OpenSSH 5.4 has just been released.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

This is a major feature and bugfix release.

Changes since OpenSSH 5.3

=========================

Features:

* After a transition period of about 10 years, this release disables

SSH protocol 1 by default. Clients and servers that need to use the

legacy protocol must explicitly enable it in ssh_config / sshd_config

or on the command-line.

* Remove the libsectok/OpenSC-based smartcard code and add support for

PKCS#11 tokens. This support is automatically enabled on all

platforms that support dlopen(3) and was inspired by patches written

by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.

* Add support for certificate authentication of users and hosts using a

new, minimal OpenSSH certificate format (not X.509). Certificates

contain a public key, identity information and some validity

constraints and are signed with a standard SSH public key using

ssh-keygen(1). CA keys may be marked as trusted in authorized_keys

or via a TrustedUserCAKeys option in sshd_config(5) (for user

authentication), or in known_hosts (for host authentication).

Documentation for certificate support may be found in ssh-keygen(1),

sshd(8) and ssh(1) and a description of the protocol extensions in

PROTOCOL.certkeys.

* Added a ‘netcat mode’ to ssh(1): “ssh -W host:port …” This connects

stdio on the client to a single port forward on the server. This

allows, for example, using ssh as a ProxyCommand to route connections

via intermediate servers. bz#1618

* Add the ability to revoke keys in sshd(8) and ssh(1). User keys may

be revoked using a new sshd_config(5) option “RevokedKeys”. Host keys

are revoked through known_hosts (details in the sshd(8) man page).

Revoked keys cannot be used for user or host authentication and will

trigger a warning if used.

* Rewrite the ssh(1) multiplexing support to support non-blocking

operation of the mux master, improve the resilience of the master to

malformed messages sent to it by the slave and add support for

requesting port- forwardings via the multiplex protocol. The new

stdio-to-local forward mode (“ssh -W host:port …”) is also

supported. The revised multiplexing protocol is documented in the

file PROTOCOL.mux in the source distribution.

* Add a ‘read-only’ mode to sftp-server(8) that disables open in write

mode and all other fs-modifying protocol methods. bz#430

* Allow setting an explicit umask on the sftp-server(8) commandline to

override whatever default the user has. bz#1229

* Many improvements to the sftp(1) client, many of which were

implemented by Carlos Silva through the Google Summer of Code

program:

- Support the “-h” (human-readable units) flag for ls

- Implement tab-completion of commands, local and remote filenames

- Support most of scp(1)’s commandline arguments in sftp(1), as a

first step towards making sftp(1) a drop-in replacement for scp(1).

Note that the rarely-used “-P sftp_server_path” option has been

moved to “-D sftp_server_path” to make way for “-P port” to match

scp(1).

- Add recursive transfer support for get/put and on the commandline

* New RSA keys will be generated with a public exponent of RSA_F4 ==

(2**16)+1 == 65537 instead of the previous value 35.

* Passphrase-protected SSH protocol 2 private keys are now protected

with AES-128 instead of 3DES. This applied to newly-generated keys

as well as keys that are reencrypted (e.g. by changing their

passphrase).

Bugfixes:

* Hold authentication debug messages until after successful

authentication. Fixes a minor information leak of environment

variables specified in authorized_keys if an attacker happens to

know the public key in use.

* When using ChrootDirectory, make sure we test for the existence of

the user’s shell inside the chroot and not outside (bz#1679)

* Cache user and group name lookups in sftp-server using

user_from_[ug]id(3) to improve performance on hosts where these

operations are slow (e.g. NIS or LDAP). bz#1495

* Fix problem that prevented passphrase reading from being interrupted

in some circumstances; bz#1590

* Ignore and log any Protocol 1 keys where the claimed size is not

equal to the actual size.

* Make HostBased authentication work with a ProxyCommand. bz#1569

* Avoid run-time failures when specifying hostkeys via a relative

path by prepending the current working directory in these cases.

bz#1290

* Do not prompt for a passphrase if we fail to open a keyfile, and log

the reason why the open failed to debug. bz#1693

* Document that the PubkeyAuthentication directive is allowed in a

sshd_config(5) Match block. bz#1577

* When converting keys, truncate key comments at 72 chars as per

RFC4716. bz#1630

* Do not allow logins if /etc/nologin exists but is not readable by the

user logging in.

