Changeset: 4c591abef122 for MonetDB URL: https://dev.monetdb.org/hg/MonetDB/rev/4c591abef122 Branch: literal_features Log Message:
merge with default diffs (truncated from 7976 to 300 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -814,3 +814,4 @@ 1efa83c6409769d13b2ee30e497d5f7ab42fa955 6f88424ebfd9d82c072cf21d89070e04321983da Jun2023_11 6f88424ebfd9d82c072cf21d89070e04321983da Jun2023_SP2_release e6eb06773c17035954ac5d001cfe1f09ff3425cc Jun2023_13 +5683fd900f28d65ad7c98d1ed1efd992023a7fa4 Jun2023_15 diff --git a/MonetDB.spec b/MonetDB.spec --- a/MonetDB.spec +++ b/MonetDB.spec @@ -867,6 +867,17 @@ fi %endif %changelog +* Thu Nov 09 2023 Sjoerd Mullender <sjo...@acm.org> - 11.47.15-20231109 +- Rebuilt. +- GH#7410: SIGSEGV cause database corruption + +* Tue Nov 7 2023 Sjoerd Mullender <sjo...@acm.org> - 11.47.15-20231109 +- gdk: When saving the SQL catalog during a low-level commit, we should + only save the part of the catalog that corresponds to the part of the + write-ahead log that has been processed. What we did was save more, + which resulted in the catalog containing references to tables and + columns whose disk presence is otherwise only in the write-ahead log. + * Fri Nov 03 2023 Sjoerd Mullender <sjo...@acm.org> - 11.47.13-20231103 - Rebuilt. - GH#7300: Implement missing standard SQL DATE and TIMESTAMP functions diff --git a/clients/Tests/exports.stable.out b/clients/Tests/exports.stable.out --- a/clients/Tests/exports.stable.out +++ b/clients/Tests/exports.stable.out @@ -730,9 +730,10 @@ msettings_error msetting_set_named(msett const char *msetting_string(const msettings *mp, mparm parm); long msettings_connect_binary(const msettings *mp); const char *msettings_connect_certhash_digits(const msettings *mp); +const char *msettings_connect_clientcert(const msettings *mp); +const char *msettings_connect_clientkey(const msettings *mp); long msettings_connect_port(const msettings *mp); bool msettings_connect_scan(const msettings *mp); -const char *msettings_connect_sockdir(const msettings *mp); const char *msettings_connect_tcp(const msettings *mp); enum msetting_tls_verify msettings_connect_tls_verify(const msettings *mp); const char *msettings_connect_unix(const msettings *mp); diff --git a/clients/examples/C/testsfile.c b/clients/examples/C/testsfile.c --- a/clients/examples/C/testsfile.c +++ b/clients/examples/C/testsfile.c @@ -235,6 +235,10 @@ handle_expect_command(const char *locati return expect_string(location, MP_UNKNOWN, msettings_connect_certhash_digits, value); if (strcmp("connect_binary", key) == 0) return expect_long(location, MP_UNKNOWN, msettings_connect_binary, value); + if (strcmp("connect_clientkey", key) == 0) + return expect_string(location, MP_UNKNOWN, msettings_connect_clientkey, value); + if (strcmp("connect_clientcert", key) == 0) + return expect_string(location, MP_UNKNOWN, msettings_connect_clientcert, value); const mparm parm = mparm_parse(key); if (parm == MP_UNKNOWN) { diff --git a/clients/examples/python/mclient-python3.py b/clients/examples/python/mclient-python3.py --- a/clients/examples/python/mclient-python3.py +++ b/clients/examples/python/mclient-python3.py @@ -65,7 +65,7 @@ def main() : line = fi.readline() if encoding != 'utf-8': prompt = str(prompt, 'utf-8').encode(encoding, 'replace') - while line and line != "\q\n": + while line and line != "\\q\n": if encoding != 'utf-8': line = str(line, encoding).encode('utf-8') res = s.cmd('s' + line) diff --git a/clients/mapiclient/mclient.1 b/clients/mapiclient/mclient.1 --- a/clients/mapiclient/mclient.1 +++ b/clients/mapiclient/mclient.1 @@ -212,7 +212,7 @@ The possible values are .BR expanded , .BR x , .BR csv , -.BR csv-noquote , +.BR csv\-noquote , .BR tab , .BR raw , .BR xml , @@ -221,7 +221,7 @@ and .BR rowcount . .B csv is comma-separated values; -.B csv-noquote +.B csv\-noquote is comma-separated values without escaping any quotes; .B tab is tab-separated values; @@ -248,7 +248,7 @@ is a variation on where only the number of affected rows is printed. Normal \fBcsv\fP and \fBtab\fP formatting will use double quotes around any fields that contain double quotes, white space or the -separator. The \fBcsv-noquote\fP format will prevent that and dump +separator. The \fBcsv\-noquote\fP format will prevent that and dump the contents of the field without any interpretation. In addition to plain \fBcsv\fP, two other forms are possible. \fBcsv=\fP\fIc\fP uses \fIc\fP as column separator; \fBcsv+\fP\fIc\fP @@ -539,7 +539,7 @@ in the above query can also be a URL. I .IR e . g ., .IR https://www.example.org/dumpdata.csv . .PP -See https://www.monetdb.org/documentation/user-guide/sql-manual/data-loading/copy-from/ +See https://www.monetdb.org/documentation/user\-guide/sql\-manual/data\-loading/copy\-from/ for more information about the COPY INTO query. .SH SEE ALSO .IR msqldump (1), diff --git a/clients/mapilib/Tests/systemcertificates.py b/clients/mapilib/Tests/systemcertificates.py --- a/clients/mapilib/Tests/systemcertificates.py +++ b/clients/mapilib/Tests/systemcertificates.py @@ -25,13 +25,20 @@ HOST = 'python.org' # Run mclient cmd = ['mclient', '-L-', '-d', f"monetdbs://{HOST}:443/demo"] proc = subprocess.run(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE) -assert proc.returncode == 2, f"mclient is supposed to exit with status 2, not {proc.returncode}" +if proc.returncode != 2: + msg = str(proc.stderr, 'utf-8') + print(f"mclient is supposed to exit with status 2, not {proc.returncode}.\n--- stderr ---\n{msg}\n---end stderr ---", file=sys.stderr) + exit(1) -# We expect the server to send something like 'HTTP/1.1 400 Bad Request' -# libmapi will interpret the first two bytes as a block header. +# After the TLS handshake succeeds we expect the server to send something like +# 'HTTP/1.1 400 Bad Request' because we're sending \x00\x00 instead of an HTTP +# request. libmapi will interpret the first two bytes 'H' and 'T' as an invalid +# block header. # -# In ASCII, 'H' + 256 * 'T' is 21576. -if b'21576' not in proc.stderr: +# In ASCII, 'H' + 256 * 'T' == 72 + 256 * 84 == 21576. +tls_works_but_mapi_fails = b'21576' in proc.stderr + +if not tls_works_but_mapi_fails: msg = str(proc.stderr, 'utf-8') print(f"Expected mclient to print an error message containing the number 21576, got:\n--- stderr ---\n{msg}\n---end stderr ---", file=sys.stderr) exit(1) diff --git a/clients/mapilib/Tests/tests.md b/clients/mapilib/Tests/tests.md --- a/clients/mapilib/Tests/tests.md +++ b/clients/mapilib/Tests/tests.md @@ -258,6 +258,7 @@ EXPECT port=-1 EXPECT database= EXPECT tableschema= EXPECT table= +EXPECT binary=on ``` ### sock @@ -272,6 +273,15 @@ ACCEPT monetdb:///?sock=C:\TEMP\sock EXPECT sock=C:\TEMP\sock ``` +### sockdir + +```test +EXPECT sockdir=/tmp +ACCEPT monetdb:///demo?sockdir=/tmp/nonstandard +EXPECT sockdir=/tmp/nonstandard +EXPECT connect_unix=/tmp/nonstandard/.s.monetdb.50000 +``` + ### cert ```test @@ -321,15 +331,40 @@ REJECT monetdbs:///?certhash={sha99}X ```test EXPECT clientkey= +EXPECT clientcert= ACCEPT monetdbs:///?clientkey=/tmp/clientkey.pem EXPECT clientkey=/tmp/clientkey.pem ACCEPT monetdbs:///?clientkey=C:\TEMP\clientkey.pem EXPECT clientkey=C:\TEMP\clientkey.pem ``` -### clientcert +```test +EXPECT connect_clientkey= +EXPECT connect_clientcert= +``` + +```test +SET clientkey=/tmp/key.pem +SET clientcert=/tmp/cert.pem +EXPECT