------------------------------------------------------------
revno: 3472 [merge]
tags: clone-5.1.50-build
committer: Alfranio Correia <alfranio.correia@sun.com>
branch nick: mysql-5.1-security
timestamp: Tue 2010-08-03 12:52:02 +0100
message:
  auto-merge mysql-5.1-security (local) --> mysql-5.1-security
    ------------------------------------------------------------
    revno: 3452.3.1
    committer: Alfranio Correia <alfranio.correia@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Mon 2010-08-02 20:48:56 +0100
    message:
      BUG#55625 RBR breaks on failing 'CREATE TABLE'
      
      A CREATE...SELECT that fails is written to the binary log if a non-transactional
      statement is updated. If the logging format is ROW, the CREATE statement and the
      changes are written to the binary log as distinct events and by consequence the
      created table is not rolled back in the slave.
      
      In this patch, we opted to let the slave goes out of sync by not writting to the
      binary log the CREATE statement. We do this by simply reseting the binary log's
      cache.
------------------------------------------------------------
revno: 3471 [merge]
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
branch nick: merge-5.1-security
timestamp: Mon 2010-08-02 11:03:41 +0300
message:
  merge
    ------------------------------------------------------------
    revno: 1810.3987.35 [merge]
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: merge-5.0-security
    timestamp: Mon 2010-08-02 10:45:43 +0300
    message:
      merge
------------------------------------------------------------
revno: 3470 [merge]
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
branch nick: merge-5.1-security
timestamp: Mon 2010-08-02 10:50:15 +0300
message:
  merge mysql-5.1-bugteam into mysql-5.1-security
    ------------------------------------------------------------
    revno: 3452.1.17
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: 42733-5.1
    timestamp: Fri 2010-07-30 17:33:10 -0300
    message:
      Bug#45288: pb2 returns a lot of compilation warnings on linux
      
      Fix compiler warnings.
    ------------------------------------------------------------
    revno: 3452.1.16 [merge]
    committer: Luis Soares <luis.soares@sun.com>
    branch nick: mysql-5.1-bugteam-push
    timestamp: Fri 2010-07-30 15:32:28 +0100
    message:
      Automerge mysql-5.1-bugteam into mysql-5.1-bugteam latest.
        ------------------------------------------------------------
        revno: 3452.2.1
        committer: Luis Soares <luis.soares@sun.com>
        branch nick: mysql-5.1-bugteam
        timestamp: Fri 2010-07-30 14:44:39 +0100
        message:
          Revert patch for BUG#34283. Causing lots of test failures in PB2,
          mostly because existing test result files were not updated.
    ------------------------------------------------------------
    revno: 3452.1.15
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B55188-5.1-bugteam
    timestamp: Fri 2010-07-30 17:09:24 +0300
    message:
      Disable the tests failing under valgrind because of bug #55503
    ------------------------------------------------------------
    revno: 3452.1.14
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B55188-5.1-bugteam
    timestamp: Fri 2010-07-30 16:35:06 +0300
    message:
      Bug #55188: GROUP BY, GROUP_CONCAT and TEXT - inconsistent results
      
      In order to be able to check if the set of the grouping fields in a 
      GROUP BY has changed (and thus to start a new group) the optimizer
      caches the current values of these fields in a set of Cached_item 
      derived objects.
      The Cached_item_str, used for caching varchar and TEXT columns,
      is limited in length by the max_sort_length variable.
      A String buffer to store the value with an alloced length of either
      the max length of the string or the value of max_sort_length 
      (whichever is smaller) in Cached_item_str's constructor.
      Then, at compare time the value of the string to compare to was 
      truncated to the alloced length of the string buffer inside 
      Cached_item_str.
      This is all fine and valid, but only if you're not assigning 
      values near or equal to the alloced length of this buffer.
      Because when assigning values like this the alloced length is 
      rounded up and as a result the next set of data will not match the
      group buffer, thus leading to wrong results because of the changed
      alloced_length.
      Fixed by preserving the original maximum length in the 
      Cached_item_str's constructor and using this instead of the 
      alloced_length to limit the string to compare to.
      Test case added.
    ------------------------------------------------------------
    revno: 3452.1.13 [merge]
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-30 09:38:18 -0300
    message:
      Merge of mysql-5.0-bugteam into mysql-5.1-bugteam.
        ------------------------------------------------------------
        revno: 1810.3995.4
        committer: Davi Arnaut <davi.arnaut@oracle.com>
        branch nick: mysql-5.0-bugteam
        timestamp: Fri 2010-07-30 09:34:40 -0300
        message:
          Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run
          
          Fix a regression (due to a typo) which caused spurious incorrect
          argument errors for long data stream parameters if all forms of
          logging were disabled (binary, general and slow logs).
    ------------------------------------------------------------
    revno: 3452.1.12
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-30 09:17:10 -0300
    message:
      Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run
      
      Fix a regression (due to a typo) which caused spurious incorrect
      argument errors for long data stream parameters if all forms of
      logging were disabled (binary, general and slow logs).
    ------------------------------------------------------------
    revno: 3452.1.11
    committer: <Dao-Gang.Qu@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-30 11:59:34 +0800
    message:
      Bug #34283  mysqlbinlog leaves tmpfile after termination if binlog contains load data infile
      
      With statement- or mixed-mode logging, "LOAD DATA INFILE" queries
      are written to the binlog using special types of log events.
      When mysqlbinlog reads such events, it re-creates the file in a
      temporary directory with a generated filename and outputs a
      "LOAD DATA INFILE" query where the filename is replaced by the
      generated file. The temporary file is not deleted by mysqlbinlog
      after termination.
      
      To fix the problem, in mixed mode we go to row-based. In SBR, we
      document it to remind user the tmpfile is left in a temporary
      directory.
    ------------------------------------------------------------
    revno: 3452.1.10
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: 53463-5.1
    timestamp: Wed 2010-07-28 12:59:19 -0300
    message:
      Bug#53463: YaSSL patch appears to be reverted
      
      The problem is that the fix Bug#29784 was mistakenly
      reverted when updating YaSSL to a newer version.
      
      The solution is to re-apply the fix and this time
      actually add a meaningful test case so that possible
      regressions are caught.
    ------------------------------------------------------------
    revno: 3452.1.9 [merge]
    committer: Vasil Dimov <vasil.dimov@oracle.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Thu 2010-07-29 11:57:33 +0300
    message:
      Merge mysql-5.1-innodb -> mysql-5.1-bugteam
        ------------------------------------------------------------
        revno: 3351.14.179 [merge]
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Thu 2010-07-29 11:51:00 +0300
        message:
          Merge mysql-5.1-bugteam -> mysql-5.1-innodb
        ------------------------------------------------------------
        revno: 3351.14.178
        committer: Jimmy Yang <jimmy.yang@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Wed 2010-07-28 03:20:44 -0700
        message:
          Fix bug #55581 by backporting fix of #52546 from mysql-trunk-innodb
          to mysql-5.1-innodb plugin.
        ------------------------------------------------------------
        revno: 3351.14.177
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Fri 2010-07-23 19:32:38 +0300
        message:
          Increment InnoDB Plugin version to 1.0.11.
          InnoDB Plugin 1.0.10 has been released with MySQL 5.1.49.
        ------------------------------------------------------------
        revno: 3351.14.176 [merge]
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Fri 2010-07-23 12:51:14 +0300
        message:
          Merge mysql-5.1 -> mysql-5.1-innodb
        ------------------------------------------------------------
        revno: 3351.14.175 [merge]
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Fri 2010-07-09 15:15:09 +0300
        message:
          Merge mysql-5.1 -> mysql-5.1-innodb
          (no changes introduced by this merge)
        ------------------------------------------------------------
        revno: 3351.14.174
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Wed 2010-07-07 20:51:30 +0300
        message:
          Add the innodb_plugin tests to "make dist".
        ------------------------------------------------------------
        revno: 3351.14.173
        committer: Jimmy Yang <jimmy.yang@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Mon 2010-07-05 19:26:38 -0700
        message:
          Add innodb_bug53756-master.opt for innodb_bug53756 test.
        ------------------------------------------------------------
        revno: 3351.14.172
        committer: Jimmy Yang <jimmy.yang@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Wed 2010-06-30 22:06:01 -0700
        message:
          Port fix for bug #54311 from mysql-trunk-innodb to mysql-5.1-innodb codeline.
          Bug #54311: Crash on CHECK PARTITION after concurrent LOAD DATA
          and adaptive_hash_index=OFF
        ------------------------------------------------------------
        revno: 3351.14.171
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Wed 2010-06-30 12:38:47 +0300
        message:
          Bug#54358 follow-up: Correct some error handling.
        ------------------------------------------------------------
        revno: 3351.14.170
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Wed 2010-06-30 12:31:49 +0300
        message:
          Correct some comments that were added in the fix of Bug #54358
          (READ UNCOMMITTED access failure of off-page DYNAMIC or COMPRESSED columns).
          
