The fix for bug 31887 was incomplete : it assumes that all the 
field types returned by the IS_NUM macro are descendants of 
Item_num and tries to zero-fill the values before doing constant
substitution with such fields when they are compared to constant string
values.
The only exception to this is Field_timestamp : it's in the IS_NUM
macro, but is not a descendant of Field_num.
Fixed by excluding timestamp fields (Field_timestamp) when zero-filling
when converting the constant to compare with to a string.
Note that this will not exclude the timestamp columns from const 
propagation.

mysql-test/r/compare.result:
  Bug #39353: test case
mysql-test/t/compare.test:
  Bug #39353: test case
sql/item.cc:
  Bug #39353: don't zero-fill timestamp fields when const propagating
  to a string : they'll be converted to a string in a date/time format
  and not as an integer.

--ps-protocol problem has been fixed.


sql/item_func.cc:
  Added update of Item_func_set_user_var::entry->update_query_id
  for every PS execution.

           columns data types

The "SELECT @lastId, @lastId := Id FROM t" query returns
different result sets depending on the type of the Id column
(INT or BIGINT).

Note: this fix doesn't cover the case when a select query
references an user variable and stored function that
updates a value of that variable, in this case a result
is indeterminate.


The server uses incorrect assumption about a constantness of
an user variable value as a select list item: 

The server caches a last query number where that variable
was changed and compares this number with a current query
number. If these numbers are different, the server guesses,
that the variable is not updating in the current query, so
a respective select list item is a constant. However, in some
common cases the server updates cached query number too late.


The server has been modified to memorize user variable
assignments during the parse phase to take them into account
on the next (query preparation) phase independently of the
order of user variable references/assignments in a select
item list.


mysql-test/r/user_var.result:
  Added test case for bug #26020.
mysql-test/t/user_var.test:
  Added test case for bug #26020.
sql/item_func.cc:
  An update of entry and update_query_id variables has been
  moved from Item_func_set_user_var::fix_fields() to a separate
  method, Item_func_set_user_var::set_entry().
sql/item_func.h:
  1. The Item_func_set_user_var::set_entry() method has been
  added to update Item_func_set_user_var::entry.
  
  2. The Item_func_set_user_var::entry_thd field has beend
  added to update Item_func_set_user_var::entry only when
  needed.
sql/sql_base.cc:
  Fix: setup_fiedls() calls Item_func_set_user_var::set_entry()
  for all items from the thd->lex->set_var_list before the first
  call of ::fix_fields().
sql/sql_lex.cc:
  The lex_start function has been modified to reset
  the st_lex::set_var_list list.
sql/sql_lex.h:
  New st_lex::set_var_list field has been added to
  memorize all user variable assignments in the current
  select query.
sql/sql_yacc.yy:
  The variable_aux rule has been modified to memorize
  in-query user variable assignments in the
  st_lex::set_var_list list.

If [NOT] PRESERVE was not given, parser always defaulted to NOT
PRESERVE, making it impossible for the "not given = no change"
rule to work in ALTER EVENT. Leaving out the PRESERVE-clause
defaults to NOT PRESERVE on CREATE now, and to "no change" in
ALTER.

mysql-test/r/events_2.result:
  show that giving no PRESERVE-clause to ALTER EVENT
  results in no change. show that giving no PRESERVE-clause
  to CREATE EVENT defaults to NOT PRESERVE as per the docs.
  Show specifically that this is also handled correctly when
  trying to ALTER EVENTs into the past.
mysql-test/t/events_2.test:
  show that giving no PRESERVE-clause to ALTER EVENT
  results in no change. show that giving no PRESERVE-clause
  to CREATE EVENT defaults to NOT PRESERVE as per the docs.
  Show specifically that this is also handled correctly when
  trying to ALTER EVENTs into the past.
sql/event_db_repository.cc:
  If ALTER EVENT was given no PRESERVE-clause (meaning "no change"),
  we don't know the previous PRESERVE-setting by the time we check
  the parse-data. If ALTER EVENT was given dates that are in the past,
  we don't know how to react, lacking the PRESERVE-setting. Heal this
  by running the check later when we have actually read the previous
  EVENT-data.
sql/event_parse_data.cc:
  Change default for ON COMPLETION to indicate, "not specified."
  Also defer throwing errors when ALTER EVENT is given dates in
  the past but not PRESERVE-clause until we know the previous
  PRESERVE-value.
sql/event_parse_data.h:
  Add third state for ON COMPLETION [NOT] PRESERVE (preserve,
  don't, not specified).
  
  Make check_dates() public so we can defer this check until
  deeper in the callstack where we have all the required data.
sql/sql_yacc.yy:
  If CREATE EVENT is not given ON COMPLETION [NOT] PRESERVE,
  we default to NOT, as per the docs.

mysqldump creates stand-in tables before dumping the actual view.
Those tables were of the default type; if the view had more columns
than that (a pathological case, arguably), loading the dump would
fail. We now make the temporary stand-ins MyISAM tables to prevent
this.

client/mysqldump.c:
  When creating a stand-in table, specify its type to
  avoid defaulting to a type with a column-number limit
  (like Inno). The type is always MyISAM as we know that
  to be available.
mysql-test/r/mysqldump-max.result:
  add test results for 31434
mysql-test/r/mysqldump.result:
  mysqldump sets engine-type (MyISAM) for stand-in tables
  for views now. Update test results.
mysql-test/t/mysqldump-max.test:
  Show that mysqldump's stand-in tables for views explicitly
  set engine-type to MyISAM to avoid falling back on an engine
  that might support fewer columns than the final view requires
  (here's lookin' at you, inno). Also show that this actually
  has the desired effect by dumping and reloading a view that
  has more columns than inno supports.

mysqldump creates stand-in tables before dumping the actual view.
Those tables were of the default type; if the view had more columns
than that (a pathological case, arguably), loading the dump would
fail. We now make the temporary stand-ins MyISAM tables to prevent
this.

client/mysqldump.c:
  When creating a stand-in table, specify its type to
  avoid defaulting to a type with a column-number limit
  (like Inno). The type is always MyISAM as we know that
  to be available.
mysql-test/r/mysqldump.result:
  mysqldump sets engine-type (MyISAM) for stand-in tables
  for views now. Update test results.

Problem: <=> operator may return wrong results 
comparing NULL and a DATE/DATETIME/TIME value.

Fix: properly check NULLs.


mysql-test/r/type_datetime.result:
  Fix for bug#37526: asymertic operator <=> in trigger
    - test result.
mysql-test/t/type_datetime.test:
  Fix for bug#37526: asymertic operator <=> in trigger
    - test case.
sql/item_cmpfunc.cc:
  Fix for bug#37526: asymertic operator <=> in trigger
    - if is_nulls_eq is TRUE Arg_comparator::compare_datetime() 
  should return 1 only if both arguments are NULL.

statement/stored procedure

View privileges are properly checked after the fix for bug no 
36086, so the method TABLE_LIST::get_db_name() must be used 
instead of field TABLE_LIST::db, as this only works for tables.
Bug appears when accessing views in prepared statements.

mysql-test/r/view_grant.result:
  Bug#35600: Extended existing test case.
mysql-test/t/view_grant.test:
  Bug#35600: Extended existing test result.
sql/sql_parse.cc:
  Bug#35600: Using method to retrieve database name instead of
  field.

SUPER is not required to change binlog format for session

A user without SUPER privileges can change the value of the
session variable BINLOG_FORMAT, causing problems for a DBA.

This changeset requires a user to have SUPER privileges to
change the value of the session variable BINLOG_FORMAT, and
not only the global variable BINLOG_FORMAT.


mysql-test/suite/binlog/t/binlog_grant.test:
  Adding test to test grants needed for SQL_LOG_BIN and BINLOG_FORMAT.
sql/set_var.cc:
  Adding code to check that user has SUPER permission
  needed to change the value of BINLOG_FORMAT.
sql/set_var.h:
  Adding function sys_var_thd_binlog_format::check()

SET col
                  
When reporting a duplicate key error the server was making incorrect assumptions 
on what the state of the value string to include in the error is.

Fixed by accessing the data in this string in a "safe" way (without relying on it
having a terminating 0).
      
