Underlying causes of all bugs mentioned below are same. This patch fixes
all of them:
1) MDEV-25028: ASAN use-after-poison in
base_list_iterator::next or Assertion `sl->join == 0' upon
INSERT .. RETURNING via PS
2) MDEV-25187: Assertion `inited == NONE || table->open_by_handler'
failed or Direct leak in init_dynamic_array2 upon INSERT .. RETURNING
and memory leak in init_dynamic_array2
3) MDEV-28740: crash in INSERT RETURNING subquery in prepared statements
4) MDEV-27165: crash in base_list_iterator::next
5) MDEV-29686: Assertion `slave == 0' failed in
st_select_lex_node::attach_single

Analysis:
consider this statement:
INSERT(1)...SELECT(2)...(SELECT(3)...) RETURNING (SELECT(4)...)

When RETURNING is encountered, add_slave() changes how selects are linked.
It makes the builtin_select(1) slave of SELECT(2). This causes
losing of already existing slave(3) (which is nested select of SELECT of
INSERT...SELECT). When really, builtin_select (1) shouldn't be slave to
SELECT(2) because it is not nested within it. Also, push_select() to use
correct context also changed how select are linked.
During reinit_stmt_before_use(), we expect the selects to
be cleaned-up and have join=0. Since these selects are not linked correctly,
clean-up doesn't happen correctly so join is not NULL. Hence the crash.

Fix:
IF we are parsing RETURNING, make is_parsing_returning= true for
current select. get rid of add_slave(). In place of push_select(), used
push_context() to have correct context (the context of builtin_select)
to resolve items in item_list. And add these items to item_list of
builtin_select.

extended initializers are only allowed since c++11

Backporting from 10.5 to 10.4

This is needed to fix MDEV-28727 easier.

MDEV-17124: mariadb 10.1.34, views and prepared statements:  ERROR 1615 (HY000): Prepared statement needs to be re-prepared

The problem is that if table definition cache (TDC) is full of real tables
which are in tables cache, view definition can not stay there so will be
removed by its own underlying tables.
In situation above old mechanism of detection matching definition in PS
and current version always require reprepare and so prevent executing
the PS.

One work around is to increase TDC, other - improve version check for
views/triggers (which is done here). Now in suspicious cases we check:
 - timestamp (microseconds) of the view to be sure that version really
   have changed;
 - time (microseconds) of creation of a trigger related to time
   (microseconds) of statement preparation.

- Added missing information about database of corresponding table for various types of commands
- Update some typos

- Reviewed by: <vicentiu@mariadb.org>

We do not need a non-inline wrapper for the function
destroy_background_thd().

thd_get_ha_data() can be used without a lock, but only from the
current thd thread, when calling from anoher thread it *must*
be protected by thd->LOCK_thd_data

* fix group commit code to take thd->LOCK_thd_data
* remove innobase_close_connection() from the innodb background thread,
  it's not needed after 87775402 and was failing the assert with
  current_thd==0

KILL QUERY ID 0 was sometimes finding con3 that was still in the process
of disconnecting and had query_id==0 (as it didn't run any queries)

This patch resolves the problem of improper name resolution of table
references to embedded CTEs for some queries. This improper binding could
lead to
  - infinite sequence of calls of recursive functions
  - crashes due to resolution of null pointers
  - wrong result sets returned by queries
  - bogus error messages

If the definition of a CTE contains with clauses then such CTE is called
embedding CTE while CTEs from the with clauses are called embedded CTEs.
If a table reference used in the definition of an embedded CTE cannot be
resolved within the unit that contains this reference it still may be
resolved against a CTE definition from the with clause with one of the
embedding CTEs.
A table reference can be resolved against a CTE definition if it used in
the the scope of this definition and it refers to the name of the CTE.
Table reference t is in the scope of the CTE definition of CTE cte if
- the definition of cte is an element of a with clause declared as
  RECURSIVE and the reference t belongs either to the unit to which
  this with clause is attached or to one of the elements of this clause
- the definition of cte is an element of a with clause without RECURSIVE
  specifier and the reference t belongs either to the unit to which this
  with clause is attached or to one of the elements from this clause that
  are placed before the definition of cte.
If a table reference can be resolved against several CTE definitions then
it is bound to the most embedded.

The code before this patch not always resolved table references used in
embedded CTE according to the above rules.