          Records that lack incompletely written externally stored columns may
          be accessed by READ UNCOMMITTED transaction even without involving a
          crash during an INSERT or UPDATE operation. I verified this as follows.
          
          (1) added a delay after the mini-transaction for writing the clustered
          index 'stub' record was committed (patch attached)
          (2) started mysqld in gdb, setting breakpoints to the where the
          assertions about READ UNCOMMITTED were added in the bug fix
          (3) invoked ibtest3 --create-options=key_block_size=2
          to create BLOBs in a COMPRESSED table
          (4) invoked the following:
          yes 'set transaction isolation level read uncommitted;
          checksum table blobt3;select sleep(1);'|mysql -uroot test
          (5) noted that one of the breakpoints was triggered
          (return(NULL) in btr_rec_copy_externally_stored_field())
          
          === modified file 'storage/innodb_plugin/row/row0ins.c'
          --- storage/innodb_plugin/row/row0ins.c	2010-06-30 08:17:25 +0000
          +++ storage/innodb_plugin/row/row0ins.c	2010-06-30 08:17:25 +0000
          @@ -2120,6 +2120,7 @@ function_exit:
           		rec_t*	rec;
           		ulint*	offsets;
           		mtr_start(&mtr);
          +		os_thread_sleep(5000000);
           
           		btr_cur_search_to_nth_level(index, 0, entry, PAGE_CUR_LE,
           					    BTR_MODIFY_TREE, &cursor, 0,
          
          === modified file 'storage/innodb_plugin/row/row0upd.c'
          --- storage/innodb_plugin/row/row0upd.c	2010-06-30 08:11:55 +0000
          +++ storage/innodb_plugin/row/row0upd.c	2010-06-30 08:11:55 +0000
          @@ -1763,6 +1763,7 @@ row_upd_clust_rec(
           		rec_offs_init(offsets_);
           
           		mtr_start(mtr);
          +		os_thread_sleep(5000000);
           
           		ut_a(btr_pcur_restore_position(BTR_MODIFY_TREE, pcur, mtr));
           		rec = btr_cur_get_rec(btr_cur);
        ------------------------------------------------------------
        revno: 3351.14.169
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Tue 2010-06-29 16:12:19 +0300
        message:
          ChangeLog entry for Bug #54408
        ------------------------------------------------------------
        revno: 3351.14.168
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Tue 2010-06-29 16:00:58 +0300
        message:
          Bug#54408: txn rollback after recovery: row0umod.c:673
          dict_table_get_format(index->table)
          
          The REDUNDANT and COMPACT formats store a local 768-byte prefix of
          each externally stored column. No row_ext cache is needed, but we
          initialized one nevertheless. When the BLOB pointer was zero, we would
          ignore the locally stored prefix as well. This triggered an assertion
          failure in row_undo_mod_upd_exist_sec().
          
          row_build(): Allow ext==NULL when a REDUNDANT or COMPACT table
          contains externally stored columns.
          
          row_undo_search_clust_to_pcur(), row_upd_store_row(): Invoke
          row_build() with ext==NULL on REDUNDANT and COMPACT tables.
          
          rb://382 approved by Jimmy Yang
        ------------------------------------------------------------
        revno: 3351.14.167
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Tue 2010-06-29 15:56:53 +0300
        message:
          ChangeLog entry for Bug #54358
        ------------------------------------------------------------
        revno: 3351.14.166
        committer: Marko Mkel <marko.makela@oracle.com>
        branch nick: 5.1-innodb
        timestamp: Tue 2010-06-29 15:55:18 +0300
        message:
          Bug#54358: READ UNCOMMITTED access failure of off-page DYNAMIC or COMPRESSED
          columns
          
          When the server crashes after a record stub has been inserted and
          before all its off-page columns have been written, the record will
          contain incomplete off-page columns after crash recovery. Such records
          may only be accessed at the READ UNCOMMITTED isolation level or when
          rolling back a recovered transaction in recv_recovery_rollback_active().
          Skip these records at the READ UNCOMMITTED isolation level.
          
          TODO: Add assertions for checking the above assumptions hold when an
          incomplete BLOB is encountered.
          
          btr_rec_copy_externally_stored_field(): Return NULL if the field is
          incomplete.
          
          row_prebuilt_t::templ_contains_blob: Clarify what "BLOB" means in this
          context. Hint: MySQL BLOBs are not the same as InnoDB BLOBs.
          
          row_sel_store_mysql_rec(): Return FALSE if not all columns could be
          retrieved. Previously this function always returned TRUE.  Assert that
          the record is not delete-marked.
          
          row_sel_push_cache_row_for_mysql(): Return FALSE if not all columns
          could be retrieved.
          
          row_search_for_mysql(): Skip records containing incomplete off-page
          columns. Assert that the transaction isolation level is READ
          UNCOMMITTED.
          
          rb://380 approved by Jimmy Yang
        ------------------------------------------------------------
        revno: 3351.14.165
        committer: Jimmy Yang <jimmy.yang@oracle.com>
        branch nick: mysql-5.1-innodb
        timestamp: Mon 2010-06-28 19:41:37 -0700
        message:
          Check in fix for bug #53756: "ALTER TABLE ADD PRIMARY KEY affects
          crash recovery"
          
          rb://369 approved by Marko
    ------------------------------------------------------------
    revno: 3452.1.8
    committer: Alexander Barkov <bar@mysql.com>
    branch nick: mysql-5.1-bugteam.b45012
    timestamp: Thu 2010-07-29 10:12:44 +0400
    message:
      Postfix for BUG#45012.
      
      Problem: The original patch didn't compile on debug_werror
      due to wrong format in printf("%d") for size_t variables.
      
      Fix: Adding cast to (int).
    ------------------------------------------------------------
    revno: 3452.1.7
    committer: <Li-Bing.Song@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Thu 2010-07-29 11:00:57 +0800
    message:
      BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave
      
      /*![:version:] Query Code */, where [:version:] is a sequence of 5 
      digits representing the mysql server version(e.g /*!50200 ... */),
      is a special comment that the query in it can be executed on those 
      servers whose versions are larger than the version appearing in the 
      comment. It leads to a security issue when slave's version is larger 
      than master's. A malicious user can improve his privileges on slaves. 
      Because slave SQL thread is running with SUPER privileges, so it can
      execute queries that he/she does not have privileges on master.
      