* Output a debug log if sshd(8) can’t open an existing authorized_keys.

bz#1694

* Quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we

usually don’t actually have a tty to read/set; bz#1686

* Prevent sftp from crashing when given a “-” without a command.

Also, allow whitespace to follow a “-”. bz#1691

* After sshd receives a SIGHUP, ignore subsequent HUPs while sshd

re-execs itself. Prevents two HUPs in quick succession from resulting

in sshd dying. bz#1692

* Clarify in sshd_config(5) that StrictModes does not apply to

ChrootDirectory. Permissions and ownership are always checked when

chrooting. bz#1532

* Set close-on-exec on various descriptors so they don’t get leaked to

child processes. bz#1643

* Fix very rare race condition in x11/agent channel allocation: don’t

read after the end of the select read/write fdset and make sure a

reused FD is not touched before the pre-handlers are called.

* Fix incorrect exit status when multiplexing and channel ID 0 is

recycled. bz#1570

* Fail with an error when an attempt is made to connect to a server

with ForceCommand=internal-sftp with a shell session (i.e. not a

subsystem session). Avoids stuck client when attempting to ssh to

such a service. bz#1606:

* Warn but do not fail if stat()ing the subsystem binary fails. This

helps with chrootdirectory+forcecommand=sftp-server and restricted

shells. bz #1599

* Change “Connecting to host…” message to “Connected to host.”

and delay it until after the sftp protocol connection has been

established. Avoids confusing sequence of messages when the

underlying ssh connection experiences problems. bz#1588

* Use the HostKeyAlias rather than the hostname specified on the

commandline when prompting for passwords. bz#1039

* Correct off-by-one in percent_expand(): we would fatal() when trying

to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to

actually work. Note that nothing in OpenSSH actually uses close to

this limit at present. bz#1607

* Fix passing of empty options from scp(1) and sftp(1) to the

underlying ssh(1). Also add support for the stop option “–”.

* Fix an incorrect magic number and typo in PROTOCOL; bz#1688

* Don’t escape backslashes when displaying the SSH2 banner. bz#1533

* Don’t unnecessarily dup() the in and out fds for sftp-server. bz#1566

* Force use of the correct hash function for random-art signature

display as it was inheriting the wrong one when bubblebabble

signatures were activated. bz#1611

* Do not fall back to adding keys without constraints (ssh-add -c /

-t …) when the agent refuses the constrained add request. bz#1612

* Fix a race condition in ssh-agent that could result in a wedged or

spinning agent. bz#1633

* Flush stdio before exec() to ensure that everying (motd

in particular) has made it out before the streams go away. bz#1596

* Set FD_CLOEXEC on in/out sockets in sshd(8). bz#1706

Portable OpenSSH Bugfixes:

* Use system’s kerberos principal name on AIX if it’s available.

bz#1583

* Disable OOM-killing of the listening sshd on Linux. bz#1470

* Use pkg-config for opensc config if it’s available. bz#1160

* Unbreak Redhat spec to allow building without askpass. bz#1677

* If PidFile is set in sshd_config, use it in SMF init file. bz#1628

* Print error and usage() when ssh-rand-helper is passed command-

line arguments as none are supported. bz#1568

* Add missing setsockopt() to set IPV6_V6ONLY for local forwarding

with GatwayPorts=yes. bz#1648

* Make GNOME 2 askpass dialog desktop-modal. bz#1645

* If SELinux is enabled set the security context to “sftpd_t” before

running the internal sftp server. bz#1637

* Correctly check libselinux for necessary SELinux functions; bz#1713

* Unbreak builds on Redhat using the supplied openssh.spec; bz#1731

* Fix incorrect privilege dropping order on AIX that prevented

chroot operation; bz#1567

* Call aix_setauthdb/aix_restoredb at the correct times on AIX to

prevent authentication failure; bz#1710

The Apache Software Foundation and the Apache HTTP Server Project has announced the release and immediate availability of version
2.2.15 of the Apache HTTP Server (“httpd”).  This version of httpd is principally a security and bug fix release.

