As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.
Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.
This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.
The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway.
https://github.com/openssl/openssl/issues/12368
PR: 247803
Reported by: eugen
Sponsored by: Netzkommune GmbH
/usr/obj/usr/ports/databases/mysql57-client/work/mysql-5.7.30/include/my_openssl.h:55:30: error: use of undeclared identifier 'OPENSSL_INIT_NO_ATEXIT'
return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL);
This fix a problem with libressl
PR: 246070
MFH: 2020Q2
Sponsored by: Netzkommune GmbH
Bugs Fixed:
- InnoDB: The row_upd_clust_rec_by_insert function, which marks a clustered index record as deleted and inserts an updated version of the record into the clustered index, passed an incorrect n_ext value (the total number of external fields) to lower level functions, causing an assertion failure.
- InnoDB: An operation performed with the innodb_buffer_pool_evict debug variable set to uncompressed caused an assertion failure.
- InnoDB: An add column operation caused an assertion failure. The failure was due to a dangling pointer.
- nnoDB: Updating certain InnoDB system variables that take string values raised invalid read errors during Valgrind testing.
- InnoDB: An insert statement on a table with a spatial index raised a record type mismatch assertion due to a tuple corruption.
- InnoDB: A function that calculates undo log record size could calculate an incorrect length value in the case of a corrupted undo log record, resulting in a malloc failure. Assertion code was added to detect incorrect calculations.
- Replication: While an SQL statement was in the process of being rewritten for the binary log so that sensitive information did not appear in plain text, if a SHOW PROCESSLIST statement was used to inspect the query, the query could become corrupted when it was written to the binary log, causing replication to stop. The process of rewriting the query is now kept private, and the query thread is updated only when rewriting is complete.
- Replication: When a GRANT or REVOKE statement is only partially executed, an incident event is logged in the binary log, which makes the replication slave's applier thread stop so that the slave can be reconciled manually with the master. Previously, if a failed GRANT or REVOKE statement was the first statement executed in the session, no GTID was applied to the incident event (because the cache manager did not yet exist for the session), causing an error on the replication slave. Also, no incident event was logged in the situation where a GRANT statement created a user but then failed because the privileges had been specified incorrectly, again causing an error on the replication slave. Both these issues have now been fixed.
- Replication: When a replication slave has a generated column that the master does not have in that table, with a secondary index on the generated column, the generated expression should be evaluated and the value stored by the storage engine in the secondary index. When row-based binary logging is in use, the replication slave assigns default values to any fields that are not in the master's definition of the table. In the case of a generated column, which does not have a default value, the slave was previously assigning a null or a zero value to the column. This value was then stored by the storage engine in the secondary index, causing both the table and the index to become corrupted. To fix this issue, generated columns in a table on a replication slave are now re-evaluated before the values are sent to the storage engine.
- Replication: In the event of an unplanned disconnection of a replication slave from the master, the reference to the master's dump thread might not be removed from the list of registered slaves, in which case statements that accessed the list of slaves would fail. The issue has now been fixed.
- Replication: With the settings binlog_format=MIXED, tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT query involving a transactional storage engine omitted any columns with a null value from the row image written to the binary log. This happened because when processing INSERT ... SELECT statements, the columns were marked for inserts before the binary logging format was selected. The issue has now been fixed.
Full Changelog: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html
MFH: 2020Q2
Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Sponsored by: Netzkommune GmbH
Bugs Fixed:
- InnoDB: os_file_get_parent_dir warnings were encountered when compiling MySQL with GCC 9.2.0.
- InnoDB: An internal function (btr_push_update_extern_fields()) used to fetch newly added externally stored fields and update them during a pessimistic update or when going back to a previous version of a record was no longer required. Newly added externally stored fields are updated by a different function. Also, the method used to determine the number of externally stored fields was corrected.
- InnoDB: A comparison function found two records to be equal when attempting to merge non-leaf pages of a spatial index. The function was unable to handle this unexpected condition, which resulted in a long semaphore wait and an eventual assertion failure.
- Replication: A memory leak could occur when a failed replication group member tried to rejoin a minority group and was disallowed from doing so.
- Docker packages were missing the LDAP authentication plugins.
