diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
| commit | 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch) | |
| tree | c513fe68548b40365c1c2ebfe35c58ad431cdd77 /dev-db/mysql-connector-c/files | |
| parent | 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff) | |
gentoo resync : 25.08.2020
Diffstat (limited to 'dev-db/mysql-connector-c/files')
| -rw-r--r-- | dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch | 13 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch | 300 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch | 24 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch | 297 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch (renamed from dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch) | 70 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch | 18 | ||||
| -rw-r--r-- | dev-db/mysql-connector-c/files/mysql_com.patch | 31 |
7 files changed, 65 insertions, 688 deletions
diff --git a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch b/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch deleted file mode 100644 index cf8caedb7f1b..000000000000 --- a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/sql-common/client_authentication.cc b/sql-common/client_authentication.cc -index eaeb2d4..035ecd2 100644 ---- a/sql-common/client_authentication.cc -+++ b/sql-common/client_authentication.cc -@@ -84,7 +84,7 @@ RSA *rsa_init(MYSQL *mysql) - - if (mysql->options.extension != NULL && - mysql->options.extension->server_public_key_path != NULL && -- mysql->options.extension->server_public_key_path != '\0') -+ mysql->options.extension->server_public_key_path[0] != '\0') - { - pub_key_file= fopen(mysql->options.extension->server_public_key_path, - "r"); diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch deleted file mode 100644 index 3459206e4f76..000000000000 --- a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch +++ /dev/null @@ -1,300 +0,0 @@ -From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001 -From: eroen <eroen@occam.eroen.eu> -Date: Fri, 20 Jan 2017 14:43:53 +0100 -Subject: [PATCH] Don't use deprecated API with openssl 1.1 - -If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using -deprecated APIs causes build errors. - -X-Gentoo-Bug: 606600 -X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600 ---- - mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++------------- - sql-common/client.c | 16 ++++++++++++-- - vio/viossl.c | 8 +++++++ - vio/viosslfactories.c | 23 +++++++++++++++++++ - 4 files changed, 84 insertions(+), 17 deletions(-) - -diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc -index 261ba8a..59a95e3 100644 ---- a/mysys_ssl/my_aes_openssl.cc -+++ b/mysys_ssl/my_aes_openssl.cc -@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - #include <openssl/evp.h> - #include <openssl/err.h> - #include <openssl/bio.h> -+#include <openssl/opensslv.h> -+ -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif - - /* - xplugin needs BIO_new_bio_pair, but the server does not. -@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, - enum my_aes_opmode mode, const unsigned char *iv, - bool padding) - { -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher= aes_evp_type(mode); - int u_len, f_len; - /* The real key to be used for encryption */ -@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, - if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) - return MY_AES_BAD_DATA; - -- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) -+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) - goto aes_error; /* Error */ -- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) - goto aes_error; /* Error */ -- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) -+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) - goto aes_error; /* Error */ - -- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) -+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) - goto aes_error; /* Error */ - -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return u_len + f_len; - - aes_error: - /* need to explicitly clean up the error if we want to ignore it */ - ERR_clear_error(); -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return MY_AES_BAD_DATA; - } - -@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, - bool