Merge tag 'clone-5.7.20-build' into mysql-5.7-cluster-7.5

Author: arnabray21

VERSION

@@ -1,4 +1,4 @@
 MYSQL_VERSION_MAJOR=5
 MYSQL_VERSION_MINOR=7
-MYSQL_VERSION_PATCH=19
+MYSQL_VERSION_PATCH=20
 MYSQL_VERSION_EXTRA=-ndb-7.5.8

client/client_priv.h

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -145,11 +145,11 @@ enum options_client
   Client deprecation warnings
 */
 #define CLIENT_WARN_DEPRECATED_NO_REPLACEMENT(opt) \
-  printf("WARNING: " opt \
+  fprintf(stderr, "WARNING: " opt \
          " is deprecated and will be removed in a future version\n")
 
 #define CLIENT_WARN_DEPRECATED(opt, new_opt) \
-  printf("WARNING: " opt \
+  fprintf(stderr, "WARNING: " opt \
          " is deprecated and will be removed in a future version. " \
          "Use " new_opt " instead.\n")
 

client/dump/abstract_chain_element.cc

@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
+  Copyright (c) 2015, 2017 Oracle and/or its affiliates. All rights reserved.
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by

client/dump/abstract_progress_watcher.cc

@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+  Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -82,7 +82,7 @@ void Abstract_progress_watcher::object_processing_ended(
   Table_rows_dump_task* processed_table_task=
     dynamic_cast<Table_rows_dump_task*>(
     finished_process_data->get_process_task_object());
-  if (processed_table_task != NULL && processed_table_task->is_completed()
+  if (processed_table_task != NULL
     && finished_process_data->had_chain_created())
   {
     m_progress.m_table_count++;

client/mysql_ssl_rsa_setup.cc

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -71,6 +71,12 @@ enum certs
   OPENSSL_RND
 };
 
+enum extfiles
+{
+  CAV3_EXT=0,
+  CERTV3_EXT
+};
+
 Sql_string_t cert_files[] =
 {
   create_string("ca.pem"),
@@ -87,6 +93,12 @@ Sql_string_t cert_files[] =
   create_string(".rnd")
 };
 
+Sql_string_t ext_files[] =
+{
+  create_string("cav3.ext"),
+  create_string("certv3.ext")
+};
+
 #define MAX_PATH_LEN  (FN_REFLEN - strlen(FN_DIRSEP) \
                        - cert_files[SERVER_CERT].length() - 1)
 /*
@@ -314,6 +326,49 @@ class X509_key
   stringstream m_subj_prefix;
 };
 
+class X509v3_ext_writer
+{
+public:
+  X509v3_ext_writer()
+  {
+    m_cav3_ext_options << "basicConstraints=CA:TRUE" << std::endl;
+
+    m_certv3_ext_options << "basicConstraints=CA:FALSE" << std::endl;
+  }
+  ~X509v3_ext_writer() {};
+
+  bool operator()(const Sql_string_t &cav3_ext_file,
+                  const Sql_string_t &certv3_ext_file)
+  {
+    if (!cav3_ext_file.length() ||
+        !certv3_ext_file.length())
+      return true;
+
+    std::ofstream ext_file;
+
+    ext_file.open(cav3_ext_file.c_str(),
+                  std::ios::out|std::ios::trunc);
+    if (!ext_file.is_open())
+      return true;
+    ext_file << m_cav3_ext_options.str();
+    ext_file.close();
+
+    ext_file.open(certv3_ext_file.c_str(),
+                  std::ios::out|std::ios::trunc);
+    if (!ext_file.is_open())
+    {
+      remove_file(cav3_ext_file.c_str(), false);
+      return true;
+    }
+    ext_file << m_certv3_ext_options.str();
+    ext_file.close();
+
+    return false;
+  }
+private:
+  stringstream m_cav3_ext_options;
+  stringstream m_certv3_ext_options;
+};
 
 class X509_cert
 {
@@ -328,15 +383,17 @@ class X509_cert
                           uint32_t serial,
                           bool self_signed,
                           const Sql_string_t &sign_key_file,
-                          const Sql_string_t &sign_cert_file)
+                          const Sql_string_t &sign_cert_file,
+                          const Sql_string_t &ext_file)
   {
     stringstream command;
     command << "openssl x509 -sha256 -days " << m_validity;
-    command << " -set_serial " << serial << " -req -in " << req_file << " ";
+    command << " -extfile " << ext_file;
+    command << " -set_serial " << serial << " -req -in " << req_file;
     if (self_signed)
-      command << "-signkey " << sign_key_file;
+      command << " -signkey " << sign_key_file;
     else
-      command << "-CA " << sign_cert_file << " -CAkey " << sign_key_file;
+      command << " -CA " << sign_cert_file << " -CAkey " << sign_key_file;
     command << " -out " << cert_file;
 
     return command.str();
@@ -551,6 +608,7 @@ int main(int argc, char *argv[])
       Sql_string_t empty_string("");
       X509_key x509_key(suffix_string);
       X509_cert x509_cert;
+      X509v3_ext_writer x509v3_ext_writer;
 
