Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2012-06-11 09:04:56 UTC

* SECURITY UPDATE: authentication bypass (LP: #1011371)
  - debian/patches/90_CVE-2012-2122.patch: fix improper type conversion
    in sql/password.c.
  - CVE-2012-2122
* debian/mysql-server.preinst: Removed to prevent service from remaining
  stopped after getting updated. The upgrade logic is still present in
  mysql-common.preinst. (LP: #988325)

Author: Marc Deslauriers
Revision Date: 2012-06-11 09:04:56 UTC

* SECURITY UPDATE: authentication bypass (LP: #1011371)
  - debian/patches/90_CVE-2012-2122.patch: fix improper type conversion
    in sql/password.c.
  - CVE-2012-2122
* debian/mysql-server.preinst: Removed to prevent service from remaining
  stopped after getting updated. The upgrade logic is still present in
  mysql-common.preinst. (LP: #988325)

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2012-03-28 09:25:59 UTC

* SECURITY UPDATE: Update to 5.0.96 to fix security issues (LP: #965523)
  - http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2010-11-09 14:10:41 UTC

* SECURITY UPDATE: denial of service via joins involving a table with a
  unique SET column
  - debian/patches/113_SECURITY_CVE-2010-3677.dpatch: improve logic in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3677
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
  nullable columns
  - debian/patches/113_SECURITY_CVE-2010-3680.dpatch: check for null
    datatype in sql/ha_innodb.cc. Add tests to mysql-test/*.
  - CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
  on a table using the HANDLER interface
  - debian/patches/113_SECURITY_CVE-2010-3681.dpatch: check for the same
    index in sql/sql_handler.cc. Add tests to mysql-test/*.
  - CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
  queries
  - debian/patches/113_SECURITY_CVE-2010-3682.dpatch: improve conditional
    in sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3682
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/113_SECURITY_CVE-2010-3834.dpatch: handle temporary
    tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/113_SECURITY_CVE-2010-3836.dpatch: make sure we're not
    in view preparation mode in sql/item_cmpfunc.cc. Add tests to
    mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/113_SECURITY_CVE-2010-3837.dpatch: create a copy of
    the order structures in sql/item_sum.cc, sql/table.h. Add tests to
    mysql-test/*.
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/113_SECURITY_CVE-2010-3838.dpatch: handle REAL_RESULT
    in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/113_SECURITY_CVE-2010-3840.dpatch: improve data
    handling in sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840

Author: Marc Deslauriers
Revision Date: 2010-11-09 14:10:41 UTC

* SECURITY UPDATE: denial of service via joins involving a table with a
  unique SET column
  - debian/patches/113_SECURITY_CVE-2010-3677.dpatch: improve logic in
    sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3677
* SECURITY UPDATE: denial of service via TEMPORARY InnoDB tables with
  nullable columns
  - debian/patches/113_SECURITY_CVE-2010-3680.dpatch: check for null
    datatype in sql/ha_innodb.cc. Add tests to mysql-test/*.
  - CVE-2010-3680
* SECURITY UPDATE: denial of service via alternate reads from two indexes
  on a table using the HANDLER interface
  - debian/patches/113_SECURITY_CVE-2010-3681.dpatch: check for the same
    index in sql/sql_handler.cc. Add tests to mysql-test/*.
  - CVE-2010-3681
* SECURITY UPDATE: denial of service via use of EXPLAIN with certain
  queries
  - debian/patches/113_SECURITY_CVE-2010-3682.dpatch: improve conditional
    in sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3682
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/113_SECURITY_CVE-2010-3834.dpatch: handle temporary
    tables in sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/113_SECURITY_CVE-2010-3836.dpatch: make sure we're not
    in view preparation mode in sql/item_cmpfunc.cc. Add tests to
    mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/113_SECURITY_CVE-2010-3837.dpatch: create a copy of
    the order structures in sql/item_sum.cc, sql/table.h. Add tests to
    mysql-test/*.
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/113_SECURITY_CVE-2010-3838.dpatch: handle REAL_RESULT
    in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/113_SECURITY_CVE-2010-3840.dpatch: improve data
    handling in sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2010-05-27 11:52:10 UTC

