mariadb is vulnerable to CVE-2021-27928 (RCE)

+++ b/gnu/packages/databases.scm

+    (replacement mariadb/fixed)

+(define mariadb/fixed

+  (package/inherit mariadb

+    (version "10.5.9")

+    (source (origin

+              (method url-fetch)

+              (uri (string-append "https://downloads.mariadb.com/MariaDB"

+                                  "/mariadb-" version "/source/mariadb-"

+                                  version ".tar.gz"))

+              (sha256

+               (base32

+                "1kv8226ydyh4nyfx432dxqdkbry92c92bwlc33f1y56yp2p1kas0"))

+              (modules '((guix build utils)))

+              (snippet

+               '(begin

+                  ;; Delete bundled snappy and xz.

+                  (delete-file-recursively "storage/tokudb/PerconaFT/third_party")

+                  (substitute* "storage/tokudb/PerconaFT/CMakeLists.txt"

+                    ;; This file checks that the bundled sources are present and

+                    ;; declares build procedures for them.

+                    (("^include\\(TokuThirdParty\\)") ""))

+                  (substitute* "storage/tokudb/PerconaFT/ft/CMakeLists.txt"

+                    ;; Don't attempt to use the procedures we just removed.

+                    ((" build_lzma build_snappy") ""))

+

+                  ;; Preserve CMakeLists.txt for these.

+                  (for-each (lambda (file)

+                              (unless (string-suffix? "CMakeLists.txt" file)

+                                (delete-file file)))

+                            (append (find-files "extra/wolfssl")

+                                    (find-files "zlib")))

+                  #t))))))

+

+++ b/gnu/local.mk

+  %D%/packages/patches/mariadb-CVE-2021-27928.patch		\

+++ b/gnu/packages/databases.scm

+    (replacement mariadb/fixed)

+(define-public mariadb/fixed

+  (package

+    (inherit mariadb)

+    (source (origin

+              (method url-fetch)

+              (uri (string-append "https://downloads.mariadb.com/MariaDB"

+                                  "/mariadb-" version "/source/mariadb-"

+                                  version ".tar.gz"))

+              (sha256

+               (base32

+                "1s3vfm73911cddjhgpcbkya6nz7ag2zygg56qqzwscn5ybv28j7b"))

+              (modules '((guix build utils)))

+              (snippet

+               '(begin

+                  ;; Delete bundled snappy and xz.

+                  (delete-file-recursively "storage/tokudb/PerconaFT/third_party")

+                  (substitute* "storage/tokudb/PerconaFT/CMakeLists.txt"

+                    ;; This file checks that the bundled sources are present and

+                    ;; declares build procedures for them.

+                    (("^include\\(TokuThirdParty\\)") ""))

+                  (substitute* "storage/tokudb/PerconaFT/ft/CMakeLists.txt"

+                    ;; Don't attempt to use the procedures we just removed.

+                    ((" build_lzma build_snappy") ""))

+

+                  ;; Preserve CMakeLists.txt for these.

+                  (for-each (lambda (file)

+                              (unless (string-suffix? "CMakeLists.txt" file)

+                                (delete-file file)))

+                            (append (find-files "extra/wolfssl")

+                                    (find-files "zlib")))

+                  #t))

+              (patches (search-patches "mariadb-CVE-2021-27928.patch"))))))

+

+++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch

+From ce3a2a688db556d8d077a409fd9bf5cc013d13dd Mon Sep 17 00:00:00 2001

+From: Sergei Golubchik <serg@mariadb.org>

+Date: Thu, 18 Feb 2021 14:20:48 +0100

+Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only

+

+this should simplify run-time cluster management

+---

+ mysql-test/suite/galera/disabled.def          |  2 +

+ .../galera/include/galera_load_provider.inc   |  1 -

+ .../galera/include/galera_unload_provider.inc |  3 +-

+ .../suite/galera/r/galera_ist_rsync.result    |  2 +-

+ .../galera/r/galera_sst_mysqldump.result      |  2 +-

+ .../suite/galera/r/mysql-wsrep#33.result      |  2 +-

+ .../suite/sys_vars/r/sysvars_wsrep.result     |  4 +-

+ .../sys_vars/r/wsrep_notify_cmd_basic.result  | 47 -----------------

+ .../sys_vars/r/wsrep_provider_basic.result    | 40 ---------------

+ .../r/wsrep_provider_options_basic.result     | 49 ------------------

+ .../sys_vars/t/wsrep_notify_cmd_basic.test    | 43 ----------------

+ .../sys_vars/t/wsrep_provider_basic.test      | 39 --------------

+ .../t/wsrep_provider_options_basic.test       | 51 -------------------

+ mysql-test/suite/wsrep/disabled.def           |  2 +

+ mysql-test/suite/wsrep/r/variables.result     | 12 ++---

+ mysql-test/suite/wsrep/t/variables.test       | 34 +++----------

+ sql/sys_vars.cc                               |  4 +-

+ 17 files changed, 24 insertions(+), 313 deletions(-)

