Main problem was that no log-event print function checked for disk
full error on the IO_CACHE.
All changes in this patch only affects mysqlbinlog, not the server!
- Changed all log-event print functions to return 1 on error
- Fixed memory usage when not using --flashback.
- Added printing of number of rows in row events. Can be disabled with
--print-row-count=0
- Print annotated rows when using mysqlbinlog --short-form
- Fixed that mysqlbinlog --debug works
- Fixed create_drop_binlog.test test failure
- Reorganized fields in PRINT_EVENT_INFO to be according to size to
optimize storage
- Don't change print_row_event_position or print_row_counts if set by user
- Remove some testing of argument to my_free is 0
- base64-output=never is now supported and works in all context
- Updated help information for --base64-output and --short-form
- print_row_count is now on by default. Reset automatically if --short-form
is used
- Removed obsolote warning for mysql 5.6.0
- More DBUG_PRINT for mysqltest.cc
- my_b_write_byte() now checks for flush failures. This fixed a memory
overrun on disk full
- my_b_printf() now returns 1 on failure, 0 on ok. This simplifies code
and no old code was using the old return value of my_b_printf().
- my_b_Write_backtick_quote() now returns 1 on failure and 0 on ok
- Fixed some error conditions in log printing that was not previously
handled.
- Slave_rows_error_report() can now handle longlong positions
- Write_on_release_cache() rewritten so that we can detect errors
on flush. Not depending on automatic release anymore.
- Changed types for Pos and End_log_pos to 64 bit in SHOW BINLOG EVENTS
- Fixed that copy_event_cache_to_string_and_reinit() works with strings
longer than 4G (Changed to use LEX_STRING instead of String)
- Restricted binlog_rows_event_max_size to UINT32_MAX-1 as String's are
anyway restricted to UINT32_MAX
- Fixed bug in rpl_binlog_state::write_to_iocache() which hide write
failures (duplicate variable name)
- Fixed bug in String::append if original string was not allocated
- Stop mysqlbinlog output at once if there is an error.
- Before printing error message, flush result file. This ensures that
the error message is printed last. (Easier to find)
Initial support
tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
not working on Windows with native SChannel support, due to wrong cipher
mapping: Latter one requires push of CONC-241 fixes.
Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if
the build succeeds, test cases will fail with various errors, especially
when using different tls libraries or versions for client and server.
- Fixed wait condition in kill_processlist-6619
- Updated Ssl_chiper for openssl tests
- Added supression for valgrinds when using libcrypto
- Fixed wrong argument to pthread_mutex in server_audit.c when compiling with debug
- Adding missing debug_sync_update() to debug_sync.h
- Added initializers to some variables and fixed error handling in jsonudf.cpp
- Fixed cluster_filter_unpack_varchar which doesn't have a stable index type.
- Updated compiler_warnings.supp
Don't use a fixed buffer for X509_NAME_oneline() in the client.
Do as the server does - allocate it dynamically.
For a test - regenerate certificates to have the server cert with
a long subject.
change SSL methods to be SSLv23 (according to openssl manpage:
"A TLS/SSL connection established with these methods may understand
the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols") from
TLSv1 methods, that go back to the initial SSL implementation
in MySQL in 2001.
OpenSSL default ciphers are different if TLSv1.2 is enabled,
so tests need to take this into account.
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
suppress these harmless but confusing warnings.
fix the program name (MY_INIT) in mysqldump
client/mysqldump.c:
for backward compatibility, prefix mysqldump error messages with "mysqldump", not with the full path of the executable
In 5.5, ssl_do() no longer calls report_errors() in case of ssl error.
Since report_errors() iterated over the list of errors, this means that we
now report the first error in the list, rather than the last. Adjust the
--replace_regex line for OpenSSL build accordingly in the test case.
sql/sql_insert.cc:
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
******
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
sql/sql_table.cc:
small cleanup
******
small cleanup
ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
Bug#13174: SHA2 function
Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
Implement SHA2 functions.
Chad added code to make it work with YaSSL. Also, he removed the
(probable) bug of embedded server never using SSL-dependent
functions. (libmysqld/Makefile.am didn't read ANY autoconf defs.)
Function specification:
SHA2( string cleartext, integer hash_length )
-> string hash, or NULL
where hash_length is one of 224, 256, 384, or 512. If either is
NULL or a length is unsupported, then the result is NULL. The
resulting string is always the length of the hash_length parameter
or is NULL.
Include the canonical hash examples from the NIST in the test
results.
---
Polish and address concerns of reviewers.
.bzrignore:
Added libmysqld/sha2.cc to the ignore list.
client/mysql.cc:
Add condition to remove code for embedded server.
client/mysqltest.cc:
Add condition to remove code for embedded server.
include/Makefile.am:
New header file to header list.
include/mysql_embed.h:
Embedded servers can use SSL-library functions too!
include/sha2.h:
Compatibility layer to make YaSSL behave like OpenSSL.
include/sslopt-case.h:
Remove SSL-communication parameters from command lines.
include/sslopt-longopts.h:
Remove SSL-communication parameters from command lines.
include/sslopt-vars.h:
Don't declare variables that are only used in SSL communication, if
we are compiling the embedded server.
include/violite.h:
Don't even compile the SSL-communication function if we're in the
embedded server.
---
Remove CPP condition indentation.
libmysqld/CMakeLists.txt:
Add new file to source list.
libmysqld/Makefile.am:
Include standard DEFS in embedded compilation. It's an undiscovered
but that it's not there.
Add new file to source list.
libmysqld/examples/Makefile.am:
Include autoconf DEFS.
libmysqld/lib_sql.cc:
Initialize SSL-related variables in embedded server.
mysql-test/include/have_ssl_crypto_functs.inc:
Distinguish between communication and crypto.
Use the tristate value of "have_ssl" variable to know whether to
test or not for SSL-provided crypto functions.
mysql-test/r/func_digest.result:
Test against the sample test vectors in the NIST Secure
Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
mysql-test/r/func_encrypt_nossl.result:
Update results to the new error message text.
mysql-test/r/have_ssl_is_yes_or_disabled_only.require:
Distinguish between communication and crypto.
Use the tristate value of "have_ssl" variable to know whether to
test or not for SSL-provided crypto functions.
mysql-test/suite/rpl/t/rpl_ssl.test:
Distinguish between communication and crypto.
mysql-test/suite/rpl/t/rpl_ssl1.test:
Distinguish between communication and crypto.
mysql-test/t/func_des_encrypt.test:
Distinguish between communication and crypto.
mysql-test/t/func_digest.test:
Test against the sample test vectors in the NIST Secure
Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
Also, test that various parameters (legal and illegal)
do what we expect.
---
Distinguish between communication and crypto.
mysql-test/t/func_encrypt.test:
Distinguish between communication and crypto.
mysql-test/t/openssl_1.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl-big.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_8k_key.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_compress.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_connect.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
sql-common/client.c:
SSL is useful for more functionality than just connecting. Test
for whether we are not embedded server also.
sql/CMakeLists.txt:
Add new source file to source list so that we have access to SHA2
functions.
sql/Makefile.am:
Add new source file to source list so that we have access to SHA2
functions.
sql/item_create.cc:
Bootstrap the SHA2 function into the server.
sql/item_strfunc.cc:
Add new SHA2 Item class methods.
Clean up two minor problems.
---
Remove extraneous debugging.
---
We must check nullness of a parameter only /after/ computing its
value.
sql/item_strfunc.h:
Declare new SHA2 Item class.
sql/mysqld.cc:
For embedded server, don't refer to SSL-communications variables
or values.
---
Remove CPP condition indentation.
sql/sha2.cc:
Compatibility layer to make YaSSL behave like OpenSSL.
---
Add comment for generated functions.
sql/sql_acl.cc:
For embedded server, don't refer to SSL-communications variables
or values.
sql/sql_connect.cc:
SSL is useful for more functionality than just connecting. Test
for whether we are not embedded server also.
sql/sys_vars.cc:
For embedded server, don't refer to SSL-communications variables
or values.
ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
Bug#13174: SHA2 function
Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
Implement SHA2 functions.
Chad added code to make it work with YaSSL. Also, he removed the
(probable) bug of embedded server never using SSL-dependent
functions. (libmysqld/Makefile.am didn't read ANY autoconf defs.)
Function specification:
SHA2( string cleartext, integer hash_length )
-> string hash, or NULL
where hash_length is one of 224, 256, 384, or 512. If either is
NULL or a length is unsupported, then the result is NULL. The
resulting string is always the length of the hash_length parameter
or is NULL.
Include the canonical hash examples from the NIST in the test
results.
---
Polish and address concerns of reviewers.
The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.
The solution is to explicitly free every X509 object used.
mysql-test/r/openssl_1.result:
Add test case result for Bug#42158
mysql-test/t/openssl_1.test:
Add test case for Bug#42158
sql/sql_acl.cc:
Deallocate X509 objects.
The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.
The solution is to explicitly free every X509 object used.
- If missing: add "disconnect <session>"
- If physical disconnect of non "default" sessions is not finished
at test end: add routine which waits till this happened
+ additional improvements like
- remove superfluous files created by the test
- replace error numbers by error names
- remove trailing spaces, replace tabs by spaces
- unify writing of bugs within comments
- correct comments
- minor changes of formatting
Modifications according to the code review are included.
Fixed tests:
grant2
grant3
lock_tables_lost_commit
mysqldump
openssl_1
outfile
- If missing: add "disconnect <session>"
- If physical disconnect of non "default" sessions is not finished
at test end: add routine which waits till this happened
+ additional improvements like
- remove superfluous files created by the test
- replace error numbers by error names
- remove trailing spaces, replace tabs by spaces
- unify writing of bugs within comments
- correct comments
- minor changes of formatting
Modifications according to the code review are included.
Fixed tests:
grant2
grant3
lock_tables_lost_commit
mysqldump
openssl_1
outfile
Re-generated the PKI files needed.
Removed the ones that are not needed.
Updated the tests to reference the correct SSL subject.
mysql-test/r/openssl_1.result:
Bug #42366: Updated the tests to reference the correct SSL subject
mysql-test/std_data/cacert.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/client-cert.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/client-key.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/server-cert-des.pem:
Bug #42366: Removed the ones that are not needed.
mysql-test/std_data/server-cert.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/server-key-des.pem:
Bug #42366: Removed the ones that are not needed.
mysql-test/std_data/server-key.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/server8k-cert.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/std_data/server8k-key.pem:
Bug #42366: Re-generated the PKI files needed.
mysql-test/t/openssl_1.test:
Bug #42366: Updated the tests to reference the correct SSL subject
