1. 06 Feb, 2017 1 commit
    • Jan Lindström's avatar
      MDEV-11759: Encryption code in MariaDB 10.1/10.2 causes · ddf2fac7
      Jan Lindström authored
      compatibility problems
      
      Pages that are encrypted contain post encryption checksum on
      different location that normal checksum fields. Therefore,
      we should before decryption check this checksum to avoid
      unencrypting corrupted pages. After decryption we can use
      traditional checksum check to detect if page is corrupted
      or unencryption was done using incorrect key.
      
      Pages that are page compressed do not contain any checksum,
      here we need to fist unencrypt, decompress and finally
      use tradional checksum check to detect page corruption
      or that we used incorrect key in unencryption.
      
      buf0buf.cc: buf_page_is_corrupted() mofified so that
      compressed pages are skipped.
      
      buf0buf.h, buf_block_init(), buf_page_init_low():
      removed unnecessary page_encrypted, page_compressed,
      stored_checksum, valculated_checksum fields from
      buf_page_t
      
      buf_page_get_gen(): use new buf_page_check_corrupt() function
      to detect corrupted pages.
      
      buf_page_check_corrupt(): If page was not yet decrypted
      check if post encryption checksum still matches.
      If page is not anymore encrypted, use buf_page_is_corrupted()
      traditional checksum method.
      
      If page is detected as corrupted and it is not encrypted
      we print corruption message to error log.
      If page is still encrypted or it was encrypted and now
      corrupted, we will print message that page is
      encrypted to error log.
      
      buf_page_io_complete(): use new buf_page_check_corrupt()
      function to detect corrupted pages.
      
      buf_page_decrypt_after_read(): Verify post encryption
      checksum before tring to decrypt.
      
      fil0crypt.cc: fil_encrypt_buf() verify post encryption
      checksum and ind fil_space_decrypt() return true
      if we really decrypted the page.
      
      fil_space_verify_crypt_checksum(): rewrite to use
      the method used when calculating post encryption
      checksum. We also check if post encryption checksum
      matches that traditional checksum check does not
      match.
      
      fil0fil.ic: Add missed page type encrypted and page
      compressed to fil_get_page_type_name()
      
      Note that this change does not yet fix innochecksum tool,
      that will be done in separate MDEV.
      
      Fix test failures caused by buf page corruption injection.
      ddf2fac7
  2. 31 Jan, 2017 6 commits
  3. 27 Jan, 2017 4 commits
    • Marko Mäkelä's avatar
      Merge 10.0 into 10.1 (test-only changes) · 1ebfecee
      Marko Mäkelä authored
      Adjust the 10.1 tests innodb.doublewrite and innodb.101_compatibility
      in the same way.
      1ebfecee
    • Marko Mäkelä's avatar
      Clean up a few tests that kill the server. · 4e82aaab
      Marko Mäkelä authored
      As noted in MDEV-8841, any test that kills the server must issue
      FLUSH TABLES, so that tables of crash-unsafe storage engines will
      not be corrupted. Consistently issue this statement after any
      call mtr.add_suppression() calls.
      
      Also, do not invoke shutdown_server directly, but use helpers instead.
      4e82aaab
    • Marko Mäkelä's avatar
      MDEV-11814 test fix · ea9caea8
      Marko Mäkelä authored
      Do not kill the server after call mtr.add_suppression(), because
      the procedure modifies a crash-unsafe table, and we do not want to
      corrupt that table.
      ea9caea8
    • Marko Mäkelä's avatar
      MDEV-11233 CREATE FULLTEXT INDEX with a token longer than 127 bytes · 732672c3
      Marko Mäkelä authored
      crashes server
      
      This bug is the result of merging the Oracle MySQL follow-up fix
      BUG#22963169 MYSQL CRASHES ON CREATE FULLTEXT INDEX
      without merging the base bug fix:
      Bug#79475 Insert a token of 84 4-bytes chars into fts index causes
      server crash.
      
      Unlike the above mentioned fixes in MySQL, our fix will not change
      the storage format of fulltext indexes in InnoDB or XtraDB
      when a character encoding with mbmaxlen=2 or mbmaxlen=3
      and the length of a word is between 128 and 84*mbmaxlen bytes.
      The Oracle fix would allocate 2 length bytes for these cases.
      
      Compatibility with other MySQL and MariaDB releases is ensured by
      persisting the used maximum length in the SYS_COLUMNS table in the
      InnoDB data dictionary.
      
      This fix also removes some unnecessary strcmp() calls when checking
      for the legacy default collation my_charset_latin1
      (my_charset_latin1.name=="latin1_swedish_ci").
      
      fts_create_one_index_table(): Store the actual length in bytes.
      This metadata will be written to the SYS_COLUMNS table.
      
      fts_zip_initialize(): Initialize only the first byte of the buffer.
      Actually the code should not even care about this first byte, because
      the length is set as 0.
      