Notably, this release was updated to reflect the OpenSSL Project’s release 0.9.8m of the openssl library, and addresses CVE-2009-3555
(cve.mitre.org), the TLS renegotiation prefix injection attack. This release further addresses the issues CVE-2010-0408, CVE-2010-0425 and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers respectively.

phpBB 3.0.7-PL1 has been released to address a security issue which was introduced in 3.0.7, unfortunately

the issue wasn’t noticed during testing and has only surfaced a week after the release of 3.0.7.

Working feeds were promised for phpBB 3.0.7, however a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

- Feeds are enabled

- Any of the posts or topics feeds are enabled

- The unauthorised user – or one of the groups they are a member of – has forum permissions set on a private forum

- If you have excluded a forum from the list of forums that provide feeds, it is unaffected

The fix for the issue is a single line change inside of feed.php, line 525 has changed from:

$forum_ids = array_keys($auth->acl_getf('f_read'));

to:

$forum_ids = array_keys($auth->acl_getf('f_read', true));

There were no other changes, in particular neither style nor language changes.

MySQL Connector/Net 6.3.1, a new version of the all-managed .NET driver for MySQL has been released. This is an alpha release and is intended to introduce you to the new features and enhancements we are planning. This

release should not be used in a production environment.

The new features or changes in this release are:

- Visual Studio 2010 RC support

- Nested transaction scope support

MySQL Server 5.5.2-m2, a new version of the  Open Source Database Management System, has been released. The “-m2″ suffix tells this belongs to the second milestone according to our “milestone” release model, also called “Betony”.

What Is New in MySQL 5.5

The following features have been added to MySQL 5.5:

* Support for an interface for semisynchronous replication:
A commit performed on the master side blocks before returning
to the session that performed the transaction until at least
one slave acknowledges that it has received and logged the events
for the transaction.
Semisynchronous replication is implemented through an optional
plugin component. See Section 16.2.8, “Semisynchronous Replication”

* Support for the SQL standard SIGNAL and RESIGNAL statements.
See Section 12.8.8, “SIGNAL and RESIGNAL”.

* Enhancements to XML functionality, including a new LOAD XML
statement.

* Two new types of user-defined partitioning are supported:
RANGE COLUMNS partitioning is an extension to RANGE partitioning;
LIST COLUMNS partitioning is an extension to LIST partitioning.
Each of these extensions provides two enhancements to MySQL
partitioning capabilities:

1. It is possible to define partitioning ranges or lists based on
DATE, DATETIME, or string values (such as CHAR or VARCHAR).

You can also define ranges or lists based on multiple column
values when partitioning tables by RANGE COLUMNS or LIST COLUMNS,
respectively. Such a range or list may refer to up to 16 columns.

2. For tables defined using these partitioning types, partition
pruning can now optimize queries with WHERE conditions that use
multiple comparisons between (different) column values and
constants, such as
a = 10 AND b > 5 or a < “2005-11-25″ AND b = 10 AND c = 50.

For more information, see Section 17.2.1, “RANGE Partitioning”,
and Section 17.2.2, “LIST Partitioning”.

* It is now possible to delete all rows from one or more partitions
of a partitioned table using the ALTER TABLE … TRUNCATE
PARTITION statement. Executing the statement deletes rows without
affecting the structure of the table. The partitions named in the
TRUNCATE PARTITION clause do not have to be contiguous.

* Key caches are now supported for indexes on partitioned MyISAM
tables, using the CACHE INDEX and LOAD INDEX INTO CACHE statements.
In addition, a key cache can be defined for and loaded with indexes
from an entire partitioned table, or for one or more partitions.
In the latter case, the partitions are not required to be contiguous.

* The TO_SECONDS() function is added. This function converts a date or
datetime expression to a number of seconds since the year 0. You may
use this function in partitioning expressions, and partition pruning
is supported for table defined using such expressions.

The following constructs are deprecated and will be removed in a future MySQL release. Where alternatives are shown, applications should be updated to use them.

* The table_type system variable (use storage_engine).

The TYPE table option to specify the storage engine for
CREATE TABLE or ALTER TABLE (use ENGINE).

The SHOW TABLE TYPES SQL statement (use SHOW ENGINES).

* The log_bin_trust_routine_creators variable
(use log_bin_trust_function_creators).

* TIMESTAMP(N): The ability to specify a display width of N
(use without N).

* The SHOW INNODB STATUS and SHOW MUTEX STATUS SQL statements
(use SHOW ENGINE INNODB STATUS for both of these).

