1. 19 Oct, 2017 11 commits
  2. 17 Oct, 2017 8 commits
    • Sergei Golubchik's avatar
      Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST, COL), NAME_CONST('NAME', NULL)) · b000e169
      Sergei Golubchik authored
      based on:
      
      commit f7316aa0
      Author: Ajo Robert <ajo.robert@oracle.com>
      Date:   Thu Aug 24 17:03:21 2017 +0530
      
          Bug#26361149  MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST,
                                 COL), NAME_CONST('NAME', NULL))
      
          Backport of Bug#19143243 fix.
      
          NAME_CONST item can return NULL_ITEM type in case of incorrect arguments.
          NULL_ITEM has special processing in Item_func_in function.
          In Item_func_in::fix_length_and_dec an array of possible comparators is
          created. Since NAME_CONST function has NULL_ITEM type, corresponding
          array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE.
          ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(),
          so the NULL_ITEM is attempted compared with an empty comparator.
          The fix is to disable the caching of Item_name_const item.
      b000e169
    • Sergei Golubchik's avatar
      Merge branch 'mysql/5.5' into 5.5 · df5f25fa
      Sergei Golubchik authored
      df5f25fa
    • Sergei Golubchik's avatar
      MDEV-13937 Aria engine: Internal Error 160 after partition handling · b036b6b5
      Sergei Golubchik authored
      Partition wasn't setting HA_OPTION_PACK_RECORD on ALTER TABLE
      if the row format was PAGE.
      
      (so one bit in the null bitmap was reserved for a deleted bit -
      see make_empty_rec - and all actual null bits were one off)
      b036b6b5
    • Sergei Golubchik's avatar
      MDEV-14056 DROP TEMPORARY TABLE IF EXISTS causes error 1290 with read_only option · 19a702a8
      Sergei Golubchik authored
      if it's a DROP TABLE, we cannot detect whether a table is
      temporary by looking in thd->temporary_tables - because the
      table might simply not exist at all.
      19a702a8
    • Sergei Golubchik's avatar
      MDEV-13912 Can't refer the same column twice in one ALTER TABLE · 42171639
      Sergei Golubchik authored
      backport ce6c0e58
      
      MDEV-8960: Can't refer the same column twice in one ALTER TABLE
      
      Problem was that if column was created in alter table when
      it was refered again it was not tried to find from list
      of current columns.
      
      mysql_prepare_alter_table:
        There is two cases
          (1) If alter table adds a new column and then later alter
              changes the field definition, there was no check from
      	list of new columns, instead an incorrect error was given.
          (2) If alter table adds a new column and then later alter
              changes the default, there was no check from list of
      	new columns, instead an incorrect error was given.
      42171639
    • Sergei Golubchik's avatar
      MDEV-13440 mysql_install_db fails with hard-coded langdir · 93144b9e
      Sergei Golubchik authored
      always search in compile-time specified paths
      INSTALL_BINDIR, INSTALL_SBINDIR, INSTALL_MYSQLSHAREDIR. User
      can set them to arbitrary values, it's not enough to search only
      in their usual values of bin, sbin and libexec, share and share/mysql.
      93144b9e
    • Sergei Golubchik's avatar
      cleanup mysql_install_db · 52516706
      Sergei Golubchik authored
      1. detect resolveip location, don' assume it's in $basedir/bin
      2. don't guess $scriptdir to (incorrectly) construct the $0 path
      3. rename find_in_basedir -> find_in_dirs, don't prepend $basedir
         automatically. This allows to use identical path lists in
         find_in_dirs and in cannot_find_file.
      4. move search path lists to CMakeLists.txt to avoid specifying the
         same path list twice (in find_in_dirs and in cannot_find_file).
      52516706
    • Sergei Golubchik's avatar
      MDEV-13459 Warnings, when compiling with gcc-7.x · d76f5774
      Sergei Golubchik authored
      mostly caused by -Wimplicit-fallthrough
      d76f5774
  3. 13 Oct, 2017 6 commits
  4. 10 Oct, 2017 2 commits
  5. 06 Oct, 2017 1 commit
  6. 05 Oct, 2017 1 commit
  7. 02 Oct, 2017 1 commit
    • Marko Mäkelä's avatar
      MDEV-13980 InnoDB fails to discard record lock when discarding an index page · 028d253d
      Marko Mäkelä authored
      btr_cur_pessimistic_delete(): Discard a possible record lock also in
      the case when the record was the only one in the page. Failure to
      do this would corrupt the record lock data structures in a partial
      rollback (ROLLBACK TO SAVEPOINT or rolling back a row operation due
      to some error, such as a duplicate key in a unique secondary index).
      028d253d
  8. 19 Sep, 2017 1 commit
  9. 18 Sep, 2017 2 commits
  10. 13 Sep, 2017 2 commits
    • mysql-builder@oracle.com's avatar
      No commit message · 1da916c3
      mysql-builder@oracle.com authored
      No commit message
      1da916c3
    • Anushree Prakash B's avatar
      Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH · 5ac61b2a
      Anushree Prakash B authored
      DESCRIPTION:
      ===========
      The bug is related to incorrect parsing of SQL queries
      when typed in on the CLI. The incorrect parsing can
      result in unexpected results.
      
