Skip navigation links

Additional languages
5.3.4 Changes in MySQL 5.1.21 (16 August 2007) »
Section Navigation      [Toggle]

5.3.3. Changes in MySQL 5.1.23 (29 January 2008)

Functionality added or changed:

  • Important Change: Partitioning: Security Fix: It was possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options to gain privileges on other tables having the same name as the partitioned table. As a result of this fix, any table-level DATA DIRECTORY or INDEX DIRECTORY options are now ignored for partitioned tables. (Bug#32091, CVE-2007-5970)

    See also Bug#29325, Bug#32111

  • Incompatible Change: In MySQL 5.1.6, when log tables were implemented, the default log destination for the general query and slow query log was TABLE. This default has been changed to FILE, which is compatible with MySQL 5.0, but incompatible with earlier releases of MySQL 5.1 from 5.1.6 to 5.1.20. If you are upgrading from MySQL 5.0 to this release, no logging option changes should be necessary. However, if you are upgrading from 5.1.6 through 5.1.20 to this release and were using TABLE logging, use the --log-output=TABLE option explicitly to preserve your server's table-logging behavior.

    In MySQL 5.1.x, this bug was addressed twice because it turned out that the default was set in two places, only one of which was fixed the first time. (Bug#29993)

  • Incompatible Change

    The parser accepted statements that contained /* ... */ that were not properly closed with */, such as SELECT 1 /* + 2. Statements that contain unclosed /*-comments now are rejected with a syntax error.

    This fix has the potential to cause incompatibilities. Because of Bug#26302, which caused the trailing */ to be truncated from comments in views, stored routines, triggers, and events, it is possible that objects of those types may have been stored with definitions that now will be rejected as syntactically invalid. Such objects should be dropped and re-created so that their definitions do not contain truncated comments. (Bug#28779)

Bugs fixed:

  • Security Fix: Replication: It was possible for any connected user to issue a BINLOG statement, which could be used to escalate privileges.

    Use of the BINLOG statement now requires the SUPER privilege. (Bug#31611, CVE-2007-6313)

  • Security Fix: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL.

    Note

    The proof-of-concept exploit is freely available on the Internet. Everyone with a vulnerable MySQL configuration is advised to upgrade immediately.

    (Bug#33814, CVE-2008-0226, CVE-2008-0227)

  • Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

    MySQL will now return an error when the file to which the symlink points already exists. (Bug#32111, CVE-2007-5969)

  • Security Fix: ALTER VIEW retained the original DEFINER value, even when altered by another user, which could allow that user to gain the access rights of the view. Now ALTER VIEW is allowed only to the original definer or users with the SUPER privilege. (Bug#29908)

  • Security Fix: When using a FEDERATED table, the local server could be forced to crash if the remote server returned a result with fewer columns than expected. (Bug#29801)

  • Important Change: Incompatible Change: A number of problems existed in the implementation of MERGE tables that could cause problems. The problems are summarized below:

    • Bug#26379 - Combination of FLUSH TABLE and REPAIR TABLE corrupts a MERGE table. This was caused in a number of situations:

      1. A thread trying to lock a MERGE table performs busy waiting while REPAIR TABLE or a similar table administration task is ongoing on one or more of its MyISAM tables.

      2. A thread trying to lock a MERGE table performs busy waiting until all threads that did REPAIR TABLE or similar table administration tasks on one or more of its MyISAM tables in LOCK TABLES segments do UNLOCK TABLES. The difference against problem #1 is that the busy waiting takes place after the administration task. It is terminated by UNLOCK TABLES only.

      3. Two FLUSH TABLES within a LOCK TABLES segment can invalidate the lock. This does not require a MERGE table. The first FLUSH TABLES can be replaced by any statement that requires other threads to reopen the table. In 5.0 and 5.1 a single FLUSH TABLES can provoke the problem.

    • Bug#26867 - Simultaneously executing LOCK TABLES and REPAIR TABLE on a MERGE table would result in memory/cpu hogging.

      Trying DML on a MERGE table, which has a child locked and repaired by another thread, made an infinite loop in the server.

    • Bug#26377 - Deadlock with MERGE and FLUSH TABLE

      Locking a MERGE table and its children in parent-child order and flushing the child deadlocked the server.

    • Bug#25038 - Waiting TRUNCATE

      Truncating a MERGE child, while the MERGE table was in use, let the truncate fail instead of waiting for the table to become free.

    • Bug#25700 - MERGE base tables get corrupted by OPTIMIZE/ANALYZE/REPAIR TABLE

      Repairing a child of an open MERGE table corrupted the child. It was necessary to FLUSH the child first.

    • Bug#30275 - MERGE tables: FLUSH TABLES or UNLOCK TABLES causes server to crash.

      Flushing and optimizing locked MERGE children crashed the server.

    • Bug#19627 - temporary merge table locking

      Use of a temporary MERGE table with non-temporary children could corrupt the children.

      Temporary tables are never locked. Creation of tables with non-temporary children of a temporary MERGE table is now prohibited.