       /* Delete existing files if any */
       remove_file(cert_files[CA_REQ], false);
@@ -560,14 +618,23 @@ int main(int argc, char *argv[])
       remove_file(cert_files[CLIENT_KEY], false);
       remove_file(cert_files[OPENSSL_RND], false);
 
+      /* Remove existing v3 extension files */
+      remove_file(ext_files[CAV3_EXT], false);
+      remove_file(ext_files[CERTV3_EXT], false);
+
+      /* Create v3 extension files */
+      if (x509v3_ext_writer(ext_files[CAV3_EXT], ext_files[CERTV3_EXT]))
+        goto end;
+
       /* Generate CA Key and Certificate */
       if ((ret_val= execute_command(x509_key("_Auto_Generated_CA_Certificate",
                                              cert_files[CA_KEY], cert_files[CA_REQ]),
                                     "Error generating ca_key.pem and ca_req.pem")))
         goto end;
 
       if ((ret_val= execute_command(x509_cert(cert_files[CA_REQ], cert_files[CA_CERT], 1,
-                                              true, cert_files[CA_KEY], empty_string),
+                                              true, cert_files[CA_KEY], empty_string,
+                                              ext_files[CAV3_EXT]),
                                     "Error generating ca_cert.pem")))
         goto end;
 
@@ -578,7 +645,8 @@ int main(int argc, char *argv[])
         goto end;
 
       if ((ret_val= execute_command(x509_cert(cert_files[SERVER_REQ], cert_files[SERVER_CERT], 2,
-                                              false, cert_files[CA_KEY], cert_files[CA_CERT]),
+                                              false, cert_files[CA_KEY], cert_files[CA_CERT],
+                                              ext_files[CERTV3_EXT]),
                                     "Error generating server_cert.pem")))
         goto end;
 
@@ -589,7 +657,8 @@ int main(int argc, char *argv[])
         goto end;
 
       if ((ret_val= execute_command(x509_cert(cert_files[CLIENT_REQ], cert_files[CLIENT_CERT], 3,
-                                              false, cert_files[CA_KEY], cert_files[CA_CERT]),
+                                              false, cert_files[CA_KEY], cert_files[CA_CERT],
+                                              ext_files[CERTV3_EXT]),
                                     "Error generating client_cert.pem")))
         goto end;
 
@@ -622,6 +691,11 @@ int main(int argc, char *argv[])
         goto end;
 
       remove_file(cert_files[OPENSSL_RND], false);
+
+      /* Remove existing v3 extension files */
+      remove_file(ext_files[CAV3_EXT], false);
+      remove_file(ext_files[CERTV3_EXT], false);
+
     }
 
     /*

client/mysqlbinlog.cc

@@ -218,6 +218,7 @@ Query_log_event::rewrite_db_in_buffer(char **buf, ulong *event_len,
   char* ptr= *buf;
   uint sv_len= 0;
 
+  DBUG_EXECUTE_IF("simulate_corrupt_event_len", *event_len=0;);
   /* Error if the event content is too small */
   if (*event_len < (common_header_len + query_header_len))
     return true;
@@ -2532,7 +2533,8 @@ static Exit_status dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info,
   char log_file_name[FN_REFLEN + 1];
   Exit_status retval= OK_CONTINUE;
   enum enum_server_command command= COM_END;
-
+  char *event_buf= NULL;
+  ulong event_len;
   DBUG_ENTER("dump_remote_log_entries");
 
   fname[0]= log_file_name[0]= 0;
@@ -2691,12 +2693,19 @@ static Exit_status dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info,
     */
     if (type == binary_log::HEARTBEAT_LOG_EVENT)
       continue;
+    event_buf= (char *) net->read_pos + 1;
+    event_len= len - 1;
+    if (rewrite_db_filter(&event_buf, &event_len, glob_description_event))
+    {
+      error("Got a fatal error while applying rewrite db filter.");
+      DBUG_RETURN(ERROR_STOP);
+    }
 
     if (!raw_mode || (type == binary_log::ROTATE_EVENT) ||
         (type == binary_log::FORMAT_DESCRIPTION_EVENT))
     {
-      if (!(ev= Log_event::read_log_event((const char*) net->read_pos + 1 ,
-                                          len - 1, &error_msg,
+      if (!(ev= Log_event::read_log_event((const char*) event_buf,
+                                          event_len, &error_msg,
                                           glob_description_event,
                                           opt_verify_binlog_checksum)))
       {