      This bug is fixed with the logic below: 
      - To replace '!' with ' ' in the magic comments which are not applied on
        master. So they become common comments and will not be applied on slave.
      
      - Example:
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
        will be binlogged as
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
    ------------------------------------------------------------
    revno: 3452.1.6
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-23 21:55:03 -0300
    message:
      Bug#55501: Disable innodb plugin usage in the embedded server on certain OSes
      
      Do not attempt to test the innodb plugin with the embedded server,
      it's not supported for now.
    ------------------------------------------------------------
    revno: 3452.1.5 [merge]
    committer: Sven Sandberg <sven.sandberg@oracle.com>
    branch nick: 5.1-bugteam
    timestamp: Mon 2010-07-26 11:56:30 +0200
    message:
      merged BUG#55322 to 5.1-bugteam
        ------------------------------------------------------------
        revno: 3408.1.4
        committer: Sven Sandberg <sven.sandberg@oracle.com>
        branch nick: 5.1
        timestamp: Tue 2010-07-20 17:27:13 +0200
        message:
          BUG#55322: SHOW BINLOG EVENTS increases @@SESSION.MAX_ALLOWED_PACKET
          
          Problem: when SHOW BINLOG EVENTS was issued, it increased the value of
          @@session.max_allowed_packet. This allowed a non-root user to increase
          the amount of memory used by her thread arbitrarily. Thus, it removes
          the bound on the amount of system resources used by a client, so it
          presents a security risk (DoS attack).
          
          Fix: it is correct to increase the value of @@session.max_allowed_packet
          while executing SHOW BINLOG EVENTS (see BUG 30435). However, the
          increase should only be temporary. Thus, the fix is to restore the value
          when SHOW BINLOG EVENTS ends.
          The value of @@session.max_allowed_packet is also increased in
          mysql_binlog_send (i.e., the binlog dump thread). It is not clear if this
          can cause any trouble, since normally the client that issues
          COM_BINLOG_DUMP will not issue any other commands that would be affected
          by the increased value of @@session.max_allowed_packet. However, we
          restore the value just in case.
    ------------------------------------------------------------
    revno: 3452.1.4
    committer: Alexander Barkov <bar@mysql.com>
    branch nick: mysql-5.1-bugteam.b45012
    timestamp: Mon 2010-07-26 09:06:18 +0400
    message:
      Bug#45012 my_like_range_cp932 generates invalid string
      
      Problem: The functions my_like_range_xxx() returned
      badly formed maximum strings for Asian character sets,
      which made problems for storage engines.
      
      Fix: 
      - Removed a number my_like_range_xxx() implementations,
        which were in fact dumplicate code pieces.
      - Using generic my_like_range_mb() instead.
      - Setting max_sort_char member properly for Asian character sets
      - Adding unittest/strings/strings-t.c, 
        to test that my_like_range_xxx() return well-formed 
        min and max strings.
      
      Notes:
      
      - No additional tests in mysql/t/ available.
        Old tests cover the affected code well enough.
    ------------------------------------------------------------
    revno: 3452.1.3 [merge]
    committer: Dmitry Shulga <Dmitry.Shulga@Sun.COM>
    branch nick: 5.1-bugteam-bug42496
    timestamp: Fri 2010-07-23 18:15:56 +0700
    message:
      Merge 5.1-bugteam -> 5.1-bug-42496
        ------------------------------------------------------------
        revno: 3457.4.2 [merge]
        committer: kevin.lewis@oracle.com
        branch nick: mysql-5.1-bugteam
        timestamp: Thu 2010-07-22 11:17:26 -0500
        message:
          Merge
        ------------------------------------------------------------
        revno: 3457.4.1
        committer: kevin.lewis@oracle.com
        branch nick: mysql-5.1-bugteam
        timestamp: Thu 2010-07-22 11:15:15 -0500
        message:
          Bug#49542 - Do as the comment suggests and downgrade directory errors from find_file() to a warning unless they happen during a SHOW command.
    ------------------------------------------------------------
    revno: 3452.1.2
    committer: Dmitry Shulga <Dmitry.Shulga@Sun.COM>
    branch nick: 5.1-bugteam-bug42496
    timestamp: Wed 2010-07-21 14:56:43 +0700
    message:
      Fixed bug #42496 - the server could crash on a debug assert after a failure
      to write into a closed socket
    ------------------------------------------------------------
    revno: 3452.1.1
    committer: Dmitry Shulga <Dmitry.Shulga@Sun.COM>
    branch nick: 5.1-bugteam-bug51855
    timestamp: Tue 2010-06-29 16:32:03 +0700
    message:
      Fixed bug #51855. Race condition in XA START. If several threads
      concurrently execute the statement XA START 'x', then mysqld
      server could crash.
------------------------------------------------------------
revno: 3469
committer: Gleb Shchepa <gshchepa@mysql.com>
branch nick: mysql-5.1-security
timestamp: Sun 2010-08-01 22:12:36 +0400
message:
  Bug #54461: crash with longblob and union or update with subquery
  
  Queries may crash, if
    1) the GREATEST or the LEAST function has a mixed list of
       numeric and LONGBLOB arguments and
    2) the result of such a function goes through an intermediate
       temporary table.
  
  An Item that references a LONGBLOB field has max_length of
  UINT_MAX32 == (2^32 - 1).
  
  The current implementation of GREATEST/LEAST returns REAL
  result for a mixed list of numeric and string arguments (that
  contradicts with the current documentation, this contradiction
  was discussed and it was decided to update the documentation).
  
  The max_length of such a function call was calculated as a
  maximum of argument max_length values (i.e. UINT_MAX32).
  
  That max_length value of UINT_MAX32 was used as a length for
  the intermediate temporary table Field_double to hold
  GREATEST/LEAST function result.
  
  The Field_double::val_str() method call on that field
  allocates a String value.
  
  Since an allocation of String reserves an additional byte
  for a zero-termination, the size of String buffer was
  set to (UINT_MAX32 + 1), that caused an integer overflow:
  actually, an empty buffer of size 0 was allocated.
  
  An initialization of the "first" byte of that zero-size
  buffer with '\0' caused a crash.
  
  The Item_func_min_max::fix_length_and_dec() has been
  modified to calculate max_length for the REAL result like
  we do it for arithmetical operators.
  
  
  ******
  Bug #54461: crash with longblob and union or update with subquery
  
  Queries may crash, if
    1) the GREATEST or the LEAST function has a mixed list of
       numeric and LONGBLOB arguments and
    2) the result of such a function goes through an intermediate
       temporary table.
  
  An Item that references a LONGBLOB field has max_length of
  UINT_MAX32 == (2^32 - 1).
  
  The current implementation of GREATEST/LEAST returns REAL
  result for a mixed list of numeric and string arguments (that
  contradicts with the current documentation, this contradiction
  was discussed and it was decided to update the documentation).
  
  The max_length of such a function call was calculated as a
  maximum of argument max_length values (i.e. UINT_MAX32).
  
  That max_length value of UINT_MAX32 was used as a length for
  the intermediate temporary table Field_double to hold
  GREATEST/LEAST function result.
  
  The Field_double::val_str() method call on that field
  allocates a String value.
  
  Since an allocation of String reserves an additional byte
  for a zero-termination, the size of String buffer was
  set to (UINT_MAX32 + 1), that caused an integer overflow:
  actually, an empty buffer of size 0 was allocated.
  
  An initialization of the "first" byte of that zero-size
  buffer with '\0' caused a crash.
  