* The LOAD TABLE … FROM MASTER and LOAD DATA FROM MASTER SQL
statements.

* The SHOW PLUGIN SQL statement (use SHOW PLUGINS).

* The BACKUP TABLE and the RESTORE TABLE SQL statements.

* The –master-xxx server options to set replication parameters
(use the CHANGE MASTER TO statement instead):
–master-host, –master-user, –master-password, –master-port,
–master-connect-retry, –master-ssl, –master-ssl-ca,
–master-ssl-capath, –master-ssl-cert, –master-ssl-cipher,
–master-ssl-key.

—–

Changes in MySQL 5.5.2:

InnoDB Plugin Notes:

* This release includes InnoDB Plugin 1.0.6. This version is
considered of Release Candidate (RC) quality.

Functionality added or changed:

* Replication: Introduced the
–binlog-direct-non-transactional-updates server option. This
option causes updates using the statement-based logging format
to tables using non-transactional engines to be written
directly to the binary log, rather than to the transaction
cache.
Before using this option, be certain that you have no
dependencies between transactional and non-transactional
tables. A statement that both selects from an InnoDB table and
inserts into a MyISAM table is an example of such a
dependency. For more information, see Section 16.1.3.4,
“Binary Log Options and Variables.”
(Bug#46364: http://bugs.mysql.com/bug.php?id=46364)
See also Bug#28976: http://bugs.mysql.com/bug.php?id=28976,
Bug#40116: http://bugs.mysql.com/bug.php?id=40116.

Bugs fixed:

* Performance: The method for comparing INFORMATION_SCHEMA names
and database names was nonoptimal and an improvement was made:
When the database name length is already known, a length check
is made first and content comparison skipped if the lengths
are unequal.
(Bug#49501: http://bugs.mysql.com/bug.php?id=49501)

* Performance: The MD5() and SHA1() functions had excessive
overhead for short strings.
(Bug#49491: http://bugs.mysql.com/bug.php?id=49491)

* Security Fix: For servers built with yaSSL, a preauthorization
buffer overflow could cause memory corruption or a server
crash. We thank Evgeny Legerov from Intevydis for providing us
with a proof-of-concept script that allowed us to reproduce
this bug. (Bug#50227: http://bugs.mysql.com/bug.php?id=50227,
CVE-2009-4484
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484))

* Incompatible Change: In plugin.h, the MYSQL_REPLICATION_PLUGIN
symbol was out of synchrony with its value in MySQL 6.0
because the lower-valued MYSQL_AUDIT_PLUGIN was not present.
To correct this, MYSQL_AUDIT_PLUGIN has been added in MySQL
5.5, changing the value of MYSQL_REPLICATION_PLUGIN from 5 to

6. Attempts to load the audit plugin produce an error occurs
because only the MYSQL_AUDIT_PLUGIN symbol was added, not the
audit plugin itself. This error will go away when the audit
plugin is added to MySQL 5.5. Replication plugins from earlier
5.5.x releases must be recompiled against the current release
before they will work with the current release.
(Bug#49894: http://bugs.mysql.com/bug.php?id=49894)

* Important Change: Replication: The RAND() function is now
marked as unsafe for statement-based replication. Using this
function now generates a warning when binlog_format=STATEMENT
and causes the the format to switch to row-based logging when
binlog_format=MIXED.
This change is being introduced because, when RAND() was
logged in statement mode, the seed was also written to the
binary log, so the replication slave generated the same
sequence of random numbers as was generated on the master.
While this could make replication work in some cases, the
order of affected rows was still not guaranteed when this
function was used in statements that could update multiple
rows, such as UPDATE or INSERT … SELECT; if the master and
the slave retrieved rows in different order, they began to
diverge. (Bug#49222: http://bugs.mysql.com/bug.php?id=49222)

* Partitioning: When used on partitioned tables, the
records_in_range handler call checked all partitions, rather
than the unpruned partitions only.
(Bug#48846: http://bugs.mysql.com/bug.php?id=48846)
See also Bug#37252: http://bugs.mysql.com/bug.php?id=37252,
Bug#47261: http://bugs.mysql.com/bug.php?id=47261.

