SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mysql-5.5.39-0.11.3.x86_64.rpm :
Fri Aug 15 14:00:00 2014 drahtAATTsuse.de
- upgrade to version 5.5.39, fixing the following CVE IDs:
CVE-2014-2484 CVE-2014-4258 CVE-2014-4260 CVE-2014-2494
CVE-2014-4238 CVE-2014-4207 CVE-2014-4233 CVE-2014-4240
CVE-2014-4214 CVE-2014-4243 [bnc#887580]
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- obsoleted patches:

* mysql-community-server-5.1.31-shebang.patch
changes were merged upstream

Sat Apr 26 14:00:00 2014 drahtAATTsuse.de
- update to version 5.5.37, fixing the following CVE IDs:
CVE-2014-2444 - InnoDB - 5.6.15 and earlier
CVE-2014-2436 - RBR - 5.5.36 and earlier, 5.6.16 and earlier
CVE-2014-2440 - Client - 5.5.36 and earlier, 5.6.16 and earlier
CVE-2014-2434 - DML - 5.6.15 and earlier
CVE-2014-2435 - InnoDB - 5.6.16 and earlier
CVE-2014-2442 - MyISAM - 5.6.15 and earlier
CVE-2014-2450 - Optimizer - 5.6.15 and earlier
CVE-2014-2419 - Partition - 5.5.35 and earlier, 5.6.15 and earlier
CVE-2014-0384 - XML - 5.5.35 and earlier, 5.6.15 and earlier
CVE-2014-2430 - Performance Schema - 5.5.36 and earlier, 5.6.16 and earlier
CVE-2014-2451 - Privileges - 5.6.15 and earlier
CVE-2014-2438 - Replication - 5.5.35 and earlier, 5.6.15 and earlier
CVE-2014-2432 - Federated - 5.5.35 and earlier, 5.6.15 and earlier
CVE-2014-2431 - Options - 5.5.36 and earlier, 5.6.16 and earlier
Further information is not disclosed!
[bnc#873896]
Addressed as well are:
CVE-2013-4316
CVE-2013-5860
CVE-2013-5881
CVE-2013-5882
CVE-2013-5891
CVE-2013-5894
CVE-2013-5908
CVE-2014-0001
CVE-2014-0386
CVE-2014-0393
CVE-2014-0401
CVE-2014-0402
CVE-2014-0412
CVE-2014-0420
CVE-2014-0427
CVE-2014-0430
CVE-2014-0431
CVE-2014-0433
CVE-2014-0437
from [bnc#858823] and [bnc#861493]
- set secure_file_priv in /etc/mysql/secure_file_priv.conf and do
not touch /etc/my.cnf . [bnc#857678]

Mon Sep 9 14:00:00 2013 mhruseckyAATTsuse.cz
- fix wrong sed to comment out skip-locking option (bnc#838479)

Fri Aug 30 14:00:00 2013 mhruseckyAATTsuse.cz
- better README.SuSE file
- updated to 5.5.33
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-33.html

* maintenance update

* mysql-5.5-dump.patch not needed anymore as it is fixed now
- fixed error in forced upgrade detection (bnc#837801)

* rewrote it to be more reliable
- readded info file back

Tue Aug 13 14:00:00 2013 mhruseckyAATTsuse.cz
- fix hardcoded plugin paths (bnc#834028)
- fixed !include_dir vs !includedir typo in my.cnf (bnc#734436)

Tue Aug 13 14:00:00 2013 mhruseckyAATTsuse.cz
- chown --no-dereference instead of chown to improve security

* similar issue as CVE-2013-1976

* bnc#834967

Fri Aug 2 14:00:00 2013 mhruseckyAATTsuse.cz
- get rid of info which is not info (bnc#747811)
- minor polishing of spec/installation
- avoiding file conflicts with mytop
- better fix for hardcoded libdir issue

Fri Jun 7 14:00:00 2013 mhruseckyAATTsuse.com
- making mysqldump work with MySQL 5.0 (bnc#768832)
- fixed log rights (bnc#789263,bnc#803040,bnc#792332)
- binlog disabled in default configuration (bnc#791863)
- fixed dependencies for client package (bnc#780019)
- updated to 5.5.32 (bnc#830086), see
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html
CVE-2013-1861 CVE-2013-3783 CVE-2013-3793 CVE-2013-3794
CVE-2013-3795 CVE-2013-3796 CVE-2013-3798 CVE-2013-3801
CVE-2013-3802 CVE-2013-3804 CVE-2013-3805 CVE-2013-3806
CVE-2013-3807 CVE-2013-3808 CVE-2013-3809 CVE-2013-3810
CVE-2013-3811 CVE-2013-3812

