CAN RETURN WRONG RESULT SET

PROBLEM
-------
In ha_partition::cmp_ref() we were only calling the 
underlying cmp_ref() of storage engine if the records
are in the same partiton,else we sort by partition and
returns the result.But the index merge intersect 
algorithm expects first to sort by row-id first and 
then by partition id.

FIX
---
Compare the refernces first using storage engine cmp_ref
and then if references are equal(only happens if 
non clustered index is used) then sort it by partition id.

[Approved by Mattiasj #rb3755]
-

Item_func_trim::val_str: we were using the non-mb algorithm for skipping leading spaces
in a multibyte-charset string.

    UPPER CASE HOST NAME ANYMORE
Null merge from mysql-5.1 to mysql-5.5

No commit message

get_cost_calc_buff_size() could return wrong value for the size of imerge_cost_buff.

No commit message

No commit message

No commit message

    UPPER CASE HOST NAME ANYMORE
Merging from mysql-5.1 to mysql-5.5

    UPPER CASE HOST NAME ANYMORE

Description:
It is not possible to drop users with host names with upper case
letters in them. i.e DROP USER 'root'@'Tmp_Host_Name'; is failing
with error.

Analysis: Since the fix 11748570 we came up with lower case hostnames
as standard. But in the current bug the hostname is created by
mysql_install_db script is still having upper case hostnames. 
So, if we have the hostname with upper case letters like(Tmp_Host_Name)
then we will have as it is stored in the mysql.user table. 
In this case if use "'DROP USER 'root'@'Tmp_Host_Name';" it gives 
error because we do compare with the lower case of hostname since the 
11748570 fix.

Fix: We need to convert the hostname to lower case before storing into 
the mysql.user table when we run the mysql_install_db script.

No commit message

possibly since it was introduced in the patch for Bug#16720368 around 
2013-04-30.  This fix is simply to adjust the mtr.add_suppression() lines
in the testcase and to add a missing "\n" in the error message.

Approved by Marko in RB 3746

The filesort implementation needs space for at least 15 records
(plus some internal overhead) in its main sort buffer.

No commit message

-Wl,--no-undefined (=-z defs) gives linking errors when used with WITH_ASAN.
According to the documentation:
"When linking shared libraries, the AddressSanitizer run-time is not linked,
so -Wl,-z,defs may cause link errors (don’t use it with AddressSanitizer)."

This patch turns off -Wl,--no-undefined if WITH_ASAN is used.

               ON DELETE FROM A PARTITIONED TABLE

PROBLEM
-------

The user first disables all the non unique indexes
in the table and then rebuilds one partition.
During rebuild the indexes on that particular
partition are enabled. Now when we give a query 
the optimizer is unaware that on one partition 
indexes are enabled and if the optimizer selects
that index,myisam thinks that the index is not 
active and gives an error.

FIX
---

Before rebuilding a partition check whether non
unique indexes are disabled on the partitons.
If they are disabled then after rebuild disable
the index on the partition. 

[Approved by Mattiasj #rb3469]

Too restrictive assertion, failing during purge

Too restrictive assertion, can fail during purge

Regression from bug#14621190 due to disabled optimistic restoration
of cursor, which required full key lookup instead of verifying
if previously positioned btree cursor could be reused.

Fixed by enable optimistic restore and adjust cursor afterward.

rb#3324 approved by Marko.

Problem:
COM_CHANGE_USER allows brute-force attempts to crack a password at a very high
rate as it does not cause any significant delay after a login attempt has
failed. This issue was reproduced using John-The-Ripper password
cracking tool through which about 5000 passwords per second could be attempted.

Solution:
The non-GA version's solution was to disconnect the connection when a login
attempt failed. Now since our aim to to reduce the rate at which passwords 
are tested, we introduced a sleep(1) after every login attempt failed. This
significantly increased the delay with which the password was cracked.

Automerged from mysql-5.5 bug branch into latest mysql-5.5.

             AS A INNODB PARTITTION.
[Merged from 5.1]             

             AS A INNODB PARTITTION.

PROBLEM
-------
The correct engine_type was not being set during 
rebuild of the partition due to which the handler
was always created with the default engine,
which is innodb for 5.5+ ,therefore even if the
table was myisam, after rebuilding the partitions
ended up as innodb partitions.

FIX
---
Set the correct engine type during rebuild.  

[Approved by mattiasj #rb3599]

The assertion happens when: (i) the master and slave are configured to
use the semisync plugin; (ii) the DBA disables semisync on the master;
(iii) and he also unsets the option to wait for slaves ACK even if the
semisync slave count reaches 0 during the waiting period. This
combination of factors makes the server run into an assertion as soon
as the last semisync slave disconnects and its dump thread exits.
  
The root of the problem is the fact that when the dump thread
disconnects and calls the observer hook transmit_stop, which ends up
calling ReplSemiSyncMaster::remove_slave, there is no check whether
the master has already disabled semisync or not. If it has, the then a
second call to the switch_off member function must be avoided.
  
The quick fix is to avoid calling switch_off if the DBA has disabled
the semisync plugin interactively on the master. Also, the switch_off
member function should only be called if the plugin has not been
switched off already. This is basically the pattern throughout the
rest of the semisync plugin and no other calls seem vulnerable to
similar crashes/assertions.

(This a backport of the patch to 5.5, which is also vulnerable.)

--Implemented CHECK TABLE...QUICK.
  Introduce CHECK TABLE...QUICK that would skip the btr_validate_index()
  and btr_search_validate() call, and count the no. of records in each index.

Approved by Marko and Kevin. (rb#3567).

No commit message

Merging mysql-5.5 bug branch into latest mysql-5.5.

REPLICATION FILTERS ARE USED.
Merging fix from mysql-5.1

REPLICATION FILTERS ARE USED.

Problem:
When Filtered-slave applies Int_var_log_event and when it
tries to write the event to its own binlog, LAST_INSERT_ID
value is written wrongly.

Analysis:
THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
is a variable which is set when LAST_INSERT_ID() is used by
a statement. If it is set, first_successful_insert_id_in_
prev_stmt_for_binlog will be stored in the statement-based
binlog. This variable is CUMULATIVE along the execution of
a stored function or trigger: if one substatement sets it
to 1 it will stay 1 until the function/trigger ends,
thus making sure that first_successful_insert_id_in_
prev_stmt_for_binlog does not change anymore and is
propagated to the caller for binlogging. This is achieved
using the following code
if(!stmt_depends_on_first_successful_insert_id_in_prev_stmt)               
{                                                                           
  /* It's the first time we read it */                                      
  first_successful_insert_id_in_prev_stmt_for_binlog=                       
  first_successful_insert_id_in_prev_stmt;                                
  stmt_depends_on_first_successful_insert_id_in_prev_stmt= 1;               
}

Slave server, after receiving Int_var_log_event event from
master, it is setting
stmt_depends_on_first_successful_insert_id_in_prev_stmt
to true(*which is wrong*) and not setting
first_successful_insert_id_in_prev_stmt_for_binlog. Because
of this problem, when the actual DML statement with
LAST_INSERT_ID() is parsed by slave SQL thread,
first_successful_insert_id_in_prev_stmt_for_binlog is not
set. Hence the value zero (default value) is written to
slave's binlog.

Why only *Filtered slave* is effected when the code is
in common place:
-------------------------------------------------------
In Query_log_event::do_apply_event,
THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
is reset to zero at the end of the function. In case of
normal slave (No Filters), this variable will be reset. 
In Filtered slave, Slave SQL thread defers all IRU events's
execution until IRU's Query_log event is received. Once it
receives Query_log_event it executes all pending IRU events
and then it executes Query_log_event. Hence the variable is
not getting reset to 0, causing this bug.

Fix: As described above, the root cause was setting 
THD::stmt_depends_on_first_successful_insert_id_in_prev_stmt
when Int_var_log_event was executed by a SQL thread. Hence
removing the problematic line from the code.

Merging from mysql-5.1 to mysql-5.5

Description: Fix for bug CVE-2012-5611 (bug 67685) is 
incomplete. The ACL_KEY_LENGTH-sized buffers in acl_get() and 
check_grant_db() can be overflown by up to two bytes. That's 
probably not enough to do anything more serious than crashing 
mysqld.
Analysis: In acl_get() when "copy_length" is calculated it 
just adding the variable lengths. But when we are using them 
with strmov() we are adding +1 to each. This will lead to a 
three byte buffer overflow (i.e two +1's at strmov() and one 
byte for the null added by strmov() function). Similarly it 
happens for check_grant_db() function as well.
Fix: We need to add "+2" to "copy_length" in acl_get() 
and "+1" to "copy_length" in check_grant_db().