Detected by code analysis and fixed a similar problem in reporting the foreign key
duplicate errors.

mysql-test/r/type_set.result:
  Bug #38701: test case
mysql-test/t/type_set.test:
  Bug #38701: test case
sql/handler.cc:
  Bug #38701: don't rely on the presence of a terminating 0 in the string

configure.in:
  change server version number to 5.1.29

Added a rule that uses gcc to generate preprocessor
output (gcc -E) that can be compared to an already
generated output using the diff utility.

icheck has been removed and replaced by gcc -E
because icheck does not support C++.

Makefile.am:
  Added a rule for checking that the abi/api
  has not changed.
  
  The following rules are followed in the rule in makefile.am
  
  1) Generate preprocessor output for the
     files that need to be tested for abi/ 
     api changes. use -nostdinc to prevent
     generation of preprocessor output for
     system headers. This results in
     messages in stderr saying that these
     headers were not found. Redirect the
     stderr output to /dev/null to prevent
     seeing these messages.
  2) sed the output to 
     2.1) remove blank lines and lines that
          begin with "# "
     2.2) When gcc -E is run on the Mac OS 
          and solaris sparc platforms it
          introduces a line of output that
          shows up as a difference between
          the .pp and .out files. Remove
          these OS specific preprocessor
          text inserted by the preprocessor.
  3) diff the generated file and the canons
     (.pp files already in the repository).
  4) delete the .out file that is generated.
     If the diff fails, the generated file 
     is not removed. This will be useful
     for analysis of ABI differences (e.g.
     using a visual diff tool).
  
  A ABI change that causes a build to fail will always be accompanied by new canons (.out files). The .out files that are not removed will be replaced as the new .pp files.
  
  e.g. If include/mysql/plugin.h has an ABI
       change then this rule would leave a
       <build directory>/abi_check.out file.
  
  A developer with a justified API change will then do a 
  
  mv <build directory>/abi_check.out include/mysql/plugin.pp 
  
  to replace the old canons with the new ones.
configure.in:
  1) Removed the part of the file that was
     icheck related
  2) Added an entry for the configure
     variable DIFF
  3) Ensured that the abi_check rule is run
     only if gcc is available
include/Makefile.am:
  1) Removed the icheck related entries
include/mysql.h.pp:
  The pre-processor output cannon file for
  include/mysql.h
include/mysql/plugin.h.pp:
  The pre-processor output cannon file
  for include/mysql/plugin.h
include/mysql_h.ic:
  Removed the cannon file related to icheck.
sql/mysql_priv.h.pp:
  The pre-processor output cannon file for
  sql/mysql_priv.h

      
The check_table_access function initializes per-table grant info and performs
access rights check. It wasn't called for SHOW STATUS statement thus left
grants info uninitialized. In some cases this led to server crash. In other
cases it allowed a user to check for presence/absence of arbitrary values in
any tables.
      
Now the check_table_access function is called prior to the statement
processing.


mysql-test/r/status.result:
  Added a test case for the bug#37908.
mysql-test/t/status.test:
  Added a test case for the bug#37908.
sql/sql_parse.cc:
  Bug#37908: Skipped access right check caused server crash.
  Now the check_table_access function is called when the SHOW STATUS statement
  uses any table except information.STATUS.
sql/sql_yacc.yy:
  Bug#37908: Skipped access right check caused server crash.
  For the SHOW PROCEDURE/FUNCTION STATUS the 'mysql.proc' table isn't added
  to the table list anymore as there is no need.

Problem: SELECT ... REGEXP BINARY NULL may lead to server crash/hang.

Fix: properly handle NULL regular expressions.


mysql-test/r/func_regexp.result:
  Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
    - test result.
mysql-test/t/func_regexp.test:
  Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
    - test case.
sql/item_cmpfunc.cc:
  Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
    - checking regular expressions' null_value
  we tested it without a val_xxx() call before, which is wrong.
  Now Item_func_regex::regcomp() returns -1 in the case
  and allows to handle NULL expessions properly.
sql/item_cmpfunc.h:
  Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
    - checking regular expressions' null_value
  we tested it without a val_xxx() call before, which is wrong.
  Now Item_func_regex::regcomp() returns -1 in the case
  and allows to handle NULL expessions properly.

