diff options
author | Jochen Neumeister <joneum@FreeBSD.org> | 2020-03-12 07:47:46 +0000 |
---|---|---|
committer | Jochen Neumeister <joneum@FreeBSD.org> | 2020-03-12 07:47:46 +0000 |
commit | 25f1ebfadd241438d2101129bffda8faecb88afe (patch) | |
tree | 088d51fc7cab27979248e5b4d19ca23decedaeb2 | |
parent | 5cfd4e8b48060eb366e6c29d62c2afe246d3c82a (diff) | |
download | ports-25f1ebfadd241438d2101129bffda8faecb88afe.tar.gz ports-25f1ebfadd241438d2101129bffda8faecb88afe.zip |
MFH: r528272
This fix a Problem, when MySQL build with libressl
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:230:25: error: use of undeclared identifier 'SSL_OP_NO_TLSv1_3'
SSL_OP_NO_TLSv1_3 |
^
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:275:12: warning: implicit declaration of function 'SSL_CTX_set_ciphersuites' is invalid in C99 [-Wimplicit-function-declaration]
if (0 == SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, ""))
Special thanks for his help to: fluffy
PR: 244320
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
Notes
Notes:
svn path=/branches/2020Q1/; revision=528273
16 files changed, 426 insertions, 6 deletions
diff --git a/databases/mysql56-client/Makefile b/databases/mysql56-client/Makefile index 2709982aa04f..b5a513930866 100644 --- a/databases/mysql56-client/Makefile +++ b/databases/mysql56-client/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= mysql -PORTREVISION= 0 +PORTREVISION= 1 PKGNAMESUFFIX= 56-client COMMENT= Multithreaded SQL database (client) diff --git a/databases/mysql56-client/files/patch-cmake_ssl.cmake b/databases/mysql56-client/files/patch-cmake_ssl.cmake index faeed4517c4e..c2b31170ba4c 100644 --- a/databases/mysql56-client/files/patch-cmake_ssl.cmake +++ b/databases/mysql56-client/files/patch-cmake_ssl.cmake @@ -1,11 +1,25 @@ ---- cmake/ssl.cmake.orig 2016-11-28 13:36:22 UTC +--- cmake/ssl.cmake.orig 2019-11-26 16:53:45 UTC +++ cmake/ssl.cmake -@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL) +@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL) + OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" + ) + ENDIF() +- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION) + ADD_DEFINITIONS(-DHAVE_TLSv13) + ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND CRYPTO_LIBRARY AND - OPENSSL_MAJOR_VERSION STREQUAL "1" + OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" ++ ) ++ SET(OPENSSL_FOUND TRUE) ++ ELSEIF(OPENSSL_INCLUDE_DIR AND ++ OPENSSL_LIBRARY AND ++ CRYPTO_LIBRARY AND ++ OPENSSL_MAJOR_VERSION STREQUAL "2" ) SET(OPENSSL_FOUND TRUE) ELSE() diff --git a/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc b/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc new file mode 100644 index 000000000000..0d1dea6cf6cb --- /dev/null +++ b/databases/mysql56-client/files/patch-mysys__ssl_my__aes__openssl.cc @@ -0,0 +1,74 @@ +--- mysys_ssl/my_aes_openssl.cc.orig 2019-11-26 16:53:45 UTC ++++ mysys_ssl/my_aes_openssl.cc +@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + const unsigned char *key, uint32 key_length, + enum my_aes_opmode mode, const unsigned char *iv) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX stack_ctx; + EVP_CIPHER_CTX *ctx= &stack_ctx; + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_init(ctx); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + const unsigned char *key, uint32 key_length, + enum my_aes_opmode mode, const unsigned char *iv) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX stack_ctx; + EVP_CIPHER_CTX *ctx= &stack_ctx; + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_init(ctx); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); diff --git a/databases/mysql56-client/files/patch-sql-common_client.c b/databases/mysql56-client/files/patch-sql-common_client.c new file mode 100644 index 000000000000..cfc168b75a53 --- /dev/null +++ b/databases/mysql56-client/files/patch-sql-common_client.c @@ -0,0 +1,15 @@ +--- sql-common/client.c.orig 2019-11-26 16:53:45 UTC ++++ sql-common/client.c +@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char + goto error; + } + +- cn= (char *) ASN1_STRING_data(cn_asn1); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ cn= (const char *) ASN1_STRING_data(cn_asn1); ++#else ++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); ++#endif + + // There should not be any NULL embedded in the CN + if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) diff --git a/databases/mysql56-client/files/patch-sql_mysqld.cc b/databases/mysql56-client/files/patch-sql_mysqld.cc new file mode 100644 index 000000000000..debee80ea2ce --- /dev/null +++ b/databases/mysql56-client/files/patch-sql_mysqld.cc @@ -0,0 +1,65 @@ +--- sql/mysqld.cc.orig 2019-11-26 16:53:45 UTC ++++ sql/mysqld.cc +@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss + *opt_ssl_crlpath= NULL; + + #ifdef HAVE_OPENSSL +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #include <openssl/crypto.h> + typedef struct CRYPTO_dynlock_value + { +@@ -2029,7 +2029,7 @@ static void clean_up_mutexes() + mysql_mutex_destroy(&LOCK_connection_count); + #ifdef HAVE_OPENSSL + mysql_mutex_destroy(&LOCK_des_key_file); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + for (int i= 0; i < CRYPTO_num_locks(); ++i) + mysql_rwlock_destroy(&openssl_stdlocks[i].lock); + OPENSSL_free(openssl_stdlocks); +@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc + + // Clean up errors now, before possibly waiting for a new connection. + #ifndef EMBEDDED_LIBRARY +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + #endif +@@ -4252,7 +4252,7 @@ static int init_thread_environment() + #ifdef HAVE_OPENSSL + mysql_mutex_init(key_LOCK_des_key_file, + &LOCK_des_key_file, MY_MUTEX_INIT_FAST); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() * + sizeof(openssl_lock_t)); + for (int i= 0; i < CRYPTO_num_locks(); ++i) +@@ -4301,7 +4301,7 @@ static int init_thread_environment() + OpenSSL 1.1 supports native platform threads, + so we don't need the following callback functions. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + static unsigned long openssl_id_function() + { +@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc + static int init_ssl() + { + #ifdef HAVE_OPENSSL +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_malloc_init(); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + OPENSSL_malloc_init(); +@@ -4392,7 +4392,7 @@ static int init_ssl() + opt_ssl_cipher, &error, + opt_ssl_crl, opt_ssl_crlpath); + DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + if (!ssl_acceptor_fd) diff --git a/databases/mysql56-client/files/patch-vio_vio.c b/databases/mysql56-client/files/patch-vio_vio.c new file mode 100644 index 000000000000..042c4d65e8f2 --- /dev/null +++ b/databases/mysql56-client/files/patch-vio_vio.c @@ -0,0 +1,11 @@ +--- vio/vio.c.orig 2019-11-26 16:53:45 UTC ++++ vio/vio.c +@@ -394,7 +394,7 @@ void vio_end(void) + { + #if defined(HAVE_OPENSSL) + // This one is needed on the client side +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + ERR_free_strings(); diff --git a/databases/mysql56-client/files/patch-vio_viossl.c b/databases/mysql56-client/files/patch-vio_viossl.c new file mode 100644 index 000000000000..3180abbd7f0f --- /dev/null +++ b/databases/mysql56-client/files/patch-vio_viossl.c @@ -0,0 +1,11 @@ +--- vio/viossl.c.orig 2019-11-26 16:53:45 UTC ++++ vio/viossl.c +@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + for (j = 0; j < n; j++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); diff --git a/databases/mysql56-client/files/patch-vio_viosslfactories.c b/databases/mysql56-client/files/patch-vio_viosslfactories.c new file mode 100644 index 000000000000..d6a164910a0d --- /dev/null +++ b/databases/mysql56-client/files/patch-vio_viosslfactories.c @@ -0,0 +1,20 @@ +--- vio/viosslfactories.c.orig 