AtomiCorp: Security for Everyone - Atomic Yum Repository

Atomic Yum Repository

[atomic] mysql 5.5.19 Released

Written by Scott Shinn

Tuesday, 03 January 2012 09:41

Changelog

Performance of metadata locking operations on Windows XP systems was improved by instituting a cache for metadata lock objects. This permits the server to avoid expensive operations for creation and destruction of synchronization objects on XP. A new system variable, metadata_locks_cache_size, permits control over the size of the cache. The default size is 1024. (Bug #12695572)
Replication: Previously, replication slaves could connect to the master server through master accounts that use nonnative authentication, except Windows native authentication. This is now also true for Windows native authentication.

Bugs Fixed

InnoDB Storage Engine: An internal deadlock could occur within InnoDB, on a server doing a substantial amount of change buffering for DML operations, particularly DELETE statements. (Bug #13340047)
Replication: When a statement containing a large number of rows to be applied on a slave table that does not contain a primary key, a considerable amount of time can be needed to find and change all the rows that are to be changed. The current fix helps diagnose this issue by printing a message to the error log if the execution time for a given statement replicated using row-based replication takes more than 60 seconds. log_warnings must be greater than 1 for this message to be printed to the error log. (Bug #11760927, Bug #53375)
Rounding DBL_MAX returned DBL_MAX, not 'inf'. (Bug #13261955)
mysql_upgrade did not upgrade the system tables or create the mysql_upgrade_info file when run with the --write-binlog or --skip-write-binlog option. (Bug #60223, Bug #11827359)
If a plugin was uninstalled, thread local variables for plugin variables of string type with wth PLUGIN_VAR_MEMALLOC flag were not freed. (Bug #56652, Bug #11763882)
Deadlock could occur when these four things happened at the same time: 1) An old dump thread was waiting for the binary log to grow. 2) The slave server that replicates from the old dump thread tried to reconnect. During reconnection, the new dump thread tried to kill the old dump thread. 3) A KILL statement tried to kill the old dump thread. 4) An INSERT statement caused a binary log rotation. (Bug #56299, Bug #11763573)

To Upgrade:

yum upgrade mysql

Add new comment

[atomic] php 5.3.8 Released

Wednesday, 31 August 2011 10:01

Note: As there was no atomic 5.3.7 release, so the changelog from 5.3.7 is included.

Changelog:

Fixed bug #55439 (crypt() returns only the salt for MD5)
Reverted a change in timeout handling restoring PHP 5.3.6 behavior, which caused mysqlnd SSL connections to hang (Bug #55283).
Updated crypt_blowfish to 1.2. (CVE-2011-2483) (more info)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
Upgraded bundled Sqlite3 to version 3.7.7.1
Upgraded bundled PCRE to version 8.12
Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
Fixed bug #54585 (track_errors causes segfault)
Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
Fixed a crash inside dtor for error handling
Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
Fixed bug #54935 php_win_err can lead to crash
Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)
Fixed bug #54529 (SAPI crashes on apache_config.c:197)
Fixed bug #54283 (new DatePeriod(NULL) causes crash).
Fixed bug #54269 (Short exception message buffer causes crash)
Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the parent constructor)
Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())
Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0)
Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)
Fixed bug #54681 (addGlob() crashes on invalid flags)
Over 80 other bug fixes.

To Upgrade:
yum upgrade php

Add new comment

[atomic] openvas-scanner 3.2.4

Written by Scott Shinn

Monday, 13 June 2011 16:05

Changelog:
* src/ntp_11.c (ntp_1x_send_dependencies): Revert last commit as it removed a used variable.
* src/ntp_11.c: remove unused variable to fix compilation wih GCC 4.6.
* Close some leaks. Based on patch from Michael Wiegand. Backport from trunk r11050.
* src/oval_plugins.c (start_element, text, oval_plugin_add): Always free memory that is allocated by glib functions. Take into account that the nvti_set_* functions duplicate the given memory. (ovaldi_launch): Add leak todos.
* Deal with GCC 4.6 warnings. Thanks to Stephan Kleine for original patch. Backport from trunk r11034.
* src/attack.c (attack_network): Remove stray variables.
* src/nasl_plugins.c (nasl_thread): Check nice return.
* src/openvassd.c (scanner_thread): Check nice return.
* src/oval_plugins.c (oval_plugin_add): Set NVT description correctly in overlength case.
* src/preferences.c (preferences_drop_privileges): Remove variable previously used for trace message.
* src/shared_socket.c (openvassd_shared_socket_register): Check internal_recv return.
* src/sighand.c (let_em_die): Remove return variable, as the waitpid may fail in legitimate cases.
* tools/openvas-nvt-sync.in: Put the mktemp template last, otherwise Ubuntu 9.10 gives an error. (do_sync): Correct typo.
* src/ntp_11.c (ntp_1x_send_dependencies): fixed memory leak reported by Valgrind.
* src/pluginload.c (collect_nvts): fixed memory leak reported by Valgrind.