* Partitioning: When an ALTER TABLE … REORGANIZE PARTITION
statement on an InnoDB table failed due to
innodb_lock_wait_timeout expiring while waiting for a lock,
InnoDB did not clean up any temporary files or tables which it
had created. Attempting to reissue the ALTER TABLE statement
following the timeout could lead to storage engine errors, or
possibly a crash of the server.
(Bug#47343: http://bugs.mysql.com/bug.php?id=47343)

* Replication: FLUSH LOGS could in some circumstances crash the
server. This occurred because the I/O thread could
concurrently access the relay log I/O cache while another
thread was performing the FLUSH LOGS, which closes and reopens
the relay log and, while doing so, initializes (or
re-initializes) its I/O cache. This could cause problems if
some other thread (in this case, the I/O thread) is accessing
it at the same time.
Now the thread performing the FLUSH LOGS takes a lock on the
relay log before actually flushing it.
(Bug#50364: http://bugs.mysql.com/bug.php?id=50364)

* Replication: With semisynchronous replication, memory
allocated for handling transactions could be freed while still
in use, resulting in a server crash.
(Bug#50157: http://bugs.mysql.com/bug.php?id=50157)

* Replication: In some cases, inserting into a table with many
columns could cause the binary log to become corrupted.
(Bug#50018: http://bugs.mysql.com/bug.php?id=50018)
See also Bug#42749: http://bugs.mysql.com/bug.php?id=42749.

* Replication: When using row-based replication, setting a BIT
or CHAR column of a MyISAM table to NULL, then trying to
delete from the table, caused the slave to fail with the error
Can’t find record in table.
(Bug#49481: http://bugs.mysql.com/bug.php?id=49481,
Bug#49482: http://bugs.mysql.com/bug.php?id=49482)

* Replication: A LOAD DATA INFILE statement that loaded data
into a table having a column name that had to be escaped (such
as `key` INT) caused replication to fail when logging in mixed
or statement mode. In such cases, the master wrote the LOAD
DATA event into the binary log without escaping the column
names. (Bug#49479: http://bugs.mysql.com/bug.php?id=49479)
See also Bug#47927: http://bugs.mysql.com/bug.php?id=47927.

* Replication: When logging in row-based mode, DDL statements
are actually logged as statements; however, statements that
affected temporary tables and followed DDL statements failed
to reset the binary log format to ROW, with the result that
these statements were logged using the statement-based format.
Now the state of binlog_format is restored after a DDL
statement has been written to the binary log.
(Bug#49132: http://bugs.mysql.com/bug.php?id=49132)

* Replication: Spatial data types caused row-based replication
to crash. (Bug#48776: http://bugs.mysql.com/bug.php?id=48776)

* Replication: When using row-based logging, the statement
CREATE TABLE t IF NOT EXIST … SELECT was logged as CREATE
TEMPORARY TABLE t IF NOT EXIST … SELECT when t already
existed as a temporary table. This was caused by the fact that
the temporary table was opened and the results of the SELECT
were inserted into it when a temporary table existed and had
the same name.
Now, when this statement is executed, t is created as a base
table, the results of the SELECT are inserted into it — even
if there already exists a temporary table having the same name
— and the statement is logged correctly.
(Bug#47418: http://bugs.mysql.com/bug.php?id=47418)
See also Bug#47442: http://bugs.mysql.com/bug.php?id=47442.

* Replication: Due to a change in the size of event
representations in the binary log, when replicating from a
MySQL 4.1 master to a slave running MySQL 5.0.60 or later, the
START SLAVE UNTIL statement did not function correctly,
stopping at the wrong position in the log. Now the slave
detects that the master is using the older version of the
binary log format, and corrects for the difference in event
size, so that the slave stops in the correct position.
(Bug#47142: http://bugs.mysql.com/bug.php?id=47142)

* Replication: Manually removing entries from the binary log
index file on a replication master could cause the server to
repeatedly send the same binary log file to slaves.
(Bug#28421: http://bugs.mysql.com/bug.php?id=28421)

* The SSL certificates in the test suite were about to expire.
They have been updated with expiration dates in the year 2015.
(Bug#50642: http://bugs.mysql.com/bug.php?id=50642)

* SPATIAL indexes were allowed on columns with non-spatial data
types, resulting in a server crash for subsequent table
inserts. (Bug#50574: http://bugs.mysql.com/bug.php?id=50574)

