mysqldump --single-transaction now uses START TRANSACTION /*!40100 WITH CONSISTENT SNAPSHOT */ rather than BEGIN to start a transaction, so that a consistent snapshot will be used on those servers that support it. (Bug#19660)

For ODBC compatibility, MySQL supports use of WHERE col_name IS NULL for DATE or DATETIME columns that are NOT NULL, to allow column values of '0000-00-00' or '0000-00-00 00:00:00' to be selected. However, this was not working for WHERE clauses in DELETE statements. (Bug#23412)

mysql did not check for errors when fetching data during result set printing. (Bug#22913)

Adding a day, month, or year interval to a DATE value produced a DATE, but adding a week interval produced a DATETIME value. Now all produce a DATE value. (Bug#21811)

For not-yet-authenticated connections, the Time column in SHOW PROCESSLIST was a random value rather than NULL. (Bug#23379)

The Handler_rollback status variable sometimes was incremented when no rollback had taken place. (Bug#22728)

Lack of validation for input and output TIME values resulted in several problems: SEC_TO_TIME() within subqueries incorrectly clipped large values; SEC_TO_TIME() treated BIGINT UNSIGNED values as signed; only truncation warnings were produced when both truncation and out-of-range TIME values occurred. (Bug#11655, Bug#20927)

Range searches on columns with an index prefix could miss records. (Bug#20732)

Transient errors in replication from master to slave may trigger multiple Got fatal error 1236: 'binlog truncated in the middle of event' errors on the slave. (Bug#4053)

If COMPRESS() returned NULL, subsequent invocations of COMPRESS() within a result set or within a trigger also returned NULL. (Bug#23254)

mysql would lose its connection to the server if its standard output was not writable. (Bug#17583)

mysql-test-run did not work correctly for RPM-based installations. (Bug#17194)

The return value from my_seek() was ignored. (Bug#22828)

MySQL would fail to build on the Alpha platform. (Bug#23256)

The mysqld manpage has been reclassified from volume 1 to volume 8. (Bug#21220)

MySQL now can do stack dumps on x86_64 and i386/NPTL systems. (Bug#21250)

The LOAD DATA FROM MASTER and LOAD TABLE FROM MASTER statements are deprecated. See Section 13.6.2.2, LOAD DATA FROM MASTER Syntax, for recommended alternatives. (Bug#18822)

A warning now is issued if the client attempts to set the SQL_LOG_OFF variable without the SUPER privilege. (Bug#16180)

Within a prepared statement, SELECT (COUNT(*) = 1) (or similar use of other aggregate functions) did not return the correct result for statement re-execution. (Bug#21354)

DELETE IGNORE could hang for foreign key parent deletes. (Bug#18819)

Redundant binary log LAST_INSERT_ID events could be generated; LAST_INSERT_ID(expr) didn't return the value of expr; LAST_INSERT_ID() could return the value generated by the current statement if the call happens after value generation, as in:

CREATE TABLE t1 (i INT AUTO_INCREMENT PRIMARY KEY, j INT);
INSERT INTO t1 VALUES (NULL, 0), (NULL, LAST_INSERT_ID());

(Bug#21726)

FROM_UNIXTIME() did not accept arguments up to POWER(2,31)-1, which it had previously. (Bug#9191)

Deleting entries from a large MyISAM index could cause index corruption when it needed to shrink. Deletes from an index can happen when a record is deleted, when a key changes and must be moved, and when a key must be un-inserted because of a duplicate key. This can also happen in REPAIR TABLE when a duplicate key is found and in myisamchk when sorting the records by an index. (Bug#22384)

A literal string in a GROUP BY clause could be interpreted as a column name. (Bug#14019)

WITH ROLLUP could group unequal values. (Bug#20825)

LIKE searches failed for indexed utf8 character columns. (Bug#20471)

The optimizer sometimes mishandled R-tree indexes for GEOMETRY data types, resulting in a server crash. (Bug#21888)

Entries in the slow query log could have an incorrect Rows_examined value. (Bug#12240)

Insufficient memory (myisam_sort_buffer_size) could cause a server crash for several operations: repair table, create index by sort, repair by sort, parallel repair, bulk insert. (Bug#23175)

REPAIR TABLE ... USE_FRM could cause a server crash or hang when used for a table in a database other than the default database. (Bug#22562)

OPTIMIZE TABLE with myisam_repair_threads > 1 could result in table corruption. (Bug#8283)

The result for CAST() when casting a value to UNSIGNED was limited to the maximum signed BIGINT value (9223372036854775808), not the maximum unsigned value (18446744073709551615). (Bug#8663)

For multiple-table UPDATE statements, storage engines were not notified of duplicate-key errors. (Bug#21381)

Successive invocations of a COUNT(*) query containing a join on two MyISAM tables and a WHERE clause of the form WHERE (table1.column1 = table2.column2) OR table2.column2 IS NULL yielded different results. (Bug#21019)

Using ALTER TABLE to add an ENUM column with an enumeration value containing 0xFF caused the name of the first table column to be lost. (Bug#20922)

PROCEDURE ANALYSE() returned incorrect values of M FLOAT(M, D) and DOUBLE(M, D). (Bug#20305)

A query that used GROUP BY and an ALL or ANY quantified subquery in a HAVING clause could trigger an assertion failure. (Bug#21853)

For an ENUM column that used the ucs2 character set, using ALTER TABLE to modify the column definition caused the default value to be lost. (Bug#20108)

Creating a TEMPORARY table with the same name as an existing table that was locked by another client could result in a lock conflict for DROP TEMPORARY TABLE because the server unnecessarily tried to acquire a name lock. (Bug#21096)

Incorporated some portability fixes into the definition of __attribute__ in my_global.h. (Bug#2717)

In the package of pre-built time zone tables that is available for download at http://dev.mysql.com/downloads/timezones.html, the tables now explicitly use the utf8 character set so that they work the same way regardless of the system character set value. (Bug#21208)

The build process incorrectly tried to overwrite sql/lex_hash.h. This caused the build to fail when using a shadow link tree pointing to original sources that were owned by another account. (Bug#18888)

Execution of a prepared statement that uses an IN subquery with aggregate functions in the HAVING clause could cause a server crash. (Bug#22085)

Selecting from a MERGE table could result in a server crash if the underlying tables had fewer indexes than the MERGE table itself. (Bug#21617, Bug#22937)

SUBSTR() results sometimes were stored improperly into a temporary table when multi-byte character sets were used. (Bug#20204)

Parallel builds occasionally failed on Solaris. (Bug#16282)

The source distribution failed to compile when configured with the --without-geometry option. (Bug#12991)

The server returns a more informative error message when it attempts to open a MERGE table that has been defined to use non-MyISAM tables. (Bug#10974)

On Mac OS X, zero-byte read() or write() calls to an SMB-mounted filesystem could return a non-standard return value, leading to data corruption. Now such calls are avoided. (Bug#12620)

For INSERT ... ON DUPLICATE KEY UPDATE, use of VALUES(col_name) within the UPDATE clause sometimes was handled incorrectly. (Bug#21555)

Table aliases in multiple-table DELETE statements sometimes were not resolved. (Bug#21392)

EXPORT_SET() did not accept arguments with coercible character sets. (Bug#21531)

The --collation-server server option was being ignored. With the fix for this problem, if you choose a non-default character set with --character-set-server, you should also use --collation-server to specify the collation. (Bug#15276)

A subquery that uses an index for both the WHERE and ORDER BY clauses produced an empty result. (Bug#21180)

Queries containing a subquery that used aggregate functions could return incorrect results. (Bug#16792)

The MD5(), SHA1(), and ENCRYPT() functions should return a binary string, but the result sometimes was converted to the character set of the argument. MAKE_SET() and EXPORT_SET() now use the correct character set for their default separators, resulting in consistent result strings which can be coerced according to normal character set rules. (Bug#20536)

Use of myisampack or myisamchk on a table with FULLTEXT indexing resulted in table corruption. (Bug#19702)

The optimizer could produce an incorrect result after AND with collations such as latin1_german2_ci, utf8_czech_ci, and utf8_lithianian_ci. (Bug#9509)

character_set_results can be NULL to signify no conversion, but some code did not check for NULL, resulting in a server crash. (Bug#21913)

The myisam_stats_method variable was mishandled when set from an option file or on the command line. (Bug#21054)

libmysqld produced some warnings to stderr which could not be silenced. These warnings now are suppressed. (Bug#13717)

If a column definition contained a character set declaration, but a DEFAULT value began with an introducer, the introducer character set was used as the column character set. (Bug#20695)

Some Linux-x86_64-icc packages (of previous releases) mistakenly contained 32-bit binaries. Only ICC builds are affected, not gcc builds. Solaris and FreeBSD x86_64 builds are not affected. (Bug#22238)

For TIME_FORMAT(), the %H and %k format specifiers can return values larger than two digits (if the hour is greater than 99), but for some query results that contained three-character hours, column values were truncated. (Bug#19844)

For table-format output, mysql did not always calculate columns widths correctly for columns containing multi-byte characters in the column name or contents. (Bug#17939)

Views could not be updated within a stored function or trigger. (Bug#17591)

Usernames have a maximum length of 16 characters (even if they contain multi-byte characters), but were being truncated to 16 bytes. (Bug#20393)

Database and table names have a maximum length of 64 characters (even if they contain multi-byte characters), but were being truncated to 64 bytes. (Bug#21432)

When using tables created under MySQL 4.1 with a 5.0 server, if the tables contained VARCHAR columns, for some queries the metadata sent to the client could have an empty column name. (Bug#14897)

On 64-bit systems, use of the cp1250 character set with a primary key column in a LIKE clause caused a server crash for patterns having letters in the range 128..255. (Bug#19741)

A subquery in the WHERE clause of the outer query and using IN and GROUP BY returned an incorrect result. (Bug#16255)

COUNT(*) queries with ORDER BY and LIMIT could return the wrong result. (Bug#21787)

Note: This problem was introduced by the fix for Bug#9676, which limited the rows stored in a temporary table to the LIMIT clause. This optimization is not applicable to non-group queries with aggregate functions. The current fix disables the optimization in such cases.

Running SHOW MASTER LOGS at the same time as binary log files were being switched would cause mysqld to hang. (Bug#21965)

Adding ORDER BY to a SELECT DISTINCT(expr) query could produce incorrect results. (Bug#21456)

For InnoDB tables, the server could crash when executing NOT IN () subqueries. (Bug#21077)

mysqld --flush failed to flush changes to disk following an UPDATE statement for which no updated column had an index. (Bug#20060)

Setting myisam_repair_threads caused any repair operation on the table to fail to update the cardinality of indexes, instead making them always equal to 1. (Bug#18874)

The --with-collation option was not honored for client connections. (Bug#7192)

NDB Cluster: Attempting to create an NDB table on a MySQL with an existing non-Cluster table with the same name in the same database could result in data loss or corruption. MySQL now issues a warning when a SHOW TABLES or other statement causing table discovery finds such a table. (Bug#21378)

NDB Cluster (NDB API): Attempting to read a nonexistent tuple using Commit mode for NdbTransaction::execute() caused node failures. (Bug#22672)

NDB Cluster: Restoring a cluster failed if there were any tables with 128 or more columns. (Bug#23502)

NDB Cluster: INSERT ... ON DUPLICATE KEY UPDATE on an NDB table could lead to deadlocks and memory leaks. (Bug#23200)

NDB Cluster: If a node restart could not be performed from the REDO log, no node takeover took place. This could cause partitions to be left empty during a system restart. (Bug#22893)

NDB Cluster: Multiple node restarts in rapid succession could cause a system restart to fail (Bug#22892), or induce a race condition (Bug#23210).

NDB Cluster: The node recovery algorithm was missing a version check for tables in the ALTER_TABLE_COMMITTED state (as opposed to the TABLE_ADD_COMMITTED state, which has the version check). This could cause inconsistent schemas across nodes following node recovery. (Bug#21756)

NDB Cluster: The output for the --help option used with NDB executable programs (ndbd, ndb_mgm, ndb_restore, ndb_config, and so on) referred to the Ndb.cfg file, instead of my.cnf. (Bug#21585)

NDB Cluster: The ndb_mgm management client did not set the exit status on errors, always returning 0 instead. (Bug#21530)

NDB Cluster: Cluster logs were not rotated following the first rotation cycle. (Bug#21345)

NDB Cluster: When inserting a row into an NDB table with a duplicate value for a non-primary unique key, the error issued would reference the wrong key. (Bug#21072)

NDB Cluster: Under some circumstances, local checkpointing would hang, keeping any unstarted nodes from being started. (Bug#20895)

NDB Cluster: In some cases where SELECT COUNT(*) from an NDB table should have yielded an error, MAX_INT was returned instead. (Bug#19914)

NDB Cluster: ndb_restore did not always make clear that it had recovered successfully from temporary errors while restoring a cluster backup. (Bug#19651)

NDB Cluster: A problem with takeover during a system restart caused ordered indexes to be rebuilt incorrectly. (Bug#15303)

