Changes in MySQL 5.7.37
Audit Log Notes
Previously, each event logged by MySQL Enterprise Audit included the SQL statement literal text. To provide an alternative (because it is possible that statements contain sensitive information), the audit log filtering language now supports logging a statement's digest rather than its literal text. For example, instead of logging this statement:
SELECT * FROM orders WHERE some_sensitive_column=1234567
The audit log plugin can log this digest:
SELECT * FROM `orders` WHERE `some_sensitive_column` = ?
This is similar to what is already logged for prepared statements, for which parameter markers appear rather than actual data values.
To perform digest logging, use audit filter definitions that replace the statement literal text by its corresponding digest, as discussed in Replacement of Event Field Values.
Because text replacement occurs at an early auditing stage (during filtering), the choice of whether to log statement literal text or digest values applies regardless of log format written later (that is, whether the audit log plugin produces XML or JSON output).
Compilation Notes
Binary packages that include curl rather than linking to the system curl library have been upgraded to use curl 7.80.0.
SQL Function and Operator Notes
Queries making use of the MBRContains() function did not employ all available spatial indexes.
The FORMAT() function returned a formatted number without showing the thousands separator and grouping between separators when either the es_ES or es_MX locale was specified.
Packaging Notes
The GnuPG build key used to sign MySQL downloadable packages has been updated. The previous GnuPG build key is set to expire on 2022-02-16. For information about verifying the integrity and authenticity of MySQL downloadable packages using GnuPG signature checking, or to obtain a copy of our public GnuPG build key, see Signature Checking Using GnuPG.
Due to the GnuPG key update, systems configured to use repo.mysql.com may report a signature verification error when upgrading to MySQL 5.7.37 and higher or to MySQL 8.0.28 and higher using apt or yum. Use one of the following methods to resolve this issue:
Manually reinstall the MySQL APT or YUM repository setup package from https://dev.mysql.com/downloads/.
Download the MySQL GnuPG public key and add it your system GPG keyring.
For MySQL APT repository instructions, see Appendix A: Adding and Configuring the MySQL APT Repository Manually.
For MySQL YUM repository instructions, see Upgrading MySQL with the MySQL Yum Repository.
Bugs Fixed
InnoDB: The buf_validate() function in the InnoDB sources was optimized, improving performance on debug builds.
Thanks to Hobert Lu for the contribution.
Partitioning: Creating a table with nondeterministic functions in generated column expressions should not be possible, but this was not enforced in all cases; a series of one or more ALTER TABLE statements could be employed to arrive at a partitioned table with one or more such generated columns. When attempting to execute the CREATE TABLE statement obtained by running SHOW CREATE TABLE against this table, MySQL rejected the statement with a misleading error message referring to the partitioning expression rather than to the problematic column, despite the fact that the partitioning expression itself was legal.
This was caused by the result of a check for any unsafe expressions defined for a generated column (in the internal variable thd->safe_to_cache_query), which was later checked again without being cleared while parsing the partition expression, leading to an error even when the partition expression did not refer to the problematic generated column expression. Now in such cases, we reset thd->safe_to_cache_query before parsing the partition function.
The issue of allowing the use of certain nondeterminstic functions (AES_ENCRYPT(), AES_DECRYPT(), RANDOM_BYTES()) in generated columns is handled separately.
Partitioning: A query using an index other than the primary key of a partitioned table sometimes resulted in excessive CPU load.
Replication: When the PAD_CHAR_TO_FULL_LENGTH SQL mode was enabled on a replica server, trailing spaces could be added to a replication channel’s name in the replication metadata repository tables, resulting in errors in replication operations that identified the channel using that data. The issue has now been fixed in MySQL 8.0 by using VARCHAR for character columns, and in MySQL 5.7 by disabling the SQL mode when reading from those tables. Thanks to Brian Yue for the contribution.
MySQL 5.7 did not handle the thread_stack variable in the same manner as MySQL 5.6 or MySQL 8.0.
It was possible in some cases to create a generated column of type SERIAL, which is not allowed.
See Numeric Data Type Syntax, and CREATE TABLE and Generated Columns, for more information
Statements which commit a transaction implicitly or explicitly are not allowed inside a trigger or a stored function. Both CREATE TRIGGER and CREATE FUNCTION should report an error (ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG) in this case, but did not correctly handle DROP TABLESPACE.
The MySQL session used for online keyring migration was not closed gracefully after the migration was complete, resulting in an “Aborted connection” note being printed to the error log.
