commit f105d1ed869c2a978686ebc3ed77413bb1fdabb3
Author: Terje Rosten <terje.rosten@oracle.com>
Date:   Fri Aug 26 11:25:40 2016 +0200

    Bug#24464380 PRIVILEGE ESCALATION USING MYSQLD_SAFE
    
    Post push fix: Solaris 10 /bin/sh don't understand $().

commit 4ad01643fa79d66d49ea0a5dc073291f14e6d198
Author: Sivert Sorumgard <sivert.sorumgaard@oracle.com>
Date:   Mon Aug 22 14:30:02 2016 +0200

    Bug#24388753: PRIVILEGE ESCALATION USING MYSQLD_SAFE
    
    [This is the 5.5/5.6 version of the bugfix].
    
    The problem was that it was possible to write log files ending
    in .ini/.cnf that later could be parsed as an options file.
    This made it possible for users to specify startup options
    without the permissions to do so.
    
    This patch fixes the problem by disallowing general query log
    and slow query log to be written to files ending in .ini and .cnf.

commit 46aa20b0e1baa6fd1f03a5c18da09487f96a8c17
Author: Jon Olav Hauglid <jon.hauglid@oracle.com>
Date:   Tue Aug 16 15:35:19 2016 +0200

    Bug#24388746: PRIVILEGE ESCALATION AND RACE CONDITION USING CREATE TABLE
    
    During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD)
    is created. When repair finishes, this file is renamed to the original
    .MYD file. The problem was that during this rename, we copied the
    stats from the old file to the new file with chmod/chown. If a user
    managed to replace the temporary file before chmod/chown was executed,
    it was possible to get an arbitrary file with the privileges of the
    mysql user.
    
    This patch fixes the problem by not copying stats from the old
    file to the new file. This is not needed as the new file was
    created with the correct stats. This fix only changes server
    behavior - external utilities such as myisamchk still does
    chmod/chown.
    
    No test case provided since the problem involves synchronization
    with file system operations.

commit cbba9c0fd5530ff7297b04e5b85ab7f38680295f
Author: Terje Rosten <terje.rosten@oracle.com>
Date:   Fri Aug 12 12:38:20 2016 +0200

    Bug#24464380 PRIVILEGE ESCALATION USING MYSQLD_SAFE
    
    Argument to malloc-lib must be included in restricted list of
    directories, symlink guards added, and mysqld and mysqld-version
    options restricted to command line only. Don't redirect errors to
    stderr.

commit b3e3e9c7ed5526dff4f0bc222e674239b352ee27
Author: Neha Kumari <neha.n.kumari@oracle.com>
Date:   Fri Aug 5 12:17:11 2016 +0530

    Bug#23540182:MYSQLBINLOG DOES NOT FREE THE EXISTING CONNECTION BEFORE OPENING NEW REMOTE ONE
    
    It happens when you are trying to read two or more log files from a
    remote server using mysqlbinlog utility.
    
    The reason for this is no matching mysql_close() that concludes the
    life time of 'mysql' struct describing connection to the server.
    This happens when mysqlbinlog is invoked with connecting to the server
    and requesting more than one binlog file. In such case
    dump_remote_log_entries() keeps calling safe_connect() per eachfile,
    never caring to invoke mysql_close(). Only the final safe_connect()'s
    allocation effect are cleaned by the base code.
    That is with 2 files there's one 'mysql' connection descriptor struct
    uncleaned/deallocated.
    
    We are backporting the bug 21255763 (pushed in mysql-trunk)
    in the earlier version of MySQL starting from 5.5 to 5.7.
    which was pushed in mysql-trunk.
    
    Fix:
    Invoke mysql_close() just before mysql_init() in safe_connect()
    defined in mysqlbinlog.cc. That makes possibly previously used 'mysql' be
    reclaimed prior a new one is allocated.

commit 3cde80250f0592cf4270986f28946fdb1d440fc4
Author: Kailasnath Nagarkar <kailasnath.nagarkar@oracle.com>
Date:   Thu Aug 4 12:49:50 2016 +0530

    Bug #19984392 : MEDIUMINT: STACK BUFFER OVERFLOW IN PROTOCOL_TEXT::STORE_LONG
    
    Reverting the patch due to some issues.

commit c3743ff9b7813e9942d11ae8856a1732f830c941
Author: Kailasnath Nagarkar <kailasnath.nagarkar@oracle.com>
Date:   Wed Aug 3 12:54:58 2016 +0530

    Bug #19984392 : MEDIUMINT: STACK BUFFER OVERFLOW IN PROTOCOL_TEXT::STORE_LONG
    
    ISSUE: Queries with mediumint as column when operated with
    long long type of data results in buffer overflow in
    store_long function.
    
