username can be empty, meaning anybody, or must match literally.
only db and host names are matched with wildcards.

Server and command line tools now support option --tls_version to specify the
TLS version between client and server. Valid values are TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
or a combination of them. E.g.

--tls_version=TLSv1.3
--tls_version=TLSv1.2,TLSv1.3

In case there is a gap between versions, the lowest version will be used:
--tls_version=TLSv1.1,TLSv1.3 -> Only TLSv1.1 will be available.

If the used TLS library doesn't support the specified TLS version, it will use
the default configuration.

Limitations:

SSLv3 is not supported. The default configuration doesn't support TLSv1.0 anymore.
TLSv1.3 protocol currently is only supported by OpenSSL 1.1.0 (client and server) and
GnuTLS 3.6.5 (client only).

Overview of TLS implementations and protocols

Server:

+-----------+-----------------------------------------+
| Library   | Supported TLS versions                  |
+-----------+-----------------------------------------+
| WolfSSL   | TLSv1.1, TLSv1,2                        |
+-----------+-----------------------------------------+
| OpenSSL   | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+
| LibreSSL  | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+

Client (MariaDB Connector/C)
+-----------+-----------------------------------------+
| Library   | Supported TLS versions                  |
+-----------+-----------------------------------------+
| GnuTLS    | (TLSv1.0), TLSv1.1, TLSv1.2, TLSv1.3    |
+-----------+-----------------------------------------+
| Schannel  | (TLSv1.0), TLSv1.1, TLSv1.2             |
+-----------+-----------------------------------------+
| OpenSSL   | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+
| LibreSSL  | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+

fix a typo

followup for 6e5c2466

When compiling with -DEXTRA_DEBUG and run main.stat_tables_missing
on go the warning:
Warning:  Table: ./mysql/column_stats is open on rename old_table

This happened because rename_table_in_stat_tables() re-open the
table that was to be renamed.
Fixed by moving update of stat tables after all renames has been made.

MDEV-19634: Assertion `0' failed in row_sel_convert_mysql_key_to_innobase, [Warning] InnoDB: Using a partial-field key prefix in search

For a key with keyparts (k1,k2,k3) , if we are building a range over the keyparts
we should make sure that if min_value/max_value for a keypart is not added to
key buffer then the keyparts following should also not be allowed.

documentation


Apparently, WolfSSL wants to have *exactly* the same defines for
the user of the library as the was when building library itself.

A lot of #defines have an impact on ABI (structure sizes, alignment etc)

Co-Authored-By: grooverdan <daniel@linux.ibm.com>

By removing Galera functionality, we remove PermissionsStartOnly=true
and hence make this service more flexible for running multiple
instances each on a different user.

When the multi-instance systemd service file was chosen it effectively
relied on /etc/my.cnf.d/my{instancename}.cnf file to define its
configuration file. This is problematic if running along side a
single instance mariadb service which has /etc/my.cnf that reads all
configuration file /etc/my.cnf.d/*.cnf.

To prevent the service from auto starting up if a user has this
previous configuration ConditionPathExists=!@sysconf2dir@/my%I.cnf
to ensure that a user with the previous configuration isn't
started in a non-intended mode. Documentation in the service file
(should be release notes too), described a recommended migration.

A new approach was to use --defaults-group-suffix=.%I as an
arguement to mysqld and let the user define a [mysqld.{instancename}]
group within the configuration file. This way existing global
mysqld configuration options are read with the instance name
having special overrides of datadir, port, socket etc.

A systemd environment variable MYSQLD_MULTI_INSTANCE is used in the
defination as it give the user flexability to use multiple
segregation mechanisms between services. This is used multiple
times within the service which all needed to be kept consistent.

Another notable change is mysql_install_db being part of the
ExecStartPre. This provides and auto-initialization for users
that run multiple instances.

when copying the TREE, take into account that init_tree can
internally adjust tree->size_of_element

Closes #830

On 32-bit systems, sizeof(uint)==sizeof(long).
The C++11 narrowing cast would issue a warning due to the sign mismatch.

If the allocation of spider_table_sts_threads failed,
we would DBUG_RETURN(error_num) without having initialized
it earlier.

Pre-initialize error_num to HA_ERR_OUT_OF_MEM and remove
a lot of assignments that thus became redundant.

This error was introduced in 207594af
(Spider 3.3.13).

Problem:
=========
One of the purge thread access the corrupted page and tries to remove from
LRU list. In the mean time, other purge threads are waiting for same page
in buf_wait_for_read(). Assertion(buf_fix_count == 0) fails for the
purge thread which tries to remove the page from LRU list.

Solution:
========
- Set the page id as FIL_NULL to indicate the page is corrupted before
removing the block from LRU list. Acquire hash lock for the particular
page id and wait for the other threads to release buf_fix_count
for the block.

- Added the error check for btr_cur_open() in row_search_on_row_ref().

Before killing the server, ensure that the incomplete state of
the transaction will be made durable and will be applied and
rolled back on recovery, so that each time, roughly the same
amount of work will be done.

Remove DML statements after the recovery, and execute
CHECK TABLE instead.

Remove the test, because it easily fails with a result difference.
Analysis by Thirunarayanan Balathandayuthapani:

By default, innodb_encrypt_tables=0.
1) Test case creates 100 tables in innodb_encrypt_1.
2) creates another 100 unencrypted tables (encryption=off) in innodb_encrypt_2
3) creates another 100 encrypted tables (encryption=on) in innodb_encrypt_3
4) enabling innodb_encrypt_tables=1 and checking that only
100 encrypted tables exist. (already we have 100 in dictionary)
5) opening all tables again (no idea why)
6) After that, set innodb_encrypt_tables=0 and wait for 100 tables
to be decrypted (already we have 100 unencrypted tables)
7) dropping all databases

Sporadic failure happens because after step 4, it could encrypt the
normal table too, because innodb_encryption_threads=4.

This test was added in MDEV-9931, which was about InnoDB startup being
slow due to all .ibd files being opened. There have been a number of
later fixes to this problem. Currently the latest one is
commit cad56fba, in which some tests
(in particular the test innodb.alter_kill) could fail if all InnoDB
.ibd files are read during startup. That could make this test redundant.

Let us remove the test, because it is big, slow, unreliable, and
does not seem to reliably catch the problem that all files are being
read on InnoDB startup.

GCC 9.1.1 noticed that sd_notifyf() was always being invoked with
str=NULL argument for "%s". This code was added in
commit 2e814d47
but not mentioned in the commit comment.

The STATUS messages for systemd matter during startup and shutdown,
and should not be emitted during normal operation.

ib_senderrf(): Remove the potentially harmful sd_notifyf() calls.

innodb_locks_unsafe_for_binlog variabe removed from wsrep_info test configuration and
recommendation to use this variable in README-wsrep was removed as well

Also relates to issue: MDEV-19544

This patch fixes 10.2 issue reported in MDEV-16467 by partial backport of
c2118a08. Specifically "Remove not needed LOCK_thread_count from
thd_get_error_context_description()".

MDEV-16866 InnoDB fails to start upon crash recovery with "[ERROR] InnoDB: Redo log crypto: failed to decrypt log block"

- Post-push fix to change the copyright of both xtradb and innodb file.

MDEV-16866 InnoDB fails to start upon crash recovery with "[ERROR] InnoDB: Redo log crypto: failed to decrypt log block"

- If InnoDB encounters garbage or incomplete written log block during
recovery then don't throw the error. Treat it as end of the log.
- This kind of incomplete or empty block can be result of killing
InnoDB when writing the redo log.