Changes in MySQL 5.6.51
Security Notes
The linked OpenSSL library for MySQL Server has been updated to version 1.1.1i. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html.
Bugs Fixed
InnoDB: The full-text search synchronization thread attempted to read a previously-freed word from the index cache.
The server did not handle all cases of the WHERE_CONDITION optimization correctly.
Privileges for some INFORMATION_SCHEMA tables were checked incorrectly.
In certain cases, the server did not handle multiply-nested subqueries correctly.
A buffer overflow in the client library was fixed.
Note that the 5.6 series will be end of life in February 2021. The
current major version is 8.0, which isn't in pkgsrc yet. You CAN NOT
upgrade directly from 5.6 to 8.0, therefore it is recommended for anybody
running 5.6 to upgrade to this version, then upgrade to 5.7.
Changes in MySQL 5.6.50 (2020-10-19, General Availability)
Functionality Added or Changed
LOCK TABLES privilege checking for views was improved. (Bug #31304432)
Bugs Fixed
InnoDB: In session started with START TRANSACTION WITH CONSISTENT
SNAPSHOT, a range query returned a truncated result. The end
range flag was not reset at the beginning of the index read
resulting in an aborted read and missing rows. (Bug #30950714,
Bug #98642)
References: This issue is a regression of: Bug #23481444.
In bootstrapping mode, certain multiple-statement transactions
could cause unexpected server behavior. (Bug #31650096)
Assigning CONCAT('') or CONCAT_WS('') to a variable set the
variable to NULL, not the empty string. (Bug #31320716, Bug
#99485, Bug #31413167, Bug #99722)
ORDER BY queries were not executed correctly when sort_buffer_size
and max_sort_length were set to values which caused the internal
limit on the maximum number of keys allowed per sort buffer to
be set to 0. (Bug #30175483)
The internal method Field_tiny::pack() did not always perform
bounds checking as expected. (Bug #29948029)
References: See also: Bug #31591391.
A large number of nested arguments in full-text search query
caused an error. (Bug #29929684)
An assertion could be raised when the SQL layer passed incorrect
information to InnoDB about the type of operation to be performed
on a temporary table. (Bug #22503696)
Changes in MySQL 5.6.49
Configuration Notes
tcmalloc is no longer a permitted value for the mysqld_safe --malloc-lib option.
Security Notes
Incompatible Change: Access to the INFORMATION_SCHEMA.FILES table now requires the PROCESS privilege.
This change affects users of the mysqldump command, which accesses tablespace information in the FILES table, and thus now requires the PROCESS privilege as well. Users who do not need to dump tablespace information can work around this requirement by invoking mysqldump with the --no-tablespaces option.
The linked OpenSSL library for MySQL Server has been updated to version 1.1.1g. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html.
Bugs Fixed
Partitioning: A query against a partitioned table, which used an ORDER BY, returned unordered results under the following conditions:
The table had a composite index with a prefix on one of the columns.
The query's WHERE clause contained an equality condition on the prefixed column.
The column with the prefix was the leftmost column in the index.
The column used in the ORDER BY was the rightmost column in the index.
The index was used for handling the ORDER BY.
Our thanks to Quanan Han for the contribution.
Replication: When a replication source server shuts down and restarts, its MEMORY tables become empty. To replicate this effect to replicas, the first time that the source uses a given MEMORY table after startup, it notifies replicas that the table must be emptied by writing a DELETE statement for that table to the binary log. Previously, the generated DELETE statement was written to the binary log statement cache for the current session, which could result in it being logged together with other statements under the same GTID, or logged without BEGIN and COMMIT statements. Also, in some situations, the generated DELETE statement could consume the GTID intended for the transaction that triggered it. The generated DELETE statement is now logged with accompanying BEGIN and COMMIT statements, and the resulting transaction is flushed to the binary log immediately after it is written to the statement cache, so that it always receives its own GTID and is kept separate from other transactions.
mysql_store_result() could fail to detect invalid data packets.
The server sometimes mistakenly removed a subquery with a GROUP BY when optimizing a query, even in some cases when this subquery was used by an outer select. This could occur when the subquery also used an aggregate function.
Changes in MySQL 5.6.48
Bugs Fixed
InnoDB: A tablespace import operation that failed due to the source and destination tables being defined with different DATA DIRECTORY clauses reported an insufficiently descriptive schema mismatch error. Moreover, if a .cfg file was not present, the same operation would raise an assertion failure. A more informative error message is now reported in both cases before the import operation is terminated due to the data directory mismatch.
InnoDB: Updating certain InnoDB system variables that take string values raised invalid read errors during Valgrind testing.
Replication: In the event of an unplanned disconnection of a replication slave from the master, the reference to the master's dump thread might not be removed from the list of registered slaves, in which case statements that accessed the list of slaves would fail. The issue has now been fixed.
Replication: With the settings binlog_format=MIXED, tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT query involving a transactional storage engine omitted any columns with a null value from the row image written to the binary log. This happened because when processing INSERT ... SELECT statements, the columns were marked for inserts before the binary logging format was selected. The issue has now been fixed.
The Event Scheduler had a memory leak.
Under certain circumstances, a memcached command could result in reading an uninitialized memory buffer, causing a failure.
CONCAT() and CONCAT_WS() could produce incorrect results in rare cases due to incorrect substring handling.
Scheduling of events could be disturbed by removing events.
Client programs could load authentication plugins from outside the plugin library.
A query with a WHERE clause whose predicate contained a numeric value in scientific notation was not handled correctly.
In addition, attempting to insert a particular integer specified as a string caused a server exit when the string-to-integer conversion was not successful.
The client library could dereference a null pointer while fetching result set metadata from the server.
Changes in MySQL 5.6.47:
Bugs Fixed
Replication: When GTIDs are enabled on a replication master and slave, and the slave connects to the master with the MASTER_AUTO_POSITION=1 option set, the master must send the slave all the transactions that the slave has not already received, committed, or both. If any of the transactions that should be sent by the master have been already purged from the master's binary log, the master sends the error ER_MASTER_HAS_PURGED_REQUIRED_GTIDS (1789) to the slave, and replication does not start.
The message provided for the error ER_MASTER_HAS_PURGED_REQUIRED_GTIDS has been changed to provide advice on the correct action in this situation, which is for the slave to replicate the missing transactions from another source, or for the slave to be replaced by a new slave created from a more recent backup. The message advises that the master's binary log expiration period can be revised to avoid the situation in future. In addition, the master now identifies the GTIDs of the purged transactions and supplies them in its error log in the warning message ER_FOUND_MISSING_GTIDS (11809), so that you do not need to calculate the missing GTIDs manually.
With multiple sessions executing concurrent INSERT ... ON DUPLICATE KEY UPDATE statements into a table with an AUTO_INCREMENT column but not specifying the AUTO_INCREMENT value, inserts could fail with a unique index violation.
A SELECT using a WHERE condition of the form A AND (B OR C [OR ...]) resulting in an impossible range led to an unplanned exit of the server.
An incomplete connection packet could cause clients not to properly initialize the authentication plugin name.
Changes in MySQL 5.6.46
Configuration Notes
It is now possible to compile MySQL 5.6 using OpenSSL 1.1.1, enabling compilation support for MySQL 5.6 against OpenSSL even when OpenSSL 1.0.2 reaches End of Life status at the end of 2019.
In addition, MySQL 5.6 now supports TLSv1.1 and TLSv1.2 protocols for encrypted connections. This applies to MySQL Server, MySQL clients such as mysql and mysqldump, and master/slave replication. Previously, MySQL 5.6 supported only TLSv1, so TLSv1.1/TLSv1.2 support enables use of more secure TLS protocols. It also enables connecting from MySQL 5.6 clients and replication slaves to MySQL 5.7 and higher servers that have TLSv1 disabled, which previously was not possible. It also means that MySQL 5.7 and higher clients that do not want to use TLSv1 can connect to MySQL 5.6 servers.
All MySQL 5.6 builds now use OpenSSL. MySQL no longer supports using yaSSL as the SSL library, and source distributions no longer include yaSSL.
The WITH_SSL CMake option no longer permits bundled (use yaSSL) as a valid value, and the default option value has changed from bundled to system (use the version of OpenSSL installed on the host system).
Bugs Fixed
Improper locking during storage engine initialization could cause a server exit.
A query with a WHERE clause whose predicate contained a numeric value in scientific notation was not handled correctly.
VS2019 produced compilation errors with debug compilation selected due to use of the /ZI flag. Now /Z7 is used instead.