* SECURITY UPDATE: privilege check bypass via crafted table name argument
  to COM_FIELD_LIST
  - debian/patches/102_CVE-2010-1848.dpatch: check table name in
    sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
  - CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
  - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
    sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
  - CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
  argument to COM_FIELD_LIST
  - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
    sql/sql_parse.cc.
  - CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
  - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
    myisam/mi_delete_table.c, add tests to mysql-test/*.
  - CVE-2010-1626

Author: Marc Deslauriers
Revision Date: 2010-05-27 11:52:10 UTC

* SECURITY UPDATE: privilege check bypass via crafted table name argument
  to COM_FIELD_LIST
  - debian/patches/102_CVE-2010-1848.dpatch: check table name in
    sql/sql_parse.cc, Add tests to tests/mysql_client_test.c.
  - CVE-2010-1848
* SECURITY UPDATE: denial of service via large packets
  - debian/patches/101_CVE-2010-1849.dpatch: handle big packets in
    sql/sql_parse.cc, include/mysql_com.h, sql/net_serv.cc.
  - CVE-2010-1849
* SECURITY UPDATE: arbitrary code execution via crafted table name
  argument to COM_FIELD_LIST
  - debian/patches/100_CVE-2010-1850.dpatch: check table name length in
    sql/sql_parse.cc.
  - CVE-2010-1850
* SECURITY UPDATE: DROP TABLE privilege bypass via symlink attack
  - debian/patches/103_CVE-2010-1626.dpatch: check for symlinks in
    myisam/mi_delete_table.c, add tests to mysql-test/*.
  - CVE-2010-1626

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2010-02-08 09:00:54 UTC

* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
  - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
    client/mysql.cc, add test to mysql-test/*.
  - CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
  function
  - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
    sql/sql_parse.cc, add test to tests/mysql_client_test.c.
  - CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
  subqueries and statements that use the GeomFromWKB function
  - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
    sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
    null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
  - CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
  of the mysql_unpacked_real_data_home value
  - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
    sql/mysqld.cc.
  - CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
  - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
    extra/yassl/taocrypt/src/asn.*.
  - CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
  test suite as they are expired. The new certs expire 2015-01-28.
  (LP: #323755)

Author: Marc Deslauriers
Revision Date: 2010-02-08 09:00:54 UTC

* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/92_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-4098
* SECURITY UPDATE: Cross-site scripting in the command-line client
  - debian/patches/92_CVE-2008-4456.dpatch: use xmlencode_print in
    client/mysql.cc, add test to mysql-test/*.
  - CVE-2008-4456
* SECURITY UPDATE: format string vulnerabilities in the dispatch_command
  function
  - debian/patches/92_CVE-2009-2446.dpatch: use correct format string in
    sql/sql_parse.cc, add test to tests/mysql_client_test.c.
  - CVE-2009-2446
* SECURITY UPDATE: denial of service via certain SELECT statements with
  subqueries and statements that use the GeomFromWKB function
  - debian/patches/92_CVE-2009-4019.dpatch: return proper errors in
    sql/sql_class.cc, handle errors in sql/sql_select.cc, set correct
    null_value in sql/item_geofunc.cc, add tests to mysql-test/*.
  - CVE-2009-4019
* SECURITY UPDATE: privilege restriction bypass via incorrect calculation
  of the mysql_unpacked_real_data_home value
  - debian/patches/92_CVE-2009-4030.dpatch: fix initialization order in
    sql/mysqld.cc.
  - CVE-2009-4030
* SECURITY UPDATE: arbitrary code execution via yassl stack overflow
  - debian/patches/93_CVE-2009-4484.dpatch: validate lengths in
    extra/yassl/taocrypt/src/asn.*.
  - CVE-2009-4484
* debian/patches/94_ssl_test_certs.dpatch: update certificates in the
  test suite as they are expired. The new certs expire 2015-01-28.
  (LP: #323755)

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Chuck Short
Revision Date: 2009-10-06 13:53:24 UTC

debian/patches/fix-dummy-thread-race-condition.dpatch: Fix dummy thread
creation (LP: #343870)

Author: Chuck Short
Revision Date: 2009-10-06 13:27:54 UTC

debian/patches/fix-dummy-thread-race-condition.dpatch: Remove the startup
of the dummy thread. (LP: #343870)

Author: Mathias Gug
Revision Date: 2009-09-09 11:58:31 UTC

Don't build mysql-{server,client,common} as they're now provided by
mysql-dfsg-5.1 (LP: #426769).