SHOW PROCESSLIST could read freed memory when accessing the query string belonging to a connection that was in the process of deleting a prepared statement.
Privileges were not checked correctly for ALTER USER ... IDENTIFIED WITH ... BY.
-The asynchronous behavior of Xlib is kept intact. It guarantees that the
global shortcut daemon starts correctly with the session after a change in the
behavior of libx11 1.7.3.1.
Upstream changes:
2021-01-06 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.17 released.
* main_loop.c (exec_global): Make commands 'q' and 'Q' work in a
global command. (Reported by J. A. Harris).
* main.c: New option '-E, --extended-regexp'.
(Suggested by Shawn Wagner).
* io.c (read_stream_line, write_stream): Add filename parameter.
Print the file name in case of error. (Reported by Dan Jacobson).
* global.c: Integrate 'resize_line_buffer' into 'set_active_node'.
* buffer.c: Integrate 'resize_undo_buffer' into 'push_undo_atom'.
2020-02-20 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.16 released.
* regex.c (line_replace): Accept 's/^/#/g' as valid.
(Reported by Bjoern Wibben).
* main_loop.c: Remove length limit of prompt string.
(Reported by Tim Chase).
* main.c: Set a valid invocation_name even if argc == 0.
* ed.texi: Extended operators depend on regex implementation.
(Reported by Brian Zwahr).
* ed.texi: Several fixes and improvements.
2019-01-01 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.15 released.
* io.c (print_line): Make command 'l' print '\\' before every
'$' within the text. (Reported by Ori Avtalion).
* main_loop.c (extract_addresses): Fix address ',,' to mean '$,$'
instead of '1,$'. (Reported by Matthieu Felix).
* regex.c (extract_replacement): Allow newlines even if global.
* main_loop.c (exec_command): Make command 'c' reject address 0.
* ed.texi: Minor fixes.
* configure: Accept appending to CFLAGS, 'CFLAGS+=OPTIONS'.
2017-02-22 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.14.2 released.
* main.c (show_strerror) Revert to using '!scripted' instead of
'verbose' to enable diagnostics.
Upstream changes:
Changes for version 1.991 - 2022-01-21
Enforce text files in some functions, as warned in #18.
Change up some diag messages: 1) lowercase first letter 2) not ! at end, and 3) use "file" instead of "filename". If you were matching on those, you may need to update your patterns.
Upstream changes:
Changes for version 2.10 - 2021-03-27
Fixed handling of undirected graphs in Dot writer. Thanks to Ingrid Falk for bug report and fix: RT#22785
Upstream changes:
0.010 2021-12-01
- Added verbosity to test (uid66)
- Fixed bug with $ref and sibling $id
- Added TO_JSON method to Error class (ehuelsmann)
- Fixed bug with wrong detection of booleans
0.009-TRIAL 2021-11-28
- Trial release to find the bug with type boolean
Upstream changes:
Changes for version 2.28 - 2022-01-04
Accept pull request from Todd Rinaldo to replace both uses of bareword filehandles with my variables. With thanx.
Accept 2019 pull request to Makefile.PL, for the purpose of modernization, and with some slight modifications, from Grinnz.
Make corresponding patches where appropriate to Tiny.pm and t/02.main.t.
Thanx to Grinnz aka Dan Book for the prompting.
Conftest helps you write tests against structured configuration data.
Using Conftest you can write tests for your Kubernetes configuration,
Tekton pipeline definitions, Terraform code, Serverless configs or any
other config files.
Conftest uses the Rego language from Open Policy Agent for writing the
assertions.
Changes since 3.1.1:
What's new in version 3.1.2
* Bugfix for crash when storing modified settings at exit
* Generate xz-compressed source tarball (with configure) using github actions
* Allow -u UID with numerical value as argument
* Added documentation for obsolete/state libraries/program files highlighting
* Some obsolete/stale library highlighting refinements
* Column width issues resolved
* Dynamic UID column sizing improved
* Discard stale information from Disk and Network I/O meters
* Refined Linux kernel thread detection
* Reworked process state handling
* New CCGROUP column showing abbreviated cgroup name
* New OFFSET column in the list of open files screen
- Small adjustments after a large DNS Internet survey done by dnscache.