Password masking was incomplete for SHOW PROCESSLIST and some INFORMATION_SCHEMA and Performance Schema tables.
The -DWITH_EXAMPLE_STORAGE_ENGINE=1 CMake option was ignored but should not have been. If -DWITH_EXAMPLE_STORAGE_ENGINE=0 is given, the EXAMPLE storage engine is built as a plugin.
Changes in MySQL 5.6.45:
Functionality Added or Changed
Microsoft Windows: A new warning message now reminds DBAs that connections made using the MySQL named pipe on Windows has limited the permissions a connector can request on the named pipe.
Previously, the named_pipe_full_access_group system variable was set to a value that maps to the built-in Windows Everyone group (SID S-1-1-0) by default. However, this group is not ideal and should be replaced with a group that restricts its membership for connectors that are unable to request fewer permissions on the MySQL named pipe.
The new warning is written to the error log at startup if the string value assigned to named_pipe_full_access_group is '*everyone*' (or the Windows System Language equivalent) and named pipes are enabled. In addition, the warning is written to the error log and raised to the client if the system variable is reset to the Everyone group at runtime.
Bugs Fixed
InnoDB: A query that scanned the primary key of a table did not return the expected result.
InnoDB: A full-text cache lock taken when data is synchronized was not released if the full-text cache size exceeded the full-text cache size limit.
InnoDB: Client sessions using different auto_increment_increment values while performing concurrent insert operations could cause a duplicate key error.
Replication: In query log events in the binary log, the thread ID used for the execution of DROP TABLE and DELETE statements was identified incorrectly or not at all. On a multi-threaded replication slave, where temporary tables were involved (which require the correct thread ID as they are session specific), this omission resulted in errors when using mysqlbinlog to replay the binary log for point-in-time recovery. The thread ID is now set correctly.
Installing from RPM packages could result in an error log with incorrect permissions.
Enabling audit log encryption could cause a server exit.
MySQL Installer did not install OpenSSL DLL dependencies if the Development component was not selected.
The parser could leak memory for certain multiple-statement queries.
MySQL does not support OpenSSL session tickets, but did not set the SSL_OP_NO_TICKET flag to inform OpenSSL of that. The flag is now set.
UpdateXML() did not always free memory properly in certain cases.
Empty values in the name column of the mysql.plugin system table caused the server to exit during startup.
Some PROXY grants were not replicated to slaves, causing incorrect replication.
If an INSTALL PLUGIN statement contained invalid UTF-8 characters in the shared library name, it caused the server to hang (or to raise an assertion in debug builds).
Changes in MySQL 5.6.43:
Functionality Added or Changed
Microsoft Windows: The access control granted to clients on the named pipe created by the MySQL server now is set to the minimum necessary for successful communication on Windows. Newer MySQL client software can open named pipe connections without any additional configuration. If older client software cannot be upgraded immediately, the new named_pipe_full_access_group server system variable can be used to give a Windows group the necessary permissions to open a named pipe connection. Membership in the full-access group should be restricted and temporary.
Bugs Fixed
Replication: A patch to correct the handling of quotes for identifiers in ROLLBACK TO SAVEPOINT statements in the binary log was not correctly applied to subsequent MySQL versions.
Replication: In some circumstances, the CHANGE MASTER TO statement could not be used on a replication slave if the master info log had been changed from a table (master_info_repository=TABLE) into a file (master_info_repository=FILE).
Replication: The value returned by a SHOW SLAVE STATUS statement for the total combined size of all existing relay log files (Relay_Log_Space) could become much larger than the actual disk space used by the relay log files. The I/O thread did not lock the variable while it updated the value, so the SQL thread could automatically delete a relay log file and write a reduced value before the I/O thread finished updating the value. The I/O thread then wrote its original size calculation, ignoring the SQL thread's update and so adding back the space for the deleted file. The Relay_Log_Space value is now locked during updates to prevent concurrent updates and ensure an accurate calculation.
Replication: If the relay log index file was temporarily locked for viewing by a backup process for a replication slave, and MySQL Server also attempted to access the file at that time for rename or delete operations, the backup completed with warnings, but MySQL Server experienced an unexpected halt. MySQL Server now retries the file access operation a number of times in case this or a similar scenario is the explanation and the file becomes available again before long.
The server permitted creation of databases with the same name as redo log files, which could result in unexpected server behavior. Such names are no longer permitted as database names.
When a subquery contained a UNION, the count of the number of subquery columns was calculated incorrectly.
Comparing log file names as strings using the memcmp() function resulted in uninitialized memory read errors. The comparison now uses the strncmp() function. Thanks to Zsolt Parragi and Laurynas Biveinis for their contributions.
The transformation of IN subquery predicates into semijoins was not handled correctly for a very large number of tables.
Executing a prepared statement to do a multiple-row insert with large number of placeholders consumed excessive memory and could execute slowly.
The parser accepted invalid SET statement syntax in trigger definitions that could result in a server exit.
MyISAM index corruption could occur for bulk-insert and table-repair operations that involve the repair-by-sorting algorithm and many (more than 450 million) rows.
A query employing a dynamic range and an index merge could use more memory than expected.
Changes in MySQL 5.6.42
Functionality Added or Changed
* Previously, file I/O performed in the I/O cache in the mysys library was not instrumented, affecting in particular file I/O statistics reported by the Performance Schema about the binary log index file. Now, this I/O is instrumented and Performance Schema statistics are accurate. Thanks to Yura Sorokin for the contribution.
* The zlib library version bundled with MySQL was raised from version 1.2.3 to version 1.2.11. MySQL implements compression with the help of the zlib library.
* The zlib compressBound() function in zlib 1.2.11 returns a slightly higher estimate of the buffer size required to compress a given length of bytes than it did in zlib version 1.2.3. The compressBound() function is called by InnoDB functions that determine the maximum row size permitted when creating compressed InnoDB tables or inserting rows into compressed InnoDB tables. As a result, CREATE TABLE ... ROW_FORMAT=COMPRESSED or INSERT operations with row sizes very close to the maximum row size that were successful in earlier releases could now fail.
Bugs Fixed
* InnoDB: An ALTER TABLE operation that added a primary key produced a segmentation fault.
* InnoDB: An assertion was raised during an OPTIMIZE TABLE operation.
* InnoDB: A foreign key constraint name was duplicated during a rename table operation, causing a failure during later query execution.
* InnoDB: The location of the Innodb Merge Temp File that reported by the wait/io/file/innodb/innodb_temp_file Performance Schema instrument was incorrect.
* Replication: When FLUSH statements for specific log types (such as FLUSH SLOW LOGS) resulted in an error, the statements were still written to the binary log. This stopped replication because the error had occurred on the master, but did not occur on the slave. MySQL Server now checks on the outcome of these FLUSH statements, and if an error occurred, the statement is not written to the binary log.
* Microsoft Windows: On Windows, uninstallation of the MySQL Server MSI package through MySQL Installer produced a spurious popup window.
* Concurrent INSERT and SELECT statements on a MERGE table could result in a server exit.
* MySQL Server and test RPM packages were missing perl-Data-Dumper as a dependency.
* For the mysql client, the -b short option was associated with two long options, --no-beep and --binary-as-hex. The -b option now is associated only with --no-beep.
* Very long table keys were handled incorrectly on replication slaves.
* During server startup/shutdown, PID files could be mishandled.
* For MEMORY tables, memory overflow errors could occur.
* When converting from a BLOB (or TEXT) type to a smaller BLOB (or TEXT) type, no warning or error was reported informing about the truncation or data loss. Now an appropriate error is issued in strict SQL mode and a warning in nonstrict SQL mode.
* Failure to create a temporary table during a MyISAM query could cause a server exit. Thanks to Facebook for the patch.
* An attempted read of an uncommitted transaction raised an assertion.
* ALTER TABLE ... REORGANIZE PARTITION ... could result in incorrect behavior if any partition other than the last was missing the VALUES LESS THAN part of the syntax.
* yum update did not properly update from RHEL5 RPM packages to current packages.
* It was possible for a subquery that used a unique key on a column allowing NULL to return multiple rows.
MySQL 5.6.39
Configuration Notes
* For RHEL, SLES, and Fedora RPMs, the default plugin directory for debug builds has been changed from /usr/lib64/mysql/plugin to /usr/lib64/mysql/plugin/debug.
Security Notes
* Incompatible Change: Passwords are now restricted to a maximum of 256 characters for the sha256_password authentication plugin, and for the PASSWORD() function when old_passwords=2. Also, the number of password hashing rounds is capped to limit CPU time used.
