Merge tag 'clone-5.5.60-build' into mysql-5.5-cluster-7.2

Change-Id: I5d7ca4f5a0abc18f9003bee83bb28c856fabcae0

Author: arnabray21

Docs/ChangeLog

@@ -0,0 +1,2 @@
+You can find a detailed list of changes at
+  to https://github.com/mysql/mysql-server/commits/5.5

VERSION

@@ -1,4 +1,4 @@
 MYSQL_VERSION_MAJOR=5
 MYSQL_VERSION_MINOR=5
-MYSQL_VERSION_PATCH=59
+MYSQL_VERSION_PATCH=60
 MYSQL_VERSION_EXTRA=-ndb-7.2.33

include/mysql_com.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -561,6 +561,7 @@ void my_thread_end(void);
 
 #ifdef _global_h
 ulong STDCALL net_field_length(uchar **packet);
+ulong STDCALL net_field_length_checked(uchar **packet, ulong max_length);
 my_ulonglong net_field_length_ll(uchar **packet);
 uchar *net_store_length(uchar *pkg, ulonglong length);
 #endif

include/sql_common.h

@@ -107,6 +107,7 @@ void mysql_client_plugin_deinit();
 struct st_mysql_client_plugin;
 extern struct st_mysql_client_plugin *mysql_client_builtins[];
 extern my_bool libmysql_cleartext_plugin_enabled;
+int is_file_or_dir_world_writable(const char *filepath);
 
 #ifdef	__cplusplus
 }

mysql-test/include/mtr_warnings.sql

@@ -1,4 +1,4 @@
--- Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
+-- Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
 --
 -- This program is free software; you can redistribute it and/or modify
 -- it under the terms of the GNU General Public License as published by
@@ -209,6 +209,12 @@ INSERT INTO global_suppressions VALUES
  */
  ("Insecure configuration for --secure-file-priv:*"),
 
+ /*
+  Bug#26585560, warning related to --pid-file
+ */
+ ("Insecure configuration for --pid-file:*"),
+ ("Few location(s) are inaccessible while checking PID filepath"),
+
  ("THE_LAST_SUPPRESSION")||
 
 

mysql-test/mysql-test-run.pl

@@ -2367,6 +2367,7 @@ sub environment_setup {
   $ENV{'DEFAULT_MASTER_PORT'}= $mysqld_variables{'port'};
   $ENV{'MYSQL_TMP_DIR'}=      $opt_tmpdir;
   $ENV{'MYSQLTEST_VARDIR'}=   $opt_vardir;
+  $ENV{'MYSQL_TEST_DIR_ABS'}= getcwd();
   $ENV{'MYSQL_BINDIR'}=       "$bindir";
   $ENV{'MYSQL_SHAREDIR'}=     $path_language;
   $ENV{'MYSQL_CHARSETSDIR'}=  $path_charsetsdir;

mysql-test/t/mysqld--defaults-file.test

@@ -13,19 +13,21 @@ exec $MYSQLD --defaults-file=/path/with/no/extension --print-defaults 2>&1;
 --error 1
 exec $MYSQLD --defaults-file=/path/with.ext --print-defaults 2>&1;
 
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+# Using $MYSQL_TEST_DIR_ABS which contains canonical path to the
+# test directory since --print-default prints the absolute path.
+--replace_result $MYSQL_TEST_DIR_ABS MYSQL_TEST_DIR
 --error 1
 exec $MYSQLD --defaults-file=relative/path/with.ext --print-defaults 2>&1;
 
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--replace_result $MYSQL_TEST_DIR_ABS MYSQL_TEST_DIR
 --error 1
 exec $MYSQLD --defaults-file=relative/path/without/extension --print-defaults 2>&1;
 
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--replace_result $MYSQL_TEST_DIR_ABS MYSQL_TEST_DIR
 --error 1
 exec $MYSQLD --defaults-file=with.ext --print-defaults 2>&1;
 