2019-11-26 16:53:45 UTC ++++ vio/viosslfactories.c +@@ -91,7 +91,7 @@ static DH *get_dh2048(void) + DH_free(dh); + return NULL; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + dh->p= p; + dh->g= g; + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + + if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ? +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSLv23_client_method() : + SSLv23_server_method() + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ diff --git a/databases/mysql56-server/Makefile b/databases/mysql56-server/Makefile index a40b8357390a..fe5cd07dba1e 100644 --- a/databases/mysql56-server/Makefile +++ b/databases/mysql56-server/Makefile @@ -3,7 +3,7 @@ PORTNAME?= mysql PORTVERSION= 5.6.47 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= databases MASTER_SITES= MYSQL/MySQL-5.6 PKGNAMESUFFIX?= 56-server diff --git a/databases/mysql56-server/files/patch-cmake_ssl.cmake b/databases/mysql56-server/files/patch-cmake_ssl.cmake index faeed4517c4e..c2b31170ba4c 100644 --- a/databases/mysql56-server/files/patch-cmake_ssl.cmake +++ b/databases/mysql56-server/files/patch-cmake_ssl.cmake @@ -1,11 +1,25 @@ ---- cmake/ssl.cmake.orig 2016-11-28 13:36:22 UTC +--- cmake/ssl.cmake.orig 2019-11-26 16:53:45 UTC +++ cmake/ssl.cmake -@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL) +@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL) + OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" + ) + ENDIF() +- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION) + ADD_DEFINITIONS(-DHAVE_TLSv13) + ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND CRYPTO_LIBRARY AND - OPENSSL_MAJOR_VERSION STREQUAL "1" + OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" ++ ) ++ SET(OPENSSL_FOUND TRUE) ++ ELSEIF(OPENSSL_INCLUDE_DIR AND ++ OPENSSL_LIBRARY AND ++ CRYPTO_LIBRARY AND ++ OPENSSL_MAJOR_VERSION STREQUAL "2" ) SET(OPENSSL_FOUND TRUE) ELSE() diff --git a/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc b/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc new file mode 100644 index 000000000000..0d1dea6cf6cb --- /dev/null +++ b/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc @@ -0,0 +1,74 @@ +--- mysys_ssl/my_aes_openssl.cc.orig 2019-11-26 16:53:45 UTC ++++ mysys_ssl/my_aes_openssl.cc +@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + const unsigned char *key, uint32 key_length, + enum my_aes_opmode mode, const unsigned char *iv) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX stack_ctx; + EVP_CIPHER_CTX *ctx= &stack_ctx; + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_init(ctx); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + const unsigned char *key, uint32 key_length, + enum my_aes_opmode mode, const unsigned char *iv) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX stack_ctx; + EVP_CIPHER_CTX *ctx= &stack_ctx; + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_init(ctx); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); +@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + EVP_CIPHER_CTX_cleanup(ctx); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + EVP_CIPHER_CTX_free(ctx); diff --git a/databases/mysql56-server/files/patch-sql-common_client.c b/databases/mysql56-server/files/patch-sql-common_client.c new file mode 100644 index 000000000000..cfc168b75a53 --- /dev/null +++ b/databases/mysql56-server/files/patch-sql-common_client.c @@ -0,0 +1,15 @@ +--- sql-common/client.c.orig 2019-11-26 16:53:45 UTC ++++ sql-common/client.c +@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char + goto error; + } + +- cn= (char *) ASN1_STRING_data(cn_asn1); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ cn= (const char *) ASN1_STRING_data(cn_asn1); ++#else ++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); ++#endif + + // There should not be any NULL embedded in the CN + if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) diff --git a/databases/mysql56-server/files/patch-sql_mysqld.cc b/databases/mysql56-server/files/patch-sql_mysqld.cc new file mode 100644 index 000000000000..debee80ea2ce --- /dev/null +++ b/databases/mysql56-server/files/patch-sql_mysqld.cc @@ -0,0 +1,65 @@ +--- sql/mysqld.cc.orig 2019-11-26 16:53:45 UTC ++++ sql/mysqld.cc +@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss + *opt_ssl_crlpath= NULL; + + #ifdef HAVE_OPENSSL +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #include <openssl/crypto.h> + typedef struct CRYPTO_dynlock_value + { +@@ -2029,7 +2029,7 @@ static void clean_up_mutexes() + mysql_mutex_destroy(&LOCK_connection_count); + #ifdef HAVE_OPENSSL + mysql_mutex_destroy(&LOCK_des_key_file); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + for (int i= 0; i < CRYPTO_num_locks(); ++i) + mysql_rwlock_destroy(&openssl_stdlocks[i].lock); + OPENSSL_free(openssl_stdlocks); +@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc + + // Clean up errors now, before possibly waiting for a new connection. + #ifndef EMBEDDED_LIBRARY +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + #endif +@@ -4252,7 +4252,7 @@ static int init_thread_environment() + #ifdef HAVE_OPENSSL + mysql_mutex_init(key_LOCK_des_key_file, + &LOCK_des_key_file, MY_MUTEX_INIT_FAST); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() * + sizeof(openssl_lock_t)); + for (int i= 0; i < CRYPTO_num_locks(); ++i) +@@ -4301,7 +4301,7 @@ static int init_thread_environment() + OpenSSL 1.1 supports native platform threads, + so we don't need the following callback functions. + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + static unsigned long openssl_id_function() + { +@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc + static int init_ssl() + { + #ifdef HAVE_OPENSSL +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_malloc_init(); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + OPENSSL_malloc_init(); +@@ -4392,7 +4392,7 @@ static int init_ssl() + opt_ssl_cipher, &error, + opt_ssl_crl, opt_ssl_crlpath); + DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + if (!ssl_acceptor_fd) diff --git a/databases/mysql56-server/files/patch-vio_vio.c b/databases/mysql56-server/files/patch-vio_vio.c new file mode 100644 index 000000000000..042c4d65e8f2 --- /dev/null +++ b/databases/mysql56-server/files/patch-vio_vio.c @@ -0,0 +1,11 @@ +--- vio/vio.c.orig 2019-11-26 16:53:45 UTC ++++ vio/vio.c +@@ -394,7 +394,7 @@ void vio_end(void) + { + #if defined(HAVE_OPENSSL) + // This one is needed on the client side +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + ERR_free_strings(); diff --git a/databases/mysql56-server/files/patch-vio_viossl.c b/databases/mysql56-server/files/patch-vio_viossl.c new file mode 100644 index 000000000000..3180abbd7f0f --- /dev/null +++ b/databases/mysql56-server/files/patch-vio_viossl.c @@ -0,0 +1,11 @@ +--- vio/viossl.c.orig 2019-11-26 16:53:45 UTC ++++ vio/viossl.c +@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + for (j = 0; j < n; j++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); diff --git a/databases/mysql56-server/files/patch-vio_viosslfactories.c b/databases/mysql56-server/files/patch-vio_viosslfactories.c new file mode 100644 index 000000000000..d6a164910a0d --- /dev/null +++ b/databases/mysql56-server/files/patch-vio_viosslfactories.c @@ -0,0 +1,20 @@ +--- vio/viosslfactories.c.orig 2019-11-26 16:53:45 UTC ++++ vio/viosslfactories.c +@@ -91,7 +91,7 @@ static DH *get_dh2048(void) + DH_free(dh); + return NULL; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + dh->p= p; + dh->g= g; + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + + if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ? +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSLv23_client_method() : + SSLv23_server_method() + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |