"Grantor" columns' data is lost when replicating mysql.tables_priv.
Slave SQL thread used its default user ''@'' as the grantor of GRANT|REVOKE
statements executing on it.

In this patch, current user is put in query log event for all GRANT and REVOKE
statement, SQL thread uses the user in query log event as grantor.


mysql-test/suite/rpl/r/rpl_do_grant.result:
  Add test for this bug.
mysql-test/suite/rpl/t/rpl_do_grant.test:
  Add test for this bug.
sql/log_event.cc:
  Refactoring THD::current_user_used and related functions.
  current_user_used is used to judge if current user should be
  binlogged in query log event. So it is better to call it m_binlog_invoker.
  The related functions are renamed too.
sql/sql_class.cc:
  Refactoring THD::current_user_used and related functions.
  current_user_used is used to judge if current user should be
  binlogged in query log event. So it is better to call it m_binlog_invoker.
  The related functions are renamed too.
sql/sql_class.h:
  Refactoring THD::current_user_used and related functions.
  current_user_used is used to judge if current user should be
  binlogged in query log event. So it is better to call it m_binlog_invoker.
  The related functions are renamed too.
sql/sql_parse.cc:
  Call binlog_invoker() for GRANT and REVOKE statements.

          replication aborts

When recieving a 'SLAVE STOP' command, slave SQL thread will roll back the
transaction and stop immidiately if there is only transactional table updated,
even through 'CREATE|DROP TEMPOARY TABLE' statement are in it. But These
statements can never be rolled back. Because the temporary tables to the user
session mapping remain until 'RESET SLAVE', Therefore it will abort SQL thread
with an error that the table already exists or doesn't exist, when it restarts
and executes the whole transaction again.

After this patch, SQL thread always waits till the transaction ends and then stops,
if 'CREATE|DROP TEMPOARY TABLE' statement are in it.

mysql-test/extra/rpl_tests/rpl_stop_slave.test:
  Auxiliary file which is used to test this bug.
mysql-test/suite/rpl/t/rpl_stop_slave.test:
  Test case for this bug.
sql/slave.cc:
  Checking if OPTION_KEEP_LOG is set. If it is set, SQL thread should wait
  until the transaction ends.
sql/sql_parse.cc:
  Add a debug point for testing this bug.

        'CREATE TABLE IF NOT EXISTS ... SELECT' behaviour
BUG#55474, BUG#55499, BUG#55598, BUG#55616 and BUG#55777 are fixed
in this patch too.

This is the 5.1 part.
It implements:
- if the table exists, binlog two events: CREATE TABLE IF NOT EXISTS
  and INSERT ... SELECT

- Insert nothing and binlog nothing on master if the existing object
  is a view. It only generates a warning that table already exists.


mysql-test/r/trigger.result:
  Ather this patch, 'CREATE TABLE IF NOT EXISTS ... SELECT' will not
  insert anything if the creating table already exists and is a view.
sql/sql_class.h:
  Declare virtual function write_to_binlog() for select_insert.
  It's used to binlog 'create select'
sql/sql_insert.cc:
  Implement write_to_binlog();
  Use write_to_binlog() instead of binlog_query() to binlog the statement.
  if the table exists, binlog two events: CREATE TABLE IF NOT EXISTS
  and INSERT ... SELECT
sql/sql_lex.h:
  Declare create_select_start_with_brace and create_select_pos.
  They are helpful for binlogging 'create select'
sql/sql_parse.cc:
  Do nothing on master if the existing object is a view.
sql/sql_yacc.yy:
  Record the relative postion of 'SELECT' in the 'CREATE ...SELECT' statement.
  Record whether there is a '(' before the 'SELECT' clause.

/*![:version:] Query Code */, where [:version:] is a sequence of 5 
digits representing the mysql server version(e.g /*!50200 ... */),
is a special comment that the query in it can be executed on those 
servers whose versions are larger than the version appearing in the 
comment. It leads to a security issue when slave's version is larger 
than master's. A malicious user can improve his privileges on slaves. 
Because slave SQL thread is running with SUPER privileges, so it can
execute queries that he/she does not have privileges on master.

This bug is fixed with the logic below: 
- To replace '!' with ' ' in the magic comments which are not applied on
  master. So they become common comments and will not be applied on slave.

- Example:
  'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
  will be binlogged as
  'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/

mysql-test/suite/rpl/t/rpl_conditional_comments.test:
  Test the patch for this bug.
sql/mysql_priv.h:
  Rename inBuf as rawBuf and remove the const limitation.
sql/sql_lex.cc:
  To replace '!' with ' ' in the magic comments which are not applied on
  master.
sql/sql_lex.h:
  Remove the const limitation on parameter buff, as it can be modified in the function since
  this patch.
  Add member function yyUnput for Lex_input_stream. It set a character back the query buff.
sql/sql_parse.cc:
  Rename inBuf as rawBuf and remove the const limitation.
sql/sql_partition.cc:
  Remove the const limitation on parameter part_buff, as it can be modified in the function since
  this patch.
sql/sql_partition.h:
  Remove the const limitation on parameter part_buff, as it can be modified in the function since
  this patch.
sql/table.h:
  Remove the const limitation on variable partition_info, as it can be modified since
  this patch.

Fix warnings flagged by the new warning option -Wunused-but-set-variable
that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
option causes a warning whenever a local variable is assigned to but is
later unused. It also warns about meaningless pointer dereferences.

client/mysql.cc:
  Meaningless pointer dereferences.
client/mysql_upgrade.c:
  Check whether reading from the file succeeded.
extra/comp_err.c:
  Unused.
extra/yassl/src/yassl_imp.cpp:
  Skip instead of reading data that is discarded.
include/my_pthread.h:
  Variable is only used in debug builds.
include/mysys_err.h:
  Add new error messages.
mysys/errors.c:
  Add new error message for permission related functions.
mysys/mf_iocache.c:
  Variable is only checked under THREAD.
mysys/my_copy.c:
  Raise a error if chmod or chown fails.
mysys/my_redel.c:
  Raise a error if chmod or chown fails.
regex/engine.c:
  Use a equivalent variable for the assert.
server-tools/instance-manager/instance_options.cc:
  Unused.
sql/field.cc:
  Unused.
sql/item.cc:
  Unused.
sql/log.cc:
  Do not ignore the return value of freopen: only set buffer if
  reopening succeeds.
  
  Adjust doxygen comment to the right function.
  
  Pass message lenght to log function.
sql/mysqld.cc:
  Do not ignore the return value of freopen: only set buffer if
  reopening succeeds.
sql/partition_info.cc:
  Unused.
sql/slave.cc:
  No need to set pointer to the address of '\0'.
sql/spatial.cc:
  Unused. Left for historical purposes.
sql/sql_acl.cc:
  Unused.
sql/sql_base.cc:
  Pointers are always set to the same variables.
sql/sql_parse.cc:
  End statement if reading fails.
  
  Store the buffer after it has actually been updated.
sql/sql_repl.cc:
  No need to set pointer to the address of '\0'.
sql/sql_show.cc:
  Put variable under the same ifdef block.
sql/udf_example.c:
  Set null pointer flag appropriately.
storage/csv/ha_tina.cc:
  Meaningless dereferences.
storage/example/ha_example.cc:
  Return the error since it's available.
storage/myisam/mi_locking.c:
  Remove unused and dead code.

concurrently execute the statement XA START 'x', then mysqld
server could crash.

sql/sql_class.cc:
  xid_cache_insert: added checking for element in cache before
  insert it, return TRUE if such element already exists.
sql/sql_parse.cc:
  mysql_execute_command modified:
  * sequence of calls to xid_cache_search(..)/xid_cache_insert(...)
  replaced by call to xid_cache_insert(...) in alternative
  'case SQLCOM_XA_START:'
  * added comment to alternative 'case SQLCOM_XA_COMMIT:'.

DROP USER 
RENAME USER CURRENT_USER() ...
GRANT ... TO CURRENT_USER()
REVOKE ... FROM CURRENT_USER()
ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged
as 'CURRENT_USER()', it is not expanded to the real user name. When slave 
executes the log event, 'CURRENT_USER()' is expand to the user of slave 
SQL thread, but SQL thread's user name always NULL. This breaks the replication.