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

+

+diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def

+index 7fe03a9422013..a063e17d46533 100644

+--- a/mysql-test/suite/galera/disabled.def

++++ b/mysql-test/suite/galera/disabled.def

+@@ -30,3 +30,5 @@ partition : MDEV-19958 Galera test failure on galera.partition

+ query_cache: MDEV-15805 Test failure on galera.query_cache

+ sql_log_bin : MDEV-21491 galera.sql_log_bin

+ versioning_trx_id: MDEV-18590: galera.versioning_trx_id: Test failure: mysqltest: Result content mismatch

++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons

++pxc-421: wsrep_provider is read-only for security reasons

+diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc

+index aeab7e6ea199f..e6ce6411193c2 100644

+--- a/mysql-test/suite/galera/include/galera_load_provider.inc

++++ b/mysql-test/suite/galera/include/galera_load_provider.inc

+@@ -1,7 +1,6 @@

+ --echo Loading wsrep provider ...

+ 

+ --disable_query_log

+---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig';

+ --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig';

+ --enable_query_log

+ 

+diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc

+index edc7eb31e0e21..83438a947f03e 100644

+--- a/mysql-test/suite/galera/include/galera_unload_provider.inc

++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc

+@@ -1,7 +1,6 @@

+ --echo Unloading wsrep provider ...

+ 

+ --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address`

+---let $wsrep_provider_orig = `SELECT @@wsrep_provider`

+ --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options`

+ 

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result

+index 8a7c02ab1b6d9..80a28d349baed 100644

+--- a/mysql-test/suite/galera/r/galera_ist_rsync.result

++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result

+@@ -21,7 +21,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result

+index 5c530c32ce695..6bdc933a9fca7 100644

+--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result

++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result

+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result

+index 6a5251204b9bb..4cc49c0cf0790 100644

+--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result

++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result

+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

+index e54afd2d64a24..67e1540531311 100644

+--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

+@@ -349,7 +349,7 @@ NUMERIC_MIN_VALUE	NULL

+ NUMERIC_MAX_VALUE	NULL

+ NUMERIC_BLOCK_SIZE	NULL

+ ENUM_VALUE_LIST	NULL

+-READ_ONLY	NO

++READ_ONLY	YES

+ COMMAND_LINE_ARGUMENT	REQUIRED

+ VARIABLE_NAME	WSREP_ON

+ SESSION_VALUE	OFF

+@@ -405,7 +405,7 @@ NUMERIC_MIN_VALUE	NULL

+ NUMERIC_MAX_VALUE	NULL

+ NUMERIC_BLOCK_SIZE	NULL

+ ENUM_VALUE_LIST	NULL

+-READ_ONLY	NO

++READ_ONLY	YES

+ COMMAND_LINE_ARGUMENT	REQUIRED

+ VARIABLE_NAME	WSREP_PROVIDER_OPTIONS

+ SESSION_VALUE	NULL

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

+deleted file mode 100644

+index 056ff8c817b0f..0000000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

++++ /dev/null

+@@ -1,47 +0,0 @@

+-#

+-# wsrep_notify_cmd

+-#

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-# save the initial value

+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;

+-# default

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-

+-

+-# scope

+-SELECT @@session.wsrep_notify_cmd;

+-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable

+-SET @@global.wsrep_notify_cmd='notify_cmd';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-notify_cmd

+-

+-# valid values

+-SET @@global.wsrep_notify_cmd='command';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-command

+-SET @@global.wsrep_notify_cmd='hyphenated-command';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-hyphenated-command

+-SET @@global.wsrep_notify_cmd=default;

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-

+-SET @@global.wsrep_notify_cmd=NULL;

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-NULL

+-

+-# invalid values

+-SET @@global.wsrep_notify_cmd=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd'

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-NULL

+-

+-# restore the initial value

+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

+deleted file mode 100644

+index 3e4ac8ca88362..0000000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

++++ /dev/null

+@@ -1,40 +0,0 @@

+-#

+-# wsrep_provider

+-#

+-# save the initial value

+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;

+-# default

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# scope

+-SELECT @@session.wsrep_provider;

+-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# valid values

+-SET @@global.wsrep_provider=default;

