From owner-svn-ports-head@freebsd.org Wed Feb 3 02:09:31 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 181A04FD6F0; Wed, 3 Feb 2021 02:09:31 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DVlVf6yqqz4sJx; Wed, 3 Feb 2021 02:09:30 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1A8018E42; Wed, 3 Feb 2021 02:09:30 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 11329UHm048887; Wed, 3 Feb 2021 02:09:30 GMT (envelope-from fluffy@FreeBSD.org) Received: (from fluffy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 11329SgI048874; Wed, 3 Feb 2021 02:09:28 GMT (envelope-from fluffy@FreeBSD.org) Message-Id: <202102030209.11329SgI048874@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: fluffy set sender to fluffy@FreeBSD.org using -f From: Dima Panov Date: Wed, 3 Feb 2021 02:09:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r563859 - in head/databases: mysql80-client mysql80-server mysql80-server/files X-SVN-Group: ports-head X-SVN-Commit-Author: fluffy X-SVN-Commit-Paths: in head/databases: mysql80-client mysql80-server mysql80-server/files X-SVN-Commit-Revision: 563859 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 02:09:31 -0000 Author: fluffy Date: Wed Feb 3 02:09:28 2021 New Revision: 563859 URL: https://svnweb.freebsd.org/changeset/ports/563859 Log: databases/mysql80*: update to 8.0.23 Disable detect of TLSv1.3 functions - it's broken with LibreSSL Release Notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html Requested by: joneum Added: head/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc - copied unchanged from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc head/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc - copied unchanged from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc head/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc - copied unchanged from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc head/databases/mysql80-server/files/patch-sql_item.h (contents, props changed) head/databases/mysql80-server/files/patch-ssl__init__callback.cc (contents, props changed) Deleted: head/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc head/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc head/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc Modified: head/databases/mysql80-client/Makefile head/databases/mysql80-server/Makefile head/databases/mysql80-server/distinfo head/databases/mysql80-server/files/patch-cmake_ssl.cmake head/databases/mysql80-server/files/patch-man_CMakeLists.txt head/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c head/databases/mysql80-server/files/patch-vio_viosslfactories.cc head/databases/mysql80-server/pkg-plist Modified: head/databases/mysql80-client/Makefile ============================================================================== --- head/databases/mysql80-client/Makefile Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-client/Makefile Wed Feb 3 02:09:28 2021 (r563859) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= mysql -PORTREVISION= 2 +PORTREVISION= 0 PKGNAMESUFFIX= 80-client COMMENT= Multithreaded SQL database (client) Modified: head/databases/mysql80-server/Makefile ============================================================================== --- head/databases/mysql80-server/Makefile Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/Makefile Wed Feb 3 02:09:28 2021 (r563859) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME?= mysql -PORTVERSION= 8.0.22 -PORTREVISION?= 2 +PORTVERSION= 8.0.23 +PORTREVISION?= 0 CATEGORIES= databases MASTER_SITES= MYSQL/MySQL-8.0 PKGNAMESUFFIX?= 80-server @@ -17,7 +17,7 @@ LICENSE= GPLv2 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}${DISTVERSIONSUFFIX} SLAVEDIRS= databases/mysql80-client -USES= bison:build cmake:noninja compiler:c++14-lang cpe \ +USES= bison:build cmake:noninja compiler:c++17-lang cpe \ groff:run libedit localbase ncurses perl5 pkgconfig shebangfix ssl USE_CXXSTD= c++14 @@ -185,10 +185,19 @@ SUB_LIST+= LEGACY_LIMITS="" MODERN_LIMITS="@comment " .include -.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109 -BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} -CC= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} +.