* The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.2n. Issues fixed in the new OpenSSL version are described at http://www.openssl.org/news/vulnerabilities.html.
* This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
Test Suite Notes
* Documentation for the MySQL Test Suite is now maintained in the MySQL source tree using Doxygen (see http://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_MYSQL_TEST_RUN.html). The related Unix man pages that previously were produced from the old test suite manual are no longer updated and have gone out of date. Consequently, they are no longer included in MySQL distributions.
Bugs Fixed
* InnoDB: An ALTER TABLE operation caused the server to halt.
* InnoDB: A FLUSH TABLES operation failed to drop an aborted index. While removing the table from the cache, the clustered index was dropped prior to checking for the aborted index.
* InnoDB: Warnings that should only appear in a debug version of MySQL were printed to the error log when the length of the history list exceeded 2000000.
* InnoDB: Full-text search on indexed columns that use a binary collation did not return case sensitive matches.
* Partitioning: In certain cases when fetching heap records a partition ID could be set to zero.
* Replication: With semisynchronous replication in use, if RESET MASTER was issued while an active transaction was waiting for an acknowledgement from the slave, the count of waiting sessions in the Rpl_semi_sync_master_wait_sessions server status variable was incorrect after the wait was completed.
* Microsoft Windows: On Windows, with the myisam_use_mmap and flush system variables enabled, MyISAM did not always flush table files properly.
* Microsoft Windows: On Windows, resolution was improved of a timer used for query performance assessment.
* VALUES() was not handled correctly in some cases.
* The Performance Schema now stores rewritten rather than raw SQL statement text when available.
* Incorrect results or a server exit could result when SHA2() was passed a user-defined variable in some character sets.
* Creating a table with excessive index information could cause a server exit.
* REFERENCES privilege checking could use the incorrect database in some cases.
* Some statements could cause a buffer overflow in the digest code. Thanks to Laurynas Biveinis and Roel van de Paar for the patch.
* Incorrect results could occur on a table with a unique index when the optimizer chose a loose index scan even though the unique index had no index extensions.
* Executing a stored procedure containing a statement that created a table from the contents of certain SELECT statements could result in a memory leak.
* For geometry calculations, invalid input parameters could lead to an incorrect result buffer and cause an assertion to be raised or a server exit.
* Setting the MYSQL_GROUP_SUFFIX environment variable had no effect.
* A circular dependency problem involving sql/sql_builtin.cc was resolved.
* A prepared statement containing an ORDER BY list that referred to a parameter was not always handled correctly.
Changes in MySQL 5.6.38:
Packaging Notes
---------------
mysqlcheck was missing in the MySQL Server Docker image, which prevented mysql_upgrade from running.
Bugs Fixed
----------
InnoDB: Replication lag occurred on slave instances during large update operations on tables with many partitions.
InnoDB: A failure occurred during an end range comparison.
InnoDB: Enabling the innodb_buffer_pool_load_now setting failed in readonly mode. The event that signals the buffer pool load thread was not initialized.
InnoDB: A long wait for a dictionary operation lock held by a full-text search synchronization operation caused a server exit.
Partitioning: Queries involving NULL were not always handled correctly on tables that were partitioned by LIST.
Replication: When replicating a partitioned table with an index, on a replication slave where HASH_SCAN was specified as part of the slave_rows_search_algorithms setting, the slave I/O thread sometimes stopped with an error HA_ERR_KEY_NOT_FOUND.
Replication: Replication clients no longer enable LOCAL capability for LOAD DATA statements, because they do not use LOAD DATA LOCAL statements.
Replication: In case of a failure while creating multiple slave applier worker threads, some threads would be left orphaned and their resources would not be collected. Thanks to Laurynas Biveinis for his contribution to fixing this bug.
MSI packages for Windows failed to detect when Microsoft Visual C++ 2010 Redistributable Package was installed.
yaSSL could incorrectly perform TLS cipher negotiation.
The server failed to check the maximum path length for partition names.
Identifiers containing a mixture of backslashes and backticks could be parsed incorrectly.
Source packages for Debian platforms contained prebuilt debug binaries, causing build failures on any architectures other than the one on which those binaries were built.
Uninstalling the daemon_memcached plugin caused a serious error.
Selecting from a view could yield different results with materialization enabled versus materialization disabled.
The Performance Schema failed to check the maximum host length for client connections.
A server error occurred when a full text search result exceeded the innodb_ft_result_cache_limit setting. The patch for this bug also backports a related patch.
If a stored function was considered a constant by the optimizer, calling it from a subquery in a NOT IN condition in the WHERE clause could cause a server exit.
A mysqldump memory leak was fixed.
If a session rolled back to a savepoint and then was killed, the statements up to the point of the savepoint could be committed.
For clients that used Connector/Python and authenticated using the sha256_password plugin, the server could handle connections incorrectly.
NAME_CONST() can return null if incorrect arguments are given. In some cases, this was not handled and could cause a server exit.
* Security Fix: The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.2l. Issues fixed in the new OpenSSL version are described at http://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
Platform-Specific Notes
* Linux: The generic Linux build for MySQL 5.6 is now built on Oracle Linux 6 using glibc 2.12. Systems that use the build need to have glibc 2.12 or later installed on them.
Functionality Added or Changed
* For Windows, MSI installer packages now include a check for the required Visual Studio redistributable package, and produce a message asking the user to install it if it is missing.
* The mysql client now supports a --binary-as-hex option that causes display of binary data using hexadecimal notation (0xvalue). Thanks to Daniël van Eeden for the patch.
* mysqlaccess now looks for its configuration file only in the SYSCONFDIR directory and /etc.
Bugs Fixed
* InnoDB: The server allocated memory unnecessarily for an operation that rebuilt the table.
* InnoDB: When using an index merge optimizer switch, a SELECT COUNT(*) operation sometimes returned 0. Partitioning code incorrectly performed a memcpy instead of a column copy of columns read by the index, causing the wrong records to be copied.
* Replication: A USE statement that followed a SET GTID_NEXT statement sometimes had no effect.
* Replication: If the binary log on a master server was rotated and a full disk condition occurred on the partition where the binary log file was being stored, the server could stop unexpectedly. The fix adds a check for the existence of the binary log when the dump thread switches to next binary log file. If the binary log is disabled, all binary logs up to the current active log are transmitted to slave and an error is returned to the receiver thread.
* Replication: If a relay log index file named relay log files that did not exist, RESET SLAVE ALL sometimes did not fully clean up properly.
* Replication: mysqlbinlog, if invoked with the --raw option, does not flush the output file until the process terminates. But if also invoked with the --stop-never option, the process never terminates, thus nothing is ever written to the output file. Now the output is flushed after each event.
* Replication: A memory leak in mysqlbinlog was fixed. The leak happened when processing fake rotate events, or when using --raw and the destination log file could not be created. The leak only occurred when processing events from a remote server. Thanks to Laurynas Biveinis for his contribution to fixing this bug.
* Replication: Multi-threaded slaves could not be configured with small queue sizes using slave_pending_jobs_size_max if they ever needed to process transactions larger than that size. Any packet larger than slave_pending_jobs_size_max was rejected with the error ER_MTS_EVENT_BIGGER_PENDING_JOBS_SIZE_MAX, even if the packet was smaller than the limit set by slave_max_allowed_packet.
* With this fix, slave_pending_jobs_size_max becomes a soft limit rather than a hard limit. If the size of a packet exceeds slave_pending_jobs_size_max but is less than slave_max_allowed_packet, the transaction is held until all the slave workers have empty queues, and then processed. All subsequent transactions are held until the large transaction has been completed. The queue size for slave workers can therefore be limited while still allowing occasional larger transactions.
* mysqldump could write database names in USE statements incorrectly.
* If the mysql_stmt_close() C API function was called, it freed memory that later could be accessed if mysql_stmt_error(), mysql_stmt_errno(), or mysql_stmt_sqlstate() was called. To obtain error information after a call to mysql_stmt_close(), call mysql_error(), mysql_errno(), or mysql_sqlstate() instead.
* Queries could be cached incorrectly, leading to incorrect query results, under these circumstances: InnoDB table; rows are being inserted but have not yet been committed; a query uses the table as a base table in a derived table; the optimizer chooses to materialize the derived table.
* Man pages for a few utilities were missing from Debian/Ubuntu packages.
* The field-t unit test failed to run with AddressSanitizer enabled. Thanks to Laurynas Biveinis for the patch.
