Merge 10.2 into 10.3

libmariadb @ b9917238

-Subproject commit 42cb1e442c43902e2866bea38d15f2ed1f5d38b3
+Subproject commit b99172386a740ef0c8136e9a6cd7d9ad9a77b31f

mysql-test/suite/galera/r/galera_fulltext.result

@@ -36,34 +36,6 @@ DROP TABLE t1;
 DROP TABLE ten;
 connection node_1;
 SET @value=REPEAT (1,5001);
-CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-Warnings:
-Warning	1265	Data truncated for column 'a' at row 1
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_2;
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_1;
-DROP TABLE t;
-CREATE TABLE t (a VARCHAR(5000)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-Warnings:
-Warning	1265	Data truncated for column 'a' at row 1
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_2;
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_1;
-DROP TABLE t;
-connection node_1;
-SET @value=REPEAT (1,5001);
 CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb DEFAULT CHARSET=utf8;
 INSERT IGNORE INTO t VALUES(@value);
 Warnings:

mysql-test/suite/galera/t/galera_fulltext.test

@@ -60,29 +60,6 @@ SELECT COUNT(f1) = 1000 FROM t1 WHERE MATCH(f1) AGAINST ('abcdefjhk');
 
 DROP TABLE t1;
 DROP TABLE ten;
-#
-# MDEV-24978 : SIGABRT in __libc_message
-#
---connection node_1
-SET @value=REPEAT (1,5001);
-CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-SELECT COUNT(*) FROM t;
-
---connection node_2
-SELECT COUNT(*) FROM t;
-
---connection node_1
-DROP TABLE t;
-CREATE TABLE t (a VARCHAR(5000)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-SELECT COUNT(*) FROM t;
-
---connection node_2
-SELECT COUNT(*) FROM t;
-
---connection node_1
-DROP TABLE t;
 
 #
 # Case 2: UTF-8

scripts/wsrep_sst_common.sh

@@ -1065,8 +1065,9 @@ check_for_dhparams()
 #
 verify_ca_matches_cert()
 {
-    local ca_path="$1"
-    local cert_path="$2"
+    local ca="$1"
+    local cert="$2"
+    local path=${3:-0}
 
     # If the openssl utility is not installed, then
     # we will not do this certificate check:
@@ -1075,8 +1076,15 @@ verify_ca_matches_cert()
         return
     fi
 
-    if ! "$OPENSSL_BINARY" verify -verbose -CAfile "$ca_path" "$cert_path" >/dev/null 2>&1
-    then
+    local not_match=0
+
+    if [ $path -eq 0 ]; then
+        "$OPENSSL_BINARY" verify -verbose -CAfile "$ca" "$cert" >/dev/null 2>&1 || not_match=1
+    else
+        "$OPENSSL_BINARY" verify -verbose -CApath "$ca" "$cert" >/dev/null 2>&1 || not_match=1
+    fi
+
+    if [ $not_match -eq 1 ]; then
         wsrep_log_error "******** FATAL ERROR ********************************************"
         wsrep_log_error "* The certifcate and CA (certificate authority) do not match.   *"
         wsrep_log_error "* It does not appear that the certificate was issued by the CA. *"

scripts/wsrep_sst_mariabackup.sh

@@ -34,6 +34,7 @@ ssyslog=""
 ssystag=""
 BACKUP_PID=""
 tcert=""
+tpath=0
 tpem=""
 tkey=""
 tmode="DISABLED"
@@ -85,7 +86,6 @@ readonly SECRET_TAG="secret"
 
 # Required for backup locks
 # For backup locks it is 1 sent by joiner
-# 5.6.21 PXC and later can't donate to an older joiner
 sst_ver=1
 
 if [ -n "$(command -v pv)" ] && pv --help | grep -qw -- '-F'; then
@@ -339,64 +339,83 @@ get_transfer()
             fi
         fi
 
