Merge 10.2 into 10.3

d7aa81c8 · Marko Mäkelä · a5df5aec · f59f5c4a · b9917238 · d7aa81c8
Commit d7aa81c8 authored Sep 24, 2021 by Marko Mäkelä
8 changed files
--- a/libmariadb @ b9917238
+++ b/libmariadb @ b9917238
-Subproject commit 42cb1e442c43902e2866bea38d15f2ed1f5d38b3
+Subproject commit b99172386a740ef0c8136e9a6cd7d9ad9a77b31f
--- a/mysql-test/suite/galera/r/galera_fulltext.result
+++ b/mysql-test/suite/galera/r/galera_fulltext.result
@@ -36,34 +36,6 @@ DROP TABLE t1;
 DROP TABLE ten;
 connection node_1;
 SET @value=REPEAT (1,5001);
-CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-Warnings:
-Warning	1265	Data truncated for column 'a' at row 1
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_2;
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_1;
-DROP TABLE t;
-CREATE TABLE t (a VARCHAR(5000)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-Warnings:
-Warning	1265	Data truncated for column 'a' at row 1
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_2;
-SELECT COUNT(*) FROM t;
-COUNT(*)
-1
-connection node_1;
-DROP TABLE t;
-connection node_1;
-SET @value=REPEAT (1,5001);
 CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb DEFAULT CHARSET=utf8;
 INSERT IGNORE INTO t VALUES(@value);
 Warnings:

--- a/mysql-test/suite/galera/t/galera_fulltext.test
+++ b/mysql-test/suite/galera/t/galera_fulltext.test
@@ -60,29 +60,6 @@ SELECT COUNT(f1) = 1000 FROM t1 WHERE MATCH(f1) AGAINST ('abcdefjhk');
 DROP TABLE t1;
 DROP TABLE ten;
-#
-# MDEV-24978 : SIGABRT in __libc_message
-#
--connection node_1
-SET @value=REPEAT (1,5001);
-CREATE TABLE t (a VARCHAR(5000),FULLTEXT (a)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-SELECT COUNT(*) FROM t;
--connection node_2
-SELECT COUNT(*) FROM t;
--connection node_1
-DROP TABLE t;
-CREATE TABLE t (a VARCHAR(5000)) engine=innodb;
-INSERT IGNORE INTO t VALUES(@value);
-SELECT COUNT(*) FROM t;
--connection node_2
-SELECT COUNT(*) FROM t;
--connection node_1
-DROP TABLE t;
 #
 # Case 2: UTF-8

--- a/scripts/wsrep_sst_common.sh
+++ b/scripts/wsrep_sst_common.sh
@@ -1065,8 +1065,9 @@ check_for_dhparams()
 #
 verify_ca_matches_cert()
 {
-    local ca_path="$1"
+    local ca="$1"
-    local cert_path="$2"
+    local cert="$2"
+    local path=${3:-0}
    # If the openssl utility is not installed, then
    # we will not do this certificate check:
@@ -1075,8 +1076,15 @@ verify_ca_matches_cert()
        return
    fi
-    if ! "$OPENSSL_BINARY" verify -verbose -CAfile "$ca_path" "$cert_path" >/dev/null 2>&1
+    local not_match=0
-    then
+    if [ $path -eq 0 ]; then
+        "$OPENSSL_BINARY" verify -verbose -CAfile "$ca" "$cert" >/dev/null 2>&1 || not_match=1
+    else
+        "$OPENSSL_BINARY" verify -verbose -CApath "$ca" "$cert" >/dev/null 2>&1 || not_match=1
+    fi
+    if [ $not_match -eq 1 ]; then
        wsrep_log_error "******** FATAL ERROR ********************************************"
        wsrep_log_error "* The certifcate and CA (certificate authority) do not match.   *"
        wsrep_log_error "* It does not appear that the certificate was issued by the CA. *"

--- a/scripts/wsrep_sst_mariabackup.sh
+++ b/scripts/wsrep_sst_mariabackup.sh
@@ -34,6 +34,7 @@ ssyslog=""
 ssystag=""
 BACKUP_PID=""
 tcert=""
+tpath=0
 tpem=""
 tkey=""
 tmode="DISABLED"
@@ -85,7 +86,6 @@ readonly SECRET_TAG="secret"
 # Required for backup locks
 # For backup locks it is 1 sent by joiner
-# 5.6.21 PXC and later can't donate to an older joiner
 sst_ver=1
 if [ -n "$(command -v pv)" ] && pv --help | grep -qw -- '-F'; then
