The XML parser position stack for each level is with a fixed depth.
So a bounds check was done to ensure that this depth is not exceeded.
But it was off by one (i.e. the size of the array was a valid index).
Fixed by decreasing the allowable depth by one to match the maximum
number of elements in the position stack.

Add .gitattributes to let git archive ignore .gitignore.

Description :
=============
When a MTR test run is started, it initializes the server and creates
the datadir under '$MYSQL_TEST_DIR/var'('/tmp/var' or '/dev/shm/var'
if --mem option is used) location and then copies it to the datadir
location of server(s).

If $parallel == 1, datadir location of the server is
'$MYSQL_TEST_DIR/var/data'. If $parallel > 1, datadir location of any
server is '$MYSQL_TEST_DIR/var/<thread_num>/data'.

This is the reason MTR searches for the initialized datadir in 2
locations('$opt_vardir' and '$opt_vardir/..') from the current vardir
location..

But this can cause few problems. If a directory with the name 'data'
already exists under '$MYSQL_TEST_DIR' and if the MTR run is started
with parallel value 1, then

1. copytree($install_db, '$opt_vardir/..') command will fail if the
user doesn't have the access permission to '$MYSQL_TEST_DIR/data'
directory.
2. Unnecessary contents from '$MYSQL_TEST_DIR/data' directory will be
copied to server datadir location and this might affect the server
startup.

Fix :
=====
Depending on the $parallel value decide whether the path for the
initialize datadir is "$opt_vardir"(i.e $parallel = 1) or
"$opt_vardir/.."(i.e $parallel > 1).
Reviewed-by: Deepa Dixit <deepa.dixit@oracle.com>
Reviewed-by: Srikanth B R <srikanth.b.r@oracle.com>
RB: 14773

Post-push fix for memory leak in the code inside
DBUG_EXECUTE_IF("bug24449090_simulate_oom",...);

DESCRIPTION
===========
Performing a pattern match of a Regex resulting into a very
large string, leads to crash due to integer wraparound.

ANALYSIS
========
doinsert() - The length calculated here (to copy the
number of bytes) comes out to be too large to be stored in
the "int" variable 'length'. We need to ensure that the
variable can accommodate large lengths.

FIX
===
'length' in doinsert() is now defined as of type "size_t"
instead of "int"

DESCRIPTION
===========
Performing a pattern match of a Regex resulting into a very
large string, leads to crash due to failed realloc().

ANALYSIS
========
dupl() calls enlarge(). It in turn calls realloc() for
pointer p->strip. This eventually fails due to OOM.
However we are still using the same pointer in memcpy()
causing a SEGFAULT!

FIX
===
1) In dupl(), checking for error code (which would be set
if realloc fails) immediately after call to enlarge().
Returning now with this error code.

2) Handling the same in the caller functions.

No commit message

No commit message

  - Removed mysql.conf, mysqld.service and mysql-systemd-start from sles spec file

No commit message

PRIVILEGES

Require FILE privilege when creating tables using external data directory or
index directory.

Don't read --ledir option from config file.
Ignore current working for finding location of mysqld
Remove use of chown/chmod in scripts.
Be helpful only when basedir is /var/log or /var/lib.
Removed unused systemd files for SLES.
Set explicit basedir in scripts.

ANALYSIS:
=========
'CREATE TABLE' query with a large value for 'CONNECTION'
string reports an incorrect error.

The length of connection string is stored in .frm in two
bytes (max value= 65535). When the string length exceeds
the max value, the length is truncated to fit the two
bytes limit. Further processing leads to reading only a
part of the string as the length stored is incorrect. The
remaining part of the string is treated as engine type and
hence results in an error.

FIX:
====
We are now restricting the connection string length to 1024.
An appropriate error is reported if the length crosses this
limit.

NOTE:
=====
The 'PASSWORD' table option is documented as unused and
processed within a dead code. Hence it will not cause
similar issue with large strings.

 LOAD DATA AT MASTER.

Revert "BUG#23080148 - BACKPORT BUG 14653594 AND BUG 20683959 TO"

This reverts commit 1d31f5b3090d129382b50b95512f2f79305715a1.
The commit causes replication incompatibility between minor revisions
and based on discussion with Srinivasarao, the patch is reverted.

Wrapper for mysql_config used in multilib installs modified to work as
intended, added more archs (aarch64, ppc64le, s390x, s390, sparc and
sparc64) to lists in fallback mode and use same script for EL and
Fedora.

Thanks to Alexey Kopytov for report and fix.

              700101

ANALYSIS:
=========
To set the time 'start_time' of query in THD, current time
is obtained by calling 'gettimeofday()'. On Solaris
platform, due to some system level issues, time obtained is
invalid i.e. its either greater than 2038 (max signed value
to hold microseconds since 1970) or 1970 (0 microseconds
since 1970). In these cases, validation checks infer that
the 'start_time' is invalid and mysql server initiates the
shutdown process. But the reason for shutdown is not logged.

