Path to this page:
Subject: CVS commit: pkgsrc/databases
From: Adam Ciarcinski
Date: 2016-12-12 20:21:33
Message id: 20161212192133.8B54FFBA6@cvs.NetBSD.org
Log Message:
Changes 5.6.35:
Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege \
escalation. chown now can be used only when the target directory is /var/log. An \
incompatible change is that if the directory for the Unix socket file is \
missing, it is no longer created; instead, an error occurs. Due to these \
changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still \
used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.
Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is \
/var/log or /var/lib.
* Unused systemd files for SLES were removed.
* MySQL Server now includes a plugin library that enables administrators to \
introduce an increasing delay in server response to clients after a certain \
number of consecutive failed connection attempts. This capability provides a \
deterrent that slows down brute force attacks that attempt to access MySQL user \
accounts. For more information, see The Connection-Control Plugin.
* OpenSSL is ending support for version 1.0.1 in December 2016; see \
https://www.openssl.org/policies/releasestrat.html. Consequently, MySQL \
Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and \
the linked OpenSSL library for the MySQL Commercial Server has been updated from \
version 1.0.1 to version 1.0.2j. For a description of issues fixed in this \
version, see https://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL \
Server, which uses the yaSSL library instead.
Functionality Added or Changed
------------------------------
* InnoDB: By default, InnoDB reads uncommitted data when calculating statistics. \
In the case of an uncommitted transaction that deletes rows from a table, InnoDB \
excludes records that are delete-marked when calculating row estimates and index \
statistics, which can lead to non-optimal execution plans for other transactions \
that are operating on the table concurrently using a transaction isolation level \
other than READ UNCOMMITTED. To avoid this scenario, a new configuration option, \
innodb_stats_include_delete_marked, can be enabled to ensure that InnoDB \
includes delete-marked records when calculating persistent optimizer statistics. \
(Bug 23333990)
* Unit testing now uses Google Mock 1.8. (Bug 24572381, Bug 82823)
Bugs Fixed
Files: