==22532== Conditional jump or move depends on uninitialised value(s)
==22532==    at 0x9EEDFA: String::append(char const*, unsigned long, charset_info_st const*) (sql_string.cc:587)
==22532==    by 0x17C12BA7: spider_string::append(char const*, unsigned int, charset_info_st const*) (spd_malloc.cc:913)
==22532==    by 0x17C68BD0: spider_db_mysql_util::append_column_value(ha_spider*, spider_string*, Field*, unsigned char const*, charset_info_st const*) (spd_db_mysql.cc:4573)
==22532==    by 0x17B7D298: spider_db_append_key_where_internal(spider_string*, spider_string*, spider_string*, st_key_range const*, st_key_range const*, ha_spider*, bool, unsigned long, unsigned int) (spd_db_conn.cc:1978)
==22532==    by 0x17C81A7C: spider_mbase_handler::append_key_where(spider_string*, spider_string*, spider_string*, st_key_range const*, st_key_range const*, unsigned long, bool) (spd_db_mysql.cc:11146)
==22532==    by 0x17C819B7: spider_mbase_handler::append_key_where_part(st_key_range const*, st_key_range const*, unsigned long) (spd_db_mysql.cc:11130)
==22532==    by 0x17C4B0F0: ha_spider::append_key_where_sql_part(st_key_range const*, st_key_range const*, unsigned long) (ha_spider.cc:15012)
==22532==    by 0x17B7FC8F: spider_db_append_key_where(st_key_range const*, st_key_range const*, ha_spider*) (spd_db_conn.cc:2707)
==22532==    by 0x17C28DF6: ha_spider::multi_range_read_next_first(void**) (ha_spider.cc:4559)
==22532==    by 0x17C2E0F5: ha_spider::multi_range_read_next(void**) (ha_spider.cc:5879)
==22532==    by 0xE27019: QUICK_RANGE_SELECT::get_next() (opt_range.cc:12647)

Conflicts:
	storage/spider/spd_malloc.cc

The problem was that in a timeout event,
thd->lex->restore_backup_query_tables_list() was called when it should
not have been.

Patch tested with the script in MDEV-25651 (not suitable for mtr)

Problem:
=======
MariaDB's command line utilities (e.g., mysql,
mysqldump, etc) silently ignore connection
property options (e.g., --port and --socket)
when protocol is not explicitly set via the
command-line for localhost connections.

Fix:
===
If connection properties are specified without a
protocol, override the protocol to be consistent.
For example, if --port is specified, automatically
set protocol=tcp.

Caveats:
=======
 * When multiple connection properties are
specified, nothing is overridden
 * If protocol is is set via the command-line,
its value is used

Reviewers:
========
Sergei Golubchik <serg@mariadb.com>
Vladislav Vaintroub <wlad@mariadb.com>

In commit 38fd7b7d (MDEV-21452),
2 of the 3 callers of recv_sys.set_corrupt_fs() are already holding
recv_sys.mutex.

The bug is that we don't have a a lock on the trigger name, so it is
possible for two threads to try to create the same trigger at the same
time and both thinks that they have succeed.
Same thing can happen with drop trigger or a combinations of create and
drop trigger.

Fixed by adding a mdl lock for the trigger name for the duration of the
create/drop.

Patch tested by Elena

Part2: Test scripts

Part1: Functional changes

Backporting upstream changes.
commit a7e1ef858ee82493dd8ad9a76bc9c22fe3b8c05b
Author: Neha Kumari <neha.n.kumari@oracle.com>
Note:
From the upstream patch only the new option binlog_expire_logs_seconds
specific changes are taken.

* Unlike in the upstream patch 'binlog_expire_logs_seconds' does not
  replace the "old" 'expire_logs_days', to preserve backward-compatibility.

* Datatype of 'expire_logs_days' variable is changed to double.

* Default value of 'binlog_expire_logs_seconds=0' similar to
  'expire_logs_days'.

* The purge_time can be specified in days with the micro-day precision.
  Eg:
  expire_logs_days=1 is the same as expire_logs_days=1.000000 to make
    binlog_expire_logs_seconds=86400.
  binlog_expire_logs_seconds=1 is the same as expire_logs_days=0.000012.

* If binary log is disabled and option 'expire_logs_days' or
  'binlog_expire_logs_seconds' used with purge_time > 0 a warning will be
  issued.

If IPO is enabled, MSVC compiles with /GL  which is not
compatible with cmake's WINDOWS_EXPORT_ALL_SYMBOLS.

Since server.dll can't autoexport symbols from /GL compiled objects,
IPO must be disabled for dbug, string,mysys, and sql targets (in case we
build "plugin" DLLs that need server.dll's symbols)

The warning brought by code analysis, unsafe arithmetic in timer related code

Avoid calling constructor for Protocol_text, if not necessary.

This is incosistent with other single config generators, where
the default type has always been RelWithDebInfo.

Fixed by moving setting of CMAKE_BUILD_TYPE right before PROJECT.

unless explicitly overruled with -DWITH_JEMALLOC=no

XA transaction only allows to access data in specific states,
in ACTIVE, but not in IDLE or PREPARE.

But even then one should be able to run SHOW STATUS.

if mysqld is restarted during a test, the debugger script
should be reused or overwritten, but not appended to the existing file

mysqltest has no --gdb option

This reverts commit 72fa9dab

but doesn't recover deleted jars - they still exist in
mysql-test/connect/std_data, no need to have them twice.

Also it removes a redundant copy on JavaWrappers.jar

Remove operations on fil_system.n_open from mariabackup, as they are not
protected by the mutex, and serve no higher purpose anyway.

dict_drop_index_tree(): Even if SYS_INDEXES.PAGE contains the
special value FIL_NULL, the tablespace identified by SYS_INDEXES.SPACE
may exist and may need to be dropped. This would definitely be the case
if the server had been killed right after a FILE_CREATE record was
persistently written during CREATE TABLE, but before the transaction
was committed.

btr_free_if_exists(): Simplify the interface, to avoid repeated
tablespace lookup.

One more scenario is known to be broken: If the server is killed
during DROP TABLE (or table-rebuilding ALTER TABLE) right after a
FILE_DELETE record has been persistently written but before the
file was deleted, then we could end up recovering no tablespace
at all, and failing to delete the file, in either of fil_name_process()
or dict_drop_index_tree().

Thanks to Elena Stepanova for providing "rr replay" and data directories
of these scenarios.

Make DDL operations that involve FULLTEXT INDEX atomic.
In particular, we must drop the internal FTS_ tables in the same
DDL transaction with ALTER TABLE.

Remove all references to fts_drop_orphaned_tables().

row_merge_drop_temp_indexes(): Drop also the internal FTS_ tables
that are associated with index stubs that were created in
prepare_inplace_alter_table_dict() for
CREATE FULLTEXT INDEX before the server was killed.

fts_clear_all(): Remove the fts_drop_tables() call. It has to be
executed before the transaction is committed!

dict_load_indexes(): Do not load any metadata for index stubs
that had been created by prepare_inplace_alter_table_dict()

fts_create_one_common_table(), fts_create_common_tables(),
fts_create_one_index_table(), fts_create_index_tables():
Remove redundant error handling. The tables will be dropped
just fine by dict_drop_index_tree().

commit_try_norebuild(): Also drop the FTS_ tables when dropping
FULLTEXT INDEX.

The changes to the test case innodb_fts.crash_recovery has been
extensively tested. The non-debug server will be killed while
the 3 ALTER TABLE are in any phase of execution. With the debug
server, DEBUG_SYNC should make the test deterministic.

and configuration.

1. Pass joiner's authentication information to donor together with address
   in State Transfer Request. This allows joiner to authenticate donor on
   connection. Previously joiner would accept data from anywhere.

2. Deprecate custom SSL configuration variables tca, tcert and tkey in favor
   of more familiar ssl-ca, ssl-cert and ssl-key. For backward compatibility
   tca, tcert and tkey are still supported.

3. Allow falling back to server-wide SSL configuration in [mysqld] if no SSL
   configuration is found in [sst] section of the config file.

4. Introduce ssl-mode variable in [sst] section that takes standard values
   and has following effects:
    - old-style SSL configuration present in [sst]: no effect
      otherwise:
    - ssl-mode=DISABLED or absent: retains old, backward compatible behavior
      and ignores any other SSL configuration
    - ssl-mode=VERIFY*: verify joiner's certificate and CN on donor,
                        verify donor's secret on joiner
                        (passed to donor via State Transfer Request)
                        BACKWARD INCOMPATIBLE BEHAVIOR
    - anything else enables new SSL configuration convetions but does not
      require verification

    ssl-mode should be set to VERIFY only in a fully upgraded cluster.

    Examples:

    [mysqld]
    ssl-cert=/path/to/cert
    ssl-key=/path/to/key
    ssl-ca=/path/to/ca

    [sst]

     -- server-wide SSL configuration is ignored, SST does not use SSL

    [mysqld]
    ssl-cert=/path/to/cert
    ssl-key=/path/to/key
    ssl-ca=/path/to/ca

    [sst]
    ssl-mode=REQUIRED

     -- use server-wide SSL configuration for SST but don't attempt to
        verify the peer identity

    [sst]
    ssl-cert=/path/to/cert
    ssl-key=/path/to/key
    ssl-ca=/path/to/ca
    ssl-mode=VERIFY_CA

     -- use SST-specific SSL configuration for SST and require verification
        on both sides
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

1. Fix eval command line to correctly pass stunnel option to rsync on donor.
2. Deprecate `tkey`, `tcert` and `tca` options in [sst] section in favor of
   conventional `ssl-key`, `ssl-cert` and `ssl-ca`, but keep their precedence
   for backward compatibility.
3. Default to require SSL encryption if at least SSL key and cert files are
   specified in configuration, either in [sst] or [mysqld] sections.
4. Enable `verify*` option for stunnel on donor only if
   a. CA file is specified somewhere in the configuration
   b. it is explicitly requested in [sst] section by either specifying
   ssl-mode or CA file there. In this case if ssl-mode is not explicitly
   given, it defaults to VERIFY_CA.

   ssl-mode maps to stunnel options as follows:
   VERIFY_CA       -> verifyChain = yes
   VERIFY_IDENTITY -> verifyPeer = yes

   Example to require donor to verify joiner identity:
```
[mysqld]
ssl-cert=/path/to/cert
ssl-key=/path/to/key
ssl-ca=/path/to/ca

[sst]
ssl-mode=VERIFY_IDENTITY
```
5. If SSL verification is requested, joiner verifies donor by checking the
   secret passed to donor via SST request.
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>