To Upgrade:
yum upgrade openvas-scanner

Add new comment

[atomic] mysql 5.1.57 Released

Written by Scott Shinn

Monday, 09 May 2011 11:57

Changelog:

When invoked with the --auto-generate-sql option, mysqlslap dropped the schema specified with the --create-schema option at the end of the test run, which may have been unexpected by the user. mysqlslap no longer drops the schema, but has a new --create-and-drop-schema schema that both creates and drops a schema. (Bug #58090, Bug #11765157)
A new system variable, max_long_data_size, now controls the maximum size of parameter values that can be sent with the mysql_stmt_send_long_data() C API function. If not set at server startup, the default is the value of the max_allowed_packet system variable. This variable is deprecated. In MySQL 5.6, it is removed and the maximum parameter size is controlled by max_allowed_packet.

Bugs fixed:

InnoDB Storage Engine: Replication: Trying to update a column, previously set to NULL, of an InnoDB table with no primary key caused replication to fail with Can't find record in 'table' on the slave. (Bug #11766865, Bug #60091)
InnoDB Storage Engine: The server could halt if InnoDB interpreted a very heavy I/O load for 15 minutes or more as an indication that the server was hung. This change fixes the logic that measures how long InnoDB threads were waiting, which formerly could produce false positives. (Bug #11877216, Bug #11755413, Bug #47183)
Replication: Using the --server-id option with mysqlbinlog could cause format description log events to be filtered out of the binary log, leaving mysqlbinlog unable to read the remainder of the log. Now such events are always read without regard to the value of this option.

As part of the the fix for this problem, mysqlbinlog now also reads rotate log events without regard to the value of --server-id. (Bug #11766427, Bug #59530)
Partitioning: A problem with a previous fix for poor performance of INSERT ON DUPLICATE KEY UPDATE statements on tables having many partitions caused the handler function for reading a row from a specific index to fail to store the ID of the partition last used. This caused some statements to fail with Can't find record errors. (Bug #59297, Bug #11766232)
InnoDB invoked some zlib functions without proper initialization. (Bug #11849231)
Two unused test files in storage/ndb/test/sql contained incorrect versions of the GNU Lesser General Public License. The files and the directory containing them have been removed. (Bug #11810224)

See also Bug #11810156.

Selecting from a view for which the definition included a HAVING clause failed with an error:

1356: View '...' references invalid table(s) or column(s)
or function(s) or definer/invoker of view lack rights to use them

(Bug #60295, Bug #11829681)

The server permitted max_allowed_packet to be set lower than net_buffer_length, which does not make sense because max_allowed_packet is the upper limit on net_buffer_length values. Now a warning occurs and the value remains unchanged. (Bug #59959, Bug #11766769)
The server read one byte too many when trying to process an XML string lacking a closing quote (') or double quote (") character used as an argument for UpdateXML() or ExtractValue(). (Bug #59901, Bug #11766725)

See also Bug #44332, Bug #11752979.
Attempting to create a spatial index on a CHAR column longer than 31 bytes led to an assertion failure if the server was compiled with safemutex support. (Bug #59888, Bug #11766714)
Aggregation followed by a subquery could produce an incorrect result. (Bug #59839, Bug #11766675)
An incorrect character set pointer passed to my_strtoll10_mb2() caused an assertion to be raised. (Bug #59648, Bug #11766519)
A missing variable initialization for Item_func_set_user_var objects could cause an assertion to be raised. (Bug #59527, Bug #11766424)
mysqldump did not quote database names in ALTER DATABASE statements in its output, which could cause an error at reload time for database names containing a dash. (Bug #59398, Bug #11766310)
In Item_func_month::val_str(), a Valgrind warning for a too-late NULL value check was corrected. (Bug #59166, Bug #11766126)
In Item::get_date, a Valgrind warning for a missing NULL value check was corrected. (Bug #59164, Bug #11766124)
In extract_date_time(), a Valgrind warning for a missing end-of-string check was corrected. (Bug #59151, Bug #11766112)
In string context, the MIN() and MAX() functions did not take into account the unsignedness of a BIGINT UNSIGNED argument. (Bug #59132, Bug #11766094)
In Item_func::val_decimal, a Valgrind warning for a missing NULL value check was corrected. (Bug #59125, Bug #11766087)
In Item_func_str_to_date::val_str, a Valgrind warning for an uninitialized variable was corrected. (Bug #58154, Bug #11765216)
The code for PROCEDURE ANALYSE() had a missing DBUG_RETURN statement, which could cause a server crash in debug builds. (Bug #58140, Bug #11765202)
An assertion could be raised in Item_func_int_val::fix_num_length_and_dec() due to overflow for geometry functions. (Bug #57900, Bug #11764994)
An assertion could be raised if a statement that required a name lock on a table (for example, DROP TRIGGER) executed concurrently with an INFORMATION_SCHEMA query that also used the table. (Bug #56541, Bug #11763784)
For a client connected using SSL, the Ssl_cipher_list status variable was empty and did not show the possible cipher types. (Bug #52596, Bug #11760210)
With lower_case_table_names=2, resolution of objects qualified by database names could fail. (Bug #50924, Bug #11758687)
A potential invalid memory access discovered by Valgrind was fixed. (Bug #48053, Bug #11756169)
Bitmap functions used in one thread could change bitmaps used by other threads, causing an assertion to be raised. (Bug #43152, Bug #11752069)
SHOW EVENTS did not always show events from the correct database. (Bug #41907, Bug #11751148)