valid=true +EXPECT connect_clientkey=/tmp/key.pem +EXPECT connect_clientcert=/tmp/cert.pem +``` ```test +SET clientkey=/tmp/key.pem +EXPECT valid=true +EXPECT connect_clientkey=/tmp/key.pem +EXPECT connect_clientcert=/tmp/key.pem +``` + +```test +SET clientcert=/tmp/cert.pem +EXPECT valid=false +``` + +```test +SET clientkey=dummy EXPECT clientcert= ACCEPT monetdbs:///?clientcert=/tmp/clientcert.pem EXPECT clientcert=/tmp/clientcert.pem @@ -471,14 +506,8 @@ ACCEPT monetdb:///?binary=0100 EXPECT connect_binary=100 ``` -We take empty to be 'on' - ```test -ACCEPT monetdb:///?binary= -EXPECT connect_binary=65535 -``` - -```test +REJECT monetdb:///?binary= REJECT monetdb:///?binary=-1 REJECT monetdb:///?binary=1.0 REJECT monetdb:///?binary=banana @@ -1129,6 +1158,21 @@ EXPECT connect_tcp=not.localhost REJECT monetdbs://not.localhost/?sock=/a/path ``` +### sock and sockdir + +Sockdir only applies to implicit Unix domain sockets, +not to ones that are given explicitly + +```test +EXPECT sockdir=/tmp +EXPECT port=-1 +EXPECT host= +EXPECT connect_unix=/tmp/.s.monetdb.50000 +SET sockdir=/somewhere/else +EXPECT connect_unix=/somewhere/else/.s.monetdb.50000 +SET port=12345 +EXPECT connect_unix=/somewhere/else/.s.monetdb.12345 +``` ## Legacy URL's diff --git a/clients/mapilib/Tests/tlssecurity.py b/clients/mapilib/Tests/tlssecurity.py --- a/clients/mapilib/Tests/tlssecurity.py +++ b/clients/mapilib/Tests/tlssecurity.py @@ -75,7 +75,10 @@ def attempt(experiment: str, portname: s logging.debug(f"cmd={cmd}") proc = subprocess.run(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE) logging.debug(f"mclient exited with code {proc.returncode}, err={proc.stderr}") - assert proc.returncode == 2, f"mclient is supposed to exit with status 2, not {proc.returncode}" + if proc.returncode != 2: + msg = str(proc.stderr, 'utf-8') + print(f"mclient is supposed to exit with status 2, not {proc.returncode}.\n--- stderr ---\n{msg}\n---end stderr ---", file=sys.stderr) + assert proc.returncode == 2, f"mclient is supposed to exit with status 2, not {proc.returncode}" output = str(proc.stderr, 'utf-8').rstrip() actual_error = None if 'Sorry, this is not' in output else output diff --git a/clients/mapilib/Tests/tlstester.py b/clients/mapilib/Tests/tlstester.py --- a/clients/mapilib/Tests/tlstester.py +++ b/clients/mapilib/Tests/tlstester.py @@ -26,6 +26,8 @@ from threading import Thread import threading from typing import Any, Callable, Dict, List, Optional, Tuple, Union +# Our TLS implementation never uses anything less than TLSv1.3. +assert ssl.HAS_TLSv1_3 import warnings with warnings.catch_warnings(): @@ -434,10 +436,14 @@ def make_context(allowtlsv12 = False): if hasattr(context, 'minimum_version'): context.maximum_version = ssl.TLSVersion.TLSv1_3 - if allowtlsv12: - context.minimum_version = ssl.TLSVersion.TLSv1_2 - else: - context.minimum_version = ssl.TLSVersion.TLSv1_3 + try: + if allowtlsv12: + context.minimum_version = ssl.TLSVersion.TLSv1_2 + else: + context.minimum_version = ssl.TLSVersion.TLSv1_3 + except ValueError as e: + log.error(f"Setting context.minimum_version caused ValueError. Python version {sys.version!r}, linked to OpenSSL {ssl.OPENSSL_VERSION} ({ssl.OPENSSL_VERSION_NUMBER:#x})") + raise e return context diff --git a/clients/mapilib/connect_openssl.c b/clients/mapilib/connect_openssl.c --- a/clients/mapilib/connect_openssl.c +++ b/clients/mapilib/connect_openssl.c @@ -24,6 +24,7 @@ #include <stdarg.h> #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/x509v3.h> _______________________________________________ checkin-list mailing list -- checkin-list@monetdb.org To unsubscribe send an email to checkin-list-le...@monetdb.org