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# invalid values

+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';

+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so'

+-SET @@global.wsrep_provider=NULL;

+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL'

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-SET @@global.wsrep_provider=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider'

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# restore the initial value

+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

+deleted file mode 100644

+index b2e07c55b38cf..0000000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

++++ /dev/null

+@@ -1,49 +0,0 @@

+-#

+-# wsrep_provider_options

+-#

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-SET @@global.wsrep_provider =  @@global.wsrep_provider;

+-# save the initial value

+-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options;

+-# default

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-

+-# scope

+-SELECT @@session.wsrep_provider_options;

+-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable

+-SET @@global.wsrep_provider_options='option1';

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-option1

+-

+-# valid values

+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-name1=value1;name2=value2

+-SET @@global.wsrep_provider_options='hyphenated-name:value';

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-hyphenated-name:value

+-SET @@global.wsrep_provider_options=default;

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-

+-# invalid values

+-SET @@global.wsrep_provider_options=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options'

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-SET @@global.wsrep_provider_options=NULL;

+-Got one of the listed errors

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-NULL

+-

+-# restore the initial value

+-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved;

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

+deleted file mode 100644

+index 6d1535ba1482d..0000000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

++++ /dev/null

+@@ -1,43 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_notify_cmd

+---echo #

+-

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-

+---echo # save the initial value

+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;

+-

+---echo # default

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd='notify_cmd';

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # valid values

+-SET @@global.wsrep_notify_cmd='command';

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd='hyphenated-command';

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd=default;

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd=NULL;

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_notify_cmd=1;

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # restore the initial value

+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

+deleted file mode 100644

+index 1190ab41bb053..0000000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

++++ /dev/null

+@@ -1,39 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_provider

+---echo #

+-

+---echo # save the initial value

+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;

+-

+---echo # default

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_provider;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # valid values

+-SET @@global.wsrep_provider=default;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_VALUE_FOR_VAR

+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';

+---error ER_WRONG_VALUE_FOR_VAR

+-SET @@global.wsrep_provider=NULL;

+-SELECT @@global.wsrep_provider;

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_provider=1;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # restore the initial value

+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

+deleted file mode 100644

+index d2ea32a063786..0000000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

++++ /dev/null

+@@ -1,51 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_provider_options

+---echo #

+-

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-

+-SET @@global.wsrep_provider =  @@global.wsrep_provider;

+-

+---echo # save the initial value

+-SET @wsrep_provider_options_global_saved = @@global.wsrep_provider_options;

+-

+---echo # default

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_provider_options;

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='option1';

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # valid values

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';

+-SELECT @@global.wsrep_provider_options;

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='hyphenated-name:value';

+-SELECT @@global.wsrep_provider_options;

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options=default;

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_provider_options=1;

+-SELECT @@global.wsrep_provider_options;

+---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options=NULL;

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # restore the initial value

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options = @wsrep_provider_options_global_saved;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def

+index 11577bfe8b007..3d204db694580 100644

+--- a/mysql-test/suite/wsrep/disabled.def

++++ b/mysql-test/suite/wsrep/disabled.def

+@@ -10,3 +10,5 @@

+ #

+ ##############################################################################

+ 

++

++mdev_6832: wsrep_provider is read-only for security reasons

+diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result

+index 9ef1b3290afd6..8bb0b426380a1 100644

+--- a/mysql-test/suite/wsrep/r/variables.result

++++ b/mysql-test/suite/wsrep/r/variables.result

+@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON;

+ ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL

+ SET GLOBAL wsrep_replicate_myisam= ON;

+ SET GLOBAL wsrep_replicate_myisam= OFF;

+-SET GLOBAL wsrep_provider=none;

+ #

+ # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of

+ # variables when using "_"

+@@ -26,7 +25,6 @@ wsrep_local_state_comment	#

+ # Should show nothing.

+ SHOW STATUS LIKE 'x';

+ Variable_name	Value

+-SET GLOBAL wsrep_provider=none;

+ 

+ SHOW STATUS LIKE 'wsrep_local_state_uuid';

+ Variable_name	Value

+@@ -35,7 +33,6 @@ wsrep_local_state_uuid	#

+ SHOW STATUS LIKE 'wsrep_last_committed';

+ Variable_name	Value

+ wsrep_last_committed	#

+-SET GLOBAL wsrep_provider=none;

+ 

+ #

+ # MDEV#6206: wsrep_slave_threads subtracts from max_connections

+@@ -49,7 +46,7 @@ SELECT @@global.wsrep_slave_threads;

+ 1

+ SELECT @@global.wsrep_cluster_address;

