Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/databases
From: S.P.Zeidler
Date: 2017-07-29 22:10:59
Message id: 20170729201059.2AACBFACD@cvs.NetBSD.org

Log Message:
Pullup ticket #5525 - requested by taca
databases/mysql56-client: security update
databases/mysql56-server: security update

Revisions pulled up:
- databases/mysql55-client/Makefile                             1.25
- databases/mysql55-client/Makefile.common                      1.41
- databases/mysql55-client/distinfo                             1.43
- databases/mysql55-server/Makefile                             1.33
- databases/mysql55-server/PLIST                                1.30

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Jul 19 18:48:22 UTC 2017

   Modified Files:
   	pkgsrc/databases/mysql55-client: Makefile Makefile.common distinfo
   	pkgsrc/databases/mysql55-server: Makefile PLIST
   	pkgsrc/databases/mysql56-client: Makefile Makefile.common distinfo
   	pkgsrc/databases/mysql56-server: Makefile PLIST

   Log Message:
   Security Notes
   * Security Fix: The linked OpenSSL library for the MySQL Commercial Server \ 
has been updated to version 1.0.2l. Issues fixed in the new OpenSSL version are \ 
described at http://www.openssl.org/news/vulnerabilities.html.
     This change does not affect the Oracle-produced MySQL Community build of \ 
MySQL Server, which uses the yaSSL library instead.

   Platform-Specific Notes
   * Linux: The generic Linux build for MySQL 5.6 is now built on Oracle Linux 6 \ 
using glibc 2.12. Systems that use the build need to have glibc 2.12 or later \ 
installed on them.

   Functionality Added or Changed
   * For Windows, MSI installer packages now include a check for the required \ 
Visual Studio redistributable package, and produce a message asking the user to \ 
install it if it is missing.
   * The mysql client now supports a --binary-as-hex option that causes display \ 
of binary data using hexadecimal notation (0xvalue). Thanks to Daniƫl van Eeden \ 
for the patch.
   * mysqlaccess now looks for its configuration file only in the SYSCONFDIR \ 
directory and /etc.

   Bugs Fixed
   * InnoDB: The server allocated memory unnecessarily for an operation that \ 
rebuilt the table.
   * InnoDB: When using an index merge optimizer switch, a SELECT COUNT(*) \ 
operation sometimes returned 0. Partitioning code incorrectly performed a memcpy \ 
instead of a column copy of columns read by the index, causing the wrong records \ 
to be copied.
   * Replication: A USE statement that followed a SET GTID_NEXT statement \ 
sometimes had no effect.
   * Replication: If the binary log on a master server was rotated and a full \ 
disk condition occurred on the partition where the binary log file was being \ 
stored, the server could stop unexpectedly. The fix adds a check for the \ 
existence of the binary log when the dump thread switches to next binary log \ 
file. If the binary log is disabled, all binary logs up to the current active \ 
log are transmitted to slave and an error is returned to the receiver thread.
   * Replication: If a relay log index file named relay log files that did not \ 
exist, RESET SLAVE ALL sometimes did not fully clean up properly.
   * Replication: mysqlbinlog, if invoked with the --raw option, does not flush \ 
the output file until the process terminates. But if also invoked with the \ 
--stop-never option, the process never terminates, thus nothing is ever written \ 
to the output file. Now the output is flushed after each event.
   * Replication: A memory leak in mysqlbinlog was fixed. The leak happened when \ 
processing fake rotate events, or when using --raw and the destination log file \ 
could not be created. The leak only occurred when processing events from a \ 
remote server. Thanks to Laurynas Biveinis for his contribution to fixing this \ 
bug.
   * Replication: Multi-threaded slaves could not be configured with small queue \ 
sizes using slave_pending_jobs_size_max if they ever needed to process \ 
transactions larger than that size. Any packet larger than \ 
slave_pending_jobs_size_max was rejected with the error \ 
ER_MTS_EVENT_BIGGER_PENDING_JOBS_SIZE_MAX, even if the packet was smaller than \ 
the limit set by slave_max_allowed_packet.
   * With this fix, slave_pending_jobs_size_max becomes a soft limit rather than \ 
a hard limit. If the size of a packet exceeds slave_pending_jobs_size_max but is \ 
less than slave_max_allowed_packet, the transaction is held until all the slave \ 
workers have empty queues, and then processed. All subsequent transactions are \ 
held until the large transaction has been completed. The queue size for slave \ 
workers can therefore be limited while still allowing occasional larger \ 
transactions.
   * mysqldump could write database names in USE statements incorrectly.
   * If the mysql_stmt_close() C API function was called, it freed memory that \ 
later could be accessed if mysql_stmt_error(), mysql_stmt_errno(), or \ 
mysql_stmt_sqlstate() was called. To obtain error information after a call to \ 
mysql_stmt_close(), call mysql_error(), mysql_errno(), or mysql_sqlstate() \ 
instead.
   * Queries could be cached incorrectly, leading to incorrect query results, \ 
under these circumstances: InnoDB table; rows are being inserted but have not \ 
yet been committed; a query uses the table as a base table in a derived table; \ 
the optimizer chooses to materialize the derived table.
   * Man pages for a few utilities were missing from Debian/Ubuntu packages.
   * The field-t unit test failed to run with AddressSanitizer enabled. Thanks \ 
to Laurynas Biveinis for the patch.
   * Debian client packages were missing information about conflicts with native \ 
packages.
   * The Perl path in #! lines at the beginning of Perl scripts has been \ 
adjusted to /usr/local/bin/perl for FreeBSD 11.
   * The server exited abnormally attempting to access invalid memory.
   * A race condition could occur for CREATE TABLE statements with DATA \ 
DIRECTORY or INDEX DIRECTORY clauses.
   * MySQL compilation in different directories produced different builds to \ 
leakage of absolute paths into debug information and __FILE__.
   * mysqld_failed to start the server if the --datadir option was specified \ 
with a relative path name.
   * With read_only enabled, creation of non-TEMPORARY tables by non-SUPER users \ 
was permitted under certain conditions.
   *Certain stored functions, if used in a query WHERE clause, could be handled \ 
using Index Condition Pushdown (which should not happen), resulting in a server \ 
exit.
   * On x86 machines, the uint3korr() macro read 4 bytes of data instead of the \ 
intended 3 bytes.
   * An assertion was raised during a fetch operation by the memcached plugin.
   * Queries that contained UNION in a subquery and GROUP BY could return \ 
incorrect results.
   * LOAD XML INFILE performance became noticeably slower when the XML file \ 
being read contained a great many spaces, such as those introduced by indenting \ 
or pretty-printing. Now all leading whitespace is trimmed from each such value \ 
before reading it into memory.

   To generate a diff of this commit:

   cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mysql56-client/Makefile
   cvs rdiff -u -r1.40 -r1.41 pkgsrc/databases/mysql56-client/Makefile.common
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/databases/mysql56-client/distinfo
   cvs rdiff -u -r1.32 -r1.33 pkgsrc/databases/mysql56-server/Makefile
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/databases/mysql56-server/PLIST

Files:
RevisionActionfile
1.24.8.1modifypkgsrc/databases/mysql56-client/Makefile
1.40.2.1modifypkgsrc/databases/mysql56-client/Makefile.common
1.42.2.1modifypkgsrc/databases/mysql56-client/distinfo
1.32.2.1modifypkgsrc/databases/mysql56-server/Makefile
1.29.2.1modifypkgsrc/databases/mysql56-server/PLIST