@@ -339,64 +339,83 @@ get_transfer()
            fi
        fi
+        CN_option=",commonname=''"
        if [ $encrypt -eq 2 ]; then
            wsrep_log_info "Using openssl based encryption with socat: with crt and pem"
            if [ -z "$tpem" -o -z "$tcert" ]; then
-                wsrep_log_error "Both PEM and CRT files required"
+                wsrep_log_error \
+                    "Both PEM file and CRT file (or path) are required"
                exit 22
            fi
            if [ ! -r "$tpem" -o ! -r "$tcert" ]; then
-                wsrep_log_error "Both PEM and CRT files must be readable"
+                wsrep_log_error \
+                    "Both PEM file and CRT file (or path) must be readable"
                exit 22
            fi
-            verify_ca_matches_cert "$tcert" "$tpem"
+            verify_ca_matches_cert "$tcert" "$tpem" $tpath
-            tcmd="$tcmd,cert='$tpem',cafile='$tcert'$sockopt"
+            if [ $tpath -eq 0 ]; then
+                tcmd="$tcmd,cert='$tpem',cafile='$tcert'"
+            else
+                tcmd="$tcmd,cert='$tpem',capath='$tcert'"
+            fi
            stagemsg="$stagemsg-OpenSSL-Encrypted-2"
-            wsrep_log_info "$action with cert=$tpem, cafile=$tcert"
+            wsrep_log_info "$action with cert=$tpem, ca=$tcert"
        elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then
            wsrep_log_info "Using openssl based encryption with socat: with key and crt"
            if [ -z "$tpem" -o -z "$tkey" ]; then
-                wsrep_log_error "Both certificate and key files required"
+                wsrep_log_error "Both certificate file (or path) " \
+                                "and key file are required"
                exit 22
            fi
            if [ ! -r "$tpem" -o ! -r "$tkey" ]; then
-                wsrep_log_error "Both certificate and key files must be readable"
+                wsrep_log_error "Both certificate file (or path) " \
+                                "and key file must be readable"
                exit 22
            fi
            verify_cert_matches_key "$tpem" "$tkey"
            stagemsg="$stagemsg-OpenSSL-Encrypted-3"
            if [ -z "$tcert" ]; then
                if [ $encrypt -eq 4 ]; then
-                    wsrep_log_error "Peer certificate required if encrypt=4"
+                    wsrep_log_error \
+                        "Peer certificate file (or path) required if encrypt=4"
                    exit 22
                fi
                # no verification
-                tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0$sockopt"
+                CN_option=""
+                tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0"
                wsrep_log_info "$action with cert=$tpem, key=$tkey, verify=0"
            else
                # CA verification
                if [ ! -r "$tcert" ]; then
-                    wsrep_log_error "Certificate file must be readable"
+                    wsrep_log_error "Certificate file or path must be readable"
                    exit 22
                fi
-                verify_ca_matches_cert "$tcert" "$tpem"
+                verify_ca_matches_cert "$tcert" "$tpem" $tpath
                if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
                    CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'"
-                elif [ $encrypt -eq 4 ]; then
+                elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ]
+                then