  The Item_func_min_max::fix_length_and_dec() has been
  modified to calculate max_length for the REAL result like
  we do it for arithmetical operators.
------------------------------------------------------------
revno: 3468
committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
branch nick: mysql-5.1-security
timestamp: Fri 2010-07-23 15:52:54 +0400
message:
  Bug #54476: crash when group_concat and 'with rollup' in
                       prepared statements
  
  Using GROUP_CONCAT() together with the WITH ROLLUP modifier
  could crash the server.
  
  The reason was a combination of several facts:
  
  1. The Item_func_group_concat class stores pointers to ORDER
  objects representing the columns in the ORDER BY clause of
  GROUP_CONCAT().
  
  2. find_order_in_list() called from
  Item_func_group_concat::setup() modifies the ORDER objects so
  that their 'item' member points to the arguments list
  allocated in the Item_func_group_concat constructor.
  
  3. In some cases (e.g. in JOIN::rollup_make_fields) a copy of
  the original Item_func_group_concat object could be created by
  using the Item_func_group_concat::Item_func_group_concat(THD
  *thd, Item_func_group_concat *item) copy constructor. The
  latter essentially creates a shallow copy of the source
  object. Memory for the arguments array is allocated on
  thd->mem_root, but the pointers for arguments and ORDER are
  copied verbatim.
  
  What happens in the test case is that when executing the query
  for the first time, after a copy of the original
  Item_func_group_concat object has been created by
  JOIN::rollup_make_fields(), find_order_in_list() is called for
  this new object. It then resolves ORDER BY by modifying the
  ORDER objects so that they point to elements of the arguments
  array which is local to the cloned object. When thd->mem_root
  is freed upon completing the execution, pointers in the ORDER
  objects become invalid. Those ORDER objects, however, are also
  shared with the original Item_func_group_concat object which is
  preserved between executions of a prepared statement. So the
  first call to find_order_in_list() for the original object on
  the second execution tries to dereference an invalid pointer.
  
  The solution is to create copies of the ORDER objects when
  copying Item_func_group_concat to not leave any stale pointers
  in other instances with different lifecycles.
------------------------------------------------------------
revno: 3467 [merge]
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
branch nick: merge-5.1-security
timestamp: Wed 2010-07-21 18:56:48 +0300
message:
  merge
    ------------------------------------------------------------
    revno: 1810.3987.34 [merge]
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: merge-5.0-security
    timestamp: Wed 2010-07-21 18:49:24 +0300
    message:
      merge
------------------------------------------------------------
revno: 3466 [merge]
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
branch nick: merge-5.1-security
timestamp: Wed 2010-07-21 18:54:11 +0300
message:
  merge
    ------------------------------------------------------------
    revno: 3457.1.42 [merge]
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: merge-5.1-bugteam
    timestamp: Wed 2010-07-21 18:36:10 +0300
    message:
      merge
        ------------------------------------------------------------
        revno: 1810.3995.3 [merge]
        committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
        branch nick: merge-5.0-bugteam
        timestamp: Wed 2010-07-21 18:31:28 +0300
        message:
          merge
    ------------------------------------------------------------
    revno: 3457.1.41 [merge]
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: merge-5.1-bugteam
    timestamp: Wed 2010-07-21 18:34:20 +0300
    message:
      merge
    ------------------------------------------------------------
    revno: 3457.1.40
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: fix-5.1-bugteam
    timestamp: Wed 2010-07-21 18:05:57 +0300
    message:
      Addendum #4 to bug #53095
      
      SHOW DATABASES LIKE ... was not converting to lowercase on comparison as the
      documentation is suggesting. 
      Fixed it to behave similarly to SHOW TABLES LIKE ... and updated the failing
      on MacOSX lowercase_table2 test case.
    ------------------------------------------------------------
    revno: 3457.1.39 [merge]
    committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Wed 2010-07-21 14:14:11 +0400
    message:
      Automerge.
        ------------------------------------------------------------
        revno: 3457.3.1
        committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
        branch nick: 55061-5.1-bugteam
        timestamp: Mon 2010-07-12 18:58:55 +0400
        message:
          Bug#55061: Build failing on sol 8 x86 - assembler code vs 
                     compiler problem
          
          GCC-style inline assembly is not supported by the Sun Studio
          compilers prior to version 12.
          
          Added a check for the Sun Studio version to avoid using 
          _FPU_GETCW() / _FPU_SETCW() when inline assembly is
           unsupported. This can lead to some differences in floating
          point calculations on Solaris 8/x86 which, however, is not worth
          bothering with Sun-style assembly .il templates.
    ------------------------------------------------------------
    revno: 3457.1.38
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: 45288-5.1
    timestamp: Tue 2010-07-20 15:07:36 -0300
    message:
      Bug#45288: pb2 returns a lot of compilation warnings on linux
      
      Fix warnings flagged by the new warning option -Wunused-but-set-variable
      that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
      option causes a warning whenever a local variable is assigned to but is
      later unused. It also warns about meaningless pointer dereferences.
    ------------------------------------------------------------
    revno: 3457.1.37
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: 52514-5.1
    timestamp: Tue 2010-07-20 14:44:29 -0300
    message:
      Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5
                 due to GCC preprocessor change
            
      The problem is that newer GCC versions treats missing headers
      as fatal errors. The solution is to use a guard macro to prevent
      the inclusion of system headers when checking the ABI with the
      C Preprocessor.
      
      Reference: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15638
                 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44836
    ------------------------------------------------------------
    revno: 3457.1.36
    committer: Davi Arnaut <davi.arnaut@oracle.com>
    branch nick: 54453-5.1
    timestamp: Tue 2010-07-20 14:36:15 -0300
    message:
      Bug#54453: Failing assertion: trx->active_trans when renaming a
                 table with active trx
      
      Essentially, the problem is that InnoDB does a implicit commit
      when a cursor (table handler) is unlocked/closed, creating
      a dissonance between the transaction state within the server
      layer and the storage engine layer. Theoretically, a statement
      transaction can encompass several table instances in a similar
      manner to a multiple statement transaction, hence it does not
      make sense to limit a statement transaction to the lifetime of
      the table instances (cursors) used within it.
      
      Since this particular instance of the problem is only triggerable
      on 5.1 and is masked on 5.5 due 2PC being skipped (assertion is in
      the prepare phase of a 2PC), the solution (which is less risky) is
      to explicitly end the transaction before the cached table is unlock
      on rename table.
      
      The patch is to be null merged into trunk.
    ------------------------------------------------------------
    revno: 3457.1.35 [merge]
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Mon 2010-07-19 15:34:28 -0300
    message:
      Merge of mysql-5.1 into mysql-5.1-bugteam.
    ------------------------------------------------------------
    revno: 3457.1.34
    committer: Jon Olav Hauglid <jon.hauglid@oracle.com>
    branch nick: mysql-5.1-bugteam-bug54734
    timestamp: Mon 2010-07-19 11:03:52 +0200
    message:
      Bug #54734 assert in Diagnostics_area::set_ok_status
      
      This assert checks that the server does not try to send OK to the
      client if there has been some error during processing. This is done
      to make sure that the error is in fact sent to the client.
      
      The problem was that view errors during processing of WHERE conditions
      in UPDATE statements where not detected by the update code. It therefore
      tried to send OK to the client, triggering the assert.
      The bug was only noticeable in debug builds.
      
