Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
fe3039eef7b8...
fe3039eef7b8b6d86458d9ef63554647d85dcd54
Sergei Golubchik
MDEV-39673 group_concat ignores max_allowed_packet

GROUP_CONCAT is limited by group_concat_max_len,
but also, as a string function it must respect max_allowed_packet.

Let's introduce THD::gconcat_max_len() helper to simplify checks.

Also:
* make max group_concat_max_len value the same as max max_allowed_packet
* use the same MY_MIN((ulonglong) ..., UINT_MAX32) in
  Item_func_json_objectagg as in Item_func_group_concat
* use overflow-safe type for lengths in Item_func_quote
  (MAX_MAX_ALLOWED_PACKET is 1G so uint cannot overflow yet, but it's
  a fragile assumption)
fcd3f81e08da...
fcd3f81e08daea471d371d3be051e6feabb06399
Vladislav Vaintroub
MDEV-37556 Memory leak in proxy protocol with name resolution enabled

When proxy protocol is used and --skip-name-resolve is not set,
thd_set_peer_addr() is called twice per connection: once for the real TCP peer (in check_connection),
and again for the proxied address (in handle_proxy_header).
Each call invokes ip_to_hostname(), which allocates a hostname string
(unless loopback connection is used) and stores it as
thd->main_security_ctx.host. That code missed to free previously
allocated hostname, which results into memory leak.

This is now fixed. Also added debug-only test to mysql_client_test, which
fakes DNS and IP resolution the same way some perfschema tests do, to
emulate remote TCP connection in MTR.
f80fbeec48f1...
f80fbeec48f1118c87d878f043f917840604f554
Vladislav Vaintroub
MDEV-39951 DENY feature does not work for EVENT privilege

Fix calculation of need_table_or_column_check in check_access(),
so it does not consider already denied bits on DB level.

Add a test case for events (provided by Ramesh Sivaraman)
f139e207175b...
f139e207175b5bbb9f8f0bc24227c61379746218
Jan Lindström
MDEV-40027 : Galera Cluster-peer > Donor command execution

An appropriately privileged user (with SUPER privileges) could
execute shell commands as the uid of the mariadbd process
because the values of the system variable wsrep_sst_auth,
which can be modified at runtime, were not properly
sanitized when used to construct a shell command.

Combined rsync and mariabackup test cases and added
test case for incorrect values for wsrep_sst_auth.
f0ae019e1a7d...
f0ae019e1a7d736500072ce62e6e107d0fb71062
Daniel Bartholomew
bump the VERSION
ed8404a73f93...
ed8404a73f93e79aff7227bb4560a44cbfdb5d1c
Hemant Dangi
MDEV-39721: wsrep_notify.cc: reject shell-unsafe characters in joiner-supplied member fields

Issue:
wsrep_notify_status() interpolated members[i].name() (the peer's
wsrep_node_name) and members[i].incoming() verbatim into a command
string that is then executed via 'sh -c' by wsp::process. A peer
joining the cluster with shell metacharacters in its wsrep_node_name
or wsrep_node_incoming_address caused arbitrary commands to run on
every cluster member that had wsrep_notify_cmd configured.
MDEV-39413 introduced safe() for the same threat class in the SST
scripts but did not cover the C++ wsrep_notify path.

Solution:
Validate each substituted field against a narrow whitelist before
interpolating. Node name allows alnum and -_. ; node address
additionally allows :[]/ for host:port and [ipv6] forms. On bad
input the notification is skipped with an error log instead of
forwarding the unsafe value to sh -c.
e5dffa6a4f3a...
e5dffa6a4f3a8df4f5d60192f1f81c65bea19b73
Vladislav Vaintroub
MDEV-40026 acl_insert_db crashes on overlong dbname in "denies" array.

Fix to return error when json_unescape() fails.
Also return error, if length from json_unescape happens to be larger
that size of buffer - 1, to make sure that null-termination of string
does not override memory.

