summaryrefslogtreecommitdiff
path: root/sql-common
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '5.5' into 10.1Oleksandr Byelkin2019-07-251-1/+7
|\
| * MDEV-20110 don't try to load client plugins with invalid namesSergei Golubchik2019-07-211-1/+7
| | | | | | | | reported by lixtelnis
* | Merge branch '5.5' into 10.1Vicențiu Ciorbaru2019-05-115-5/+5
|\ \ | |/
| * Update FSF AddressVicențiu Ciorbaru2019-05-115-5/+5
| | | | | | | | * Update wrong zip-code
* | MDEV-18131 MariaDB does not verify IP addresses from subject alternativeVladislav Vaintroub2019-04-281-2/+4
| | | | | | | | | | | | | | names Added a call to X509_check_ip_asc() in case server_hostname represents an IP address.
* | cmake: re-enable -Werror in the maintainer modeSergei Golubchik2019-03-271-3/+3
| | | | | | | | | | | | now we can afford it. Fix -Werror errors. Note: * old gcc is bad at detecting uninit variables, disable it. * time_t is int or long, cast it for printf's
* | Merge 10.1 into 10.1Marko Mäkelä2019-02-021-3/+27
|\ \ | | | | | | | | | This is joint work with Oleksandr Byelkin.
| * \ Merge branch '5.5' into 10.0Oleksandr Byelkin2019-01-281-3/+27
| |\ \ | | |/
| | * Crude "auto-load-data-local-infile" modemariadb-5.5.63Sergei Golubchik2019-01-271-3/+27
| | | | | | | | | | | | | | | | | | | | | Disable LOAD DATA LOCAL INFILE suport by default and auto-enable it for the duration of one query, if the query string starts with the word "load". In all other cases the application should enable LOAD DATA LOCAL INFILE support explicitly.
* | | Merge branch '10.0' into 10.1Oleksandr Byelkin2018-07-311-0/+4
|\ \ \ | |/ /
| * | Merge 5.5 into 10.0Marko Mäkelä2018-07-301-0/+4
| |\ \ | | |/
| | * Merge remote-tracking branch 'mysql/5.5' into 5.5Oleksandr Byelkin2018-07-291-0/+4
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We do not accept: 1. We did not have this problem (fixed earlier and better) d982e717aba67227ec40761a21a4211db91aa0e2 Bug#27510150: MYSQLDUMP FAILS FOR SPECIFIC --WHERE CLAUSES 2. We do not have such options (an DBUG_ASSERT put just in case) bbc2e37fe4e0ca3a7cfa1437a763dc43829e98e2 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7 3. Serg fixed it in other way in this release: e48d775c6f066add457fa8cfb2ebc4d5ff0c7613 Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
| | | * Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARYmysql-5.5.61Ivo Roylev2018-06-151-1/+3
| | | | | | | | | | | | | | | | (cherry picked from commit b5b986b2cbd9a7848dc3f48e5c42b6d4e1e5fb22)
| | | * Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7Arun Kuruvila2018-05-141-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Description:- Client applications establishes connection to server, which does not support SSL, via TCP even when SSL is enforced via MYSQL_OPT_SSL_MODE or MYSQL_OPT_SSL_ENFORCE or MYSQL_OPT_SSL_VERIFY_SERVER_CERT. Analysis:- There exist no error handling for catching client applications which enforces SSL connection to connect to a server which does not support SSL. Fix:- Error handling is done to catch above mentioned scenarios.
| | | * Bug#25471090: MYSQL USE AFTER FREEArun Kuruvila2018-02-122-9/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Description:- Mysql client crashes when trying to connect to a fake server which is sending incorrect packets. Analysis:- Mysql client crashes when it tries to read server version details. Fix:- A check is added in "red_one_row()".
| | | * Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE ASShishir Jaiswal2017-12-021-0/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ROOT DESCRIPTION =========== If the .pid file is created at a world-writable location, it can be compromised by replacing the server's pid with another running server's (or some other non-mysql process) PID causing abnormal behaviour. ANALYSIS ======== In such a case, user should be warned that .pid file is being created at a world-writable location. FIX === A new function is_file_or_dir_world_writable() is defined and it is called in create_pid_file() before .pid file creation. If the location is world-writable, a relevant warning is thrown. NOTE ==== 1. PID file is always created with permission bit 0664, so for outside world its read-only. 2. Ignoring the case when permission is denied to get the dir stats since the .pid file creation would fail anyway in such a case.
| | | * BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING ↵Ramil Kalimullin2017-03-101-2/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL CONNECTION MYSQL_OPT_SSL_MODE option introduced. It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.
| | | * (no commit message)Nisha Gopalakrishnan2017-02-161-4/+7
| | | |
* | | | Merge branch '10.0' into 10.1Vicențiu Ciorbaru2018-06-121-0/+4
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Vicențiu Ciorbaru2018-06-101-0/+4
| |\ \ \ | | |/ /
| | * | MDEV-10246 ssl-* config file options have no effect without mysql_ssl_set()Vladislav Vaintroub2018-06-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Partially revert 4ef74979969ac9339d0d42c11a6f26632e6776f1 that caused regression. Any ssl- option must imply use_ssl=1, even if mysql_set_ssl() was not used.