After this patch, session's user will be written into query log events 
if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer.


mysql-test/include/diff_tables.inc:
  Expend its abilities.
  Now it can diff not only in sessions of 'master' and 'slave', but 
  other sessions as well.
mysql-test/include/rpl_diff_tables.inc:
  Diff the same table between master and slaves.
sql/log_event.cc:
  session's user will be written into Query_log_event, if is_current_user_used() is TRUE.
  On slave SQL thread, Only thd->variables.current_user is written into Query_log_event,
  if it exists.
sql/sql_acl.cc:
  On slave SQL thread, grantor should copy from thd->variables.current_user, if it exists
sql/sql_class.h:
  On slave SQL thread, thd->variables.current_user is used to store the applying event's
  invoker.

DROP USER 
RENAME USER CURRENT_USER() ...
GRANT ... TO CURRENT_USER()
REVOKE ... FROM CURRENT_USER()
ALTER DEFINER = CURRENT_USER() EVENTbut, When these statements are binlogged, CURRENT_USER() just is binlogged
as 'CURRENT_USER()', it is not expanded to the real user name. When slave 
executes the log event, 'CURRENT_USER()' is expand to the user of slave 
SQL thread, but SQL thread's user name always NULL. This breaks the replication.

After this patch, session's user will be written into query log events 
if these statements call CURREN_USER() or 'ALTER EVENT' does not assign a definer.


mysql-test/include/diff_tables.inc:
  Expend its abilities.
  Now it can diff not only in sessions of 'master' and 'slave', but 
  other sessions as well.
sql/log_event.cc:
  session's user will be written into Query_log_event, if is_current_user_used() is TRUE.
  On slave SQL thread, Only thd->invoker is written into Query_log_event,
  if it exists.
sql/sql_acl.cc:
  On slave SQL thread, grantor should copy from thd->invoker, if it exists
sql/sql_class.h:
  On slave SQL thread, thd->invoker is used to store the applying event's
  invoker.

> ------------------------------------------------------------
> revno: 3367 [merge]
> revision-id: joro@sun.com-20100504140328-srxf3c088j2twnq6
> parent: kristofer.pettersson@sun.com-20100503172109-f9hracq5pqsaomb1
> parent: joro@sun.com-20100503151651-nakknn8amrapmdp7
> committer: Georgi Kodinov <joro@sun.com>
> branch nick: B53371-5.1-bugteam
> timestamp: Tue 2010-05-04 17:03:28 +0300
> message:
>   Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
>   
>   This is the 5.1 merge and extension of the fix.
>   The server was happily accepting paths in table name in all places a table
>   name is accepted (e.g. a SELECT). This allowed all users that have some 
>   privilege over some database to read all tables in all databases in all
>   mysql server instances that the server file system has access to.
>   Fixed by :
>   1. making sure no path elements are allowed in quoted table name when
>   constructing the path (note that the path symbols are still valid in table names
>   when they're properly escaped by the server).
>   2. checking the #mysql50# prefixed names the same way they're checked for
>   path elements in mysql-5.0.
> ------------------------------------------------------------
> Use --include-merges or -n0 to see merged revisions.

> ------------------------------------------------------------
> revno: 1810.3987.13
> revision-id: ramil@mysql.com-20100429044232-f0pkyx8fnpszf142
> parent: alexey.kopytov@sun.com-20100426200600-op06qy98llzpzgl1
> committer: Ramil Kalimullin <ramil@mysql.com>
> branch nick: b53237-5.0-bugteam
> timestamp: Thu 2010-04-29 08:42:32 +0400
> message:
>   Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
>   
>   Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
>   SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
>   checked for sanity. By sending long data for the table a buffer is overflown, which can
>   be used deliberately to include code that harms".
>   
>   Fix: check incoming data length.

The patch did not apply cleanly:
- Line numbers are completely off, roughly it is 2030 -> 1313
- What is called "pend" in the patch, is "arg_end" in the source.

            strict aliasing violations.

One somewhat major source of strict-aliasing violations and
related warnings is the SQL_LIST structure. For example,
consider its member function `link_in_list` which takes
a pointer to pointer of type T (any type) as a pointer to
pointer to unsigned char. Dereferencing this pointer, which
is done to reset the next field, violates strict-aliasing
rules and might cause problems for surrounding code that
uses the next field of the object being added to the list.