More Infos: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html
Approved by: mmokhi (maintainer, implicit)
MFH: 2020Q1
Security: a6cf65ad-37d2-11ea-a1c7-b499baebfeaf
Sponsored by: Netzkommune GmbH
This update includes:
Bugfix:
- InnoDB: Optimized internal temporary tables did not support
in-place UPDATE operations
- InnoDB: A function called by a CREATE TABLE thread attempted access after free()
- InnoDB: The INDEX_LENGTH value in INFORMATION_SCHEMA.TABLES
was not updated when adding an index
- The authentication_ldap_simple plugin could enforce authentication incorrectly
More info: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html
Security Fix:
CVE-2019-2632, CVE-2019-1559, CVE-2018-3123, and other fixes.
More info: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
PR: 237399
Reported by: Brent Busby <brent@jfi.uchicago.edu>
Sponsored by: The FreeBSD Foundation
This update (released on Jan 21st) includes:
Deprecation:
-Tools resolveip and resolve_stack_dump utilities are now deprecated.
(Will be removed on MySQL8.0).
Bugfix:
-Fix a memory leak caused by a dangling pointer. (Bug #28693568)
-Fix mishandling of SIGHUP by server could result in a server exit.
(Bug #27966483, Bug #90742).
-Correct potential incorrect out-of-memory checks performed by parser.
(Bug #25633994).
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
PR: 234983
Reported by: Markus Kohlmeyer < rootservice@gmail.com >
Sponsored by: The FreeBSD Foundation
Make MySQL build-script assume that FreeBSD's Clang (on i386)
doesn't have "atomic_*" functions builtin implemented.
This is added to cmake/os/FreeBSD.cmake to make the merge for upstream easier.
This fixes the build of mysql57-client on the i386 again.
PR: 229605
Submitted by: PitDron <pitdron@gmail.com>
Reported by: gbromov@gmail.com
Sponsored by: The FreeBSD Foundation
This patch adds a condition to FreeBSD part of MySQL CMake-scripts
to recognize gcc as well as Clang, while taking care of Unsupported compilers too.
This is an enhancement on the initial patch by Piotr Kubaj <pkubaj@anongoth.pl> that
committed by linimon on r488087.
PR: 234172
Sponsored by: The FreeBSD Foundation
Delete merged-to-upstream FreeBSD patches, edit half-merged ones.
Upstream bugfixes:
Regression of Bug #27753193 (segfault on ALTER TABLE adding primary key, InnoDB)
Query interruption during a lock wait caused an error: Bug #28068293
Raised assertion during an OPTIMIZE TABLE operation for InnoDB: Bug #27753193
More info on update: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html
PR: 232685
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Sponsored by: The FreeBSD Foundation
The upstream seems merged our local-patches but
added a -R flag to its `c++` [actually ld] command.
The -R $DIR is like -rpath on 11.x and CURRENT bases but not on 10.x
We then use -rpath to make sure it works on all supported bases.
Reported by: John W. O'Brien <john@saltant.com>
Sponsored by: Netzkommune GmbH
This update includes fixes for multiple CVEs including:
CVE-2018-2755 in replication component, MySQL protocol
CVE-2018-2805 in GIS extention
CVE-2018-2782 in InnoDB
and more info on http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
PR: 227621
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Sponsored by: Netzkommune GmbH
This update fixes bugs like CVE-2018-2696, CVE-2018-2562, CVE-2018-2640,
CVE-2018-2668, CVE-2017-3737 (and more) in MySQL protocol by upstream.
Delete local patches (CMake plugin macros) that are merged by upstream.
PR: 225195
Sponsored by: Netzkommune GmbH
Using FreeBSD-ports libcurl and protobuf instead of bundled ones
This upgrade includes:
-Deprecation of these syntax constructs for table and column:
.col_name
.tbl_name
.tbl_name.col_name
-Bugfix of memory-leak in mysqldump
Reviewed by: mat (mentor)
Approved by: mat (mentor)
Sponsored by: Netzkommune GmbH
Differential Revision: https://reviews.freebsd.org/D12712
-Add a SASL/LDAP option for mysql57-client
-Fix plugin.cmake for "FreeBSD != Linux" case
For new plugin, MySQL build assumes everything is MacOS or Windows or Linux.
This breaks upgrades when you have SASL/LDAP client-library installed.
Because it "Decides" that you "Want" SASL/LDAP support and tries to build it.
PR: 220865
Submitted by: mmokhi
Reported by: Vladimir Omelchuk <admin@vladiom.com.ua>
Reviewed by: mat, feld (mentors)
Approved by: feld (mentor)
MFH: 2017Q3
Differential Revision: https://reviews.freebsd.org/D11667
