after merge.
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
Problem:
if a user was granted privileges on database "d1",
it also was able to act on "D1" (i.e. in upper case),
even on Unix with case sensitive file system.
Fix:
Initialize grant hash to use binary comparison
if lower_case_file_system is not set (on most unixes),
and case insensitive comparison otherwise (Windows, MacOSX).
Concurrent read and update of privilege structures (like simultaneous
run of SHOW GRANTS and ADD USER) could result in server crash.
Ensure that proper locking of ACL structures is done.
No test case is provided because this bug can't be reproduced
deterministically.
Crash happened when one selected data from one of INFORMATION_SCHEMA
tables and in order to build its contents server had to open view which
used stored function and table or view on which one had not global or
database-level privileges (e.g. had only table-level or had no
privileges at all).
The crash was caused by usage of check_grant() function, which assumes
that either number of tables to be inspected by it is limited explicitly
or table list used and thd->lex->query_tables_own_last value correspond
to each other (the latter should be either 0 or point to next_global
member of one of elements of this table list), in conditions when
above assumptions were not true. This fix just explicitly limits
number of tables to be inspected. Other negative effects which are
caused by the fact that thd->lex->query_tables_own_last might not
be set properly during processing of I_S tables are less disastrous
and will be reported and fixed separetely.
There are two main idea of this fix:
- introduce a common function for server and client to split user value
(<user name>@<host name>) into user name and host name parts;
- dump DEFINER clause in correct format in mysqldump.
- Fixed tests
- Optimized new code
- Fixed some unlikely core dumps
- Better bug fixes for:
- #14397 - OPTIMIZE TABLE with an open HANDLER causes a crash
- #14850 (ERROR 1062 when a quering a view using a Group By on a column that can be null
when high concurrency": remove HASH::current_record and make it
an external search parameter, so that it can not be the cause of a
race condition under high concurrent load.
The bug was in a race condition in table_hash_search,
when column_priv_hash.current_record was overwritten simultaneously
by multiple threads, causing the search for a suitable grant record
to fail.
No test case as the bug is repeatable only under concurrent load.
The problem was that databases with '_' in the name did not match a
correct ACL with a literal '_' (i.e. '\_') in the db name, only identical
strings matched. The fix makes this work, and also ACLs with wildcards in
the db name work.
Post-review fixes that simplify the way access rights
are checked during name resolution and factor out all
entry points to check access rights into one single
function.
Bad examples of usage of a string with its length fixed.
The incorrect length in the trigger file configuration descriptor
fixed (BUG#14090).
A hook for unknown keys added to the parser to support old .TRG files.
ps_grant.result:
Fixing result order.
grant.result:
Adding test case,
fixing result order.
grant.test:
Adding test case.
sql_acl.cc:
Fixed that my_charset_latin1 was incorrectly used instead of system_charset_info.
This problem was previously fixed by Ingo in 5.0.
This patch is basically a backport of the same changes into 4.1.
--with-embedded-privilege-control options". One more (hopefully last) build
failure which was introduced during work on WL#2787 "Add view definer/owner
to the view definition..."
Added flag to Field::store(longlong) to specify if value is unsigned.
This fixes bug #12750: Incorrect storage of 9999999999999999999 in DECIMAL(19, 0)
Fixed warning from valgrind in CREATE ... SELECT
Fixed double free of mysql.options if reconnect failed
Information_schema DB
Bug#9846 Inappropriate error displayed while
dropping table from 'INFORMATION_SCHEMA'
Bug#10734 Grant of privileges other than 'select' and
'create view' should fail on schema
Bug#10708 SP's can use INFORMATION_SCHEMA as ROUTINE_SCHEMA
cumulative fix for bugs above(after review, 2nd version)
added privilege check for information schema db & tables
multi-threaded environment".
To avoid deadlocks between several simultaneously run account management
commands (particularly between FLUSH PRIVILEGES/SET PASSWORD and GRANT
commands) we should always take table and internal locks during their
execution in the same order. In other words we should first open and lock
privilege tables and only then obtain acl_cache::lock/LOCK_grant locks.
"Process NATURAL and USING joins according to SQL:2003".
* Some of the main problems fixed by the patch:
- in "select *" queries the * expanded correctly according to
ANSI for arbitrary natural/using joins
- natural/using joins are correctly transformed into JOIN ... ON
for any number/nesting of the joins.
- column references are correctly resolved against natural joins
of any nesting and combined with arbitrary other joins.
* This patch also contains a fix for name resolution of items
inside the ON condition of JOIN ... ON - in this case items must
be resolved only against the JOIN operands. To support such
'local' name resolution, the patch introduces a stack of
name resolution contexts used at parse time.
NOTICE:
- This patch is not complete in the sense that
- there are 2 test cases that still do not pass -
one in join.test, one in select.test. Both are marked
with a comment "TODO: WL#2486".
- it does not include a new test specific for the task
Fix for yaSSL link failures with Forte Developer 7, MIPSpro Compilers, Compaq C++.
These compilers have problem with implicit template instantiation in archives
(libyassl.a, libtaocrypt.a). Instantiate templates explicitly.
Fix for yaSSL link failure on powermacg5 (gcc 3.3). When -O3 is specified gcc inlines
__cxa_pure_virtual. This is wrong behavior, __cxa_pure_virtual must never be inlined.
1.) Added a new option to mysql_lock_tables() for ignoring FLUSH TABLES.
Used the new option in create_table_from_items().
It is necessary to prevent the SELECT table from being reopend.
It would get new storage assigned for its fields, while the
SELECT part of the command would still use the old (freed) storage.
2.) Protected the CREATE TABLE and CREATE TABLE ... SELECT commands
against a global read lock. This prevents a deadlock in
CREATE TABLE ... SELECT in conjunction with FLUSH TABLES WITH READ LOCK
and avoids the creation of new tables during a global read lock.
3.) Replaced set_protect_against_global_read_lock() and
unset_protect_against_global_read_lock() by
wait_if_global_read_lock() and start_waiting_global_read_lock()
in the INSERT DELAYED handling.
Approximative, because it's using our binlogging way (what we call "query"-level) and this is not as good as record-level binlog (5.1) would be. It imposes several
limitations to routines, and has caveats (which I'll document, and for which the server will try to issue errors but that is not always possible).
Reason I don't propagate caller info to the binlog as planned is that on master and slave
users may be different; even with that some caveats would remain.
First one is related to Bug#7905. One should not be allowed to
create new user with password without UPDATE privilege to
MySQL database. Furthermore, executing the same GRANT statement
twice would actually crash the server and corrupt privilege database.
Other bug was that one could update a column, using the existing
value as basis to calculate the new value (e.g. UPDATE t1 SET a=a+1)
without SELECT privilege to the field (a in the above example)
Fixed tests grant.pl and grant2, which were wrong.