+        CN_option=",commonname=''"
+
         if [ $encrypt -eq 2 ]; then
             wsrep_log_info "Using openssl based encryption with socat: with crt and pem"
             if [ -z "$tpem" -o -z "$tcert" ]; then
-                wsrep_log_error "Both PEM and CRT files required"
+                wsrep_log_error \
+                    "Both PEM file and CRT file (or path) are required"
                 exit 22
             fi
             if [ ! -r "$tpem" -o ! -r "$tcert" ]; then
-                wsrep_log_error "Both PEM and CRT files must be readable"
+                wsrep_log_error \
+                    "Both PEM file and CRT file (or path) must be readable"
                 exit 22
             fi
-            verify_ca_matches_cert "$tcert" "$tpem"
-            tcmd="$tcmd,cert='$tpem',cafile='$tcert'$sockopt"
+            verify_ca_matches_cert "$tcert" "$tpem" $tpath
+            if [ $tpath -eq 0 ]; then
+                tcmd="$tcmd,cert='$tpem',cafile='$tcert'"
+            else
+                tcmd="$tcmd,cert='$tpem',capath='$tcert'"
+            fi
             stagemsg="$stagemsg-OpenSSL-Encrypted-2"
-            wsrep_log_info "$action with cert=$tpem, cafile=$tcert"
+            wsrep_log_info "$action with cert=$tpem, ca=$tcert"
         elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then
             wsrep_log_info "Using openssl based encryption with socat: with key and crt"
             if [ -z "$tpem" -o -z "$tkey" ]; then
-                wsrep_log_error "Both certificate and key files required"
+                wsrep_log_error "Both certificate file (or path) " \
+                                "and key file are required"
                 exit 22
             fi
             if [ ! -r "$tpem" -o ! -r "$tkey" ]; then
-                wsrep_log_error "Both certificate and key files must be readable"
+                wsrep_log_error "Both certificate file (or path) " \
+                                "and key file must be readable"
                 exit 22
             fi
             verify_cert_matches_key "$tpem" "$tkey"
             stagemsg="$stagemsg-OpenSSL-Encrypted-3"
             if [ -z "$tcert" ]; then
                 if [ $encrypt -eq 4 ]; then
-                    wsrep_log_error "Peer certificate required if encrypt=4"
+                    wsrep_log_error \
+                        "Peer certificate file (or path) required if encrypt=4"
                     exit 22
                 fi
                 # no verification
-                tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0$sockopt"
+                CN_option=""
+                tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0"
                 wsrep_log_info "$action with cert=$tpem, key=$tkey, verify=0"
             else
                 # CA verification
                 if [ ! -r "$tcert" ]; then
-                    wsrep_log_error "Certificate file must be readable"
+                    wsrep_log_error "Certificate file or path must be readable"
                     exit 22
                 fi
-                verify_ca_matches_cert "$tcert" "$tpem"
+                verify_ca_matches_cert "$tcert" "$tpem" $tpath
                 if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
                     CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'"
-                elif [ $encrypt -eq 4 ]; then
+                elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ]
+                then
                     CN_option=",commonname=''"
                 elif is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED"; then
                     CN_option=',commonname=localhost'
                 else
                     CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'"
                 fi
-                tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'$CN_option$sockopt"
-                wsrep_log_info "$action with cert=$tpem, key=$tkey, cafile=$tcert"
+                if [ $tpath -eq 0 ]; then
+                    tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'"
+                else
+                    tcmd="$tcmd,cert='$tpem',key='$tkey',capath='$tcert'"
+                fi
+                wsrep_log_info "$action with cert=$tpem, key=$tkey, ca=$tcert"
             fi
         else
             wsrep_log_info "Unknown encryption mode: encrypt=$encrypt"
             exit 22
         fi
 
+        tcmd="$tcmd$CN_option$sockopt"
+
         if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then
             tcmd="$tcmd stdio"
         fi
@@ -473,6 +492,12 @@ check_server_ssl_config()
                            "of the tca, tcert and/or tkey in the [sst] section"
         fi
     fi
+    if [ -n "$tcert" ]; then
+       tcert=$(trim_string "$tcert")
+       if [ "${tcert%/}" != "$tcert" ]; then
+           tpath=1
+       fi
+    fi
 }
 
 read_cnf()

scripts/wsrep_sst_rsync.sh

@@ -236,11 +236,18 @@ check_server_ssl_config()
 SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:])
 