* Debian client packages were missing information about conflicts with native packages.
* The Perl path in #! lines at the beginning of Perl scripts has been adjusted to /usr/local/bin/perl for FreeBSD 11.
* The server exited abnormally attempting to access invalid memory.
* A race condition could occur for CREATE TABLE statements with DATA DIRECTORY or INDEX DIRECTORY clauses.
* MySQL compilation in different directories produced different builds to leakage of absolute paths into debug information and __FILE__.
* mysqld_failed to start the server if the --datadir option was specified with a relative path name.
* With read_only enabled, creation of non-TEMPORARY tables by non-SUPER users was permitted under certain conditions.
*Certain stored functions, if used in a query WHERE clause, could be handled using Index Condition Pushdown (which should not happen), resulting in a server exit.
* On x86 machines, the uint3korr() macro read 4 bytes of data instead of the intended 3 bytes.
* An assertion was raised during a fetch operation by the memcached plugin.
* Queries that contained UNION in a subquery and GROUP BY could return incorrect results.
* LOAD XML INFILE performance became noticeably slower when the XML file being read contained a great many spaces, such as those introduced by indenting or pretty-printing. Now all leading whitespace is trimmed from each such value before reading it into memory.
* Windows builds now use the default runtime libraries (builds use the /MD flag).
* CMake support was added for compiling with Developer Studio 12.6.
MySQL failed to compile if -DENABLE_DEBUG_SYNC=OFF AND -DWITH_DEBUG=ON were both given. The ENABLE_DEBUG_SYNC option has been removed and enabling WITH_DEBUG enables Debug Sync.
* Changes in RPM package structure require a larger set of packages to be removed to install MySQL Server cleanly.
* To avoid potential race conditions, Debian packages now use the GNU install utility rather than a combination of mkdir, touch, and chown.
* CMake-generated packaging for Debian/Ubuntu packages was refactored for improved maintainability. The change includes updated logic for correctly replacing native distribution packaging in Debian and Ubuntu.
* Reminder: MySQL 5.6 requires the Microsoft Visual C++ 2010 Redistributable Package to run on Windows platforms. Users should make sure the package has been installed on the system before starting the server. The package is available at the Microsoft Download Center.
* The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.2k. For a description of issues fixed in this version, see http://www.openssl.org/news/vulnerabilities.html.
* The mysql_options() C API function now supports a MYSQL_OPT_SSL_MODE option.
Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege escalation. chown now can be used only when the target directory is /var/log. An incompatible change is that if the directory for the Unix socket file is missing, it is no longer created; instead, an error occurs. Due to these changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.
Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is /var/log or /var/lib.
* Unused systemd files for SLES were removed.
* MySQL Server now includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. For more information, see The Connection-Control Plugin.
* OpenSSL is ending support for version 1.0.1 in December 2016; see https://www.openssl.org/policies/releasestrat.html. Consequently, MySQL Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and the linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1 to version 1.0.2j. For a description of issues fixed in this version, see https://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
Functionality Added or Changed
------------------------------
* InnoDB: By default, InnoDB reads uncommitted data when calculating statistics. In the case of an uncommitted transaction that deletes rows from a table, InnoDB excludes records that are delete-marked when calculating row estimates and index statistics, which can lead to non-optimal execution plans for other transactions that are operating on the table concurrently using a transaction isolation level other than READ UNCOMMITTED. To avoid this scenario, a new configuration option, innodb_stats_include_delete_marked, can be enabled to ensure that InnoDB includes delete-marked records when calculating persistent optimizer statistics. (Bug 23333990)
* Unit testing now uses Google Mock 1.8. (Bug 24572381, Bug 82823)
Bugs Fixed
Packaging Notes
---------------
RPM and Debian packages now create the /var/lib/mysql-files directory, which is now the default value of the secure_file_priv system variable that specifies a directory for import and export operations.
Security Notes
--------------
Incompatible Change: The secure_file_priv system variable is used to limit the effect of data import and export operations.
Functionality Added or Changed
------------------------------
yaSSL was upgraded to version 2.4.2. This upgrade corrects issues with: Potential AES side channel leaks; DSA padding for unusual sizes; the SSL_CTX_load_verify_locations() OpenSSL compatibility function failing to handle long path directory names.
Test Suite Notes
----------------
In mysql-test-run.pl, a limit of 50 was imposed on the number of workers for parallel testing, which on systems with more than 50 CPUs resulted in exhaustion of unique thread IDs. The ID-exhaustion problem has been corrected, and the limit of 50 on number of workers has been lifted. Thanks to Daniel Black for the patch on which this change was based. Additionally, these changes were made:
To avoid idle workers, the number of parallel workers now is limited to the number of tests.
Previously, if --parallel=auto was given and the MTR_MAX_PARALLEL environment variable was not set, a limit of 8 was imposed on the number of parallel workers. This limit has been lifted.
(Bug 22342399, Bug 79585)
Functionality Added or Changed
------------------------------
CMake support for compiling with Solaris Studio 12.5 was added. (Bug 82249, Bug 24303829, Bug 81274, Bug 23212938)
Bugs Fixed
----------
InnoDB: An operation that dropped and created a full-text search table raised an assertion. (Bug 24315031)
InnoDB: Accessing full-text search auxiliary tables while dropping the indexed table raised an assertion. (Bug 24009272)
InnoDB: An online DDL operation on a table with indexed BLOB columns raised an assertion during logging of table modifications. (Bug 23760086)
Replication: mysqlbinlog --read-from-remote-server log1 log2 was opening a new connection for log2 without freeing the connection used for log1. Thanks to Laurynas Biveinis for the contribution. (Bug 81675, Bug 23540182)
Replication: With binlog_row_image=FULL, when updating single tables temporary tables were unnecessarily being used. The fix ensures single table update follows the same pattern as multi-table update. (Bug 79867, Bug 22510353)
For mysqld_safe, the argument to --malloc-lib now must be one of the directories /usr/lib, /usr/lib64, /usr/lib/i386-linux-gnu, or /usr/lib/x86_64-linux-gnu. In addition, the --mysqld and --mysqld-version options can be used only on the command line and not in an option file. (Bug 24464380)
It was possible to write log files ending with .ini or .cnf that later could be parsed as option files. The general query log and slow query log can no longer be written to a file ending with .ini or .cnf. (Bug 24388753)
Privilege escalation was possible by exploiting the way REPAIR TABLE used temporary files. (Bug 24388746)
If the basedir system variable was set at server startup from the command line or option file, the value was not normalized (on Windows, / was not replaced with /). (Bug 23747899, Bug 82125)
In-place ALTER TABLE operations which when executed separately caused no table rebuild could when combined into a single statement result in a table rebuild. (Bug 23475211, Bug 81587)
A blank server name in CREATE SERVER statements produced a server exit rather than an error. (Bug 23295288)
A prepared statement that used a parameter in the select list of a derived table that was part of a join could cause a server exit. (Bug 22392374, Bug 24380263)
MEDIUMINT columns used in operations with long integer values could result in buffer overflow. (Bug 19984392)
A spurious ER_NO_SUCH_TABLE error could occur when attempting to execute a prepared CREATE TABLE ... SELECT statement that used a temporary table in the FROM clause and called a stored function. The same error could occur for a nonprepared version of the statement if used in a stored procedure when the procedure was re-executed. (Bug 16672723, Bug 68972)
EINTR handling in the client library has been fixed so that interrupted read and write calls are retried. Previously, EINTR was ignored. (Bug 82019, Bug 23703570)
Bugs Fixed
InnoDB: Full-text search auxiliary tables could be dropped by one session while being access by another.
InnoDB: Selecting full-text index information schema tables for a deleted table caused a segmentation fault.
InnoDB: Rollback of a full-text index synchronization operation raised an assertion. The rollback operation attempted to acquire a mutex still held by the background synchronization thread.
InnoDB: Setting innodb_monitor_enable to all did not enable all counters.
Replication: After issuing a PURGE BINARY LOGS statement, if the binary log index file was not available, for example because it had been opened by another application such as MEB, the server could stop unexpectedly. Although this situation was rare, the handling has been made more robust to avoid unexpected halts and more informative errors are provided.
Replication: When using row-based replication and InnoDB, replication slaves reverted to using an older locking scheme when a transaction had already acquired an AUTOINC lock related to a LOAD FILE or INSERT ... SELECT type of statement, reducing replication slave performance. The fix ensures that sql_command is set correctly for any of the DML events such as WRITE_ROWS_EVENT, UPDATE_EVENT, and DELETE_EVENT.