NDB Cluster: The ndb_mgm program was included in both the MySQL-ndb-tools and MySQL-ndb-management RPM packages, resulting in a conflict if both were installed. Now ndb_mgm is included only in MySQL-ndb-tools. (Bug#21058)

NDB Cluster: ndb_size.pl and ndb_error_reporter were missing from RPM packages. (Bug#20426)

NDB Cluster: Setting TransactionDeadlockDetectionTimeout to a value greater than 12000 would cause scans to deadlock, time out, fail to release scan records, until the cluster ran out of scan records and stopped processing. (Bug#21800)

NDB Cluster: The server provided a non-descriptive error message when encountering a fatally corrupted REDO log. (Bug#21615)

NDB Cluster: A partial rollback could lead to node restart failures. (Bug#21536)

NDB Cluster: The failure of a unique index read due to an invalid schema version could be handled incorrectly in some cases, leading to unpredictable results. (Bug#21384)

NDB Cluster: In a cluster with more than 2 replicas, a manual restart of one of the data nodes could fail and cause the other nodes in its nodegroup to shut down. (Bug#21213)

NDB Cluster: When the redo buffer ran out of space, a Pointer too large error was raised and the cluster could become unusable until restarted with --initial. (Bug#20892)

NDB Cluster: In some situations with a high disk-load, writing of the redo log could hang, causing a crash with the error message GCP STOP detected. (Bug#20904)

NDB Cluster: ndb_size.pl and ndb_error_reporter were missing from RPM packages. (Bug#20426)

NDB Cluster: The server failed with a non-descriptive error message when out of data memory. (Bug#18475)

NDB Cluster: SELECT ... FOR UPDATE failed to lock the selected rows. (Bug#18184)

NDB Cluster: Some queries involving joins on very large NDB tables could crash the MySQL server. (Bug#21059)

Character set collation was ignored in GROUP BY clauses. (Bug#20709)

A query using WHERE column = constant OR column IS NULL did not return consistent results on successive invocations. The column in each part of the WHERE clause could be either the same column, or two different columns, for the effect to be observed. (Bug#21091)

A query using WHERE NOT (column < ANY (subquery)) yielded a different result from the same query using the same column and subquery with WHERE (column > ANY (subquery)). (Bug#20975)

Using the extended syntax for TRIM() that is, TRIM(... FROM ...) caused erroneous output from EXPLAIN EXTENDED statements. (Bug#17526)

DELETE with WHERE condition on a BTREE-indexed column for a MEMORY table deleted only the first matched row. (Bug#9719)

For cross-database multiple-table UPDATE statements, a user with all privileges for the default database could update tables in another database for which the user did not have UPDATE privileges. (Bug#7391)

mysql_install_db incorrectly had a blank first line. (Bug#20721)

Under heavy load (executing more than 1024 simultaneous complex queries), a problem in the code that handles internal temporary tables could lead to writing beyond allocated space and memory corruption. (Bug#21206)

Multiple invocations of the REVERSE() function could return different results. (Bug#18243)

Conversion of TIMESTAMP values between UTC and the local time zone resulted in some values having the year 2069 rather than 1969. (Bug#16327)

Under certain circumstances, AVG(key_val) returned a value but MAX(key_val) returned an empty set due to incorrect application of MIN()/MAX() optimization. (Bug#20954)

Using aggregate functions in subqueries yielded incorrect results under certain circumstances due to incorrect application of MIN()/MAX() optimization. (Bug#20792)

Using > ALL with subqueries that return no rows yielded incorrect results under certain circumstances due to incorrect application of MIN()/MAX() optimization. (Bug#18503)

Using ANY with non-table subqueries such as SELECT 1 yielded incorrect results under certain circumstances due to incorrect application of MIN()/MAX() optimization. (Bug#16302)

The use of WHERE col_name IS NULL in SELECT statements reset the value of LAST_INSERT_ID() to zero. (Bug#14553)

Use of the join cache in favor of an index for ORDER BY operations could cause incorrect result sorting. (Bug#17212)

libmysqld returned TEXT columns to the client as number of bytes, not number of characters (which can be different for multi-byte character sets). (Bug#19983)

For spatial data types, the server formerly returned these as VARSTRING values with a binary collation. Now the server returns spatial values as BLOB values. (Bug#10166)

Added the --set-charset option to mysqlbinlog to allow the character set to be specified for processing binary log files. (Bug#18351)

For a table with an AUTO_INCREMENT column, SHOW CREATE TABLE now shows the next AUTO_INCREMENT value to be generated. (Bug#19025)