 # no old-style SSL config in [sst], check for new one:
-if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]
-then
+if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then
     check_server_ssl_config
 fi
 
+SSTPATH=0
+if [ -n "$SSTCA" ]; then
+   SSTCA=$(trim_string "$SSTCA")
+   if [ "${SSTCA%/}" != "$SSTCA" ]; then
+       SSTPATH=1
+   fi
+fi
+
 if [ -z "$SSLMODE" ]; then
     # Implicit verification if CA is set and the SSL mode
     # is not specified by user:
@@ -254,9 +261,19 @@ if [ -z "$SSLMODE" ]; then
     fi
 fi
 
-if [ -n "$SSTCA" ]
-then
-    CAFILE_OPT="CAfile = $SSTCA"
+if [ -n "$SSTCERT" -a -n "$SSTKEY" ]; then
+    verify_cert_matches_key "$SSTCERT" "$SSTKEY"
+fi
+
+if [ -n "$SSTCA" ]; then
+    if [ $SSTPATH -eq 0 ]; then
+        CAFILE_OPT="CAfile = $SSTCA"
+    else
+        CAFILE_OPT="CApath = $SSTCA"
+    fi
+    if [ -n "$SSTCERT" ]; then
+        verify_ca_matches_cert "$SSTCA" "$SSTCERT" $SSTPATH
+    fi
 else
     CAFILE_OPT=""
 fi
@@ -272,38 +289,38 @@ then
         ;;
     'VERIFY_CA')
         VERIFY_OPT='verifyChain = yes'
-        if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
-            CHECK_OPT="checkHost = $WSREP_SST_OPT_REMOTE_USER"
-        else
-            # check if the address is an ip-address (v4 or v6):
-            if echo "$WSREP_SST_OPT_HOST_UNESCAPED" | \
-               grep -q -E '^([0-9]+(\.[0-9]+){3}|[0-9a-fA-F]*(\:[0-9a-fA-F]*)+)$'
-            then
-                CHECK_OPT="checkIP = $WSREP_SST_OPT_HOST_UNESCAPED"
-            else
-                CHECK_OPT="checkHost = $WSREP_SST_OPT_HOST"
-            fi
-            if is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED"; then
-                CHECK_OPT_LOCAL="checkHost = localhost"
-            fi
-        fi
         ;;
     *)
         wsrep_log_error "Unrecognized ssl-mode option: '$SSLMODE'"
         exit 22 # EINVAL
         ;;
     esac
-    if [ -z "$CAFILE_OPT" ]; then
-        wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file"
+    if [ -z "$SSTCA" ]; then
+        wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path"
         exit 22 # EINVAL
     fi
+    if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
+        CHECK_OPT="checkHost = $WSREP_SST_OPT_REMOTE_USER"
+    elif [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then
+        # check if the address is an ip-address (v4 or v6):
+        if echo "$WSREP_SST_OPT_HOST_UNESCAPED" | \
+           grep -q -E '^([0-9]+(\.[0-9]+){3}|[0-9a-fA-F]*(\:[0-9a-fA-F]*)+)$'
+        then
+            CHECK_OPT="checkIP = $WSREP_SST_OPT_HOST_UNESCAPED"
+        else
+            CHECK_OPT="checkHost = $WSREP_SST_OPT_HOST"
+        fi
+        if is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED"; then
+            CHECK_OPT_LOCAL="checkHost = localhost"
+        fi
+    fi
 fi
 
 STUNNEL=""
 if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then
     STUNNEL_BIN="$(command -v stunnel)"
     if [ -n "$STUNNEL_BIN" ]; then
-        wsrep_log_info "Using stunnel for SSL encryption: CAfile: '$SSTCA', ssl-mode='$SSLMODE'"
+        wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA', ssl-mode='$SSLMODE'"
         STUNNEL="$STUNNEL_BIN $STUNNEL_CONF"
     fi
 fi

storage/innobase/handler/ha_innodb.cc

@@ -6609,8 +6609,8 @@ wsrep_innobase_mysql_sort(
 	case MYSQL_TYPE_LONG_BLOB:
 	case MYSQL_TYPE_VARCHAR:
 	{
-		uchar *tmp_str;
-		uint tmp_length;
+		uchar tmp_str[REC_VERSION_56_MAX_INDEX_COL_LEN] = {'\0'};
+		uint tmp_length = REC_VERSION_56_MAX_INDEX_COL_LEN;
 