The solution is to use templates to parametrize the SQL_LIST
structure in order to deference the pointers with compatible
types. As a side bonus, it becomes possible to remove quite
a few casts related to acessing data members of SQL_LIST.

sql/handler.h:
  Use the appropriate template type argument.
sql/item.cc:
  Remove now-unnecessary cast.
sql/item_subselect.cc:
  Remove now-unnecessary casts.
sql/item_sum.cc:
  Use the appropriate template type argument.
  Remove now-unnecessary cast.
sql/mysql_priv.h:
  Move SQL_LIST structure to sql_list.h
  Use the appropriate template type argument.
sql/sp.cc:
  Remove now-unnecessary casts.
sql/sql_delete.cc:
  Use the appropriate template type argument.
  Remove now-unnecessary casts.
sql/sql_derived.cc:
  Remove now-unnecessary casts.
sql/sql_lex.cc:
  Remove now-unnecessary casts.
sql/sql_lex.h:
  SQL_LIST now takes a template type argument which must
  match the type of the elements of the list. Use forward
  declaration when the type is not available, it is used
  in pointers anyway.
sql/sql_list.h:
  Rename SQL_LIST to SQL_I_List. The template parameter is
  the type of object that is stored in the list.
sql/sql_olap.cc:
  Remove now-unnecessary casts.
sql/sql_parse.cc:
  Remove now-unnecessary casts.
sql/sql_prepare.cc:
  Remove now-unnecessary casts.
sql/sql_select.cc:
  Remove now-unnecessary casts.
sql/sql_show.cc:
  Remove now-unnecessary casts.
sql/sql_table.cc:
  Remove now-unnecessary casts.
sql/sql_trigger.cc:
  Remove now-unnecessary casts.
sql/sql_union.cc:
  Remove now-unnecessary casts.
sql/sql_update.cc:
  Remove now-unnecessary casts.
sql/sql_view.cc:
  Remove now-unnecessary casts.
sql/sql_yacc.yy:
  Remove now-unnecessary casts.
storage/myisammrg/ha_myisammrg.cc:
  Remove now-unnecessary casts.

when an out-of-supported-range date is detected.

            
Some of the server implementations don't support dates later
than 2038 due to the internal time type being 32 bit.
Added checks so that the server will refuse dates that cannot
be handled by either throwing an error when setting date at 
runtime or by refusing to start or shutting down the server if 
the system date cannot be stored in my_time_t.

Problem: one with SELECT privilege on some table may dump other table
performing COM_TABLE_DUMP command due to missed check of the table name.

Fix: check the table name.


sql/sql_parse.cc:
  Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
    - check given table name performing COM_TABLE_DUMP command.
tests/mysql_client_test.c:
  Fix for bug #53907: Table dump command can be abused to dump arbitrary tables.
    - test case.

This fixes a recently introduced regression, where a variable is
not defined for the embedded server. Although the embedded server
is not supported in 5.0, make it at least compile.

            Item_hex_string::Item_hex_string

The status of memory allocation in the Lex_input_stream (called
from the Parser_state constructor) was not checked which led to
a parser crash in case of the out-of-memory error.

The solution is to introduce new init() member function in
Parser_state and Lex_input_stream so that status of memory
allocation can be returned to the caller.

mysql-test/r/error_simulation.result:
  Added a test case for bug #42064.
mysql-test/t/error_simulation.test:
  Added a test case for bug #42064.
mysys/my_alloc.c:
  Added error injection code for the regression test.
mysys/my_malloc.c:
  Added error injection code for the regression test.
mysys/safemalloc.c:
  Added error injection code for the regression test.
sql/event_data_objects.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/mysqld.cc:
  Added error injection code for the regression test.
sql/sp.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_lex.cc:
  Moved memory allocation from constructor to the separate init()
  member function.
  Added error injection code for the regression test.
sql/sql_lex.h:
  Moved memory allocation from constructor to the separate init()
  member function.
sql/sql_parse.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_partition.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_prepare.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_trigger.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_view.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures..
sql/thr_malloc.cc:
  Added error injection code for the regression test.

