From owner-svn-ports-all@freebsd.org Thu Jul 9 21:57:53 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8F6B83578E4; Thu, 9 Jul 2020 21:57:53 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B2qmK3FDfz3SW7; Thu, 9 Jul 2020 21:57:53 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5386B17A5D; Thu, 9 Jul 2020 21:57:53 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 069LvrLM089032; Thu, 9 Jul 2020 21:57:53 GMT (envelope-from joneum@FreeBSD.org) Received: (from joneum@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 069LvrL5089031; Thu, 9 Jul 2020 21:57:53 GMT (envelope-from joneum@FreeBSD.org) Message-Id: <202007092157.069LvrL5089031@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: joneum set sender to joneum@FreeBSD.org using -f From: Jochen Neumeister Date: Thu, 9 Jul 2020 21:57:53 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r541826 - branches/2020Q3/databases/mysql57-client/files X-SVN-Group: ports-branches X-SVN-Commit-Author: joneum X-SVN-Commit-Paths: branches/2020Q3/databases/mysql57-client/files X-SVN-Commit-Revision: 541826 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2020 21:57:53 -0000 Author: joneum Date: Thu Jul 9 21:57:52 2020 New Revision: 541826 URL: https://svnweb.freebsd.org/changeset/ports/541826 Log: MFH: r541739 databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL. Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL. This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash. The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. https://github.com/openssl/openssl/issues/12368 PR: 247803 Reported by: eugen Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Modified: branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake Directory Properties: branches/2020Q3/ (props changed) Modified: branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake Thu Jul 9 21:56:07 2020 (r541825) +++ branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake Thu Jul 9 21:57:52 2020 (r541826) @@ -1,27 +1,48 @@ ---- cmake/ssl.cmake.orig 2019-12-06 10:41:47 UTC -+++ cmake/ssl.cmake -@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL) +--- cmake/ssl.cmake.orig 2020-07-08 22:29:14.999896000 +0200 ++++ cmake/ssl.cmake 2020-07-08 22:44:05.251931000 +0200 +@@ -150,22 +150,12 @@ MACRO (MYSQL_CHECK_SSL) + MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}") + ENDIF() + +- # On mac this list is <.dylib;.so;.a> +- # We prefer static libraries, so we reverse it here. +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- MESSAGE(STATUS "suffixes <${CMAKE_FIND_LIBRARY_SUFFIXES}>") +- ENDIF() +- + FIND_LIBRARY(OPENSSL_LIBRARY + NAMES ssl libssl ssleay32 ssleay32MD + HINTS ${OPENSSL_ROOT_DIR}/lib) + FIND_LIBRARY(CRYPTO_LIBRARY + NAMES crypto libcrypto libeay32 + HINTS ${OPENSSL_ROOT_DIR}/lib) +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- ENDIF() + + IF(OPENSSL_INCLUDE_DIR) + # Verify version number. Version information looks like: +@@ -193,7 +183,8 @@ MACRO (MYSQL_CHECK_SSL) ) SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") - IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION) ADD_DEFINITIONS(-DHAVE_TLSv13) SET(HAVE_TLSv13 1) IF(SOLARIS) -@@ -203,7 +204,13 @@ MACRO (MYSQL_CHECK_SSL) - IF(OPENSSL_INCLUDE_DIR AND +@@ -204,6 +195,12 @@ MACRO (MYSQL_CHECK_SSL) OPENSSL_LIBRARY AND CRYPTO_LIBRARY AND -- OPENSSL_MAJOR_VERSION STREQUAL "1" -+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" -+ ) -+ SET(OPENSSL_FOUND TRUE) -+ ELSEIF(OPENSSL_INCLUDE_DIR AND -+ OPENSSL_LIBRARY AND -+ CRYPTO_LIBRARY AND -+ OPENSSL_MAJOR_VERSION STREQUAL "2" + OPENSSL_MAJOR_VERSION STREQUAL "1" ++ ) ++ SET(OPENSSL_FOUND TRUE) ++ ELSEIF(OPENSSL_INCLUDE_DIR AND ++ OPENSSL_LIBRARY AND ++ CRYPTO_LIBRARY AND ++ OPENSSL_MAJOR_VERSION STREQUAL "2" ) SET(OPENSSL_FOUND TRUE) ELSE()