Log message:
mysql57: updated to 5.7.37

Changes in MySQL 5.7.37

Audit Log Notes

Previously, each event logged by MySQL Enterprise Audit included the SQL \ 
statement literal text. To provide an alternative (because it is possible that \ 
statements contain sensitive information), the audit log filtering language now \ 
supports logging a statement's digest rather than its literal text. For example, \ 
instead of logging this statement:

SELECT * FROM orders WHERE some_sensitive_column=1234567
The audit log plugin can log this digest:

SELECT * FROM `orders` WHERE `some_sensitive_column` = ?
This is similar to what is already logged for prepared statements, for which \ 
parameter markers appear rather than actual data values.

To perform digest logging, use audit filter definitions that replace the \ 
statement literal text by its corresponding digest, as discussed in Replacement \ 
of Event Field Values.

Because text replacement occurs at an early auditing stage (during filtering), \ 
the choice of whether to log statement literal text or digest values applies \ 
regardless of log format written later (that is, whether the audit log plugin \ 
produces XML or JSON output).

Compilation Notes

Binary packages that include curl rather than linking to the system curl library \ 
have been upgraded to use curl 7.80.0.

SQL Function and Operator Notes

Queries making use of the MBRContains() function did not employ all available \ 
spatial indexes.

The FORMAT() function returned a formatted number without showing the thousands \ 
separator and grouping between separators when either the es_ES or es_MX locale \ 
was specified.

Packaging Notes

The GnuPG build key used to sign MySQL downloadable packages has been updated. \ 
The previous GnuPG build key is set to expire on 2022-02-16. For information \ 
about verifying the integrity and authenticity of MySQL downloadable packages \ 
using GnuPG signature checking, or to obtain a copy of our public GnuPG build \ 
key, see Signature Checking Using GnuPG.

Due to the GnuPG key update, systems configured to use repo.mysql.com may report \ 
a signature verification error when upgrading to MySQL 5.7.37 and higher or to \ 
MySQL 8.0.28 and higher using apt or yum. Use one of the following methods to \ 
resolve this issue:

Manually reinstall the MySQL APT or YUM repository setup package from \ 
https://dev.mysql.com/downloads/.

Download the MySQL GnuPG public key and add it your system GPG keyring.

For MySQL APT repository instructions, see Appendix A: Adding and Configuring \ 
the MySQL APT Repository Manually.

For MySQL YUM repository instructions, see Upgrading MySQL with the MySQL Yum \ 
Repository.

Bugs Fixed

InnoDB: The buf_validate() function in the InnoDB sources was optimized, \ 
improving performance on debug builds.

Thanks to Hobert Lu for the contribution.

Partitioning: Creating a table with nondeterministic functions in generated \ 
column expressions should not be possible, but this was not enforced in all \ 
cases; a series of one or more ALTER TABLE statements could be employed to \ 
arrive at a partitioned table with one or more such generated columns. When \ 
attempting to execute the CREATE TABLE statement obtained by running SHOW CREATE \ 
TABLE against this table, MySQL rejected the statement with a misleading error \ 
message referring to the partitioning expression rather than to the problematic \ 
column, despite the fact that the partitioning expression itself was legal.

This was caused by the result of a check for any unsafe expressions defined for \ 
a generated column (in the internal variable thd->safe_to_cache_query), which \ 
was later checked again without being cleared while parsing the partition \ 
expression, leading to an error even when the partition expression did not refer \ 
to the problematic generated column expression. Now in such cases, we reset \ 
thd->safe_to_cache_query before parsing the partition function.

The issue of allowing the use of certain nondeterminstic functions \ 
(AES_ENCRYPT(), AES_DECRYPT(), RANDOM_BYTES()) in generated columns is handled \ 
separately.

Partitioning: A query using an index other than the primary key of a partitioned \ 
table sometimes resulted in excessive CPU load.

