Date: Fri, 5 Feb 2021 18:45:03 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r564147 - in branches/2021Q1/databases: mysql56-client/files mysql56-server mysql56-server/files mysql57-client/files mysql57-server mysql57-server/files mysql80-client mysql80-server m... Message-ID: <202102051845.115Ij3iC059751@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Fri Feb 5 18:45:03 2021 New Revision: 564147 URL: https://svnweb.freebsd.org/changeset/ports/564147 Log: Commit mysql56, mysql57 and mysql80 to 2021Q1. https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL Security: 31344707-5d87-11eb-929d-d4c9ef517024 Sponsored by: Netzkommune GmbH Added: branches/2021Q1/databases/mysql57-server/files/patch-sql_locks_shared__spin__lock.cc (contents, props changed) branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc (contents, props changed) branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc (contents, props changed) branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc (contents, props changed) branches/2021Q1/databases/mysql80-server/files/patch-sql_item.h (contents, props changed) branches/2021Q1/databases/mysql80-server/files/patch-ssl__init__callback.cc (contents, props changed) Deleted: branches/2021Q1/databases/mysql80-server/files/patch-router_src_http_src_tls__client__context.cc branches/2021Q1/databases/mysql80-server/files/patch-router_src_http_src_tls__context.cc branches/2021Q1/databases/mysql80-server/files/patch-router_src_http_src_tls__server__context.cc Modified: branches/2021Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake branches/2021Q1/databases/mysql56-client/files/patch-vio_viossl.c branches/2021Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c branches/2021Q1/databases/mysql56-server/Makefile branches/2021Q1/databases/mysql56-server/distinfo branches/2021Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake branches/2021Q1/databases/mysql56-server/files/patch-vio_viossl.c branches/2021Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c branches/2021Q1/databases/mysql57-client/files/patch-cmake_ssl.cmake branches/2021Q1/databases/mysql57-client/files/patch-vio_viosslfactories.c branches/2021Q1/databases/mysql57-server/Makefile branches/2021Q1/databases/mysql57-server/distinfo branches/2021Q1/databases/mysql57-server/files/patch-cmake_ssl.cmake branches/2021Q1/databases/mysql57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c branches/2021Q1/databases/mysql57-server/files/patch-vio_viosslfactories.c branches/2021Q1/databases/mysql80-client/Makefile branches/2021Q1/databases/mysql80-server/Makefile branches/2021Q1/databases/mysql80-server/distinfo branches/2021Q1/databases/mysql80-server/files/patch-client_CMakeLists.txt branches/2021Q1/databases/mysql80-server/files/patch-cmake_ssl.cmake branches/2021Q1/databases/mysql80-server/files/patch-man_CMakeLists.txt branches/2021Q1/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_CMakeLists.txt branches/2021Q1/databases/mysql80-server/files/patch-vio_viosslfactories.cc branches/2021Q1/databases/mysql80-server/pkg-plist Modified: branches/2021Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2021Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-client/files/patch-cmake_ssl.cmake Fri Feb 5 18:45:03 2021 (r564147) @@ -5,9 +5,10 @@ ) ENDIF() - IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +- ADD_DEFINITIONS(-DHAVE_TLSv13) + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND Modified: branches/2021Q1/databases/mysql56-client/files/patch-vio_viossl.c ============================================================================== --- branches/2021Q1/databases/mysql56-client/files/patch-vio_viossl.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-client/files/patch-vio_viossl.c Fri Feb 5 18:45:03 2021 (r564147) @@ -1,5 +1,14 @@ --- vio/viossl.c.orig 2019-11-26 16:53:45 UTC +++ vio/viossl.c +@@ -385,7 +385,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout)); + SSL_clear(ssl); + SSL_set_fd(ssl, sd); +-#if defined(SSL_OP_NO_COMPRESSION) ++#if defined(SSL_OP_NO_COMPRESSION) && !defined(LIBRESSL_VERSION_NUMBER) + SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); /* OpenSSL >= 1.0 only */ + #elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */ + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); @@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, for (j = 0; j < n; j++) { Modified: branches/2021Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c ============================================================================== --- branches/2021Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-client/files/patch-vio_viosslfactories.c Fri Feb 5 18:45:03 2021 (r564147) @@ -9,6 +9,15 @@ dh->p= p; dh->g= g; #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -226,7 +226,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.6 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + SSL_OP_NO_TLSv1_3 | + #endif /* HAVE_TLSv13 */ + SSL_OP_NO_TICKET; @@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi DBUG_RETURN(0); @@ -18,3 +27,12 @@ SSLv23_client_method() : SSLv23_server_method() #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -268,7 +268,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + MySQL 5.6 doesn't support TLSv1.3 - set empty TLSv1.3 ciphersuites. + */ Modified: branches/2021Q1/databases/mysql56-server/Makefile ============================================================================== --- branches/2021Q1/databases/mysql56-server/Makefile Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-server/Makefile Fri Feb 5 18:45:03 2021 (r564147) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= mysql -PORTVERSION= 5.6.50 +PORTVERSION= 5.6.51 PORTREVISION?= 0 CATEGORIES= databases MASTER_SITES= MYSQL/MySQL-5.6 Modified: branches/2021Q1/databases/mysql56-server/distinfo ============================================================================== --- branches/2021Q1/databases/mysql56-server/distinfo Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-server/distinfo Fri Feb 5 18:45:03 2021 (r564147) @@ -1,3 +1,3 @@ -TIMESTAMP = 1603108497 -SHA256 (mysql-5.6.50.tar.gz) = efc48d8160a66b50fc498bb42ea730c3b6f30f036b709a7070d356edd645923e -SIZE (mysql-5.6.50.tar.gz) = 32409084 +TIMESTAMP = 1611992804 +SHA256 (mysql-5.6.51.tar.gz) = 262ccaf2930fca1f33787505dd125a7a04844f40d3421289a51974b5935d9abc +SIZE (mysql-5.6.51.tar.gz) = 32411131 Modified: branches/2021Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2021Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:45:03 2021 (r564147) @@ -5,9 +5,10 @@ ) ENDIF() - IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +- ADD_DEFINITIONS(-DHAVE_TLSv13) + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND Modified: branches/2021Q1/databases/mysql56-server/files/patch-vio_viossl.c ============================================================================== --- branches/2021Q1/databases/mysql56-server/files/patch-vio_viossl.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-server/files/patch-vio_viossl.c Fri Feb 5 18:45:03 2021 (r564147) @@ -1,5 +1,14 @@ --- vio/viossl.c.orig 2019-11-26 16:53:45 UTC +++ vio/viossl.c +@@ -385,7 +385,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout)); + SSL_clear(ssl); + SSL_set_fd(ssl, sd); +-#if defined(SSL_OP_NO_COMPRESSION) ++#if defined(SSL_OP_NO_COMPRESSION) && !defined(LIBRESSL_VERSION_NUMBER) + SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); /* OpenSSL >= 1.0 only */ + #elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */ + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); @@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, for (j = 0; j < n; j++) { Modified: branches/2021Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c ============================================================================== --- branches/2021Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql56-server/files/patch-vio_viosslfactories.c Fri Feb 5 18:45:03 2021 (r564147) @@ -9,6 +9,15 @@ dh->p= p; dh->g= g; #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -226,7 +226,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.6 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + SSL_OP_NO_TLSv1_3 | + #endif /* HAVE_TLSv13 */ + SSL_OP_NO_TICKET; @@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi DBUG_RETURN(0); @@ -18,3 +27,12 @@ SSLv23_client_method() : SSLv23_server_method() #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +@@ -268,7 +268,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + MySQL 5.6 doesn't support TLSv1.3 - set empty TLSv1.3 ciphersuites. + */ Modified: branches/2021Q1/databases/mysql57-client/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2021Q1/databases/mysql57-client/files/patch-cmake_ssl.cmake Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-client/files/patch-cmake_ssl.cmake