lp:~laurynas-biveinis/mysql-server/5.6.11-CVE-2012-5615-CVE-2012-5627

Created by Laurynas Biveinis on 2013-05-14 and last modified on 2013-05-26
Get this branch:
bzr branch lp:~laurynas-biveinis/mysql-server/5.6.11-CVE-2012-5615-CVE-2012-5627
Only Laurynas Biveinis can upload to this branch. If you are Laurynas Biveinis please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Laurynas Biveinis
Project:
MySQL Server
Status:
Mature

Recent revisions

4869. By Laurynas Biveinis on 2013-05-14

 Port CVE-2012-5615 and CVE-2012-5627 from Percona Server 5.6

4868. By Marko Mäkelä <email address hidden> on 2013-04-05

Merge from mysql-5.6 to the 5.6.11 release clone.
------------------------------------------------------------
revno: 5006
revision-id: <email address hidden>
parent: <email address hidden>
committer: Marko Mäkelä <email address hidden>
branch nick: mysql-5.6
timestamp: Wed 2013-04-03 15:47:30 +0300
message:
  Fix regression Bug#16544143 ENABLE PARTIAL ROLLBACK DURING ONLINE ALTER TABLE

  row_log_allocate(): Initialize the added fields.

4867. By Marko Mäkelä <email address hidden> on 2013-04-05

Merge from mysql-5.6 to the 5.6.11 release clone.
------------------------------------------------------------
revno: 5004
revision-id: <email address hidden>
parent: <email address hidden>
committer: Marko Mäkelä <email address hidden>
branch nick: mysql-5.6
timestamp: Wed 2013-04-03 10:26:04 +0300
message:
  Bug#16544143 ENABLE PARTIAL ROLLBACK DURING ONLINE ALTER TABLE

  During table-copying online ALTER TABLE (such as ADD COLUMN, DROP
  COLUMN, ADD PRIMARY KEY, changing the ROW_FORMAT), we keep a log of
  concurrent INSERT and DELETE operations that modify the table data.
  Off-page columns (BLOBs) are not logged; instead, we just log the
  pointers as they are in the clustered index records.

  In order to avoid accessing stale BLOB pointers when applying the log,
  we used to suspend the purge of records that would free BLOBs, and keep
  track of user transactions that were rolled back.

  The bug is that a partial rollback is wrongly treated as a full
  rollback. That is, the remaining changes of a partially rolled back
  transaction (one that involved a statement rollback, or an explicit
  ROLLBACK TO SAVEPOINT) could be lost (rolled back) during the online
  ALTER TABLE.

  row_log_table_rollback(), row_log_t::trx_rb: Remove. We no longer keep
  track of transactions. We keep track of BLOB start pages instead.

  row_log_table_is_rollback(): Remove. The call in
  row_merge_insert_index_tuples() was made redundant in the fix of
  Bug#14712710 BOGUS DUPLICATE KEY ERROR DURING ONLINE ALTER TABLE
  (rb#1438) when row_merge_read_clustered_index() started to use
  REPEATABLE READ instead of READ UNCOMMITTED.

  row_log_t::blobs: A new member, a map from BLOB page numbers to byte
  offsets in the log. This keeps track of BLOBs freed and allocated during
  ALTER TABLE. If a previously freed BLOB page is allocated, the log apply
  must trust the BLOB page number starting from the log record of the new
  allocation.

  Example: A transaction inserted a BLOB starting at page 123. There was
  a partial rollback that undoes the insert, but the transaction remains
  active. So, we will insert (123,BLOB_FREED) to log->blobs.
  Later, another BLOB will be inserted at page 123, when log->tail.total=4567.
  We will replace the (123,BLOB_FREED) with (123,4567) in the log->blobs.
  The log record for inserting this BLOB would start at offset 4567.

  row_log_table_blob_free(), row_log_table_blob_alloc(): New functions,
  for updating row_log_t::blobs.

  row_log_table_close_func(), row_log_table_apply_op():
  Update the new field row_log_buf_t::total.

  row_log_table_delete(): Add the parameter 'bool purge', to specify
  whether to log BLOB prefixes for updating secondary indexes.
  The flag will be set during a partial or full rollback.

  row_log_table_apply_convert_mrec(): Before accessing any BLOB data,
  check row_log_t::blobs if it is safe to do so.

  row_purge_remove_clust_if_poss_low(), row_purge_remove_clust_if_poss(),
  row_purge_del_mark(), row_purge_upd_exist_or_extern(): Do not suspend
  the purge if it would free BLOBs during online ALTER TABLE. Rely on
  the row_log_t::blobs.

  rec_print_comp(): Display the BLOB pointer when truncating a column.

