Subject: CVS commit: pkgsrc/databases
From: Adam Ciarcinski
Date: 2016-12-12 20:21:33
Message id: 20161212192133.8B54FFBA6@cvs.NetBSD.org

Log Message:
Changes 5.6.35:

Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege \ 
escalation. chown now can be used only when the target directory is /var/log. An \ 
incompatible change is that if the directory for the Unix socket file is \ 
missing, it is no longer created; instead, an error occurs. Due to these \ 
changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still \ 
used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.

Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is \ 
/var/log or /var/lib.
* Unused systemd files for SLES were removed.

* MySQL Server now includes a plugin library that enables administrators to \ 
introduce an increasing delay in server response to clients after a certain \ 
number of consecutive failed connection attempts. This capability provides a \ 
deterrent that slows down brute force attacks that attempt to access MySQL user \ 
accounts. For more information, see The Connection-Control Plugin.

* OpenSSL is ending support for version 1.0.1 in December 2016; see \ 
https://www.openssl.org/policies/releasestrat.html. Consequently, MySQL \ 
Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and \ 
the linked OpenSSL library for the MySQL Commercial Server has been updated from \ 
version 1.0.1 to version 1.0.2j. For a description of issues fixed in this \ 
version, see https://www.openssl.org/news/vulnerabilities.html.

This change does not affect the Oracle-produced MySQL Community build of MySQL \ 
Server, which uses the yaSSL library instead.

Functionality Added or Changed
------------------------------
* InnoDB: By default, InnoDB reads uncommitted data when calculating statistics. \ 
In the case of an uncommitted transaction that deletes rows from a table, InnoDB \ 
excludes records that are delete-marked when calculating row estimates and index \ 
statistics, which can lead to non-optimal execution plans for other transactions \ 
that are operating on the table concurrently using a transaction isolation level \ 
other than READ UNCOMMITTED. To avoid this scenario, a new configuration option, \ 
innodb_stats_include_delete_marked, can be enabled to ensure that InnoDB \ 
includes delete-marked records when calculating persistent optimizer statistics. \ 
(Bug 23333990)
* Unit testing now uses Google Mock 1.8. (Bug 24572381, Bug 82823)

Bugs Fixed

Files:
RevisionActionfile
1.38modifypkgsrc/databases/mysql56-client/Makefile.common
1.40modifypkgsrc/databases/mysql56-client/distinfo
1.28modifypkgsrc/databases/mysql56-server/PLIST