This patch fixes two problems described as follows:

1 - If there is an on-going transaction and a temporary table is created or
dropped, any failed statement that follows the "create" or "drop commands"
triggers a rollback and by consequence the slave will go out sync because
the binary log will have a wrong sequence of events.

To fix the problem, we changed the expression that evaluates when the
cache should be flushed after either the rollback of a statment or
transaction.

2 - When a "CREATE TEMPORARY TABLE SELECT * FROM" was executed the
OPTION_KEEP_LOG was not set into the thd->options. For that reason, if
the transaction had updated only transactional engines and was rolled
back at the end (.e.g due to a deadlock) the changes were not written
to the binary log, including the creation of the temporary table.
      
To fix the problem, we have set the OPTION_KEEP_LOG into the thd->options
when a "CREATE TEMPORARY TABLE SELECT * FROM" is executed.

sql/log.cc:
  Reorganized the code based on the following functions:
  
  - bool ending_trans(const THD* thd, const bool all);
  - bool trans_has_updated_non_trans_table(const THD* thd);
  - bool trans_has_no_stmt_committed(const THD* thd, const bool all);
  - bool stmt_has_updated_non_trans_table(const THD* thd);
sql/log.h:
  Added functions to organize the code in log.cc.
sql/log_event.cc:
  Removed the OPTION_KEEP_LOG since it must be used only when
  creating and dropping temporary tables.
sql/log_event_old.cc:
  Removed the OPTION_KEEP_LOG since it must be used only when
  creating and dropping temporary tables.
sql/sql_parse.cc:
  When a "CREATE TEMPORARY TABLE SELECT * FROM" was executed the
  OPTION_KEEP_LOG was not set into the thd->options.
        
  To fix the problem, we have set the OPTION_KEEP_LOG into the
  thd->options when a "CREATE TEMPORARY TABLE SELECT * FROM"
  is executed.

      
MySQL handles the join syntax "JOIN ... USING( field1,
... )" and natural joins by building the same parse tree as
a corresponding join with an "ON t1.field1 = t2.field1 ..."
expression would produce. This parse tree was not cleaned up
properly in the following scenario. If a thread tries to
lock some tables and finds that the tables were dropped and
re-created while waiting for the lock, it cleans up column
references in the statement by means a per-statement free
list. But if the statement was part of a stored procedure,
column references on the stored procedure's free list
weren't cleaned up and thus contained pointers to freed
objects.
      
Fixed by adding a call to clean up the current prepared
statement's free list.

This is a backport from MySQL 5.1

revno: 2861
committer: Georgi Kodinov <joro@sun.com>
branch nick: B53371-5.0-bugteam
timestamp: Mon 2010-05-03 18:16:51 +0300
message:
  Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
  
  The server was not checking the supplied to COM_FIELD_LIST table name
  for validity and compliance to acceptable table names standards.
  Fixed by checking the table name for compliance similar to how it's 
  normally checked by the parser and returning an error message if 
  it's not compliant.

The server was not checking the supplied to COM_FIELD_LIST table name
for validity and compliance to acceptable table names standards.
Fixed by checking the table name for compliance similar to how it's 
normally checked by the parser and returning an error message if 
it's not compliant.

The server could be tricked to read packets indefinitely if it
received a packet larger than the maximum size of one packet.
This problem is aggravated by the fact that it can be triggered
before authentication.

The solution is to no skip big packets for non-authenticated
sessions. If a big packet is sent before a session is authen-
ticated, a error is returned and the connection is closed.

include/mysql_com.h:
  Add skip flag. Only used in server builds.
sql/net_serv.cc:
  Control whether big packets can be skipped.

Problem: "COM_FIELD_LIST is an old command of the MySQL server, before there was real move to only
SQL. Seems that the data sent to COM_FIELD_LIST( mysql_list_fields() function) is not
checked for sanity. By sending long data for the table a buffer is overflown, which can
be used deliberately to include code that harms".

Fix: check incoming data length.


sql/sql_parse.cc:
  Fix for bug #53237: mysql_list_fields/COM_FIELD_LIST stack smashing
    - check incoming mysql_list_fields() table name arg length.