  rb#2203 approved by Jimmy Yang

4866. By Marko Mäkelä <email address hidden> on 2013-04-05

Merge from mysql-5.6 to the 5.6.11 release clone.
------------------------------------------------------------
revno: 5003
revision-id: <email address hidden>
parent: <email address hidden>
committer: Marko Mäkelä <email address hidden>
branch nick: mysql-5.6
timestamp: Wed 2013-04-03 10:18:33 +0300
message:
  Bug#16586355 CORRUPTION IN ONLINE ALTER TABLE...ADD PRIMARY KEY(A,B),
  CHANGE A ... AFTER B

  row_log_table_get_pk() assigned the column mapping to the wrong variable.
  Refactor it to make the logic easier to follow.

  row_log_table_get_pk_old_col(): Get the old table column corresponding
  to a new table column. Returns NULL if the column was added to the
  new table.

  row_log_table_get_pk_col(): Retrieve the column value from the old
  table record (and optionally BLOB pages).

  rb#2274 approved by Jimmy Yang

4865. By Marko Mäkelä <email address hidden> on 2013-03-26

Bug#16544336 INCONSISTENT ONLINE ADD PRIMARY KEY ON COLUMN PREFIX

row_log_table_get_pk(): Invoke dtype_get_at_most_n_mbchars()
to properly retrieve the column prefix.

This bug affected online ALTER TABLE...ADD PRIMARY KEY where the new
PRIMARY KEY included a column prefix.

When the definition of primary key is changed, we must identify both
the old and new PRIMARY KEY value of the row in the modification log.

The bug was that we failed to cut the column prefix, and log apply
would fail to find the row. This caused the log apply to skip DELETE
operations, either as part of ROW_T_DELETE or as part of ROW_T_UPDATE
(update can be treated as delete and insert).

rb#2245 approved by Kevin Lewis

4864. By Balasubramanian Kandasamy on 2013-03-25

Updated Release Engineering mail address

4863. By Marko Mäkelä <email address hidden> on 2013-03-22

Bug#16503490 TABLE-COPYING ALTER TABLE MISTAKES PARTIAL ROLLBACK
FOR FULL ROLLBACK

During table-copying online ALTER TABLE (such as ADD COLUMN, DROP
COLUMN, ADD PRIMARY KEY, changing the ROW_FORMAT), we keep a log of
concurrent INSERT and DELETE operations that modify the table data.
Off-page columns (BLOBs) are not logged; instead, we just log the
pointers as they are in the clustered index records.

In order to avoid accessing stale BLOB pointers when applying the log,
we suspend the purge of records that would free BLOBs, and keep track
of user transactions that were rolled back.

The bug is that a partial rollback is wrongly treated as a full
rollback. That is, the remaining changes of a partially rolled back
transaction (one that involved a statement rollback, or an explicit
ROLLBACK TO SAVEPOINT) could be lost (rolled back) during the online
ALTER TABLE.

This patch works around the problem in MySQL 5.6.11. We prohibit
partial rollback during table-copying online ALTER TABLE.

There are two forms of partial rollback.

ROLLBACK TO SAVEPOINT will simply return an error 153, but it will not
commit or roll back the transaction. The user has to explicitly commit
or roll back.

Statement rollback (such as when a duplicate key error is detected
during an INSERT) will fake a deadlock and roll back the entire
transaction.

lock_tables_are_being_altered(): A predicate for checking if a
transaction has locked any tables that are being processed by
table-copying ALTER TABLE. This is similar to lock_table_has(), which
is invoked for the transaction of the currently running thread,
without acquiring any mutex.

innobase_rollback_to_savepoint(): Return HA_ERR_NO_SAVEPOINT if online
ALTER is active.

row_mysql_handle_errors(): Fake a deadlock if online ALTER is active
and we would be rolling back to a savepoint.

We do not take index->lock for the dict_index_is_online_ddl() checks
for performance reasons. The index cannot go away while there is a
transaction holding locks on it.

rb#2233 approved by Kevin Lewis

4862. By Balasubramanian Kandasamy on 2013-03-21

Fixed SuSE Build issue

4861. By Shaohua Wang <email address hidden> on 2013-03-15

BUG#16495433-SEGV IN LOCK_GET_TYPE_LOW(),A RACE IN LOCK_WAIT_SUSPEND_THREAD()

It's a race condition. We should protect "wait_lock" with lock_sys->mutex in
lock_wait_suspend_thread. The definition of "wait_lock" notes about that.

rb#2194 approved by Marko & Sunny.

4860. By Nuno Carvalho <email address hidden> on 2013-03-14

BUG#16484323: REPLICATION W/GTIDS FAILS WITH ERROR 1778 WHEN RUNNING ANALYZE OR REPAIR TABLE

After BUG#16062608 fix, when a command that causes a implicit commit
but does not change data is executed when @@SESSION.GTID_NEXT is
different from AUTOMATIC, a error is thrown saying that this command
is not allowed.
Commands ANALYZE and REPAIR TABLE, which cause a implicit commit, were
not correctly identified as update queries, so when them were
replicated slave raised the error.

To fix this incorrect behaviour, ANALYZE and REPAIR TABLE commands are
now identified as update queries.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:mysql-server
This branch contains Public information 
Everyone can see this information.