1. 19 Dec, 2018 1 commit
    • Marko Mäkelä's avatar
      MDEV-18025: Improve test case and consistency checks · dd72d7d5
      Marko Mäkelä authored
      Write a test case that computes valid crc32 checksums for
      an encrypted page, but zeroes out the payload area, so
      that the checksum after decryption fails.
      
      xb_fil_cur_read(): Validate the page number before trying
      any checksum calculation or decrypting or decompression.
      Also, skip zero-filled pages. For page_compressed pages,
      ensure that the FIL_PAGE_TYPE was changed. Also, reject
      FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED if no decryption was attempted.
      dd72d7d5
  2. 18 Dec, 2018 3 commits
    • Marko Mäkelä's avatar
      MDEV-18025: Apply the fix to XtraDB and adjust tests · 1b471fac
      Marko Mäkelä authored
      The fix was accidentally only applied to InnoDB, and encryption tests
      were not adjusted.
      1b471fac
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-18025 Mariabackup fails to detect corrupted page_compressed=1 tables · 171271ed
      Thirunarayanan Balathandayuthapani authored
      Problem:
      =======
      Mariabackup seems to fail to verify the pages of compressed tables.
      The reason is that both fil_space_verify_crypt_checksum() and
      buf_page_is_corrupted() will skip the validation for compressed pages.
      
      Fix:
      ====
      Mariabackup should call fil_page_decompress() for compressed and encrypted
      compressed page. After that, call buf_page_is_corrupted() to
      check the page corruption.
      171271ed
    • Marko Mäkelä's avatar
      MDEV-12112/MDEV-12114: Relax strict_innodb, strict_none · 84f119f2
      Marko Mäkelä authored
      Starting with commit 6b698715
      the encrypted page checksum is only computed with crc32.
      Encrypted data pages that were written earlier can contain
      other checksums, but new ones will only contain crc32.
      
      Because of this, it does not make sense to implement strict
      checks of innodb_checksum_algorithm for other than strict_crc32.
      
      fil_space_verify_crypt_checksum(): Treat strict_innodb as innodb
      and strict_none as none. That is, allow a match from any of the
      algorithms none, innodb, crc32. (This is how it worked before the
      second MDEV-12112 fix.)
      
      Thanks to Thirunarayanan Balathandayuthapani for pointing this out.
      84f119f2
  3. 17 Dec, 2018 5 commits
    • Marko Mäkelä's avatar
      Fix a compiler warning · 51a1fc73
      Marko Mäkelä authored
      fil_space_verify_crypt_checksum(): Add a dummy return statement
      in case memory is corrupted and innodb_checksum_algorithm has
      an invalid value.
      51a1fc73
    • Marko Mäkelä's avatar
      Follow-up to MDEV-12112: corruption in encrypted table may be overlooked · 8c43f963
      Marko Mäkelä authored
      The initial fix only covered a part of Mariabackup.
      This fix hardens InnoDB and XtraDB in a similar way, in order
      to reduce the probability of mistaking a corrupted encrypted page
      for a valid unencrypted one.
      
      This is based on work by Thirunarayanan Balathandayuthapani.
      
      fil_space_verify_crypt_checksum(): Assert that key_version!=0.
      Let the callers guarantee that. Now that we have this assertion,
      we also know that buf_page_is_zeroes() cannot hold.
      Also, remove all diagnostic output and related parameters,
      and let the relevant callers emit such messages.
      Last but not least, validate the post-encryption checksum
      according to the innodb_checksum_algorithm (only accepting
      one checksum for the strict variants), and no longer
      try to validate the page as if it was unencrypted.
      
      buf_page_is_zeroes(): Move to the compilation unit of the only callers,
      and declare static.
      
      xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before
      calling fil_space_verify_crypt_checksum(). This is a non-functional
      change.
      