The mysqldumpslow script has been moved from client RPM packages to server RPM packages. This corrects a problem where mysqldumpslow could not be used with a client-only RPM install, because it depends on my_print_defaults which is in the server RPM. (Bug#20216)

Security fix: On Linux, and possibly other platforms using case-sensitive filesystems, it was possible for a user granted rights on a database to create or access a database whose name differed only from that of the first by the case of one or more letters. (CVE-2006-4226, Bug#17647)

Security fix: If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine. (Bug#15195)

Security fix: Invalid arguments to DATE_FORMAT() caused a server crash. (CVE-2006-3469, Bug#20729) Thanks to Jean-David Maillefer for discovering and reporting this problem to the Debian project and to Christian Hammers from the Debian Team for notifying us of it.

Closing of temporary tables failed if binary logging was not enabled. (Bug#20919)

Repeated DROP TABLE statements in a stored procedure could sometimes cause the server to crash. (Bug#19399)

DATE_ADD() and DATE_SUB() returned NULL when the result date was on the day '9999-12-31'. (Bug#12356)

For a DATE parameter sent via a MYSQL_TIME data structure, mysql_stmt_execute() zeroed the hour, minute, and second members of the structure rather than treating them as read-only. (Bug#20152)

The DATA DIRECTORY table option did not work for TEMPORARY tables. (Bug#8706)

The mysql client did not ignore client-specific commands (such as use or help) that occurred as the first word on a line within multiple-line /* ... */ comments. (Bug#20432)

The mysql client did not understand help commands that had spaces at the end. (Bug#20328)

Failure to account for a NULL table pointer on big-endian machines could cause a server crash during type conversion. (Bug#21135)

Some memory leaks in the libmysqld embedded server were corrected. (Bug#16017)

When mysqldump disabled keys and locked a MyISAM table, the lock operation happened second. If another client performed a query on the table in the interim, it could take a long time due to indexes not being used. Now the lock operation happens first. (Bug#15977)

The length of the pattern string prefix for LIKE operations was calculated incorrectly for multi-byte character sets. As a result, the the scanned range was wider than necessary if the prefix contained any multi-byte characters. (Bug#16674, Bug#18359)

For very complex SELECT statements could create temporary tables that were too big, but for which the temporary files did not get removed, causing subsequent queries to fail. (Bug#11824)

Using SELECT and a table join while running a concurrent INSERT operation would join incorrect rows. (Bug#14400)

Using SELECT on a corrupt MyISAM table using the dynamic record format could cause a server crash. (Bug#19835)

Checking a MyISAM table (using CHECK TABLE) having a spatial index and only one row would wrongly indicate that the table was corrupted. (Bug#17877)

For SELECT ... FOR UPDATE statements that used DISTINCT or GROUP BY over all key parts of a unique index (or primary key), the optimizer unnecessarily created a temporary table, thus losing the linkage to the underlying unique index values. This caused a Result set not updatable error. (The temporary table is unnecessary because under these circumstances the distinct or grouped columns must also be unique.) (Bug#16458)

Concatenating the results of multiple constant subselects produced incorrect results. (Bug#16716)

The use of MIN() and MAX() on columns with a partial index produced incorrect results in some queries. (Bug#18206)

Use of MIN() or MAX() with GROUP BY on a ucs2 column could cause a server crash. (Bug#20076)

INSERT INTO ... SELECT ... LIMIT 1 could be slow because the LIMIT was ignored when selecting candidate rows. (Bug#9676)

NDB Cluster: A Cluster whose storage nodes were installed from the MySQL-ndb-storage-* RPMs could not perform CREATE or ALTER operations that made use of non-default character sets or collations. (Bug#14918)

NDB Cluster: The repeated creating and dropping of a table would eventually lead to NDB Error 826, Too many tables and attributes ... Insufficient space. (Bug#20847)

NDB Cluster: When attempting to restart the cluster following a data import, the cluster would fail during Phase 4 of the restart with Error 2334: Job buffer congestion. (Bug#20774)

NDB Cluster: A node failure during a scan could sometime cause the node to crash when restarting too quickly following the failure. (Bug#20197)

NDB Cluster: It was possible to use port numbers greater than 65535 for ServerPort in the config.ini file. (Bug#19164)

The omission of leading zeros in dates could lead to erroneous results when these were compared with the output of certain date and time functions. (Bug#16377)