Replication: When the PAD_CHAR_TO_FULL_LENGTH SQL mode was enabled on a replica \ 
server, trailing spaces could be added to a replication channel’s name in the \ 
replication metadata repository tables, resulting in errors in replication \ 
operations that identified the channel using that data. The issue has now been \ 
fixed in MySQL 8.0 by using VARCHAR for character columns, and in MySQL 5.7 by \ 
disabling the SQL mode when reading from those tables. Thanks to Brian Yue for \ 
the contribution.

MySQL 5.7 did not handle the thread_stack variable in the same manner as MySQL \ 
5.6 or MySQL 8.0.

It was possible in some cases to create a generated column of type SERIAL, which \ 
is not allowed.

See Numeric Data Type Syntax, and CREATE TABLE and Generated Columns, for more \ 
information

Statements which commit a transaction implicitly or explicitly are not allowed \ 
inside a trigger or a stored function. Both CREATE TRIGGER and CREATE FUNCTION \ 
should report an error (ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG) in this case, but \ 
did not correctly handle DROP TABLESPACE.

The MySQL session used for online keyring migration was not closed gracefully \ 
after the migration was complete, resulting in an “Aborted connection” note \ 
being printed to the error log.

SHOW PROCESSLIST could read freed memory when accessing the query string \ 
belonging to a connection that was in the process of deleting a prepared \ 
statement.

Privileges were not checked correctly for ALTER USER ... IDENTIFIED WITH ... BY.

Log message:
*: Recursive revbump from boost 1.78.0

Log message:
mysql57-client: Support OpenSSL 3.

Log message:
databases: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (some may be only fetched
conditionally):

./databases/cstore/distinfo D6.data.ros.gz
./databases/cstore/distinfo cstore0.2.tar.gz
./databases/cstore/distinfo data4.tar.gz

Log message:
mysql57: updated to 5.7.36

Changes in MySQL 5.7.36

Security Notes

Bugs Fixed

Security Notes

The linked OpenSSL library for MySQL Server has been updated to version 1.1.1l. \ 
Issues fixed in the new OpenSSL version are described at \ 
https://www.openssl.org/news/cl111.txt and and \ 
http://www.openssl.org/news/vulnerabilities.html.

Bugs Fixed

Incompatible Change: For all SELECT statements on a view, the query digest was \ 
based on the view definition. As a result, different queries had the same digest \ 
and aggregated together in the Performance Schema table \ 
events_statements_summary_by_digest, so statistics in that table were not usable \ 
for distinguishing distinct SELECT statements.

The query digest for each SELECT statement on a view now is based on the SELECT, \ 
not the view definition. This enables distinguishing distinct SELECT statements \ 
in the events_statements_summary_by_digest table. However, tools that use query \ 
digests may need some adjustment to account for this change. For example, MySQL \ 
Enterprise Firewall and query rewrite plugins rely on query digests and existing \ 
rules for them that are associated with views may need to be updated.

InnoDB: With undo log truncation enabled (innodb_undo_log_truncate=ON), it was \ 
possible for a deadlock and eventual failure to occur when an undo log truncate \ 
operation was initiated after a version upgrade from MySQL 5.6 to MySQL 5.7.34 \ 
or earlier. A patch introduced in MySQL 5.7.35

[Note] InnoDB: Found duplicate reference rseg: 33 space: 1 page: 3
[Note] InnoDB: Reset pre-5.7.2 rseg: 1 after duplicate is found.
If pre-5.7.2 rollback segment slots have no undo data to purge, a message \ 
similar to the following is emitted:

[Note] InnoDB: Successfully reset 32 pre-5.7.2 rseg slots.
If undo data is found in pre-5.7.2 rollback segment slots, a message similar to \ 
the following is emitted recommending a slow shutdown and restart:

[Note] InnoDB: pre-5.7.2 rseg: 2 holds data to be purged.
History length: 1. Recommend slow shutdown with innodb_fast_shutdown=0 and restart

InnoDB: Truncation of an undo tablespace during use by an active transaction \ 
raised an assertion failure. The transaction was prematurely marked as complete, \ 
permitting the truncation operation.

