1. 29 Jul, 2010 2 commits
    • unknown's avatar
      Manual merge · cb63e6d0
      unknown authored
      cb63e6d0
    • unknown's avatar
      BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave · 2124538d
      unknown authored
      /*![:version:] Query Code */, where [:version:] is a sequence of 5 
      digits representing the mysql server version(e.g /*!50200 ... */),
      is a special comment that the query in it can be executed on those 
      servers whose versions are larger than the version appearing in the 
      comment. It leads to a security issue when slave's version is larger 
      than master's. A malicious user can improve his privileges on slaves. 
      Because slave SQL thread is running with SUPER privileges, so it can
      execute queries that he/she does not have privileges on master.
      
      This bug is fixed with the logic below: 
      - To replace '!' with ' ' in the magic comments which are not applied on
        master. So they become common comments and will not be applied on slave.
      
      - Example:
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
        will be binlogged as
        'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
      
      mysql-test/suite/rpl/t/rpl_conditional_comments.test:
        Test the patch for this bug.
      sql/mysql_priv.h:
        Rename inBuf as rawBuf and remove the const limitation.
      sql/sql_lex.cc:
        To replace '!' with ' ' in the magic comments which are not applied on
        master.
      sql/sql_lex.h:
        Remove the const limitation on parameter buff, as it can be modified in the function since
        this patch.
        Add member function yyUnput for Lex_input_stream. It set a character back the query buff.
      sql/sql_parse.cc:
        Rename inBuf as rawBuf and remove the const limitation.
      sql/sql_partition.cc:
        Remove the const limitation on parameter part_buff, as it can be modified in the function since
        this patch.
      sql/sql_partition.h:
        Remove the const limitation on parameter part_buff, as it can be modified in the function since
        this patch.
      sql/table.h:
        Remove the const limitation on variable partition_info, as it can be modified since
        this patch.
      2124538d
  2. 28 Jul, 2010 1 commit
  3. 26 Jul, 2010 4 commits
  4. 24 Jul, 2010 4 commits
  5. 23 Jul, 2010 3 commits
  6. 22 Jul, 2010 2 commits
  7. 21 Jul, 2010 11 commits
  8. 20 Jul, 2010 13 commits
    • Davi Arnaut's avatar
      Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5 · 7f87c8f0
      Davi Arnaut authored
                 due to GCC preprocessor change
            
      Addendum for trunk: add -DMYSQL_ABI_CHECK to the cmake ABI check.
      7f87c8f0
    • Davi Arnaut's avatar
      Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5 · 70822d52
      Davi Arnaut authored
                 due to GCC preprocessor change
      
      Addendum for trunk: do not include system header when checking
      the ABI.
      70822d52
    • Davi Arnaut's avatar
      182599dd
    • Davi Arnaut's avatar
      Bug#45288: pb2 returns a lot of compilation warnings on linux · 9a5fa17f
      Davi Arnaut authored
      Fix warnings flagged by the new warning option -Wunused-but-set-variable
      that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
      option causes a warning whenever a local variable is assigned to but is
      later unused. It also warns about meaningless pointer dereferences.
      
      client/mysql.cc:
        Meaningless pointer dereferences.
      client/mysql_upgrade.c:
        Check whether reading from the file succeeded.
      extra/comp_err.c:
        Unused.
      extra/yassl/src/yassl_imp.cpp:
        Skip instead of reading data that is discarded.
      include/my_pthread.h:
        Variable is only used in debug builds.
      include/mysys_err.h:
        Add new error messages.
      mysys/errors.c:
        Add new error message for permission related functions.
      mysys/mf_iocache.c:
        Variable is only checked under THREAD.
      mysys/my_copy.c:
        Raise a error if chmod or chown fails.
      mysys/my_redel.c:
        Raise a error if chmod or chown fails.
      regex/engine.c:
        Use a equivalent variable for the assert.
      server-tools/instance-manager/instance_options.cc:
        Unused.
      sql/field.cc:
        Unused.
      sql/item.cc:
        Unused.
      sql/log.cc:
        Do not ignore the return value of freopen: only set buffer if
        reopening succeeds.
        
        Adjust doxygen comment to the right function.
        
        Pass message lenght to log function.
      sql/mysqld.cc:
        Do not ignore the return value of freopen: only set buffer if
        reopening succeeds.
      sql/partition_info.cc:
        Unused.
      sql/slave.cc:
        No need to set pointer to the address of '\0'.
      sql/spatial.cc:
        Unused. Left for historical purposes.
      sql/sql_acl.cc:
        Unused.
      sql/sql_base.cc:
        Pointers are always set to the same variables.
      sql/sql_parse.cc:
        End statement if reading fails.
        