      This patch fixes the problem by making sure that the update code
      checks for errors during condition processing and acts accordingly.
    ------------------------------------------------------------
    revno: 3457.1.33
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-16 14:33:35 -0300
    message:
      Bug#48327: Some crashes specific to FreeBSD ("embedded")
      Bug#47139: Test "merge" crashes in "embedded" run
      
      Backport patch for Bug#47139
    ------------------------------------------------------------
    revno: 3457.1.32
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: fix-5.1-bugteam
    timestamp: Fri 2010-07-16 16:56:33 +0300
    message:
      Addendum to bug #53814 : test results updates
    ------------------------------------------------------------
    revno: 3457.1.31
    committer: Ramil Kalimullin <ramil@mysql.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-16 11:15:22 +0400
    message:
      Fix for bug #50667: The InnoDB plugin prevents initialization
      of the "embedded" server
      
      Problem: mysqltest_embedded failed to load ha_innodb_plugin library
      on some platforms (due to some unresolved references).
      
      Fix: on FreeBSD use -export-dynamic flag building mysqltest_embedded.
      That allows to use its global symbols to resolve references in the
      dynamically loaded plugin library.
    ------------------------------------------------------------
    revno: 3457.1.30
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B53814-5.1-bugteam
    timestamp: Wed 2010-06-23 19:25:31 +0300
    message:
      Bug #53814: NUMERIC_PRECISION for unsigned bigint field is 19, 
      should be 20
      
      Fixed the numeric precision of the unsigned BIGINT column to 
      be 20 instead of 19.
    ------------------------------------------------------------
    revno: 3457.1.29 [merge]
    committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Thu 2010-07-15 17:01:44 +0400
    message:
      Manual merge.
        ------------------------------------------------------------
        revno: 1810.3995.2
        committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
        branch nick: mysql-5.0-bugteam
        timestamp: Thu 2010-07-15 10:10:16 +0400
        message:
          Backport of the fix for bug#25421 to 5.0.
          
          Calculating the estimated number of records for a range scan
          may take a significant time, and it was impossible for a user
          to interrupt that process by killing the connection or the
          query.
          
          Fixed by checking the thread's 'killed' status in
          check_quick_keys() and interrupting the calculation process if
          it is set to a non-zero value.
    ------------------------------------------------------------
    revno: 3457.1.28 [merge]
    committer: Alexey Kopytov <Alexey.Kopytov@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Thu 2010-07-15 16:39:48 +0400
    message:
      Null merge.
        ------------------------------------------------------------
        revno: 1810.3995.1
        committer: Vasil Dimov <vasil.dimov@oracle.com>
        branch nick: mysql-5.0-bugteam
        timestamp: Wed 2010-07-07 20:13:53 +0300
        message:
          Merge the fix for Bug#49238 from SVN
          (without the unrelated whitespace changes):
          
            ------------------------------------------------------------------------
            r7009 | jyang | 2010-04-29 20:44:56 +0300 (Thu, 29 Apr 2010) | 6 lines
            
            branches/5.0: Port fix for bug #49238 (Creating/Dropping a temporary
            table while at 1023 transactions will cause assert) from 5.1 to
            branches/5.1. Separate action for return value DB_TOO_MANY_CONCURRENT_TRXS
            from that of DB_MUST_GET_MORE_FILE_SPACE in row_drop_table_for_mysql().
            
            
            ------------------------------------------------------------------------
    ------------------------------------------------------------
    revno: 3457.1.27
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Wed 2010-07-14 16:39:40 -0300
    message:
      Bug#42733: Type-punning warnings when compiling MySQL --
                 strict aliasing violations.
      
      Post-merge fix: include my_compiler.h before my_attribute.h
      as the latter will undef __attribute__ if the compiler is not
      GCC. Based on the compiler version, in my_compiler.h we know
      for sure whether the aligned attribute is supported. Furthermore,
      undefining attribute might cause bugs if some system header
      uses it.
    ------------------------------------------------------------
    revno: 3457.1.26
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 42733-5.1
    timestamp: Wed 2010-07-14 09:27:13 -0300
    message:
      Bug#42733: Type-punning warnings when compiling MySQL --
                 strict aliasing violations.
      
      Another rather noisy violation of strict aliasing rules
      is the spatial code which makes use of stack-based memory
      (of type Geometry_buffer) to provide placement for Geometry
      objects. Although a placement new is allowed to dynamically
      change the type of a object, the object returned by the
      new placement was being ignored and the original stack-based
      object was being casted to the new type, thus violating strict
      aliasing rules.
      
      The solution is to reorganize the code so that the object
      returned by the new placement is used instead of casting the
      original object. Also, to ensure that the stack-based object
      is properly aligned with respect to the objects it provides
      placement for, a set of compiler-dependent macros and types
      are introduced so that the alignment of objects can be inquired
      and specified.
    ------------------------------------------------------------
    revno: 3457.1.25
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 48327-5.1
    timestamp: Wed 2010-07-14 10:10:12 -0300
    message:
      Bug#48327: Some crashes specific to FreeBSD ("embedded")
      
      Backport fixes from ndb: Rework the constructors of some static
      object's to not call dbug functions since the constructors will
      be called before main, and consequently, before the dbug library
      is initialized.
    ------------------------------------------------------------
    revno: 3457.1.24
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B51876-5.1-bugteam
    timestamp: Wed 2010-07-14 14:54:51 +0300
    message:
      Bug #51876: crash/memory underrun when loading data with ucs2
      and reverse() function
            
      3 problems fixed : 
      1. The reported problem : caused by incorrect parsing of 
      the file as ucs data resulting in wrong length of the parsed
      string. Fixed by truncating the invalid trailing bytes 
      (non-complete multibyte characters) when reading from the file
      2. LOAD DATA when reading from a proper UCS2 file wasn't 
      recognizing the new line characters. Fixed by first looking 
      if a byte is a new line (or any other special) character before
      reading it as a part of a multibyte character.
      3. When using user variables to hold the column data in LOAD
      DATA the character set of the user variable was set incorrectly
      to the database charset. Fixed by setting it to the charset
      specified by LOAD DATA (if any). 
    ------------------------------------------------------------
    revno: 3457.1.23
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B53493-5.1-bugteam
    timestamp: Wed 2010-07-14 11:50:17 +0300
    message:
      Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR
      
      bytes_received/bytes_sent are ulonglong so they cannot be handled by the 
      ulong handling code in add_to_status/add_diff_to_status().
      
      Fixed by adding code to handle these two variables in 
      add_to_status()/add_diff_to_status() and making sure they are not a subject
      to the ulong handling code.
    ------------------------------------------------------------
    revno: 3457.1.22
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B54004-5.1-bugteam
    timestamp: Wed 2010-07-14 13:53:49 +0300
    message:
      Bug #54004 : mysql_secure_installation identifies "local host" incorrectly
      
      The removal of non-local root users is overzealous in
      mysql_secure_installation. (Bug #54004)
    ------------------------------------------------------------
    revno: 3457.1.21
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B52274-5.1-bugteam
    timestamp: Fri 2010-07-09 14:11:12 +0300
    message:
      Bug #52274 : Missing path to mysql in mysql_secure_installation
            
      Added some code to try to find the mysql command line in the most 
      common places and stop if it's not there.
    ------------------------------------------------------------
    revno: 3457.1.20
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-09 16:37:52 -0300
    message:
      Use UNINIT_VAR workaround instead of LINT_INIT.
    ------------------------------------------------------------
    revno: 3457.1.19 [merge]
    committer: Mattias Jonsson <mattias.jonsson@oracle.com>
    branch nick: topush-51-bugteam
    timestamp: Fri 2010-07-09 15:00:33 +0200
    message:
      merge
        ------------------------------------------------------------
        revno: 3392.5.1
        committer: Mattias Jonsson <mattias.jonsson@oracle.com>
        branch nick: b52517-51-bugteam
        timestamp: Fri 2010-07-09 13:15:26 +0200
        message:
          Bug#52517: Regression in ROW level replication performance with partitions
          
          In bug-28430 HA_PRIMARY_KEY_REQUIRED_FOR_POSITION
          was disabled in the partitioning engine in the first patch,
          That bug was later fixed a second time, but that flag
          was not removed.
          