Replication: A MySQL version 5.5 slave does not have a server_uuid and replication identified servers by their server_id. Starting from MySQL version 5.6, replication masters detected a zombie dump thread based only on a slave's server_uuid value, under the assumption that each slave has a unique UUID. Connecting a MySQL 5.5 slave to a MySQL 5.6 and later master meant that the master was unable to detect zombie dump threads that were created to serve slaves running versions older than MySQL 5.6. The fix ensures that a master now first checks if a slave has a server_uuid set. If it is set, zombie dump thread detection happens based on the slave's UUID. If a slave's server_uuid is not set, zombie dump thread detection happens based on server_id.
Replication: With slave_skip_errors enabled there were still special cases when slave errors were not being correctly ignored. For example:
When opening and locking a table failed.
When field conversions failed on a server running row-based replication.
In these cases the error was considered critical and it was not respecting the state of slave_skip_errors. The fix ensures that with slave_skip_errors enabled, all errors reported during applying a transaction are correctly handled. This means that in such a set up, upon receiving an error with the log_warnings option set to greater than 1, if the error can be ignored then the warning is printed into the error log and the server continues as it does in the case of other ignored errors.
Replication: When using statement-based or mixed binary logging format with --read-only=ON, it was not possible to modify temporary tables.
MySQL Server upgrades performed using RPM packages failed when upgrading from MySQL 5.5 Community to MySQL 5.6 Community or MySQL 5.5 Commercial to MySQL 5.6 Commercial.
The code for reading character set information from Performance Schema statement events tables (for example, events_statements_current) did not prevent simultaneous writing to that information. As a result, the SQL query text character set could be invalid, which could result in a server exit. Now an invalid character set causes SQL_TEXT column truncation.
A buffer overflow in the regex library was fixed.
Certain arguments to NAME_CONST() could cause a server exit.
For unit-testing with the MySQL test suite, the make unit-test command is no longer available. The ctest program should be used instead. See Unit Tests Added to Main Test Runs.
ST_Distance() could raise an assertion for NULL return values.
With the query cache enabled, executing a prepared statement with CURSOR_TYPE_READ_ONLY and then again with CURSOR_TYPE_NO_CURSOR caused the server to return an error.
mysql_real_connect() was not thread-safe when invoked with the MYSQL_READ_DEFAULT_FILE or MYSQL_READ_DEFAULT_GROUP option enabled.
Installing MySQL from a yum or zypper repository resulted in /var/log/mysqld.log being created with incorrect user and group permissions.
If a stored function updated a view for which the view table had a trigger defined that updated another table, it could fail and report an error that an existing table did not exist.
If an INSTALL PLUGIN statement contained invalid UTF-8 characters in the shared library name, it caused the server to hang (or to raise an assertion in debug builds).
For multibyte character sets, LOAD DATA could fail to allocate space correctly and ignore input rows as a result.
Security Notes
The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.1t. Issues fixed in the new version are described at http://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead. (Bug 23229564)
Functionality Added or Changed
A new CMake option, WITH_SYMVER16, if enabled, causes the libmysqlclient client library to contain extra symbols to be compatible with libmysqlclient on RHEL/OEL 5, 6, 7, and Fedora releases. All symbols present in libmysqlclient.so.16 are tagged with symver 16 in libmsqlclient.so.18, making those symbols have both symver 16 and 18. (Bug 22980983)
support-files/MacOSX/ReadMe.txt is no longer included in MySQL distributions. (Bug 81038, Bug 23088916)
The version of the tcmalloc library included in MySQL distributions was very old. It has been removed and is no longer included with MySQL. (Bug 80994, Bug 23068660)
Bugs Fixed
InnoDB: MySQL failed to build on Fedora 24 using GCC 6. (Bug 23227804)
InnoDB: Potential buffer overflow issues were corrected for the InnoDB memcached plugin. (Bug 23187607)
InnoDB: The full-text index cache was freed during a background index cache synchronization. (Bug 22996488)
InnoDB: A full-text index operation raised an assertion. (Bug 22963169)
InnoDB: An INSERT operation on a table with a FULLTEXT index and FTS_DOC_ID column failed because the inserted FTS_DOC_ID value exceeded the permitted gap between consecutive FTS_DOC_ID values. To avoid this problem, the permitted gap between the largest used FTS_DOC_ID value and new FTS_DOC_ID value was raised from 10000 to 65535. (Bug 22679185)
InnoDB: With innodb_autoinc_lock_mode=0, multiple threads waiting for a table-level lock caused an unexpected deadlock. (Bug 21983865, Bug 78761)
InnoDB: A FLUSH TABLES ... FOR EXPORT operation appeared to stall. A loop in the ibuf_contract_in_background function failed to exit. (Bug 21133329, Bug 77011)
InnoDB: A full-text query raised an assertion. Under certain circumstances, DDL operations such as ALTER TABLE ... RENAME caused full-text auxiliary tables to be removed on server restart. (Bug 13651665)
Replication: In the next_event() function, which is called by a slave's SQL thread to read the next even from the relay log, the SQL thread did not release the relaylog.log_lock it acquired when it ran into an error (for example, due to a closed relay log), causing all other threads waiting to acquire a lock on the relay log to hang. With this fix, the lock is released before the SQL thread leaves the function under the situation. (Bug 21697821)
References: See also: Bug 20492319.
Replication: If a multi-threaded replication slave running with relay_log_recovery=1 stopped unexpectedly, during restart the relay log recovery process could fail. This was due to transaction inconsistencies not being filled, see Handling an Unexpected Halt of a Replication Slave. Prior to this fix, to recover from this situation required manually setting relay_log_recovery=0, starting the slave with START SLAVE UNTIL SQL_AFTER_MTS_GAPS to fix any transaction inconsistencies and then restarting the slave with relay_log_recovery=1. This process has now been automated, enabling relay log recovery of a multi-threaded slave upon restart automatically. (Bug 77496, Bug 21507981)
INSERT with ON DUPLICATE KEY UPDATE and REPLACE on a table with a foreign key constraint defined failed with an incorrect “duplicate entry” error rather than a foreign key constraint violation error. (Bug 23135731)
References: This issue is a regression of: Bug 78853, Bug 22037930.
For debug builds, CONCAT_WS() could raise an assertion if there was nothing to append. (Bug 22888420)
Invoking Enterprise Encryption functions in multiple threads simultaneously could cause a server exit. (Bug 22839278)
Attempting to use Enterprise Encryption functions after creating and dropping them could cause a server exit. (Bug 22669012)
Setting sort_buffer_size to a very large value could cause some operations to fail with an out-of-memory error. (Bug 22594514)
An assertion could be raised when a deadlock occurred due to a SELECT ... GROUP BY ... FOR UPDATE query executed using a Loose Index Scan. (Bug 22187476)
Several potential buffer overflow issues were corrected. (Bug 21977380, Bug 23187436, Bug 23202778, Bug 23195370, Bug 23202699)
If the CA certificate as given to the --ssl-ca option had an invalid path, yaSSL returned an error message different from OpenSSL. Now both return SSL connection error: SSL_CTX_set_default_verify_paths failed. (Bug 21920657)
Some string functions returned one or a combination of their parameters as their result. If one of the parameters had a non-ASCII character set, the result string had the same character set, resulting in incorrect behavior when an ASCII string was expected. (Bug 18740222)
On Windows, MySQL installation could result in MySQL being placed under C:\Program Files\Canon\Easy-WebPrint EX. (Bug 14583183)
References: See also: Bug 70918, Bug 68821, Bug 68227.
On Fedora 24, upgrades using a Community MySQL Server RPM failed to replace an installed MariaDB Galera server due to a change in the MariaDB package. (Bug 81390, Bug 23273818)
MySQL did not compile under Solaris 12 using Sun Studio. To correct this, instances of __attribute__ were changed to MY_ATTRIBUTE. (Bug 80748, Bug 22932576)
The INSTALL-SOURCE file had partly outdated information and has been removed from source packages. (Binary packages are unaffected). (Bug 80680, Bug 23081064)
For a server compiled with -DWITH_PERFSCHEMA_STORAGE_ENGINE=0, a memory leak could occur for buffered log messages used during server startup. (Bug 80089, Bug 22578574)
For debug builds, merging a derived table into an outer query block could raise an assertion. (Bug 79502, Bug 22305361, Bug 21139722)
A null pointer dereference of a parser structure could occur during stored procedure name validation. (Bug 79396, Bug 22286421)
Using CREATE USER to create an account with the mysql_native_password or mysql_old_password authentication plugin and using a clause of the form IDENTIFIED WITH plugin AS 'hash_string' caused the account to be created without a password. (Bug 78033, Bug 21616496)
Failure of UNINSTALL PLUGIN could lead to inaccurate or confusing errors for subsequent INSTALL PLUGIN operations. (Bug 74977, Bug 20085672)
mysqld_multi displayed misleading error messages when it was unable to execute my_print_defaults. (Bug 74636, Bug 19920049)
On Windows, MySQL installation failed if the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ registry key was present with a key/value pair of "InstallLocation" and "\Hewlett-Packard\\". (Bug 74631, Bug 19949163)
mysqldump failed silently with no error message when it encountered an error while executing FLUSH LOGS.