> ------------------------------------------------------------
> revno: 3345.2.1
> revision-id: joro@sun.com-20100218084815-53nb9oonzd7r4gmj
> parent: sergey.glukhov@sun.com-20100217121457-jqx19u6x387rgk7e
> committer: Georgi Kodinov <joro@sun.com>
> branch nick: fix-5.1-bugteam
> timestamp: Thu 2010-02-18 10:48:15 +0200
> message:
>   Bug #51049: main.bug39022 fails in mysql-trunk-merge
>   
>   Fixed the test to behave correctly with ps-protocol
>   and binlog format row.

> ------------------------------------------------------------
> revno: 3333.1.6
> revision-id: joro@sun.com-20100129093628-sze9cv0neu0xbabm
> parent: davi.arnaut@sun.com-20100128215140-x0w6fe2de0b28opp
> committer: Georgi Kodinov <joro@sun.com>
> branch nick: B49552-5.1-bugteam
> timestamp: Fri 2010-01-29 11:36:28 +0200
> message:
>   Bug #49552 : sql_buffer_result cause crash + not found records
>     in multitable delete/subquery
>   
>   SQL_BUFFER_RESULT should not have an effect on non-SELECT 
>   statements according to our documentation.
>   Fixed by not passing it through to multi-table DELETE (similarly
>   to how it's done for multi-table UPDATE).

If the listed columns in the view definition of 
the table used in a 'INSERT .. SELECT ..'
statement mismatched, a debug assertion would
trigger in the cache invalidation code
following the failing statement.

Although the find_field_in_view() function
correctly generated ER_BAD_FIELD_ERROR during
setup_fields(), the error failed to propagate
further than handle_select(). This patch fixes
the issue by adding a check for the return
value.


mysql-test/r/query_cache_with_views.result:
  * added test for bug 46615
mysql-test/t/query_cache_with_views.test:
  * added test for bug 46615
sql/sql_parse.cc:
  * added check for handle_select() return code before attempting to invalidate the cache.

> ------------------------------------------------------------
> revno: 3302.1.1
> revision-id: kristofer.pettersson@sun.com-20100113113900-o3m4jcm4l6qzum57
> parent: dao-gang.qu@sun.com-20091231040419-i5dnn06ahs256qcy
> committer: Kristofer Pettersson <kristofer.pettersson@sun.com>
> branch nick: mysql-5.1-bugteam
> timestamp: Wed 2010-01-13 12:39:00 +0100
> message:
>   Bug#33982 debug assertion and crash reloading grant tables after sighup or kill
>   
>   In certain rare cases when a process was interrupted
>   during a FLUSH PRIVILEGES operation the diagnostic
>   area would be set to an error state but the function
>   responsible for the operation would still signal
>   success. This would lead to a debug assertion error
>   later on when the server would attempt to reset the
>   DA before sending the error message.
>   
>   This patch fixes the issue by assuring that
>   reload_acl_and_cache() always fails if an error
>   condition is raised.
>   
>   The second issue was that a KILL could cause
>   a console error message which referred to a DA
>   state without first making sure that such a
>   state existed.
>   
>   This patch fixes this issue in two different
>   palces by first checking DA state before
>   fetching the error message.
>   
>    

To 5.x Release
      
Notes
=====
      
This is a backport of BUG#23300 into 5.1 GA.
      
Original cset revid (in betony):
luis.soares@sun.com-20090929140901-s4kjtl3iiyy4ls2h

Description
===========
      
When using replication, the slave will not log any slow query
logs queries replicated from the master, even if the
option "--log-slow-slave-statements" is set and these take more
than "log_query_time" to execute.
                    
In order to log slow queries in replicated thread one needs to
set the --log-slow-slave-statements, so that the SQL thread is
initialized with the correct switch. Although setting this flag
correctly configures the slave thread option to log slow queries,
there is an issue with the condition that is used to check
whether to log the slow query or not. When replaying binlog
events the statement contains the SET TIMESTAMP clause which will
force the slow logging condition check to fail. Consequently, the
slow query logging will not take place.
                    
This patch addresses this issue by removing the second condition
from the log_slow_statements as it prevents slow queries to be
binlogged and seems to be deprecated.

  in multitable delete/subquery

SQL_BUFFER_RESULT should not have an effect on non-SELECT 
statements according to our documentation.
Fixed by not passing it through to multi-table DELETE (similarly
to how it's done for multi-table UPDATE).

