Released on 1 Mar 2008
MySQL 4.1.24 Changelog

End of Product Lifecycle. Active development and support for MySQL Database Server versions 3.23, 4.0, and 4.1 has ended. For details, see Please consider upgrading to a recent version. Further updates to the content of this manual will be minimal. All formats of this manual will continue to be available until 31 Dec 2010.

This is a bugfix release for the MySQL 4.1 release family.

Functionality Added or Changed

  • The ndbd and ndb_mgmd man pages have been reclassified from volume 1 to volume 8. (Bug #34642)

Bugs Fixed

  • Security Fix; Important Change: It was possible to circumvent privileges through the creation of MyISAM tables employing the DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory. Use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY path name is no longer permitted.


    Additional fixes were made in MySQL 4.1.25.

    (Bug #32167, CVE-2008-2079)

    References: See also Bug #39277.

  • Security Fix: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points.

    MySQL will now return an error when the file to which the symlink points already exists. (Bug #32111, CVE-2007-5969)

  • Security Fix: A malformed password packet in the connection protocol could cause the server to crash. Thanks for Dormando for reporting this bug, and for providing details and a proof of concept. (Bug #28984, CVE-2007-3780)

  • Security Enhancement: It was possible to force an error message of excessive length which could lead to a buffer overflow. This has been made no longer possible as a security precaution. (Bug #32707)

  • Replication: Connections from one mysqld server to another failed on Mac OS X, affecting replication and FEDERATED tables. (Bug #29083)

    References: See also Bug #26664.

  • An internal buffer in mysql was too short. Overextending it could cause stack problems or segmentation violations on some architectures. (This is not a problem that could be exploited to run arbitrary code.) (Bug #33841)

  • make_binary_distribution passed the --print-libgcc-file option to the C compiler, but this does not work with the ICC compiler. (Bug #33536)

  • Performing a full text search on a table could cause a crash on a 64-bit platforms with certain characteristics. Searches that were known to cause a crash with certain datasets included numeric values and strings where the match string included data enclosed in single or double quotation marks. (Bug #11392)

  • PURGE MASTER LOGS BEFORE (subquery) caused a server crash. Subqueries are forbidden in the BEFORE clause now. (Bug #28553)

  • mysql_setpermission tried to grant global-only privileges at the database level. (Bug #14618)

  • A field packet with NULL fields caused a libmysqlclient crash. (Bug #29494)

  • On 64-bit Windows systems, the Config Wizard failed to complete the setup because 64-bit Windows does not resolve dynamic linking of the 64-bit libmysql.dll to a 32-bit application like the Config Wizard. (Bug #14649)

  • When one thread attempts to lock two (or more) tables and another thread executes a statement that aborts these locks (such as REPAIR TABLE, OPTIMIZE TABLE, or CHECK TABLE), the thread might get a table object with an incorrect lock type in the table cache. The result is table corruption or a server crash. (Bug #28574)

  • Issuing a DELETE statement having both an ORDER BY clause and a LIMIT clause could cause mysqld to crash. (Bug #30385)

  • If an ENUM column contained '' as one of its members (represented with numeric value greater than 0), and the column contained error values (represented as 0 and displayed as ''), using ALTER TABLE to modify the column definition caused the 0 values to be given the numeric value of the nonzero '' member. (Bug #29251)

  • The semantics of BIGINT depended on platform-specific characteristics. (Bug #29079)

  • Using up-arrow for command-line recall in mysql could cause a segmentation fault. (Bug #10218)

  • Dropping a user-defined function could cause a server crash if the function was still in use by another thread. (Bug #27564)

  • Adding DISTINCT could cause incorrect rows to appear in a query result. (Bug #29911)

  • In some cases, INSERT INTO ... SELECT ... GROUP BY could insert rows even if the SELECT by itself produced an empty result. (Bug #29717)

  • Error returns from the time() system call were ignored. (Bug #27198)