Mon Apr 29 14:00:00 2013 mhruseckyAATTsuse.com
- upgrade messages is shown even without mysql_upgrade_info

Fri Apr 26 14:00:00 2013 mhruseckyAATTsuse.com
- fixed upgrade script to work even with secured databases

Thu Apr 25 14:00:00 2013 mhruseckyAATTsuse.com
- using default datadir value in %post when autodetect fails

Wed Apr 24 14:00:00 2013 mhruseckyAATTsuse.com
- updated to version 5.5.31, see
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html
- not disabling compression thought
- update message to warn people even more prominently

Mon Mar 25 13:00:00 2013 mhruseckyAATTsuse.cz
- add support for TYPE syntax (backward compatibility)

Fri Mar 22 13:00:00 2013 mhruseckyAATTsuse.cz
- ignoring config file when running upgrade in rc script

Thu Mar 21 13:00:00 2013 mhruseckyAATTsuse.cz
- fixing possible race during mysql_upgrade in rc script
- making first run of mysql_upgrade informative

Mon Mar 18 13:00:00 2013 mhruseckyAATTsuse.cz
- making sure that rpm returns success even if it can\'t restart
database due to the needed of upgrade

Tue Mar 5 13:00:00 2013 mhruseckyAATTsuse.cz
- automatically comment \'skip-locking\' and \'skip-federated\'
- making sure not to skip upgrade if unexpected error occurs

Mon Feb 11 13:00:00 2013 mhruseckyAATTsuse.cz
- make sure libdir prefix is correct (fixes build on s390x)

Fri Feb 8 13:00:00 2013 mhruseckyAATTsuse.cz
- don\'t change permissions to datadir during start
- setting default mode for /var/lib/mysql to 755

Thu Feb 7 13:00:00 2013 mhruseckyAATTsuse.cz
- making sure that socket is in /var/lib/mysql
- hotcopy moved to client and perror to server for consistency

Thu Feb 7 13:00:00 2013 mhruseckyAATTsuse.cz
- updated to version 5.5.30, see
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html

Wed Jan 9 13:00:00 2013 mhruseckyAATTsuse.cz
- upgraded from 5.0.x to version 5.5.29 (fate#314322)
- see

* 5.0 -> 5.1 series
https://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html

* 5.1 -> 5.5 series
https://dev.mysql.com/doc/refman/5.5/en/upgrading-from-previous-series.html

Fri Dec 21 13:00:00 2012 mhruseckyAATTsuse.cz
- fixed CVE-2012-5611 (bnc#792444)

Tue Jul 31 14:00:00 2012 mhruseckyAATTsuse.cz
- fixed init script to stop even deleted MySQL (bnc#769062)

Mon Jun 11 14:00:00 2012 mhruseckyAATTsuse.cz
- fixed security issue CVE-2012-2122 (bnc#765092)

Tue Apr 24 14:00:00 2012 mhruseckyAATTsuse.cz
- updated to version 5.0.96, see
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html
- many important fixes, among others:

* CVE-2009-5026 (bnc#726602)

* several other security issues (bnc#742272)
- readd missing prerequires (bnc#737653)

Mon Mar 12 13:00:00 2012 mhruseckyAATTsuse.cz
- updated to version 5.0.95
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-95.html

Wed Feb 1 13:00:00 2012 mhruseckyAATTsuse.cz
- adding missing Prereq: pwdutils (bnc#742835)

Wed Sep 7 14:00:00 2011 mhruseckyAATTsuse.cz
- updated from version 5.0.67 to 5.0.94 (bnc#694232) see
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html

Tue Jul 5 14:00:00 2011 mhruseckyAATTsuse.cz
- perror is part of mysql package (fate#311867)
- mysqlhotcopy part of mysql-client package (fate#310514)

Tue May 24 14:00:00 2011 mhruseckyAATTsuse.cz
- fixed various security issues (bnc#644864)
CVE-2010-3833, CVE-2010-3834, CVE-2010-3835,
CVE-2010-3836, CVE-2010-3837, CVE-2010-3838,
CVE-2010-3839, CVE-2010-3840

Mon Sep 27 14:00:00 2010 mhruseckyAATTsuse.cz
- fixed various security issues (bnc#637499)

Tue Sep 7 14:00:00 2010 mhruseckyAATTsuse.cz
- fixed various security issues:

* bnc#607466 - CVE-2010-1626

* bnc#609551 - CVE-2010-1848, CVE-2010-1849, CVE-2010-1850

Thu Jan 28 13:00:00 2010 mhruseckyAATTsuse.cz
- fixed PPC problems with stack found in bnc#557669