          No need to disable this flag, as it leads to bad
          choise in row replication.
    ------------------------------------------------------------
    revno: 3457.1.18 [merge]
    committer: Mattias Jonsson <mattias.jonsson@oracle.com>
    branch nick: topush-51-bugteam
    timestamp: Fri 2010-07-09 14:59:40 +0200
    message:
      merge
        ------------------------------------------------------------
        revno: 3457.2.1
        committer: Mattias Jonsson <mattias.jonsson@oracle.com>
        branch nick: b52455-51-bt
        timestamp: Fri 2010-07-09 01:09:31 +0200
        message:
          Bug#52455: Subpar INSERT ON DUPLICATE KEY UPDATE performance with many partitions
          
          The handler function for reading one row from a specific index
          was not optimized in the partitioning handler since it
          used the default implementation.
          
          No test case since it is performance only, verified by hand.
    ------------------------------------------------------------
    revno: 3457.1.17
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-09 09:51:21 -0300
    message:
      Remove AC_LANG_WERROR, it causes trouble earlier versions
      of autoconf and is not strictly needed for now.
    ------------------------------------------------------------
    revno: 3457.1.16
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: fix-5.1-bugteam
    timestamp: Fri 2010-07-09 15:17:47 +0300
    message:
      Addendum #2 to bug #53095 : fixed a bad testcase result.
    ------------------------------------------------------------
    revno: 3457.1.15
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 53445-5.1
    timestamp: Fri 2010-07-09 09:00:17 -0300
    message:
      Bug#45288: pb2 returns a lot of compilation warnings on linux
      
      Although the C standard mandates that sprintf return the number
      of bytes written, some very ancient systems (i.e. SunOS 4)
      returned a pointer to the buffer instead. Since these systems
      are not supported anymore and are hopefully long dead by now,
      simply remove the portability wrapper that dealt with this
      discrepancy. The autoconf check was causing trouble with GCC.
    ------------------------------------------------------------
    revno: 3457.1.14
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 53445-5.1
    timestamp: Fri 2010-07-09 08:37:51 -0300
    message:
      Bug#53445: Build with -Wall and fix warnings that it generates
      
      Introduce a MySQL maintainer/developer mode that enables
      a set of warning options for the C/C++ compiler. This mode
      is intended to help improve the overall quality of the code.
      
      The warning options are:
      
      C_WARNINGS="-Wall -Wextra -Wunused -Wwrite-strings -Werror"
      CXX_WARNINGS="$C_WARNINGS -Wno-unused-parameter"
      
      Since -Wall is essentially a moving target, autoconf checks
      are not run with warning options enabled, in particualr -Werror.
      This decision might be revisited in the future. The patch also
      fixes a mistake in the makefiles, where automake CXXFLAGS would
      be set to CFLAGS.
    ------------------------------------------------------------
    revno: 3457.1.13
    committer: Sergey Glukhov <Sergey.Glukhov@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-09 14:39:47 +0400
    message:
      Bug#54416 MAX from JOIN with HAVING returning NULL with 5.1 and Empty set
      The problem there is that HAVING condition evaluates const
      parts of condition despite the condition has references
      on aggregate functions. Table t1 became const tables
      after make_join_statistics and table1.pk = 1, HAVING is
      transformed into MAX(1) < 7 and taken away from HAVING.
      The fix is to skip evaluation of HAVING conts parts if
      HAVING condition has references on aggregate functions.
    ------------------------------------------------------------
    revno: 3457.1.12
    committer: <Li-Bing.Song@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Thu 2010-07-08 10:44:26 +0800
    message:
      Postfix bug#48321
      Fix the memory leak
    ------------------------------------------------------------
    revno: 3457.1.11
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: fix-5.1-bugteam
    timestamp: Wed 2010-07-07 12:15:58 +0300
    message:
      Addendum to the fix for bug #53095 (failing information_schema.test on windows)
      
      Since the original fix for this bug lowercases the search pattern it's not a 
      good idea to copy the search pattern to the output instead of the real table 
      name found (since, depending on the case mode these two names may differ in 
      case).
      Fixed the infrmation_schema.test failure by making sure the actual table 
      name of an inoformation schema table is passed instead of the lookup pattern
      even when the pattern doesn't contain wildcards.
    ------------------------------------------------------------
    revno: 3457.1.10
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Tue 2010-07-06 19:31:54 -0300
    message:
      Fix what is probably the result of a bad merge. No functional change.
    ------------------------------------------------------------
    revno: 3457.1.9
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 52514-5.1
    timestamp: Tue 2010-07-06 15:36:31 -0300
    message:
      Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5
                 due to GCC preprocessor change
      
      Temporary workaround: disable abi_check if GCC >= 4.5
    ------------------------------------------------------------
    revno: 3457.1.8
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 22320-5.1
    timestamp: Mon 2010-07-05 09:00:39 -0300
    message:
      Bug#22320: my_atomic-t unit test fails
      
      The atomic operations implementation on 5.1 has a few problems,
      which might cause tests to abort randomly. Since no code in 5.1
      uses atomic operations, simply remove the code.
    ------------------------------------------------------------
    revno: 3457.1.7
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B53613-5.1-bugteam
    timestamp: Thu 2010-07-01 12:05:09 +0300
    message:
      Bug #53613: mysql_upgrade incorrectly revokes TRIGGER privilege on given table
      
      Fixed an incomplete historical ALTER TABLE MODIFY trimming the trigger 
      privilege bit from mysql.tables_priv.Table_priv column.
      Removed the duplicate ALTER TABLE MODIFY.
      Test suite added.
    ------------------------------------------------------------
    revno: 3457.1.6
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: B53095-5.1-bugteam
    timestamp: Fri 2010-06-25 15:59:44 +0300
    message:
      Bug #53095: SELECT column_name FROM INFORMATION_SCHEMA.STATISTICS 
      returns nothing
            
      When looking for table or database names inside INFORMATION_SCHEMA
      we must convert the table and database names to lowercase (just as it's
      done in the rest of the server) when lowercase_table_names is non-zero.
      This will allow us to find the same tables that we would find if there
      is no condition.
      
      Fixed by converting to lower case when extracting the database and 
      table name conditions.
      Test case added.
    ------------------------------------------------------------
    revno: 3457.1.5
    committer: <Li-Bing.Song@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Sun 2010-07-04 16:17:53 +0800
    message:
      Postfix for bug#48321
      Some test cases set ANSI_QUOTES in sql_mode.
      So we have to use single quotes to quote literal strings.
    ------------------------------------------------------------
    revno: 3457.1.4
    committer: <Li-Bing.Song@sun.com>
    branch nick: mysql-5.1-bugteam
    timestamp: Sun 2010-07-04 12:02:49 +0800
    message:
      The following statements support the CURRENT_USER() where a user is needed.
      DROP USER 
      RENAME USER CURRENT_USER() ...
      GRANT ... TO CURRENT_USER()
      REVOKE ... FROM CURRENT_USER()
      ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged
      as 'CURRENT_USER()', it is not expanded to the real user name. When slave 
      executes the log event, 'CURRENT_USER()' is expand to the user of slave 
      SQL thread, but SQL thread's user name always NULL. This breaks the replication.
      