Fri Feb 5 18:45:03 2021 (r564147) @@ -1,5 +1,5 @@ ---- cmake/ssl.cmake.orig 2020-07-08 22:29:14.999896000 +0200 -+++ cmake/ssl.cmake 2020-07-08 22:44:05.251931000 +0200 +--- cmake/ssl.cmake.orig 2019-12-06 10:41:47 UTC ++++ cmake/ssl.cmake @@ -150,22 +150,12 @@ MACRO (MYSQL_CHECK_SSL) MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}") ENDIF() @@ -23,26 +23,32 @@ IF(OPENSSL_INCLUDE_DIR) # Verify version number. Version information looks like: -@@ -193,7 +183,8 @@ MACRO (MYSQL_CHECK_SSL) +@@ -193,9 +183,10 @@ MACRO (MYSQL_CHECK_SSL) ) SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") - IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) - SET(HAVE_TLSv13 1) +- ADD_DEFINITIONS(-DHAVE_TLSv13) +- SET(HAVE_TLSv13 1) ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #SET(HAVE_TLSv13 1) IF(SOLARIS) -@@ -204,6 +195,12 @@ MACRO (MYSQL_CHECK_SSL) + SET(FORCE_SSL_SOLARIS "-Wl,--undefined,address_of_sk_new_null") + ENDIF() +@@ -203,7 +204,13 @@ MACRO (MYSQL_CHECK_SSL) + IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND CRYPTO_LIBRARY AND - OPENSSL_MAJOR_VERSION STREQUAL "1" -+ ) -+ SET(OPENSSL_FOUND TRUE) -+ ELSEIF(OPENSSL_INCLUDE_DIR AND -+ OPENSSL_LIBRARY AND -+ CRYPTO_LIBRARY AND -+ OPENSSL_MAJOR_VERSION STREQUAL "2" +- OPENSSL_MAJOR_VERSION STREQUAL "1" ++ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" ++ ) ++ SET(OPENSSL_FOUND TRUE) ++ ELSEIF(OPENSSL_INCLUDE_DIR AND ++ OPENSSL_LIBRARY AND ++ CRYPTO_LIBRARY AND ++ OPENSSL_MAJOR_VERSION STREQUAL "2" ) SET(OPENSSL_FOUND TRUE) ELSE() Modified: branches/2021Q1/databases/mysql57-client/files/patch-vio_viosslfactories.c ============================================================================== --- branches/2021Q1/databases/mysql57-client/files/patch-vio_viosslfactories.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-client/files/patch-vio_viosslfactories.c Fri Feb 5 18:45:03 2021 (r564147) @@ -33,3 +33,30 @@ } return(dh); } +@@ -503,7 +501,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ; +@@ -536,7 +534,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET +@@ -559,7 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + MySQL 5.7 doesn't support TLSv1.3 - set empty TLSv1.3 ciphersuites. + */ Modified: branches/2021Q1/databases/mysql57-server/Makefile ============================================================================== --- branches/2021Q1/databases/mysql57-server/Makefile Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-server/Makefile Fri Feb 5 18:45:03 2021 (r564147) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= mysql -PORTVERSION= 5.7.32 +PORTVERSION= 5.7.33 PORTREVISION?= 0 CATEGORIES= databases MASTER_SITES= MYSQL/MySQL-5.7 Modified: branches/2021Q1/databases/mysql57-server/distinfo ============================================================================== --- branches/2021Q1/databases/mysql57-server/distinfo Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-server/distinfo Fri Feb 5 18:45:03 2021 (r564147) @@ -1,3 +1,3 @@ -TIMESTAMP = 1603133127 -SHA256 (mysql-boost-5.7.32.tar.gz) = 9a8a04a2b0116ccff9a8d8aace07aaeaacf47329b701c5dfa9fa4351d3f1933b -SIZE (mysql-boost-5.7.32.tar.gz) = 52882168 +TIMESTAMP = 1612332815 +SHA256 (mysql-boost-5.7.33.tar.gz) = cfcaf6f37a055d808fe1472eb0359864e2227aa0206c55c4e1961bab2ecc304b +SIZE (mysql-boost-5.7.33.tar.gz) = 52912380 Modified: branches/2021Q1/databases/mysql57-server/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2021Q1/databases/mysql57-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:45:03 2021 (r564147) @@ -1,15 +1,42 @@ --- cmake/ssl.cmake.orig 2019-12-06 10:41:47 UTC +++ cmake/ssl.cmake -@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL) +@@ -150,22 +150,12 @@ MACRO (MYSQL_CHECK_SSL) + MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}") + ENDIF() + +- # On mac this list is <.dylib;.so;.a> +- # We prefer static libraries, so we reverse it here. +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- MESSAGE(STATUS "suffixes <${CMAKE_FIND_LIBRARY_SUFFIXES}>") +- ENDIF() +- + FIND_LIBRARY(OPENSSL_LIBRARY + NAMES ssl libssl ssleay32 ssleay32MD + HINTS ${OPENSSL_ROOT_DIR}/lib) + FIND_LIBRARY(CRYPTO_LIBRARY + NAMES crypto libcrypto libeay32 + HINTS ${OPENSSL_ROOT_DIR}/lib) +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- ENDIF() + + IF(OPENSSL_INCLUDE_DIR) + # Verify