Security Notes
--------------
The linked OpenSSL library for the MySQL Commercial Server has been updated to version 1.0.1s. Issues fixed in the new version are described at http://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
MySQL client programs now support an --ssl-mode option that enables you to specify the security state of the connection to the server. The default value is DISABLED (establish an unencrypted connection). --ssl-mode=REQUIRED) can be specified to require a secure connection, or fail if a secure connection cannot be obtained.
These clients support --ssl-mode: mysql, mysqladmin, mysqlcheck, mysqldump, mysqlimport, mysqlshow, mysqlpump, mysqlslap, mysqltest, mysql_upgrade.
For more information, see Command Options for Secure Connections.
Bugs Fixed
* InnoDB: A new InnoDB configuration option, innodb_tmpdir, allows you to configure a separate temporary file directory for online ALTER TABLE operations. This option was introduced to help avoid tmpdir overflows that could occur as a result of large temporary files created during online ALTER TABLE operations. innodb_tmpdir is a SESSION variable and can be configured dynamically using a SET statement.
* yaSSL was upgraded to version 2.3.9. This upgrade corrects an issue in which yaSSL handled only cases of zero or one leading zeros for the key agreement instead of potentially any number, which in rare cases could cause connections to fail when using DHE cipher suites.
* The Valgrind function signature in mysql-test/valgrind.supp was upgraded for Valgrind 3.11.
* Bugs Fixed
MySQL Server RPM packages now contain a conflict indicator for MySQL Connector C, such that an error occurs when installing MySQL Server if MySQL Connector C is also installed. To install MySQL Server, remove any MySQL Connector C packages first.
mysql_upgrade now attempts to print more informative errors than FATAL ERROR: Upgrade failed.
These client programs now support the --enable-cleartext-plugin option: mysqlcheck, mysqldump, mysqlimport, mysqlshow. This option enables the mysql_clear_password cleartext authentication plugin. (See The Cleartext Client-Side Authentication Plugin.)
Support for building with Solaris Studio 5.13 was added.
Performance Schema digests in DIGEST_TEXT columns have ... appended to the end to indicate when statements exceed the maximum statement size and were truncated. This is also now done for statement text values in SQL_TEXT columns.
Bugs Fixed
* InnoDB: The new innodb_numa_interleave read-only configuration option allows you to enable the NUMA interleave memory policy for allocation of the InnoDB buffer pool. When innodb_numa_interleave is enabled, the NUMA memory policy is set to MPOL_INTERLEAVE for the mysqld process. After the InnoDB buffer pool is allocated, the NUMA memory policy is set back to MPOL_DEFAULT. This option is only available on NUMA-enabled systems.
* yaSSL was upgraded to version 2.3.8.
* RPM .spec files were updated so that MySQL Server builds from source RPM packages will include the proper files to take advantage of operating system NUMA capabilities. This introduces a runtime dependency on libnuma.so.1. RPM and yum detect this and refuse to install if that library is not installed.
* InnoDB: Reloading a table that was evicted while empty caused an AUTO_INCREMENT value to be reset.
* InnoDB: Memory allocation sanity checks were added to the memcached code.
* InnoDB: A memcached flush_all command raised an assertion. A function that starts a transaction was called from within assertion code.
* InnoDB: A data corruption occurred on ARM64. GCC builtins did not issue the correct fences when setting or unsetting the lock word.
* InnoDB: Server shutdown was delayed waiting for the purge thread to exit. To avoid this problem, the number of calls to trx_purge() was reduced, and the trx_purge() batch size was reduced to 20.
* InnoDB: In READ COMMITTED mode, a REPLACE operation on a unique secondary index resulted in a constraint violation.
* InnoDB: The IBUF_BITMAP_FREE bit indicated that there was more free space in the leaf page than was actually available.
* InnoDB: Setting lower_case_table_names=0 on a case-insensitive file system could result in a hang condition when running an INSERT INTO ... SELECT ... FROM tbl_name operation with the wrong tbl_name letter case. An error message is now printed and the server exits when attempting to start the server with --lower_case_table_names=0 on a case-insensitive file system.
* InnoDB: The server failed to start with an innodb_force_recovery setting greater than 3. InnoDB was set to read-only mode before redo logs were applied.
* InnoDB: The trx_sys_read_pertable_file_format_id() function reported the wrong file format.
* Partitioning: CREATE TABLE statements that used an invalid function in a subpartitioning expression did not always fail gracefully as expected.
* Partitioning: Error handling for failed partitioning-related ALTER TABLE operations against non-partitioned tables was not performed correctly
* Partitioning: ALTER TABLE when executed from a stored procedure did not always work correctly with tables partitioned by RANGE.
* Replication: Repeatedly checking for ERR_LOCK_WAIT_TIMEOUT (as done, for example by repeatedly executing SHOW SLAVE STATUS) during a prolonged write lock on a table led to an assert.
* Replication: If statement based logging was in use, when updating multiple tables in a single statement, a single transaction could be logged as two different transactions. This was due to the binary logging process not properly identifying statements which were operating over transactional tables. The fix ensures that they are correctly identified, even if such statements do not change the contents of the tables.
* Security Fix: Due to the LogJam issue (https://weakdh.org/), OpenSSL has changed the Diffie-Hellman key length parameters for openssl-1.0.1n and up.
* Replication: When using a multi-threaded slave, each worker thread has its own queue of transactions to process. In previous MySQL versions, STOP SLAVE waited for all workers to process their entire queue. This logic has been changed so that STOP SLAVE first finds the newest transaction that was committed by any worker thread. Then, it waits for all workers to complete transactions older than that. Newer transactions are not processed. The new logic allows STOP SLAVE to complete faster in case some worker queues contain multiple transactions.
* Previously, the max_digest_length system variable controlled the maximum digest length for all server functions that computed statement digests. However, whereas the Performance Schema may need to maintain many digest values, other server functions such as MySQL Enterprise Firewall need only one digest per session. Increasing the max_digest_length value has little impact on total memory requirements for those functions, but can increase Performance Schema memory requirements significantly. To enable configuring digest length separately for the Performance Schema, its digest length is now controlled by the new performance_schema_max_digest_length system variable.
* Previously, changes to the validate_password plugin dictionary file (named by the validate_password_dictionary_file system variable) while the server was running required a restart for the server to recognize the changes. Now validate_password_dictionary_file can be set at runtime and assigning a value causes the named file to be read without a restart.
In addition, two new status variables are available. validate_password_dictionary_file_last_parsed indicates when the dictionary file was last read, and validate_password_dictionary_file_words_count indicates how many words it contains.
* Bugs fixed
Functionality Added or Changed
* MySQL Enterprise Firewall operates on parser states and does not work well together with the query cache, which circumvents the parser. MySQL Enterprise Firewall now checks whether the query cache is enabled. If so, it displays a message that the query cache must be disabled and does not load.
* my_print_defaults now masks passwords. To display passwords in cleartext, use the new --show option.
* MySQL distributions now include an innodb_stress suite of test cases. Thanks to Mark Callaghan for the contribution.
Bugs Fixed
* InnoDB; Partitioning: The CREATE_TIME column of the INFORMATION_SCHEMA.TABLES table now shows the correct table creation time for partitioned InnoDB tables. The CREATE_TIME column of the INFORMATION_SCHEMA.PARTITIONS table now shows the correct partition creation time for a partition of partitioned InnoDB tables.
The UPDATE_TIME column of the INFORMATION_SCHEMA.TABLES table now shows when a partitioned InnoDB table was last updated by an INSERT, DELETE, or UPDATE. The UPDATE_TIME column of the INFORMATION_SCHEMA.PARTITIONS table now shows when a partition of a partitioned InnoDB table was last updated.
* InnoDB: An assertion was raised on shutdown due to XA PREPARE transactions holding explicit locks.
