1. 27 Apr, 2017 2 commits
  2. 25 Apr, 2017 1 commit
  3. 17 Apr, 2017 1 commit
    • Shishir Jaiswal's avatar
      Bug#25043674 - MYSQLACCESS SCRIPT LOADS AND EXECUTES CODE · 788fb5bf
      Shishir Jaiswal authored
                     FROM THE CURRENT DIRECTORY
      
      DESCRIPTION
      ===========
      When 'mysqlaccess' tool is run, it reads (and executes) the
      content of its configuration file 'mysqlaccess.conf' from
      the current directory. This is not a recommended behaviour
      as someone with ill intentions can insert malicious
      instructions into this file which could be executed
      whenever this tool is run.
      
      ANALYSIS
      ========
      The configuration file is presently looked for, in the
      following folders (in given order):
      1. Current directory
      2. SYSCONFDIR       //This gets expanded
      3. /etc/
      
      Owing to the reasons mentioned above, we should not permit
      the file to be in the current directory. Since the other
      two folders are assumed to be accessible only to authorized
      people, the config file is safe to be read from there.
      
      FIX
      ===
      Modified the script so that it looks for the config file
      now in the following two folders (in the given order):
      1. SYSCONFDIR
      2. /etc/
      
      If it's absent from above locations but present in current
      directory, an error is thrown asking the user to move the
      file to one of the above locations and retry.
      
      NOTE
      ====
      The location paths and their precedence are not documented
      for this tool. It needs to be noted as part of the
      associated documentation.
      788fb5bf
  4. 10 Apr, 2017 2 commits
  5. 07 Apr, 2017 1 commit
    • Nisha Gopalakrishnan's avatar
      BUG#25250768: WRITING ON A READ_ONLY=ON SERVER WITHOUT SUPER · 3c6c0ebc
      Nisha Gopalakrishnan authored
                    PRIVILEGE.
      
      Backport from mysql-5.7 to mysql-5.5 and mysql-5.6.
      
      BUG#13969578: TEMPORARY TABLE IN A DATABASE ON A READ-ONLY
                        INSTANCE CAN BE OVERWRITTEN
      
      Analysis:
      ========
      
      Creation or modification of a persistent table by a non-super user
      is NOT ALLOWED in read_only mode. Only TEMPORARY tables are allowed
      to be created or modified in read_only mode. But the creation of
      a persistent table was being allowed when a temporary table of
      the same name existed.
      
      The routine which denies updating a non-temporary table in a
      read_only mode does not handle the case of creation of a regular
      table when a temporary table of the same exists.
      
      Fix:
      ===
      Handled the condition where an attempt is made to create a persistent
      table having the same name as that of the temporary table. Hence
      the creation of a persistent table by a non-super user when a
      temporary table of the same exists is denied under read_only mode.
      3c6c0ebc
  6. 28 Mar, 2017 1 commit
  7. 23 Mar, 2017 1 commit
  8. 18 Mar, 2017 1 commit
    • Bharathy Satish's avatar
      Bug #25717383: MYSQLDUMP MAY EXECUTE ANY ARBITRARY QUERY · 6fa5e081
      Bharathy Satish authored
      While writing comments if database object names has a new
      line character, then next line is considered a command, rather
      than a comment.
      This patch fixes the way comments are constructed in mysqldump.
      
      (cherry picked from commit 1099f9d17b1c697c2760f86556f5bae7d202b444)
      6fa5e081
  9. 17 Mar, 2017 1 commit
  10. 15 Mar, 2017 1 commit
    • Kailasnath Nagarkar's avatar
      Bug #25447551: HANDLE_FATAL_SIGNAL (SIG=11) IN · d8328690
      Kailasnath Nagarkar authored
                     FT_BOOLEAN_CHECK_SYNTAX_STRING
      
      ISSUE: my_isalnum macro used for checking if character is
             alphanumeric dereferences uninitialized pointer
             in default character set structure resulting in
             server exiting abnormally.
      
      FIX: Used standard isalnum function instead of macro my_isalnum.
      d8328690
  11. 14 Mar, 2017 1 commit
  12. 13 Mar, 2017 1 commit
  13. 10 Mar, 2017 2 commits
  14. 09 Mar, 2017 3 commits
    • Ramil Kalimullin's avatar
      BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION · 2531c8dc
      Ramil Kalimullin authored
      MYSQL_OPT_SSL_MODE option introduced.
      It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.
      2531c8dc
    • Terje Rosten's avatar
      BUG#25364806 MYSQLD_SAFE FAILING TO START IF DATADIR GIVEN IS NOT ABSOLUTE PATH · ec2a6b60
      Terje Rosten authored
      mysqld_safe is working on real files, however passing these file paths
      as is to mysqld as options gives different meaning when paths are
      relative.
      
      mysqld_safe uses current working directory as basedir for relative paths,
      while mysqld uses $datadir as basedir.
      ec2a6b60
    • Karthik Kamath's avatar
      BUG#24807826: UINT3KORR SHOULD STOP READING FOUR INSTEAD OF · af84921d
      Karthik Kamath authored
                    THREE BYTES ON X86
      
      Analysis:
      =========
      The macro uint3korr reads 4 bytes of data instead of 3 on
      on x86 machines.
      
