Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name

1 - If a user had SHOW VIEW and SELECT privileges on a view and
this view was referencing another view, EXPLAIN SELECT on the outer
view (that the user had privileges on) could reveal the structure
of the underlying "inner" view as well as the number of rows in
the underlying tables, even if the user had privileges on none of
these referenced objects.

This happened because we used DEFINER's UID ("SUID") not just for
the view given in EXPLAIN, but also when checking privileges on
the underlying views (where we should use the UID of the EXPLAIN's
INVOKER instead).

We no longer run the EXPLAIN SUID (with DEFINER's privileges).
This prevents a possible exploit and makes permissions more
orthogonal.

2 - EXPLAIN SELECT would reveal a view's structure even if the user
did not have SHOW VIEW privileges for that view, as long as they
had SELECT privilege on the underlying tables.

Instead of requiring both SHOW VIEW privilege on a view and SELECT
privilege on all underlying tables, we were checking for presence
of either of them.

We now explicitly require SHOW VIEW and SELECT privileges on
the view we run EXPLAIN SELECT on, as well as all its
underlying views. We also require SELECT on all relevant
tables. 

The buffer was simply too small.
In 5.5 and trunk, the size is 311 + 31,
in 5.1 and below, the size is 331

Update copyright comment in innochecksum.

patch so that it can later be compared with patchs with expanded symlinks 

The new --secure-file-priv checks dereference any symlinks in the paths and compare the 
resolved paths.
Thus the 5.0 test suite must do as the 5.1 and up and avoid using symlinks.

The query was re-written *after* we had tagged it with NON_AGG_FIELD_USED.
Remove the flag before continuing.

  USING '..' ON WINDOWS

Backport of the fix to 5.0 (to be null-merged to 5.1).
Moved the test into the main test suite. 
Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
are now properly recognized by secure_file_priv.
Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
that are checked against secure_file_priv in a correct way similarly to 5.1 
by the extended is_secure_file_path() backport before the comparison.
Added an extensive test with all the variants of upper/lower case, 
slash/backslash and case sensitivity.
Added few comments to the code.

The 5.0 fix. Removed unreferenced files and the directory 
that has them.

             DEFINITION OF ANY ROUTINE.

This follow-up patch removes SHOW PROCEDURE CODE from the test
case as this command is only available on debug versions of the
server and therefore caused the test to fail on release builds.

             DEFINITION OF ANY ROUTINE.

The problem was that having the SELECT privilege any column of the
mysql.proc table by mistake allowed the user to see the definition
of all routines (using SHOW CREATE PROCEDURE/FUNCTION and SHOW
PROCEDURE/FUNCTION CODE).

This patch fixes the problem by making sure that those commands
are only allowed if the user has the SELECT privilege on the
mysql.proc table itself.

Test case added to sp-security.test.

Didn't build on Solaris.

The LGPL license is used in some legacy code, and to
adhere to current licensing polity, we remove those
files that are no longer used, and reorganize the
remaining LGPL code so it will be GPL licensed from
now on.

Note:  This patch only removed LGPL licensed files
       in MySQL 5.0, and is the first of a set of
       patches to remove LGPL from all trees.
       (See Bug# 11840513 for details)

Reverse DNS lookup of "localhost" returns "broadcasthost" on Snow Leopard (Mac), and NULL on most others.
Simply ignore the output, as this is not an essential part of UDF testing.