FROM THE CURRENT DIRECTORY
DESCRIPTION
===========
When 'mysqlaccess' tool is run, it reads (and executes) the
content of its configuration file 'mysqlaccess.conf' from
the current directory. This is not a recommended behaviour
as someone with ill intentions can insert malicious
instructions into this file which could be executed
whenever this tool is run.
ANALYSIS
========
The configuration file is presently looked for, in the
following folders (in given order):
1. Current directory
2. SYSCONFDIR //This gets expanded
3. /etc/
Owing to the reasons mentioned above, we should not permit
the file to be in the current directory. Since the other
two folders are assumed to be accessible only to authorized
people, the config file is safe to be read from there.
FIX
===
Modified the script so that it looks for the config file
now in the following two folders (in the given order):
1. SYSCONFDIR
2. /etc/
If it's absent from above locations but present in current
directory, an error is thrown asking the user to move the
file to one of the above locations and retry.
NOTE
====
The location paths and their precedence are not documented
for this tool. It needs to be noted as part of the
associated documentation.
when looking for my.cnf files: if DEFAULT_SYSCONFDIR (or INSTALL_SYSCONFDIR)
is specified (for rpms it always is), use that instead of hardcoded /etc path.
- Added --verbose to BUILD scripts to get make to write out compile commands.
- Detect if AM_EXTRA_MAKEFLAGS=VERBOSE=1 was used with build scripts.
- Don't write warnings about replication variables when doing bootstrap.
- Fixed that mysql_cond_wait() and mysql_cond_timedwait() will report original source file in case of errors.
- Ignore some compiler warnings
BUILD/FINISH.sh:
Detect if AM_EXTRA_MAKEFLAGS=VERBOSE=1 or --verbose was used
BUILD/SETUP.sh:
Added --verbose to print out the full compile lines
Updated help message
client/mysqltest.cc:
Fixed that one can use 'replace' with cat_file
cmake/configure.pl:
If --verbose is used, get make to write out compile commands
debian/dist/Debian/rules:
Added $AM_EXTRA_MAKEFLAGS to get VERBOSE=1 on buildbot builds
debian/dist/Ubuntu/rules:
Added $AM_EXTRA_MAKEFLAGS to get VERBOSE=1 on buildbot builds
include/my_pthread.h:
Made set_timespec_time_nsec() more portable.
include/mysql/psi/mysql_thread.h:
Fixed that mysql_cond_wait() and mysql_cond_timedwait() will report original source file in case of errors.
mysql-test/suite/innodb/r/auto_increment_dup.result:
Fixed wrong DBUG_SYNC
mysql-test/suite/innodb/t/auto_increment_dup.test:
Fixed wrong DBUG_SYNC
mysql-test/suite/perfschema/include/upgrade_check.inc:
Make test more portable for changes in *.sql files
mysql-test/suite/perfschema/r/pfs_upgrade.result:
Updated test results
mysql-test/valgrind.supp:
Ignore running Aria checkpoint thread
scripts/mysqlaccess.sh:
Changed reference of bugs database
Ensure that also client-server group is read.
sql/handler.cc:
Added missing syncpoint
sql/mysqld.cc:
Don't write warnings about replication variables when doing bootstrap
sql/mysqld.h:
Don't write warnings about replication variables when doing bootstrap
sql/rpl_rli.cc:
Don't write warnings about replication variables when doing bootstrap
sql/sql_insert.cc:
Don't mask SERVER_SHUTDOWN in insert_delayed
This is done to be able to distingush between shutdown and interrupt errors
support-files/compiler_warnings.supp:
Ignore some compiler warnings in xtradb,innobase, oqgraph, yassl, string3.h
- Removed files specific to compiling on OS/2
- Removed files specific to SCO Unix packaging
- Removed "libmysqld/copyright", text is included in documentation
- Removed LaTeX headers for NDB Doxygen documentation
- Removed obsolete NDB files
- Removed "mkisofs" binaries
- Removed the "cvs2cl.pl" script
- Changed a few GPL texts to use "program" instead of "library"
- Removed files specific to compiling on OS/2
- Removed files specific to SCO Unix packaging
- Removed "libmysqld/copyright", text is included in documentation
- Removed LaTeX headers for NDB Doxygen documentation
- Removed obsolete NDB files
- Removed "mkisofs" binaries
- Removed the "cvs2cl.pl" script
- Changed a few GPL texts to use "program" instead of "library"
scripts/Makefile.am:
pass --sysconfdir to scripts
scripts/mysqlaccess.sh:
use --sysconfdir instead of hardcoded /etc
scripts/mysqld_multi.sh:
use --sysconfdir instead of hardcoded /etc
client/mysqltest.c:
Added support for --enable_metadata
mysql-test/t/order_by.test:
Improved comment
scripts/mysqlaccess.sh:
CGI is required (Bug #2988)
sql/field.cc:
Fix to get correct metadata when using temporary tables to create result
sql/field.h:
Fix to get correct metadata when using temporary tables to create result
sql/sql_insert.cc:
Fix to get correct metadata when using temporary tables to create result
confuses RPM's Perl module dependency checking (it adds a bogus
requirement to "Perl(the)", as "use" is a Perl keyword). (BUG#1931)
scripts/mysqlaccess.sh:
- Rephrased option help text so it does not start with "use" as this
confuses RPM's Perl module dependency checking (it adds a bogus
requirement to "Perl(the)", as "use" is a Perl keyword). (BUG#1931)
sql-bench/bench-init.pl.sh:
- Rephrased option help text so it does not start with "use" as this
confuses RPM's Perl module dependency checking (it adds a bogus
requirement to "Perl(the)", as "use" is a Perl keyword). (BUG#1931)
address to report bugs to bugs@mysql.com (thanks to Christian Hammers
for pointing this out) - please merge this into all other trees!
