The check for view security was lacking several points :
1. Check with the right set of permissions : for each table ref that
participates in a view there were the right credentials to use in it's
security_ctx member, but these weren't used for checking the credentials.
This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property
consistently.
2. Because of the above the security checking for views was just ruled out
in explicit ways in several places.
3. The security was checked only for the columns of the tables that are
brought into the query from a view. So if there is no column reference
outside of the view definition it was not detecting the lack of access to
the tables in the view in SQL SECURITY INVOKER mode.

The fix below tries to fix the above 3 points.

into  mysql.com:/users/lthalmann/bk/mysql-5.0-rpl

into  dl145j.mysql.com:/tmp/andrei/5.0

into  mysql.com:/usr/local/mysql/tmp-5.0

into  mysql.com:/home/alexi/innodb/mysql-5.0-ss547

into  mysql.com:/home/alexi/innodb/mysql-5.0-ss547-work
 Null merge

specific to 5.0 version of the patch is motivated by the fact that a wrapper over 
MYSQLLOG::write can not help in 5.0 where query's charset is embedded into event instance in the constructor.

 Fix BUG#19542 "InnoDB doesn't increase the Handler_read_prev counter".

 Fix BUG#19542 "InnoDB doesn't increase the Handler_read_prev counter.
 

  
Stored procedure execution sometimes placed the address of auto variables
in the list of Item changes to undo in THD::rollback_item_tree_changes().
This could cause stack corruption.

into  mysql.com:/opt/local/work/mysql-5.0-runtime-merge

into  mysql.com:/usr_rh9/home/elkin.rh9/MySQL/Merge/5.0

manual merge to account 5.0 specific names of TABLE class

fixing names length. Got an issue when merged to 5.0, decided to fix starting from 4.1

into  mysql.com:/usr_rh9/home/elkin.rh9/MySQL/Merge/5.0

into  rurik.mysql.com:/home/igor/dev/mysql-5.0-2

over two views when using syntax with curly braces.
Each outer join operation must be placed in a separate
nest. This was not done when the syntax with curly braces
was used. In some cases, in particular, for queries with outer
join operation over views it could cause a crash.

fixing a path to find charset by $MYSQL client. I believe the fix is done what should be
by default. 

remove initialization of unsigned_flag for Item_decimal

into  rurik.mysql.com:/home/igor/dev/mysql-5.0-2

itself when executing queries referring to a view with GROUP BY
an expression containing non-constant interval.
It happened because Item_date_add_interval::eq neglected the
fact that the method can be applied to an expression of the form
    date(col) + interval time_to_sec(col) second
at the time when col could not be evaluated yet.
An attempt to evaluate time_to_sec(col) in this method resulted
in a crash.

into  mysql.com:/usr_rh9/home/elkin.rh9/MySQL/Merge/4.1

into  mysql.com:/usr_rh9/home/elkin.rh9/MySQL/Merge/4.1

  A pattern to generate binlog for DROPped temp table in close_temporary_tables
  was buggy: could not deal with a grave-accent-in-name table.

  The fix exploits `append_identifier()' for quoting and duplicating accents.

  Change mode to -rw-rw-r--

  Change mode to -rw-rw-r--
Ereport.pl, Ecreate.pl, Ecompare.pl:
  Change mode to -rwxrwxr--

  Change mode to -rw-rw-r--
dbug_add_tags.pl:
  Change mode to -rwxrwxr--

into  mysql.com:/home/kgeorge/mysql/5.0/B7549

replaced get_field(MEM_ROOT *mem, Field *field) with 
get_field(MEM_ROOT *mem, Field *field, String *res).
It allows to avoid strlen().

into mysql.com:/home/gluh/MySQL/Merge/5.0

into mysql.com:/home/gluh/MySQL/Merge/5.0

into  neptunus.(none):/home/msvensson/mysql/mysql-5.0

into  neptunus.(none):/home/msvensson/mysql/mysql-5.0

into  neptunus.(none):/home/msvensson/mysql/mysql-5.0

into mysql.com:/home/gluh/MySQL/Merge/5.0