Rename method as to not hide a base.
Reorder attributes initialization.
Remove unused variable.
Rework code to silence a warning due to assignment used as truth value.


sql/item_strfunc.cc:
  Rename method as to not hide a base.
sql/item_strfunc.h:
  Rename method as to not hide a base.
sql/log_event.cc:
  Reorder attributes initialization.
sql/rpl_injector.cc:
  Rework code to silence a warning due to assignment used as truth value.
sql/rpl_record.cc:
  Remove unused variable.
sql/sql_db.cc:
  Rework code to silence a warning due to assignment used as truth value.
sql/sql_parse.cc:
  Rework code to silence a warning due to assignment used as truth value.
sql/sql_table.cc:
  Rework code to silence a warning due to assignment used as truth value.

removed wrongly introduced strlen calls


sql/events.cc:
  removed wrongly introduced strlen calls
sql/mysql_priv.h:
  removed wrongly introduced strlen calls
sql/repl_failsafe.cc:
  removed wrongly introduced strlen calls
sql/sql_db.cc:
  removed wrongly introduced strlen calls
sql/sql_parse.cc:
  removed wrongly introduced strlen calls
sql/sql_show.cc:
  removed wrongly introduced strlen calls

'CREATE TABLE IF NOT EXISTS ... SELECT' statement were causing 'CREATE
TEMPORARY TABLE ...' to be written to the binary log in row-based 
mode (a.k.a. RBR), when there was a temporary table with the same name.
Because the 'CREATE TABLE ... SELECT' statement was executed as 
'INSERT ... SELECT' into the temporary table. Since in RBR mode no 
other statements related to temporary tables are written into binary log,
this sometimes broke replication.

This patch changes behavior of 'CREATE TABLE [IF NOT EXISTS] ... SELECT ...'.
it ignores existence of temporary table with the 
same name as table being created and is interpreted
as attempt to create/insert into base table. This makes behavior of
'CREATE TABLE [IF NOT EXISTS] ... SELECT' consistent with
how ordinary 'CREATE TABLE' and 'CREATE TABLE ... LIKE' behave.

In certain rare cases when a process was interrupted
during a FLUSH PRIVILEGES operation the diagnostic
area would be set to an error state but the function
responsible for the operation would still signal
success. This would lead to a debug assertion error
later on when the server would attempt to reset the
DA before sending the error message.

This patch fixes the issue by assuring that
reload_acl_and_cache() always fails if an error
condition is raised.

The second issue was that a KILL could cause
a console error message which referred to a DA
state without first making sure that such a
state existed.

This patch fixes this issue in two different
palces by first checking DA state before
fetching the error message.

 

sql/sql_acl.cc:
  * Make sure that there is an error to print before attempting to do so.
  * Minor style change: change 1 to TRUE for clarity.
sql/sql_parse.cc:
  * Always fail reload_acl_and_cache() if the query was killed.
sql/sql_servers.cc:
  * Make sure that there is an error to print before attempting to do so.

MySQL handles the join syntax "JOIN ... USING( field1,
... )" and natural joins by building the same parse tree as
a corresponding join with an "ON t1.field1 = t2.field1 ..."
expression would produce. This parse tree was not cleaned up
properly in the following scenario. If a thread tries to
lock some tables and finds that the tables were dropped and
re-created while waiting for the lock, it cleans up column
references in the statement by means a per-statement free
list. But if the statement was part of a stored procedure,
column references on the stored procedure's free list weren't
cleaned up and thus contained pointers to freed objects.

Fixed by adding a call to clean up the current prepared
statement's free list.


mysql-test/r/sp_sync.result:
  Bug#48157: Test case
mysql-test/t/sp_sync.test:
  Bug#48157: Test result
sql/item.h:
  Bug#48157: Commented field.
sql/sql_parse.cc:
  Bug#48157: Commented function.
sql/sql_update.cc:
  Bug#48157: fix

      
In statement-based or mixed-mode replication, use DROP TEMPORARY TABLE
to drop multiple tables causes different errors on master and slave, 
when one or more of these tables do not exist. Because when executed
on slave, it would automatically add IF EXISTS to the query to ignore
all ER_BAD_TABLE_ERROR errors.