client/mysqldump.c

@@ -5847,7 +5847,10 @@ static my_bool get_view_structure(char *table, char* db)
   if (path)
   {
     if (!(sql_file= open_sql_file_for_table(table, O_WRONLY)))
+    {
+      mysql_free_result(table_res);
       DBUG_RETURN(1);
+    }
 
     write_header(sql_file, db);
   }

extra/yassl/README

@@ -12,6 +12,14 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.4.4 (8/8/2017)
+    This release of yaSSL fixes an interop issue. A fix for detecting cipher
+    suites with non leading zeros is included as yaSSL only supports cipher
+    suites with leading zeros.  Thanks for the report from Security Innovation
+    and Oracle.
+
+    Users interoping with other SSL stacks should update.
+
 yaSSL Release notes, version 2.4.2 (9/22/2016)
     This release of yaSSL fixes a medium security vulnerability. A fix for
     potential AES side channel leaks is included that a local user monitoring

extra/yassl/certs/ca-cert.pem

@@ -1,40 +1,13 @@
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
-A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
-dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
-mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
-i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
-XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
-/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
-/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
-+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
-J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
-aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf
-+n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH
-7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2
-DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB
-VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq
-Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A==
------END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            9a:41:47:cd:a1:14:62:8c
-    Signature Algorithm: sha1WithRSAEncryption
+            b7:b6:90:33:66:1b:6b:23
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jul 11 03:20:08 2014 GMT
-            Not After : Apr  6 03:20:08 2017 GMT
+            Not Before: Aug 11 20:07:37 2016 GMT
+            Not After : May  8 20:07:37 2019 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -65,23 +38,50 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:9A:41:47:CD:A1:14:62:8C
+                serial:B7:B6:90:33:66:1B:6B:23
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f:
-         fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca:
-         f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f:
-         7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4:
-         33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f:
-         ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3:
-         c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5:
-         b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a:
-         91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81:
-         54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74:
-         43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14:
-         e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9:
-         64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3:
-         bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f:
-         b2:b3:03:d8
+    Signature Algorithm: sha256WithRSAEncryption
+         0e:93:48:44:4a:72:96:60:71:25:82:a9:2c:ca:60:5b:f2:88:
+         3e:cf:11:74:5a:11:4a:dc:d9:d8:f6:58:2c:05:d3:56:d9:e9:
+         8f:37:ef:8e:3e:3b:ff:22:36:00:ca:d8:e2:96:3f:a7:d1:ed:
+         1f:de:7a:b0:d7:8f:36:bd:41:55:1e:d4:b9:86:3b:87:25:69:
+         35:60:48:d6:e4:5a:94:ce:a2:fa:70:38:36:c4:85:b4:4b:23:
+         fe:71:9e:2f:db:06:c7:b5:9c:21:f0:3e:7c:eb:91:f8:5c:09:
+         fd:84:43:a4:b3:4e:04:0c:22:31:71:6a:48:c8:ab:bb:e8:ce:
+         fa:67:15:1a:3a:82:98:43:33:b5:0e:1f:1e:89:f8:37:de:1b:
+         e6:b5:a0:f4:a2:8b:b7:1c:90:ba:98:6d:94:21:08:80:5d:f3:
+         bf:66:ad:c9:72:28:7a:6a:48:ee:cf:63:69:31:8c:c5:8e:66:
+         da:4b:78:65:e8:03:3a:4b:f8:cc:42:54:d3:52:5c:2d:04:ae:
+         26:87:e1:7e:40:cb:45:41:16:4b:6e:a3:2e:4a:76:bd:29:7f:
+         1c:53:37:06:ad:e9:5b:6a:d6:b7:4e:94:a2:7c:e8:ac:4e:a6:
+         50:3e:2b:32:9e:68:42:1b:e4:59:67:61:ea:c7:9a:51:9c:1c:
+         55:a3:77:76
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJALe2kDNmG2sjMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNjA4MTEyMDA3MzdaFw0xOTA1MDgyMDA3MzdaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAt7aQM2YbayMwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADpNIREpylmBxJYKpLMpgW/KI
+Ps8RdFoRStzZ2PZYLAXTVtnpjzfvjj47/yI2AMrY4pY/p9HtH956sNePNr1BVR7U
+uYY7hyVpNWBI1uRalM6i+nA4NsSFtEsj/nGeL9sGx7WcIfA+fOuR+FwJ/YRDpLNO
+BAwiMXFqSMiru+jO+mcVGjqCmEMztQ4fHon4N94b5rWg9KKLtxyQuphtlCEIgF3z
+v2atyXIoempI7s9jaTGMxY5m2kt4ZegDOkv4zEJU01JcLQSuJofhfkDLRUEWS26j
+Lkp2vSl/HFM3Bq3pW2rWt06UonzorE6mUD4rMp5oQhvkWWdh6seaUZwcVaN3dg==
+-----END CERTIFICATE-----