      ANALYSIS:
      ========
      The scenarios mainly happens for identifier names
      with a typical combination of backslashes and backticks.
      The incorrect parsing can either result in executing
      additional queries or can result in query truncation.
      This can impact mysqldump as well.
      
      FIX:
      ===
      The fix makes sure that such identifier names are
      correctly parsed and a proper query is sent to the
      server for execution.
      
      (cherry picked from commit 31a372aa1c2b93dc75267d1f05a7f7fca6080dc0)
      5ac61b2a
  11. 24 Aug, 2017 2 commits
    • Ajo Robert's avatar
      Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST, · f7316aa0
      Ajo Robert authored
                             COL), NAME_CONST('NAME', NULL))
      
      Backport of Bug#19143243 fix.
      
      NAME_CONST item can return NULL_ITEM type in case of incorrect arguments.
      NULL_ITEM has special processing in Item_func_in function.
      In Item_func_in::fix_length_and_dec an array of possible comparators is
      created. Since NAME_CONST function has NULL_ITEM type, corresponding
      array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE.
      ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(),
      so the NULL_ITEM is attempted compared with an empty comparator.
      The fix is to disable the caching of Item_name_const item.
      f7316aa0
    • Arun Kuruvila's avatar
      Bug#26482173: TLS CIPHER NEGOTIATION INCORRECTLY MATCHES ON · f2f6025a
      Arun Kuruvila authored
                    LAST BYTE ONLY (YASSL)
      
      
      Description:- TLS cipher negociation happens incorrectly
      leading to the use of a different
      
      Analysis:- YaSSL based MySQL server will compare only the
      last byte of each cipher sent in the Client Hello message.
      This can cause TLS connections to fail, due to the server
      picking a cipher which the client doesn't actually support.
      
      Fix:- A fix for detecting cipher suites with non leading
      zeros is included as YaSSL only supports cipher suites with
      leading zeros.
      f2f6025a
  12. 23 Aug, 2017 3 commits
    • Nisha Gopalakrishnan's avatar
      Bug#26390632: CREATE TABLE CAN CAUSE MYSQL TO EXIT. · be901b60
      Nisha Gopalakrishnan authored
      Analysis
      ========
      CREATE TABLE of InnoDB table with a partition name
      which exceeds the path limit can cause the server
      to exit.
      
      During the preparation of the partition name,
      there was no check to identify whether the complete
      path name for partition exceeds the max supported
      path length, causing the server to exit during
      subsequent processing.
      
      Fix
      ===
      During the preparation of partition name, check and report
      an error if the partition path name exceeds the maximum path
      name limit.
      
      This is a 5.5 patch.
      be901b60
    • Tor Didriksen's avatar
      Bug#19875294 ASSERTION `SRC' FAILED IN MY_STRNXFRM_UNICODE (SIG 6 -STRINGS/CTYPE-UTF8.C:5151) · ebd96c31
      Tor Didriksen authored
      Backport from 5.7 to 5.5 Field_set::val_str()
      should return String("", 0, cs) rather than String(NULL, 0, cs)
      ebd96c31
    • Venkatesh Duggirala's avatar
      Bug#24763131 LOCAL-INFILE DEFAULT SHOULD BE DISABLED · d75f8a17
      Venkatesh Duggirala authored
      Problem & Analysis: Slave's Receiver thread, Applier thread and worker
          threads are created with LOCAL-INFILE option enabled. As the document
          says https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html,
          there are some issues if a thread enables local infile.
          This flag should be enabled with care. But for the above mentioned
          internal threads, server is enabling it at the time of creation.
      
      Fix: Further analysis on the code shows that none of threads really
          need this flag to be enabled at any time as Slave never executes
          "LOAD DATA LOCAL INFILE" after reading it from Relay log.
          Applier thread removes "LOCAL" before start executing the query.
      d75f8a17