Released on 6 May 2006
MySQL 4.0.27 Changelog

End of Product Lifecycle. Active development and support for MySQL Database Server versions 3.23, 4.0, and 4.1 has ended. For details, see Please consider upgrading to a recent version. Further updates to the content of this manual will be minimal. All formats of this manual will continue to be available until 31 Dec 2010.

This is a security fix release and bugfix release for the MySQL 4.0 release family.

This release includes the patches for recently reported security vulnerabilites in the MySQL client/server protocol. We would like to thank Stefano Di Paola for finding and reporting these to us.

Functionality added or changed:

  • The MySQL-server RPM now explicitly assigns the mysql system user to the mysql user group during the postinstallation process. This corrects an issue with upgrading the server on some Linux distributions whereby a previously existing mysql user was not changed to the mysql group, resulting in wrong groups for files created following the installation. (Bug #12823)

  • Better detection of connection timeout for replication servers on Windows enables elimination of extraneous Lost connection errors in the error log. (Bug #5588)

Bugs fixed:

  • Security fix: A malicious client, using specially crafted invalid login or COM_TABLE_DUMP packets was able to read uninitialized memory, which potentially, though unlikely in MySQL, could have led to an information disclosure. (CVE-2006-1516, CVE-2006-1517) Thanks to Stefano Di Paola for finding and reporting this bug.

  • MySQL-shared-compat-4.0.26-0.i386.rpm incorrectly depend on glibc 2.3 and cannot not be installed on a glibc 2.2 system. For MySQL 4.0, use the older MySQL-shared-compat-4.0.25-0.i386.rpm package. (Bug #16539)

  • Running myisampack followed by myisamchk with the --unpack option would corrupt the auto_increment key. (Bug #12633)

  • When myisamchk needed to rebuild a table, AUTO_INCREMENT information was lost. (Bug #10405)

  • Avoid trying to include <asm/atomic.h> when it doesn't work in C++ code. (Bug #13621)

  • BIT_COUNT() could return an incorrect value for right table columns in a LEFT JOIN. (Bug #13044)

  • MySQL would not compile on Linux distributions that use the tinfo library. (Bug #18912)

  • An UPDATE statement which tried to update a column with a name beginning with an asterisk would cause the server to crash. This was because the server would wrongly expand the * character to the list of all table columns, causing the list of columns to become longer than the list of values. Now the server performs this expansion only if the * character is followed by a space. (Bug #16510)

  • An INSERT ... SELECT statement between tables in a MERGE set can return errors when statement involves insert into child table from merge table or vice-versa. (Bug #5390)

  • Fixed problems with static variables to allow building on Fedora Core 3. (Bug #6554)

  • A LIMIT-related optimization failed to take into account that MyISAM table indexes can be disabled, causing Error 124 when it tried to use such an index. (Bug #14616)

  • For a table that had been opened with HANDLER OPEN, issuing OPTIMIZE TABLE, ALTER TABLE, or REPAIR TABLE caused a server crash. (Bug #14397)

  • Queries of the form (SELECT ...) ORDER BY ... were being treated as a UNION. This improperly resulted in only distinct values being returned (because UNION by default eliminates duplicate results). Also, references to column aliases in ORDER BY clauses following parenthesized SELECT statements were not resolved properly. (Bug #7672)

  • SELECT DISTINCT with a GROUP BY clause caused a server crash. (Bug #13855)

  • SHOW CREATE TABLE did not display any FOREIGN KEY clauses if a temporary file could not be created. Now SHOW CREATE TABLE displays an error message in an SQL comment if this occurs. (Bug #13002)

  • MySQL programs in binary distributions for Solaris 8/9/10 x86 systems would not run on Pentium III machines. (Bug #6772)

  • Queries against a MERGE table that has a composite index could produce incorrect results. (Bug #9112)

  • The counters for the Key_read_requests, Key_reads, Key_write_requests, and Key_writes status variables were changed from unsigned long to unsigned longlong to accommodate larger values before the variables roll over and restart from 0. (Bug #12920)

  • A concurrency problem for CREATE ... SELECT could cause a server crash. (Bug #12845)

  • On HP-UX 11.x (PA-RISC), the -L option caused mysqlimport to crash. (Bug #12958)

  • The server crashed when one thread resized the query cache while another thread was using it. (Bug #12848)