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109 || ${ARCH} == "i386" +BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} +CC= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} +CPP= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} CXX= ${LOCALBASE}/bin/clang++${LLVM_DEFAULT} +.endif + +.if ${ARCH} == "i386" && ${OSVERSION} < 1200000 +# clang 7.x and 8.x do not build properly on 11i386 +CPP= clang-cpp${LLVM_DEFAULT} +CC= clang${LLVM_DEFAULT} +CXX= clang++${LLVM_DEFAULT} +BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} .endif post-extract: Modified: head/databases/mysql80-server/distinfo ============================================================================== --- head/databases/mysql80-server/distinfo Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/distinfo Wed Feb 3 02:09:28 2021 (r563859) @@ -1,3 +1,3 @@ -TIMESTAMP = 1603183848 -SHA256 (mysql-boost-8.0.22.tar.gz) = ba765f74367c638d7cd1c546c05c14382fd997669bcd9680278e907f8d7eb484 -SIZE (mysql-boost-8.0.22.tar.gz) = 285934450 +TIMESTAMP = 1611995725 +SHA256 (mysql-boost-8.0.23.tar.gz) = 1c7a424303c134758e59607a0b3172e43a21a27ff08e8c88c2439ffd4fc724a5 +SIZE (mysql-boost-8.0.23.tar.gz) = 291039175 Modified: head/databases/mysql80-server/files/patch-cmake_ssl.cmake ============================================================================== --- head/databases/mysql80-server/files/patch-cmake_ssl.cmake Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/files/patch-cmake_ssl.cmake Wed Feb 3 02:09:28 2021 (r563859) @@ -9,14 +9,15 @@ ) STRING(REGEX REPLACE "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1" -@@ -214,13 +214,14 @@ MACRO (MYSQL_CHECK_SSL) +@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL) OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" ) ENDIF() - IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +- ADD_DEFINITIONS(-DHAVE_TLSv13) + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND Modified: head/databases/mysql80-server/files/patch-man_CMakeLists.txt ============================================================================== --- head/databases/mysql80-server/files/patch-man_CMakeLists.txt Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/files/patch-man_CMakeLists.txt Wed Feb 3 02:09:28 2021 (r563859) @@ -1,6 +1,6 @@ --- man/CMakeLists.txt.orig 2020-10-20 11:47:42.675974000 +0200 +++ man/CMakeLists.txt 2020-10-20 13:53:03.993879000 +0200 -@@ -23,21 +23,10 @@ +@@ -23,26 +23,14 @@ # Copy man pages SET(MAN1 comp_err.1 @@ -22,6 +22,11 @@ mysqladmin.1 mysqlbinlog.1 mysqlcheck.1 + mysqldump.1 +- mysqldumpslow.1 + mysqlimport.1 + mysqlman.1 + mysqlpump.1 @@ -52,13 +41,23 @@ SET(MAN1 zlib_decompress.1 ) Modified: head/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c ============================================================================== --- head/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c Wed Feb 3 02:09:28 2021 (r563859) @@ -1,6 +1,51 @@ --- plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc.orig 2019-09-20 08:30:51 UTC +++ plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc -@@ -329,6 +329,7 @@ error: +@@ -175,7 +175,7 @@ SSL_CTX *client_ctx = NULL; + static long process_tls_version(const char *tls_version) { + const char *separator = ", "; + char *token = NULL; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2", + "TLSv1.3"}; + #else +@@ -184,7 +184,7 @@ static long process_tls_version(const char *tls_versio + #define TLS_VERSIONS_COUNTS \ + (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list)) + unsigned int tls_versions_count = TLS_VERSIONS_COUNTS; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const long tls_ctx_list[TLS_VERSIONS_COUNTS] = { + SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3}; + const char *ctx_flag_default = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"; +@@ -240,7 +240,7 @@ static int configure_ssl_algorithms( + long ssl_ctx_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + char cipher_list[SSL_CIPHER_LIST_SIZE] = {0}; + long ssl_ctx_flags = -1; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + int tlsv1_3_enabled = 0; + #endif /* HAVE_TLSv13 */ + +@@ -253,7 +253,7 @@ static int configure_ssl_algorithms( + goto error; + } + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) & + (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3); +@@ -265,7 +265,7 @@ static int configure_ssl_algorithms( + + SSL_CTX_set_options(ssl_ctx, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + tlsv1_3_enabled = ((ssl_ctx_options & SSL_OP_NO_TLSv1_3) == 0); + if (tlsv1_3_enabled) { + /* Set OpenSSL TLS v1.3 ciphersuites. +@@ -325,6 +325,7 @@ error: return 1; } @@ -8,7 +53,7 @@ #define OPENSSL_ERROR_LENGTH 512 static int configure_ssl_fips_mode(const uint fips_mode) { int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mod +@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mod EXIT: return rc; } @@ -16,7 +61,7 @@ static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const