      buf_dblwr_process(): Validate the page only as encrypted or unencrypted,
      but not both.
      8c43f963
    • Jan Lindström's avatar
      Merge pull request #1026 from codership/10.1-galera-defaults · 517c59c5
      Jan Lindström authored
      Remove provider defaults check from 'galera_defaults' MTR test
      517c59c5
    • Jan Lindström's avatar
      MDEV-18021: Galera test galera_sst_mariabackup_table_options fails if AES_CTR is not available · ee543bea
      Jan Lindström authored
      Problem is that if you use bundled yassl AES_CTR is not supported. There is a way to detect that but as we really want to keep this test enabled did not add
      skip for missing support. Changed method to AES_CBC as there is no need to
      use AES_CTR.
      ee543bea
    • Jan Lindström's avatar
      MDEV-17771: Add Galera ist and sst tests using mariabackup · 8a46b9fe
      Jan Lindström authored
      Add check that file key management plugin is found.
      8a46b9fe
  4. 14 Dec, 2018 2 commits
    • Alexey Yurchenko's avatar
      Remove provider defaults check from 'galera_defaults' MTR test · 6b818831
      Alexey Yurchenko authored
      From time to time Galera adds new parameters or changes defaults to
      existing ones. Every time this happens galera_defaults test needs a
      fix (and a commit) because it insists on checking these defaults.
      This is making life hard because any Galera update may require a fix
      to MariaDB code even though it is totally unrelated and defeats the
      whole idea of a provider living its own life.
      This commit removes checking for provider defaults to avoid false
      positive failures on MariaDB side.
      6b818831
    • Marko Mäkelä's avatar
      MDEV-12112 corruption in encrypted table may be overlooked · fb252f70
      Marko Mäkelä authored
      After validating the post-encryption checksum on an encrypted page,
      Mariabackup should decrypt the page and validate the pre-encryption
      checksum as well. This should reduce the probability of accepting
      invalid pages as valid ones.
      
      This is a backport and refactoring of a patch that was
      originally written by Thirunarayanan Balathandayuthapani
      for the 10.2 branch.
      fb252f70
  5. 13 Dec, 2018 5 commits
  6. 12 Dec, 2018 4 commits
    • Sergei Golubchik's avatar
      debian install/upgrade fixes · 54150029
      Sergei Golubchik authored
      1. don't run full mysql_upgrade on every server restart,
         use --version-check to do it only once
      
      2. fix syslog tag name in the postinst script, don't pretend
         mysqld_safe generated all these messages. Auto-detect the version
         to simplify maintenance
      54150029
    • Sergei Golubchik's avatar
      Merge branch '5.5' into 10.0 · b58f2872
      Sergei Golubchik authored
      b58f2872
    • Jiaye Wu's avatar
      Fix UNICODE issue of dlerror · 9eadef01
      Jiaye Wu authored
      Current implementation is conflicting. If UNICODE is defined, FormatMessage() will be FormatMessageW(), and variable win_errormsg with type char can not be passed to it, which should be changed to TCHAR instead. Since we don't use UNICODE here, we can use FormatMessageA() directly to avoid conversion error.
      ```
      my_global.h(1092): error C2664: 'DWORD FormatMessageW(D
      WORD,LPCVOID,DWORD,DWORD,LPWSTR,DWORD,va_list *)' : cannot convert argument 5 from 'char [2048]' to 'LPWSTR'
      ```
      9eadef01
    • Marko Mäkelä's avatar
      Merge 10.0 into 10.1 · f77f8f6d
      Marko Mäkelä authored
      f77f8f6d
  7. 11 Dec, 2018 1 commit
  8. 07 Dec, 2018 3 commits
  9. 06 Dec, 2018 5 commits
  10. 05 Dec, 2018 1 commit
  11. 28 Nov, 2018 1 commit
  12. 26 Nov, 2018 3 commits
    • Jan Lindström's avatar
      328d7779
    • Jan Lindström's avatar
      MDEV-17804: Galera tests cause mysql_socket.h:738: inline_mysql_socket_send:... · 1037edcb
      Jan Lindström authored
      MDEV-17804: Galera tests cause mysql_socket.h:738: inline_mysql_socket_send: Assertion `mysql_socket.fd != -1' failed.
      
      Do not do end of statement logic if thd is already killed as
      socket is already closed.
      1037edcb
    • Jan Lindström's avatar
      MDEV-17801: Galera test failure on galera_var_reject_queries · 244cc35e
      Jan Lindström authored
      Problem was that controlling connection i.e. connection that
      executed the query SET GLOBAL wsrep_reject_queries = ALL_KILL;
      was also killed but server would try to send result from that
      query to controlling connection resulting a assertion
      mysqld: /home/jan/mysql/10.2-sst/include/mysql/psi/mysql_socket.h:738: inline_mysql_socket_send: Assertion `mysql_socket.fd != -1' failed.
      as socket was closed when controlling connection was closed.
      
      wsrep_close_client_connections()
      	Do not close controlling connection and instead of
      	wsrep_close_thread() we do now soft kill by THD::awake
      
      wsrep_reject_queries_update()
      	Call wsrep_close_client_connections using current thd.
      244cc35e
  13. 21 Nov, 2018 1 commit
  14. 20 Nov, 2018 2 commits
  15. 19 Nov, 2018 3 commits