    The merging rule specified for (MYSQL_TYPE_LONGLONG
    MYSQL_TYPE_INT24) is MYSQL_TYPE_LONG. Due to this store_long
    function was getting called which resulted in buffer overflow.
    
    SOLUTION:
    The correct merging rule for (MYSQL_TYPE_LONGLONG,
    MYSQL_TYPE_INT24) should be MYSQL_TYPE_LONGLONG.
    So, instead of function store_long, function store_longlong
    is called which correctly handles the type MYSQL_TYPE_LONGLONG.
    
    External Bug #23645238 is a duplicate of this issue.

commit 2a774df598b8651897a4394e20ca2bfac6de2512
Author: Sreeharsha Ramanavarapu <sreeharsha.ramanavarapu@oracle.com>
Date:   Wed Aug 3 09:58:36 2016 +0530

    Bug #24380263: INCORRECT BEHAVIOR WITH PARAMETER AND
                   DERIVED TABLE IN JOIN
    
    ISSUE:
    ------
    This problem occurs under the following conditions:
    1) A parameter is used in the select-list of a derived table.
    2) The derived table is part of a JOIN.
    
    SOLUTION:
    ---------
    When a derived table is materialized, a temporary table is
    created. This temporary table creates a field each for the
    items in the select-list of the derived table. This set of
    fields is later used to setup the join.
    
    Currently no field is created in the temporary table if a
    parameter is used in the select-list.
    
    Create a field for the parameter. By default Item_param's
    result type in a prepared statement is set to
    STRING_RESULT. This can change during the execute phase
    depending on the user variable. But since the execute phase
    creates its own temporary table, it will be handled
    separately.
    
    This is a backport of the fix for BUG#22392374.

commit 3bc2b572967a4a67a6a3a0b41a0199f81d4339c4
Merge: a0738f7 0496931
Author: Nawaz Nazeer Ahamed <nawaz.nazeer.ahamed@oracle.com>
Date:   Fri Jul 29 16:46:56 2016 +0530

    Merge branch 'mysql-5.5.51-release' into mysql-5.5

commit a0738f703e20b5530fe319f47fc1e5c8ad9e9667
Author: Neha Kumari <neha.n.kumari@oracle.com>
Date:   Mon Jul 25 20:34:20 2016 +0530

    BUG#23509275 :DBUG_PRINT in THD::decide_logging_format prints incorrectly, access out-of-bound
    
    Problem:
    In debug builds, there is a chance that an out-of-bounds
    read is performed when tables are locked in
    LTM_PRELOCKED_UNDER_LOCK_TABLES mode. It can happen because
    the debug code uses enum values as index for an array of
    mode descriptions, but it only takes into consideration 3
    out of 4 of the enum values.
    
    Fix:
    This patch fixes it by implementing a getter for the enum which
    returns a string representation of the enum,
    effectively removing the out-of-bounds read.
    
    Moreover, it also fixes the lock mode descriptions that
    would be print out in debug builds.

commit 9c7309c0d5bc1d663df96a730076d88f625a322c
Author: Thayumanavar S <thayumanavar.x.sachithanantha@oracle.com>
Date:   Mon Jul 25 06:43:16 2016 +0100

    BUG#23703568 -  IS CLIENT LIBRARY SUPPOSED TO RETRY EINTR INDEFINITELY OR NOT
    
    Commit#ebd24626ca38e7fa1e3da2acdcf88540be70fabe obsoleted the THREAD and
    THREAD_SAFE_CLIENT preprocessor symbols. This is not removed in the
    sql/net_serv.cc thereby the code that retries on EINTR became dead code.
    Remove the THREAD_SAFE_CLIENT preprocessor directive form sql/net_serv.cc.
    Also check errno for EINTR only if there is an error in preceding read call.

commit 39a1f7d8f19300c1e0f49f5db983b94ce3ae1854
Author: Arun Kuruvila <arun.kuruvila@oracle.com>
Date:   Fri Jul 22 13:15:32 2016 +0530

    Bug #23295288: HANDLE_FATAL_SIGNAL (SIG=11) IN
                   GET_SERVER_FROM_TABLE_TO_CACHE
    
    Description:- Server received SIG11 in the function,
    "get_server_from_table_to_cache()".
    