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--replace_result $MYSQL_TEST_DIR_ABS MYSQL_TEST_DIR
 --error 1
 exec $MYSQLD --defaults-file=no_extension --print-defaults 2>&1;
 

mysys/lf_hash.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -83,7 +83,8 @@ static int my_lfind(LF_SLIST * volatile *head, CHARSET_INFO *cs, uint32 hashnr,
   do { /* PTR() isn't necessary below, head is a dummy node */
     cursor->curr= (LF_SLIST *)(*cursor->prev);
     _lf_pin(pins, 1, cursor->curr);
-  } while (*cursor->prev != (intptr)cursor->curr && LF_BACKOFF);
+  } while (my_atomic_loadptr((void**)cursor->prev) != cursor->curr &&
+                              LF_BACKOFF);
   for (;;)
   {
     if (unlikely(!cursor->curr))
@@ -97,7 +98,7 @@ static int my_lfind(LF_SLIST * volatile *head, CHARSET_INFO *cs, uint32 hashnr,
     cur_hashnr= cursor->curr->hashnr;
     cur_key= cursor->curr->key;
     cur_keylen= cursor->curr->keylen;
-    if (*cursor->prev != (intptr)cursor->curr)
+    if (my_atomic_loadptr((void**)cursor->prev) != cursor->curr)
     {
       (void)LF_BACKOFF;
       goto retry;

packaging/rpm-oel/mysql.spec.in

@@ -1,4 +1,4 @@
-# Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -609,14 +609,6 @@ rm -rf %{buildroot}%{_bindir}/mysql_embedded
 rm -rf %{buildroot}%{_bindir}/mysql_setpermission
 rm -rf %{buildroot}%{_mandir}/man1/mysql_setpermission.1*
 
-# Remove obsoleted man pages
-rm -f %{buildroot}%{_mandir}/man1/mysql-stress-test.pl.1
-rm -f %{buildroot}%{_mandir}/man1/mysql-test-run.pl.1
-rm -f %{buildroot}%{_mandir}/man1/mysql_client_test.1
-rm -f %{buildroot}%{_mandir}/man1/mysql_client_test_embedded.1
-rm -f %{buildroot}%{_mandir}/man1/mysqltest.1
-rm -f %{buildroot}%{_mandir}/man1/mysqltest_embedded.1
-
 %check
 %if 0%{?runselftest}
 pushd release
@@ -920,6 +912,9 @@ fi
 %endif
 
 %changelog
+* Wed Jan 10 2018 Bjorn Munch <[email protected]> - 5.5.60-1
+- No longer need to remove obsoleted mysqltest man pages
+
 * Tue Oct 31 2017 Bjorn Munch <[email protected]> - 5.5.59-1
 - Remove obsoleted mysqltest man pages
 

packaging/rpm-sles/mysql.spec.in

@@ -1,4 +1,4 @@
-# Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -446,14 +446,6 @@ rm -rf %{buildroot}%{_bindir}/mysql_embedded
 rm -rf %{buildroot}%{_bindir}/mysql_setpermission
 rm -rf %{buildroot}%{_mandir}/man1/mysql_setpermission.1*
 
-# Remove obsoleted man pages
-rm -f %{buildroot}%{_mandir}/man1/mysql-stress-test.pl.1
-rm -f %{buildroot}%{_mandir}/man1/mysql-test-run.pl.1
-rm -f %{buildroot}%{_mandir}/man1/mysql_client_test.1
-rm -f %{buildroot}%{_mandir}/man1/mysql_client_test_embedded.1
-rm -f %{buildroot}%{_mandir}/man1/mysqltest.1
-rm -f %{buildroot}%{_mandir}/man1/mysqltest_embedded.1
-
 # rcmysql symlink
 install -d %{buildroot}%{_sbindir}
 ln -sf %{_initrddir}/mysql %{buildroot}%{_sbindir}/rcmysql
@@ -742,6 +734,9 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/libmysqld.so
 
 %changelog
+* Wed Jan 10 2018 Bjorn Munch <[email protected]> - 5.5.60-1
+- No longer need to remove obsoleted mysqltest man pages
+
 * Tue Oct 31 2017 Bjorn Munch <[email protected]> - 5.5.59-1
 - Remove obsoleted mysqltest man pages
 