padding) - { - -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher= aes_evp_type(mode); - int u_len, f_len; - -@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, - if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) - return MY_AES_BAD_DATA; - -- EVP_CIPHER_CTX_init(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_init(ctx); -+#endif - -- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) -+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) - goto aes_error; /* Error */ -- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) - goto aes_error; /* Error */ -- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) -+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) - goto aes_error; /* Error */ -- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) -+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) - goto aes_error; /* Error */ - -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return u_len + f_len; - - aes_error: - /* need to explicitly clean up the error if we want to ignore it */ - ERR_clear_error(); -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return MY_AES_BAD_DATA; - } - -diff --git a/sql-common/client.c b/sql-common/client.c -index 9e88e9f..fe7daf7 100644 ---- a/sql-common/client.c -+++ b/sql-common/client.c -@@ -86,6 +86,14 @@ my_bool net_flush(NET *net); - # include <sys/un.h> - #endif - -+#ifdef HAVE_OPENSSL -+#include <openssl/opensslv.h> -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif -+#endif -+ - #ifndef _WIN32 - #include <errno.h> - #define SOCKET_ERROR -1 -@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c - { - SSL *ssl; - X509 *server_cert= NULL; -- char *cn= NULL; -+ const char *cn= NULL; - int cn_loc= -1; - ASN1_STRING *cn_asn1= NULL; - X509_NAME_ENTRY *cn_entry= NULL; -@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c - goto error; - } - -- cn= (char *) ASN1_STRING_data(cn_asn1); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ cn= (const char *) ASN1_STRING_data(cn_asn1); -+#else -+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); -+#endif - - // There should not be any NULL embedded in the CN - if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) -diff --git a/vio/viossl.c b/vio/viossl.c -index 5622cb7..94b0f09 100644 ---- a/vio/viossl.c -+++ b/vio/viossl.c -@@ -24,6 +24,12 @@ - - #ifdef HAVE_OPENSSL - -+#include <openssl/opensslv.h> -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif -+ - #ifndef DBUG_OFF - - static void -@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio) - } - - #ifndef HAVE_YASSL -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_remove_thread_state(0); - #endif -+#endif - - vio_delete(vio); - } -@@ -427,7 +427,12 @@ - for (j = 0; j < n; j++) - { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); -+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ -+ DBUG_PRINT("info", -+ (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); -+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } - } - #endif -diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c -index da5449a..87b30c3 100644 ---- a/vio/viosslfactories.c -+++ b/vio/viosslfactories.c -@@ -16,6 +16,14 @@ - #include "vio_priv.h" - - #ifdef HAVE_OPENSSL -+#include <openssl/bn.h> -+#include <openssl/dh.h> -+#include <openssl/opensslv.h> -+ -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif - - #define TLS_VERSION_OPTION_SIZE 256 - #define SSL_CIPHER_LIST_SIZE 4096 -@@ -121,10 +129,18 @@ static DH *get_dh2048(void) - DH *dh; - if ((dh=DH_new())) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if (! dh->p || ! dh->g) - { -+#else -+ if (! DH_set0_pqg(dh, -+ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL), -+ NULL, -+ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL))) -+ { -+#endif - DH_free(dh); - dh=0; - } -@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value - } openssl_lock_t; - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ - /* Array of locks used by openssl internally for thread synchronization. - The number of locks is equal to CRYPTO_num_locks. - */ -@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions() - { - set_lock_callback_functions(FALSE); - } -+#endif - - void vio_ssl_end() - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int i= 0; - - if (ssl_initialized) { -@@ -409,6 +429,7 @@ void