version number. Version information looks like: +@@ -193,9 +183,10 @@ MACRO (MYSQL_CHECK_SSL) ) SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") - IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") +- ADD_DEFINITIONS(-DHAVE_TLSv13) +- SET(HAVE_TLSv13 1) + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) - SET(HAVE_TLSv13 1) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #SET(HAVE_TLSv13 1) IF(SOLARIS) + SET(FORCE_SSL_SOLARIS "-Wl,--undefined,address_of_sk_new_null") + ENDIF() @@ -203,7 +204,13 @@ MACRO (MYSQL_CHECK_SSL) IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND Modified: branches/2021Q1/databases/mysql57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c ============================================================================== --- branches/2021Q1/databases/mysql57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c Fri Feb 5 18:45:03 2021 (r564147) @@ -1,5 +1,31 @@ --- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig 2020-03-23 17:35:17 UTC +++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c +@@ -232,7 +232,7 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, + const char* tls_version) + { + DH *dh= NULL; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* We support TLS up to 1.2, so explicitly disable TLS 1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3; + #else +@@ -257,14 +257,14 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ); + + SSL_CTX_set_options(ssl_ctx, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* We do not support TLS 1.3. + Setting empty TLS 1.3 ciphersuites disables them. */ + if (SSL_CTX_set_ciphersuites(ssl_ctx, "") == 0) @@ -529,7 +529,7 @@ int xcom_init_ssl(const char *server_key_file, const c break e.g. ODBC clients (if the client also uses SSL). */ Added: branches/2021Q1/databases/mysql57-server/files/patch-sql_locks_shared__spin__lock.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql57-server/files/patch-sql_locks_shared__spin__lock.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,11 @@ +--- sql/locks/shared_spin_lock.cc.orig 2020-12-10 03:01:55 UTC ++++ sql/locks/shared_spin_lock.cc +@@ -239,7 +239,7 @@ lock::Shared_spin_lock &lock::Shared_spin_lock::try_or + { + this->spin_exclusive_lock(); + } +- my_atomic_store64(&this->m_exclusive_owner, self); ++ my_atomic_store64(&this->m_exclusive_owner, reinterpret_cast<int64>(self)); + return (*this); + } + Modified: branches/2021Q1/databases/mysql57-server/files/patch-vio_viosslfactories.c ============================================================================== --- branches/2021Q1/databases/mysql57-server/files/patch-vio_viosslfactories.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql57-server/files/patch-vio_viosslfactories.c Fri Feb 5 18:45:03 2021 (r564147) @@ -33,3 +33,30 @@ } return(dh); } +@@ -503,7 +501,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ; +@@ -536,7 +534,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET +@@ -559,7 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + MySQL 5.7 doesn't support TLSv1.3 - set empty TLSv1.3 ciphersuites. + */ Modified: branches/2021Q1/databases/mysql80-client/Makefile ============================================================================== --- branches/2021Q1/databases/mysql80-client/Makefile Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-client/Makefile Fri Feb 5 18:45:03 2021 (r564147) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= mysql -PORTREVISION= 1 +PORTREVISION= 0 PKGNAMESUFFIX= 80-client COMMENT= Multithreaded SQL database (client) Modified: branches/2021Q1/databases/mysql80-server/Makefile ============================================================================== --- branches/2021Q1/databases/mysql80-server/Makefile Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/Makefile Fri Feb 5 18:45:03 2021 (r564147) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME?= mysql -PORTVERSION= 8.0.22 -PORTREVISION?= 1 +PORTVERSION= 8.0.23 +PORTREVISION?= 0 CATEGORIES= databases MASTER_SITES= MYSQL/MySQL-8.0 PKGNAMESUFFIX?= 80-server @@ -17,7 +17,7 @@ LICENSE= GPLv2 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}${DISTVERSIONSUFFIX} SLAVEDIRS= databases/mysql80-client -USES= bison:build cmake:noninja compiler:c++14-lang cpe \ +USES= bison:build cmake:noninja compiler:c++17-lang cpe \ groff:run libedit localbase ncurses perl5 pkgconfig shebangfix ssl USE_CXXSTD= c++14 @@ -185,10 +185,19 @@ SUB_LIST+= LEGACY_LIMITS="" MODERN_LIMITS="@comment " .include <bsd.port.pre.mk> -.