Security improvement: The server creates .frm, .MYD, .MYI, .MRG, .ISD, and .ISM table files only if a file with the same name does not already exist. Thanks to Stefano Di Paola <stefano.dipaola@wisec.it> for finding and informing us about this issue. (CVE-2005-0711)

Security improvement: User-defined functions should have at least one symbol defined in addition to the xxx symbol that corresponds to the main xxx() function. These auxiliary symbols correspond to the xxx_init(), xxx_deinit(), xxx_reset(), xxx_clear(), and xxx_add() functions. mysqld by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol. The --allow-suspicious-udfs option controls whether UDFs that have only an xxx symbol can be loaded. By default, the option is off. mysqld also checks UDF file names when it reads them from the mysql.func table and rejects those that contain directory path name separator characters. (It already checked names as given in CREATE FUNCTION statements.) See Section 18.2.2.1, “UDF Calling Sequences for Simple Functions”, Section 18.2.2.2, “UDF Calling Sequences for Aggregate Functions”, and Section 18.2.2.6, “User-Defined Function Security Precautions”. Thanks to Stefano Di Paola <stefano.dipaola@wisec.it> for finding and informing us about this issue. (CVE-2005-0709, CVE-2005-0710)

InnoDB: Added configuration option and settable global variable innodb_autoextend_increment for setting the size in megabytes by which InnoDB tablespaces are extended when they become full. The default value is 8, corresponding to the fixed increment of 8MB in previous versions of MySQL.

InnoDB: Do not acquire an internal InnoDB table lock in LOCK TABLES if autocommit = 1. This helps in porting old MyISAM applications to InnoDB. InnoDB table locks in that case caused deadlocks very easily.

AES_DECRYPT(col_name,key) could fail to return NULL for invalid values in col_name, if col_name was declared as NOT NULL. (Bug#8669)

FOUND_ROWS() returned an incorrect value after a SELECT SQL_CALC_FOUND_ROWS DISTINCT statement that selected constants and included GROUP BY and LIMIT clauses. (Bug#7945)

Index cardinality was not being updated properly for TEMPORARY tables under some circumstances, such as CREATE TABLE ... SELECT followed by ANALYZE TABLE. (Bug#7519)

Fixed a server crash caused by DELETE FROM tbl_name ... WHERE ... ORDER BY tbl_name.col_name when the ORDER BY column was qualified with the table name. (Bug#8392)

Fixed a bug in MATCH ... AGAINST in natural language mode that could cause a server crash if the FULLTEXT index was not used in a join (EXPLAIN did not show fulltext join mode) and the search query matched no rows in the table (Bug#8522).

Platform and architecture information in version information produced for --version option on Windows was always Win95/Win98 (i32). More accurately determine platform as Win32 or Win64 for 32-bit or 64-bit Windows, and architecture as ia32 for x86, ia64 for Itanium, and axp for Alpha. (Bug#4445)

Fixed an optimization problem that allowed a negative number to be stored in a DOUBLE UNSIGNED column when it was assigned a value from a signed DOUBLE column. (Bug#7700)

Fixed a failure of multiple-table updates to replicate properly on slave servers when --replicate-*-table options had been specified. (Bug#7011)

Renamed set_bit() and clear_bit() functions in source code to avoid a conflict with functions of the same names in Linux kernel header files. (Bug#7971)

Part of the information being used to cache access-permission lookups was not always reinitialized properly, particularly for connections from localhost on Windows. The result was connection failures that appeared to occur randomly. (Bug#5569)

Corrected a problem with the QUOTE() function returning bad results. (Bug#8248)

Fixed a problem where INSERT INTO ...SELECT failed when the source and target table were the same. (Bug#6034)

Fixed a problem where RPM installation on Linux as a nonprivileged user would result in incomplete installation. (Bug#7347)

Change thread stack size used for building Linux RPM distributions to avoid warnings about stack size during server startup. (Bug#6226)

Fixed a symlink vulnerability in the mysqlaccess script. Reported by Javier Fernandez-Sanguino Pena and Debian Security Audit Team. (CVE-2005-0004)

Fixed support for C API function mysql_list_fields(), which was accidentally broken in 4.0.22 (Bug#6761)

Make query_cache_wlock_invalidate system variable visible in SHOW VARIABLES output. (Bug#7594)

Fixed a bug which caused FROM_UNIXTIME() function to return NULL for zero argument instead of the Epoch. (Bug#7515)

Now in datetime values two digit year is interpreted as year in 20th or 21st century even with zero month and day. (Bug#7297)

Fixed a bug in QUOTE function when used in conjunction with some other string functions. This lead to severe buffer overflow and server crashing. (Bug#7495)

InnoDB: Work around a problem in AIX 5.1 patched with ML7 security patch: InnoDB would refuse to open its ibdata files, complaining about an operating system error 0.

InnoDB: Fixed a memory corruption bug if one created a table with a primary key that contained at least two column prefixes. An example: CREATE TABLE t(a char(100), b tinyblob, PRIMARY KEY(a(5), b(10))).

InnoDB: Use native tmpfile() function on Netware. All InnoDB temporary files are created under sys:\tmp. Previously, InnoDB temporary files were never deleted on Netware.

InnoDB: Honor the --tmpdir startup option when creating temporary files. Previously, InnoDB temporary files were always created in the temporary directory of the operating system. On Netware, InnoDB will continue to ignore --tmpdir. (Bug#5822)

InnoDB: Fix a theoretical hang over the adaptive hash latch in InnoDB if one runs INSERT ... SELECT ... (binlog not enabled), or a multiple-table UPDATE or DELETE, and only the read tables are InnoDB type, the rest are MyISAM; this also fixes Bug#7879 for InnoDB type tables. (Bug#7879)

InnoDB: Fixed a bug: 32-bit mysqld binaries built on HP-UX-11 did not work with InnoDB files greater than 2 GB in size. (Bug#6189)

InnoDB: Fixed a bug: InnoDB failed to drop a table in the background drop queue if the table was referenced by a foreign key constraint.

InnoDB: Fixed a bug: if we dropped a table where an INSERT was waiting for a lock to check a FOREIGN KEY constraint, then an assertion would fail in lock_reset_all_on_table(), since that operation assumes no waiting locks on the table or its records.

Fixed that, when encountering a “disk full” or “quota exceeded” write error, MyISAM sometimes didn't sleep and retry the write, thus resulting in a corrupted table. (Bug#7714)

Fixed that a slave could crash after replicating many ANALYZE TABLE, OPTIMIZE TABLE, or REPAIR TABLE statements from the master. (Bug#6461, Bug#7658)

Fixed a bug where MySQL was allowing concurrent updates (inserts, deletes) to a table if binary logging is enabled. Changed to ensure that all updates are executed in a serialized fashion, because they are executed serialized when binlog is replayed. (Bug#7879)

Fixed a bug in replication that caused the master to stamp generated statements (such as SET statements) with an error_code intended only for another statement. This could happen, for example, when a statements generates a duplicate key error on the master but must be replicated. (Bug#8412)

Documented problem with using mysqldump in 4.0.x to dump TIMESTAMP(2) and TIMESTAMP(4) data types. (Bug#6530)