                    CN_option=",commonname=''"
                elif is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED"; then
                    CN_option=',commonname=localhost'
                else
                    CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'"
                fi
-                tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'$CN_option$sockopt"
+                if [ $tpath -eq 0 ]; then
-                wsrep_log_info "$action with cert=$tpem, key=$tkey, cafile=$tcert"
+                    tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'"
+                else
+                    tcmd="$tcmd,cert='$tpem',key='$tkey',capath='$tcert'"
+                fi
+                wsrep_log_info "$action with cert=$tpem, key=$tkey, ca=$tcert"
            fi
        else
            wsrep_log_info "Unknown encryption mode: encrypt=$encrypt"
            exit 22
        fi
+        tcmd="$tcmd$CN_option$sockopt"
        if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then
            tcmd="$tcmd stdio"
        fi
@@ -473,6 +492,12 @@ check_server_ssl_config()
                           "of the tca, tcert and/or tkey in the [sst] section"
        fi
    fi
+    if [ -n "$tcert" ]; then
+       tcert=$(trim_string "$tcert")
+       if [ "${tcert%/}" != "$tcert" ]; then
+           tpath=1
+       fi
+    fi
 }
 read_cnf()

--- a/scripts/wsrep_sst_rsync.sh
+++ b/scripts/wsrep_sst_rsync.sh
@@ -236,11 +236,18 @@ check_server_ssl_config()
 SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:])
 # no old-style SSL config in [sst], check for new one:
-if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]
+if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then
-then
    check_server_ssl_config
 fi
+SSTPATH=0
+if [ -n "$SSTCA" ]; then
+   SSTCA=$(trim_string "$SSTCA")
+   if [ "${SSTCA%/}" != "$SSTCA" ]; then
+       SSTPATH=1
+   fi
+fi
 if [ -z "$SSLMODE" ]; then
    # Implicit verification if CA is set and the SSL mode
    # is not specified by user:
@@ -254,9 +261,19 @@ if [ -z "$SSLMODE" ]; then
    fi
 fi
-if [ -n "$SSTCA" ]
+if [ -n "$SSTCERT" -a -n "$SSTKEY" ]; then
-then
+    verify_cert_matches_key "$SSTCERT" "$SSTKEY"
+fi
+if [ -n "$SSTCA" ]; then
+    if [ $SSTPATH -eq 0 ]; then
        CAFILE_OPT="CAfile = $SSTCA"
+    else
+        CAFILE_OPT="CApath = $SSTCA"
+    fi
+    if [ -n "$SSTCERT" ]; then
+        verify_ca_matches_cert "$SSTCA" "$SSTCERT" $SSTPATH
+    fi
 else
    CAFILE_OPT=""
 fi
@@ -272,9 +289,19 @@ then
        ;;
    'VERIFY_CA')
        VERIFY_OPT='verifyChain = yes'
+        ;;
+    *)
+        wsrep_log_error "Unrecognized ssl-mode option: '$SSLMODE'"
+        exit 22 # EINVAL
+        ;;
+    esac
+    if [ -z "$SSTCA" ]; then
+        wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path"
+        exit 22 # EINVAL
+    fi
    if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
        CHECK_OPT="checkHost = $WSREP_SST_OPT_REMOTE_USER"
-        else
+    elif [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then
        # check if the address is an ip-address (v4 or v6):
        if echo "$WSREP_SST_OPT_HOST_UNESCAPED" | \
           grep -q -E '^([0-9]+(\.[0-9]+){3}|[0-9a-fA-F]*(\:[0-9a-fA-F]*)+)$'
@@ -287,23 +314,13 @@ then
            CHECK_OPT_LOCAL="checkHost = localhost"
        fi
    fi
-        ;;
-    *)
-        wsrep_log_error "Unrecognized ssl-mode option: '$SSLMODE'"
-        exit 22 # EINVAL
-        ;;
-    esac
-    if [ -z "$CAFILE_OPT" ]; then