+ @@global.wsrep_cluster_address

+-

++gcomm://

+ SELECT @@global.wsrep_on;

+ @@global.wsrep_on

+ 1

+@@ -58,14 +55,14 @@ Variable_name	Value

+ Threads_connected	1

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ Variable_name	Value

+-wsrep_thread_count	0

++wsrep_thread_count	2

+ 

+ SELECT @@global.wsrep_provider;

+ @@global.wsrep_provider

+ libgalera_smm.so

+ SELECT @@global.wsrep_cluster_address;

+ @@global.wsrep_cluster_address

+-

++gcomm://

+ SELECT @@global.wsrep_on;

+ @@global.wsrep_on

+ 1

+@@ -74,11 +71,10 @@ Variable_name	Value

+ Threads_connected	1

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ Variable_name	Value

+-wsrep_thread_count	0

++wsrep_thread_count	2

+ 

+ # Setting wsrep_cluster_address triggers the creation of

+ # applier/rollbacker threads.

+-SET GLOBAL wsrep_cluster_address= 'gcomm://';

+ # Wait for applier thread to get created 1.

+ # Wait for applier thread to get created 2.

+ SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';

+diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test

+index 5ab0eb68505a7..1a3bd62b16489 100644

+--- a/mysql-test/suite/wsrep/t/variables.test

++++ b/mysql-test/suite/wsrep/t/variables.test

+@@ -22,7 +22,7 @@ SET GLOBAL wsrep_replicate_myisam= ON;

+ 

+ # Reset it back.

+ SET GLOBAL wsrep_replicate_myisam= OFF;

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+ --echo #

+ --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of

+@@ -31,13 +31,9 @@ SET GLOBAL wsrep_provider=none;

+ 

+ CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*");

+ 

+---disable_result_log

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ --let $galera_version=25.3.24

+ source include/check_galera_version.inc;

+---enable_result_log

+---enable_query_log

+ 

+ --replace_column 2 #

+ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';

+@@ -46,11 +42,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';

+ SHOW STATUS LIKE 'x';

+ 

+ # Reset it back.

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ # The following 2 variables are used by mariabackup

+ # SST.

+@@ -62,7 +56,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid';

+ SHOW STATUS LIKE 'wsrep_last_committed';

+ 

+ # Reset it back.

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+ --echo

+ --echo #

+@@ -70,9 +64,7 @@ SET GLOBAL wsrep_provider=none;

+ --echo #

+ call mtr.add_suppression("WSREP: Failed to get provider options");

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ --replace_regex /.*libgalera_smm.*/libgalera_smm.so/

+ SELECT @@global.wsrep_provider;

+@@ -83,9 +75,7 @@ SHOW STATUS LIKE 'threads_connected';

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ --echo

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ --replace_regex /.*libgalera_smm.*/libgalera_smm.so/

+ SELECT @@global.wsrep_provider;

+@@ -97,7 +87,7 @@ SHOW STATUS LIKE 'wsrep_thread_count';

+ 

+ --echo # Setting wsrep_cluster_address triggers the creation of

+ --echo # applier/rollbacker threads.

+-SET GLOBAL wsrep_cluster_address= 'gcomm://';

++#SET GLOBAL wsrep_cluster_address= 'gcomm://';

+ 

+ --echo # Wait for applier thread to get created 1.

+ --let $wait_timeout=600

+@@ -159,14 +149,6 @@ SET @@global.wsrep_sst_auth= NULL;

+ SELECT @@global.wsrep_sst_auth;

+ SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved;

+ 

+-# Reset (for mtr internal checks)

+---disable_query_log

+-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved;

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved;

+-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved;

+---enable_query_log

+-

+ --source include/galera_wait_ready.inc

+ 

+ --echo # End of test.

+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc

+index baf27a7d0af92..e4de3d8d0aa1a 100644

+--- a/sql/sys_vars.cc

++++ b/sql/sys_vars.cc

+@@ -4958,7 +4958,7 @@ static Sys_var_tz Sys_time_zone(

+ 

+ static Sys_var_charptr Sys_wsrep_provider(

+        "wsrep_provider", "Path to replication provider library",

+-       PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),

++       PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),

+        IN_FS_CHARSET, DEFAULT(WSREP_NONE),

+        NO_MUTEX_GUARD, NOT_IN_BINLOG,

+        ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update));

+@@ -5171,7 +5171,7 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows (

+ 

+ static Sys_var_charptr Sys_wsrep_notify_cmd(

+        "wsrep_notify_cmd", "",

+-       GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG),

++       READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG),

+        IN_SYSTEM_CHARSET, DEFAULT(""));