      After this patch, session's user will be written into query log events 
      if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer.
    ------------------------------------------------------------
    revno: 3457.1.3
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Sat 2010-07-03 10:20:05 -0300
    message:
      Fix somewhat bogus GCC warning. Although needless as the base
      class is mostly empty, initialize the base class explicitly in
      the copy constructor.
    ------------------------------------------------------------
    revno: 3457.1.2
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: mysql-5.1-bugteam
    timestamp: Fri 2010-07-02 18:42:32 -0300
    message:
      Bug#53445: Build with -Wall and fix warnings that it generates
      
      If bzero is not available, resort to memset. Also, remove dead
      bzero.c
    ------------------------------------------------------------
    revno: 3457.1.1
    committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
    branch nick: 53445-5.1
    timestamp: Fri 2010-07-02 15:30:47 -0300
    message:
      Bug#53445: Build with -Wall and fix warnings that it generates
      
      Apart strict-aliasing warnings, fix the remaining warnings
      generated by GCC 4.4.4 -Wall and -Wextra flags.
      
      One major source of warnings was the in-house function my_bcmp
      which (unconventionally) took pointers to unsigned characters
      as the byte sequences to be compared. Since my_bcmp and bcmp
      are deprecated functions whose only difference with memcmp is
      the return value, every use of the function is replaced with
      memcmp as the special return value wasn't actually being used
      by any caller.
      
      There were also various other warnings, mostly due to type
      mismatches, missing return values, missing prototypes, dead
      code (unreachable) and ignored return values.
------------------------------------------------------------
revno: 3465 [merge]
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
branch nick: merge-5.1-security
timestamp: Wed 2010-07-21 18:51:36 +0300
message:
  merge
    ------------------------------------------------------------
    revno: 3461.1.5 [merge]
    committer: Joerg Bruehe <joerg@mysql.com>
    branch nick: mysql-5.1
    timestamp: Wed 2010-07-21 12:09:50 +0200
    message:
      Merge the version number increase (5.1.49 -> 5.1.50) into the main tree.
    ------------------------------------------------------------
    revno: 3461.1.4
    committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
    branch nick: mysql-5.1
    timestamp: Mon 2010-07-19 17:47:17 +0300
    message:
      fix tree names
    ------------------------------------------------------------
    revno: 3461.1.3 [merge]
    committer: MySQL Build Team <build@mysql.com>
    branch nick: mysql-5.1.49-release
    timestamp: Mon 2010-07-19 16:30:34 +0200
    message:
      5.1.49 push to mysql-5.1
        ------------------------------------------------------------
        revno: 3408.1.3 [merge]
        author: karen.langford@sun.com
        committer: sunanda <sunanda.menon@sun.com>
        branch nick: mysql-5.1
        timestamp: Thu 2010-07-08 20:46:26 +0200
        message:
          Null-merge from mysql-5.1.46sp1-release
            ------------------------------------------------------------
            revno: 3351.58.14
            tags: mysql-5.1.46sp1
            committer: sunanda <sunanda.menon@sun.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Wed 2010-06-23 12:22:05 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3392.1.1
              > revision-id: gshchepa@mysql.com-20100521184732-0jvpzinv0uwyvr2d
              > parent: sven.sandberg@sun.com-20100520153801-yyhujm1qqa4eyfn0
              > committer: Gleb Shchepa <gshchepa@mysql.com>
              > branch nick: 53804-5.1
              > timestamp: Fri 2010-05-21 22:47:32 +0400
              > message:
              >   Bug #53804: serious flaws in the alter database .. upgrade
              >               data directory name command
              >   
              >   The check_db_name function has been modified to validate tails of
              >   #mysql50#-prefixed database names for compliance with MySQL 5.0
              >   database name encoding rules (the check_table_name function call
              >   has been reused).
            ------------------------------------------------------------
            revno: 3351.58.13
            committer: sunanda <sunanda.menon@sun.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Wed 2010-06-23 12:14:23 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3386
              > revision-id: sergey.glukhov@sun.com-20100518082821-yajhvbv1ghmlpu1n
              > parent: aelkin@mysql.com-20100516170332-x8priwrdjwolc065
              > committer: Sergey Glukhov <Sergey.Glukhov@sun.com>
              > branch nick: mysql-5.1-bugteam
              > timestamp: Tue 2010-05-18 13:28:21 +0500
              > message:
              >   Bug#48729 SELECT ... FROM INFORMATION_SCHEMA.ROUTINES causes memory to grow
              >   Analysis showed that in case of accessing I_S table
              >   ROUTINES we perform unnecessary allocations
              >   with get_field() function for every processed row that
              >   in their turn causes significant memory growth.
              >   the fix is to avoid use of get_field().
            ------------------------------------------------------------
            revno: 3351.58.12
            committer: sunanda <sunanda.menon@sun.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Wed 2010-06-23 12:03:22 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3367 [merge]
              > revision-id: joro@sun.com-20100504140328-srxf3c088j2twnq6
              > parent: kristofer.pettersson@sun.com-20100503172109-f9hracq5pqsaomb1
              > parent: joro@sun.com-20100503151651-nakknn8amrapmdp7
              > committer: Georgi Kodinov <joro@sun.com>
              > branch nick: B53371-5.1-bugteam
              > timestamp: Tue 2010-05-04 17:03:28 +0300
              > message:
              >   Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
              >   
              >   This is the 5.1 merge and extension of the fix.
              >   The server was happily accepting paths in table name in all places a table
              >   name is accepted (e.g. a SELECT). This allowed all users that have some 
              >   privilege over some database to read all tables in all databases in all
              >   mysql server instances that the server file system has access to.
              >   Fixed by :
              >   1. making sure no path elements are allowed in quoted table name when
              >   constructing the path (note that the path symbols are still valid in table names
              >   when they're properly escaped by the server).
              >   2. checking the #mysql50# prefixed names the same way they're checked for
              >   path elements in mysql-5.0.
              > ------------------------------------------------------------
              > Use --include-merges or -n0 to see merged revisions.
            ------------------------------------------------------------
            revno: 3351.58.11
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 22:53:01 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.41.1
              > revision-id: alexey.kopytov@sun.com-20100430111048-jdls6ofn4kkmpt09
              > parent: sergey.glukhov@sun.com-20100329134249-03wyhzp5k92dzhcb
              > committer: Alexey Kopytov <Alexey.Kopytov@Sun.com>
              > branch nick: my51-bug48419
              > timestamp: Fri 2010-04-30 15:10:48 +0400
              > message:
              >   Bug #48419: another explain crash..
              >   
              >   WHERE predicates containing references to empty tables in a
              >   subquery were handled incorrectly by the optimizer when
              >   executing EXPLAIN. As a result, the optimizer could try to
              >   evaluate such predicates rather than just stop with
              >   "Impossible WHERE noticed after reading const tables" as 
              >   it would do in a non-subquery case. This led to valgrind 
              >   errors and crashes.
              >   
              >   Fixed the code checking the above condition so that subqueries
              >   are not excluded and hence are handled in the same way as top
              >   level SELECTs.
            ------------------------------------------------------------
            revno: 3351.58.10
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 22:51:35 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 1810.3987.14
              > revision-id: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22
              > parent: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142
              > committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
              > branch nick: 50974-5.0
              > timestamp: Thu 2010-04-29 10:28:16 -0300
              > message:
              >   Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely.
              >   
              >   The server could be tricked to read packets indefinitely if it
              >   received a packet larger than the maximum size of one packet.
              >   This problem is aggravated by the fact that it can be triggered
              >   before authentication.
              >   
              >   The solution is to no skip big packets for non-authenticated
              >   sessions. If a big packet is sent before a session is authen-
              >   ticated, a error is returned and the connection is closed.
              
