Merge branch '5.5' into 10.0

Author: vuvova

.gitignore

@@ -59,6 +59,9 @@ include/mysql_version.h
 include/mysqld_ername.h
 include/mysqld_error.h
 include/sql_state.h
+include/probes_mysql.d
+include/probes_mysql_dtrace.h
+include/probes_mysql_nodtrace.h
 info_macros.cmake
 libmysql*/libmysql*_exports_file.cc
 libmysql*/merge_archives_mysql*.cmake

client/mysql_upgrade.c

@@ -184,7 +184,8 @@ static const char *load_default_groups[]=
 static void free_used_memory(void)
 {
  /* Free memory allocated by 'load_defaults' */
- free_defaults(defaults_argv);
+ if (defaults_argv)
+ free_defaults(defaults_argv);
 
  dynstr_free(&ds_args);
  dynstr_free(&conn_args);
@@ -1096,7 +1097,6 @@ int main(int argc, char **argv)
  if (opt_systables_only && !opt_silent)
  printf("The --upgrade-system-tables option was used, user tables won't be touched.\n");
 
-
  /*
  Read the mysql_upgrade_info file to check if mysql_upgrade
  already has been run for this installation of MySQL

cmake/dtrace.cmake

@@ -86,6 +86,9 @@ IF(ENABLE_DTRACE)
  ${CMAKE_BINARY_DIR}/include/probes_mysql_dtrace.h
  ${CMAKE_BINARY_DIR}/include/probes_mysql_nodtrace.h
  ) 
+ELSE()
+ CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/include/probes_mysql_nodtrace.h.in
+ ${CMAKE_BINARY_DIR}/include/probes_mysql_nodtrace.h COPYONLY)
 ENDIF()
 
 FUNCTION(DTRACE_INSTRUMENT target)

configure.cmake

@@ -790,16 +790,36 @@ ENDIF()
 #
 # Test for how the C compiler does inline, if at all
 #
+# SunPro is weird, apparently it only supports inline at -xO3 or -xO4.
+# And if CMAKE_C_FLAGS has -xO4 but CMAKE_C_FLAGS_${CMAKE_BUILD_TYPE} has -xO2
+# then CHECK_C_SOURCE_COMPILES will succeed but the built will fail.
+# We must test all flags here.
+# XXX actually, we can do this for all compilers, not only SunPro
+IF (CMAKE_CXX_COMPILER_ID MATCHES "SunPro" AND
+ CMAKE_GENERATOR MATCHES "Makefiles")
+ STRING(TOUPPER "CMAKE_C_FLAGS_${CMAKE_BUILD_TYPE}" flags)
+ SET(CMAKE_REQUIRED_FLAGS "${${flags}}")
+ENDIF()
 CHECK_C_SOURCE_COMPILES("
-static inline int foo(){return 0;}
+extern int bar(int x);
+static inline int foo(){return bar(1);}
 int main(int argc, char *argv[]){return 0;}"
  C_HAS_inline)
 IF(NOT C_HAS_inline)
  CHECK_C_SOURCE_COMPILES("
- static __inline int foo(){return 0;}
+ extern int bar(int x);
+ static __inline int foo(){return bar(1);}
  int main(int argc, char *argv[]){return 0;}"
  C_HAS___inline)
- SET(C_INLINE __inline)
+ IF(C_HAS___inline)
+ SET(C_INLINE __inline)
+ ElSE()
+ SET(C_INLINE)
+ MESSAGE(WARNING "C compiler does not support funcion inlining")
+ IF(NOT NOINLINE)
+ MESSAGE(FATAL_ERROR "Use -DNOINLINE=TRUE to allow compilation without inlining")
+ ENDIF()
+ ENDIF()
 ENDIF()
 
 IF(NOT CMAKE_CROSSCOMPILING AND NOT MSVC)

extra/yassl/README

@@ -12,6 +12,17 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.9 (12/01/2015)
+ This release of yaSSL fixes two client side Diffie-Hellman problems.
+ yaSSL was only handling the cases of zero or one leading zeros for the key
+ agreement instead of potentially any number. This caused about 1 in 50,000
+ connections to fail when using DHE cipher suites. The second problem was
+ the case where a server would send a public value shorter than the prime
+ value, causing about 1 in 128 client connections to fail, and also
+ caused the yaSSL client to read off the end of memory. All client side
+ DHE cipher suite users should update.
+ Thanks to Adam Langely (agl@imperialviolet.org) for the detailed report!
+
 yaSSL Release notes, version 2.3.8 (9/17/2015)
  This release of yaSSL fixes a high security vulnerability. All users
  SHOULD update. If using yaSSL for TLS on the server side with private

extra/yassl/include/crypto_wrapper.hpp

@@ -378,6 +378,7 @@ class DiffieHellman {
 
  uint get_agreedKeyLength() const;
  const byte* get_agreedKey() const;
+ uint get_publicKeyLength() const;
  const byte* get_publicKey() const;
  void makeAgreement(const byte*, unsigned int);
 

extra/yassl/include/openssl/ssl.h

@@ -34,7 +34,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.8"
+#define YASSL_VERSION "2.3.9"
 
 
 #if defined(__cplusplus)

extra/yassl/src/crypto_wrapper.cpp

@@ -751,9 +751,10 @@ struct DiffieHellman::DHImpl {
  byte* publicKey_;
  byte* privateKey_;
  byte* agreedKey_;
+ uint pubKeyLength_;
 
  DHImpl(TaoCrypt::RandomNumberGenerator& r) : ranPool_(r), publicKey_(0),
-  privateKey_(0), agreedKey_(0) {}
+ privateKey_(0), agreedKey_(0), pubKeyLength_(0) {}
  ~DHImpl() 
  { 
  ysArrayDelete(agreedKey_); 
@@ -762,7 +763,7 @@ struct DiffieHellman::DHImpl {
  }
 
  DHImpl(const DHImpl& that) : dh_(that.dh_), ranPool_(that.ranPool_),
-  publicKey_(0), privateKey_(0), agreedKey_(0)
+ publicKey_(0), privateKey_(0), agreedKey_(0), pubKeyLength_(0)
  {
  uint length = dh_.GetByteLength();
  AllocKeys(length, length, length);
@@ -810,7 +811,7 @@ DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g,
  using TaoCrypt::Integer;
 
  pimpl_->dh_.Initialize(Integer(p, pSz).Ref(), Integer(g, gSz).Ref());
- pimpl_->publicKey_ = NEW_YS opaque[pubSz];
+ pimpl_->publicKey_ = NEW_YS opaque[pimpl_->pubKeyLength_ = pubSz];
  memcpy(pimpl_->publicKey_, pub, pubSz);
 }
 
@@ -869,6 +870,10 @@ const byte* DiffieHellman::get_agreedKey() const
  return pimpl_->agreedKey_;
 }
 
+uint DiffieHellman::get_publicKeyLength() const
+{
+ return pimpl_->pubKeyLength_;
+}
 
 const byte* DiffieHellman::get_publicKey() const
 {

extra/yassl/src/yassl_imp.cpp

@@ -109,15 +109,12 @@ void ClientDiffieHellmanPublic::build(SSL& ssl)
  uint keyLength = dhClient.get_agreedKeyLength(); // pub and agree same
 
  alloc(keyLength, true);
- dhClient.makeAgreement(dhServer.get_publicKey(), keyLength);
+ dhClient.makeAgreement(dhServer.get_publicKey(),
+ dhServer.get_publicKeyLength());
  c16toa(keyLength, Yc_);
  memcpy(Yc_ + KEY_OFFSET, dhClient.get_publicKey(), keyLength);
 
- // because of encoding first byte might be zero, don't use it for preMaster
- if (*dhClient.get_agreedKey() == 0) 
- ssl.set_preMaster(dhClient.get_agreedKey() + 1, keyLength - 1);
- else
- ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
+ ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
 }
 
 
@@ -321,11 +318,7 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input)
  }
  dh.makeAgreement(Yc_, keyLength); 
 
- // because of encoding, first byte might be 0, don't use for preMaster 
- if (*dh.get_agreedKey() == 0) 
- ssl.set_preMaster(dh.get_agreedKey() + 1, dh.get_agreedKeyLength() - 1);
- else
- ssl.set_preMaster(dh.get_agreedKey(), dh.get_agreedKeyLength());
+ ssl.set_preMaster(dh.get_agreedKey(), dh.get_agreedKeyLength());
  ssl.makeMasterSecret();
 }
 

extra/yassl/src/yassl_int.cpp

@@ -807,6 +807,19 @@ void SSL::set_random(const opaque* random, ConnectionEnd sender)
 // store client pre master secret
 void SSL::set_preMaster(const opaque* pre, uint sz)
 {
+ uint i(0); // trim leading zeros
+ uint fullSz(sz);
+
+ while (i++ < fullSz && *pre == 0) {
+ sz--;
+ pre++;
+ }
+
+ if (sz == 0) {
+ SetError(bad_input);
+ return;
+ }
+
  secure_.use_connection().AllocPreSecret(sz);
  memcpy(secure_.use_connection().pre_master_secret_, pre, sz);
 }
@@ -924,6 +937,8 @@ void SSL::order_error()
 // Create and store the master secret see page 32, 6.1
 void SSL::makeMasterSecret()
 {
+ if (GetError()) return;
+
  if (isTLS())
  makeTLSMasterSecret();
  else {