+ 

+ static Sys_var_mybool Sys_wsrep_certify_nonPK(

+++ b/gnu/local.mk

+  %D%/packages/patches/mariadb-CVE-2021-27928.patch		\

+++ b/gnu/packages/databases.scm

+    (replacement mariadb/fixed)

+(define mariadb/fixed

+  (package

+    (inherit mariadb)

+    (source (origin

+              (inherit (package-source mariadb))

+              (patches (search-patches "mariadb-CVE-2021-27928.patch"))))))

+

+++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch

+From 7580701e6279900fec40822952a3b874732289cf Mon Sep 17 00:00:00 2001

+From: Sergei Golubchik <serg@mariadb.org>

+Date: Thu, 18 Feb 2021 14:20:48 +0100

+Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only

+

+this should simplify run-time cluster management

+---

+ mysql-test/suite/galera/disabled.def          |  2 +

+ .../galera/include/galera_load_provider.inc   | 19 --------

+ .../galera/include/galera_unload_provider.inc |  3 +-

+ .../suite/galera/r/galera_ist_rsync.result    |  2 +-

+ .../galera/r/galera_sst_mysqldump.result      |  2 +-

+ .../suite/galera/r/mysql-wsrep#33.result      |  2 +-

+ .../suite/sys_vars/r/sysvars_wsrep.result     |  4 +-

+ .../sys_vars/r/wsrep_notify_cmd_basic.result  | 47 -------------------

+ .../sys_vars/r/wsrep_provider_basic.result    | 40 ----------------

+ .../r/wsrep_provider_options_basic.result     | 46 ------------------

+ .../sys_vars/t/wsrep_notify_cmd_basic.test    | 43 -----------------

+ .../sys_vars/t/wsrep_provider_basic.test      | 39 ---------------

+ .../t/wsrep_provider_options_basic.test       | 41 ----------------

+ mysql-test/suite/wsrep/disabled.def           |  2 +

+ mysql-test/suite/wsrep/r/variables.result     | 12 ++---

+ mysql-test/suite/wsrep/t/variables.test       | 32 +++----------

+ sql/sys_vars.cc                               |  8 ++--

+ 17 files changed, 25 insertions(+), 319 deletions(-)

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

+ delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

+

+diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def

+index d940c702d54..83f26e81636 100644

+--- a/mysql-test/suite/galera/disabled.def

++++ b/mysql-test/suite/galera/disabled.def

+@@ -49,3 +49,5 @@ partition : MDEV-19958 Galera test failure on galera.partition

+ query_cache: MDEV-15805 Test failure on galera.query_cache

+ sql_log_bin : MDEV-21491 galera.sql_log_bin

+ versioning_trx_id : MDEV-18590 galera.versioning_trx_id

++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons

++pxc-421: wsrep_provider is read-only for security reasons

+diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc

+index 0f843597d9c..28010cc5b71 100644

+--- a/mysql-test/suite/galera/include/galera_load_provider.inc

++++ b/mysql-test/suite/galera/include/galera_load_provider.inc

+@@ -1,25 +1,6 @@

+ --echo Loading wsrep provider ...

+ 

+ --disable_query_log

+---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig';

+-

+-#

+-# count occurences of successful node starts in error log

+-#

+-perl;

+-  use strict;

+-   my $test_log=$ENV{'LOG_FILE'} or die "LOG_FILE not set";

+-   my $test_log_copy=$test_log . '.copy';

+-   if (-e $test_log_copy) {

+-      unlink $test_log_copy;

+-   }

+-

+-EOF

+---copy_file $LOG_FILE $LOG_FILE.copy

+-

+-#

+-#  now join to the cluster

+-#

+ --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig';

+ 

+ --enable_query_log

+diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc

+index cd841f51fbc..ed7e9bc41f0 100644

+--- a/mysql-test/suite/galera/include/galera_unload_provider.inc

++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc

+@@ -1,7 +1,6 @@

+ --echo Unloading wsrep provider ...

+ 

+ --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address`

+---let $wsrep_provider_orig = `SELECT @@wsrep_provider`

+ --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options`

+ --let $wsrep_error_log_orig = `SELECT @@log_error`

+ if(!$wsrep_log_error_orig)

+@@ -12,4 +11,4 @@ if(!$wsrep_log_error_orig)

+ }

+ --let LOG_FILE= $wsrep_log_error_orig

+ 

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result

+index 13f7d898a59..70a87c73df7 100644

+--- a/mysql-test/suite/galera/r/galera_ist_rsync.result

++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result

+@@ -23,7 +23,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result

+index 4ed679ba477..145b3a94775 100644

+--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result

++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result

+@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result

+index fb0b593cc96..45c6a3f660a 100644

+--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result

++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result

+@@ -32,7 +32,7 @@ INSERT INTO t1 VALUES ('node2_committed_before');

+ INSERT INTO t1 VALUES ('node2_committed_before');

+ COMMIT;

+ Unloading wsrep provider ...