              > ------------------------------------------------------------
              > revno: 3363 [merge]
              > revision-id: davi.arnaut@sun.com-20100429231819-i3anwzrdasjmezvt
              > parent: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs
              > parent: davi.arnaut@sun.com-20100429132816-ictyul6d75itek22
              > committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
              > branch nick: mysql-5.1-bugteam
              > timestamp: Thu 2010-04-29 20:18:19 -0300
              > message:
              >   Manual merge.
              > ------------------------------------------------------------
              > Use --include-merges or -n0 to see merged revisions.
            ------------------------------------------------------------
            revno: 3351.58.9
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 22:34:48 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 1810.3987.13
              > revision-id: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142
              > parent: alexey.kopytov@sun.com-20100426200600-op06qy98llzpzgl1
              > committer: Ramil Kalimullin <ramil@mysql.com>
              > branch nick: b53237-5.0-bugteam
              > timestamp: Thu 2010-04-29 08:42:32 +0400
              > message:
              >   Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
              >   
              >   Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
              >   SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
              >   checked for sanity. By sending long data for the table a buffer is overflown, which can
              >   be used deliberately to include code that harms".
              >   
              >   Fix: check incoming data length.
              
              The patch did not apply cleanly:
              - Line numbers are completely off, roughly it is 2030 -> 1313
              - What is called "pend" in the patch, is "arg_end" in the source.
            ------------------------------------------------------------
            revno: 3351.58.8
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 22:09:31 +0200
            message:
              Backport into 5.1.46sp1:
              
              > revno: 3351.14.56
              > committer: Marko Mdkeld <marko.makela@oracle.com>
              > branch nick: 5.1-innodb
              > timestamp: Mon 2010-04-26 14:08:56 +0300
              > message:
              >   Add a test case for Bug #52745.
            ------------------------------------------------------------
            revno: 3351.58.7
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:59:35 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.14.47
              > revision-id: marko.makela@oracle.com-20100421095033-0acvzxb8um8cms0a
              > parent: marko.makela@oracle.com-20100421094032-ir4glqk46qvg2ywn
              > committer: Marko Mkel <marko.makela@oracle.com>
              > branch nick: 5.1-innodb
              > timestamp: Wed 2010-04-21 12:50:33 +0300
              > message:
              >   dtuple_convert_big_rec(): Store locally any fields whose maximum length
              >   is less than 256 bytes. (Bug #52745)
              >   Add related comments and debug assertions to the "offsets"
              >   functions in rem0rec.c.
              >   Approved by Sunny Bains
            ------------------------------------------------------------
            revno: 3351.58.6
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:56:18 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.47.2
              > revision-id: marko.makela@oracle.com-20100511104910-nim8kgguawpis7zo
              > parent: marko.makela@oracle.com-20100511104500-c6kzd0bg5s42p8e9
              > committer: Marko Mkel <marko.makela@oracle.com>
              > branch nick: mysql-5.1-innodb2
              > timestamp: Tue 2010-05-11 13:49:10 +0300
              > message:
              >   btr_page_split_and_insert(): Add an assertion
              >   suggested by Sunny Bains when reviewing Bug #52964.
            ------------------------------------------------------------
            revno: 3351.58.5
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:54:41 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.47.1
              > revision-id: marko.makela@oracle.com-20100511104500-c6kzd0bg5s42p8e9
              > parent: vasil.dimov@oracle.com-20100510132852-cz457uqvj8iiy9mm
              > committer: Marko Mkel <marko.makela@oracle.com>
              > branch nick: mysql-5.1-innodb2
              > timestamp: Tue 2010-05-11 13:45:00 +0300
              > message:
              >   Remove a stray expression. Spotted by Sunny Bains.
            ------------------------------------------------------------
            revno: 3351.58.4
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:52:43 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.14.74
              > revision-id: marko.makela@oracle.com-20100504093128-44v6glupe1dsh0ug
              > parent: marko.makela@oracle.com-20100503122859-k73bl51re93o0mt4
              > committer: Marko Mkel <marko.makela@oracle.com>
              > branch nick: 5.1-innodb
              > timestamp: Tue 2010-05-04 12:31:28 +0300
              > message:
              >   btr_page_split_and_insert(): Correct the fix of Bug #52964.
              >   When split_rec==NULL, choose the correct node pointer key (first_rec).
            ------------------------------------------------------------
            revno: 3351.58.3
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:50:47 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3351.14.50
              > revision-id: marko.makela@oracle.com-20100421185359-8qaxoa2yyrpzwdd7
              > parent: marko.makela@oracle.com-20100421102723-0i80uezbyu0ekj5d
              > committer: Marko Mkel <marko.makela@oracle.com>
              > branch nick: 5.1-innodb
              > timestamp: Wed 2010-04-21 21:53:59 +0300
              > message:
              >   btr_page_split_and_insert(): Avoid an infinite loop. (Bug #52964)
              >   
              >   btr_page_tuple_smaller(): New function, refactored from
              >   btr_page_split_and_insert().
              >   
              >   btr_page_get_split_rec(): Renamed from btr_page_get_sure_split_rec().
              >   Note that a NULL return may mean that the tuple is to be inserted into
              >   either the lower or upper page, to be determined by btr_page_tuple_smaller().
              >   
              >   btr_page_split_and_insert(): When btr_page_get_split_rec() returns NULL,
              >   invoke btr_page_tuple_smaller() to determine which half-page the tuple
              >   belongs to.
              >   
              >   Reviewed by Sunny Bains
            ------------------------------------------------------------
            revno: 3351.58.2
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 21:42:14 +0200
            message:
              Backport into build-201006221614-5.1.46sp1
              
              > ------------------------------------------------------------
              > revno: 3362
              > revision-id: davi.arnaut@sun.com-20100401131522-895y8uzvv8ag44gs
              > parent: ramil@mysql.com-20100429045409-r7r5lcyiruis15v7
              > committer: Davi Arnaut <Davi.Arnaut@Sun.COM>
              > branch nick: 50755-5.1
              > timestamp: Thu 2010-04-01 10:15:22 -0300
              > message:
              >   Bug#50755: Crash if stored routine def contains version comments
              >   
              >   The problem was that a syntactically invalid trigger could cause
              >   the server to crash when trying to list triggers. The crash would
              >   happen due to a mishap in the backup/restore procedure that should
              >   protect parser items which are not associated with the trigger. The
              >   backup/restore is used to isolate the parse tree (and context) of
              >   a statement from the load (and parsing) of a trigger. In this case,
              >   a error during the parsing of a trigger could cause the improper
              >   backup/restore sequence.
              >   
              >   The solution is to properly restore the original statement context
              >   before the parser is exited due to syntax errors in the trigger body.
            ------------------------------------------------------------
            revno: 3351.58.1
            author: karen.langford@oracle.com
            committer: MySQL Build Team<build@mysql.com>
            branch nick: mysql-5.1.46sp1-release
            timestamp: Tue 2010-06-22 19:21:25 +0200
            message:
              Set version number for mysql-5.1.46sp1 release
    ------------------------------------------------------------
    revno: 3461.1.2
    tags: mysql-5.1.49
    author: karen.langford@oracle.com
    committer: Karen Langford <karen.langford@oracle.com>
    branch nick: mysql-5.1.49-release
    timestamp: Fri 2010-07-09 14:23:48 +0200
    message:
      Fix bug #55039 Failing assertion: space_id > 0 in fil0fil.c.