  • If one thread was performing concurrent inserts, other threads reading from the same table using equality key searches could see the index values for new rows before the data values had been written, leading to reports of table corruption. (Bug #29838)

  • A network structure was initialized incorrectly, leading to embedded server crashes. (Bug #29117)

  • SELECT ... INTO OUTFILE followed by LOAD DATA could result in garbled characters when the FIELDS ENCLOSED BY clause named a delimiter of '0', 'b', 'n', 'r', 't', 'N', or 'Z' due to an interaction of character encoding and doubling for data values containing the enclosed-by character. (Bug #29294)

  • Format strings in English error messages were insufficiently wide for path names printed in those messages by the embedded server. (Bug #16635)

  • On Mac OS X, shared-library installation path names were incorrect. (Bug #28544)

  • For MEMORY tables, DELETE statements that remove rows based on an index read could fail to remove all matching rows. (Bug #30590)

  • For InnoDB tables that use the utf8 character set, incorrect results could occur for DML statements such as DELETE or UPDATE that use an index on character-based columns. (Bug #28878)

    References: See also Bug #29449, Bug #30485, Bug #31395. This bug was introduced by Bug #13195.

  • With small values of myisam_sort_buffer_size, REPAIR TABLE for MyISAM tables could cause a server crash. (Bug #31174)

  • Internal conversion routines could fail for several multi-byte character sets (big5, cp932, euckr, gb2312, sjis) for empty strings or during evaluation of SOUNDS LIKE. (Bug #31069, Bug #31070)

  • Versions of mysqldump from MySQL 4.1 or higher tried to use START TRANSACTION WITH CONSISTENT SNAPSHOT if the --single-transaction and --master-data options were given, even with servers older than 4.1 that do not support consistent snapshots. (Bug #30444)

  • A buffer used when setting variables was not dimensioned to accommodate the trailing '\0' byte, so a single-byte buffer overrun was possible. (Bug #31588)

  • Setting certain values on a table using a spatial index could cause the server to crash. (Bug #30286)

  • The GeomFromText() function could cause a server crash if the first argument was NULL or the empty string. (Bug #30955)

  • The server crashed on optimizations involving a join of INT and MEDIUMINT columns and a system variable in the WHERE clause. (Bug #32103)

  • Full-text searches on ucs2 columns caused a server crash. (FULLTEXT indexes on ucs2 columns cannot be used, but it should be possible to perform IN BOOLEAN MODE searches on ucs2 columns without a crash.) (Bug #31159)

  • For an almost-full MyISAM table, an insert that failed could leave the table in a corrupt state. (Bug #31305)

  • The server could crash during filesort for ORDER BY based on expressions with INET_NTOA() or OCT() if those functions returned NULL. (Bug #31758)

  • myisamchk --unpack could corrupt a table that when unpacked has static (fixed-length) row format. (Bug #31277)

  • Data in BLOB or GEOMETRY columns could be cropped when performing a UNION query. (Bug #31158)

  • Tables with a GEOMETRY column could be marked as corrupt if you added a non-SPATIAL index on a GEOMETRY column. (Bug #30284)

  • On some 64-bit systems, inserting the largest negative value into a BIGINT column resulted in incorrect data. (Bug #30069)

  • With lower_case_table_names set, CREATE TABLE LIKE was treated differently by libmysqld than by the nonembedded server. (Bug #32063)

  • ucs2 does not work as a client character set, but attempts to use it as such were not rejected. Now character_set_client cannot be set to ucs2. This also affects statements such as SET NAMES and SET CHARACTER SET. (Bug #31615)

  • Denormalized double-precision numbers cannot be handled properly by old MIPS processors. For IRIX, this is now handled by enabling a mode to use a software workaround. (Bug #29085)

  • The MySQL preferences pane did not work to start or stop MySQL on Mac OS X 10.5 (Leopard). (Bug #28854)

  • On Mac OS X, the StartupItem for MySQL did not work. (Bug #25008)