 		/* Use the charset number to pick the right charset struct for
 		the comparison. Since the MySQL function get_charset may be
@@ -6633,12 +6633,7 @@ wsrep_innobase_mysql_sort(
 			}
 		}
 
-		// Note that strnxfrm may change length of string
-		tmp_length= charset->coll->strnxfrmlen(charset, str_length);
-		tmp_length= tmp_length * charset->mbmaxlen;
-		tmp_length= ut_max(str_length, tmp_length) + charset->mbmaxlen;
-		tmp_str= static_cast<uchar *>(ut_malloc_nokey(tmp_length));
-		ut_ad(str_length <= tmp_length);
+		ut_a(str_length <= tmp_length);
 		memcpy(tmp_str, str, str_length);
 
 		tmp_length = charset->coll->strnxfrm(charset, str, str_length,
@@ -6662,7 +6657,6 @@ wsrep_innobase_mysql_sort(
 			ret_length = tmp_length;
 		}
 
-		ut_free(tmp_str);
 		break;
 	}
 	case MYSQL_TYPE_DECIMAL :
@@ -7014,7 +7008,7 @@ wsrep_store_key_val_for_row(
 	THD* 		thd,
 	TABLE*		table,
 	uint		keynr,	/*!< in: key number */
-	uchar*		buff,	/*!< in/out: buffer for the key value (in MySQL
+	char*		buff,	/*!< in/out: buffer for the key value (in MySQL
 				format) */
 	uint		buff_len,/*!< in: buffer length */
 	const uchar*	record,
@@ -7023,7 +7017,7 @@ wsrep_store_key_val_for_row(
 	KEY*		key_info	= table->key_info + keynr;
 	KEY_PART_INFO*	key_part	= key_info->key_part;
 	KEY_PART_INFO*	end		= key_part + key_info->user_defined_key_parts;
-	uchar*		buff_start	= buff;
+	char*		buff_start	= buff;
 	enum_field_types mysql_type;
 	Field*		field;
 	uint buff_space = buff_len;
@@ -7035,8 +7029,7 @@ wsrep_store_key_val_for_row(
 
 	for (; key_part != end; key_part++) {
 
-		uchar *sorted=NULL;
-		uint  max_len=0;
+		uchar sorted[REC_VERSION_56_MAX_INDEX_COL_LEN] = {'\0'};
 		ibool part_is_null = FALSE;
 
 		if (key_part->null_bit) {
@@ -7115,14 +7108,10 @@ wsrep_store_key_val_for_row(
 				true_len = key_len;
 			}
 
-			max_len= true_len;
-			sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 			memcpy(sorted, data, true_len);
 			true_len = wsrep_innobase_mysql_sort(
 				mysql_type, cs->number, sorted, true_len,
-				max_len);
-			ut_ad(true_len <= max_len);
-
+				REC_VERSION_56_MAX_INDEX_COL_LEN);
 			if (wsrep_protocol_version > 1) {
 				/* Note that we always reserve the maximum possible
 				length of the true VARCHAR in the key value, though
@@ -7207,13 +7196,11 @@ wsrep_store_key_val_for_row(
 				true_len = key_len;
 			}
 
-			max_len= true_len;
-			sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 			memcpy(sorted, blob_data, true_len);
 			true_len = wsrep_innobase_mysql_sort(
 				mysql_type, cs->number, sorted, true_len,
-				max_len);
-			ut_ad(true_len <= max_len);
+				REC_VERSION_56_MAX_INDEX_COL_LEN);
+
 