* InnoDB: The strict_* forms of innodb_checksum_algorithm settings (strict_none, strict_innodb, and strict_crc32) caused the server to halt when a non-matching checksum was encountered, even though the non-matching checksum was valid. For example, with innodb_checksum_algorithm=strict_crc32, encountering a valid innodb checksum caused the server to halt. Instead of halting the server, a message is now printed to the error log and the page is accepted as valid if it matches an innodb, crc32 or none checksum.
* InnoDB: The memcached set command permitted a negative expire time value. Expire time is stored internally as an unsigned integer. A negative value would be converted to a large number and accepted. The maximum expire time value is now restricted to INT_MAX32 to prevent negative expire time values.
* InnoDB: Removal of a foreign key object from the data dictionary cache during error handling caused the server to exit.
* InnoDB: SHOW ENGINE INNODB STATUS output showed negative reservation and signal count values due to a counter overflow error.
* InnoDB: Failure to check the status of a cursor transaction read-only option before reusing the cursor transaction for a write operation resulted in a server exit during a memcached workload.
* InnoDB: MDL locks taken by memcached clients caused a MySQL Enterprise Backup FLUSH TABLES WITH READ LOCK operation to hang.
* InnoDB: Estimates that were too low for the size of merge chunks in the result sorting algorithm caused a server exit.
* InnoDB: For full-text searches, the optimizer could choose an index that does not produce correct relevancy rankings.
* Partitioning: When creating a partitioned table, partition-level DATA DIRECTORY or INDEX DIRECTORY option values that contained an excessive number of characters were handled incorrectly.
* Partitioning: Executing an ALTER TABLE on a partitioned table on which a write lock was in effect could cause subsequent SQL statements on this table to fail.
* Replication: When binary logging was enabled, using stored functions and triggers resulting in a long running procedure that inserted many records caused the memory use to increase rapidly. This was due to memory being allocated per variable. The fix ensures that in such a situation, memory is allocated once and the same memory is reused.
* Replication: If an error was encountered while adding a GTID to the received GTID set, the log lock was not being correctly released. This could cause a deadlock.
more...
* CMake support was updated to handle CMake version 3.1.
* The server now includes its version number when it writes the initial “starting” message to the error log, to make it easier to tell which server instance error log output applies to. This value is the same as that available from the version system variable.
* ALTER TABLE did not take advantage of fast alterations that might otherwise apply to the operation to be performed, if the table contained temporal columns found to be in pre-5.6.4 format (TIME, DATETIME, and TIMESTAMP columns without support for fractional seconds precision).
* Statement digesting as done previously by the Performance Schema is now done at the SQL level regardless of whether the Performance Schema is compiled in and is available to other aspects of server operation that could benefit from it. The default space available for digesting is 1024 bytes, but can be changed at server startup using the max_digest_length system variable.
* Bug fixes.
* The linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1j to version 1.0.1k.
* Support for the SSL 2.0 and SSL 3.0 protocols has been disabled because they provide weak encryption.
* yaSSL was upgraded to version 2.3.7.
* The valid date range of the SSL certificates in mysql-test/std_data has been extended to the year 2029.
* Bugs Fixed
* Noisy compiler warnings on FreeBSD 10 were silenced.
* CMake workarounds for older Mac OS X and XCode versions were removed. On Mac OS X, compilation always uses Clang, even for 32-bit builds.
* Previously, the MYSQL_MAINTAINER_MODE CMake option was turned on by default for debug builds and off for release builds, and MYSQL_MAINTAINER_MODE caused -Werror to be enabled when building with GCC. This made it cumbersome to enable -Werror under certain conditions, such as when compiling with Clang.
* Build support was modified to produce the same warnings for Clang as for gcc.
* CMake configuration for the Clang compiler sets more appropriate flags for building on Linux. Specifically, -g -fno-omit-frame-pointer -fno-strict-aliasing is now added.
* Bugs fixed.
The --skip-innodb option is now deprecated and its use results in a warning. It will be removed in a future MySQL release. This also applies to its synonyms (--innodb=OFF, --disable-innodb, and so forth).
MySQL Enterprise Edition now includes a set of encryption functions based on the OpenSSL library that expose OpenSSL capabilities at the SQL level.
Replication: The new variable simplified_binlog_gtid_recovery can be used to change the way binary log files are searched for previous GTIDs during recovery, speeding up the process when a large number of binary log files exist.
Internally, spatial data types such as Geometry are represented as BLOB values, so when invoked with the --hex-blob option, mysqldump now displays spatial values in hex.
Bugs Fixed...
Security Fix: The linked OpenSSL library for the MySQL 5.6 Commercial Server has been updated from version 1.0.1g to version 1.0.1h. Versions of OpenSSL prior to and including 1.0.1g are reported to be vulnerable to CVE-2014-0224.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server 5.6, which uses the yaSSL library instead.
DTrace Support
MySQL now includes DTrace support on Oracle Linux 6 or higher with UEK kernel. If DTrace is present, server builds will detect it with no special CMake options required. For information about using DTrace on MySQL, see Tracing mysqld Using DTrace.
InnoDB Notes
Important Change: Redo log writes for large, externally stored BLOB fields could overwrite the most recent checkpoint. The 5.6.20 patch limits the size of redo log BLOB writes to 10% of the redo log file size. The 5.7.5 patch addresses the bug without imposing a limitation. For MySQL 5.5, the bug remains a known limitation.
As a result of the redo log BLOB write limit introduced for MySQL 5.6, innodb_log_file_size should be set to a value greater than 10 times the largest BLOB data size found in the rows of your tables plus the length of other variable length fields (VARCHAR, VARBINARY, and TEXT type fields). Failing to do so could result in “Row size too large” errors. No action is required if your innodb_log_file_size setting is already sufficiently large or your tables contain no BLOB data.
Functionality Added or Changed
Replication: The new system variable binlog_impossible_mode controls what happens if the server cannot write to the binary log, for example, due to a file error. For backward compatibility, the default for binlog_impossible_mode is IGNORE_ERROR, meaning the server logs the error, halts logging, and continues updates to the database. Setting this variable to ABORT_SERVER makes the server halt logging and shut down if it cannot write to the binary log.
CMake support was updated to handle CMake version 3.
New Debian7, Ubuntu12.04, and Ubuntu14.04 distribution support that was introduced with 5.6.17 now comes with the platform-specific packaging source placed under the packaging directory, in the deb-precise, deb-wheezy, and deb-trusty directories.
Support for LinuxThreads has been removed from the source code. LinuxThreads was superseded by NPTL in Linux 2.6.
By default, mysql_install_db creates a my.cnf file in the installation base directory using a template. This may be undesireable for some deployments. To enable this behavior to be suppressed, mysql_install_db now supports a --keep-my-cnf option to preserve any existing my.cnf file and not create a new my.cnf file.
The mysqlhotcopy utility is now deprecated and will be removed in a future version of MySQL. Among the reasons for this: It works only for the MyISAM and ARCHIVE storage engines; it works on Unix but not Windows. Alternatives include mysqldump and MySQL Enterprise Backup.
The timed_mutexes system variable has no effect and is deprecated.
Bugs Fixed
Functionality Added or Changed
The obsolete and unmaintained charset2html utility has been removed from MySQL distributions.
The mysqlbug, mysql_waitpid, and mysql_zap utilities have been deprecated and will be removed in MySQL 5.7.
Bugs Fixed
InnoDB: After upgrading from 5.6.10 to MySQL versions up to and including MySQL 5.6.18, InnoDB would attempt to rename obsolete full-text search auxiliary tables on server startup, resulting in an assertion failure.
InnoDB: For each insert, memset would be called three times to allocate memory for system fields. To reduce CPU usage, the three memset calls are now combined into a single call.
InnoDB: Enabling the InnoDB Table Monitor would result in a ib_table->stat_initialized assertion failure.
InnoDB: Setting innodb_max_dirty_pages_pct=0 would leave 1% of dirty pages unflushed. Buffer pool flushing is initiated when the percentage of dirty pages is greater innodb_max_dirty_pages_pct. The internal variables that store the innodb_max_dirty_pages_pct value and the percentage of dirty pages (buf_get_modified_ratio_pct and srv_max_buf_pool_modified_pct) were defined as unsigned integer data types, which meant that a innodb_max_dirty_pages_pct value of 0 required a dirty pages percentage of 1 or greater to initiate buffer pool flushing.