-        wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file"
-        exit 22 # EINVAL
-    fi
 fi
 STUNNEL=""
 if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then
    STUNNEL_BIN="$(command -v stunnel)"
    if [ -n "$STUNNEL_BIN" ]; then
-        wsrep_log_info "Using stunnel for SSL encryption: CAfile: '$SSTCA', ssl-mode='$SSLMODE'"
+        wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA', ssl-mode='$SSLMODE'"
        STUNNEL="$STUNNEL_BIN $STUNNEL_CONF"
    fi
 fi

--- a/storage/innobase/handler/ha_innodb.cc
+++ b/storage/innobase/handler/ha_innodb.cc
@@ -6609,8 +6609,8 @@ wsrep_innobase_mysql_sort(
 	case MYSQL_TYPE_LONG_BLOB:
 	case MYSQL_TYPE_VARCHAR:
 	{
-		uchar *tmp_str;
+		uchar tmp_str[REC_VERSION_56_MAX_INDEX_COL_LEN] = {'\0'};
-		uint tmp_length;
+		uint tmp_length = REC_VERSION_56_MAX_INDEX_COL_LEN;
 		/* Use the charset number to pick the right charset struct for
 		the comparison. Since the MySQL function get_charset may be
@@ -6633,12 +6633,7 @@ wsrep_innobase_mysql_sort(
 			}
 		}
-		// Note that strnxfrm may change length of string
+		ut_a(str_length <= tmp_length);
-		tmp_length= charset->coll->strnxfrmlen(charset, str_length);
-		tmp_length= tmp_length * charset->mbmaxlen;
-		tmp_length= ut_max(str_length, tmp_length) + charset->mbmaxlen;
-		tmp_str= static_cast<uchar *>(ut_malloc_nokey(tmp_length));
-		ut_ad(str_length <= tmp_length);
 		memcpy(tmp_str, str, str_length);
 		tmp_length = charset->coll->strnxfrm(charset, str, str_length,
@@ -6662,7 +6657,6 @@ wsrep_innobase_mysql_sort(
 			ret_length = tmp_length;
 		}
-		ut_free(tmp_str);
 		break;
 	}
 	case MYSQL_TYPE_DECIMAL :
@@ -7014,7 +7008,7 @@ wsrep_store_key_val_for_row(
 	THD* 		thd,
 	TABLE*		table,
 	uint		keynr,	/*!< in: key number */
-	uchar*		buff,	/*!< in/out: buffer for the key value (in MySQL
+	char*		buff,	/*!< in/out: buffer for the key value (in MySQL
 				format) */
 	uint		buff_len,/*!< in: buffer length */
 	const uchar*	record,
@@ -7023,7 +7017,7 @@ wsrep_store_key_val_for_row(
 	KEY*		key_info	= table->key_info + keynr;
 	KEY_PART_INFO*	key_part	= key_info->key_part;
 	KEY_PART_INFO*	end		= key_part + key_info->user_defined_key_parts;
-	uchar*		buff_start	= buff;
+	char*		buff_start	= buff;
 	enum_field_types mysql_type;
 	Field*		field;
 	uint buff_space = buff_len;
@@ -7035,8 +7029,7 @@ wsrep_store_key_val_for_row(
 	for (; key_part != end; key_part++) {
-		uchar *sorted=NULL;
+		uchar sorted[REC_VERSION_56_MAX_INDEX_COL_LEN] = {'\0'};
-		uint  max_len=0;
 		ibool part_is_null = FALSE;
 		if (key_part->null_bit) {
@@ -7115,14 +7108,10 @@ wsrep_store_key_val_for_row(
 				true_len = key_len;
 			}
-			max_len= true_len;
-			sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 			memcpy(sorted, data, true_len);
 			true_len = wsrep_innobase_mysql_sort(
 				mysql_type, cs->number, sorted, true_len,
-				max_len);
+				REC_VERSION_56_MAX_INDEX_COL_LEN);
-			ut_ad(true_len <= max_len);
 			if (wsrep_protocol_version > 1) {
 				/* Note that we always reserve the maximum possible
 				length of the true VARCHAR in the key value, though
@@ -7207,13 +7196,11 @@ wsrep_store_key_val_for_row(
 				true_len = key_len;
 			}
-			max_len= true_len;
-			sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 			memcpy(sorted, blob_data, true_len);
 			true_len = wsrep_innobase_mysql_sort(
 				mysql_type, cs->number, sorted, true_len,
-				max_len);
+				REC_VERSION_56_MAX_INDEX_COL_LEN);
-			ut_ad(true_len <= max_len);
 			/* Note that we always reserve the maximum possible