Author: Marc Deslauriers
Revision Date: 2008-11-13 10:34:12 UTC

* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
  - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
    Item_bin_string() in sql/item.cc to parse an empty bit-string literal
    as an empty string.
  - CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This update is a complete
  fix for the three CVE numbers listed below. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-2079
  - CVE-2008-4097
  - CVE-2008-4098
* debian/rules: do not update po tree for security updates.

Author: Jamie Strandboge
Revision Date: 2008-03-06 09:26:24 UTC

* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
  handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/95_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
  length of input (LP: #186978)
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
  DEFINER VIEW and ALTER VIEW statements
* debian/patches/96_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
  is non-NULL in sql_view.cc (LP: #185039)
* debian/patches/97_view_fix-now.dpatch: update view.test and view.result to
  use a static year instead of now(). These tests are not part of the build
  but helps with qa-regression-testing
* References
  CVE-2008-0226
  CVE-2008-0227
  CVE-2007-6303

Author: Mathias Gug
Revision Date: 2009-05-11 22:41:44 UTC

debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch: wait in the
SIGHUP trap to avoid killing an existing mysqld process when a HUP signal
is sent to mysqld_safe. (LP: #326768)

Author: Chuck Short
Revision Date: 2009-03-30 14:59:35 UTC

debian/mysql-server-5.0.postinst: Clear out the second password
when setting up mysql. (LP: #344816)

Author: Chuck Short
Revision Date: 2008-09-18 09:37:56 UTC

Clean up mysql apparmor profile. (LP: #270663)

Author: Mathias Gug
Revision Date: 2008-03-27 19:02:38 UTC

* debian/patches/59-fix-mysql-replication-logs.dpatch:
  Fix mysql replication: relay-logs were stored in /var/run. (LP: #119271).
  Patch taken from 5.0.54.
* debian/patches/58-disable-ndb-backup-print.dpatch:
  update description of ndb_backup_print patch.

Author: Marc Deslauriers
Revision Date: 2008-11-13 10:34:12 UTC

* SECURITY UPDATE: denial of service via an empty bit-string literal (b'')
  - debian/patches/98_SECURITY_CVE-2008-3963.dpatch: fix Item_bin_string::
    Item_bin_string() in sql/item.cc to parse an empty bit-string literal
    as an empty string.
  - CVE-2008-3963
* SECURITY UPDATE: privilege circumvention via the creation of MyISAM
  tables using the DATA DIRECTORY and INDEX DIRECTORY options to overwrite
  existing table files in the data directory. This update is a complete
  fix for the three CVE numbers listed below. This fix alters table creation
  behaviour by disallowing the use of the MySQL data directory in DATA
  DIRECTORY and INDEX DIRECTORY options. (LP: #254129)
  - debian/patches/99_SECURITY_CVE-2008-4098.dpatch: Disallow use of MySQL
    data directory in DATA DIRECTORY and INDEX DIRECTORY options.
  - CVE-2008-2079
  - CVE-2008-4097
  - CVE-2008-4098
* debian/rules: do not update po tree for security updates.

Author: Jamie Strandboge
Revision Date: 2007-10-02 19:28:58 UTC

fix for mysql bug 27383 which causes mysql-test 'mysql_client_test'
to fail due to gcc 4.x optimizations

Author: Jamie Strandboge
Revision Date: 2008-03-19 15:17:20 UTC

no change build for -security upload

Author: Jamie Strandboge
Revision Date: 2008-03-06 09:15:54 UTC

* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
  handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
  length of input (LP: #186978).
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
  DEFINER VIEW and ALTER VIEW statements
* debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
  is non-NULL in sql_view.cc (LP: #185039)
* debian/patches/99_view_fix-now.dpatch: update view.test and view.result to
  use a static year instead of now(). These tests are not part of the build
  but helps with qa-regression-testing
* SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
  routines
* debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
  when returning from stored routine by performing privilege checks in the
  execution stage rather than the parsing stage. (LP: #172260)
* References
  CVE-2008-0226
  CVE-2008-0227
  CVE-2007-6303
  CVE-2007-2692
  http://bugs.mysql.com/bug.php?id=27337