Certain queries having a WHERE clause that included conditions on multi-part keys with more than 2 key parts could produce incorrect results and send [Note] Use_count: Wrong count for key at... messages to STDERR. (Bug#16168)

An invalid comparison between keys in partial indexes over multi-byte character fields could lead to incorrect result sets if the selected query execution plan used a range scan by a partial index over a UTF8 character field. This also caused incorrect results under similar circumstances with many other character sets. (Bug#14896)

NDB Cluster: The cluster's data nodes would fail while trying to load data when NoOfFrangmentLogFiles was equal to 1. (Bug#19894)

NDB Cluster: A problem with error handling when ndb_use_exact_count was enabled could lead to incorrect values returned from queries using COUNT(). A warning is now returned in such cases. (Bug#19202)

NDB Cluster: LOAD DATA LOCAL failed to ignore duplicate keys in Cluster tables. (Bug#19496)

NDB Cluster: Repeated CREATE - INSERT - DROP operations tables could in some circumstances cause the MySQL table definition cache to become corrupt, so that some mysqld processes could access table information but others could not. (Bug#18595)

NDB Cluster: The mgm client command ALL CLUSTERLOG STATISTICS=15; had no effect. (Bug#20336)

NDB Cluster: TRUNCATE TABLE failed to reset the AUTO_INCREMENT counter. (Bug#18864)

NDB Cluster: The failure of a data node when preparing to commit a transaction (that is, while the node's status was CS_PREPARE_TO_COMMIT) could cause the failure of other cluster data nodes. (Bug#20185)

NDB Cluster: Renaming a table in such a way as to move it to to a different database failed to move the table's indexes. (Bug#19967)

NDB Cluster: Resources for unique indexes on Cluster table columns were incorrectly allocated, so that only one-fourth as many unique indexes as indicated by the value of UniqueHashIndexes could be created. (Bug#19623)

NDB Cluster (NDBAPI): On big-endian platforms, NdbOperation::write_attr() did not update 32-bit fields correctly. (Bug#19537)

NDB Cluster: Some queries having a WHERE clause of the form c1=val1 OR c2 LIKE 'val2' were not evaluated correctly. (Bug # 17421)

NDB Cluster: Using stale mysqld .FRM files could cause a newly-restored cluster to fail. This situation could arise when restarting a MySQL Cluster using the --intial option while leaving connected mysqld processes running. (Bug#16875)

NDB Cluster: Repeated use of the SHOW and ALL STATUS commands in the ndb_mgm client could cause the mgmd process to crash. (Bug#18591)

NDB Cluster: An issue with ndb_mgmd prevented more than 27 mysqld processes from connecting to a single cluster at one time. (Bug#17150)

NDB Cluster: Data node failures could cause excessive CPU usage by ndb_mgmd. (Bug#13987)

NDB Cluster: TRUNCATE failed on tables having BLOB or TEXT columns with the error Lock wait timeout exceeded. (Bug#19201)

A cast problem caused incorrect results for prepared statements that returned float values when MySQL was compiled with gcc 4.0. (Bug#19694)

Improper character set initialization in the embedded server could result in a server crash. (Bug#20318)

Some queries that used ORDER BY and LIMIT performed quickly in MySQL 3.23, but slowly in MySQL 4.x/5.x due to an optimizer problem. (Bug#4981)

Queries using an indexed column as the argument for the MIN() and MAX() functions following an ALTER TABLE .. DISABLE KEYS statement returned Got error 124 from storage engine until ALTER TABLE ... ENABLE KEYS was run on the table. (Bug#20357)

A number of dependency issues in the RPM bench and test packages caused installation of these packages to fail. (Bug#20078)

The MD5() and SHA() functions treat their arguments as case-sensitive strings. But when they are compared, their arguments were compared as case-insensitive strings, which leads to two function calls with different arguments (and thus different results) compared as being identical. This can lead to a wrong decision made in the range optimizer and thus to an incorrect result set. (Bug#15351)

InnoDB unlocked its data directory before committing a transaction, potentially resulting in non-recoverable tables if a server crash occurred before the commit. (Bug#19727)

Multiple-table DELETE statements containing a subquery that selected from one of the tables being modified caused a server crash. (Bug#19225)

The ARCHIVE storage engine does not support TRUNCATE TABLE, but the server was not returning an appropriate error when truncation of an ARCHIVE table was attempted. (Bug#15558)

An update that used a join of a table to itself and modified the table on both sides of the join reported the table as crashed. (Bug#18036)

