(without the unrelated whitespace changes):

  ------------------------------------------------------------------------
  r7009 | jyang | 2010-04-29 20:44:56 +0300 (Thu, 29 Apr 2010) | 6 lines
  
  branches/5.0: Port fix for bug #49238 (Creating/Dropping a temporary
  table while at 1023 transactions will cause assert) from 5.1 to
  branches/5.1. Separate action for return value DB_TOO_MANY_CONCURRENT_TRXS
  from that of DB_MUST_GET_MORE_FILE_SPACE in row_drop_table_for_mysql().
  
  
  ------------------------------------------------------------------------

The problem was that a user could supply supply data in chunks
via the COM_STMT_SEND_LONG_DATA command to prepared statement
parameter other than of type TEXT or BLOB. This posed a problem
since other parameter types aren't setup to handle long data,
which would lead to a crash when attempting to use the supplied
data.

Given that long data can be supplied at any stage of a prepared
statement, coupled with the fact that the type of a parameter
marker might change between consecutive executions, the solution
is to validate at execution time each parameter marker for which
a data stream was provided. If the parameter type is not TEXT or
BLOB (that is, if the type is not able to handle a data stream),
a error is returned.

sql/sql_prepare.cc:
  Before converting the parameter data stream, check the type
  compatibility.
tests/mysql_client_test.c:
  Add test case.

           line exceeds the limit

The number and/or names of our files for the main test suite
(contents of "mysql-test/t/") now exceeds the command line
length limit on AIX.
Solve the problem by using separate "cp" commands for the
various file name extensions.

Reorder code breaks when finding tests skipped due to --skip-rpl etc.
Add simple test that master_opt is non-empty

Kill mysqltest and call mtr_kill_leftovers() before terminating

Addendum: Work around a compilation failure on Windows due to
          windows.h not being added to the global namespace.

extra/yassl/include/lock.hpp:
  Move windows.h inclusion into the global namespace.

include/my_sys.h:
  Remove stray semicolon.

The problem was that the bundled yaSSL library was being built
without thread safety support regardless of the thread safeness
of the compoments linked with it.

The solution is to enable yaSSL thread safety support if any
component (server or client) is to be built with thread support.

Also, generate new certificates for yaSSL's test suite.

config/ac-macros/yassl.m4:
  Enable yaSSL thread safety if linking with the server or a
  thread safe client library. Avoids building a thread safe
  yaSSL when only building a non-thread safe client library.
extra/yassl/CMakeLists.txt:
  Always enable for Windows builds.
extra/yassl/certs/ca-cert.pem:
  New certificate, previous one expired.
extra/yassl/certs/client-cert.der:
  New certificate, previous one expired.
extra/yassl/certs/client-cert.pem:
  New certificate, previous one expired.
extra/yassl/certs/dsa-cert.pem:
  New certificate, previous one expired.
extra/yassl/certs/server-cert.pem:
  New certificate, previous one expired.
extra/yassl/include/lock.hpp:
  Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/src/Makefile.am:
  Use CXXFLAGS to set thread related definitions as the lock header
  (lock.hpp) has no local dependencies.
extra/yassl/src/lock.cpp:
  Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/taocrypt/CMakeLists.txt:
  Always enable for Windows builds.
extra/yassl/taocrypt/benchmark/Makefile.am:
  Pass thread related CXXFLAGS.
extra/yassl/taocrypt/src/Makefile.am:
  Pass thread related CXXFLAGS.
extra/yassl/taocrypt/test/Makefile.am:
  Pass thread related CXXFLAGS.
extra/yassl/taocrypt/test/memory.cpp:
  Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/testsuite/Makefile.am:
  Pass thread related CXXFLAGS.

The problem is in the Item_func_isnull::update_used_tables() function,
bracket is at the wrong place. Because of that isnull item erroneously
is treated as const item. The fix is to set brackets in the right place.


mysql-test/r/func_isnull.result:
  test case
mysql-test/t/func_isnull.test:
  test case
sql/item_cmpfunc.h:
  set brackets in the right place.

when an out-of-supported-range date is detected.

            
Some of the server implementations don't support dates later
than 2038 due to the internal time type being 32 bit.
Added checks so that the server will refuse dates that cannot
be handled by either throwing an error when setting date at 
runtime or by refusing to start or shutting down the server if 
the system date cannot be stored in my_time_t.

Problem: one with SELECT privilege on some table may dump other table
performing COM_TABLE_DUMP command due to missed check of the table name.

Fix: check the table name.


sql/sql_parse.cc:
  Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
    - check given table name performing COM_TABLE_DUMP command.
tests/mysql_client_test.c:
  Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
    - test case.

This fixes a recently introduced regression, where a variable is
not defined for the embedded server. Although the embedded server
is not supported in 5.0, make it at least compile.

      
MySQL handles the join syntax "JOIN ... USING( field1,
... )" and natural joins by building the same parse tree as
a corresponding join with an "ON t1.field1 = t2.field1 ..."
expression would produce. This parse tree was not cleaned up
properly in the following scenario. If a thread tries to
lock some tables and finds that the tables were dropped and
re-created while waiting for the lock, it cleans up column
references in the statement by means a per-statement free
list. But if the statement was part of a stored procedure,
column references on the stored procedure's free list
weren't cleaned up and thus contained pointers to freed
objects.
      
