summaryrefslogtreecommitdiff
path: root/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-db/postgresql/files/postgresql-16-openssl3.2.patch')
-rw-r--r--dev-db/postgresql/files/postgresql-16-openssl3.2.patch216
1 files changed, 0 insertions, 216 deletions
diff --git a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch b/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
deleted file mode 100644
index 2740187d9f4e..000000000000
--- a/dev-db/postgresql/files/postgresql-16-openssl3.2.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-commit 9140a24b312176ebb4e6eb6458b33ce640c04440
-Author: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Tue Nov 28 12:34:03 2023 -0500
-
- Use BIO_{get,set}_app_data instead of BIO_{get,set}_data.
-
- We should have done it this way all along, but we accidentally got
- away with using the wrong BIO field up until OpenSSL 3.2. There,
- the library's BIO routines that we rely on use the "data" field
- for their own purposes, and our conflicting use causes assorted
- weird behaviors up to and including core dumps when SSL connections
- are attempted. Switch to using the approved field for the purpose,
- i.e. app_data.
-
- While at it, remove our configure probes for BIO_get_data as well
- as the fallback implementation. BIO_{get,set}_app_data have been
- there since long before any OpenSSL version that we still support,
- even in the back branches.
-
- Also, update src/test/ssl/t/001_ssltests.pl to allow for a minor
- change in an error message spelling that evidently came in with 3.2.
-
- Tristan Partin and Bo Andreson. Back-patch to all supported branches.
-
- Discussion: https://postgr.es/m/CAN55FZ1eDDYsYaL7mv+oSLUij2h_u6hvD4Qmv-7PK7jkji0uyQ@mail.gmail.com
-
-diff --git a/configure b/configure
-index 82e45657b2..907c777b9c 100755
---- a/configure
-+++ b/configure
-@@ -12982,7 +12982,7 @@ done
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- for ac_func in OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
-+ for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free
- do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-diff --git a/configure.ac b/configure.ac
-index fcea0bcab4..ab32bfdd08 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1385,7 +1385,7 @@ if test "$with_ssl" = openssl ; then
- # defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
-- AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_get_data BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
-+ AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data HMAC_CTX_new HMAC_CTX_free])
- # OpenSSL versions before 1.1.0 required setting callback functions, for
- # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
- # function was removed.
-diff --git a/meson.build b/meson.build
-index 51b5285924..96fc2e139a 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1278,7 +1278,6 @@ if sslopt in ['auto', 'openssl']
- # doesn't have these OpenSSL 1.1.0 functions. So check for individual
- # functions.
- ['OPENSSL_init_ssl'],
-- ['BIO_get_data'],
- ['BIO_meth_new'],
- ['ASN1_STRING_get0_data'],
- ['HMAC_CTX_new'],
-diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
-index e9c86d08df..49dca0cda9 100644
---- a/src/backend/libpq/be-secure-openssl.c
-+++ b/src/backend/libpq/be-secure-openssl.c
-@@ -844,11 +844,6 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
- static BIO_METHOD *my_bio_methods = NULL;
-
- static int
-@@ -858,7 +853,7 @@ my_sock_read(BIO *h, char *buf, int size)
-
- if (buf != NULL)
- {
-- res = secure_raw_read(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_read(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -878,7 +873,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res = 0;
-
-- res = secure_raw_write(((Port *) BIO_get_data(h)), buf, size);
-+ res = secure_raw_write(((Port *) BIO_get_app_data(h)), buf, size);
- BIO_clear_retry_flags(h);
- if (res <= 0)
- {
-@@ -954,7 +949,7 @@ my_SSL_set_fd(Port *port, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, port);
-+ BIO_set_app_data(bio, port);
-
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
- SSL_set_bio(port->ssl, bio, bio);
-diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
-index 6d572c3820..174544630e 100644
---- a/src/include/pg_config.h.in
-+++ b/src/include/pg_config.h.in
-@@ -70,9 +70,6 @@
- /* Define to 1 if you have the `backtrace_symbols' function. */
- #undef HAVE_BACKTRACE_SYMBOLS
-
--/* Define to 1 if you have the `BIO_get_data' function. */
--#undef HAVE_BIO_GET_DATA
--
- /* Define to 1 if you have the `BIO_meth_new' function. */
- #undef HAVE_BIO_METH_NEW
-
-diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
-index 390c888c96..fb6404ade0 100644
---- a/src/interfaces/libpq/fe-secure-openssl.c
-+++ b/src/interfaces/libpq/fe-secure-openssl.c
-@@ -1830,11 +1830,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
- * to retry; do we need to adopt their logic for that?