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109 -BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} -CC= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} +.if ${CHOSEN_COMPILER_TYPE} == clang && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1300109 || ${ARCH} == "i386" +BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} +CC= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} +CPP= ${LOCALBASE}/bin/clang${LLVM_DEFAULT} CXX= ${LOCALBASE}/bin/clang++${LLVM_DEFAULT} +.endif + +.if ${ARCH} == "i386" && ${OSVERSION} < 1200000 +# clang 7.x and 8.x do not build properly on 11i386 +CPP= clang-cpp${LLVM_DEFAULT} +CC= clang${LLVM_DEFAULT} +CXX= clang++${LLVM_DEFAULT} +BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} .endif post-extract: Modified: branches/2021Q1/databases/mysql80-server/distinfo ============================================================================== --- branches/2021Q1/databases/mysql80-server/distinfo Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/distinfo Fri Feb 5 18:45:03 2021 (r564147) @@ -1,3 +1,3 @@ -TIMESTAMP = 1603183848 -SHA256 (mysql-boost-8.0.22.tar.gz) = ba765f74367c638d7cd1c546c05c14382fd997669bcd9680278e907f8d7eb484 -SIZE (mysql-boost-8.0.22.tar.gz) = 285934450 +TIMESTAMP = 1611995725 +SHA256 (mysql-boost-8.0.23.tar.gz) = 1c7a424303c134758e59607a0b3172e43a21a27ff08e8c88c2439ffd4fc724a5 +SIZE (mysql-boost-8.0.23.tar.gz) = 291039175 Modified: branches/2021Q1/databases/mysql80-server/files/patch-client_CMakeLists.txt ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-client_CMakeLists.txt Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-client_CMakeLists.txt Fri Feb 5 18:45:03 2021 (r564147) @@ -1,6 +1,6 @@ --- client/CMakeLists.txt.orig 2019-09-20 08:30:51 UTC +++ client/CMakeLists.txt -@@ -23,8 +23,11 @@ +@@ -28,8 +28,11 @@ DISABLE_MISSING_PROFILE_WARNING() ## Subdirectory with common client code. ADD_SUBDIRECTORY(base) ## Subdirectory for mysqlpump code. @@ -12,15 +12,15 @@ MYSQL_ADD_EXECUTABLE(mysql ${CMAKE_SOURCE_DIR}/sql-common/net_ns.cc completion_hash.cc -@@ -33,6 +36,7 @@ MYSQL_ADD_EXECUTABLE(mysql - readline.cc +@@ -39,6 +42,7 @@ MYSQL_ADD_EXECUTABLE(mysql + client_query_attributes.cc LINK_LIBRARIES mysqlclient client_base ${EDITLINE_LIBRARY} ) +ENDIF() IF(NOT WITHOUT_SERVER) MYSQL_ADD_EXECUTABLE(mysql_upgrade -@@ -48,6 +52,7 @@ IF(SOLARIS_SPARC AND CMAKE_BUILD_TYPE_UPPER STREQUAL " +@@ -55,6 +59,7 @@ IF(SOLARIS_SPARC AND MY_COMPILER_IS_SUNPRO AND ) ENDIF() @@ -28,7 +28,7 @@ MYSQL_ADD_EXECUTABLE(mysqltest mysqltest.cc mysqltest/error_names.cc -@@ -63,6 +68,9 @@ MYSQL_ADD_EXECUTABLE(mysqltest +@@ -71,6 +76,9 @@ MYSQL_ADD_EXECUTABLE(mysqltest ENABLE_EXPORTS LINK_LIBRARIES mysqlclient ) @@ -38,15 +38,7 @@ MYSQL_ADD_EXECUTABLE(mysqlcheck check/mysqlcheck.cc check/mysqlcheck_core.cc -@@ -80,6 +88,7 @@ MYSQL_ADD_EXECUTABLE(mysqlshow - mysqlshow.cc - LINK_LIBRARIES mysqlclient - ) -+ - MYSQL_ADD_EXECUTABLE(mysqlbinlog - mysqlbinlog.cc - ${CMAKE_SOURCE_DIR}/sql/json_binary.cc -@@ -104,7 +113,9 @@ MYSQL_ADD_EXECUTABLE(mysqlbinlog +@@ -246,7 +254,9 @@ ENDIF() TARGET_COMPILE_DEFINITIONS(mysqlbinlog PRIVATE DISABLE_PSI_MUTEX) TARGET_INCLUDE_DIRECTORIES(mysqlbinlog PRIVATE ${CMAKE_SOURCE_DIR}/sql) @@ -56,7 +48,7 @@ MYSQL_ADD_EXECUTABLE(mysqladmin mysqladmin.cc LINK_LIBRARIES mysqlclient -@@ -117,6 +128,9 @@ MYSQL_ADD_EXECUTABLE(mysql_config_editor +@@ -259,6 +269,9 @@ MYSQL_ADD_EXECUTABLE(mysql_config_editor mysql_config_editor.cc LINK_LIBRARIES mysqlclient ) @@ -66,7 +58,7 @@ MYSQL_ADD_EXECUTABLE(mysql_secure_installation mysql_secure_installation.cc LINK_LIBRARIES mysqlclient -@@ -127,6 +141,7 @@ MYSQL_ADD_EXECUTABLE(mysql_ssl_rsa_setup +@@ -269,6 +282,7 @@ MYSQL_ADD_EXECUTABLE(mysql_ssl_rsa_setup path.cc LINK_LIBRARIES mysys ) Modified: branches/2021Q1/databases/mysql80-server/files/patch-cmake_ssl.cmake ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-cmake_ssl.cmake Fri Feb 5 18:45:03 2021 (r564147) @@ -9,14 +9,15 @@ ) STRING(REGEX REPLACE "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1" -@@ -214,13 +214,14 @@ MACRO (MYSQL_CHECK_SSL) +@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL) OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" ) ENDIF() - IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +- ADD_DEFINITIONS(-DHAVE_TLSv13) + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) ++ #ADD_DEFINITIONS(-DHAVE_TLSv13) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND Modified: branches/2021Q1/databases/mysql80-server/files/patch-man_CMakeLists.txt ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-man_CMakeLists.txt Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-man_CMakeLists.txt Fri Feb 5 18:45:03 2021 (r564147) @@ -1,6 +1,6 @@ --- man/CMakeLists.txt.orig 2020-10-20 11:47:42.675974000 +0200 +++ man/CMakeLists.txt 2020-10-20 13:53:03.993879000 +0200 -@@ -23,21 +23,10 @@ +@@ -23,26 +23,14 @@ # Copy man pages SET(MAN1 comp_err.1 @@ -22,6 +22,11 @@ mysqladmin.1 mysqlbinlog.1 mysqlcheck.1 + mysqldump.1 +- mysqldumpslow.1 + mysqlimport.1 + mysqlman.1 + mysqlpump.1 @@ -52,13 +41,23 @@ SET(MAN1 zlib_decompress.1 ) Modified: branches/2021Q1/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c Fri Feb 5 18:45:03 2021 (r564147) @@ -1,6 +1,51 @@ --- plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc.orig 2019-09-20 08:30:51 UTC +++ plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.cc -@@ -329,6 +329,7 @@ error: +@@ -175,7 +175,7 @@ SSL_CTX *client_ctx = NULL; + static long process_tls_version(const char *tls_version) { + const char *separator = ", "; + char *token = NULL; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2", + "TLSv1.3"}; + #else +@@ -184,7 +184,7 @@ static long process_tls_version(const char *tls_versio + #define TLS_VERSIONS_COUNTS \ + (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list)) + unsigned int tls_versions_count = TLS_VERSIONS_COUNTS; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const long tls_ctx_list[TLS_VERSIONS_COUNTS] = { + SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3}; + const char *ctx_flag_default = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"; +@@ -240,7 +240,7 @@ static int configure_ssl_algorithms( + long ssl_ctx_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + char cipher_list[SSL_CIPHER_LIST_SIZE] = {0}; + long ssl_ctx_flags = -1; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + int tlsv1_3_enabled = 0; + #endif /* HAVE_TLSv13 */ + +@@ -253,7 +253,7 @@ static int configure_ssl_algorithms( + goto error; + } + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) & + (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3); +@@ -265,7 +265,7 @@ static int configure_ssl_algorithms( + + SSL_CTX_set_options(ssl_ctx, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + tlsv1_3_enabled = ((ssl_ctx_options & SSL_OP_NO_TLSv1_3) == 0); + if (tlsv1_3_enabled) { + /* Set OpenSSL TLS v1.3 ciphersuites. +@@ -325,6 +325,7 @@ error: return 1; } @@ -8,7 +53,7 @@ #define OPENSSL_ERROR_LENGTH 512 static int configure_ssl_fips_mode(const uint fips_mode) { int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mod +@@ -348,6 +349,7 @@ static int configure_ssl_fips_mode(const uint fips_mod EXIT: return rc; } @@ -16,7 +61,7 @@ static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const c +@@ -544,10 +546,12 @@ int xcom_init_ssl(const char *server_key_file, const c int verify_server = SSL_VERIFY_NONE; int verify_client = SSL_VERIFY_NONE; @@ -29,3 +74,21 @@ SSL_library_init(); SSL_load_error_strings(); +@@ -563,7 +567,7 @@ int xcom_init_ssl(const char *server_key_file, const c + } + + G_DEBUG("Configuring SSL for the server") +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + server_ctx = SSL_CTX_new(TLS_server_method()); + #else + server_ctx = SSL_CTX_new(SSLv23_server_method()); +@@ -582,7 +586,7 @@ int xcom_init_ssl(const char *server_key_file, const c + SSL_CTX_set_verify(server_ctx, verify_server, NULL); + + G_DEBUG("Configuring SSL for the client") +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + client_ctx = SSL_CTX_new(TLS_client_method()); + #else + client_ctx = SSL_CTX_new(SSLv23_client_method()); Modified: branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_CMakeLists.txt ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_CMakeLists.txt Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_CMakeLists.txt Fri Feb 5 18:45:03 2021 (r564147) @@ -8,7 +8,15 @@ ) ELSE() INSTALL(TARGETS harness-library -@@ -240,5 +239,4 @@ INSTALL(TARGETS harness_stdx +@@ -240,7 +239,6 @@ INSTALL(TARGETS harness_stdx + RUNTIME DESTINATION ${ROUTER_INSTALL_BINDIR} COMPONENT Router + ARCHIVE DESTINATION ${ROUTER_INSTALL_LIBDIR} COMPONENT Router + LIBRARY DESTINATION ${ROUTER_INSTALL_LIBDIR} COMPONENT Router +- NAMELINK_SKIP + ) + + ## harness_tls +@@ -277,5 +275,4 @@ INSTALL(TARGETS harness_tls RUNTIME DESTINATION ${ROUTER_INSTALL_BINDIR} COMPONENT Router ARCHIVE DESTINATION ${ROUTER_INSTALL_LIBDIR} COMPONENT Router LIBRARY DESTINATION ${ROUTER_INSTALL_LIBDIR} COMPONENT Router Added: branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__client__context.