* Index prefixes could be specified with a length greater than
the associated column, resulting in a server crash for
subsequent table inserts.
(Bug#50542: http://bugs.mysql.com/bug.php?id=50542)

* Use of loose index scan optimization for an aggregate function
with DISTINCT (for example, COUNT(DISTINCT)) could produce
incorrect results.
(Bug#50539: http://bugs.mysql.com/bug.php?id=50539)

* The printstack function does not exist on Solaris 8 or
earlier, which would lead to a compilation failure.
(Bug#50409: http://bugs.mysql.com/bug.php?id=50409)

* A user could see tables in INFORMATION_SCHEMA.TABLES without
appropriate privileges for them.
(Bug#50276: http://bugs.mysql.com/bug.php?id=50276)

* Debug output for join structures was garbled.
(Bug#50271: http://bugs.mysql.com/bug.php?id=50271)

* Within a stored routine, selecting the result of CONCAT_WS()
with a routine parameter argument into a user variable could
return incorrect results.
(Bug#50096: http://bugs.mysql.com/bug.php?id=50096)

* The filesort sorting method applied to a CHAR(0) column could
lead to a server crash.
(Bug#49897: http://bugs.mysql.com/bug.php?id=49897)

* EXPLAIN EXTENDED UNION … ORDER BY caused a crash when the
ORDER BY referred to a nonconstant or full-text function or a
subquery. (Bug#49734: http://bugs.mysql.com/bug.php?id=49734)

* Some prepared statements could raise an assertion when
re-executed.
(Bug#49570: http://bugs.mysql.com/bug.php?id=49570)

* sql_buffer_result had an effect on non-SELECT statements,
contrary to the documentation.
(Bug#49552: http://bugs.mysql.com/bug.php?id=49552)

* In some cases a subquery need not be evaluated because it
returns only aggregate values that can be calculated from
table metadata. This sometimes was not handled by the
enclosing subquery, resulting in a server crash.
(Bug#49512: http://bugs.mysql.com/bug.php?id=49512)

* Mixing full-text searches and row expressions caused a crash.
(Bug#49445: http://bugs.mysql.com/bug.php?id=49445)

* Creating or dropping a table with 1023 transactions active
caused an assertion failure.
(Bug#49238: http://bugs.mysql.com/bug.php?id=49238)

* mysql-test-run.pl now recognizes the MTR_TESTCASE_TIMEOUT,
MTR_SUITE_TIMEOUT, MTR_SHUTDOWN_TIMEOUT, and MTR_START_TIMEOUT
environment variables. If they are set, their values are used
to set the –testcase-timeout, –suite-timeout,
–shutdown-timeout, and –start-timeout options, respectively.
(Bug#49210: http://bugs.mysql.com/bug.php?id=49210)

* Several strmake() calls had an incorrect length argument (too
large by one).
(Bug#48983: http://bugs.mysql.com/bug.php?id=48983)

* On Fedora 12, strmov() did not guarantee correct operation for
overlapping source and destination buffer. Calls were fixed to
use an overlap-safe version instead.
(Bug#48866: http://bugs.mysql.com/bug.php?id=48866)

* With one thread waiting for a lock on a table, if another
thread dropped the table and created a new table with the same
name and structure, the first thread would not notice that the
table had been re-created and would try to used cached
metadata that belonged to the old table but had been freed.
(Bug#48157: http://bugs.mysql.com/bug.php?id=48157)

* If an invocation of a stored procedure failed in the
table-open stage, subsequent invocations that did not fail in
that stage could cause a crash.
(Bug#47649: http://bugs.mysql.com/bug.php?id=47649)

* A crash occurred when a user variable that was assigned to a
subquery result was used as a result field in a SELECT
statement with aggregate functions.
(Bug#47371: http://bugs.mysql.com/bug.php?id=47371)

* When the mysql client was invoked with the –vertical option,
it ignored the –skip-column-names option.
(Bug#47147: http://bugs.mysql.com/bug.php?id=47147)

* If EXPLAIN encountered an error in the query, a memory leak
occurred. (Bug#45989: http://bugs.mysql.com/bug.php?id=45989)

* A race condition on the privilege hash tables allowed one
thread to try to delete elements that had already been deleted
by another thread. A consequence was that SET PASSWORD or
FLUSH PRIVILEGES could cause a crash.
(Bug#35589: http://bugs.mysql.com/bug.php?id=35589,
Bug#35591: http://bugs.mysql.com/bug.php?id=35591)