 			/* Note that we always reserve the maximum possible
 			length of the BLOB prefix in the key value. */
@@ -7289,14 +7276,10 @@ wsrep_store_key_val_for_row(
 								cs->mbmaxlen),
 							&error);
 				}
-
-				max_len= true_len;
-				sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 				memcpy(sorted, src_start, true_len);
 				true_len = wsrep_innobase_mysql_sort(
 					mysql_type, cs->number, sorted, true_len,
-					max_len);
-				ut_ad(true_len <= max_len);
+					REC_VERSION_56_MAX_INDEX_COL_LEN);
 
 				if (true_len > buff_space) {
 					fprintf (stderr,
@@ -7311,11 +7294,6 @@ wsrep_store_key_val_for_row(
 			buff       += true_len;
 			buff_space -= true_len;
 		}
-
-		if (sorted) {
-			ut_free(sorted);
-			sorted= NULL;
-		}
 	}
 
 	ut_a(buff <= buff_start + buff_len);
@@ -10423,7 +10401,7 @@ wsrep_append_key(
 	THD		*thd,
 	trx_t 		*trx,
 	TABLE_SHARE 	*table_share,
-	const uchar*	key,
+	const char*	key,
 	uint16_t        key_len,
 	wsrep_key_type	key_type	/*!< in: access type of this key
 					(shared, exclusive, semi...) */
@@ -10527,8 +10505,8 @@ ha_innobase::wsrep_append_keys(
 
 	if (wsrep_protocol_version == 0) {
 		uint	len;
-		uchar 	keyval[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-		uchar 	*key 		= &keyval[0];
+		char 	keyval[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+		char 	*key 		= &keyval[0];
 		ibool    is_null;
 
 		len = wsrep_store_key_val_for_row(
@@ -10559,18 +10537,18 @@ ha_innobase::wsrep_append_keys(
 
 		for (i=0; i<table->s->keys; ++i) {
 			uint  len;
-			uchar  keyval0[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-			uchar  keyval1[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-			uchar* key0 		= &keyval0[1];
-			uchar* key1 		= &keyval1[1];
+			char  keyval0[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+			char  keyval1[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+			char* key0 		= &keyval0[1];
+			char* key1 		= &keyval1[1];
 			KEY*  key_info	= table->key_info + i;
 			ibool is_null;
 
 			dict_index_t* idx  = innobase_get_index(i);
 			dict_table_t* tab  = (idx) ? idx->table : NULL;
 
-			keyval0[0] = (uchar)i;
-			keyval1[0] = (uchar)i;
+			keyval0[0] = (char)i;
+			keyval1[0] = (char)i;
 
 			if (!tab) {
 				WSREP_WARN("MariaDB-InnoDB key mismatch %s %s",
@@ -10627,16 +10605,18 @@ ha_innobase::wsrep_append_keys(
 		wsrep_calc_row_hash(digest, record0, table, m_prebuilt);
 
 		if (int rcode = wsrep_append_key(thd, trx, table_share,
-						 digest, 16, key_type)) {
+						 reinterpret_cast<char*>
+						 (digest), 16, key_type)) {
 			DBUG_RETURN(rcode);
 		}
 
 		if (record1) {
 			wsrep_calc_row_hash(
 				digest, record1, table, m_prebuilt);
-			if (int rcode = wsrep_append_key(thd, trx, table_share,
-							 digest, 16,
-							 key_type)) {
+			if (int rcode = wsrep_append_key(
+				    thd, trx, table_share,
+				    reinterpret_cast<char*>(digest), 16,
+				    key_type)) {
 				DBUG_RETURN(rcode);
 			}
 		}

support-files/mysql.server.sh

@@ -91,16 +91,15 @@ datadir_set=
 
 #
 # Use LSB init script functions for printing messages, if possible
-#
+# Include non-LSB RedHat init functions to make systemctl redirect work
+init_functions="/etc/init.d/functions"
 lsb_functions="/lib/lsb/init-functions"
-if test -f $lsb_functions ; then
+if test -f $lsb_functions; then
   . $lsb_functions
-else
-  # Include non-LSB RedHat init functions to make systemctl redirect work
-  init_functions="/etc/init.d/functions"
-  if test -f $init_functions; then
-    . $init_functions
-  fi
+fi
+
+if test -f $init_functions; then
+  . $init_functions
   log_success_msg()
   {
     echo " SUCCESS! $@"