To address this problem, the buf_get_modified_ratio_pct and srv_max_buf_pool_modified_pct internal variables are redefined as double data types, which changes the range value for innodb_max_dirty_pages_pct and innodb_max_dirty_pages_pct_lwm from 0 .. 99 to 0 .. 99.99. Additionally, buffer pool flushing is now initiated when the percentage of dirty pages is “greater than or equal to” innodb_max_dirty_pages_pct.
Replication: Log rotation events could cause group_relay_log_pos to be moved forward incorrectly within a group. This meant that, when the transaction was retried, or if the SQL thread was stopped in the middle of a transaction following one or more log rotations (such that the transaction or group spanned multiple relay log files), part or all of the group was silently skipped.
This issue has been addressed by correcting a problem in the logic used to avoid touching the coordinates of the SQL thread when updating the log position as part of a relay log rotation whereby it was possible to update the SQL thread's coordinates when not using a multi-threaded slave, even in the middle of a group.
Replication: When running the server with --gtid-mode=ON, STOP SLAVE followed by START SLAVE resulted in a mismatch between the information provided by INFORMATION_SCHEMA.INNODB_TEMP_TABLE_INFO and the Slave_open_temp_tables status variable: the INNODB_TEMP_TABLE_INFO table showed that no temporary tables existed, but Slave_open_temp_tables had a nonzero value.
Replication: In certain cases, the server mishandled triggers and stored procedures that tried to modify other tables when called by CREATE TABLE ... SELECT. This is now handled correctly as an error.
Replication: When used on a table employing a transactional storage engine, a failed TRUNCATE TABLE was still written to the binary log and thus replayed on the slave. This could lead to inconsistency when the master retained data that was removed on the slave.
Now in such cases TRUNCATE TABLE is logged only when it executes successfully.
Replication: The server did not always handle the auto.cnf file correctly in cases where this file's permissions were incorrect.
Replication: When the binary log was rotated due to receipt of a SIGHUP signal, the new binary log did not contain the Previous_gtid_event required for subsequent processing of that binary log's GTID events. Now when SIGHUP is received, steps are taken to insure that the server writes the necessary Previous_gtid_event to the new log before writing any GTID events to the new log.
Functionality Added or Changed
Incompatible Change: The AES_ENCRYPT() and AES_DECRYPT() functions now permit control of the block encryption mode and take an optional initialization vector argument:
The new block_encryption_mode system variable controls the mode for block-based encryption algorithms. Its default value is aes-128-ecb, which signifies encryption using a key length of 128 bits and ECB mode.
An optional init_vector argument provides an initialization vector for encryption modes that require it:
AES_ENCRYPT(str,key_str[,init_vector])
AES_DECRYPT(crypt_str,key_str[,init_vector])
A random string of bytes to use for the initialization vector can be produced by calling the new RANDOM_BYTES() function.
For more information, see Encryption and Compression Functions.
These changes make statements that use AES_ENCRYPT() or AES_DECRYPT() unsafe for statement-based replication and they cannot be stored in the query cache. Queries that use RANDOM_BYTES() are unsafe for statement-based replication and cannot be stored in the query cache.
Incompatible Change: The ERROR_FOR_DIVISION_BY_ZERO, NO_ZERO_DATE, and NO_ZERO_IN_DATE SQL modes now are deprecated and setting the sql_mode value to include any of them generates a warning. In MySQL 5.7, these modes do nothing. Instead, their effects are included in the effects of strict SQL mode (STRICT_ALL_TABLES or STRICT_TRANS_TABLES). The motivation for the change in MySQL 5.7 is to reduce the number of SQL modes with an effect dependent on strict mode and make them part of strict mode itself.
To make advance preparation for an upgrade to MySQL 5.7, see SQL Mode Changes in MySQL 5.7. That discussion provides guidelines to assess whether your applications will be affected by the SQL mode changes in MySQL 5.7.
InnoDB: MySQL now supports rebuilding regular and partitioned InnoDB tables using online DDL (ALGORITHM=INPLACE) for the following operations:
OPTIMIZE TABLE
ALTER TABLE ... FORCE
ALTER TABLE ... ENGINE=INNODB (when run on an InnoDB table)
Online DDL support reduces table rebuild time and permits concurrent DML, which helps reduce user application downtime. For additional information, see Overview of Online DDL.
On Solaris, mysql_config --libs now includes -R/path/to/library so that libraries can be found at runtime.
mysql_install_db provides a more informative diagnostic message when required Perl modules are missing.
The IGNORE clause for ALTER TABLE is now deprecated and will be removed in a future version of MySQL. ALTER IGNORE TABLE causes problems for replication, prevents online ALTER TABLE for unique index creation, and causes problems with foreign keys (rows removed in the parent table).
Bugs Fixed
Functionality Added or Changed
* InnoDB: New global configuration parameters, innodb_status_output and innodb_status_output_locks, allow you to dynamically enable and disable the standard InnoDB Monitor and InnoDB Lock Monitor for periodic output. Enabling and disabling monitors for periodic output by creating and dropping specially named tables is deprecated and may be removed in a future release.
* Previously, ALTER TABLE in MySQL 5.6 could alter a table such that the result had temporal columns in both 5.5 and 5.6 format. Now ALTER TABLE upgrades old temporal columns to 5.6 format for ADD COLUMN, CHANGE COLUMN, MODIFY COLUMN, ADD INDEX, and FORCE operations. This conversion cannot be done using the INPLACE algorithm, so specifying ALGORITHM=INPLACE in these cases results in an error.
* CMake now supports a -DTMPDIR=dir_name option to specify the default tmpdir value. If unspecified, the value defaults to P_tmpdir in <stdio.h>.
Bugs Fixed
* InnoDB; Replication: Using the InnoDB memcached plugin (see InnoDB Integration with memcached) with innodb_api_enable_binlog set to 1 caused the server to leak memory.
* InnoDB: A boolean mode full-text search query would result in a memory access violation during parsing.
* InnoDB: When new indexes are added by an ALTER TABLE operation, instead of only saving table-level statistics and statistics for the new indexes, InnoDB would save statistics for the entire table, including the table's other indexes. This behavior slowed ALTER TABLE performance.
* InnoDB: Due to a parser error, full-text search queries that include a sub-expression could return the wrong result.
* InnoDB: The innochecksum tool did not use a Windows-specific API to retrieve file size information, which resulted in an incorrect error message (Error: ibdata1 cannot be found) when the MySQL 5.6 innochecksum 2GB file size limit was exceeded. innochecksum now provides support for files larger than 2GB in both MySQL 5.6 and MySQL 5.7.
* InnoDB: Due to a regression introduced by the fix for Bug17371537, memory was not allocated for the default memcached engine when using the default memcached engine as the backstore for data instead of InnoDB.
* InnoDB: InnoDB would report an incorrect operating system error code after failing to initialize.
* InnoDB: Manipulating a table after discarding its tablespace using ALTER TABLE ... DISCARD TABLESPACE could result in a serious error.
* InnoDB: Persistent optimizer statistics would cause stalls due to latch contention.
* InnoDB: MATCH() ... AGAINST queries that use a long string as an argument for AGAINST() could result in an error when run on an InnoDB table with a full-text search index.
* InnoDB: An InnoDB full-text search failure would occur due to an “unended” token. The string and string length should be passed for string comparison.
* InnoDB: In debug builds, a merge insert buffer during a page read would cause a memory access violation.
* InnoDB: Truncating a memcached InnoDB table while memcached is performing DML operations would result in a serious error.
* InnoDB: In sync0rw.ic, rw_lock_x_lock_func_nowait would needlessly call os_thread_get_curr_id.
* InnoDB: Attempting to rename a table to a missing database would result in a serious error.
more...
* Previously, MySQL Server distributions included the MySQL Reference Manual in Info format (the Docs/mysql.info file). Because the license for the manual restricts redistribution, its inclusion in Community packages caused problems for downstream redistributors, such as those who create Linux distributions. Community distributions of MySQL Server no longer include the mysql.info file, to make the repackaging and redistribution process easier (for example, the source tarball and its checksum can be used directly). This change applies to all source and binary Community packaging formats. Commercial (Enterprise) distributions are unchanged.
* Incompatible Change: Several statement instruments in the setup_instruments table are used by the Performance Schema during the early stages of statement classification before the exact statement type is known.
* The Performance Schema now instruments the read/write lock Delegate::lock
* A new CMake option, WITH_ASAN, permits enabling address sanitization for compilers that support it.
* The hash function used for metadata locking was modified to reduce overhead.
* Bugs Fixed