+-SET GLOBAL wsrep_provider = 'none';

++SET GLOBAL wsrep_cluster_address = '';

+ connection node_1;

+ SET AUTOCOMMIT=OFF;

+ START TRANSACTION;

+diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

+index 4b6abf85434..f73bfbd13e7 100644

+--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result

+@@ -403,7 +403,7 @@ NUMERIC_MIN_VALUE	NULL

+ NUMERIC_MAX_VALUE	NULL

+ NUMERIC_BLOCK_SIZE	NULL

+ ENUM_VALUE_LIST	NULL

+-READ_ONLY	NO

++READ_ONLY	YES

+ COMMAND_LINE_ARGUMENT	REQUIRED

+ GLOBAL_VALUE_PATH	NULL

+ VARIABLE_NAME	WSREP_ON

+@@ -463,7 +463,7 @@ NUMERIC_MIN_VALUE	NULL

+ NUMERIC_MAX_VALUE	NULL

+ NUMERIC_BLOCK_SIZE	NULL

+ ENUM_VALUE_LIST	NULL

+-READ_ONLY	NO

++READ_ONLY	YES

+ COMMAND_LINE_ARGUMENT	REQUIRED

+ GLOBAL_VALUE_PATH	NULL

+ VARIABLE_NAME	WSREP_PROVIDER_OPTIONS

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

+deleted file mode 100644

+index 056ff8c817b..00000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result

++++ /dev/null

+@@ -1,47 +0,0 @@

+-#

+-# wsrep_notify_cmd

+-#

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-# save the initial value

+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;

+-# default

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-

+-

+-# scope

+-SELECT @@session.wsrep_notify_cmd;

+-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable

+-SET @@global.wsrep_notify_cmd='notify_cmd';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-notify_cmd

+-

+-# valid values

+-SET @@global.wsrep_notify_cmd='command';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-command

+-SET @@global.wsrep_notify_cmd='hyphenated-command';

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-hyphenated-command

+-SET @@global.wsrep_notify_cmd=default;

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-

+-SET @@global.wsrep_notify_cmd=NULL;

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-NULL

+-

+-# invalid values

+-SET @@global.wsrep_notify_cmd=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd'

+-SELECT @@global.wsrep_notify_cmd;

+-@@global.wsrep_notify_cmd

+-NULL

+-

+-# restore the initial value

+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

+deleted file mode 100644

+index 3e4ac8ca883..00000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result

++++ /dev/null

+@@ -1,40 +0,0 @@

+-#

+-# wsrep_provider

+-#

+-# save the initial value

+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;

+-# default

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# scope

+-SELECT @@session.wsrep_provider;

+-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# valid values

+-SET @@global.wsrep_provider=default;

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# invalid values

+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';

+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so'

+-SET @@global.wsrep_provider=NULL;

+-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL'

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-SET @@global.wsrep_provider=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider'

+-SELECT @@global.wsrep_provider;

+-@@global.wsrep_provider

+-none

+-

+-# restore the initial value

+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

+deleted file mode 100644

+index 15949a14e39..00000000000

+--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result

++++ /dev/null

+@@ -1,46 +0,0 @@

+-#

+-# wsrep_provider_options

+-#

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-# default

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-

+-# scope

+-SELECT @@session.wsrep_provider_options;

+-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable

+-SET @@global.wsrep_provider_options='option1';

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-

+-# valid values

+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';

+-ERROR HY000: WSREP (galera) not started

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-SET @@global.wsrep_provider_options='hyphenated-name:value';

+-ERROR HY000: WSREP (galera) not started

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-SET @@global.wsrep_provider_options=default;

+-ERROR HY000: WSREP (galera) not started

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-

+-# invalid values

+-SET @@global.wsrep_provider_options=1;

+-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options'

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-SET @@global.wsrep_provider_options=NULL;

+-Got one of the listed errors

+-SELECT @@global.wsrep_provider_options;

+-@@global.wsrep_provider_options

+-

+-# End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

+deleted file mode 100644

+index 6d1535ba148..00000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test

++++ /dev/null

+@@ -1,43 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_notify_cmd

+---echo #

+-

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-

+---echo # save the initial value

+-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd;

+-

+---echo # default

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd='notify_cmd';