InnoDB: Deleting or updating a row from a parent table initiated a cascading SET \ 
NULL operation on the child table that set a virtual column value to NULL. The \ 
virtual column value should have been derived from the base column value.

Thanks to Yin Peng at Tencent for the contribution.

InnoDB: The InnoDB recovery process did not recognize that page compression had \ 
been applied to data that was being recovered, causing the tablespace data file \ 
to increase in size during the redo log apply phase, which could lead to a \ 
recovery failure for systems approaching a disk-full state.

Replication: The error messages issued by MySQL Replication when GTIDs required \ 
for auto-positioning have been purged could be incorrectly assigned or scrambled \ 
in some situations.

Replication: The contents of the gtid_executed and gtid_purged GTID sets were \ 
not persisted after restoring a dump taken using mysqldump. The dump file \ 
sequence has now been changed so that the mysql schema (which contains the \ 
mysql.gtid_executed table) is not dropped after the gtid_purged GTID set is \ 
written. A new option --skip-mysql-schema is added for mysqldump which lets you \ 
choose not to drop the mysql schema at all.

JSON: Conversion of JSON values to text caused linear growth of the destination \ 
string, resulting in an unnecessarily high number of reallocations. Now this \ 
process uses exponential growth instead, to reduce the number of allocations \ 
required.

This fix originally appeared in MySQL 8.0 and was backported to MySQL 5.7 by \ 
Annirudh Prasad, whom we thank for the contribution.

Concurrent insert operations on multiple tables with full-text indexes caused a \ 
large number of full-text index synchronization requests, resulting in an out of \ 
memory condition.

When a query uses a temporary table for aggregation, the group by item is used \ 
as a unique constraint on the temporary table: If the item value is already \ 
present, the row is updated; otherwise, a new row is inserted into the temporary \ 
table. If the item has a result field or reference item, it it evaluated twice, \ 
once to check whether the result exists in the temporary table and, if not, \ 
again while constructing the row to be inserted. When the group by item was \ 
nondeterministic, the result value used to check for existence differed from \ 
that with which an insert was attempted, causing the insert to be rejected if \ 
the value already existed in the table.

We fix this by using the hash of any nondeterministic items as the unique \ 
constraint, so that the hash is evaluated once only.

Quote handling was improved for the SHOW GRANTS statement.

Log message:
databases: Remove SHA1 distfile hashes

Log message:
revbump for boost-libs

Log message:
mysql57: updated to 5.7.35

Changes in MySQL 5.7.35 (2021-07-20, General Availability)

Audit Log Notes

Deprecation and Removal Notes

Packaging Notes

Bugs Fixed

Audit Log Notes

For MySQL Enterprise Audit, the new audit_log_format_unix_timestamp system \ 
variable enables inclusion of a time field in each audit record. The field value \ 
is an integer that represents the UNIX timestamp value indicating the date and \ 
time when the audit event was generated. The time field is supported only for \ 
JSON-format log files.

Deprecation and Removal Notes

The TLSv1 and TLSv1.1 connection protocols now are deprecated and support for \ 
them is subject to removal in a future MySQL version. (For background, refer to \ 
the IETF memo Deprecating TLSv1.0 and TLSv1.1.) It is recommended that \ 
connections be made using the more-secure TLSv1.2 and TLSv1.3 protocols. TLSv1.3 \ 
requires that both the MySQL server and the client application be compiled with \ 
OpenSSL 1.1.1 or higher.

On the server side, this deprecation has the following effects:

If the tls_version system variable is assigned a value containing a deprecated \ 
TLS protocol during server startup, the server writes a warning for each \ 
deprecated protocol to the error log.

If a client successfully connects using a deprecated TLS protocol, the server \ 
writes a warning to the error log.

On the client side, the deprecation has no visible effect. Clients do not issue \ 
a warning if configured to permit a deprecated TLS protocol. This includes:

Client programs that support a --tls-version option for specifying TLS protocols \ 
for connections to the MySQL server.