- Removed JBP's CNAME enhancement for dnscache (query.c)
[http://jdebp.info/Softwares/djbwares/djbdns-patches.html];
seems does not work under all circumstances [20220113#1].
ugrep v3.6.0
New --replace option to replace pattern matches in the output with custom formatted text with % fields. This option can be combined with any other option, including -y (--any-line) to pass through a file with substitutions applied to the output. To make ugrep more user-friendly, the new --help format option argument displays a summary of % format fields, the new --help regex option argument displays an overview of regular expression pattern syntax, and the new --help globs option argument displays the gitignore-style glob syntax and conventions used by ugrep. Increased searching speed of large files with AVX optimizations applied to the default pattern matcher engine. AVX optimizations were largely disabled (only partially applied) to make ugrep binary portable on Linux platforms since ugrep v3.3.5, requested by issue trackers 103 and 143. Binary portability over x86/x64 now works better with new multi-version code selected at runtime to run the original faster pattern matching engine. More coming soon!
ugrep v3.5.0
New --zmax=NUM option to be used with -z (--decompress) to search compressed files and archives recursively stored within tar/zip/cpio/pax archives for up to NUM recursive expansion levels deep. (Directory trees in archives are already recursively traversed and do not require --zmax.) The --zmax argument may range from 1 (default) to 99 for up to 99 recursive decompression and de-archiving steps. Improved option -U to be used for backward compatibility with GNU/BSD grep by no longer flagging invalid UTF as "binary files". More to come soon!
ugrep v3.4.0
New Boolean search query options --files and --lines. The specified Boolean search query conditions apply to lines by default. Because GNU/BSD grep and ugrep are generally line-based, --lines is the default option. Specify --files --bool to apply the specified Boolean query to files as a whole: a file matches if all Boolean conditions are satisfied by matching patterns anywhere in the file. More to come soon!
OpenLDAP 2.6.1 Release (2022/01/20)
Fixed libldap to init client socket port
Fixed libldap with referrals
Added slapd config keyword for logfile format
Fixed slapd to allow objectClass edits with no net change
Fixed slapd configtable population
Fixed slapd to only set loglevel in server mode
Fixed slapd logfile-rotate use of uninitialized variable
Fixed slapd passwd scheme handling with slapd.conf
Fixed slapd postread support for modrdn
Fixed slapd syncrepl recreation of deleted entries
Fixed slapd syncrepl replication with ODSEE
Fixed slapd syncrepl to properly replicate glue entries
Fixed slapd syncrepl to reject REFRESH for precise resync
Fixed slapd syncrepl to avoid busy loop during refresh
Fixed slapd syncrepl when X-ORDERED is specified
Fixed slapd syncrepl to better handle out of order delete ops
Fixed slapd syncrepl to correctly close connections when config is deleted
Fixed slapd-mdb to update indices correctly on replace ops
Fixed slapd-wt to set correct flags
Fixed slapo-accesslog to fix assertion due to deprecated code
Fixed slapo-accesslog to fix inconsistently normalized minCSN
Fixed slapo-accesslog delete handling of multi-valued config attrs
Fixed slapo-autogroup to maintain values in insertion order
Fixed slapo-constraint to maintain values in insertion order
Fixed slapo-dyngroup to maintain values in insertion order
Fixed slapo-dynlist compare operation for static groups
Fixed slapo-dynlist static group filter with multiple members
Fixed slapo-ppolicy when not built modularly
Fixed slapo-refint to maintain values in insertion order
Fixed slapo-retcode to honor requested insert position
Fixed slapo-sock cn=config support
Fixed slapo-syncprov memory leak
Fixed slapo-syncprov to generate a more accurate accesslog query
Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections
Fixed slapo-syncprov to consider all deletes for sycnInfo messages
Fixed slapo-translucent to warn on invalid config
Fixed slapo-unique to warn on invalid config
Fixed slapo-valsort to maintain values in insertion order
Build Environment
Fix test022 to preserve DELAY search output
Fix slapd-watcher to allow startup when servers are down
Contrib
Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration
Documentation
Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision
Fixed slapo-accesslog(5) to clarify logoldattr usage
Major change: now uses Python 3.
Other changes: too many to list; see the file Changelog.txt in the distfile.
New option: rar, to allow calibre to look inside rar archives.
Actually connecting an ebook-reader device is still untested, but might
work better with the libusb and libmtp extensions that are enabled since
version 4.23.0.
Staticcheck is a state of the art linter for the Go programming language. Using
static analysis, it finds bugs and performance issues, offers simplifications,
and enforces style rules.