vio_ssl_end() - - ssl_initialized= FALSE; - } -+#endif - } - - #endif //OpenSSL specific -@@ -419,6 +440,7 @@ void ssl_start() - { - ssl_initialized= TRUE; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -@@ -427,6 +449,7 @@ void ssl_start() - init_ssl_locks(); - init_lock_callback_functions(); - #endif -+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } - } - --- -2.11.0 - diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch deleted file mode 100644 index 8fabd9952cc4..000000000000 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch +++ /dev/null @@ -1,24 +0,0 @@ -https://bugs.gentoo.org/692644 - ---- a/include/mysql.h.pp -+++ b/include/mysql.h.pp -@@ -175,7 +175,7 @@ struct rand_struct { - unsigned long seed1, seed2, max_value; - double max_value_dbl; - }; --#include <mysql/udf_registration_types.h> -+#include "mysql/udf_registration_types.h" - enum Item_result { - INVALID_RESULT = -1, - STRING_RESULT = 0, ---- a/include/mysql_com.h -+++ b/include/mysql_com.h -@@ -1002,7 +1002,7 @@ struct rand_struct { - }; - - /* Include the types here so existing UDFs can keep compiling */ --#include <mysql/udf_registration_types.h> -+#include "mysql/udf_registration_types.h" - - /** - @addtogroup group_cs_compresson_constants Constants when using compression diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch deleted file mode 100644 index 1fc949ae8564..000000000000 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch +++ /dev/null @@ -1,297 +0,0 @@ ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -229,13 +229,14 @@ MACRO (MYSQL_CHECK_SSL) - OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" - ) - ENDIF() -- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) - ENDIF() - IF(OPENSSL_INCLUDE_DIR AND - OPENSSL_LIBRARY AND - CRYPTO_LIBRARY AND -- OPENSSL_MAJOR_VERSION STREQUAL "1" -+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" - ) - SET(OPENSSL_FOUND TRUE) - FIND_PROGRAM(OPENSSL_EXECUTABLE openssl ---- a/mysys/my_md5.cc -+++ b/mysys/my_md5.cc -@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf, - int compute_md5_hash(char *digest, const char *buf, int len) { - int retval = 0; - int fips_mode = 0; -+#ifndef LIBRESSL_VERSION_NUMBER - fips_mode = FIPS_mode(); -+#endif - /* If fips mode is ON/STRICT restricted method calls will result into abort, - * skipping call. */ - if (fips_mode == 0) { ---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -@@ -329,6 +329,7 @@ error: - return 1; - } - -+#ifndef LIBRESSL_VERSION_NUMBER - #define OPENSSL_ERROR_LENGTH 512 - static int configure_ssl_fips_mode(const uint fips_mode) { - int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) { - EXIT: - return rc; - } -+#endif - - static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, - const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, - int verify_server = SSL_VERIFY_NONE; - int verify_client = SSL_VERIFY_NONE; - -+#ifndef LIBRESSL_VERSION_NUMBER - if (configure_ssl_fips_mode(ssl_fips_mode) != 1) { - G_ERROR("Error setting the ssl fips mode"); - goto error; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); -@@ -622,7 +626,7 @@ error: - void xcom_cleanup_ssl() { - if (!xcom_use_ssl()) return; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ERR_remove_thread_state(0); - #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } ---- a/plugin/x/client/xconnection_impl.cc -+++ b/plugin/x/client/xconnection_impl.cc -@@ -520,6 +520,7 @@ XError Connection_impl::get_ssl_error(const int error_id) { - return XError(CR_SSL_CONNECTION_ERROR, buffer); - } - -+#ifndef LIBRESSL_VERSION_NUMBER - /** - Set fips mode in openssl library, - When we set fips mode ON/STRICT, it will perform following operations: -@@ -559,6 +560,7 @@ int set_fips_mode(const uint32_t fips_mode, - EXIT: - return rc; - } -+#endif - - XError Connection_impl::activate_tls() { - if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET); -@@ -569,12 +571,14 @@ XError Connection_impl::activate_tls() { - if (!m_context->m_ssl_config.is_configured()) - return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true}; - -+#ifndef LIBRESSL_VERSION_NUMBER - char err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - if (set_fips_mode( - static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode), - err_string) != 1) { - return XError{CR_SSL_CONNECTION_ERROR, err_string, true}; - } -+#endif - auto ssl_ctx_flags = process_tls_version( - details::null_when_empty(m_context->m_ssl_config.m_tls_version)); - ---- a/router/src/http/src/tls_client_context.cc -+++ b/router/src/http/src/tls_client_context.cc -@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { - - void TlsClientContext::cipher_suites(const std::string &ciphers) { - // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites() --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { - throw TlsError("set-cipher-suites"); - } ---- a/router/src/http/src/tls_context.cc -+++ b/router/src/http/src/tls_context.cc -@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) { - return TLS1_1_VERSION; - case TlsVersion::TLS_1_2: - return TLS1_2_VERSION; --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - case TlsVersion::TLS_1_3: - return TLS1_3_VERSION; - #endif -@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) { - switch (min_version) { - default: - // unknown, leave all disabled -+#ifdef TLS1_3_VERSION - // fallthrough - case TlsVersion::TLS_1_3: - opts |= SSL_OP_NO_TLSv1_2; -+#endif - // fallthrough - case TlsVersion::TLS_1_2: - opts |= SSL_OP_NO_TLSv1_1; -@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const { - return TlsVersion::TLS_1_1; - case TLS1_2_VERSION: - return TlsVersion::TLS_1_2; -+#ifdef TLS1_3_VERSION - case TLS1_3_VERSION: - return TlsVersion::TLS_1_3; -+#endif - case 0: - return TlsVersion::AUTO; - default: -@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const { - } - - int TlsContext::security_level() const { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - return SSL_CTX_get_security_level(ssl_ctx_.get()); - #else - return 0; ---- a/router/src/http/src/tls_server_context.cc -+++ b/router/src/http/src/tls_server_context.cc -@@ -166,7 +166,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) { - } - - } else { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - dh2048.reset(DH_get_2048_256()); - #else - /* ---- a/sql-common/client.cc -+++ b/sql-common/client.cc -@@ -7730,7 +7730,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, - #endif - break; - case MYSQL_OPT_SSL_FIPS_MODE: { --#if defined(HAVE_OPENSSL) -+#if defined(HAVE_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - ENSURE_EXTENSIONS_PRESENT(&mysql->options); - mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg); ---- a/sql/mysqld.cc -+++ b/sql/mysqld.cc -@@ -4818,7 +4818,7 @@ static int init_thread_environment() { - - static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define FILE_LINE_ARGS - #else - #define FILE_LINE_ARGS , const char *, int -@@ -4854,12 +4854,14 @@ static void init_ssl() { - } - - static int init_ssl_communication() { -+#ifndef LIBRESSL_VERSION_NUMBER - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - int ret_fips_mode = set_fips_mode(opt_ssl_fips_mode, ssl_err_string); - if (ret_fips_mode != 1) { - LogErr(ERROR_LEVEL, ER_SSL_FIPS_MODE_ERROR, ssl_err_string); - return 1; - } -+#endif - if (SslAcceptorContext::singleton_init(opt_use_ssl)) return 1; - - #if OPENSSL_VERSION_NUMBER < 0x10100000L ---- a/sql/sys_vars.cc -+++ b/sql/sys_vars.cc -@@ -4417,6 +4417,7 @@ static Sys_var_ulong Sys_max_execution_time( - HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1)); - -+#ifndef LIBRESSL_VERSION_NUMBER - static bool update_fips_mode(sys_var *, THD *, enum_var_type) { - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) { -@@ -4427,15 +4428,30 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) { - return false; - } - } -+#endif - -+#if defined(LIBRESSL_VERSION_NUMBER) -+static const char *ssl_fips_mode_names[] = {"OFF", 0}; -+#else - static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", 0}; -+#endif - static Sys_var_enum Sys_ssl_fips_mode( - "ssl_fips_mode", - "SSL FIPS mode (applies only for OpenSSL); " -+#ifndef LIBRESSL_VERSION_NUMBER - "permitted values are: OFF, ON, STRICT", -+#else -+ "permitted values are: OFF", -+#endif - GLOBAL_VAR(opt_ssl_fips_mode), CMD_LINE(REQUIRED_ARG, OPT_SSL_FIPS_MODE), - ssl_fips_mode_names, DEFAULT(0), NO_MUTEX_GUARD, NOT_IN_BINLOG, -- ON_CHECK(NULL), ON_UPDATE(update_fips_mode), NULL); -+ ON_CHECK(NULL), -+#ifndef LIBRESSL_VERSION_NUMBER -+ ON_UPDATE(update_fips_mode), -+#else -+ ON_UPDATE(NULL), -+#endif -+ NULL); - - #if defined(HAVE_OPENSSL) - static