Wed Jan 20 13:00:00 2010 mhruseckyAATTsuse.cz
- fixed two broken tests (variables-big & symlink) reported in
bnc#557669
- fixed CVE-2009-4484 (upstream #50227, bnc#567977, swamp#29870)
- security against yaSSL which is disabled in our binaries

Tue Dec 1 13:00:00 2009 mhruseckyAATTsuse.cz
- fixing various security issues (bnc#557669)
- upstream #47320 - checking server certificates (CVE-2009-4028)
- upstream #48291 - error handling in subqueries (CVE-2009-4019)
- upstream #47780 - preserving null_value flag in GeomFromWKB()
(CVE-2009-4019)
- upstream #39277 - symlink behaviour fixed (CVE-2008-7247)
- upstream #32167 - symlink behaviour refixed (CVE-2009-4030)

Mon Jul 13 14:00:00 2009 mhruseckyAATTsuse.cz
- fixed post auth format string vulnerability
(bnc#520608 and CVE-2009-2446)

Fri Jul 10 14:00:00 2009 mhruseckyAATTsuse.cz
- fixed cross-site scripting vulnerability in the command-line client
(bnc#497546 and CVE-2008-4456)

Wed Jan 7 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Thu Oct 23 14:00:00 2008 mmarekAATTsuse.cz
- fix mysql_install_db when the hostname is \'localhost\'
(bnc#429618, mysql#35754)

Thu Sep 25 14:00:00 2008 mmarekAATTsuse.cz
- build -max and -debug with --with-big-tables and archive, csv,
example, blackhole and federated engines to match the binary
builds provided by MySQL (bnc#427384)

Fri Sep 12 14:00:00 2008 mmarekAATTsuse.cz
- better fix for CVE-2008-2079 (bnc#425079, mysql#32167)

Fri Sep 12 14:00:00 2008 mmarekAATTsuse.de
- remove no longer needed s390 workaround

Tue Sep 2 14:00:00 2008 mmarekAATTsuse.cz
- fix mysql_config --libs output (bnc#420313, mysql#39175)

Mon Aug 25 14:00:00 2008 mmarekAATTsuse.cz
- updated to 5.0.67, for changes see
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html

Mon Aug 18 14:00:00 2008 mmarekAATTsuse.de
- add Required-Stop: $network $remote_fs to the init script

Fri May 30 14:00:00 2008 mmarekAATTsuse.cz
- fix a race in rcmysql restart between the old mysql removing it\'s
pid file and exiting - use checkproc -p (bnc#359522, bnc#332530,
[#395710])

Thu May 22 14:00:00 2008 mmarekAATTsuse.cz
- increase timeout in rcmysql stop, should fix failed restarts
(bnc#359522, bnc#332530)

Mon May 19 14:00:00 2008 mmarekAATTsuse.cz
- fixed a privilege bypass with DATA/INDEX DIRECTORY
(bnc#387746, mysql#32167, CVE-2008-2079)

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Fri Mar 14 13:00:00 2008 mmarekAATTsuse.cz
- fixed mysqld_multi.patch (bnc#371000)

Fri Mar 14 13:00:00 2008 mmarekAATTsuse.cz
- add \'user = mysql\' to mysqld_multi example groups

Fri Mar 14 13:00:00 2008 mmarekAATTsuse.cz
- synced with server:database:mysql51
- dropped README.SUSE (bnc#357634)
- moved mysql_upgrade to the server package (bnc#366820)
- adjusted license tags
- finally convert err-log to log-error in my.cnf
- Added multi database support by
o updating /etc/init.d/mysql, it has now 2 legs the existing one to start
a single database, and a new one to start and stop multiple database.
o Added a sysconfig variable
o Updated /etc/my.cnf with some examples database configurations
(Done by Richard Bos, minor edits by me, bnc#353120)

Tue Feb 26 13:00:00 2008 mmarekAATTsuse.cz
- updated to 5.0.51a

* incorporates previous security fixes

Fri Jan 4 13:00:00 2008 mmarekAATTsuse.cz
- updated to 5.0.51

* statements that contain unclosed /
*-comments now are rejected
with a syntax error [mysql#28779]

* server parser performance improvements [mysql#30625,
mysql#30237]

* security fix: CVE-2007-5969 / mysql#32111

* for a full list of changes, see
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
- fixed CVE-2007-6303 / mysql#29908
- fixed CVE-2007-6304 / mysql#29801
- fixed several testsuite failures
(mybug25359.patch, mybug32458.patch, mybug33050.patch)