Author: Jamie Strandboge
Revision Date: 2008-03-19 15:17:20 UTC

no change build for -security upload

Author: Martin Pitt
Revision Date: 2007-04-03 09:43:01 UTC

* Package the Enterprise version again (.37 was a community version), since
  Debian and we have always done so. This brings in a few more bug fixes and
  makes functional derivations less likely.
* debian/README.Maintainer: Add pointer to upstream download URL, since it
  is very hard to find the Enterprise versions.
* Disable 33_scripts__mysql_create_system_tables__no_test.dpatch, since that
  script was removed upstream.
* debian/patches/41_scripts__mysql_install_db.sh__no_test.dpatch: Adapted to
  changed formatting in new upstream version.
* Remove debian/patches/86_PATH_MAX.dpatch, fixed upstream.
* Add debian/patches/90_org_tables_definition.dpatch: Fix local variable
  declaration in libmysqld/sql_parse.cc to fix compilation with
  EMBEDDED_LIBRARY.

Author: Jamie Strandboge
Revision Date: 2008-03-19 15:15:59 UTC

no change build for -security upload

Author: Jamie Strandboge
Revision Date: 2008-03-06 09:09:00 UTC

* SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
  handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
* SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
* debian/patches/99_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
  length of input (LP: #186978).
* SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
  DEFINER VIEW and ALTER VIEW statements
* debian/patches/100_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
  is non-NULL in sql_view.cc (LP: #185039). This patch also fixes upstream
  bug #21080, which was needed to keep VIEW definitions in sync.
* SECURITY UPDATE: denial of service via crafted EXPLAIN SELECT FROM on the
  INFORMATION_SCHEMA table
* debian/patches/101_SECURITY_CVE-2006-7232.dpatch: make sure
  thd->lex-describe is non-NULL in sql_select.cc (LP: #161127)
* debian/patches/102_view_fix-now.dpatch: update view.test and view.result to
  use a static year instead of now(). These tests are not part of the build
  but helps with qa-regression-testing
* SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
  routines
* debian/patches/103_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
  when returning from stored routine by performing privilege checks in the
  execution stage rather than the parsing stage.
* References
  CVE-2008-0226
  CVE-2008-0227
  CVE-2007-6303
  CVE-2006-7232
  CVE-2007-2692
  http://bugs.mysql.com/bug.php?id=27337
  http://bugs.mysql.com/bug.php?id=21080

Author: Jamie Strandboge
Revision Date: 2008-03-19 15:15:59 UTC

no change build for -security upload

Author: Christian Hammers
Revision Date: 2006-10-03 14:55:31 UTC

* Having expire_logs_days enabled but log-bin not crashes the server. Using
  both or none of those options is safe. To prevent this happening during the
  nightly log rotation via /etc/logrotate.d/mysql the initscript checks for
  malicious combination of options. See: #368547
* The Sarge package "mysql-server" which used to include the mysqld daemon
  may still be in unselected-configured state (i.e. after a remove but not
  purge) in which case its now obsolete cronscript has to be moved away
  (thanks to Charles Lepple). Closes: #385669
* Updated Danish Debconf translation (thanks to Claus Hindsgaul).
  Closes: #390315
* Updated Frensh Debconf translation (thanks to Christian Perrier).
  Closes: #390980

Author: Jamie Strandboge
Revision Date: 2008-04-15 16:28:38 UTC

* RELIABILITY UPDATE: fix for upstream bug #20908
* debian/patches/105_upstream_20908.dpatch: fix MYSQLlex() in sql_lex.cc
  to ABORT_SYM on zero-length variable names
* References
  LP: #217772
  http://bugs.mysql.com/bug.php?id=20908

Author: Adam Conrad
Revision Date: 2006-05-23 20:56:35 UTC

* Redirect mysql_upgrade output to syslog, instead of littering the
  console, which appears to royally mess up debconf when I'm unlucky.
* Merge with Debian's pending 5.0.21-4 release to get new debconf
  translations and the BLOCKSIZE fix for the free disk space check.