diff options
| author | Thomas Deutschmann <whissi@gentoo.org> | 2020-08-09 22:59:25 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-08-09 22:59:25 +0200 |
| commit | dace53dd7c5acd6588fe11e7a92a04b272bd0217 (patch) | |
| tree | defa8c5817be59dea920b7a08c6dcef4e2b8ce82 /dev-db/mysql-connector-c | |
| parent | 6b670c82939003d10b2fdce461926dd3dfa465e5 (diff) | |
| download | gentoo-dace53dd7c5acd6588fe11e7a92a04b272bd0217.tar.gz gentoo-dace53dd7c5acd6588fe11e7a92a04b272bd0217.tar.bz2 gentoo-dace53dd7c5acd6588fe11e7a92a04b272bd0217.zip | |
dev-db/mysql-connector-c: drop old
Closes: https://github.com/gentoo/gentoo/pull/17061
Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'dev-db/mysql-connector-c')
10 files changed, 0 insertions, 1305 deletions
diff --git a/dev-db/mysql-connector-c/Manifest b/dev-db/mysql-connector-c/Manifest index 73055a9d3927..d9d45dcf80e6 100644 --- a/dev-db/mysql-connector-c/Manifest +++ b/dev-db/mysql-connector-c/Manifest @@ -1,4 +1 @@ -DIST mysql-boost-8.0.19.tar.gz 264147972 BLAKE2B 61a5ccbef1a7a675c85e4e6bda8e5285bdb931e6ee14d4710bf13dfd9157d1095200db2886dc93ea7251d3d59245f35c0bef5ba88ba6aac209b1e080f3b07dc4 SHA512 5ffc03f005ab2585694902e926b6cb2b10059b2b030549eccd3949f9c3b2f02626d02529f940dec003f2d69683856fd1c720ff12f89dfbdc48befaf24a9c4d01 -DIST mysql-boost-8.0.20.tar.gz 266282970 BLAKE2B 2aeb9d6c575ed9dc2d00d3e51e6391c59ffa39156491d9ed2c07e19bb2efb88a14d5a9d4b537c137d71854e39fa3a7fc2b93618118d4fd062e92ba2d83783c6f SHA512 7a962e9ddec7069008c5ab6ac2801515e2661ca2875afc6141541c03e2f941f4255b3c0d806a4df2fd2f2f1d12323aeb1e456c1d364777a18ccebefad7b22a99 DIST mysql-boost-8.0.21.tar.gz 278292192 BLAKE2B 9e5a14d1401f58f6f620c8691d2d4d3ada122a79a4e081380050961f0add93bf32b682c60ea2a6e58f50a4fcedbd323d8efe2d5f3e1f2bba5010e201a2df5d44 SHA512 18128edd7d9604ea69bd308f372d6663ef3629503969148e3a2117175c4ef625358b31b96e0e1b8d10a87037719e3cb61d5c71eee1e26ab0e0a1731977a2d7c1 -DIST mysql-connector-c-6.1.11-src.tar.gz 3489345 BLAKE2B 813512520ef660521221565a4466e81d902629d0ee731f746b68eed2b9129ea8361fcabe184537ec8ba91aed5a4b02dfb3450b36524c2e98f81fba148eee0cf1 SHA512 271395c888a93b833e0bbe1840b9987ecdb37d0f1cf89904207cc9aa99ed32e538aee8c9529ff39b6533947159776a8f5aa079da86ed51b1d26b086f4ffdd7c6 diff --git a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch b/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch deleted file mode 100644 index cf8caedb7f1b..000000000000 --- a/dev-db/mysql-connector-c/files/20028_all_mysql-5.6-gcc7.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/sql-common/client_authentication.cc b/sql-common/client_authentication.cc -index eaeb2d4..035ecd2 100644 ---- a/sql-common/client_authentication.cc -+++ b/sql-common/client_authentication.cc -@@ -84,7 +84,7 @@ RSA *rsa_init(MYSQL *mysql) - - if (mysql->options.extension != NULL && - mysql->options.extension->server_public_key_path != NULL && -- mysql->options.extension->server_public_key_path != '\0') -+ mysql->options.extension->server_public_key_path[0] != '\0') - { - pub_key_file= fopen(mysql->options.extension->server_public_key_path, - "r"); diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch deleted file mode 100644 index 3459206e4f76..000000000000 --- a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch +++ /dev/null @@ -1,300 +0,0 @@ -From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001 -From: eroen <eroen@occam.eroen.eu> -Date: Fri, 20 Jan 2017 14:43:53 +0100 -Subject: [PATCH] Don't use deprecated API with openssl 1.1 - -If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using -deprecated APIs causes build errors. - -X-Gentoo-Bug: 606600 -X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600 ---- - mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++------------- - sql-common/client.c | 16 ++++++++++++-- - vio/viossl.c | 8 +++++++ - vio/viosslfactories.c | 23 +++++++++++++++++++ - 4 files changed, 84 insertions(+), 17 deletions(-) - -diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc -index 261ba8a..59a95e3 100644 ---- a/mysys_ssl/my_aes_openssl.cc -+++ b/mysys_ssl/my_aes_openssl.cc -@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - #include <openssl/evp.h> - #include <openssl/err.h> - #include <openssl/bio.h> -+#include <openssl/opensslv.h> -+ -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif - - /* - xplugin needs BIO_new_bio_pair, but the server does not. -@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, - enum my_aes_opmode mode, const unsigned char *iv, - bool padding) - { -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher= aes_evp_type(mode); - int u_len, f_len; - /* The real key to be used for encryption */ -@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, - if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) - return MY_AES_BAD_DATA; - -- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) -+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) - goto aes_error; /* Error */ -- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) - goto aes_error; /* Error */ -- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) -+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) - goto aes_error; /* Error */ - -- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) -+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) - goto aes_error; /* Error */ - -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return u_len + f_len; - - aes_error: - /* need to explicitly clean up the error if we want to ignore it */ - ERR_clear_error(); -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return MY_AES_BAD_DATA; - } - -@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, - bool