 			length of the BLOB prefix in the key value. */
@@ -7289,14 +7276,10 @@ wsrep_store_key_val_for_row(
 								cs->mbmaxlen),
 							&error);
 				}
-				max_len= true_len;
-				sorted= static_cast<uchar *>(ut_malloc_nokey(max_len+1));
 				memcpy(sorted, src_start, true_len);
 				true_len = wsrep_innobase_mysql_sort(
 					mysql_type, cs->number, sorted, true_len,
-					max_len);
+					REC_VERSION_56_MAX_INDEX_COL_LEN);
-				ut_ad(true_len <= max_len);
 				if (true_len > buff_space) {
 					fprintf (stderr,
@@ -7311,11 +7294,6 @@ wsrep_store_key_val_for_row(
 			buff       += true_len;
 			buff_space -= true_len;
 		}
-		if (sorted) {
-			ut_free(sorted);
-			sorted= NULL;
-		}
 	}
 	ut_a(buff <= buff_start + buff_len);
@@ -10423,7 +10401,7 @@ wsrep_append_key(
 	THD		*thd,
 	trx_t 		*trx,
 	TABLE_SHARE 	*table_share,
-	const uchar*	key,
+	const char*	key,
 	uint16_t        key_len,
 	wsrep_key_type	key_type	/*!< in: access type of this key
 					(shared, exclusive, semi...) */
@@ -10527,8 +10505,8 @@ ha_innobase::wsrep_append_keys(
 	if (wsrep_protocol_version == 0) {
 		uint	len;
-		uchar 	keyval[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+		char 	keyval[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-		uchar 	*key 		= &keyval[0];
+		char 	*key 		= &keyval[0];
 		ibool    is_null;
 		len = wsrep_store_key_val_for_row(
@@ -10559,18 +10537,18 @@ ha_innobase::wsrep_append_keys(
 		for (i=0; i<table->s->keys; ++i) {
 			uint  len;
-			uchar  keyval0[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+			char  keyval0[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-			uchar  keyval1[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
+			char  keyval1[WSREP_MAX_SUPPORTED_KEY_LENGTH+1] = {'\0'};
-			uchar* key0 		= &keyval0[1];
+			char* key0 		= &keyval0[1];
-			uchar* key1 		= &keyval1[1];
+			char* key1 		= &keyval1[1];
 			KEY*  key_info	= table->key_info + i;
 			ibool is_null;
 			dict_index_t* idx  = innobase_get_index(i);
 			dict_table_t* tab  = (idx) ? idx->table : NULL;
-			keyval0[0] = (uchar)i;
+			keyval0[0] = (char)i;
-			keyval1[0] = (uchar)i;
+			keyval1[0] = (char)i;
 			if (!tab) {
 				WSREP_WARN("MariaDB-InnoDB key mismatch %s %s",
@@ -10627,15 +10605,17 @@ ha_innobase::wsrep_append_keys(
 		wsrep_calc_row_hash(digest, record0, table, m_prebuilt);
 		if (int rcode = wsrep_append_key(thd, trx, table_share,
-						 digest, 16, key_type)) {
+						 reinterpret_cast<char*>
+						 (digest), 16, key_type)) {
 			DBUG_RETURN(rcode);
 		}
 		if (record1) {
 			wsrep_calc_row_hash(
 				digest, record1, table, m_prebuilt);
-			if (int rcode = wsrep_append_key(thd, trx, table_share,
+			if (int rcode = wsrep_append_key(
-							 digest, 16,
+				    thd, trx, table_share,
+				    reinterpret_cast<char*>(digest), 16,
 				    key_type)) {
 				DBUG_RETURN(rcode);
 			}

--- a/support-files/mysql.server.sh
+++ b/support-files/mysql.server.sh
@@ -91,16 +91,15 @@ datadir_set=
 #
 # Use LSB init script functions for printing messages, if possible
-#
+# Include non-LSB RedHat init functions to make systemctl redirect work
+init_functions="/etc/init.d/functions"
 lsb_functions="/lib/lsb/init-functions"
-if test -f $lsb_functions ; then
+if test -f $lsb_functions; then
  . $lsb_functions
-else
+fi
-  # Include non-LSB RedHat init functions to make systemctl redirect work
-  init_functions="/etc/init.d/functions"
+if test -f $init_functions; then
-  if test -f $init_functions; then
  . $init_functions
-  fi
  log_success_msg()
  {
    echo " SUCCESS! $@"