Sys_var_bool Sys_auto_generate_certs( ---- a/vio/viossl.cc -+++ b/vio/viossl.cc -@@ -45,7 +45,7 @@ - BIO_set_callback_ex was added in openSSL 1.1.1 - For older openSSL, use the deprecated BIO_set_callback. - */ --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - #define HAVE_BIO_SET_CALLBACK_EX - #endif - -@@ -637,7 +637,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, - #if !defined(DBUG_OFF) - { - STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; -- ssl_comp_methods = SSL_COMP_get_compression_methods(); -+ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods(); - n = sk_SSL_COMP_num(ssl_comp_methods); - DBUG_PRINT("info", ("Available compression methods:\n")); - if (n == 0) -@@ -645,7 +645,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, - else - for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); - #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - DBUG_PRINT("info", ---- a/vio/viosslfactories.cc -+++ b/vio/viosslfactories.cc -@@ -420,6 +420,7 @@ void ssl_start() { - } - } - -+#ifndef LIBRESSL_VERSION_NUMBER - /** - Set fips mode in openssl library, - When we set fips mode ON/STRICT, it will perform following operations: -@@ -473,6 +474,7 @@ EXIT: - @returns openssl current fips mode - */ - uint get_fips_mode() { return FIPS_mode(); } -+#endif - - long process_tls_version(const char *tls_version) { - const char *separator = ","; diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch index 88f32419239a..78f3e78fd6d4 100644 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch +++ b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-libressl.patch @@ -1,4 +1,4 @@ -From 2108922a8292d74874ede834158c208d81c3cf76 Mon Sep 17 00:00:00 2001 +From 4aadff7b08f6a69160a44c1742d5a12fb5abc059 Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann <whissi@gentoo.org> Date: Thu, 30 Apr 2020 20:01:48 +0200 Subject: [PATCH 5/5] Add LibreSSL support @@ -7,7 +7,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> --- cmake/ssl.cmake | 5 +++-- mysys/my_md5.cc | 2 ++ - .../bindings/xcom/xcom/xcom_ssl_transport.c | 6 +++++- + .../bindings/xcom/xcom/xcom_ssl_transport.cc | 6 +++++- plugin/x/client/xconnection_impl.cc | 4 ++++ router/src/http/src/tls_client_context.cc | 2 +- router/src/http/src/tls_context.cc | 9 ++++++-- @@ -19,6 +19,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> vio/viosslfactories.cc | 2 ++ 12 files changed, 54 insertions(+), 14 deletions(-) +diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake +index 52feadeaa..3b8332695 100644 --- a/cmake/ssl.cmake +++ b/cmake/ssl.cmake @@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL) @@ -38,6 +40,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ) SET(OPENSSL_FOUND TRUE) FIND_PROGRAM(OPENSSL_EXECUTABLE openssl +diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc +index dea997b25..531696329 100644 --- a/mysys/my_md5.cc +++ b/mysys/my_md5.cc @@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf, @@ -50,9 +54,11 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> /* If fips mode is ON/STRICT restricted method calls will result into abort, * skipping call. */ if (fips_mode == 0) { ---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -@@ -329,6 +329,7 @@ error: +diff --git a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc +index 8bf63ce14..02f91b44e 100644 +--- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc ++++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc +@@ -325,6 +325,7 @@ error: return 1; } @@ -60,7 +66,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> #define OPENSSL_ERROR_LENGTH 512 static int configure_ssl_fips_mode(const uint fips_mode) { int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) { +@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) { EXIT: return rc; } @@ -68,7 +74,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, +@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, int verify_server = SSL_VERIFY_NONE; int verify_client = SSL_VERIFY_NONE; @@ -81,7 +87,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> SSL_library_init(); SSL_load_error_strings(); -@@ -622,7 +626,7 @@ error: +@@ -611,7 +615,7 @@ error: void xcom_cleanup_ssl() { if (!xcom_use_ssl()) return; @@ -90,9 +96,11 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ERR_remove_thread_state(0); #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ } +diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc +index 13bc6794e..5223169db 100644 --- a/plugin/x/client/xconnection_impl.cc +++ b/plugin/x/client/xconnection_impl.cc -@@ -511,6 +511,7 @@ XError Connection_impl::get_ssl_error(const int error_id) { +@@ -498,6 +498,7 @@ XError Connection_impl::get_ssl_error(const int error_id) { return XError(CR_SSL_CONNECTION_ERROR, buffer); } @@ -100,7 +108,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> /** Set fips mode in openssl library, When we set fips mode ON/STRICT, it will perform following operations: -@@ -550,6 +551,7 @@ int set_fips_mode(const uint32_t fips_mode, +@@ -537,6 +538,7 @@ int set_fips_mode(const uint32_t fips_mode, EXIT: return rc; } @@ -108,7 +116,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> XError Connection_impl::activate_tls() { if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET); -@@ -560,12 +562,14 @@ XError Connection_impl::activate_tls() { +@@ -547,12 +549,14 @@ XError Connection_impl::activate_tls() { if (!m_context->m_ssl_config.is_configured()) return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true}; @@ -123,6 +131,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> auto ssl_ctx_flags = process_tls_version( details::null_when_empty(m_context->m_ssl_config.m_tls_version)); +diff --git a/router/src/http/src/tls_client_context.cc b/router/src/http/src/tls_client_context.cc +index 297ceee30..7c1157289 100644 --- a/router/src/http/src/tls_client_context.cc +++ b/router/src/http/src/tls_client_context.cc @@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { @@ -134,6 +144,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { throw TlsError("set-cipher-suites"); } +diff --git a/router/src/http/src/tls_context.cc b/router/src/http/src/tls_context.cc +index 60ed7e6ca..388ef8f28 100644 --- a/router/src/http/src/tls_context.cc +++ b/router/src/http/src/tls_context.cc @@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) { @@ -178,6 +190,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> return SSL_CTX_get_security_level(ssl_ctx_.get()); #else return 0; +diff --git a/router/src/http/src/tls_server_context.cc b/router/src/http/src/tls_server_context.cc +index 0f4472419..707d7de86 100644 --- a/router/src/http/src/tls_server_context.cc +++ b/router/src/http/src/tls_server_context.cc @@ -167,7 +167,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) { @@ -190,9 +204,11 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dh2048.reset(DH_get_2048_256()); #else /* +diff --git a/sql-common/client.cc b/sql-common/client.cc +index ffb136b5b..8a0c7b834 100644 --- a/sql-common/client.cc +++ b/sql-common/client.cc -@@ -7752,6 +7752,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, +@@ -7766,6 +7766,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, return 1; break; case MYSQL_OPT_SSL_FIPS_MODE: { @@ -200,7 +216,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; ENSURE_EXTENSIONS_PRESENT(&mysql->options); mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg); -@@ -7763,6 +7764,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, +@@ -7777,6 +7778,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, "Set Fips mode ON/STRICT failed, detail: '%s'.", ssl_err_string); return 1; } @@ -208,9 +224,11 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> } break; case MYSQL_OPT_SSL_MODE: ENSURE_EXTENSIONS_PRESENT(&mysql->options); +diff --git a/sql/mysqld.cc b/sql/mysqld.cc +index 682e8d5ae..96a922d7a 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc -@@ -4857,7 +4857,7 @@ static int init_thread_environment() { +@@ -5109,7 +5109,7 @@ static int init_thread_environment() { static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED; @@ -219,7 +237,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> #define FILE_LINE_ARGS #else #define FILE_LINE_ARGS , const char *, int -@@ -4891,12 +4891,14 @@ static void init_ssl() { +@@ -5143,12 +5143,14 @@ static void init_ssl() { } static int init_ssl_communication() { @@ -231,12 +249,14 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> return 1; } +#endif - if (SslAcceptorContext::singleton_init(opt_use_ssl)) return 1; - - #if OPENSSL_VERSION_NUMBER < 0x10100000L + if (TLS_channel::singleton_init(&mysql_main, mysql_main_channel, opt_use_ssl, + &server_main_callback, opt_initialize)) + return 1; +diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc +index 5b1a82d2f..4e2dff865 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc -@@ -4459,6 +4459,7 @@ static Sys_var_ulong Sys_max_execution_time( +@@ -4474,6 +4474,7 @@ static Sys_var_ulong Sys_max_execution_time( HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG), VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1)); @@ -244,7 +264,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> static bool update_fips_mode(sys_var *, THD *, enum_var_type) { char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) { -@@ -4469,15 +4470,31 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) { +@@ -4484,15 +4485,31 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) { return false; } } @@ -278,6 +298,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> static Sys_var_bool Sys_auto_generate_certs( "auto_generate_certs", +diff --git a/vio/viossl.cc b/vio/viossl.cc +index 0e9594741..3a589c64b 100644 --- a/vio/viossl.cc +++ b/vio/viossl.cc @@ -45,7 +45,7 @@ @@ -309,9 +331,11 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ DBUG_PRINT("info", +diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc +index 6c04029cc..f27221463 100644 --- a/vio/viosslfactories.cc +++ b/vio/viosslfactories.cc -@@ -472,6 +472,7 @@ void ssl_start() { +@@ -473,6 +473,7 @@ void ssl_start() { } } @@ -319,7 +343,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> /** Set fips mode in openssl library, When we set fips mode ON/STRICT, it will perform following operations: -@@ -525,6 +526,7 @@ EXIT: +@@ -526,6 +527,7 @@ EXIT: @returns openssl current fips mode */ uint get_fips_mode() { return FIPS_mode(); } @@ -328,5 +352,5 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> long process_tls_version(const char *tls_version) { const char *separator = ","; -- -2.26.2 +2.27.0 diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch new file mode 100644 index 000000000000..72799f009c89 --- /dev/null +++ b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.21-survive-malformed-charset-files.patch @@ -0,0 +1,18 @@ +Description: don't crash on malformed charset files +Origin: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1877504/comments/19 +Bug: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1884809 +Bug: https://bugs.gentoo.org/737002 +Forwarded: workaround, not needed + +--- a/mysys/charset.cc ++++ b/mysys/charset.cc +@@ -922,7 +922,7 @@ size_t escape_quotes_for_mysql(CHARSET_I + + void charset_uninit() { + for (CHARSET_INFO *cs : all_charsets) { +- if (cs && cs->coll->uninit) { ++ if (cs && cs->coll && cs->coll->uninit) { + cs->coll->uninit(cs); + } + } + diff --git a/dev-db/mysql-connector-c/files/mysql_com.patch b/dev-db/mysql-connector-c/files/mysql_com.patch deleted file mode 100644 index 36a7d5a23791..000000000000 --- a/dev-db/mysql-connector-c/files/mysql_com.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- a/include/mysql_com.h 2014-06-10 23:10:43.000000000 -0400 -+++ b/include/mysql_com.h 2015-08-11 15:20:54.487091000 -0400 -@@ -179,7 +171,7 @@ - #define CLIENT_IGNORE_SIGPIPE 4096 /* IGNORE sigpipes */ - #define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */ - #define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */ --#define CLIENT_RESERVED2 32768 /* Old flag for 4.1 authentication */ -+#define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */ - #define CLIENT_MULTI_STATEMENTS (1UL << 16) /* Enable/disable multi-stmt support */ - #define CLIENT_MULTI_RESULTS (1UL << 17) /* Enable/disable multi-results */ - #define CLIENT_PS_MULTI_RESULTS (1UL << 18) /* Multi-results in PS-protocol */ -@@ -226,7 +216,7 @@ - | CLIENT_IGNORE_SIGPIPE \ - | CLIENT_TRANSACTIONS \ - | CLIENT_RESERVED \ -- | CLIENT_RESERVED2 \ -+ | CLIENT_SECURE_CONNECTION \ - | CLIENT_MULTI_STATEMENTS \ - | CLIENT_MULTI_RESULTS \ - | CLIENT_PS_MULTI_RESULTS \ ---- a/libmysql/client_settings.h 2015-02-25 16:09:49.000000000 -0500 -+++ b/libmysql/client_settings.h 2015-08-11 15:44:10.804091000 -0400 -@@ -31,7 +31,7 @@ - CLIENT_LONG_FLAG | \ - CLIENT_TRANSACTIONS | \ - CLIENT_PROTOCOL_41 | \ -- CLIENT_RESERVED2 | \ -+ CLIENT_SECURE_CONNECTION | \ - CLIENT_MULTI_RESULTS | \ - CLIENT_PS_MULTI_RESULTS | \ - CLIENT_PLUGIN_AUTH | \ |