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # valid values

+-SET @@global.wsrep_notify_cmd='command';

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd='hyphenated-command';

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd=default;

+-SELECT @@global.wsrep_notify_cmd;

+-SET @@global.wsrep_notify_cmd=NULL;

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_notify_cmd=1;

+-SELECT @@global.wsrep_notify_cmd;

+-

+---echo

+---echo # restore the initial value

+-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

+deleted file mode 100644

+index 1190ab41bb0..00000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test

++++ /dev/null

+@@ -1,39 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_provider

+---echo #

+-

+---echo # save the initial value

+-SET @wsrep_provider_global_saved = @@global.wsrep_provider;

+-

+---echo # default

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_provider;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # valid values

+-SET @@global.wsrep_provider=default;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_VALUE_FOR_VAR

+-SET @@global.wsrep_provider='/invalid/libgalera_smm.so';

+---error ER_WRONG_VALUE_FOR_VAR

+-SET @@global.wsrep_provider=NULL;

+-SELECT @@global.wsrep_provider;

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_provider=1;

+-SELECT @@global.wsrep_provider;

+-

+---echo

+---echo # restore the initial value

+-SET @@global.wsrep_provider = @wsrep_provider_global_saved;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

+deleted file mode 100644

+index 6eb3a94b6a4..00000000000

+--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test

++++ /dev/null

+@@ -1,41 +0,0 @@

+---source include/have_wsrep.inc

+-

+---echo #

+---echo # wsrep_provider_options

+---echo #

+-

+-call mtr.add_suppression("WSREP: Failed to get provider options");

+-

+---echo # default

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # scope

+---error ER_INCORRECT_GLOBAL_LOCAL_VAR

+-SELECT @@session.wsrep_provider_options;

+---error 0,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='option1';

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # valid values

+---error ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='name1=value1;name2=value2';

+-SELECT @@global.wsrep_provider_options;

+---error ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options='hyphenated-name:value';

+-SELECT @@global.wsrep_provider_options;

+---error ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options=default;

+-SELECT @@global.wsrep_provider_options;

+-

+---echo

+---echo # invalid values

+---error ER_WRONG_TYPE_FOR_VAR

+-SET @@global.wsrep_provider_options=1;

+-SELECT @@global.wsrep_provider_options;

+---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS

+-SET @@global.wsrep_provider_options=NULL;

+-SELECT @@global.wsrep_provider_options;

+-

+---echo # End of test

+diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def

+index 11577bfe8b0..3d204db6945 100644

+--- a/mysql-test/suite/wsrep/disabled.def

++++ b/mysql-test/suite/wsrep/disabled.def

+@@ -10,3 +10,5 @@

+ #

+ ##############################################################################

+ 

++

++mdev_6832: wsrep_provider is read-only for security reasons

+diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result

+index a9988fd1628..e57440125ee 100644

+--- a/mysql-test/suite/wsrep/r/variables.result

++++ b/mysql-test/suite/wsrep/r/variables.result

+@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON;

+ ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL

+ SET GLOBAL wsrep_replicate_myisam= ON;

+ SET GLOBAL wsrep_replicate_myisam= OFF;

+-SET GLOBAL wsrep_provider=none;

+ #

+ # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of

+ # variables when using "_"

+@@ -151,7 +150,6 @@ wsrep_local_state_comment	#

+ # Should show nothing.

+ SHOW STATUS LIKE 'x';

+ Variable_name	Value

+-SET GLOBAL wsrep_provider=none;

+ 

+ SHOW STATUS LIKE 'wsrep_local_state_uuid';

+ Variable_name	Value

+@@ -160,7 +158,6 @@ wsrep_local_state_uuid	#

+ SHOW STATUS LIKE 'wsrep_last_committed';

+ Variable_name	Value

+ wsrep_last_committed	#

+-SET GLOBAL wsrep_provider=none;

+ 

+ #

+ # MDEV#6206: wsrep_slave_threads subtracts from max_connections

+@@ -174,7 +171,7 @@ SELECT @@global.wsrep_slave_threads;

+ 1

+ SELECT @@global.wsrep_cluster_address;

+ @@global.wsrep_cluster_address

+-

++gcomm://

+ SELECT @@global.wsrep_on;

+ @@global.wsrep_on

+ 1

+@@ -183,14 +180,14 @@ Variable_name	Value

+ Threads_connected	1

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ Variable_name	Value

+-wsrep_thread_count	0

++wsrep_thread_count	2

+ 

+ SELECT @@global.wsrep_provider;

+ @@global.wsrep_provider

+ libgalera_smm.so

+ SELECT @@global.wsrep_cluster_address;

+ @@global.wsrep_cluster_address

+-

++gcomm://

+ SELECT @@global.wsrep_on;

+ @@global.wsrep_on

+ 1

+@@ -199,11 +196,10 @@ Variable_name	Value

+ Threads_connected	1

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ Variable_name	Value

+-wsrep_thread_count	0

++wsrep_thread_count	2

+ 

+ # Setting wsrep_cluster_address triggers the creation of

+ # applier/rollbacker threads.

