Feb
26
2013
--

Announcing Percona Server for MySQL version 5.5.29-30.0

Percona is glad to announce the release of Percona Server for MySQL version 5.5.29-30.0 on February 26th, 2013 (Downloads are available here and from the Percona Software Repositories). Based on MySQL 5.5.29, including all the bug fixes in it, Percona Server 5.5.29-30.0 is now the current stable release in the 5.5 series. All of Percona‘s software is open-source and free, all the details of the release can be found in the 5.5.29-30.0 milestone at Launchpad.

New Features:

  • Ported the Thread Pool patch from MariaDB. This feature enables the server to keep the top performance even with the increased number of client connections.
  • New user statements have been introduced for handling the XtraDB changed page tracking log files.
  • In addition to the –debug build option for build-binary.sh script, new –valgrind option has been introduced, which will build debug builds with the Valgrind instrumentation enabled.

Bugs Fixed:

  • Ported a fix from MariaDB for the upstream bug #67974, which caused server crash on concurrent ALTER TABLE and SHOW ENGINE INNODB STATUS. Bug fixed #1017192 (Sergei Glushchenko).
  • The server could crash when executing an INSERT or UPDATE statement containing BLOB values for a compressed table. This regression was introduced in Percona Server 5.5.28-29.2. Bug fixed #1100159 (Laurynas Biveinis).
  • Upstream bug #67983 was causing a memory leak on a filtered slave. Bug fixed #1042946 (Sergei Glushchenko).
  • Percona Server would fail to install on a vanilla Ubuntu 12.04 server. Bug fixed #1103655 (Ignacio Nin).
  • The master thread was doing dirty buffer pool flush list reads to make its adaptive flushing decisions. Fixed by acquiring the flush list mutex around the list scans. Bug fixed #1083058 (Laurynas Biveinis).
  • Upstream changes made to improve InnoDB DROP TABLE performance were not adjusted for XtraDB. This could cause server assertion errors. Bugs fixed #934377, bug #1111211, bug #1116447 and #1110102 (Laurynas Biveinis).
  • The XtraDB used to print the open read view list without taking the kernel mutex. Thus any list element might become invalid during its iteration. Fixed by taking the kernel mutex. Bug fixed #1101030 (Laurynas Biveinis).
  • When option innodb_flush_method=O_DIRECT was set up, log bitmap files were created and treated as InnoDB data files for flushing purposes, which wasn’t original intention. Bug fixed #1105709 (Laurynas Biveinis).
  • INFORMATION_SCHEMA plugin name innodb_changed_pages serves also as a command line option, but it is also a prefix of another command line option innodb_changed_pages_limit. MySQL option handling would then shadow the former with the latter, resulting in start up errors. Fixed by renaming the innodb_changed_pages_limit option to innodb_max_changed_pages. Bug fixed #1105726 (Laurynas Biveinis).
  • Time in slow query log was displayed incorrectly when slow_query_log_timestamp_precision variable was set to microseconds. Bug fixed #887928 (Laurynas Biveinis).
  • Writing bitmap larger than 4GB would cause write to fail. Also a write error for every bitmap page, except the first one, would result in a heap corruption. Bug fixed #1111226 (Laurynas Biveinis).
  • Fixed the upstream bug #67504 that caused spurious duplicate key errors. Errors would happen if a trigger is fired while a slave was processing replication events for a table that is present only on slave server while there are updates on the replicated table on the master which is used in that trigger. For this to happen master needs to have more than one auto-increment table and the slave needs to have at least one of those tables specified in the replicate-ignore-table. Bug fixed #1068210 (George Ormond Lorch III).
  • Fixed failing rpm builds, that were caused by missing files. Bug fixed #1099809 (Alexey Bychko).
  • Fixed the upstream #68116 that caused the server crash with assertion error when InnoDB monitor with verbose lock info was used under heavy load. This bug is affecting only -debug builds. Bug fixed #1100178 (Laurynas Biveinis).
  • XtraDB changed page tracking wasn’t compatible with innodb_force_recovery=6. When starting the server log tracking initialization would fail. The server would abort on startup. Bug fixed #1083596 (Laurynas Biveinis).
  • Newly created bitmap file would silently overwrite the old one if they had the same file name. Bug fixed #1111144 (Laurynas Biveinis).
  • A server would stop with an assertion error in I/O and AIO routines if large innodb_log_block_size value is used in the combination with changed page tracking. Bug fixed #1114612 (Laurynas Biveinis).
  • InnoDB monitor was prefetching the data pages for printing lock information even if no lock information was going to be printed. Bug fixed #1100643 (Laurynas Biveinis).
  • InnoDB and the query plan information were being logged even if they weren’t enabled for the slow query log. Bug fixed #730173 (Laurynas Biveinis).
  • Fixed the incorrect help text for slow_query_log_timestamp_precision. Bug fixed #1090965 (Laurynas Biveinis).

