Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/maverick-proposed/mysql-5.1
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

20. By Marc Deslauriers

* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/61_CVE-2010-3833.dpatch
  - debian/patches/61_CVE-2010-3834.dpatch
  - debian/patches/61_CVE-2010-3835.dpatch
  - debian/patches/61_CVE-2010-3836.dpatch
  - debian/patches/61_CVE-2010-3837.dpatch
  - debian/patches/61_CVE-2010-3838.dpatch
  - debian/patches/61_CVE-2010-3839.dpatch
  - debian/patches/61_CVE-2010-3840.dpatch
  - debian/patches/60_abi-check-include.dpatch
  - debian/patches/62_disable_longfilename_test.dpatch
  - debian/patches/90_fix_testsuite_for_installed_env.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

19. By Marc Deslauriers

* SECURITY UPDATE: denial of service via incorrect propagation of type
  - debian/patches/61_CVE-2010-3833.dpatch: properly check for execution
    errors in sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3833
* SECURITY UPDATE: denial of service via derived table materializing.
  - debian/patches/61_CVE-2010-3834.dpatch: handle temporary tables in
    sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
  - CVE-2010-3834
* SECURITY UPDATE: denial of service via user-variable assignment
  - debian/patches/61_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
    Add tests to mysql-test/*.
  - CVE-2010-3835
* SECURITY UPDATE: denial of service via pre-evaluation of LIKE
  predicates during view preparation.
  - debian/patches/61_CVE-2010-3836.dpatch: make sure we're not in view
    preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
  - CVE-2010-3836
* SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
  WITH ROLLUP together.
  - debian/patches/61_CVE-2010-3837.dpatch: create a copy of the order
    structures in sql/item_sum.cc, sql/table.h. Add tests to
  - CVE-2010-3837
* SECURITY UPDATE: denial of service via longblob and union or update
  with subquery.
  - debian/patches/61_CVE-2010-3838.dpatch: handle REAL_RESULT in
    sql/item_func.cc. Add tests to mysql-test/*.
  - CVE-2010-3838
* SECURITY UPDATE: denial of service via certain queries with nested
  - debian/patches/61_CVE-2010-3839.dpatch: fix nesting in
    sql/sql_select.cc. Add tests to mysql-test/*.
  - CVE-2010-3839
* SECURITY UPDATE: denial of service via PolyFromWKB() function and
  improper data.
  - debian/patches/61_CVE-2010-3840.dpatch: improve data handling in
    sql/spatial.cc. Add tests to mysql-test/*.
  - CVE-2010-3840
* debian/patches/62_disable_longfilename_test.dpatch: disable the
  partition_rename_longfilename test as it fails when building with
  sbuild and schroots.

18. By Clint Byrum

raising kill timeout to 300 to help avoid table corruption (LP: #620441)

17. By Jamie Strandboge

debian/apparmor-profile: fix syntax error introduced in last upload
and remove added redundant access rule. LP: #622010, LP: #594932

16. By Chuck Short

[Clint Byrum]
* Installing mysql_config_pic in /usr/bin so users of libmysqld-pic
  can extract the appropriate compile flags. (LP: #605021)

[Chuck Short]
* debian/mysql-server.5.1.postinst: Specify the mysql user when installing
  the mysql databases. (LP: #591875)
* debian/apparmor-profile: Update apparmor profile for mysql plugins.
  (LP: #594932, #619172)

15. By Steve Beattie

* New patch: 99_fix_testsuite_for_installed_env.dpatch: fix
  mysql-testsuite to work with the installation location (LP: #617461)
* debian/apparmor-profile: add mmap access to mysql plugin location
  (LP: #617463)

14. By Jamie Strandboge

debian/rules: doy. Put dh_apparmor in binary-arch so more than just
i386 has the benefit of AppArmor protection, really fixing LP: #616417

13. By Jamie Strandboge

debian/control: Build-Depends on debhelper 7.4.20ubuntu6, which has a
fix that prevented debhelper from creating the necessary output in
postinst (LP: #616417)

12. By Jamie Strandboge

* convert to using dh_apparmor:
  - debian/rules, debian/mysql-server-5.1.postinst: use dh_apparmor
  - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
* debian/mysql-server-5.1.postrm: since it doesn't use DEBHELPER, update
  to what we have in debhelper
* debian/apparmor-profile: update for local include

11. By Chuck Short

* Merge from debian unstable:
  + debian/control:
     * Update maintainer according to spec.
     * Move section from "misc" to "database".
     * Added libmysqlclient16-dev an empty transitional package.
     * Added mysql-client-core-5.1 package.
     * Suggest mailx for mysql-server-5.1
     * Add mysql-testsuite package so you can run the testsuite seperately.
  + debian/additions/my.cnf:
    * Remove language options. Error message files are located in a different directory in Mysql
      5.0. Setting the language option to use /usr/share/mysql/english breaks Mysql 5.0. Both 5.0
      and 5.1 use a different value that works. (LP: #316974)
  + Add apparmor profile:
    + debian/apparmor-profile: apparmor-profile
    + debian/rules, debian/mysql-server-5.1.files: install apparmor profile
    + debian/mysql-server-5.1.dirs: add etc/apparmor.d/fore-complain
    + debian/mysql-server-5.1.postrm: remove symlink in force-complain/ on purge.
    + debian/mysql-server-5.1.README.Debian: add apparmor documentation.
    + debian/additions/my.cnf: Add warning about apparmor. (LP: #201799)
    + debian/mysql-server-5.1.postinst: reload apparmor profiles
  * Convert the package from sysvinit to upstart:
    + debian/mysql-server-5.1.mysql.upstart: Add upstart script.
    + debian/mysql-server-5.1.mysql.init: Dropped, unused now with upstart.
    + debian/additions/mysqld_safe_syslog.cnf: Dropped, unused now with upstart.
    + debian/additons/my.cnf: Remove pid declaration and setup error logging to /var/log/mysql since
      we're not piping anything around logger anymore.
    + debian/rules, debian/mysql-server-5.1.logcheck.ignore.{paranoid,worstation},
      debian/mysql-server-5.1.logcheck.ignore.server: : Remove references to mysqld_safe
    + debian/patches/38_scripts_mysqld_safe.sh_signals.dpatch: Dropped
  * Added -fno-strict-aliasing to CFLAGS to get around mysql testsuite build failures.
  * Add Apport hook (LP: #354188):
    + debian/mysql-server-5.1.py: apport package hook
    + debian/rules: Make it installable
  * debian/mysql-server-5.1.mysql-server.logrotate: Check to see if mysql is running before
    running logrotate. (LP: #513135)
  * Make the testsuite installable. (LP: #530752)
    + debian/mysql-server-5.1.files, debian/rules: install apport package hook
  * debian/mysql-server-5.1.preinst: Set mysql user's home directory
    to /nonexistent to protect against having the /var/lib/mysql
    user-writeable. If an attacker can trick mysqld into creating
    dot files in the home directory, he could do .rhost-like attacks
    on the system. (LP: #293258)
  * debian/control: mysql-client-5.1 should depend on mysql-core-client-5.1.
    (LP: #590952)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.