Some cleanup - only complain once about invalid "denies" entry during
FLUSH privileges. Avoid full parsing during when processing
mysql.global_priv in grant_reload() in the first pass.
dae315a7b2bf...
dae315a7b2bf8bd2fd0449467e711e5a2db26669
Hemant Dangi
MDEV-39648: wsrep_sst_rsync.sh: apply safe() to joiner-supplied parameters

Issue:
wsrep_sst_rsync.sh interpolated WSREP_SST_OPT_REMOTE_USER and
WSREP_SST_OPT_REMOTE_PSWD verbatim. Because both values originate from
the joiner side of the SST request, a newline in either could splice
an extra directive into the donor-written stunnel.conf (silently
downgrading peer-cert verification) or an extra line into the rsync
magic file. MDEV-39413 had introduced safe() for the same threat class
in wsrep_sst_mariabackup but did not extend it to the rsync script.

Solution:
Routing the rsync interpolations through safe() closes the gap, and
extending safe() to also reject tab and newline ensures multi-line
values cannot survive into a config-file heredoc.
da58c0c137a0...
da58c0c137a066ccdad682dacef4cb2c57331e86
Monty
Ensure that mtr.out-of-source is not acccidently calling itself

Calling itself will cause extensive memory usage that can kill
the machine when it runs out of memory (happend to me).

Fixed by having mtr.out-of-source checking that it is not calling itself.
In addition added a check for cmake to expand symlinks to make the
check if we are running mtr 'out of source' safer.

Author: Sergei Golubchik <[email protected]> (CMakeList.txt changes)
d404a47c25b8...
d404a47c25b8d5d3b37d9d62c14311934523fd17
Teemu Ollakka
Add missing notify_state_change() in Wsrep_client_service.

The change was forgotten from previous rebase/wsrep-lib update.
c5409caab043...
c5409caab0430c6ec93afa881418d681e00543c9
Sergei Golubchik
MDEV-39564 One-byte OOB write in PROXY protocol v1 header parser
b765546a6a69...
b765546a6a6935f56730ddc3cb457e01fe78845c
Vladislav Vaintroub
MDEV-40028 Assertion `rights.allow_bits() == merged->cols' failed

Fixed mismatched memroot in new operator, in apply_deny_column.

MDEV-40014 Crash in SHOW GRANTS FOR user after REVOKE

Fixed premature my_hash_reset in update_role_columns, should not be
done if only DENYs are present

Also fixed unintended GRANT on column privileges when DENY should be
applied.
b2050fdb4a87...
b2050fdb4a8776422baf01a41bf86845994edb97
Sergei Golubchik
strengthen safe() in wsrep_sst_common, just in case
aefe48e6ef95...
aefe48e6ef955947d139ff04488d6890034ed034
Marko Mäkelä
MDEV-39344: trx_disconnect_prepared() uses wrong mutex

trx_t::disconnect_prepared(): Replaces trx_disconnect_prepared().
Protect is_recovered, mysql_thd with mutex, to be consistent with
protecting fetch_data_into_cache_low().

This fixes up
commit c0817dac99c28698dfc2b548d89acf1fb41dc32e (MDEV-29575).

Suggested by: Sergey Vojtovich
a9e2f7f648f3...
a9e2f7f648f339c6f49b5bbe0435fa6b04a27ed2
Sergei Golubchik
MDEV-39676 disallow global.wsrep_sst_donor=NULL again

it crashes in galera.mdev-28433
9f3d57b98637...
9f3d57b98637ece1c80b53fdf6b32741f4d6438d
Vladislav Vaintroub
MDEV-40002 REVOKE DENY on table debug asserts with existing GRANT, without existing DENY

Fix handling of update_denies_in_user_table() inside replace_table_table()

replace_table_table is "special", and should return  -1 if  grant was
revoked, 1 if error, 0 if success. Whenever it is used, caller explicitly
checks for return code greater 0

It did however return -1 on all errors with denies. The debug assertion
that catches cases where my_error() is followed by my_ok() fired then.