+-SET GLOBAL wsrep_cluster_address= 'gcomm://';

+ # Wait for applier thread to get created 1.

+ # Wait for applier thread to get created 2.

+ SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';

+diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test

+index f2c3a0a3b78..fd352b61a3a 100644

+--- a/mysql-test/suite/wsrep/t/variables.test

++++ b/mysql-test/suite/wsrep/t/variables.test

+@@ -23,7 +23,7 @@ SET GLOBAL wsrep_replicate_myisam= ON;

+ 

+ # Reset it back.

+ SET GLOBAL wsrep_replicate_myisam= OFF;

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+ --echo #

+ --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of

+@@ -32,9 +32,6 @@ SET GLOBAL wsrep_provider=none;

+ 

+ CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*");

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

+ 

+ --replace_column 2 #

+ SHOW GLOBAL STATUS LIKE 'wsrep%';

+@@ -50,11 +47,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';

+ SHOW STATUS LIKE 'x';

+ 

+ # Reset it back.

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ # The following 2 variables are used by mariabackup

+ # SST.

+@@ -66,7 +61,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid';

+ SHOW STATUS LIKE 'wsrep_last_committed';

+ 

+ # Reset it back.

+-SET GLOBAL wsrep_provider=none;

++#SET GLOBAL wsrep_provider=none;

+ 

+ --echo

+ --echo #

+@@ -74,9 +69,7 @@ SET GLOBAL wsrep_provider=none;

+ --echo #

+ call mtr.add_suppression("WSREP: Failed to get provider options");

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ --replace_regex /.*libgalera_smm.*/libgalera_smm.so/

+ SELECT @@global.wsrep_provider;

+@@ -87,9 +80,7 @@ SHOW STATUS LIKE 'threads_connected';

+ SHOW STATUS LIKE 'wsrep_thread_count';

+ --echo

+ 

+---disable_query_log

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+---enable_query_log

++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+ 

+ --replace_regex /.*libgalera_smm.*/libgalera_smm.so/

+ SELECT @@global.wsrep_provider;

+@@ -101,7 +92,7 @@ SHOW STATUS LIKE 'wsrep_thread_count';

+ 

+ --echo # Setting wsrep_cluster_address triggers the creation of

+ --echo # applier/rollbacker threads.

+-SET GLOBAL wsrep_cluster_address= 'gcomm://';

++#SET GLOBAL wsrep_cluster_address= 'gcomm://';

+ 

+ --echo # Wait for applier thread to get created 1.

+ --let $wait_condition = SELECT VARIABLE_VALUE = 1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count';

+@@ -162,15 +153,6 @@ SET @@global.wsrep_sst_auth= NULL;

+ SELECT @@global.wsrep_sst_auth;

+ SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved;

+ 

+-# Reset (for mtr internal checks)

+-

+---disable_query_log

+-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved;

+-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER';

+-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved;

+-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved;

+---enable_query_log

+-

+ --source include/galera_wait_ready.inc

+ 

+ --echo # End of test.

+diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc

+index 64040243df0..8c67a4d432a 100644

+--- a/sql/sys_vars.cc

++++ b/sql/sys_vars.cc

+@@ -5669,8 +5669,8 @@ static Sys_var_tz Sys_time_zone(

+ 

+ static Sys_var_charptr_fscs Sys_wsrep_provider(

+        "wsrep_provider", "Path to replication provider library",

+-       PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),

+-       DEFAULT(WSREP_NONE),

++       PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG),

++       DEFAULT(WSREP_NONE),

+        NO_MUTEX_GUARD, NOT_IN_BINLOG,

+        ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update));

+ 

+@@ -5886,8 +5886,8 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows (

+ 

+ static Sys_var_charptr Sys_wsrep_notify_cmd(

+        "wsrep_notify_cmd", "",

+-       GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG),

+-       DEFAULT(""));

++       READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG),

++       DEFAULT(""));

+ 

+ static Sys_var_mybool Sys_wsrep_certify_nonPK(

+        "wsrep_certify_nonPK", "Certify tables with no primary key",

+-- 

+2.31.0

+