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,11 @@ +--- router/src/harness/src/tls_client_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/harness/src/tls_client_context.cc +@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { + + void TlsClientContext::cipher_suites(const std::string &ciphers) { + // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites() +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) ++#ifdef TLS1_3_VERSION + if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { + throw TlsError("set-cipher-suites"); + } Added: branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__context.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,44 @@ +--- router/src/harness/src/tls_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/harness/src/tls_context.cc +@@ -91,7 +91,7 @@ static constexpr int o11x_version(TlsVersion version) + return TLS1_1_VERSION; + case TlsVersion::TLS_1_2: + return TLS1_2_VERSION; +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) ++#ifdef TLS1_3_VERSION + case TlsVersion::TLS_1_3: + return TLS1_3_VERSION; + #endif +@@ -121,9 +121,11 @@ void TlsContext::version_range(TlsVersion min_version, + default: + // unknown, leave all disabled + // fallthrough ++#ifdef TLS1_3_VERSION + case TlsVersion::TLS_1_3: + opts |= SSL_OP_NO_TLSv1_2; + // fallthrough ++#endif + case TlsVersion::TLS_1_2: + opts |= SSL_OP_NO_TLSv1_1; + // fallthrough +@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const { + return TlsVersion::TLS_1_1; + case TLS1_2_VERSION: + return TlsVersion::TLS_1_2; ++#ifdef TLS1_3_VERSION + case TLS1_3_VERSION: + return TlsVersion::TLS_1_3; ++#endif + case 0: + return TlsVersion::AUTO; + default: +@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() c + } + + int TlsContext::security_level() const { +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) ++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + return SSL_CTX_get_security_level(ssl_ctx_.get()); + #else + return 0; Added: branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql80-server/files/patch-router_src_harness_src_tls__server__context.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,12 @@ +--- router/src/harness/src/tls_server_context.cc.orig 2019-09-20 08:30:51 UTC ++++ router/src/harness/src/tls_server_context.cc +@@ -166,7 +166,8 @@ void TlsServerContext::init_tmp_dh(const std::string & + } + + } else { +-#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) ++#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + dh2048.reset(DH_get_2048_256()); + #else + /* Added: branches/2021Q1/databases/mysql80-server/files/patch-sql_item.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql80-server/files/patch-sql_item.h Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,18 @@ +--- sql/item.h.orig 2020-12-11 07:42:20 UTC ++++ sql/item.h +@@ -3380,13 +3380,13 @@ class Item_sp_variable : public Item { + Name_string m_name; + + public: +-#ifndef DBUG_OFF ++//#ifndef DBUG_OFF + /* + Routine to which this Item_splocal belongs. Used for checking if correct + runtime context is used for variable handling. + */ + sp_head *m_sp{nullptr}; +-#endif ++//#endif + + public: + Item_sp_variable(const Name_string sp_var_name); Added: branches/2021Q1/databases/mysql80-server/files/patch-ssl__init__callback.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2021Q1/databases/mysql80-server/files/patch-ssl__init__callback.