      FTX_MAX_WORD_LEN: Define as HA_FT_MAXCHARLEN * 4 aka 336 bytes,
      not as 254 bytes.
      
      row_merge_create_fts_sort_index(): Set the actual maximum length of the
      column in bytes, similar to fts_create_one_index_table().
      
      row_merge_fts_doc_tokenize(): Remove the redundant parameter word_dtype.
      Use the actual maximum length of the column. Calculate the extra_size
      in the same way as row_merge_buf_encode() does.
      732672c3
  4. 26 Jan, 2017 5 commits
  5. 25 Jan, 2017 3 commits
  6. 23 Jan, 2017 3 commits
  7. 22 Jan, 2017 1 commit
  8. 20 Jan, 2017 2 commits
  9. 19 Jan, 2017 2 commits
  10. 18 Jan, 2017 1 commit
  11. 17 Jan, 2017 12 commits
    • Sergei Golubchik's avatar
      connect zip bug fix · fbcdc343
      Sergei Golubchik authored
      fbcdc343
    • Sergei Golubchik's avatar
      Merge branch '10.0' into 10.1 · f7d03048
      Sergei Golubchik authored
      f7d03048
    • Sergei Golubchik's avatar
      MDEV-11601 Out-of-bounds string access in create_schema_table() · f797ea71
      Sergei Golubchik authored
      in Item_partition_func_safe_string(THD *thd, const char *name_arg,
      uint length, CHARSET_INFO *cs= NULL), the 'name_arg' is the value
      of the string constant and 'length' is the length of this constant,
      so length == strlen(name_arg).
      f797ea71
    • Sergei Golubchik's avatar
      MDEV-11698 Old Bug possibly not fixed; BEFORE INSERT Trigger on NOT NULL · ef8003eb
      Sergei Golubchik authored
      check_that_all_fields_are_given_values() relied on write_set,
      but was run too early, before triggers updated write_set.
      
      also, when triggers are present, fields might get values conditionally,
      so we need to check that all fields are given values for every row.
      ef8003eb
    • Sergei Golubchik's avatar
      selinux fixes for 10.0->10.1 merge · e79e8406
      Sergei Golubchik authored
      1. don't put generated files into ${CMAKE_CURRENT_SOURCE_DIR}
      2. policy file name must match the module name (Fedora 24 requirement)
      e79e8406
    • Kristian Nielsen's avatar
      mysql_install_db enhancements to facilitate Debian bug#848616 fix · 736afe86
      Kristian Nielsen authored
      In Debian, the default install is made more secure by omitting the anonymous
      user and by making the root account authenticate by unix socket
      authentication instead of the default password-less root. However, Debian
      hard-codes this change in mysql_install_db, which breaks that program for
      other users.
      
      This commit instead implements new general options for mysql_install_db that
      can be used by anyone to similarly perform a more secure install:
      
        --skip-auth-anonymous-user: omits the anonymous user.
      
        --auth-root-authentication-method=normal: Keeps the existing behaviour
          with a password-less root account. Currently on by default.
      
        --auth-root-socket-user=USER
        --auth-root-authentication-method=socket: creates the MariaDB root user
          with the name USER (defaults to 'root') and using unix socket
          authentication. This way, only that user has MariaDB root access
          after install.
      
      The idea with --auth-root-authentication-method=normal is that
      applications that need this behaviour can give that option explicitly.
      Then eventually we could make --auth-root-authentication-method=socket
      the default, giving a more secure default installation.
      
      Note that it is perfectly possible to do a secure install with
      --auth-root-authentication-method=normal. For example, installing a
      private server just for local access by a single OS-level user, by
      using --skip-networking and putting the connection socket in a
      location without public access. So it is important to preserve this
      API for backwards compatibility.
      736afe86
    • Kristian Nielsen's avatar
      Merge branch '10.0' into 10.1 · 719e8113
      Kristian Nielsen authored
      719e8113
    • Sergei Golubchik's avatar
      Merge branch '5.5' into 10.0 · 6728aae3
      Sergei Golubchik authored
      6728aae3
    • Sergei Golubchik's avatar
      e4e801d4
    • Alexey Botchkov's avatar
      MDEV-10956 Strict Password Validation Breaks Replication. · 30a9ac42
      Alexey Botchkov authored
              strict_password_validation variable now has
              no effect in the slave thread.
      30a9ac42
    • Kristian Nielsen's avatar
      MDEV-11811: dual master with parallel replication memory leak in write master · 3e589d4b
      Kristian Nielsen authored
      Gtid_list_log_event::do_apply_event() did not free_root(thd->mem_root).
      It can allocate on this in record_gtid(), and in some scenarios there is
      nothing else that does free_root(), leading to temporary memory leak until
      stop of SQL thread. One scenario is in circular replication with only one
      master active. The active master receives only its own events on the slave,
      all of which are ignored. But whenever the SQL thread catches up with the IO
      thread, a Gtid_list_log_event is applied, leading to the leak.
      3e589d4b
    • Vicențiu Ciorbaru's avatar