picks securiy part from
  https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html
-----
Security Notes

   The mysql_options() C API function now supports a
MYSQL_OPT_SSL_MODE option. The only permitted option value is
SSL_MODE_REQUIRED, to require a secure connection to the server. It
causes mysql_real_connect() to fail if an encrypted connection cannot
be obtained, without falling back to an unencrypted connection. Thus,
mysql_real_connect() returns an error if the server does not support
SSL or the client is not configured to use SSL. The client/server
exchange terminates immediately after the initial server packet has
been received if the server indicates that it does not support SSL.

   To require an encrypted connection in MySQL 5.5, the standard MySQL
client programs call mysql_options() to set MYSQL_OPT_SSL_MODE if the
--ssl-mode=REQUIRED command-line option was specified. Third-party
applications that must be able to require encrypted connections can
use the same technique. For details, see mysql_ssl_set().

   The minor C API version number was not incremented for this
change. Application programs compiled for MySQL 5.5 that require
MYSQL_OPT_SSL_MODE may fail to operate properly if the dynamic loader
provides an older client library without MYSQL_OPT_SSL_MODE. Such
applications must be written to handle this possibility by checking
whether the mysql_options() call succeeds or fails. (Bug #25575605)

Log message:
Changes 5.5.54:

Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege \ 
escalation. chown now can be used only when the target directory is /var/log. An \ 
incompatible change is that if the directory for the Unix socket file is \ 
missing, it is no longer created; instead, an error occurs. Due to these \ 
changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still \ 
used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.

Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is \ 
/var/log or /var/lib.
* Unused systemd files for SLES were removed.

Bugs Fixed

Log message:
Changes 5.5.53:
Packaging Notes
---------------
RPM packages now create the /var/lib/mysql-files directory, which is now the \ 
default value of the secure_file_priv system variable that specifies a directory \ 
for import and export operations.

Security Notes
--------------
Incompatible Change: The secure_file_priv system variable is used to limit the \ 
effect of data import and export operations.

Functionality Added or Changed
------------------------------
yaSSL was upgraded to version 2.4.2. This upgrade corrects issues with: \ 
Potential AES side channel leaks; DSA padding for unusual sizes; the \ 
SSL_CTX_load_verify_locations() OpenSSL compatibility function failing to handle \ 
long path directory names.

Log message:
Changes in MySQL 5.5.52 (2016-09-06)

Bugs Fixed
----------
Replication: mysqlbinlog --read-from-remote-server log1 log2 was opening a new \ 
connection for log2 without freeing the connection used for log1. Thanks to \ 
Laurynas Biveinis for the contribution. (Bug 81675, Bug 23540182)

For mysqld_safe, the argument to --malloc-lib now must be one of the directories \ 
/usr/lib, /usr/lib64, /usr/lib/i386-linux-gnu, or /usr/lib/x86_64-linux-gnu. In \ 
addition, the --mysqld and --mysqld-version options can be used only on the \ 
command line and not in an option file. (Bug 24464380)

It was possible to write log files ending with .ini or .cnf that later could be \ 
parsed as option files. The general query log and slow query log can no longer \ 
be written to a file ending with .ini or .cnf. (Bug 24388753)

Privilege escalation was possible by exploiting the way REPAIR TABLE used \ 
temporary files. (Bug 24388746)

Certain internal character-handling functions could fail to handle a too-large \ 
character and cause a server exit. (Bug 23296299)

A blank server name in CREATE SERVER statements produced a server exit rather \ 
than an error. (Bug 23295288)

The optimizer failed to check a function return value for an area calculation, \ 
leading to a server exit. (Bug 23280059)

A prepared statement that used a parameter in the select list of a derived table \ 
that was part of a join could cause a server exit. (Bug 22392374, Bug 24380263)

MEDIUMINT columns used in operations with long integer values could result in \ 
buffer overflow. (Bug 19984392)

EINTR handling in the client library has been fixed so that interrupted read and \ 
write calls are retried. Previously, EINTR was ignored. (Bug 82019, Bug \ 
23703570)

Log message:
Changes 5.5.51:
Bugs Fixed

Replication: When using statement-based or mixed binary logging format with \ 
--read-only=ON, it was not possible to modify temporary tables.

MySQL Server upgrades performed using RPM packages failed when upgrading from \ 
MySQL 5.1 Community to MySQL 5.5 Community or MySQL 5.1 Commercial to MySQL 5.5 \ 
Commercial.

A buffer overflow in the regex library was fixed.

Certain arguments to NAME_CONST() could cause a server exit.

Installing MySQL from a yum or zypper repository resulted in /var/log/mysqld.log \ 
being created with incorrect user and group permissions.

If a stored function updated a view for which the view table had a trigger \ 
defined that updated another table, it could fail and report an error that an \ 
existing table did not exist.

If an INSTALL PLUGIN statement contained invalid UTF-8 characters in the shared \ 
library name, it caused the server to hang (or to raise an assertion in debug \ 
builds).

For multibyte character sets, LOAD DATA could fail to allocate space correctly \ 
and ignore input rows as a result.

Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Log message:
Changes 5.5.0:

Functionality Added or Changed

The version of the tcmalloc library included in MySQL distributions was very \ 
old. It has been removed and is no longer included with MySQL.

Bugs Fixed

INSERT with ON DUPLICATE KEY UPDATE and REPLACE on a table with a foreign key \ 
constraint defined failed with an incorrect “duplicate entry” error \ 
rather than a foreign key constraint violation error.

Setting sort_buffer_size to a very large value could cause some operations to \ 
fail with an out-of-memory error.

Several potential buffer overflow issues were corrected.

If the CA certificate as given to the --ssl-ca option had an invalid path, yaSSL \ 
returned an error message different from OpenSSL. Now both return SSL connection \ 
error: SSL_CTX_set_default_verify_paths failed.

Some string functions returned one or a combination of their parameters as their \ 
result. If one of the parameters had a non-ASCII character set, the result \ 
string had the same character set, resulting in incorrect behavior when an ASCII \ 
string was expected.

A null pointer dereference of a parser structure could occur during stored \ 
procedure name validation.

mysqld_multi displayed misleading error messages when it was unable to execute \ 
my_print_defaults.

Log message:
Changes 5.5.49:

Security Notes
--------------
MySQL client programs now support an --ssl-mode option that enables you to \ 
specify the security state of the connection to the server. The default value is \ 
DISABLED (establish an unencrypted connection). --ssl-mode=REQUIRED) can be \ 
specified to require a secure connection, or fail if a secure connection cannot \ 
be obtained.

These clients support --ssl-mode: mysql, mysqladmin, mysqlcheck, mysqldump, \ 
mysqlimport, mysqlshow, mysqlpump, mysqlslap, mysqltest, mysql_upgrade.

For more information, see Command Options for Secure Connections.

Bugs Fixed

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Changes 5.5.48:
* yaSSL was upgraded to version 2.3.9. This upgrade corrects an issue in which \ 
yaSSL handled only cases of zero or one leading zeros for the key agreement \ 
instead of potentially any number, which in rare cases could cause connections \ 
to fail when using DHE cipher suites.
* The Valgrind function signature in mysql-test/valgrind.supp was upgraded for \ 
Valgrind 3.11.
* Bugs Fixed