1. 23 May, 2022 6 commits
    • Honza Horak's avatar
      MDEV-27778 md5 in FIPS crashes with OpenSSL 3.0.0 · 78412ab0
      Honza Horak authored
      OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
      In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
      in 3.0.0+ it is a different EVP_MD provider.
      
      Fixes #2010
      
      part of MDEV-28133
      78412ab0
    • Oleksandr Byelkin's avatar
      Revert "don't build with OpenSSL 3.0, it doesn't work before MDEV-25785" · 987d16a0
      Oleksandr Byelkin authored
      This reverts commit c9beef43, because
      we have OpenSSL 3.0 support here.
      
      part of MDEV-28133
      987d16a0
    • Vladislav Vaintroub's avatar
      MDEV-25785 Add support for OpenSSL 3.0 · f0fa40ef
      Vladislav Vaintroub authored
      Summary of changes
      
      - MD_CTX_SIZE is increased
      
      - EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
        to nobody knows where. The assumption made previously was that
        (since the function does not seem to be documented)
        was that it points to the last partial source block.
        Add own partial block buffer for NOPAD encryption instead
      
      - SECLEVEL in CipherString in openssl.cnf
        had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
         (according to https://github.com/openssl/openssl/blob/openssl-3.0.0/NEWS.md
         even though the manual for SSL_CTX_get_security_level claims that it
         should not be necessary)
      
      - Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
        in addition to what was set in --ssl-cipher
      
      - ctx_buf buffer now must be aligned to 16 bytes with openssl(
        previously with WolfSSL only), ot crashes will happen
      
      - updated aes-t , to be better debuggable
        using function, rather than a huge multiline macro
        added test that does "nopad" encryption piece-wise, to test
        replacement of EVP_CIPHER_CTX_buf_noconst
      
      part of MDEV-28133
      f0fa40ef
    • Marko Mäkelä's avatar
      Merge 10.5 into 10.6 · e86c1e67
      Marko Mäkelä authored
      e86c1e67
    • Marko Mäkelä's avatar
      Merge 10.4 into 10.5 · a0f0687f
      Marko Mäkelä authored
      a0f0687f
    • Marko Mäkelä's avatar
      Merge 10.4 into 10.5 · 2f6a014f
      Marko Mäkelä authored
      2f6a014f
  2. 20 May, 2022 9 commits
  3. 19 May, 2022 1 commit
    • Oleg Smirnov's avatar
      MDEV-28246 Optimizer uses all partitions after upgrade to 10.3 · 40d9dbb2
      Oleg Smirnov authored
      Cause: a copy of the joined TABLE_LIST is created during multi_update::prepare
      and TABLE::pos_in_table_list of the tables are set to point to the new
      TABLE_LIST object. This prevents some optimization steps to perform correctly.
      Solution: do not update pos_in_table_list during multi_update::prepare
      40d9dbb2
  4. 18 May, 2022 4 commits
    • KiyoshiTakeda's avatar
      MDEV-14642 Assertion 'table->s->db_create_options ==... · 8881c010
      KiyoshiTakeda authored
      MDEV-14642 Assertion 'table->s->db_create_options == part_table->s->db_create_options' failed in compare_table_with_partition
      
      When trying to execute ALTER TABLE EXCHANGE PARTITION with different
      definitions, assertion
      
          table->s->db_create_options == part_table->s->db_create_options
      
      failed in compare_table_with_partition().
      
      However, this execution should not be allowed since executing
      'exchange partition' requires the identical structure of the two tables.
      
      To fix the problem, I deleted the assertion code and added code that
      returns an error that indicates tables have different definitions.
      
      Reviewed By: Nayuta Yanagisawa
      8881c010
    • Sergei Golubchik's avatar
      Merge branch '10.5' into 10.6 · b2187662
      Sergei Golubchik authored
      b2187662
    • Sergei Golubchik's avatar
      Merge branch '10.4' into 10.5 · 7970ac7f
      Sergei Golubchik authored
      7970ac7f
    • Andrei's avatar
      MDEV-28461 semisync-slave server recovery fails to rollback prepared transaction · 98ca71ab
      Andrei authored
      that is not in binlog.
      
      Post-crash recovery of --rpl-semi-sync-slave-enabled server
      failed to recognize a transaction in-doubt that needed rolled back.
      A prepared-but-not-in-binlog transaction gets committed instead
      to possibly create inconsistency with a master (e.g the way it was observed
      in the bug report).
      
      The semisync recovery is corrected now with initializing binlog coordinates
      of any transaction in-doubt to the maximum offset which is
      unreachable.
      In effect when a prepared transaction that is not found in binlog
      it will be decided to rollback because it's guaranteed to reside
      in a truncated tail area of binlog.
      
      Mtr tests are reinforced to cover the described scenario.
      98ca71ab
  5. 17 May, 2022 10 commits
  6. 16 May, 2022 8 commits
  7. 15 May, 2022 2 commits