Incremental fixes: updating a comment and fixing a result file.

sql/sql_class.h:
  Changing comment.

The assertion indicates that some data was left in the transaction
cache when the server was shut down, which means that a previous
statement did not commit or rollback correctly.

What happened was that a bug in the rollback of a transactional
table caused the transaction cache to be emptied, but not reset.
The error can be triggered by having a failing UPDATE or INSERT,
on a transactional table, causing an implicit rollback.

Fixed by always flushing the pending event to reset the state
properly.


mysql-test/extra/rpl_tests/rpl_row_basic.test:
  Testing that a failed update (that writes some rows to the
  transaction cache) does not cause the transaction cache to
  hold on to the data or forget to reset the transaction cache.
sql/log.cc:
  Added call to remove pending event when the transaction cache
  is emptied instead of written to binary log. The call will also
  clear the outstanding table map count so that the cache is not
  left it in a state of "empty but not reset".
  
  Added function MYSQL_BIN_LOG::remove_pending_rows_event().
sql/log.h:
  Added function MYSQL_BIN_LOG::remove_pending_rows_event().
sql/sql_class.cc:
  Adding function THD::binlog_remove_pending_rows_event().
sql/sql_class.h:
  Adding function THD::binlog_remove_pending_rows_event().

This patch also fixes bugs 36963 and 35600.
                      
- In many places a view was confused with an anonymous derived
  table, i.e. access checking was skipped. Fixed by introducing a
  predicate to tell the difference between named and anonymous
  derived tables.
                      
- When inserting fields for "SELECT * ", there was no 
  distinction between base tables and views, where one should be
  made. View privileges are checked elsewhere.

mysql-test/include/grant_cache.inc:
  Bug#36086: Changed test case.
mysql-test/r/grant2.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_no_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/grant_cache_ps_prot.result:
  Bug#36086: Changed test result.
mysql-test/r/view_grant.result:
  Bug#36086: Test result.
mysql-test/t/grant2.test:
  Bug#36086: Changed test case.
mysql-test/t/view_grant.test:
  Bug#36086: Test case.
sql/item.cc:
  Bug#36086: Replaced conditional with new methods.
sql/sql_acl.cc:
  Bug no 35600: 
  In mysql_table_grant:
    Replaced conditional with the new accessor method.
  
  In check_grant:
   - Changed the requirement table->derived != null to 
     checking all anonymous derived tables.
   - Use of the accessor methods for getting object and database 
     names.
      
  Bug#36086: In check_grant_all_columns:
    - Updated comment. This function is now called for views
      as well.
    - The error message should not disclose any column names 
      unless the user has privilege to see all column names.
    - Changed names of Field_iterator_table_ref methods.
sql/sql_base.cc:
  Bug no 36963: In insert_fields()
    - Commented.
    - We should call check_grant_all_columns() for views in  
      this case.        
    - Changed names of Field_iterator_table_ref methods.
    - We should not disclose column names in the error message
      when the user has no approprate privilege.
sql/sql_cache.cc:
  Bug#36086: Replaced test with new predicate method.
sql/sql_derived.cc:
  Bug#36086: commenting only. Updated and doxygenated
  comment for mysql_derived_prepare().
sql/sql_parse.cc:
  Bug no 35600: 
  - In check_single_table_access:
    Due to the bug, check_grant would raise an error for a
    SHOW CREATE TABLE command for a TEMPTABLE view. It should in
    fact not be be invoked in this case. This table privilege
    is checked already.
    There is a test case for this in information_schema_db.test.
      
  - In check_access: replaced table->derived
sql/table.cc:
  Bug#36086: 
  
  - In TABLE_LIST::set_underlying_merge(): 
    Commenting only. Doxygenated, corrected spelling,
    added.
  
  - Renamed table_name() and db_name() methods of 
    Field_iterator_table_ref in order to be consistent
    with new methods in TABLE_LIST.
sql/table.h:
  Bug#36086: 
    - Commented GRANT_INFO.
    - Added a predicate is_anonymous_derived_table() to    
      TABLE_LIST.
    - Added get_table_name() and get_db_name() to   
      TABLE_LIST in order to hide the disparate   
      representation of these properties.