* 1) In rare cases, if a thread was interrupted during a FLUSH
PRIVILEGES operation, a debug assertion occurred later due to
improper diagnostic area setup. 2) A KILL operation could
cause a console error message referring to a diagnostic area
state without first ensuring that the state existed.
(Bug#33982: http://bugs.mysql.com/bug.php?id=33982)

* ALTER TABLE with both DROP COLUMN and ADD COLUMN clauses could
crash or lock up the server.
(Bug#31145: http://bugs.mysql.com/bug.php?id=31145)

* The Table_locks_waited waited variable was not incremented in
the cases that a lock had to be waited for but the waiting
thread was killed or the request was aborted.
(Bug#30331: http://bugs.mysql.com/bug.php?id=30331)

The OpenSSL project team has announced the release of version 0.9.8m of the open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which implements RFC5746 to address renegotiation vulnerabilities mentioned in CVE-2009-3555.

This release includes approximately 50 bugfixes, the majority of which were contributed during our Bug Hunt Days last week (more information on that in the days to come). The fixes contributed are helping stabilize and improve this release.

MySQL Community Server 5.1.44, a new version of the popular Open Source Database Management System, has been released.  MySQL 5.1.44 is recommended for use on production systems.

For an overview of what’s new in MySQL 5.1, please see  http://dev.mysql.com/doc/refman/5.1/en/mysql-nutshell.html

For information on installing MySQL 5.1.44 on new servers or upgrading to MySQL 5.1.44 from previous MySQL releases, please see  http://dev.mysql.com/doc/refman/5.1/en/installing.html

MySQL Server is available in source and binary form for a number of platforms from  http://dev.mysql.com/downloads/

For information on open issues in MySQL 5.1, please see the errata list at  http://dev.mysql.com/doc/refman/5.1/en/open-bugs.html

The following section lists the changes in the MySQL source code since the previous released version of MySQL 5.1.  It may also be viewed online at  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-44.html

Changes in MySQL 5.1.44

InnoDB Plugin Notes:

* This release includes InnoDB Plugin 1.0.6. This version is considered of Release Candidate (RC) quality. In this release, the InnoDB Plugin is included in source and binary distributions, except RHEL3, RHEL4, SuSE 9 (x86,

x86_64, ia64), and generic Linux RPM packages. It also does not work for FreeBSD 6 and HP-UX or for Linux on generic ia64.

Functionality added or changed:

* Replication: Introduced the –binlog-direct-non-transactional-updates server option. This option causes updates using the statement-based logging format to tables using non-transactional engines to be written directly to the binary log, rather than to the transaction cache.

Before using this option, be certain that you have no dependencies between transactional and non-transactional tables. A statement that both selects from an InnoDB table and inserts into a MyISAM table is an example of such a dependency. For more information, see Section 16.1.3.4,

“Binary Log Options and Variables.”

(Bug#46364: http://bugs.mysql.com/bug.php?id=46364)

See also Bug#28976: http://bugs.mysql.com/bug.php?id=28976,

Bug#40116: http://bugs.mysql.com/bug.php?id=40116.

Bugs fixed:

* Partitioning: When an ALTER TABLE … REORGANIZE PARTITION statement on an InnoDB table failed due to innodb_lock_wait_timeout expiring while waiting for a lock, InnoDB did not clean up any temporary files or tables which it had created. Attempting to reissue the ALTER TABLE statement following the timeout could lead to storage engine errors, or possibly a crash of the server.

(Bug#47343: http://bugs.mysql.com/bug.php?id=47343)

* Replication: In some cases, inserting into a table with many columns could cause the binary log to become corrupted.

(Bug#50018: http://bugs.mysql.com/bug.php?id=50018)

See also Bug#42749: http://bugs.mysql.com/bug.php?id=42749.

* Replication: When using row-based replication, setting a BIT or CHAR column of a MyISAM table to NULL, then trying to delete from the table, caused the slave to fail with the error Can’t find record in table.

(Bug#49481: http://bugs.mysql.com/bug.php?id=49481,

Bug#49482: http://bugs.mysql.com/bug.php?id=49482)

* Replication: When logging in row-based mode, DDL statements are actually logged as statements; however, statements that affected temporary tables and followed DDL statements failed to reset the binary log format to ROW, with the result that these statements were logged using the statement-based format. Now the state of binlog_format is restored after a DDL statement has been written to the binary log.