Fixed by adding a call to clean up the current prepared
statement's free list.

This is a backport from MySQL 5.1

greedy_search optimizer_search_depth=0

The algorithm inside restore_prev_nj_state failed to
properly update the counters within the NESTED_JOIN
tree. The counter was decremented each time a table in the
node was removed from the QEP, the correct thing to do being
only to decrement it when the last table in the child node
was removed from the plan. This lead to node counters
getting negative values and the plan thus appeared
impossible. An assertion caught this.

Fixed by not recursing up the tree unless the last table in
the join nest node is removed from the plan

revno: 2861
committer: Georgi Kodinov <joro@sun.com>
branch nick: B53371-5.0-bugteam
timestamp: Mon 2010-05-03 18:16:51 +0300
message:
  Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
  
  The server was not checking the supplied to COM_FIELD_LIST table name
  for validity and compliance to acceptable table names standards.
  Fixed by checking the table name for compliance similar to how it's 
  normally checked by the parser and returning an error message if 
  it's not compliant.

The server was not checking the supplied to COM_FIELD_LIST table name
for validity and compliance to acceptable table names standards.
Fixed by checking the table name for compliance similar to how it's 
normally checked by the parser and returning an error message if 
it's not compliant.

The server could be tricked to read packets indefinitely if it
received a packet larger than the maximum size of one packet.
This problem is aggravated by the fact that it can be triggered
before authentication.

The solution is to no skip big packets for non-authenticated
sessions. If a big packet is sent before a session is authen-
ticated, a error is returned and the connection is closed.

include/mysql_com.h:
  Add skip flag. Only used in server builds.
sql/net_serv.cc:
  Control whether big packets can be skipped.

Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
checked for sanity. By sending long data for the table a buffer is overflown, which can
be used deliberately to include code that harms".

Fix: check incoming data length.


sql/sql_parse.cc:
  Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
    - check incoming mysql_list_fields() table name arg length.

The problem was in an incorrect debug assertion. The expression
used in the failing assertion states that when finding
references matching ORDER BY expressions, there can be only one
reference to a single table. But that does not make any sense,
all test cases for this bug are valid examples with multiple
identical WHERE expressions referencing the same table which
are also present in the ORDER BY list.

Fixed by removing the failing assertion. We also have to take
care of the 'found' counter so that we count multiple
references only once. We rely on this fact later in
eq_ref_table().

mysql-test/r/join.result:
  Added a test case for bug #50335.
mysql-test/t/join.test:
  Added a test case for bug #50335.
sql/sql_select.cc:
  Removing the assertion in eq_ref_table() as it does not make
  any sense. We also have to take care of the 'found' counter so
  that we count multiple references only once. We rely on this
  fact later in eq_ref_table().

 function on windows
               
When making sure that the directory path ends up with a 
slash/backslash we need to check for the correct length of 
the buffer and trim at the appropriate location so we don't
write past the end of the buffer.

The crash is the result of an attempt made by JOIN::optimize to evaluate
the WHERE condition when no records have been actually read.
The fix is to remove erroneous 'outer_join' variable check.


mysql-test/r/join.result:
  test result
mysql-test/t/join.test:
  test case
sql/sql_select.cc:
  removed erroneous 'outer_join' variable check.

The crash happens because greedy_serach
can not determine best plan due to
wrong inner table dependences. These
dependences affects join table sorting
which performs before greedy_search starting.
In our case table which has real 'no dependences'
should be put on top of the list but it does not
happen as inner tables have no dependences as well.
The fix is to exclude RAND_TABLE_BIT mask from
condition which checks if table dependences
should be updated.


mysql-test/r/join.result:
  test result
mysql-test/t/join.test:
  test case
sql/sql_select.cc:
  RAND_TABLE_BIT mask should not be counted as it
  prevents update of inner table dependences.
  For example it might happen if RAND() function
  is used in JOIN ON clause.

BUG#51342 - more xid crashing

Restore autocommit variable by supplying explicit value.

mysql-test/r/xa.result:
  Restore autocommit variable by supplying explicit value.
mysql-test/t/xa.test:
  Restore autocommit variable by supplying explicit value.

SET autocommit=1 while XA transaction is active may
cause various side effects, including memory corruption
and server crash.

The problem is that SET autocommit=1 and further queries
attempt to commit local transaction, whereas XA transaction
is still active.

As local and XA transactions are mutually exclusive, this
patch forbids enabling autocommit mode while XA transaction
is active.

mysql-test/r/xa.result:
  A test case for BUG#51342.
mysql-test/t/xa.test:
  A test case for BUG#51342.
sql/set_var.cc:
  Forbid enabling autocommit mode while XA transaction is
  active.

Spatial indexes were not checking for out-of-record condition in
the handler next command when the previous command didn't found
rows.

Fixed by making the rtree index to check for end of rows condition
before re-using the key from the previous search.

Fixed another crash if the tree has changed since the last search.
Added a test case for the other error.