- */
-
--#ifndef HAVE_BIO_GET_DATA
--#define BIO_get_data(bio) (bio->ptr)
--#define BIO_set_data(bio, data) (bio->ptr = data)
--#endif
--
-+/* protected by ssl_config_mutex */
- static BIO_METHOD *my_bio_methods;
-
- static int
-@@ -1842,7 +1838,7 @@ my_sock_read(BIO *h, char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_read((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_read((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1872,7 +1868,7 @@ my_sock_write(BIO *h, const char *buf, int size)
- {
- int res;
-
-- res = pqsecure_raw_write((PGconn *) BIO_get_data(h), buf, size);
-+ res = pqsecure_raw_write((PGconn *) BIO_get_app_data(h), buf, size);
- BIO_clear_retry_flags(h);
- if (res < 0)
- {
-@@ -1963,7 +1959,7 @@ my_SSL_set_fd(PGconn *conn, int fd)
- SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
- goto err;
- }
-- BIO_set_data(bio, conn);
-+ BIO_set_app_data(bio, conn);
-
- SSL_set_bio(conn->ssl, bio, bio);
- BIO_set_fd(bio, fd, BIO_NOCLOSE);
-diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
-index 76442de063..9bb28fbc83 100644
---- a/src/test/ssl/t/001_ssltests.pl
-+++ b/src/test/ssl/t/001_ssltests.pl
-@@ -781,7 +781,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -886,7 +886,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked.crt "
- . sslkey('client-revoked.key'),
- "certificate authorization fails with revoked client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-@@ -899,7 +899,7 @@ $node->connect_fails(
- "$common_connstr user=ssltestuser sslcert=ssl/client-revoked-utf8.crt "
- . sslkey('client-revoked-utf8.key'),
- "certificate authorization fails with revoked UTF-8 client cert with server-side CRL directory",
-- expected_stderr => qr/SSL error: sslv3 alert certificate revoked/,
-+ expected_stderr => qr|SSL error: ssl[a-z0-9/]* alert certificate revoked|,
- # temporarily(?) skip this check due to timing issue
- # log_like => [
- # qr{Client certificate verification failed at depth 0: certificate revoked},
-diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
-index b6d31c3583..711fae853f 100644
---- a/src/tools/msvc/Solution.pm
-+++ b/src/tools/msvc/Solution.pm
-@@ -225,7 +225,6 @@ sub GenerateFiles
- HAVE_ATOMICS => 1,
- HAVE_ATOMIC_H => undef,
- HAVE_BACKTRACE_SYMBOLS => undef,
-- HAVE_BIO_GET_DATA => undef,
- HAVE_BIO_METH_NEW => undef,
- HAVE_COMPUTED_GOTO => undef,
- HAVE_COPYFILE => undef,
-@@ -503,7 +502,6 @@ sub GenerateFiles
- || ($digit1 >= '1' && $digit2 >= '1' && $digit3 >= '0'))
- {
- $define{HAVE_ASN1_STRING_GET0_DATA} = 1;
-- $define{HAVE_BIO_GET_DATA} = 1;
- $define{HAVE_BIO_METH_NEW} = 1;
- $define{HAVE_HMAC_CTX_FREE} = 1;
- $define{HAVE_HMAC_CTX_NEW} = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 21:04:20 +0000