    • Bug#27660 - Falcon: MERGE table possible

      It was possible to create a MERGE table with non-MyISAM children.

    • Bug#30273 - MERGE tables: Can't lock file (errno: 155)

      This was a Windows-only bug. Table administration statements sometimes failed with "Can't lock file (errno: 155)".

    The fix introduces the following changes in behavior:

    • This patch changes the behavior of temporary MERGE tables. Temporary MERGE must have temporary children. The old behavior was wrong. A temporary table is not locked. Hence even non-temporary children were not locked. See Bug#19627.

    • You cannot change the union list of a non-temporary MERGE table when LOCK TABLES is in effect. The following does not work: 

      CREATE TABLE m1 ... ENGINE=MRG_MYISAM ...;
LOCK TABLES t1 WRITE, t2 WRITE, m1 WRITE;
ALTER TABLE m1 ... UNION=(t1,t2) ...;

      However, you can do this with a temporary MERGE table.

    • You cannot create a MERGE table with CREATE ... SELECT, neither as a temporary MERGE table, nor as a non-temporary MERGE table. For example, CREATE TABLE m1 ... ENGINE=MRG_MYISAM ... SELECT ...; causes the error message: table is not BASE TABLE.

    (Bug#19627, Bug#25038, Bug#25700, Bug#26377, Bug#26379, Bug#26867, Bug#27660, Bug#30275, Bug#30491)

  • Incompatible Change: It is no longer possible to create CSV tables with NULL columns. However, for backwards compatibility, you can continue to use such tables that were created in previous MySQL releases. (Bug#32050)

  • Incompatible Change: With ONLY_FULL_GROUP_BY SQL mode enabled, queries such as SELECT a FROM t1 HAVING COUNT(*)>2 were not being rejected as they should have been.

    This bugfix results in the following behavior:

    • There is a check against mixing group and non-group columns only when ONLY_FULL_GROUP_BY is enabled.

    • This check is done both for the select list and for the HAVING clause if there is one.

    This behavior differs from previous versions as follows:

    • Previously, the HAVING clause was not checked when ONLY_FULL_GROUP_BY was enabled; now it is checked.

    • Previously, the select list was checked even when ONLY_FULL_GROUP_BY was not enabled; now it is checked only when ONLY_FULL_GROUP_BY is enabled.

    (Bug#31794)

  • Incompatible Change: Inserting a row with a NULL value for a DATETIME column results in a CSV file that the storage engine cannot read.

    All CSV tables now need to be defined with each column marked as NOT NULL. An error is raised if you try to create a CSV table with columns that are not defined with NOT NULL. (Bug#31473, Bug#32817)

  • Incompatible Change: SET PASSWORD statements now cause an implicit commit, and thus are prohibited within stored functions and triggers. (Bug#30904)

  • Incompatible Change: The mysql_install_db script could fail to locate some components (including resolveip) during execution if the --basedir option was specified on the command-line or within the my.cnf file. This was due to a conflict when comparing the compiled-in values and the supplied values.

    The --source-install command-line option to the script has been removed and replaced with the --srcdir option. mysql_install_db now locates components either using the compiled-in options, the --basedir option or --srcdir option. (Bug#30759)

  • Incompatible Change: Multiple-table DELETE statements containing ambiguous aliases could have unintended side effects such as deleting rows from the wrong table. Example: 

    DELETE FROM t1 AS a2 USING t1 AS a1 INNER JOIN t2 AS a2;

    Now alias declarations can be declared only in the table_references part. Elsewhere in the statement, alias references are allowed but not alias declarations. Statements containing aliases that are no longer allowed must be rewritten. (Bug#30234)

    See also Bug#27525

  • Incompatible Change: Within a stored routine, it is no longer allowable to declare a cursor for a SHOW statement. This happened to work in some instances, but is no longer supported. (Bug#29223)

  • Incompatible Change: Several type-preserving functions and operators returned an incorrect result type that does not match their argument types: COALESCE(), IF(), IFNULL(), LEAST(), GREATEST(), CASE. These now aggregate using the precise SQL types of their arguments rather than the internal type. In addition, the result type of the STR_TO_DATE() function is now DATETIME by default. (Bug#27216)

  • Incompatible Change: GRANT and REVOKE statements now cause an implicit commit, and thus are prohibited within stored functions and triggers. (Bug#21975, Bug#21422, Bug#17244)

  • Incompatible Change: It was possible for option files to be read twice at program startup, if some of the standard option file locations turned out to be the same directory. Now duplicates are removed from the list of files to be read.

    Also, users could not override system-wide settings using ~/.my.cnf because SYSCONFDIR/my.cnf was read last. The latter file now is read earlier so that ~/.my.cnf can override system-wide settings.

    The fix for this problem had a side effect such that on Unix, MySQL programs looked for options in ~/my.cnf rather than the standard location of ~/.my.cnf. That problem was addressed as Bug#38180. (Bug#20748)