c +@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const c int verify_server = SSL_VERIFY_NONE; int verify_client = SSL_VERIFY_NONE; @@ -29,3 +74,21 @@ SSL_library_init(); SSL_load_error_strings(); +@@ -563,7 +567,7 @@ int xcom_init_ssl(const char *server_key_file, const c + } + + G_DEBUG("Configuring SSL for the server") +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + server_ctx = SSL_CTX_new(TLS_server_method()); + #else + server_ctx = SSL_CTX_new(SSLv23_server_method()); +@@ -582,7 +586,7 @@ int xcom_init_ssl(const char *server_key_file, const c + SSL_CTX_set_verify(server_ctx, verify_server, NULL); + + G_DEBUG("Configuring SSL for the client") +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + client_ctx = SSL_CTX_new(TLS_client_method()); + #else + client_ctx = SSL_CTX_new(SSLv23_client_method()); Copied: head/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc (from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc Wed Feb 3 02:09:28 2021 (r563859, copy of r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc) @@ -0,0 +1,11 @@ +--- router/src/http/src/tls_client_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/http/src/tls_client_context.cc +@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { + + void TlsClientContext::cipher_suites(const std::string &ciphers) { + // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites() +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) ++#ifdef TLS1_3_VERSION + if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { + throw TlsError("set-cipher-suites"); + } Copied: head/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc (from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc Wed Feb 3 02:09:28 2021 (r563859, copy of r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc) @@ -0,0 +1,44 @@ +--- router/src/http/src/tls_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/http/src/tls_context.cc +@@ -91,7 +91,7 @@ static constexpr int o11x_version(TlsVersion version) + return TLS1_1_VERSION; + case TlsVersion::TLS_1_2: + return TLS1_2_VERSION; +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) ++#ifdef TLS1_3_VERSION + case TlsVersion::TLS_1_3: + return TLS1_3_VERSION; + #endif +@@ -121,9 +121,11 @@ void TlsContext::version_range(TlsVersion min_version, + default: + // unknown, leave all disabled + // fallthrough ++#ifdef TLS1_3_VERSION + case TlsVersion::TLS_1_3: + opts |= SSL_OP_NO_TLSv1_2; + // fallthrough ++#endif + case TlsVersion::TLS_1_2: + opts |= SSL_OP_NO_TLSv1_1; + // fallthrough +@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const { + return TlsVersion::TLS_1_1; + case TLS1_2_VERSION: + return TlsVersion::TLS_1_2; ++#ifdef TLS1_3_VERSION + case TLS1_3_VERSION: + return TlsVersion::TLS_1_3; ++#endif + case 0: + return TlsVersion::AUTO; + default: +@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() c + } + + int TlsContext::security_level() const { +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) ++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + return SSL_CTX_get_security_level(ssl_ctx_.get()); + #else + return 0; Copied: head/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc (from r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc Wed Feb 3 02:09:28 2021 (r563859, copy of r563858, head/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc) @@ -0,0 +1,12 @@ +--- router/src/http/src/tls_server_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/http/src/tls_server_context.cc +@@ -166,7 +166,8 @@ void TlsServerContext::init_tmp_dh(const std::string & + } + + } else { +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) ++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + dh2048.reset(DH_get_2048_256()); + #else + /* Added: head/databases/mysql80-server/files/patch-sql_item.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mysql80-server/files/patch-sql_item.h Wed Feb 3 02:09:28 2021 (r563859) @@ -0,0 +1,18 @@ +--- sql/item.h.orig 2020-12-11 07:42:20 UTC ++++ sql/item.h +@@ -3380,13 +3380,13 @@ class Item_sp_variable : public Item { + Name_string m_name; + + public: +-#ifndef DBUG_OFF ++//#ifndef DBUG_OFF + /* + Routine to which this Item_splocal belongs. Used for checking if correct + runtime context is used for variable handling. + */ + sp_head *m_sp{nullptr}; +-#endif ++//#endif + + public: + Item_sp_variable(const Name_string sp_var_name); Added: head/databases/mysql80-server/files/patch-ssl__init__callback.