This is now fixed. Added test cases for "REVOKE DENY on non-existing DENY
and existing GRANT" scenarios.
9a3e15318816...
9a3e15318816616bbdbc2b83a8f7171fa4fd42f8
Sergei Golubchik
MDEV-39581 dynamic column header missing sanity checks
8b27beead627...
8b27beead6277f1fc15a750f7c226be3761e14cc
Jan Lindström
MDEV-40056 : Analyze Galera Dynamic Variables Susceptible to RCEs

Fix potential issue with wsrep_node_address by allowing
only correctly constructed address.
8a7be7e9aac2...
8a7be7e9aac2ea79cd6ae63baab8ff547c1e3da9
Hemant Dangi
MDEV-38843: BF applier failed on a node causing complete Cluster lockup

Issue:
When a BF applier failed to apply a write set and the transaction
rollback returned non-zero, wsrep-lib's apply_write_set() short-circuited
log_dummy_write_set(). That call releases commit order through
commit_order_leave() -- which drives the inconsistency vote -- and
advances the storage engine checkpoint. Skipping it left the seqno stuck
in commit order, so following appliers blocked on commit_order_enter and
the node silently locked the cluster while staying in the primary
component.

Solution:
wsrep-lib now always calls log_dummy_write_set() on the apply-error path,
so the apply error reaches the provider and the node is voted out and
evicted instead of hanging. The rollback result is still folded into ret,
and Wsrep_high_priority_service::rollback() returns its real result again.
760b57814f01...
760b57814f010d66f53ee5e7f885035180ff609b
Daniel Bartholomew
bump the VERSION
717a0a7830e1...
717a0a7830e156e4a7fa4e4541c558c05c177155
Vladislav Vaintroub
MDEV-14443 DENY statement

Implements DENY/REVOKE DENY and associated tasks.
70a88a6b6e11...
70a88a6b6e11d3cb840d5b27d05d967aff099ef0
Thirunarayanan Balathandayuthapani
MDEV-34998 Assertion `n_fields > n_cols || type & 32' failed in dict_index_t::init_change_cols on ALTER

Problem:
=======
During ALTER TABLE with column type modification and index addition,
InnoDB aborts with an assertion failure when processing collation
changes for single-column secondary indexes.

Solution:
========
dict_index_t::init_change_cols(): A single-column prefix secondary
index can have n_cols == n_fields when the column is the same as
the primary key column and undergoes a collation or type change
during ALTER TABLE.
688ba5ab54d2...
688ba5ab54d214cd9af56b07fe384106fcf6d3f8
Vladislav Vaintroub
MDEV-40026 acl_insert_db crashes on overlong dbname in "denies" array.

Fix to return error when json_unescape() fails.
Also return error, if length from json_unescape happens to be larger
that size of buffer - 1, to make sure that null-termination of string
does not override memory.

Some cleanup - only complain once about invalid "denies" entry during
FLUSH privileges. Avoid full parsing during when processing
mysql.global_priv in grant_reload() in the first pass.
633aba197042...
633aba197042a0cdf99a0a4f5efe47ad1a2b0152
Vladislav Vaintroub
MDEV-40115 DENY EXECUTE hides unrelated routines in SHOW commands or I_S

Fix check_routine_level_acl() to pass parent access, for accurate
calculation.

Previously, if (db_level_access & privs) returned 0, it was treated as
no-access on DB level in check_some_routine_access().

This is not the complete truth, with DENY, it may mean there is access,
but some routines have DENY. So pass the db level grants/denies to the
function for more accurate checking.
61d251c656e1...
61d251c656e17da804ea71d811b07871b7c79c2b
Marko Mäkelä
MDEV-13542 fixup: Remove orphan trx_print()
5cedbdfcc65b...
5cedbdfcc65b07d15ab25164cdce677cf0d256fa
Sergei Golubchik
fix columnstore for new cmake
5a19f4c0eba7...
5a19f4c0eba70c7a4d89980e7ad3f8c538f1c746
Vladislav Vaintroub
MDEV-40026 acl_insert_db crashes on overlong dbname in "denies" array.

Fix to return error when json_unescape() fails.
Also return error, if length from json_unescape happens to be larger
that size of buffer - 1, to make sure that null-termination of string
does not override memory.

Some cleanup - only complain once about invalid "denies" entry during
FLUSH privileges. Avoid full parsing during when processing
mysql.global_priv in grant_reload() in the first pass.
52bbe5b6e7fe...
52bbe5b6e7fe274f0c4738685326283c0d65944d
Sergei Golubchik
MDEV-39658 ASAN crash on invalid proxy_protocol_networks value

max_subnet estimate was off by one.

