A buffer large enough to hold the query _plus_ some additional
data is allocated before parsing is started.   The additional data 
is used by the query cache, and consists of the name of the current 
database and a set of flags.
 
When a packet containing multiple SQL statements is sent to the
server and one of the statements changes the current database
(a "USE <db>" statement), and the name of the new current database 
is longer than of the previous,  there is not enough space in the 
buffer for the new name, and we write out over the buffer boundary.

The fix adds an extra field to store the number of bytes
allocated to the database name in the buffer.  If the current
database name changes, and the new name is longer than the
previous one, we refuse to cache the query.

Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name

1 - If a user had SHOW VIEW and SELECT privileges on a view and
this view was referencing another view, EXPLAIN SELECT on the outer
view (that the user had privileges on) could reveal the structure
of the underlying "inner" view as well as the number of rows in
the underlying tables, even if the user had privileges on none of
these referenced objects.

This happened because we used DEFINER's UID ("SUID") not just for
the view given in EXPLAIN, but also when checking privileges on
the underlying views (where we should use the UID of the EXPLAIN's
INVOKER instead).

We no longer run the EXPLAIN SUID (with DEFINER's privileges).
This prevents a possible exploit and makes permissions more
orthogonal.

2 - EXPLAIN SELECT would reveal a view's structure even if the user
did not have SHOW VIEW privileges for that view, as long as they
had SELECT privilege on the underlying tables.

Instead of requiring both SHOW VIEW privilege on a view and SELECT
privilege on all underlying tables, we were checking for presence
of either of them.

We now explicitly require SHOW VIEW and SELECT privileges on
the view we run EXPLAIN SELECT on, as well as all its
underlying views. We also require SELECT on all relevant
tables. 


mysql-test/r/view_grant.result:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
mysql-test/t/view_grant.test:
  add extensive tests to illustrate desired behavior and
  prevent regressions (as always).
sql/sql_view.cc:
  We no longer run the EXPLAIN SUID (with DEFINER's privileges).
  To achieve this, we use a temporary, SUID-less TABLE_LIST for
  the views while checking privileges.

The main problem was that lex_start() was forgotten to be called before processing
COM_REFRESH.

Another problem discovered was that if failures to flush the error log were not properly
handled, which resulted in the server crash.

The user-visible effect of these problems were:
  - if COM_REFRESH command was sent after SQL-queries of some sort,
    the server would crash.
  - if COM_REFRESH was requested with REFRESH_LOG only, and the error log
    failed to flush, the server would crash. The error log fails to flush
    when it points to unavailable file (for example, due to restricted
    permissions).

The fixes are:
  - call lex_start() in the beginning of COM_REFRESH;
  - handle failures to flush the error log properly, i.e. raise ER_UNKNOWN_ERROR.

sql/sql_parse.cc:
  Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY.
tests/mysql_client_test.c:
  A test case for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES
  ARE RUN CONCURRENTLY.

(also 5.5+ solution for bug#11766879/bug#60106)

The valgrind warning was due to an unused 'new handler_add_index(...)'
which was never freed.

The error handling did not work (fails as in bug#11766879) and
the implementation was not as transparant as it could, therefore I
made it a bit simpler and more transparant to the underlying handlers.

This way it follows the api better and the error handling works and
is also now tested.

Also added a debug test to verify the error handling.

Improved according to Jon Olavs review:
Added class ha_partition_add_index.
Also added base class Sql_alloc to handler_add_index.
Update 3.

Amendment to previous patch:
Failure in CONV() should return NULL instead of
empty set.
When compiled on Windows or Solaris the function
Item_func_conv::val_str() doesn't fail on 
longlong2str() but finds an earlier exit path
based on the attributes of the arguments.
This exit path returns NULL on failure and as a
consequence the original patch caused different
test results depending on the OS used.

Failure to check the return state of a longlong2str() call
caused a crash. This could happen if a user executed the sql
function CONV() with certain parameters.

The patch fixes the issue by checking that the returned pointer
isn't NULL.

The client-server protocol has left some room for interpretation
which this patch fixes by introducing byte counters and
enforced logic for SSL handshakes.

PARTITONING, ON INDEX CREATE

If the first partition succeeded in adding a index, but a successive partition failed,
then the first partition had still the new index.

The fix reverts the added indexes from previous partitions on failure.

Bug#12532830 - SIGFPE OR ASSERTION (PRECISION <= ((9 * 9) - 8*2)) && (DEC <= 30)

SET STATEMENT.

Server built with debug asserts, without debug crashes if a user tries
to run a stored procedure that constains query with subquery that include
either LIMIT or LIMIT OFFSET clauses.

The problem was that Item::fix_fields() was not called for the items
representing LIMIT or OFFSET clauses.

The solution is to call Item::fix_fields() right before evaluation in
st_select_lex_unit::set_limit().

mysql-test/r/sp.result:
  Added testcase result for bug#12621017. Updated testcase result for
  bug 11918.
mysql-test/t/sp.test:
  Added testcase for bug#12621017. Addressed review comments for Bug 11918
  (added tests for use LIMIT at stored function).
sql/item.h:
  Addressed review comments for Bug 11918.
sql/share/errmsg-utf8.txt:
  Addressed review comments for Bug 11918.
sql/sp_head.cc:
  Addressed review comments for Bug 11918.
sql/sql_lex.cc:
  Added call fix_fields() for item just before its evaluation.
sql/sql_yacc.yy:
  Addressed review comments for Bug 11918.

  FOR SOME PLUGINS TO WORK

Some dynamically loadable plugins on the Mac may need functions from the 
CoreServices framework. Unfortunately the only place where this can be initialized
is the main executable. Thus to allow plugins to use functions from that framework
the mysqld binary needs to link to the framework.

PAM AUTHENTICATION SETTINGS

SET PASSWORD code on a account with plugin authentication was errorneously
resetting the in-memory plugin pointer for the user back to native password 
plugin despite the fact that it was sending a warning that the command has 
no immediate effect.
Fixed by not updating the user's plugin if it's already set to a non default value.
Note that the bug affected only the in-memory cache of the user definitions.
Any restart of the server will fix the problem.
Also the salt and the password has are still stored into the user tables (just as 
it's documented now).
Test case added.
One old test case result updated  to have the correct value.

row_sel_field_store_in_mysql_format(): Do not pad the unused part of
the buffer reserved for a True VARCHAR column (introduced in 5.0.3).
Add Valgrind instrumentation ensuring that the unused part will be
flagged uninitialized.

row_sel_copy_cached_field_for_mysql(): New function: Copy a field
that is in the MySQL row format, not copying the unused tail of
VARCHAR columns.

row_sel_pop_cached_row_for_mysql(): Invoke
row_sel_copy_cached_field_for_mysql() for copying fields.
When the row is long, copy it field-by-field.

rb:715 approved by Inaam Rana

for compressed InnoDB tables

ha_innodb::info_low(): For calculating data_length or index_length,
use the compressed page size for compressed tables instead of UNIV_PAGE_SIZE.

rb:714 approved by Sunny Bains