Approved by Oleksandr Byelkin <sanja@mariadb.com>

MDEV-29368 Assertion `trx->mysql_thd == thd' failed in innobase_kill_query from process_timers/timer_handler and use-after-poison in innobase_kill_query

This is a 10.5 version of 9b750dcb, fix for
MDEV-23536 Race condition between KILL and transaction commit

InnoDB needs to remove trx from thd before destroying it (trx), otherwise
a concurrent KILL might get a pointer from thd to a destroyed trx.

ha_close_connection() should allow engines to clear ha_data in
hton->on close_connection(). To prevent the engine from being unloaded
while hton->close_connection() is running, we remove the lock from
ha_data and unlock the plugin manually.

split it into debug and non-debug tests

only "hard" kills will now interrupt debug_sync waits.
this is needed to have debug_sync points that work during disconnect

Continue with similar changes as done in 19af1890 to replace sprintf(buf, ...)
with snprintf(buf, sizeof(buf), ...), specifically in the "easy" cases where buf
is allocated with a size known at compile time.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license.  I
am contributing on behalf of my employer Amazon Web Services, Inc.

rather than mariadb/mariadb-check

When the partition table is cloned, the handlers for the partitions that were not opened
should anyway be created (but not opened).

Nowdays subquery in a UNION's ORDER BY placed correctly in fake select,
the only problem was incorrect Name_resolution_contect is fixed by this
patch in parsing, so we do not need scanning/reseting of ORDER BY of
a union.

The warning "maybe-uninitialized" raises on spd_sys_table.cc and
ha_spider.cc when the sever is compiled with CMAKE_CXX_FLAGS=-Og.

show error messages from mysqldump/mysqlimport

give every bootstrap server its own tmpdir, by default it's var/tmp,
which is shared in --parallel

There are currently two things causing ASAN hits on CONNECT engine when
the plugin is used as a dynamic module. These are libxml2 and libodbc.

libxml2 has some quirks when not the first and last thing called in the
main thread of an application, some of the global memory isn't cleaned
up correctly. The same is assumed of libodbc but this does not have
explicit API for this.

This is being fixed in two ways.

First we are removing the libxml2 cleanup call. This is because the
current one is messy and whatever it fixed has gone away. But also
because if this is called and libxml2 is used again this can cause
issues. For example if two different plugins to MariaDB both happen to
use libxml2.

The second fix is a hack that exploits `STB_GNU_UNIQUE` so that when
compiled with ASAN the plugin will remain in memory after dlclose().
This allows libodbc to cleanup and has the added advatage that we will
get clean stacks from ASAN for CONNECT when the leak is detected at the
end of execution.

Details of the `STB_GNU_UNIQUE` method can be found here:

https://web.archive.org/web/20100730094324/http://www.redhat.com/archives/posix-c++-wg/2009-August/msg00002.html

There are separate flags DBUG_OFF for disabling the DBUG facility
and ENABLED_DEBUG_SYNC for enabling the DEBUG_SYNC facility.
Let us allow debug builds without DEBUG_SYNC.

Note: For CMAKE_BUILD_TYPE=Debug, CMakeLists.txt will continue to
define ENABLED_DEBUG_SYNC.

When an UPDATE or DELETE was executed with a WHERE condition it would
crash the MariaDB server. This is because the code expects the WHERE
condition to have generated a query string but it hasn't.

Also updates the ODBC test results for current MariaDB version.

In commit 28325b08
a compile-time option was introduced to disable the macros
DBUG_ENTER and DBUG_RETURN or DBUG_VOID_RETURN.

The parameter name WITH_DBUG_TRACE would hint that it also
covers DBUG_PRINT statements. Let us do that: WITH_DBUG_TRACE=OFF
shall disable DBUG_PRINT() as well.

A few InnoDB recovery tests used to check that some output from
DBUG_PRINT("ib_log", ...) is present. We can live without those checks.

Reviewed by: Vladislav Vaintroub

MDEV-28868 : wsrep_incoming_address status variable prints 0 as port number if the port is not mentioned in wsrep_node_incoming_address system variable

Problem was that mysqld_port is not set on set_ports() because
it will be executed later. Fix is naturally fall back to
MYSQL_PORT.

row_log_table_apply_update(): Free the pcur.old_rec_buf before returning.
It may be allocated by btr_pcur_store_position() inside
btr_blob_log_check_t::check() and btr_store_big_rec_extern_fields().

This memory leak was introduced in
commit 2e814d47 (MariaDB Server 10.2.2)
via mysql/mysql-server@ce0a1e85e24e48b8171f767b44330da635a6ea0a
(MySQL 5.7.5).

The fix for MDEV-29352 was pushed to 10.6+ but the code causing the
bug is old and the bug is unlikely to be a recent regression in 10.6.
So, we apply the fix also to older versions, 10.3-10.5.

The original commit message:

MDEV-29352 SIGSEGV's in strlen and unknown location on optimized builds at SHUTDOWN

When the UDF creation frails to write the newly created UDF into
the related system table, the UDF is still created in memory.

However, as it is now, the related DLL is unloaded in this case right
in the mysql_create_function. And failure happens when the UDF handle
is freed and tries to unload the respective DLL which is still unloaded.

The rpl_row_img_sequence test can fail on resource
constrained buildbot machines due to its high
space consumption. To reduce this footprint, the
test is split into three parts, one for each value
of the binlog_row_img variable.