scripts/mysqlaccess.sh:
- Yves mail address does not seem to be valid anymore - changed mail
address to report bugs to bugs@mysql.com (thanks to Christian Hammers
for pointing this out)
for the Debian project) to fix some architecture-specific problems
and some bugs
Makefile.am:
- put current directory (.) at front of SUBDIRS list, so that "distclean"
is done last. IF done first, "distclean" in include directory fails
because config.h is missing, which is removed by distclean in current
directory. (thanks to "jww" for the patch)
- make "distclean" in libmysql_r, too (Thanks to Christian Hammers from the
Debian project for the patch)
bdb/dist/aclocal/mutex.m4:
- Sparc patch for mutexes/pthreads from Christopher C. Chimelis and
Ben Collins from Debian (thanks to Christian Hammers from the Debian
project for forwarding it)
bdb/include/mutex.h:
- Patch for building on m68k architecture (originally provided
by Michael Fedrowitz for Debian Linux, thanks to Christian Hammers from
the Debian project for forwarding it)
ltconfig:
- A hardcoded "rpath" is forbidden by the Debian policy (thanks to
Christian Hammers from the Debian project for forwarding this patch)
man/isamchk.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/isamlog.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysql.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysql_zap.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysqlaccess.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysqladmin.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysqld.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysqld_multi.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/mysqldump.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
- fixed nroff mistake
man/mysqlshow.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/perror.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/replace.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
man/safe_mysqld.1:
- some syntactical correction in the headlines of the manpages for
apropos(1) (Thanks to Christian Hammers from the Debian project for
the patch)
scripts/mysql_fix_privilege_tables.sh:
- fixed some typos
- script cleanup
scripts/mysqlaccess.sh:
- make $script_log path less dependent on the shell
scripts/safe_mysqld.sh:
- applied patch provided by Debian to enhance security (This way all logs
and databases are created world-nothing).
Fixed bug in REPLACE with BDB tables
Prepare for write lock on read for BDB
Inform the handler when we want to use IGNORE / REPLACE
New manual pages
Docs/manual.texi:
Updates for BDB tables and new changes
client/mysql.cc:
Cleanup
configure.in:
Added sys/ioctl.h
heap/hp_rkey.c:
Fixed bug when reading next on not unique key
include/my_base.h:
Added new extra options
man/mysql.1:
Added example
mysys/my_write.c:
Safety fix
scripts/mysqlaccess.sh:
Removed debug output
scripts/safe_mysqld.sh:
Added --open-files-limit
sql-bench/Results/ATIS-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/RUN-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/alter-table-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/big-tables-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/connect-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/create-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/insert-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/select-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/Results/wisconsin-mysql-Linux_2.2.14_my_SMP_i686:
Updated to new benchmark
sql-bench/bench-init.pl.sh:
Updated to new benchmark
sql-bench/server-cfg.sh:
Fixes for HEAP tables
sql-bench/test-ATIS.sh:
Fix for heap tables
sql-bench/test-insert.sh:
Added some ORDER BY benchmarks to test more things
sql/ha_berkeley.cc:
Fix a bug in REPLACE
sql/ha_berkeley.h:
Fix to handle lock_on_read
sql/mysql_priv.h:
Prepare for internal subtransactions in BDB
sql/mysqld.cc:
Added -O open_files_limit=#
sql/sql_insert.cc:
Inform the handler when we want to use IGNORE / REPLACE
sql/sql_load.cc:
Inform the handler when we want to use IGNORE / REPLACE
sql/sql_parse.cc:
Cleanup
sql/sql_show.cc:
Cleanup
sql/sql_table.cc:
Inform the handler when we want to use IGNORE / REPLACE
sql/sql_update.cc:
Inform the handler when we want to use IGNORE / REPLACE
support-files/binary-configure.sh:
Better message