The fill_help_tables.sql file did not load properly if the ANSI_QUOTES SQL mode was enabled. (Bug#20542)

The fill_help_tables.sql file did not contain a SET NAMES 'utf8' statement to indicate its encoding. This caused problems for some settings of the MySQL character set such as big5. (Bug#20551)

The MySQL server startup script /etc/init.d/mysql (created from mysql.server) is now marked to ensure that the system services ypbind, nscd, ldap, and NTP are started first (if these are configured on the machine). (Bug#18810)

For a reference to a non-existent index in FORCE INDEX, the error message referred to a column, not an index. (Bug#17873)

In a multiple-row INSERT statement, LAST_INSERT_ID() should return the same value for each row. However, in some cases, the value could change if the table being inserted into had its own AUTO_INCREMENT column. (Bug#6880)

Invalid escape sequences in option files caused MySQL programs that read them to abort. (Bug#15328)

Binary log lacked character set information for table name when dropping temporary tables. (Bug#14157)

InnoDB did not increment the handler_read_prev counter. (Bug#19542)

Slave SQL thread cleanup was not handled properly on Mac OS X when a statement was killed, resulting in a slave crash. (Bug#16900)

mysqldump did not respect the order of tables named with the --tables option. (Bug#18536)

The server no longer uses a signal handler for signal 0 because it could cause a crash on some platforms. (Bug#15869)

LOAD_FILE() returned an error if the file did not exist, rather than NULL as it should according to the manual. (Bug#10418)

Use of uninitialized user variables in a subquery in the FROM clause results in bad entries in the binary log. (Bug#19136)

IS_USED_LOCK() could return an incorrect connection identifier. (Bug#16501)

Concurrent reading and writing of privilege structures could crash the server. (Bug#16372)

A statement containing GROUP BY and HAVING clauses could return incorrect results when the HAVING clause contained logic that returned FALSE for every row. (Bug#14927)

MONTHNAME(STR_TO_DATE(NULL, '%m')) could cause a server crash. (Bug#18501)

The ref optimizer could choose the ref_or_null access method in cases where it was not applicable. This could cause inconsistent EXPLAIN or SELECT results for a given statement. (Bug#16798)

ANALYZE TABLE for TEMPORARY tables had no effect. (Bug#15225)

When myisamchk needed to rebuild a table, AUTO_INCREMENT information was lost. (Bug#10405)

No error message was being issued for storage engines that do not support ALTER TABLE. Now an ER_NOT_SUPPORTED_YET error occurs. (Bug#7643)

The binary log would create an incorrect DROP query when creating temporary tables during replication. (Bug#17263)

SHOW CREATE TABLE did not display the AUTO_INCREMENT column attribute if the SQL mode was MYSQL323 or MYSQL40. This also affected mysqldump, which uses SHOW CREATE TABLE to get table definitions. (Bug#14515)

Security fix: An SQL-injection security hole has been found in multi-byte encoding processing. The bug was in the server, incorrectly parsing the string escaped with the mysql_real_escape_string() C API function. (CVE-2006-2753, Bug#8378)

This vulnerability was discovered and reported by Josh Berkus <josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of the inter-project security collaboration of the OSDB consortium. For more information about SQL injection, please see the following text.

Discussion: An SQL-injection security hole has been found in multi-byte encoding processing. An SQL-injection security hole can include a situation whereby when a user supplied data to be inserted into a database, the user might inject SQL statements into the data that the server will execute. With regards to this vulnerability, when character set unaware-escaping is used (for example, addslashes() in PHP), it is possible to bypass the escaping in some multi-byte character sets (for example, SJIS, BIG5 and GBK). As a result, a function such as addslashes() is not able to prevent SQL-injection attacks. It is impossible to fix this on the server side. The best solution is for applications to use character set-aware escaping offered by a function such mysql_real_escape_string().

However, a bug was detected in how the MySQL server parses the output of mysql_real_escape_string(). As a result, even when the character set-aware function mysql_real_escape_string() was used, SQL injection was possible. This bug has been fixed.

Workarounds: If you are unable to upgrade MySQL to a version that includes the fix for the bug in mysql_real_escape_string() parsing, but run MySQL 5.0.1 or higher, you can use the NO_BACKSLASH_ESCAPES SQL mode as a workaround. (This mode was introduced in MySQL 5.0.1.) NO_BACKSLASH_ESCAPES enables an SQL standard compatibility mode, where backslash is not considered a special character. The result will be that queries will fail.