      Multiple definitions were created for this macro for
      optimization in WIN32. The idea was to optimize reading of
      3 byte ints by reading an ordinary int and masking away the
      unused byte. However this is an undefined behavior. It will
      be an issue unless users are aware of allocating an extra
      byte for using this macro.
      
      Fix:
      ====
      Removing the definition which reads 4 bytes of data. The
      only definition of this macro would now read just 3 bytes
      of data thus prohibiting the usage of an extra byte.
      
      Note:
      =====
      This is a backport of Patches #5 and #6 for Bug#17922198.
      af84921d
  15. 28 Feb, 2017 1 commit
    • Sujatha Sivakumar's avatar
      Bug#24901077: RESET SLAVE ALL DOES NOT ALWAYS RESET SLAVE · e619295e
      Sujatha Sivakumar authored
      Description:
      ============
      If you have a relay log index file that has ended up with
      some relay log files that do not exists, then RESET SLAVE
      ALL is not enough to get back to a clean state.
      
      Analysis:
      =========
      In the bug scenario slave server is in stopped state and
      some of the relay logs got deleted but the relay log index
      file is not updated.
      
      During slave server restart replication initialization fails
      as some of the required relay logs are missing. User
      executes RESET SLAVE/RESET SLAVE ALL command to start a
      clean slave. As per the documentation RESET SLAVE command
      clears the master info and relay log info repositories,
      deletes all the relay log files, and starts a new relay log
      file. But in a scenario where the slave server's
      Relay_log_info object is not initialized slave will not
      purge the existing relay logs. Hence the index file still
      remains in a bad state. Users will not be able to start
      the slave unless these files are cleared.
      
      Fix:
      ===
      RESET SLAVE/RESET SLAVE ALL commands should do the cleanup
      even in a scenario where Relay_log_info object
      initialization failed.
      
      Backported a flag named 'error_on_rli_init_info' which is
      required to identify slave's Relay_log_info object
      initialization failure. This flag exists in MySQL-5.6
      onwards as part of BUG#14021292 fix.
      
      During RESET SLAVE/RESET SLAVE ALL execution this flag
      indicates the Relay_log_info initialization failure.
      In such a case open the relay log index/relay log files
      and do the required clean up.
      e619295e
  16. 27 Feb, 2017 2 commits
  17. 24 Feb, 2017 1 commit
    • Arun Kuruvila's avatar
      Bug#25608828: I_MAIN.VARIABLES-BUG21503595 FAILS · 18b3aa11
      Arun Kuruvila authored
                    SPORADICALLY ON PB2-5.5 FOR LINUX-VALGRIND
      
      Description: Sporadic failure of variables-bug21503595 test
      on pb2-5.5 for linux-valgrind platform.
      
      Fix: This is a issue related to libc and not related to
      MySQL code. During dlclose few blocks of memory left
      unfreed. This is a known issue in libc and needs to be
      suppressed.
      
      Fix: Added a valgrind suppression.
      18b3aa11
  18. 23 Feb, 2017 2 commits
    • Dyre Tjeldvoll's avatar
      Bug#25514146: DB_NAME IS IGNORED WHEN CREATING TABLE WITH DATA DIRECTORY · 7849a27c
      Dyre Tjeldvoll authored
      Problem: CREATE TABLE using a fully qualified name with INDEX DIR/DATA DIR
      option reports an error when the current database is not SET.
      
      check_access() was incorrectly called with NULL as the database
      argument in a situation where the database name was not needed for
      the particular privilege being checked. This will cause the current
      database to be used, or an error to be reported if there is no current
      database.
      
      Fix: Call check_access() with any_db as the database argument in this situation.
      7849a27c
    • Ajo Robert's avatar
      Bug#23195404 EXCESSIVE MEMORY CAN BE USED BY THE QUOTE() · b21a0212
      Ajo Robert authored
      			  STRING FUNCTION
      
      Fix:
      =======
      Added code in QUOTE string function to honor max_allowed_packet.
      b21a0212
  19. 16 Feb, 2017 1 commit
  20. 14 Feb, 2017 1 commit
  21. 13 Feb, 2017 1 commit
    • Terje Rosten's avatar
      Bug#25144379 MYSQLD PROCESS DOES NOT INCLUDE FULL PATH WHEN STARTING MYSQL SERVER · b7f33d22
      Terje Rosten authored
      Fix of Bug#25088048 caused paths to be relative, not absolute, this
      proved to be problematic.
      