    Analysis:- Defining a server with a blank name is not
    handled properly.
    
    Fix:- Modified "get_server_from_table_to_cache()" to
    take care of blank server name.

commit 8235e9184c5a0cab08d74dfa4d47ff0faed8c31a
Author: Sreeharsha Ramanavarapu <sreeharsha.ramanavarapu@oracle.com>
Date:   Fri Jul 22 07:33:43 2016 +0530

    Bug #23280699: MYSQLD GOT SIGNAL 11 IN IS_NULL ON SELECT
                   FROM I_S
    
    Issue:
    ------
    There is a difference in the field type created when the
    following DDLs are used:
    
    1) CREATE TABLE t0 AS SELECT NULL;
    2) CREATE TABLE t0 AS SELECT GREATEST(NULL,NULL);
    
    The first statement creates field of type Field_string and
    the second one creates a field of type Field_null.
    
    This creates a problem when the query mentioned in this bug
    is used. Since the null_ptr is calculated differently for
    Field_null.
    
    Solution:
    ---------
    When there is a function returning null in the select list
    as mentioned above, the field should be of type
    Field_string.
    
    This was fixed in 5.6+ as part of Bug#14021323. This is a
    backport to mysql-5.5.
    
    An incorrect comment in innodb_bug54044.test has been
    corrected in all versions.

commit a9911d0b31e874c7ad6d3f088e755e04beb49e38
Author: Chaithra Gopalareddy <chaithra.gopalareddy@oracle.com>
Date:   Tue Jul 19 08:03:09 2016 +0530

    Bug#23280059: ITEM_ROW::ILLEGAL_METHOD_CALL(CONST CHAR*):
    	      ASSERTION `0' FAILED ON SELECT AREA
    
    Problem:
    Optimizer tries to get the points to calculate area without
    checking the return value of uint4korr for 0 "points". As a
    result server exits.
    
    Solution:
    Check the return value from uint4korr().

commit 45c4bfa0f3f1c70756591f48710bb3e76ffde9bc
Author: Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com>
Date:   Tue Jul 5 17:08:37 2016 +0530

    Bug#23736787 - YUM UPDATE FAIL FROM 5.5.51(COMUNITY/COMMERCIAL) TO 5.6.32(COMUNITY/COMMERCIAL)
    
    Remove mysql_config from client sub-package

commit 43320b72495cccc24fbe2a83fe4844f93bac6a08
Author: Kailasnath Nagarkar <kailasnath.nagarkar@oracle.com>
Date:   Fri Jul 1 12:01:27 2016 +0530

    Bug #23296299 : HANDLE_FATAL_SIGNAL (SIG=11) IN
                    MY_TOSORT_UTF32
    
    This patch is specific for mysql-5.5
    
    ISSUE: When a charater that is larger than possible to
    handle is passed to function my_tosort_utf32(), it results
    in segmentation fault. In the scenario mentioned in the bug
    AES_ENCRYPT function is used which returns large value.
    This value is further passed to my_tosort_utf32 function.
    This causes to cross array bound for array uni_plane,
    resulting in segment violation.
    
    SOLUTION:
    This issue has got addressed in 5.6 onward releases
    through worklog 2673.
    
    The fix is similar backport of that.
    Check for maximum character before accessing the array
    uni_plane. In addition to function my_tosort_utf32, the
    same potential problem is also present in functions
    my_tolower_utf16, my_toupper_utf16, my_tosort_utf16,
    my_tolower_utf32, my_toupper_utf32, my_tosort_unicode,
    my_tolower_utf8mb4 and my_toupper_utf8mb4.
    Fixed these functions as well.

commit 09f089bfb9f1b95a2da6129313b3e03229620810
Author: Christopher Powers <chris.powers@oracle.com>
Date:   Thu Jun 30 20:42:29 2016 +0200

    Bug#14111584 PB2: PERFSCHEMA.AGGREGATE FAILS ON PB2 SPORADICALLY
    
    Permanently removed test case perfschema.aggregate.
    
    The Performance Schema is generally lock-free, allowing for
    race conditions that might arise from multi-threaded operation
    which occasionally results in temporary and/or minor variances
    when aggregating statistics. This test needs to be redesigned
    to accommodate such variances.

commit 722ab50d01a795895a6ca8f13b3409b1919f16c0
Author: Balasubramanian Kandasamy <balasubramanian.kandasamy@oracle.com>
Date:   Mon Jun 27 12:48:57 2016 +0530

    Raise version number after cloning 5.5.51