FIX:
====
We are now logging appropriate message when shutdown is
triggered in the above mentioned scenarios. Now, even if
the initial validation checks infer that the 'start_time'
is invalid, server shutdown is not initiated immediately.
Before initiating the server shutdown, the process of
setting 'start_time' and validating it is reiterated (for
max 5 times). If correct time is obtained in these 5
iterations then server continues to run.

 - Remove use of touch and chmod.
 - Restrict usage of chown to cases where target directory is /var/log.
 - Due to limited feature set in /bin/sh on Solaris, /bin/bash will be
   used on this platform.
 - Give error if directory for UNIX socket file is missing.
 - Privileged user should not log to files owned by different user
   (mysqld will log as before).

Prevent GCC from moving a mach_read_from_4() before we have checked that
we have 4 bytes to read. The pointer may only point to a 1, 2 or 3
bytes in which case the code should not read 4 bytes. This is a
workaround to a GCC bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77673

Patch submitted by: Laurynas Biveinis <laurynas.biveinis@gmail.com>
RB: 14135
Reviewed by: Pawel Olchawa <pawel.olchawa@oracle.com>

No commit message

              RESTRICTED IN ALL GA RELEASES

Back port of WL#6782 to 5.5 and 5.6. This also includes
back port of Bug#20771331, Bug#20741572 and Bug#20770671.
Bug#24695274 and Bug#24679907 are also handled along with
this.

              RESTRICTED IN ALL GA RELEASES

Back port of WL#6782 to 5.5 and 5.6. This also includes
back port of Bug#20771331, Bug#20741572 and Bug#20770671.
Bug#24695274 and Bug#24679907 are also handled along with
this.

RUNNING FIREWALL

mysqladmin shutdown will try to extract the server's pid file before executing
the actual shutdown command.
It will do that by executing a SHOW VARIABLES query and processing the result.
However if that query fails it print a (somewhat confusing) error mesasage
and will still continue to do the shutdown command.
If that passes then the mysqladmin user will get an error but the shutdown will
still be successful.
This is confusing so the error message text is changed to say that this is a
non-fatal error and execution continues.
No test case added since it'd require a selective query failure device that's
not available in 5.5.

ISSUE: Heap corruption occurs and hence mysql server
       terminates abnormally in String variable destructor
       when ZEROFILL is used for a column.
       Though the abnormal termination is observed in the
       String destructor, heap corruption occurs at earlier
       stage when function Field_num::prepend_zeros() is called.
       This function, prepends zeros to the actual data and
       works on entire field length. Since the allocated memory
       could be less than the field length, heap corruption occurs.
       Later, when String destructor tries to free heap, the server
       terminates abnormally since the heap is corrupt.



SOLUTION: In Field_num::prepend_zeros() function, if allocated memory
          is less than the field length, re-allocate memory enough to
          hold field length size data.

              USING CHARACTER-SET-SERVER=UTF16

This is a backport of Bug#15985752 to mysql-5.5

Post push fix: Solaris 10 /bin/sh don't understand $().

Post push fix: Solaris 10 /bin/sh don't understand $().

                SUBSELECT_UNION_ENGINE::NO_ROWS

This patch is specific for mysql-5.5

ISSUE: When max_join_size is used and union query
       results in evaluation of tuples greater than
       max_join_size, the join object is not created,
       and is set to NULL.
       However, this join object is further dereferenced
       by union logic to determine if query resulted in
       any number of rows being returned.
       Since, the object is NULL, it results in
       program terminating abnormally.

SOLUTION: Added check to verify if join object is created.
          If join object is created, it will be used to
          determine if query resulted in any number of rows.
          Else, when join object is not created, we return
          'false' indicating that there were no rows for the
          query.

[This is the 5.5/5.6 version of the bugfix].

The problem was that it was possible to write log files ending
in .ini/.cnf that later could be parsed as an options file.
This made it possible for users to specify startup options
without the permissions to do so.

This patch fixes the problem by disallowing general query log
and slow query log to be written to files ending in .ini and .cnf.

During REPAIR TABLE of a MyISAM table, a temporary data file (.TMD)
is created. When repair finishes, this file is renamed to the original
.MYD file. The problem was that during this rename, we copied the
stats from the old file to the new file with chmod/chown. If a user
managed to replace the temporary file before chmod/chown was executed,
it was possible to get an arbitrary file with the privileges of the
mysql user.

This patch fixes the problem by not copying stats from the old
file to the new file. This is not needed as the new file was
created with the correct stats. This fix only changes server
behavior - external utilities such as myisamchk still does
chmod/chown.

No test case provided since the problem involves synchronization
with file system operations.

Argument to malloc-lib must be included in restricted list of
directories, symlink guards added, and mysqld and mysqld-version
options restricted to command line only. Don't redirect errors to
stderr.