      Fix is to still ignore current working directory, however switch to
      using full path of basedir, which is set to parent directory of bin/
      directory where mysqld_safe is located.
      
      References to legacy tool mysql_print_defaults are removed, only
      my_print_defaults is used these days.
      
      This will also fix:
        Bug#11745176 (11192) MYSQLD_SAFE ONLY EVALUATES --DEFAULTS-FILE OPTION WHEN IT IS THE FIRST OP
        Bug#23013510 (80866) MYSQLD_SAFE SHOULD NOT SEARCH $MY_BASEDIR_VERSION/VAR AS DATADIR
        Bug#25244898 (84173) MYSQLD_SAFE --NO-DEFAULTS & SILENTLY DOES NOT WORK ANY MORE
        Bug#25261472 (84219) INITSCRIPT ERRORS WHEN LAUCHING MYSQLD_SAFE IN NON DEFAULT BASEDIR
        Bug#25319392 (84263) MYSQL.SERVER (MYSQL SERVER STARTUP SCRIPT) CAN NOT WORK,AND EXPORT SOME ERROR.
        Bug#25319457         MYSQLD_SAFE MIGHT FAIL IF $DATADIR HAS TRAILING /
        Bug#25341981         MYSQLD_SAFE ASSUMES INCORRECT BASEDIR WHEN EXECUTED WITH ABSOLUTE PATH
        Bug#25356221 (84427) MYSQLD_SAFE FAILS TO START WHEN USING A FIFO FOR LOG-ERROR (REGRESSION)
        Bug#25365194 (84447) MYSQLD_SAFE DOESN'T CHECK EXISTENCE OF GIVEN BASEDIR PARAMETER
        Bug#25377815         ERRORS WHILE STARTING MYSQLD_SAFE WITH SYM LINK ENABLED
      b7f33d22
  22. 31 Jan, 2017 1 commit
    • Shishir Jaiswal's avatar
      Bug#24619033 - UNABLE TO START MYSQLD DUE TO CHANGES IN · df6e0160
      Shishir Jaiswal authored
                     MYSQLD_SAFE
      
      DESCRIPTION
      ===========
      Starting a mysql server by running init script:
      /etc/init.d/mysqld start
      
      is failing. This is happening after the changes done in
      script 'mysqld_safe' as a patch to Bug#24464380.
      
      ANALYSIS
      ========
      Say customer's /etc/my.cnf has following content:
      
      [mysqld_safe]
      .
      .
      ledir  = /mysqld_ledir
      mysqld = mysqld_wrapper
      
      Patch to Bug#24464380 prohibits using "mysqld" (and few
      other variables) in config file due to privilege reasons.
      Since mysqld init scripts internally calls 'mysqld_safe'
      script, the existing configuration has started failing.
      
      FIX
      ===
      In the init script, we now pass MYSQLD_OPTS as the first
      argument (expected to be read from /etc/sysconfig/mysqld)
      to mysqld_safe command. This new variable can have all the
      mysqld_safe's special options as a string containing command
      line arguments. For example:
      
      MYSQLD_OPTS=" --ledir=/mysqld_ledir --mysqld=my_wrapper "
      
      NOTE TO THE DOCUMENTATION TEAM
      ==============================
      As mentioned above, the prohibited variables have to be
      moved from /etc/my.cnf to /etc/sysconfig/mysqld as a string
      containing command-line arguments in the form of variable
      MYSQLD_OPTS. We can pass mysqld options as well in this new
      variable which would be further passed to mysqld process.
      df6e0160
  23. 30 Jan, 2017 1 commit
    • Thayumanavar S's avatar
      WL#10287 - Backport WL#7195 to MySQL - 5.5 · 35809da2
      Thayumanavar S authored
      This is backport of WL#7195 to MySQL-5.5. In 5.5, we
      offload connection authentication from the acceptor
      thread to tp worker threads.
      
      Connection authentication happens in the acceptor thread that
      accepts the connection for thread pool plugin. Connection authentication
      involves exchanging packets with client and disk I/O
      which is time consuming. This can cause other client
      connections to starve and wait in the queue possibly increasing the
      connect latency and decreasing throughput. In the worst case, some
      connections could be dropped. n addition, SSL handshakes are quite
      expensive and can stall connections in the accept queue.
      