        Store the buffer after it has actually been updated.
      sql/sql_repl.cc:
        No need to set pointer to the address of '\0'.
      sql/sql_show.cc:
        Put variable under the same ifdef block.
      sql/udf_example.c:
        Set null pointer flag appropriately.
      storage/csv/ha_tina.cc:
        Meaningless dereferences.
      storage/example/ha_example.cc:
        Return the error since it's available.
      storage/myisam/mi_locking.c:
        Remove unused and dead code.
      9a5fa17f
    • Davi Arnaut's avatar
      Fix tree name. · 77419463
      Davi Arnaut authored
      77419463
    • Davi Arnaut's avatar
      508d060d
    • Davi Arnaut's avatar
      182d1dd8
    • Davi Arnaut's avatar
      Bug#52514: mysql 5.1 do_abi_check does not compile w/ gcc4.5 · c36fee08
      Davi Arnaut authored
                 due to GCC preprocessor change
            
      The problem is that newer GCC versions treats missing headers
      as fatal errors. The solution is to use a guard macro to prevent
      the inclusion of system headers when checking the ABI with the
      C Preprocessor.
      
      Reference: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15638
                 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44836
      
      Makefile.am:
        Define guard macro.
      configure.in:
        Remove workaround.
      include/mysql.h:
        Guard the header inclusion.
      include/mysql.h.pp:
        Header is not included anymore.
      c36fee08
    • Davi Arnaut's avatar
      Bug#54453: Failing assertion: trx->active_trans when renaming a · b0035c76
      Davi Arnaut authored
                 table with active trx
      
      Essentially, the problem is that InnoDB does a implicit commit
      when a cursor (table handler) is unlocked/closed, creating
      a dissonance between the transaction state within the server
      layer and the storage engine layer. Theoretically, a statement
      transaction can encompass several table instances in a similar
      manner to a multiple statement transaction, hence it does not
      make sense to limit a statement transaction to the lifetime of
      the table instances (cursors) used within it.
      
      Since this particular instance of the problem is only triggerable
      on 5.1 and is masked on 5.5 due 2PC being skipped (assertion is in
      the prepare phase of a 2PC), the solution (which is less risky) is
      to explicitly end the transaction before the cached table is unlock
      on rename table.
      
      The patch is to be null merged into trunk.
      
      mysql-test/include/commit.inc:
        Fix counters, the binlog engine does not get involved anymore.
      mysql-test/suite/innodb_plugin/r/innodb_bug54453.result:
        Add test case result for Bug#54453
      mysql-test/suite/innodb_plugin/t/innodb_bug54453.test:
        Add test case for Bug#54453
      sql/sql_table.cc:
        End transaction as otherwise InnoDB will end it behind our backs.
      b0035c76
    • Sven Sandberg's avatar
      BUG#55322: SHOW BINLOG EVENTS increases @@SESSION.MAX_ALLOWED_PACKET · 689a96fc
      Sven Sandberg authored
      Problem: when SHOW BINLOG EVENTS was issued, it increased the value of
      @@session.max_allowed_packet. This allowed a non-root user to increase
      the amount of memory used by her thread arbitrarily. Thus, it removes
      the bound on the amount of system resources used by a client, so it
      presents a security risk (DoS attack).
      
      Fix: it is correct to increase the value of @@session.max_allowed_packet
      while executing SHOW BINLOG EVENTS (see BUG 30435). However, the
      increase should only be temporary. Thus, the fix is to restore the value
      when SHOW BINLOG EVENTS ends.
      The value of @@session.max_allowed_packet is also increased in
      mysql_binlog_send (i.e., the binlog dump thread). It is not clear if this
      can cause any trouble, since normally the client that issues
      COM_BINLOG_DUMP will not issue any other commands that would be affected
      by the increased value of @@session.max_allowed_packet. However, we
      restore the value just in case.
      
      
      mysql-test/suite/rpl/r/rpl_packet.result:
        update result file
      mysql-test/suite/rpl/t/rpl_packet.test:
        Add test that verifies that @@session.max_allowed_packet does not change
        when issuing SHOW BINLOG EVENTS.
        Make previous sub-test clean up.
        Add comments listing the bugs in this test case.
      sql/sql_repl.cc:
        Restore the old value of thd->variables.max_allowed_packet at the
        end of mysql_binlog_send and mysql_show_binlog_events.
      689a96fc
    • Jonathan Perkin's avatar
      Revert the ndb removal for now. · 74d67316
      Jonathan Perkin authored
      74d67316
    • Alexander Nozdrin's avatar
      Auto-merge from mysql-trunk-bugfixing. · 0974a9b2
      Alexander Nozdrin authored
      0974a9b2
    • Alexander Nozdrin's avatar
      Auto-merge from mysql-trunk-merge. · fdfbb829
      Alexander Nozdrin authored
      fdfbb829