[debian-mysql] Bug#477072: mysql-dfsg-5.0 upload to s-p-u

sean finney seanius at debian.org
Tue Sep 8 12:31:11 UTC 2009 

hi folks,

aplogies for emailing *after* the upload, i spent so long getting one of
the patches tested and working that i ended up uploading without thinking
to email -release first.

anyway, i've uploaded an s-p-u version of mysql-dfsg-5.0 to address two
pretty significant problems with lenny's mysql.  from the changelog:

  [ Sean Finney ]
  * New patch 64_fix-dummy-thread-race-condition.dpatch to back out an
    unneeded workaround that causes segfaults in libmysqlclient15. Thanks
    to Martin Koegler for digging up the patch. (closes: #524366, #513204)

  [ Norbert Tretkowski ]
  * New patch 65_fix_gis_functions_crash.dpatch from 5.0.82 to fix a server
    crash with arbitrary data input plus GIS functions. (closes: #477072)

the first patch fixes what appear to be random segfaults for applications
linking against libmysqlclient15 when run on SMP systems (ex: apache2 with
php5 enabled).  right now the users are forced to use taskset to run the
applications on a single CPU/core.

the second patch is arguably a security/DoS issue, where some improper
SQL issued to GIS-enabled table/database could cause the entire server
die/restart, which cresults in the loss of all active transactions and
any memory based tables.  however it's apparently a bit of a corner case,
and because the first one is arguably *not* a security issue, i figured
that they could both be addressed in this upload.

in the debdiff you may also see some noise from the pofiles/changelog, which
i can only explain to be noise resulting from merging from the security
branch and/or svn-buildpackage (but neither are signficant, it's only a
corrected uploader and some changed line offsets AFAICT).

anyway, assuming that this is okay and gets approval, i'll merge this
into the pkg-mysql security branch (but i wanted to get it through s-p-u
first because of the non-security nature of the first change).


please let me know if there are any problems/questions/etc.

thanks!
	sean
-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20090908/229dd65f/attachment-0002.pgp>

More information about the pkg-mysql-maint mailing list