sql-common/client.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1735,18 +1735,20 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths)
   end_pos=pos+pkt_len;
   for (field=0 ; field < fields ; field++)
   {
-    if ((len=(ulong) net_field_length(&pos)) == NULL_LENGTH)
+    len=(ulong) net_field_length_checked(&pos, (ulong)(end_pos - pos));
+    if (pos > end_pos)
+    {
+      set_mysql_error(mysql, CR_UNKNOWN_ERROR, unknown_sqlstate);
+      return -1;
+    }
+
+    if (len == NULL_LENGTH)
     {						/* null field */
       row[field] = 0;
       *lengths++=0;
     }
     else
     {
-      if (len > (ulong) (end_pos - pos))
-      {
-        set_mysql_error(mysql, CR_UNKNOWN_ERROR, unknown_sqlstate);
-        return -1;
-      }
       row[field] = (char*) pos;
       pos+=len;
       *lengths++=len;

sql-common/my_path_permissions.cc

@@ -0,0 +1,54 @@
+/* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU General Public License as published by the
+   Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301, USA */
+
+#include "my_dir.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/**
+  Check if a file/dir is world-writable (only on non-Windows platforms)
+
+  @param [in] Path of the file/dir to be checked
+
+  @returns Status of the file/dir check
+    @retval -2 Permission denied to check attributes of file/dir
+    @retval -1 Error in reading file/dir
+    @retval  0 File/dir is not world-writable
+    @retval  1 File/dir is world-writable
+ */
+
+int is_file_or_dir_world_writable(const char *path)
+{
+  MY_STAT stat_info;
+  (void)path; // avoid unused param warning when built on Windows
+#ifndef _WIN32
+  if (!my_stat(path, &stat_info, MYF(0)))
+  {
+      return (errno == EACCES) ? -2 : -1;
+  }
+  if ((stat_info.st_mode & S_IWOTH) &&
+      ((stat_info.st_mode & S_IFMT) == S_IFREG ||   /* file   */
+       (stat_info.st_mode & S_IFMT) == S_IFDIR))    /* or dir */
+    return 1;
+#endif
+  return 0;
+}
+
+#ifdef  __cplusplus
+}
+#endif

sql-common/pack.c

@@ -1,5 +1,4 @@
-/* Copyright (c) 2000-2003, 2007 MySQL AB
-   Use is subject to license terms
+/* Copyright (c) 2000, 2018 Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -46,6 +45,40 @@ ulong STDCALL net_field_length(uchar **packet)
   return (ulong) uint4korr(pos+1);
 }
 
+/* The same as above but with max length check */
+ulong STDCALL net_field_length_checked(uchar **packet, ulong max_length)
+{
+  ulong len;
+  uchar *pos= (uchar *)*packet;
+
+  if (*pos < 251)
+  {
+    (*packet)++;
+    len= (ulong) *pos;
+    return (len > max_length) ? max_length : len;
+  }
+  if (*pos == 251)
+  {
+    (*packet)++;
+    return NULL_LENGTH;
+  }
+  if (*pos == 252)
+  {
+    (*packet)+=3;
+    len= (ulong) uint2korr(pos+1);
+    return (len > max_length) ? max_length : len;
+  }
+  if (*pos == 253)
+  {
+    (*packet)+=4;
+    len= (ulong) uint3korr(pos+1);
+    return (len > max_length) ? max_length : len;
+  }
+  (*packet)+=9;                                 /* Must be 254 when here */
+  len= (ulong) uint4korr(pos+1);
+  return (len > max_length) ? max_length : len;
+}
+
 /* The same as above but returns longlong */
 my_ulonglong net_field_length_ll(uchar **packet)
 {

sql/CMakeLists.txt

@@ -79,7 +79,7 @@ SET (SQL_SOURCE
                sql_profile.cc event_parse_data.cc sql_alter.cc
                sql_signal.cc rpl_handler.cc mdl.cc sql_admin.cc
                transaction.cc sys_vars.cc sql_truncate.cc datadict.cc
-               sql_reload.cc
+               sql_reload.cc ../sql-common/my_path_permissions.cc
                ${GEN_SOURCES}
                ${CONF_SOURCES}
                ${MYSYS_LIBWRAP_SOURCE})

sql/event_db_repository.cc

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -178,6 +178,8 @@ class Event_db_intact : public Table_check_intact
     error_log_print(ERROR_LEVEL, fmt, args);
     va_end(args);
   }
+public:
+  Event_db_intact() { has_keys= TRUE; }
 };
 
 /** In case of an error, a message is printed to the error log. */