      This patch offloads connection authentication when thread pool
      plugin is used for client connection. Each thread group
      shall have a queue of connection_context objects, which represents
      new connections that need to be processed by thread group threads.
      The connection context is composed of THD object & list pointers
      for intrusive queue implementation. Whenever a new connection
      arrives, connection context object is created and added to the
      queue. A new connect handler thread is created or woken up to handle
      the authentication task. The worker thread loop is modified to
      process connection events on connect handler threads in addition to
      checking for query processing events. The initial number of connect
      handler threads is one per thread group and it is restricted to
      a maximum of 4 threads per thread group.
      35809da2
  24. 17 Jan, 2017 2 commits
  25. 06 Jan, 2017 2 commits
  26. 03 Jan, 2017 1 commit
  27. 22 Dec, 2016 1 commit
    • Shishir Jaiswal's avatar
      Bug#11751149 - TRYING TO START MYSQL WHILE ANOTHER INSTANCE · e00810b9
      Shishir Jaiswal authored
                     IS STARTING: CONFUSING ERROR
      
      DESCRIPTION
      ===========
      When mysql server processes transactions but has not yet
      committed and shuts down abnormally (due to crash, external
      killing etc.), a recovery is due from Storage engine side
      which takes place the next time mysql server (either
      through mysqld or mysqld_safe) is run.
      
      While the 1st server is in mid of recovery, if another
      instance of mysqld_safe is made to run, it may result into
      2nd instance killing the 1st one after a moment.
      
      ANALYSIS
      ========
      In the "while true" loop, we've a check (which is done
      after the server stops) for the existence of pid file to
      enquire if it was a normal shutdown or not. If the file is
      absent, it means that the graceful exit of server had
      removed this file.
      
      However if the file is present, the scripts makes a plain
      assumption that this file is leftover of the "current"
      server. It misses to consider that it could be a valid pid
      file belonging to another running mysql server.
      
      We need to add more checks in the latter case. The script
      should extract the PID from this existing file and check if
      its running or not. If yes, it means an older instance of
      mysql server is running and hence the script should abort.
      
      FIX
      ===
      Checking the status of process (alive or not) by adding a
      @CHECK_PID@ in such a case. Aborting if its alive. Detailed
      logic is as follows:
      
      - The mysqld_safe script would quit at start only as soon
      as it finds that there is an active PID i.e. a mysql server
      is already running.
      - The PID file creation takes place after InnoDb recovery,
      which means in rare case (when PID file isn't created yet)
      it may happen that more than 1 server can come up but even
      in that case others will have to wait till the 1st server
      has released the acquired InnoDb lock. In this case all
      these servers will either TIMEOUT waiting for InnoDb lock
      or after this they would find that the 1st server is
      already running (by reading $pid_file) and would abort.
      - Our core fix is that we now check the status of mysql
      server process (alive or not) after the server stops
      running within the loop of "run -> shutdown/kill/abort ->
      run ... ", so that only the script who owns the mysql
      server would be able to bring it down if required.
      
      NOTE
      ====
      Removed the deletion of pid file and socket file from entry
      of the loop, as it may result in 2nd instance deleting
      these files created by 1st instance in RACE condition.
      Compensated this by deleting these files at end of the loop
      
      Reverted the changes made in patch to Bug#16776528. So
      after this patch is pushed, the concept of mysqld_safe.pid
      would go altogether. This was required as the script was
      deleting other instance's mysqld_safe.pid allowing multiple
      mysqld_safe instances to run in parallel. This patch would
      fix Bug#16776528 as well as the resources would be guarded
      anyway by InnoDb lock + our planned 5.7 patch.
      e00810b9
  28. 19 Dec, 2016 1 commit
  29. 13 Dec, 2016 1 commit
    • Sreeharsha Ramanavarapu's avatar
      Bug #24595937: INCORRECT BEHAVIOR WHEN LOADING DATA TO VIEW · 30a59a8d
      Sreeharsha Ramanavarapu authored
      Issue:
      ------
      While using the LOAD statement to insert data into an
      updateable view, the check to verify whether a column
      is actually updatable is missing.
      
      Solution for 5.5 and 5.6:
      -------------------------
      For a view whose column-list in specified in the LOAD
      command, this check is not performed. This fix adds the
      check.
      
      This is a partial backport of Bug#21097485.
      
      Solution for 5.7 and trunk:
      ---------------------------
      For a view whose column-list is specified in the LOAD
      command, this check is already performed. This fix adds the
      same check when no column-list is specified.
      30a59a8d
  30. 12 Dec, 2016 1 commit
  31. 06 Dec, 2016 1 commit