To set this mode for the current connection, enter the following SQL statement:

SET sql_mode='NO_BACKSLASH_ESCAPES';

You can also set the mode globally for all clients:

SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';

This SQL mode also can be enabled automatically when the server starts by using the command-line option --sql-mode=NO_BACKSLASH_ESCAPES or by setting sql-mode=NO_BACKSLASH_ESCAPES in the server option file (for example, my.cnf or my.ini, depending on your system).

The patch for Bug#8303 broke the fix for Bug#8378 and was undone. (In string literals with an escape character (\) followed by a multi-byte character that has a second byte of (\), the literal was not interpreted correctly. The next byte now is escaped, not the entire multi-byte character. This means it a strict reverse of the mysql_real_escape_string() function.)

The dropping of a temporary table whose name contained a backtick ('`') character was not correctly written to the binary log, which also caused it not to be replicated correctly. (Bug#19188)

The client libraries had not been compiled for position-independent code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202, Bug#18091)

Running myisampack followed by myisamchk with the --unpack option would corrupt the auto_increment key. (Bug#12633)

RPM packages had spurious dependencies on Perl modules and other programs. (Bug#13634)

Security enhancement: Added the global max_prepared_stmt_count system variable to limit the total number of prepared statements in the server. This limits the potential for denial-of-service attacks based on running the server out of memory by preparing huge numbers of statements. The current number of prepared statements is available through the prepared_stmt_count system variable. (Bug#16365)

The MySQL-shared-compat-4.1.X-.i386.rpm shared compatibility RPMs no longer contain libraries for MySQL 5.0 and up. It contains libraries for 3.23, 4.0, and 4.1.1. (Bug#19288)

Creating a table in an InnoDB database with a column name that matched the name of an internal InnoDB column (including DB_ROW_ID, DB_TRX_ID, DB_ROLL_PTR and DB_MIX_ID) would cause a crash. MySQL now returns error 1005 (cannot create table) with errno set to -1. (Bug#18934)

InnoDB now caches a list of unflushed files instead of scanning for unflushed files during a table flush operation. This improves performance when --innodb-file-per-table is set on a system with a large number of InnoDB tables. (Bug#15653)

New charset command added to mysql command-line client. By typing charset name or \C name (such as \C UTF8), the client character set can be changed without reconnecting. (Bug#16217)

Large file support was re-enabled for the MySQL server binary for the AIX 5.2 platform. (Bug#13571)

When using the GROUP_CONCAT() function where the group_concat_max_len system variable was greater than 512, the type of the result was BLOB only if the query included an ORDER BY clause; otherwise the result was a VARCHAR.

The result type of the GROUP_CONCAT() function is now VARCHAR only if the value of the group_concat_max_len system variable is less than or equal to 512. Otherwise, this function returns a BLOB. (Bug#14169)

Security fix: A malicious client, using specially crafted invalid login or COM_TABLE_DUMP packets was able to read uninitialized memory, which potentially, though unlikely in MySQL, could have led to an information disclosure. (CVE-2006-1516, CVE-2006-1517) Thanks to Stefano Di Paola <stefano.dipaola@wisec.it> for finding and reporting this bug.

NDB Cluster: A simultaneous DROP TABLE and table update operation utilising a table scan could trigger a node failure. (Bug#18597)

MySQL-shared-compat-4.1.15-0.i386.rpm, MySQL-shared-compat-4.1.16-0.i386.rpm, and MySQL-shared-compat-4.1.18-0.i386.rpm incorrectly depended on glibc 2.3 and could not be installed on a glibc 2.2 system. (Bug#16539)

IA-64 RPM packages for Red Hat and SuSE Linux that were built with the icc compiler incorrectly depended on icc runtime libraries. (Bug#16662)

Index prefixes for utf8 VARCHAR columns did not work for UPDATE statements. (Bug#19080)

MySQL would not compile on Linux distributions that use the tinfo library. (Bug#18912)

NDB Cluster: Backups could fail for large clusters with many tables, where the number of tables approached MaxNoOfTables. (Bug#17607)

For single-SELECT union constructs of the form (SELECT ... ORDER BY order_list1 [LIMIT n]) ORDER BY order_list2, the ORDER BY lists were concatenated and the LIMIT clause was ignored. (Bug#18767)

The IN-to-EXISTS transformation was making a reference to a parse tree fragment that was left out of the parse tree. This caused problems with prepared statements. (Bug#18492)

Attempting to set the default value of an