Wed Dec 26 13:00:00 2007 crrodriguezAATTsuse.de
- fix library-without-ldconfig-postun

Thu Nov 8 13:00:00 2007 mmarekAATTsuse.cz
- avoid using distributed pregenerated files instead of
files generated in the builddirs

Fri Aug 31 14:00:00 2007 mmarekAATTsuse.cz
- make sure mysql-shared is replaced by libmysqlclient15 when
updating from 10.1 or 10.2 [#306556]

Wed Aug 29 14:00:00 2007 mmarekAATTsuse.cz
- fix for http://bugs.mysql.com/30069
(thanks to Richard Guenther)

Tue Aug 21 14:00:00 2007 mmarekAATTsuse.cz
- make TMPDIR relative to datadir= setting in /etc/my.cnf
- add a hint about changing datadir to rcmysql [#285076]

Fri Jul 27 14:00:00 2007 mmarekAATTsuse.cz
- updated to 5.0.45, for changes see
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html

Mon Jul 2 14:00:00 2007 mmarekAATTsuse.cz
- mysql_upgrade: don\'t fail if the db is already up-to-date
[#287209] (mysql_upgrade-exit-status.patch)

Mon Jun 4 14:00:00 2007 mmarekAATTsuse.cz
- updated the mysql-test package (there are still some failures
that don\'t occur during build-time tests)
- use a new version of the mysql_upgrade program, which finally
handles errors from /usr/bin/mysql correctly

Fri Jun 1 14:00:00 2007 mmarekAATTsuse.cz
- fixed build for older distributions in the buildservice

Tue May 29 14:00:00 2007 mmarekAATTsuse.de
- run ldconfig in %%post of library packages
- don\'t copy example my.cnf files to /usr/share/doc (they\'re
already installed in /usr/share/mysql
- fixed libmysqlclient-devel dependencies

Mon May 28 14:00:00 2007 mmarekAATTsuse.cz
- updated to 5.0.41, for changes see
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-37.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-41.html
- fixed --with testsuite build [#252630]
- renamed subpackages according to library packaging policy:
mysql-shared -> libmysqlclient15, libmysqlclient_r15
mysql-devel -> libmysqlclient-devel (pulls in both flavors)
- increased rcmysql start timeout to 30 seconds, don\'t return
failure if mysql doesn\'t start early enough (except for update
case) [#273938]

Thu Mar 29 14:00:00 2007 mmarekAATTsuse.de
- BuildRequires fixes:
+ ncurses-devel
+ zlib-devel
+ procps (configure needs /bin/ps)
+ pwdutils (to be able to install the package in the build root)
+ use sed instead of ex in the s390 workaround
- build with -DFORCE_INIT_OF_VARS to get rid of some uninitialized
variable warnings

Mon Mar 12 13:00:00 2007 mmarekAATTsuse.cz
- added openssl-devel to Requires: of mysql-devel to fix build of
packages using mysql-devel

Thu Feb 22 13:00:00 2007 mmarekAATTsuse.cz
- updated to 5.0.33, see
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-33.html
for a list of changes
- added SuSEfirewall2 description file [#246917]
- print a friendly message about \"Duplicate column\" errors in
mysql_upgrade
[#228248] (mysql_upgrade.patch)
- fixed a typo in /etc/logrotate/mysql [#244620]
- build the client, libraries and the Max server with OpenSSL
support (FIXME: not yet tested, there are some failures in the
testsuite)
- don\'t package the PDF manual (it\'s constantly out of date and it
might make more sense to create a noarch mysql-manual.rpm or just
point users to http://dev.mysql.com/doc/ instead)
- don\'t link libmysql to the various client binaries statically
- created a new mysql-tools subpackage with scripts / binaries
that aren\'t essential for the client and server packages and
bring additional deps (perl-DBD-mysql namely)
- use VPATH builds for building the different server versions for
easier debugging (no \'make clean\' in-between)
- build the client and libraries only once to save build time
(mysql-build-only-server.patch)
- cleaned up spec file

Mon Jan 22 13:00:00 2007 mmarekAATTsuse.cz
- silence some gcc warnings (compiler-warnings.patch)

Wed Jan 3 13:00:00 2007 mmarekAATTsuse.cz
- mysql-devel doesn\'t need mysql-client [#231010]

Tue Dec 19 13:00:00 2006 mmarekAATTsuse.cz
- updated to 5.0.27

* includes the fix for http://bugs.mysql.com/bug.php?id=23427
- fixed build with tar-1.16
- fixed small typo in README.SuSE, renamed to README.SUSE [#226716]