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/databases/mysql80-server/files/patch-ssl__init__callback.cc Wed Feb 3 02:09:28 2021 (r563859) @@ -0,0 +1,20 @@ +--- sql/ssl_init_callback.cc.orig 2020-12-11 07:42:20 UTC ++++ sql/ssl_init_callback.cc +@@ -88,7 +88,7 @@ static Sys_var_charptr Sys_tls_version( + "TLS version, permitted values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3", + PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), + CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3", + #else + "TLSv1,TLSv1.1,TLSv1.2", +@@ -154,7 +154,7 @@ static Sys_var_charptr Sys_admin_tls_version( + "TLSv1.2, TLSv1.3", + PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), + CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3", + #else + "TLSv1,TLSv1.1,TLSv1.2", Modified: head/databases/mysql80-server/files/patch-vio_viosslfactories.cc ============================================================================== --- head/databases/mysql80-server/files/patch-vio_viosslfactories.cc Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/files/patch-vio_viosslfactories.cc Wed Feb 3 02:09:28 2021 (r563859) @@ -1,14 +1,14 @@ --- vio/viosslfactories.cc.orig 2019-09-20 08:30:51 UTC +++ vio/viosslfactories.cc -@@ -38,6 +38,7 @@ +@@ -40,6 +40,7 @@ + #include "vio/vio_priv.h" - #ifdef HAVE_OPENSSL #include +#include - #define TLS_VERSION_OPTION_SIZE 256 - #define SSL_CIPHER_LIST_SIZE 4096 -@@ -420,6 +421,7 @@ void ssl_start() { + #if OPENSSL_VERSION_NUMBER < 0x10002000L + #include +@@ -472,6 +473,7 @@ void ssl_start() { } } @@ -16,7 +16,7 @@ /** Set fips mode in openssl library, When we set fips mode ON/STRICT, it will perform following operations: -@@ -473,6 +475,7 @@ EXIT: +@@ -525,12 +527,13 @@ EXIT: @returns openssl current fips mode */ uint get_fips_mode() { return FIPS_mode(); } @@ -24,3 +24,37 @@ long process_tls_version(const char *tls_version) { const char *separator = ","; + char *token, *lasts = nullptr; + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2", + "TLSv1.3"}; + const char ctx_flag_default[] = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"; +@@ -609,7 +612,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) & + (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET); +@@ -618,7 +621,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + return nullptr; + + if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ? +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + TLS_client_method() + : TLS_server_method() + #else /* HAVE_TLSv13 */ +@@ -633,7 +636,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + return nullptr; + } + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + Set OpenSSL TLS v1.3 ciphersuites. + Note that an empty list is permissible. Modified: head/databases/mysql80-server/pkg-plist ============================================================================== --- head/databases/mysql80-server/pkg-plist Wed Feb 3 02:02:58 2021 (r563858) +++ head/databases/mysql80-server/pkg-plist Wed Feb 3 02:09:28 2021 (r563859) @@ -26,6 +26,8 @@ lib/mysql/libmysqlharness.so lib/mysql/libmysqlharness.so.1 lib/mysql/libmysqlharness_stdx.so lib/mysql/libmysqlharness_stdx.so.1 +lib/mysql/libmysqlharness_tls.so +lib/mysql/libmysqlharness_tls.so.1 lib/mysql/libmysqlrouter.so lib/mysql/libmysqlrouter.so.1 lib/mysql/libmysqlrouter_http.so @@ -42,12 +44,12 @@ lib/mysql/mysqlrouter/http_server.so lib/mysql/mysqlrouter/io.so lib/mysql/mysqlrouter/keepalive.so lib/mysql/mysqlrouter/metadata_cache.so -lib/mysql/mysqlrouter/mysql_protocol.so lib/mysql/mysqlrouter/rest_api.so lib/mysql/mysqlrouter/rest_metadata_cache.so lib/mysql/mysqlrouter/rest_router.so lib/mysql/mysqlrouter/rest_routing.so lib/mysql/mysqlrouter/router_protobuf.so +lib/mysql/mysqlrouter/router_openssl.so lib/mysql/mysqlrouter/routing.so lib/mysql/plugin/adt_null.so lib/mysql/plugin/auth.so @@ -64,6 +66,8 @@ lib/mysql/plugin/component_mysqlbackup.so lib/mysql/plugin/component_mysqlx_global_reset.so lib/mysql/plugin/component_pfs_example.so lib/mysql/plugin/component_pfs_example_component_population.so +lib/mysql/plugin/component_query_attributes.so +lib/mysql/plugin/component_reference_cache.so lib/mysql/plugin/component_test_audit_api_message.so lib/mysql/plugin/component_test_backup_lock_service.so lib/mysql/plugin/component_test_component_deinit.so @@ -124,6 +128,7 @@ lib/mysql/plugin/libtest_sql_processlist.so lib/mysql/plugin/libtest_sql_replication.so lib/mysql/plugin/libtest_sql_reset_connection.so lib/mysql/plugin/libtest_sql_shutdown.so +lib/mysql/plugin/libtest_sql_sleep_is_connected.so lib/mysql/plugin/libtest_sql_sqlmode.so lib/mysql/plugin/libtest_sql_stmt.so lib/mysql/plugin/libtest_sql_stored_procedures_functions.so