Reset the connection_name to contain a null string, if the pointer
points to the same space as that of the system variable
default_master_connection.

We do this because the system variable may be updated which could free
the pointer and create a new one, causing use-after-free for
re-execution of prepared statements and stored procedures where the
LEX may be reused.

This allows connection_name to be set again be to the system variable
pointer in the next call of this function (see earlier in this
function), after any possible updates to the system variable.

MDEV-34085 Server crash ASAN used-after-poison upon 2nd execution of PS with erroneous timestamp conversion

The optimization code replacing DATETIME comparison to TIMESTAMP comparison
in conditions like:
- WHERE timestamp_col=const_expr
- WHERE const_expr IN (SELECT timestamp_column FROM t1)
worked as follows:

- Install an internal condition handler (suppressing and counting warnings).
- Convert const_expr from its data type to TIMESTAMP
- Check the warning count collected by the internal condition handler:
  * If any warnings happened during the constant conversion,
    then continue with DATETIME comparison.
  * Otherwise, go to the next stage of switching to TIMESTAMP comparison.

This scenario did not take into account that in some cases warnings
are escalated to errors. Errors were not caught by the internal handler,
so Type_handler_datetime_common::convert_item_for_comparison()
returned with an SQL error in the diagnostics area.
The calling code did not expect this.

Fixing the code to suppress and count both errors and warnings, to make sure
Type_handler_datetime_common::convert_item_for_comparison() returns without
adding any errors to DA if the conversion to TIMESTAMP fails and it decides
to go with DATETIME comparison.

The test's header did not follow a correct `have_` and `master-slave`
sourcing pattern.

That's corrected.

compat/oracle.sp-inout now uses lowercase object names for test
compatibility with both case-insensitive and case-sensitive
filesystems.

According to rfc5280, x509v3 was standardised in June 1996.

RusTLS only accepts v3 certificates rejected the v1 default.
(ref:
https://github.com/rustls/webpki/issues/29#issuecomment-1453783741)

It seems reasonable that all client libraries can accept v3.

X509_VERSION_3 has a fixed value of 2, but isn't defined in
OpenSSL-1.1.1.

Thanks Austin Bonander for the suggested patch.

ASAN builds pass so it's ok

let ALL PRIVILEGES to always mean ALL PRIVILEGES over all
upgrades, no matter what new privileges were added in later versions.

allow RPM upgrades from a different minor version,
if the major version is the same.

This was needed as mtr --embedded connect.alter failed as online is
ignored for embedder server.
This fixes a wrong commit 30c965f8

This was caused by the patch for
MDEV-32567 Remove thr_alarm from server codebase

During the build process this is wrapped into plugin_auth.h.

MariaDB debian control files are slightly in disorder
run wrap-and-sort tool against them shows some minor
changes.

Fix Debian .install files to alphabetically ordered from
mostly ordered state.

After MDEV-31400, plugins are allowed to ask for retries when failing
initialisation. However, such failures also cause plugin system
variables to be deleted (plugin_variables_deinit()) before retrying
and are not re-added during retry.

We fix this by checking that if the plugin has requested a retry the
variables are not deleted. Because plugin_deinitialize() also calls
plugin_variables_deinit(), if the retry fails, the variables will
still be deleted.

Alternatives considered:

- remove the plugin_variables_deinit() from plugin_initialize() error
handling altogether. We decide to take a more conservative approach
here.

- re-add the system variables during retry. It is more complicated
than simply iterating over plugin->system_vars and call
my_hash_insert(). For example we will need to assign values to
the test_load field and extract more code from test_plugin_options(),
if that is possible.

followup for abcd23ad

it was able to enable --ssl-verify-server-cert if explicily requested,
now it can also disable it, if explicitly requested.

In case of failure, the something like the following is now printed:

Slave position:  file: binary.000004  position: 3647
Master position: file: binary.000004  position: 3647

binlog_space_limit is a variable in Percona server used to limit the total
size of all binary logs.

This implementation is based on code from Percona server 5.7.

In MariaDB we decided to call the variable max-binlog-total-size to be
similar to max-binlog-size. This makes it easier to find in the output
from 'mariadbd --help --verbose'). MariaDB will also support
binlog_space_limit for compatibility with Percona.

Some internal notes to explain implementation notes:

- When running MariaDB does not delete binary logs that are either
  used by slaves or have active xid that are not yet committed.

Some implementation notes:

- max-binlog-total-size is by default 0 (no limit).
- max-binlog-total-size can be changed without server restart.
- Binlog file sizes are checked on startup, or if
  max-binlog-total-size is set to a value > 0, not for every log write.
  The total size of all binary logs is cached and dynamically updated
  when updating the binary log on binary log rotation.
- max-binlog-total-size is checked against existing log files during
  serverstart, binlog rotation, FLUSH LOGS, when writing to binary log
  or when max-binlog-total-size changes value.
- Option --slave-connections-needed-for-purge with 1 as default added.
  This allows one to ensure that we do not delete binary logs if there
  is less than 'slave-connections-needed-for-purge' connected.
  Without this option max-binlog-total-size would potentially delete
  binlogs needed by slaves on server startup or when a slave disconnects
  as there are then no connected slaves to protect active binlogs.
- PURGE BINARY LOGS TO ... will be executed as if
  slave-connectitons-needed-for-purge would be zero. In other words
  it will do the purge even if there is no slaves connected. If there
  are connected slaves working on the logs, these will be protected.
- If binary log is on and max-binlog-total_size <> 0 then the status
  variable 'Binlog_disk_use' shows the current size of all old binary
  logs + the state of the current one.
- Removed test of strcmp(log_file_name, log_info.log_file_name) in
  purge_logs_before_date() as this is tested in can_purge_logs()
- To avoid expensive calls of log_in_use() we cache the result for the
  last log that is in use by a slave. Future calls to can_purge_logs()
  for this binary log will be quickly detected and false will be returned
  until a slave starts working on a new log.
- Note that after a binary log rotation caused by max_binlog_size,
  the last log will not be purged directly as it is still in use
  internally. The next binary log write will purge binlogs if needed.

Reviewer:Kristian Nielsen <knielsen@knielsen-hq.org>

libnet-ssleay-perl wasn't auto-detected

Revert "Deb: Stop shipping mariadb-plugin-spider separately, include in server"

This reverts commit 9945d482.

Instead of having a separate plugin, simply include Spider in the main
MariaDB Server package and let users manually enable on server installs
where they want to run it.

Restrict access to KEY_PERIOD_USAGE: show the constraint record iff any
non-select privilege on any table column is granted.

Also drop the unprivileged user in the end of test and add merge anchor.

Set the correct values for idx_field1, idx_field2 (i.e. db and table name
fields) of ST_SCHEMA_TABLE instance.

Move table open result processing to the caller

* st_schema_table::process_table doesn't have to check whether the table
was opened successfully
* It also doesn't have to check for a thd error and convert it to a warning
* This simplifies adding new tables into information_schema
* A callback still can output some info to a user in case of error. In
order to do this, I_S_EXTENDED_ERROR_HANDLING should be specified in
i_s_requested_object.

Now one can call thd->sql_command_flags() instead of
sql_command_flags[thd->lex->sql_command].

Two new information_schema views are added:
* PERIOD table -- columns TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME,
  PERIOD_NAME, START_COLUMN_NAME, END_COLUMN_NAME.
* KEY_PERIOD_USAGE -- works similar to KEY_COLUMN_USAGE, but for periods.
  Columns CONSTRAINT_CATALOG, CONSTRAINT_SCHEMA, CONSTRAINT_NAME,
  TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME, PERIOD_NAME

Two new columns are added to the COLUMNS view:
 IS_SYSTEM_TIME_PERIOD_START, IS_SYSTEM_TIME_PERIOD_END - contain YES/NO.

Embedded server has an option to opt out grant checks.
sql_show.cc: reduce ifdefs by using embedded acl stub calls
sql_acl.cc: add stub for embedded get_column_grant

Adjust test after fixing the C/C.

On Windows, use --host=127.0.0.2 to fake "insecure" transport
with TCP connection for test purposes. 127.0.0.2 is loopback address,
that can be used instead of usual 127.0.0.1

Unfortunately, this technique does not work on all *nixes the same,
notably neither on BSDs nor Solaris. Thus default --host=localhost
remains "insecure" transport,when TCP is used. but it is not that critical,
the "self-signed" is not nearly as annoying on *nixes as it is on Windows.