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -0,0 +1,20 @@ +--- sql/ssl_init_callback.cc.orig 2020-12-11 07:42:20 UTC ++++ sql/ssl_init_callback.cc +@@ -88,7 +88,7 @@ static Sys_var_charptr Sys_tls_version( + "TLS version, permitted values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3", + PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), + CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3", + #else + "TLSv1,TLSv1.1,TLSv1.2", +@@ -154,7 +154,7 @@ static Sys_var_charptr Sys_admin_tls_version( + "TLSv1.2, TLSv1.3", + PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), + CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3", + #else + "TLSv1,TLSv1.1,TLSv1.2", Modified: branches/2021Q1/databases/mysql80-server/files/patch-vio_viosslfactories.cc ============================================================================== --- branches/2021Q1/databases/mysql80-server/files/patch-vio_viosslfactories.cc Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/files/patch-vio_viosslfactories.cc Fri Feb 5 18:45:03 2021 (r564147) @@ -1,14 +1,14 @@ --- vio/viosslfactories.cc.orig 2019-09-20 08:30:51 UTC +++ vio/viosslfactories.cc -@@ -38,6 +38,7 @@ +@@ -40,6 +40,7 @@ + #include "vio/vio_priv.h" - #ifdef HAVE_OPENSSL #include <openssl/dh.h> +#include <openssl/crypto.h> - #define TLS_VERSION_OPTION_SIZE 256 - #define SSL_CIPHER_LIST_SIZE 4096 -@@ -420,6 +421,7 @@ void ssl_start() { + #if OPENSSL_VERSION_NUMBER < 0x10002000L + #include <openssl/ec.h> +@@ -472,6 +473,7 @@ void ssl_start() { } } @@ -16,7 +16,7 @@ /** Set fips mode in openssl library, When we set fips mode ON/STRICT, it will perform following operations: -@@ -473,6 +475,7 @@ EXIT: +@@ -525,12 +527,13 @@ EXIT: @returns openssl current fips mode */ uint get_fips_mode() { return FIPS_mode(); } @@ -24,3 +24,37 @@ long process_tls_version(const char *tls_version) { const char *separator = ","; + char *token, *lasts = nullptr; + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + const char *tls_version_name_list[] = {"TLSv1", "TLSv1.1", "TLSv1.2", + "TLSv1.3"}; + const char ctx_flag_default[] = "TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"; +@@ -609,7 +612,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) & + (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET); +@@ -618,7 +621,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + return nullptr; + + if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ? +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + TLS_client_method() + : TLS_server_method() + #else /* HAVE_TLSv13 */ +@@ -633,7 +636,7 @@ static struct st_VioSSLFd *new_VioSSLFd( + return nullptr; + } + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* + Set OpenSSL TLS v1.3 ciphersuites. + Note that an empty list is permissible. Modified: branches/2021Q1/databases/mysql80-server/pkg-plist ============================================================================== --- branches/2021Q1/databases/mysql80-server/pkg-plist Fri Feb 5 18:38:50 2021 (r564146) +++ branches/2021Q1/databases/mysql80-server/pkg-plist Fri Feb 5 18:45:03 2021 (r564147) @@ -26,6 +26,8 @@ lib/mysql/libmysqlharness.so lib/mysql/libmysqlharness.so.1 lib/mysql/libmysqlharness_stdx.so lib/mysql/libmysqlharness_stdx.so.1 +lib/mysql/libmysqlharness_tls.so +lib/mysql/libmysqlharness_tls.so.1 lib/mysql/libmysqlrouter.so lib/mysql/libmysqlrouter.so.1 lib/mysql/libmysqlrouter_http.so @@ -42,12 +44,12 @@ lib/mysql/mysqlrouter/http_server.so lib/mysql/mysqlrouter/io.so lib/mysql/mysqlrouter/keepalive.so lib/mysql/mysqlrouter/metadata_cache.so -lib/mysql/mysqlrouter/mysql_protocol.so lib/mysql/mysqlrouter/rest_api.so lib/mysql/mysqlrouter/rest_metadata_cache.so lib/mysql/mysqlrouter/rest_router.so lib/mysql/mysqlrouter/rest_routing.so lib/mysql/mysqlrouter/router_protobuf.so +lib/mysql/mysqlrouter/router_openssl.so lib/mysql/mysqlrouter/routing.so lib/mysql/plugin/adt_null.so lib/mysql/plugin/auth.so @@ -64,6 +66,8 @@ lib/mysql/plugin/component_mysqlbackup.so lib/mysql/plugin/component_mysqlx_global_reset.so lib/mysql/plugin/component_pfs_example.so lib/mysql/plugin/component_pfs_example_component_population.so +lib/mysql/plugin/component_query_attributes.so +lib/mysql/plugin/component_reference_cache.so lib/mysql/plugin/component_test_audit_api_message.so lib/mysql/plugin/component_test_backup_lock_service.so lib/mysql/plugin/component_test_component_deinit.so @@ -124,6 +128,7 @@ lib/mysql/plugin/libtest_sql_processlist.so lib/mysql/plugin/libtest_sql_replication.so lib/mysql/plugin/libtest_sql_reset_connection.so lib/mysql/plugin/libtest_sql_shutdown.so +lib/mysql/plugin/libtest_sql_sleep_is_connected.so lib/mysql/plugin/libtest_sql_sqlmode.so lib/mysql/plugin/libtest_sql_stmt.so lib/mysql/plugin/libtest_sql_stored_procedures_functions.so
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102051845.115Ij3iC059751>