Thu Nov 23 13:00:00 2006 mmarekAATTsuse.de
- don\'t run killproc in rcmysql to avoid sending SIGKILL if
possible [#223209]

Wed Nov 15 13:00:00 2006 mmarekAATTsuse.de
- create user mysql with shell /bin/false, because \'su mysql\' is
not needed anymore (see bug #57071)

Wed Nov 15 13:00:00 2006 mmarekAATTsuse.cz
- use /var/lib/mysql/.tmp instead of /var/lib/mysql/tmp to avoid
collision with a database named \'tmp\' [#221188]

Tue Nov 14 13:00:00 2006 mmarekAATTsuse.cz
- use upstream patch for the varbinary upgrade problem (fixes the
problem in the REPAIR TABLE implementation, not in the mysqlcheck
program)
[#188134, http://bugs.mysql.com/bug.php?id=19371]

Tue Oct 31 13:00:00 2006 mmarekAATTsuse.cz
- fixed another binary incompatibility in mysql-shared
[http://bugs.mysql.com/bug.php?id=23427] (mybug23427.patch)

Thu Oct 19 14:00:00 2006 pnemecAATTsuse.cz
- updated to 5.0.26

* fixes security bugs CVE-2006-4226 and CVE-2006-4227

* Ctrl-C in the mysql CLI client tries to kill the current
statement first, instead of exiting

* mysqlshow treats wild characters such as \'_\' as literal, if the
argument matches a single database name exactly

* DROP VIEW with multiple views will try to drop remaining views
and not stop at first error

* the server now issues a warning if it removes leading spaces
from an alias

* the VIEW_DEFINITION column of the INFORMATION_SCHEMA VIEWS
table now contains information about the view algorithm

* mysql_upgrade doesn\'t read the [client] section of my.cnf, only
the [mysql_upgrade] section

* the LOAD DATA FROM MASTER and LOAD TABLE FROM MASTER statements
are deprecated, see
http://dev.mysql.com/doc/refman/5.0/en/load-data-from-master.html

* mysqldump now has a --flush-privileges option. It causes
mysqldump to emit a FLUSH PRIVILEGES statement after dumping
the mysql database

* lots of bugfixes
- new patch uninitialized_variable.patch

Mon Oct 16 14:00:00 2006 mmarekAATTsuse.cz
- The ISAM storage engine is no longer supported, update the
warning in rc.mysql.

Mon Oct 2 14:00:00 2006 mmarekAATTsuse.cz
- updated to version 5.0.24a

* fixes a binary incompatibility of mysql-shared introduced in
5.0.24

* fixes a buffer overflow caused by statements with long DEFINER
clause

* fixes crash when closing temporary tables

Mon Sep 11 14:00:00 2006 joeshawAATTsuse.de
- Add the libmysqld static libraries to the devel package.

Wed Aug 16 14:00:00 2006 mmarekAATTsuse.cz
- updated to version 5.0.24

* added the --ssl-verify-server-cert option to MySQL client
programs and MYSQL_OPT_SSL_VERIFY_SERVER_CERT for
mysql_options()

* new ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and ssl_key
system variables

* added --skip-merge option to disable the MERGE storage engine,
because it has a minor security problem
[http://bugs.mysql.com/20230]

* mysql_upgrade script reimplemented in C

* bug fixes
- dropped obsolete CVE-2006-0903.patch and pick_args.patch,
added my_libwrap.patch [http://bugs.mysql.com/18246]

Tue Aug 1 14:00:00 2006 mmarekAATTsuse.cz
- removed Recommends: from mysql-debug, it doesn\'t work on older
dists

Mon Jul 31 14:00:00 2006 mmarekAATTsuse.cz
- created a new mysql-debug package compiled with --with-debug
and removed the --with debug rpmbuild option
- fixed --core-file option to really work when the server is
started by root
(coredump.patch) [http://bugs.mysql.com/bug.php?id=21361]
- added a README.debug describing how to debug mysqld crashes
- cleaned up rc.mysql a bit
- the server depends on a minimal mysql-client version to make
sure a recent mysqlcheck is available for rc.mysql

Mon Jul 31 14:00:00 2006 mmarekAATTsuse.cz
- fixed some leaks and overflos in varbinary-upgrade.patch

Fri Jul 21 14:00:00 2006 mmarekAATTsuse.cz
- workaround an incompatibility with pre-5.0 varbinary fields:
update the .frm file and remove trailing zeros and spaces
in \'mysqlcheck --check-upgrade\'
[#188134, http://bugs.mysql.com/bug.php?id=19371]
(varbinary-upgrade.patch)


  
ICM