maria:bb-11.4-MDEV-7850-revert

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

9b1ea69... by Brandon Nesterenko on 2024-02-05

Revert "MDEV-7850: Extend GTID Binlog Events with Thread Id"

This reverts commit c37b2087b4abe576f1b0391c8d379dba6299dcb5.

In c37b20887, when re-binlogging a GTID event on a replica,
it will overwrite the thread_id from the primary to be the
value of the slave applier (SQL thread or parallel worker).

This should be the value of the original thread_id on the
master connection though, to both help track temporary
tables, and be consistent with Query_log_event.

Reverting the commit to re-target 11.5, so we can re-test
with the corrected thread_id.

e30e9fc... by Alexander Barkov on 2024-02-05

MDEV-33386 Wrong error message on `GRANT .. ON PACKAGE no_such_package ..`

When displaying the ER_SP_DOES_NOT_EXIST error, use
Sp_handler::type_lex_cstring() to the the underlying
object type:
- PROCEDURE
- FUNCTION
- PACKAGE
- PACKAGE BODY
instead of hard-coded "FUNCTION or PROCEDURE".

2e83ab4... by Sergei Golubchik on 2023-10-15

MDEV-32473 --disable-ssl doesn't disable it

6b90033... by Sergei Golubchik on 2023-09-22

show in mariadb cli whether server cert was verified

853bdf5... by Sergei Golubchik on 2023-09-15

auto-disable --ssl-verify-server-cert in clients, if

* --ssl-verify-server-cert was not enabled explicitly, and
* CA was not specified, and
* fingerprint was not specified, and
* protocol is TCP, and
* no password was provided

insecure passwordless logins are common in test environment, let's
not break them. practically, it hardly makes sense to have strong
MitM protection if an attacker can simply login without a password.

Covers mariadb, mariadb-admin, mariadb-binlog, mariadb-dump

abcd23a... by Sergei Golubchik on 2023-09-04

MDEV-31857 enable --ssl-verify-server-cert by default in the internal client

enable ssl + ssl_verify_server_cert in the internal client too

* fix replication tests to disable master_ssl_verify_server_cert
  because accounts are passwordless - except rpl.rpl_ssl1
* fix federated/federatedx/connect to disable SSL_VERIFY_SERVER_CERT
  because they cannot configure an ssl connection
* fix spider to disable ssl_verify_server_cert, if configuration
  says so, as spider _can_ configure an ssl connection
* memory leak in embedded test-connect

e0c3039... by Sergei Golubchik on 2023-09-03

MDEV-31855 validate ssl certificates using client password in the internal client

port the client-side implementation from C/C to the internal client.
add the test.

386df87... by Sergei Golubchik on 2023-09-08

disable SSL via named pipes in the internal client

because it doesn't work. CONC-635.

3c36ed1... by Sergei Golubchik on 2023-09-04

free mysql->connector_fd correctly in the internal client

it's not an ssl option, so shouldn't be in mysql_ssl_free(),
which frees ssl options, and only unless CLIENT_REMEMBER_OPTIONS is set.

mysql->connector_fd must be freed when mysql->net.vio is closed
and fd becomes no longer valid

2f13f7d... by Sergei Golubchik on 2023-09-03

change how self-signed certs are accepted by internal client

use SSL_VERIFY_PEER with the "always ok" callback,
instead of SSL_VERIFY_NONE with no callback.

The latter doesn't work correctly in wolfSSL, it accepts self-signed
certificates just fine (as in OpenSSL), but after that
SSL_get_verify_result() returns X509_V_OK, while it returns an error
(e.g. X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) in OpenSSL.