Statements that enable replicas to specify TLS protocols for connections to the \ 
source server. (CHANGE MASTER TO has a MASTER_TLS_VERSION option.)

Packaging Notes

Binary packages that include curl rather than linking to the system curl library \ 
have been upgraded to use curl 7.77.0.

The bundled lz4 library was upgraded to version 1.9.3.

Bugs Fixed

InnoDB: A deadlock between a user thread and purge thread involving a undo log \ 
page and rollback segment page occurred after an undo tablespace truncate \ 
operation was initiated. The deadlock caused a long semaphore wait and an \ 
eventual failure.

InnoDB: An integer underflow issue was addressed in the InnoDB mecached plugin \ 
sources.

InnoDB: An index with a key prefix length greater than 767 bytes was permitted \ 
on a table defined with the REDUNDANT row format, exceeding the index key prefix \ 
length limit for that row format. The ALTER TABLE operation that added the index \ 
validated the index key prefix length for the row format defined by the \ 
innodb_default_row_format variable instead of the actual row format of the \ 
table. The fix ensures that index key prefix length is validated for the correct \ 
row format.

InnoDB: An online buffer pool resizing operation freed the previous buffer pool \ 
page hash, conflicting with a concurrent buffer pool lookup that required the \ 
previous page hash.

InnoDB: Numerous system temporary table pages at the tail of the buffer pool \ 
flush list caused a performance degradation. The flush_list_mutex was held while \ 
the flush list scan traversed over system temporary table pages. The flush list \ 
scan now excludes system temporary table pages.

InnoDB: A binary log rotation deadlock occurred on a system using \ 
statement-based replication where there was high number of concurrent update \ 
operations and low innodb_thread_concurrency setting.

Replication: When the system variable \ 
replication_optimize_for_static_plugin_config was set, the plugins for Group \ 
Replication and semi-synchronous replication could not be uninstalled cleanly on \ 
server shutdown.

Replication: A deadlock could occur when START GROUP_REPLICATION and STOP \ 
GROUP_REPLICATION statements were issued at the same time that a view change was \ 
taking place for the group.

Replication: A deadlock could occur if a STOP GROUP_REPLICATION statement was \ 
issued when a replication channel on a group member was attempting to commit a \ 
transaction. The server now rolls back the transaction immediately if it cannot \ 
acquire the relevant lock, rather than waiting for the lock and the commit to \ 
complete and causing the deadlock.

Replication: On a multithreaded replica, the reference to the active event was \ 
sometimes managed incorrectly when retrying a transaction.

Replication: Replica servers now check and validate the transaction ID part of a \ 
GTID before applying and committing the transaction associated with it.

Replication: Replication could stop on a multithreaded replica if a unique \ 
secondary key was omitted from the writeset hashes used to compute transaction \ 
dependencies, leading to errors when executing the transactions on the \ 
multithreaded replica. Write set hashes now always include unique secondary keys \ 
even if they are not included in the read set and write set.

JSON: Passing NULL to a stored procedure expecting a JSON parameter led to an \ 
assertion failure in debug builds.

Replication could fail if a DML statement was executed immediately after an XA \ 
transaction was rejected or forced to rollback due to a deadlock.

The mysql_change_user() C API function did not properly parse the \ 
COM_CHANGE_USER packet, which could result in silent failure to process optional \ 
query attributes that may have been supplied prior to the mysql_change_user() \ 
call. Thanks for René Cannaò for the contribution.

Repreparation of a prepared statement at the beginning of an implicit \ 
transaction could cause an ER_GTID_NEXT_TYPE_UNDEFINED_GROUP error.

An out-of-memory error occurred when loading large amounts of data into tables \ 
with full-text search indexes. Not all of the memory allocated to the full-text \ 
search cache was accounted for when inserting data into the full-text search \ 
auxiliary tables.

A secondary index over a virtual column became corrupted when the index was \ 
built online.

For UPDATE statements, we fix this as follows: If the virtual column value of \ 
the index record is set to NULL, then we generate this value from the cluster \ 
index record.

Boolean system variables could be assigned a negative value.