* only allow address with a known family
  (trips an assert in addr_matches_subnet())
* adjust max_subnet estimate accordinly
3a3c1e403ba6...
3a3c1e403ba6b94a98d40425bb50a17d7cf6edc9
Jan Lindström
Prepare for Galera library version 26.4.27
34fd0fedc5f3...
34fd0fedc5f3b612958b4a88bcc083a4bfd2ebd8
Marko Mäkelä
MDEV-39344: fetch_data_into_cache() clears "is_truncated"

There is a memory limit implemented for the INFORMATION_SCHEMA tables
innodb_trx, innodb_locks, innodb_lock_waits. The predicate
trx_i_s_cache_is_truncated() would never hold in
trx_i_s_common_fill_table() due to a logic bug that had been
introduced in a refactoring.

fetch_data_into_cache(): Shrink the critical section of lock_sys.latch
and do not unconditionally reset cache->is_truncated when leaving the
function. This fixes a correctness regression that had been introduced
back in 2007 by commit 5cbf4e3840491c2d80928641bc0fbb8135e9c201
for the InnoDB Plugin for MySQL 5.1, which later became
the built-in InnoDB in MySQL 5.5 and MariaDB Server 5.5.

Reviewed by: Sergey Vojtovich
34061beff4f8...
34061beff4f805839a99fdc8a17f9d152ecf4162
Vladislav Vaintroub
MDEV-40116 Column-level DENY SELECT hides accessible columns

Allow SHOW if grants on table level indicate "maybe allowed", i.e
there are some grants that are not all denied on this level.

Column level denies are applied in SHOW COLUMS.
They are not applied in SHOW CREATE TABLE, which will succeed if
there are appropriate table level privs, without checking columns.
32ab8a2d4c0f...
32ab8a2d4c0fd04e89713f63f04c6cf40248b63d
Sergei Golubchik
MDEV-39657 ASAN error on malformed WKB point

check data length for Gis_point
31319c7bc618...
31319c7bc618f669e34d5de1823142df4ec67e33
Sergei Golubchik
proxy protocol v2: fix a harmless typo

according to the rfc, the length is 2 bytes,
but the max length is 226 and there's a validity
check for length <= 240.
1648170c5c33...
1648170c5c33cf39dec34d92c653551c4fdd6f9b
Sergei Golubchik
MDEV-39565 missing filename check in mariadb-backup --decompress

check for tablename-safe characters in backed up table files
160695101c17...
160695101c171378b5a35972cc042be076e23776
Marko Mäkelä
MDEV-39344: Fix a TOCTOU race

trx_i_s_possibly_fetch_data_into_cache(): Fetch into the cache and
return whether the cache was truncated. Previously, we checked this
flag without holding any latch.

trx_i_s_cache_start_write(), trx_i_s_cache_end_write(),
trx_i_s_cache_is_truncated(): Remove. These are now part of
trx_i_s_possibly_fetch_data_into_cache().

trx_i_s_cache: Remove. The singleton cache object can be a static object
with no pointer indirection.
13e6808f0138...
13e6808f0138175ad48bf91b6487f56f33c51919
Jan Lindström
MDEV-39676 : Galera Cluster-peer > Donor command execution

Add verification of wsrep_sst_donor, wsrep_sst_method and
wsrep_sst_receive_address so that they contain only
supported characters. But allow NULL or empty value.
11c41cd93d2c...
11c41cd93d2c3732862ba043afd18508021440c0
Sergei Golubchik
MDEV-39622 OBJECT_INSTANCE_BEGIN in P_S are unstable, difficult to compare

let's show stable values that don't change between runs
0d59c434fab0...
0d59c434fab044ad5a28e24c5608959da14e5b0b
Oleksandr Byelkin
Merge branch '10.6' into 10.11
05663d1910db...
05663d1910dbbf5d63270812216326694511e73f
Sergei Golubchik
MDEV-39576 PROXY v2 protocol uninitialized memory reads
03e040ea90d7...
03e040ea90d75be093d1932232b4392dddd2fe34
Jan Lindström
Fix test failure on galera_sst_mariabackup_encrypt_with_key_server

Joiner mariadbd exits when SST is aborted; the exit code varies by
platform (clean 0 on some systems, signalled 134 / 1 on others).

pkill exit code can also vary by platform (clean 0 on some systems,
signalled 1 others).
BuildBot (0.8.9) working for the MariaDB project.
Page built: Sun 21 Jun 2026 21:14:36 (UTC)