* | | | Merge branch '10.0' into 10.1Sergei Golubchik2018-05-051-11/+19
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Sergei Golubchik2018-05-041-7/+15
| |\ \ \ | | |/ /
| | * | protocol: verify that number of rows is correctSergei Golubchik2018-05-041-7/+15
| | | |
| * | | Merge branch '5.5' into 10.0mariadb-10.0.35Sergei Golubchik2018-05-011-4/+4
| |\ \ \ | | |/ /
| | * | Use after free in authenticationSergei Golubchik2018-05-011-2/+2
| | | |
| | * | Bug#25471090: MYSQL USE AFTER FREESergei Golubchik2018-04-301-2/+2
| | | | | | | | | | | | | | | | a better fix
| * | | Merge branch '5.5' into 10.0Sergei Golubchik2018-04-291-1/+1
| |\ \ \ | | |/ /
| | * | Bug#25471090: MYSQL USE AFTER FREESergei Golubchik2018-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | fix another similar line followup for 7828ba0df488
* | | | Merge 10.0 into 10.1Marko Mäkelä2018-04-241-1/+1
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Sergei Golubchik2018-04-201-1/+1
| |\ \ \ | | |/ /
| | * | Bug#25471090: MYSQL USE AFTER FREESergei Golubchik2018-04-191-1/+1
| | | | | | | | | | | | | | | | in a specially crafted invalid packet, one can get end_pos < pos here
* | | | Merge branch '10.0' into 10.1Vicențiu Ciorbaru2018-04-071-2/+2
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Vicențiu Ciorbaru2018-04-031-2/+2
| |\ \ \ | | |/ /
| | * | don't disable SSL when connecting via libmysqldSergei Golubchik2018-04-031-2/+2
| | | |
* | | | Fix LibreSSL X509 (SSL) certificate hostname checking.Michael Gmelin2018-04-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Currently) LibreSSL doesn't calculate the string length of the hostname that's passed to X509_check_host automatically in case namelen/chklen is 0. This causes server certificate validation to fail when building MariaDB with LibreSSL. The proposed fix makes MariaDB determine the string length passed to X509_check_host. As there are no ill side-effects (OpenSSL's X509_check_host also simply calls strlen if namelen == 0, see also X509_check_host(3)), this wasn't wrapped in any #ifdef like constructs. Please see here for a proposed patch to modify LibreSSL's behavior: https://github.com/libressl-portable/openbsd/pull/87
* | | | MDEV-14265 - RPMLint warning: shared-lib-calls-exitSergey Vojtovich2017-12-191-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | find_type_or_exit() client helper did exit(1) on error, exit(1) moved to clients. mysql_read_default_options() did exit(1) on error, error is passed through and handled now. my_str_malloc_default() did exit(1) on error, replaced my_str_ allocator functions with normal my_malloc()/my_realloc()/my_free(). sql_connect.cc did many exit(1) on hash initialisation failure. Removed error check since my_hash_init() never fails. my_malloc() did exit(1) on error. Replaced with abort(). my_load_defaults() did exit(1) on error, replaced with return 2. my_load_defaults() still does exit(0) when invoked with --print-defaults.
* | | | Merge branch '10.0' into 10.1Sergei Golubchik2017-10-221-1/+1
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Sergei Golubchik2017-10-181-1/+1
| |\ \ \ | | |/ /
| | * | MDEV-13459 Warnings, when compiling with gcc-7.xSergei Golubchik2017-10-171-0/+1
| | | | | | | | | | | | | | | | mostly caused by -Wimplicit-fallthrough
* | | | Merge branch '10.0' into 10.1Sergei Golubchik2017-08-081-0/+1
|\ \ \ \ | |/ / /
| * | | MDEV-12824 GCC 7 warning: this statement may fall through ↵Sergei Golubchik2017-07-201-0/+1
| | | | | | | | | | | | | | | | [-Wimplicit-fallthrough=]
* | | | Merge 10.0 into 10.1Marko Mäkelä2017-05-231-5/+6
|\ \ \ \ | |/ / /
| * | | MDEV-6262 analyze the coverity report on mariadbSergei Golubchik2017-05-191-5/+6
| | | | | | | | | | | | | | | | | | | | uploaded 10.0, analyzed everything with the Impact=High (and a couple of Medium)
* | | | Merge branch '10.0' 10.1Sergei Golubchik2017-04-281-2/+2
|\ \ \ \ | |/ / /
| * | | Merge branch '5.5' into 10.0Sergei Golubchik2017-04-211-2/+2
| |\ \ \ | | |/ /
| | * | respect client's desire to force ssl even when WITH_SSL=NOSergei Golubchik2017-04-201-2/+2
| | | | | | | | | | | | | | | | | | | | of course, this combination can never succeed, we must fail to connect here.
* | | | MDEV-10594 SSL hostname verification fails for SubjectAltNamesSergei Golubchik2017-04-271-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use X509_check_host for OpenSSL 1.0.2+ This adds: * support for subjectAltNames * wildcards * sub-domain matching
* | | | bugfix: federated/replication did not increment bytes_received status variableSergei Golubchik2017-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | because mysql->net.thd was reset to NULL in mysql_real_connect() and thd_increment_bytes_received() didn't do anything. Fix: * set mysql->net.thd to current_thd instread. * remove the test for non-null THD from a very often used function thd_increment_bytes_received().
* | | | don't do vio_description(NULL)Sergei Golubchik2017-03-101-1/+1
| | | | | | | | | | | | | | | | this fixes the crash of innodb.innodb-blob --ps-protocol
View Lorry Controller Status