To fix the problem, do not add IF EXISTS when executing DROP TEMPORARY
TABLE on the slave, and clear the ER_BAD_TABLE_ERROR error after
execution if the query does not expect any errors.


mysql-test/r/rpl_drop_temp.result:
  Updated for the patch of bug#49137.
mysql-test/t/rpl_drop_temp.test:
  Added the test file to verify if DROP MULTI TEMPORARY TABLE
  will cause different errors on master and slave, when one or
  more of these tables do not exist.
sql/log_event.cc:
  Added code to handle above cases which are
  removed from sql_parse.cc
sql/sql_parse.cc:
  Remove the code to issue the 'Unknown table' error,
  if the temporary table does not exist when dropping
  it on slave. The above cases decribed in comments
  will be handled later in log_event.cc.

added check_length optimization for I_S_NAME comparison


sql/event_data_objects.cc:
  added check_length optimization for I_S_NAME comparison
sql/events.cc:
  added check_length optimization for I_S_NAME comparison
sql/mysql_priv.h:
  added check_length optimization for I_S_NAME comparison
sql/repl_failsafe.cc:
  added check_length optimization for I_S_NAME comparison
sql/sql_db.cc:
  added check_length optimization for I_S_NAME comparison
sql/sql_parse.cc:
  added check_length optimization for I_S_NAME comparison
sql/sql_show.cc:
  added check_length optimization for I_S_NAME comparison
sql/sql_view.cc:
  added check_length optimization for I_S_NAME comparison
sql/table.cc:
  added check_length optimization for I_S_NAME comparison

           REORGANIZE PARTITION

There were several problems which lead to this this,
all related to bad error handling.

1) There was several bugs preventing the ddl-log to be used for
   cleaning up created files on error.

2) The error handling after the copy partition rows did not close
   and unlock the tables, resulting in deletion of partitions
   which were in use, which lead InnoDB to put the partition to
   drop in a background queue.

sql/ha_partition.cc:
  Bug#47343: InnoDB fails to clean-up after lock wait timeout on
             REORGANIZE PARTITION
  
  Better error handling, if partition has been created/opened/locked
  then make sure it is unlocked and closed before returning error.
  The delete of the newly created partition is handled by the ddl-log.
sql/sql_parse.cc:
  Bug#47343: InnoDB fails to clean-up after lock wait timeout on
             REORGANIZE PARTITION
  
  Fix a bug found when experimenting, thd could really be NULL here,
  as mentioned in the function header.
sql/sql_partition.cc:
  Bug#47343: InnoDB fails to clean-up after lock wait timeout on
             REORGANIZE PARTITION
  
  Used the correct .frm shadow name to put into the ddl-log.
  Really use the ddl-log to handle errors.
sql/sql_table.cc:
  Bug#47343: InnoDB fails to clean-up after lock wait timeout on
             REORGANIZE PARTITION
  
  Fixes of the ddl-log when used as error recovery (no crash).
  When executing an entry from memory (not read from disk)
  the name_len was not set correctly.

The problem is a somewhat common misusage of the strmake function.
The strmake(dst, src, len) function writes at most /len/ bytes to
the string pointed to by src, not including the trailing null byte.
Hence, if /len/ is the exact length of the destination buffer, a
one byte buffer overflow can occur if the length of the source
string is equal to or greater than /len/.

client/mysqldump.c:
  Make room for the trailing null byte.
libmysql/libmysql.c:
  Add comment, there is enough room in the buffer.
  Increase buffer length, two strings are concatenated.
libmysqld/lib_sql.cc:
  Make room for the trailing null byte.
mysys/default.c:
  Make room for the trailing null bytes.
mysys/mf_pack.c:
  Make room for the trailing null byte.
server-tools/instance-manager/commands.cc:
  Copy only if overflow isn't possible in both cases.
server-tools/instance-manager/listener.cc:
  Make room for the trailing null byte.
sql/log.cc:
  Make room for the trailing null byte.
sql/sp_pcontext.h:
  Cosmetic fix.
sql/sql_acl.cc:
  MAX_HOSTNAME already specifies space for the trailing null byte.
sql/sql_parse.cc:
  Make room for the trailing null byte.
sql/sql_table.cc:
  Make room for the trailing null byte.