Log message:
Update mysql5-{client,server} pacakge to 5.0.92.

Functionality added or changed:

* The time zone tables available at
  http://dev.mysql.com/downloads/timezones.html have been
  updated. These tables can be used on systems such as Windows or
  HP-UX that do not include zoneinfo files. (Bug#40230)

Bugs fixed:

* Security Fix: During evaluation of arguments to extreme-value
  functions (such as LEAST() and GREATEST()), type errors did not
  propagate properly, causing the server to crash. (Bug#55826,
  CVE-2010-3833)

* Security Fix: The server could crash after materializing a derived
  table that required a temporary table for grouping. (Bug#55568,
  CVE-2010-3834)

* Security Fix: A user-variable assignment expression that is
  evaluated in a logical expression context can be precalculated in a
  temporary table for GROUP BY. However, when the expression value is
  used after creation of the temporary table, it was re-evaluated, not
  read from the table and a server crash resulted. (Bug#55564,
  CVE-2010-3835)

* Security Fix: Joins involving a table with a unique SET column could
  cause a server crash. (Bug#54575, CVE-2010-3677)

* Security Fix: Pre-evaluation of LIKE predicates during view
  preparation could cause a server crash. (Bug#54568, CVE-2010-3836)

* Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a
  server crash. (Bug#54476, CVE-2010-3837)

* Security Fix: Queries could cause a server crash if the GREATEST()
  or LEAST() function had a mixed list of numeric and LONGBLOB
  arguments, and the result of such a function was processed using an
  intermediate temporary table. (Bug#54461, CVE-2010-3838)

* Security Fix: Using EXPLAIN with queries of the form SELECT
  ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server
  crash. (Bug#52711, CVE-2010-3682)

* InnoDB Storage Engine: Creating or dropping a table with 1023
  transactions active caused an assertion failure. (Bug#49238)

* The make_binary_distribution target to make could fail on some
  platforms because the lines generated were too long for the
  shell. (Bug#54590)

* A client could supply data in chunks to a prepared statement
  parameter other than of type TEXT or BLOB using the
  mysql_stmt_send_long_data() C API function (or
  COM_STMT_SEND_LONG_DATA command). This led to a crash because other
  data types are not valid for long data. (Bug#54041)

* Builds of the embedded mysqld would fail due to a missing element of
  the struct NET. (Bug#53908, Bug#53912)

* The definition of the MY_INIT macro in my_sys.h included an
  extraneous semicolon, which could cause compilation
  failure. (Bug#53906)

* If the remote server for a FEDERATED table could not be accessed,
  queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333)

* mysqld could fail during execution when using SSL. (Bug#34236)

* Threads that were calculating the estimated number of records for a
  range scan did not respond to the KILL statement. That is, if a
  range join type is possible (even if not selected by the optimizer
  as a join type of choice and thus not shown by EXPLAIN), the query
  in the statistics state (shown by the SHOW PROCESSLIST) did not
  respond to the KILL statement. (Bug#25421)

Log message:
Update mysql5-{client,server} package to 5.0.91.

For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.

Here is security related changes.

* Security Fix: The server failed to check the table name argument of
  a COM_FIELD_LIST command packet for validity and compliance to
  acceptable table name standards. This could be exploited to bypass
  almost all forms of checks for privileges and table-level grants by
  providing a specially crafted table name argument to COM_FIELD_LIST.

  In MySQL 5.0 and above, this allowed an authenticated user with
  SELECT privileges on one table to obtain the field definitions of
  any table in all other databases and potentially of other MySQL
  instances accessible from the server's file system.

  Additionally, for MySQL version 5.1 and above, an authenticated user
  with DELETE or SELECT privileges on one table could delete or read
  content from any other table in all databases on this server, and
  potentially of other MySQL instances accessible from the server's
  file system. (Bug#53371, CVE-2010-1848)

* Security Fix: The server was susceptible to a buffer-overflow attack
  due to a failure to perform bounds checking on the table name
  argument of a COM_FIELD_LIST command packet. By sending long data
  for the table name, a buffer is overflown, which could be exploited
  by an authenticated user to inject malicious code. (Bug#53237,
  CVE-2010-1850)

* Security Fix: The server could be tricked into reading packets
  indefinitely if it received a packet larger than the maximum size of
  one packet. (Bug#50974, CVE-2010-1849)

Log message:
Update mysql5-client and mysql5-server package to version 5.0.90.
This release many bug fixes and DoS security problem (CVE-2009-4484).

Plese refer these URL in detail.

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-89.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html

There some minor pkgsrc change to prevent compile time warnings.

Log message:
Recursive PKGREVISION bump for jpeg update to 8.

Log message:
Update "mysql5-client" and "mysql5-server" package to \ 
version 5.0.88.
This release fixes a large number of bugs and security vulnerabilities
including SA37372.

For detailed list of all the changes since 5.0.67 have a look here, please:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html

Log message:
Add a patch for CVE-2009-2446 based on the description in the report.

Log message:
Remove @dirrm entries from PLISTs

Log message:
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.

Reported by Robert Elz in PR 41345.

Log message:
Upgrade from version 5.0.67 to 5.0.67nb1.

Two changes to the rc.d script:
 1) Move the setting of pidfile to a place so that setting mysqld_datadir
    in rc.conf will actually work; otherwise, if you use a non-default
    mysqld_datadir, mysqld will not start.
 2) ad@ pointed me to http://bugs.mysql.com/bug.php?id=18526, and said
    that --skip-thread-priority should not be used on NetBSD, and the
    PR spoke about Darwin / OS/X.  I'm guessing that this might work
    if the host platform is Linux or SunOS (the latter is unconfirmed).
    So add that option to the startup in all other cases.

Log message:
Update mysql5-server pacakge to 5.0.67.

This is security fix.

For complete changes, please refer
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html.
Here is a part of it.

Functionality added or changed:

Security Enhancement:

  To enable stricter control over the location from which user-defined
  functions can be loaded, the plugin_dir system variable has been
  backported from MySQL 5.1. If the value is non-empty, user-defined
  function object files can be loaded only from the directory named by this
  variable. If the value is empty, the behavior that is used before 5.0.67
  applies: The UDF object files must be located in a directory that is
  searched by your system's dynamic linker. (Bug#37428)

Important Change: Incompatible Change:

  The FEDERATED storage engine is now disabled by default in the .cnf files
  shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
  forth). This affects server behavior only if you install one of these
  files. (Bug#37069)

Cluster API: Important Change:

  Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes
  rather than kilobytes, it has been renamed to page_size_bytes. The name
  page_size_kb is now deprecated and thus subject to removal in a future
  release, although it currently remains supported for reasons of backward
  compatibility. See The Ndb_logevent_type Type, for more information about
  NDB_LE_MemoryUsage. (Bug#30271)

Important Change:

  Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE
  with respect to detection and handling of tables with incompatible .frm
  files (files created with a different version of the MySQL server). These
  changes also affect mysqlcheck because that program uses CHECK TABLE and
  REPAIR table, and thus also mysql_upgrade because that program invokes
  mysqlcheck.