Other bug fixes: bug fixed #909376 (Laurynas Biveinis), bug fixed #1082437 (Laurynas Biveinis), bug fixed #1083669 (Laurynas Biveinis), bug fixed #1096904 (Laurynas Biveinis), bug fixed #1091712 (Laurynas Biveinis), bug fixed #1096899 (Laurynas Biveinis), bug fixed #1088954 (Laurynas Biveinis), bug fixed #1096895 (Laurynas Biveinis), bug fixed #1092142 (Laurynas Biveinis), bug fixed #1090874 (Laurynas Biveinis), bug fixed #1089961 (Laurynas Biveinis), bug fixed #1088867 (Laurynas Biveinis), bug fixed #1089031 (Laurynas Biveinis), bug fixed #1108874 (Laurynas Biveinis).

Release notes for Percona Server 5.5.29-30.0 are available in our online documentation. Bugs can be reported on the launchpad bug tracker.

The post Announcing Percona Server for MySQL version 5.5.29-30.0 appeared first on MySQL Performance Blog.

Jan
12
2013
--

CVE-2012-4414 strikes back in MySQL 5.5.29 (and what we’re doing in Percona Server 5.5.29)

In preparing Percona Server 5.5.29 (not yet released, but soon), I filed MySQL bug 68045 (is marked private as it’s a security bug). This bug is in relation to the Oracle fix for CVE-2012-4414 and a problem I found with it. The MariaDB fix (which we incorporated into Percona Server 5.5.28-29.3) is not affected.

When the MariaDB team fixed CVE-2012-4414 they created a test case named rpl_mdev382.test which can be found in MariaDB and Percona Server sources. It is named after the designation in their bug database, MDEV-382.  Having a public test case for such a bug is very important, it means that anyone can verify if their MySQL server is vulnerable, after all, many people run their own patches. It allows Linux distributions to check that what they ship is okay or not which typically includes a few patches on top of the base distribution.

Sadly, Oracle did not run the MariaDB test against their own fix for this bug. While there are many reasons why Oracle does not take patches (that no user cares about), having Oracle re-implement bug fixes is really just a waste of Oracle time and money rather than anybody else’s. However, in this instance, even though they didn’t publish a test case (presumably they have one internally), we still have a test case courtesy of the MariaDB developers.

I used the MariaDB test case against my branch that updated Percona Server to be based on MySQL 5.5.29 and I noticed it failed. I then tried the test case on stock MySQL 5.5.29 (the Oracle provided binaries); it also failed.

Basically, the following snippet from rpl_mdev382:

eval LOAD DATA INFILE '$MYSQLTEST_VARDIR/tmp/f''le.txt' INTO TABLE `t``1`
  FIELDS TERMINATED BY ',' ESCAPED BY '\\\\' ENCLOSED BY ''''
  LINES TERMINATED BY '\\n'
  (`a``1`, @`b```) SET `b``2` = @`b```, `c``3` = concat('|', "b""a'z", "!");

becomes this error in the slave:

Last_Error Error 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`) SET `b``2`= @`b```, `c``3`= concat('|', "b""a'z", "!")' at line 1' on query. Default database: 'db1`; SELECT 'oops!''. Query: 'LOAD DATA INFILE '../../tmp/SQL_LOAD-2-1-1.data' INTO TABLE `t``1` FIELDS TERMINATED BY ',' ENCLOSED BY '\'' ESCAPED BY '\\' LINES TERMINATED BY '\n' (`a``1`, @b`) SET `b``2`= @`b```, `c``3`= concat('|', "b""a'z", "!")'

Which (check it if you like), means that the Oracle fix is incorrect and ruins quoting in this situation, which then breaks statement based replication. Users of MariaDB and Percona Server are not affected, only MySQL 5.5.29 users are.

For Percona Server 5.5.29, we are planning to just keep the MariaDB based fix. Once Oracle fixes this bug, we may re-evaluate that (in order to keep a smaller delta from MySQL) but for our next release, we would prefer not to expose our users to a regression.

The post CVE-2012-4414 strikes back in MySQL 5.5.29 (and what we’re doing in Percona Server 5.5.29) appeared first on MySQL Performance Blog.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com