(Bug#49132: http://bugs.mysql.com/bug.php?id=49132)

* Replication: When using row-based logging, the statement CREATE TABLE t IF NOT EXIST … SELECT was logged as CREATE TEMPORARY TABLE t IF NOT EXIST … SELECT when t already existed as a temporary table. This was caused by the fact that the temporary table was opened and the results of the SELECT were inserted into it when a temporary table existed and had the same name.

Now, when this statement is executed, t is created as a base table, the results of the SELECT are inserted into it — even if there already exists a temporary table having the same name — and the statement is logged correctly.

(Bug#47418: http://bugs.mysql.com/bug.php?id=47418)

See also Bug#47442: http://bugs.mysql.com/bug.php?id=47442.

* Replication: Due to a change in the size of event representations in the binary log, when replicating from a MySQL 4.1 master to a slave running MySQL 5.0.60 or later, the START SLAVE UNTIL statement did not function correctly, stopping at the wrong position in the log. Now the slave detects that the master is using the older version of the binary log format, and corrects for the difference in event size, so that the slave stops in the correct position.

(Bug#47142: http://bugs.mysql.com/bug.php?id=47142)

* The SSL certificates in the test suite were about to expire. They have been updated with expiration dates in the year 2015.

(Bug#50642: http://bugs.mysql.com/bug.php?id=50642)

* The printstack function does not exist on Solaris 8 or earlier, which would lead to a compilation failure.

(Bug#50409: http://bugs.mysql.com/bug.php?id=50409)

* A user could see tables in INFORMATION_SCHEMA.TABLES without appropriate privileges for them.

(Bug#50276: http://bugs.mysql.com/bug.php?id=50276)

* Debug output for join structures was garbled.

(Bug#50271: http://bugs.mysql.com/bug.php?id=50271)

* The filesort sorting method applied to a CHAR(0) column could lead to a server crash.

(Bug#49897: http://bugs.mysql.com/bug.php?id=49897)

* sql_buffer_result had an effect on non-SELECT statements, contrary to the documentation.

(Bug#49552: http://bugs.mysql.com/bug.php?id=49552)

* In some cases a subquery need not be evaluated because it returns only aggregate values that can be calculated from table metadata. This sometimes was not handled by the enclosing subquery, resulting in a server crash.

(Bug#49512: http://bugs.mysql.com/bug.php?id=49512)

* The method for comparing INFORMATION_SCHEMA names and database names was nonoptimal and an improvement was made: When the database name length is already known, a length check is made

first and content comparison skipped if the lengths are unequal.

(Bug#49501: http://bugs.mysql.com/bug.php?id=49501)

* The MD5() and SHA1() functions had excessive overhead for short strings.

(Bug#49491: http://bugs.mysql.com/bug.php?id=49491)

* Mixing full-text searches and row expressions caused a crash.

(Bug#49445: http://bugs.mysql.com/bug.php?id=49445)

* Creating or dropping a table with 1023 transactions active caused an assertion failure.

(Bug#49238: http://bugs.mysql.com/bug.php?id=49238)

* mysql-test-run.pl now recognizes the MTR_TESTCASE_TIMEOUT, MTR_SUITE_TIMEOUT, MTR_SHUTDOWN_TIMEOUT, and MTR_START_TIMEOUT environment variables. If they are set, their values are used to set the –testcase-timeout, –suite-timeout, –shutdown-timeout, and –start-timeout options, respectively.

(Bug#49210: http://bugs.mysql.com/bug.php?id=49210)

MySQL Connector/Net 6.3.0, a new version of the all-managed .NET driver for MySQL has been released. This is an alpha release and is intended to introduce you to the new features and planned enhancements. This release should not be used in a production environment.

It is now available in source and binary form from http://dev.mysql.com/downloads/connector/net/6.3.html

The new features or changes in this release are:

- Visual Studio 2010 RC support
- Nested transaction scope support

The first maintenance release in the 1.10 series has been announced. You can download it from :

http://framework.zend.com/download/latest

This release includes more than 50 bugfixes, all made since the 1.10.0 release two weeks ago; these fixes help bring stability and maturity to the 1.10 series.