padding) - { - -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher= aes_evp_type(mode); - int u_len, f_len; - -@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, - if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) - return MY_AES_BAD_DATA; - -- EVP_CIPHER_CTX_init(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_init(ctx); -+#endif - -- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) -+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) - goto aes_error; /* Error */ -- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) - goto aes_error; /* Error */ -- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) -+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) - goto aes_error; /* Error */ -- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) -+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) - goto aes_error; /* Error */ - -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return u_len + f_len; - - aes_error: - /* need to explicitly clean up the error if we want to ignore it */ - ERR_clear_error(); -- EVP_CIPHER_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ EVP_CIPHER_CTX_cleanup(ctx); -+#else -+ EVP_CIPHER_CTX_free(ctx); -+#endif - return MY_AES_BAD_DATA; - } - -diff --git a/sql-common/client.c b/sql-common/client.c -index 9e88e9f..fe7daf7 100644 ---- a/sql-common/client.c -+++ b/sql-common/client.c -@@ -86,6 +86,14 @@ my_bool net_flush(NET *net); - # include <sys/un.h> - #endif - -+#ifdef HAVE_OPENSSL -+#include <openssl/opensslv.h> -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif -+#endif -+ - #ifndef _WIN32 - #include <errno.h> - #define SOCKET_ERROR -1 -@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c - { - SSL *ssl; - X509 *server_cert= NULL; -- char *cn= NULL; -+ const char *cn= NULL; - int cn_loc= -1; - ASN1_STRING *cn_asn1= NULL; - X509_NAME_ENTRY *cn_entry= NULL; -@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c - goto error; - } - -- cn= (char *) ASN1_STRING_data(cn_asn1); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ cn= (const char *) ASN1_STRING_data(cn_asn1); -+#else -+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); -+#endif - - // There should not be any NULL embedded in the CN - if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) -diff --git a/vio/viossl.c b/vio/viossl.c -index 5622cb7..94b0f09 100644 ---- a/vio/viossl.c -+++ b/vio/viossl.c -@@ -24,6 +24,12 @@ - - #ifdef HAVE_OPENSSL - -+#include <openssl/opensslv.h> -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif -+ - #ifndef DBUG_OFF - - static void -@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio) - } - - #ifndef HAVE_YASSL -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_remove_thread_state(0); - #endif -+#endif - - vio_delete(vio); - } -@@ -427,7 +427,12 @@ - for (j = 0; j < n; j++) - { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); -+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ -+ DBUG_PRINT("info", -+ (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); -+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } - } - #endif -diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c -index da5449a..87b30c3 100644 ---- a/vio/viosslfactories.c -+++ b/vio/viosslfactories.c -@@ -16,6 +16,14 @@ - #include "vio_priv.h" - - #ifdef HAVE_OPENSSL -+#include <openssl/bn.h> -+#include <openssl/dh.h> -+#include <openssl/opensslv.h> -+ -+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) -+#undef OPENSSL_VERSION_NUMBER -+#define OPENSSL_VERSION_NUMBER 0x1000107fL -+#endif - - #define TLS_VERSION_OPTION_SIZE 256 - #define SSL_CIPHER_LIST_SIZE 4096 -@@ -121,10 +129,18 @@ static DH *get_dh2048(void) - DH *dh; - if ((dh=DH_new())) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if (! dh->p || ! dh->g) - { -+#else -+ if (! DH_set0_pqg(dh, -+ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL), -+ NULL, -+ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL))) -+ { -+#endif - DH_free(dh); - dh=0; - } -@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value - } openssl_lock_t; - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ - /* Array of locks used by openssl internally for thread synchronization. - The number of locks is equal to CRYPTO_num_locks. - */ -@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions() - { - set_lock_callback_functions(FALSE); - } -+#endif - - void vio_ssl_end() - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - int i= 0; - - if (ssl_initialized) { -@@ -409,6 +429,7 @@ void vio_ssl_end() - - ssl_initialized= FALSE; - } -+#endif - } - - #endif //OpenSSL specific -@@ -419,6 +440,7 @@ void ssl_start() - { - ssl_initialized= TRUE; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -@@ -427,6 +449,7 @@ void ssl_start() - init_ssl_locks(); - init_lock_callback_functions(); - #endif -+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } - } - --- -2.11.0 - diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch deleted file mode 100644 index 8fabd9952cc4..000000000000 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.17-use-relative-include-path-for-udf_registration_types-h.patch +++ /dev/null @@ -1,24 +0,0 @@ -https://bugs.gentoo.org/692644 - ---- a/include/mysql.h.pp -+++ b/include/mysql.h.pp -@@ -175,7 +175,7 @@ struct rand_struct { - unsigned long seed1, seed2, max_value; - double max_value_dbl; - }; --#include <mysql/udf_registration_types.h> -+#include "mysql/udf_registration_types.h" - enum Item_result { - INVALID_RESULT = -1, - STRING_RESULT = 0, ---- a/include/mysql_com.h -+++ b/include/mysql_com.h -@@ -1002,7 +1002,7 @@ struct rand_struct { - }; - - /* Include the types here so existing UDFs can keep compiling */ --#include <mysql/udf_registration_types.h> -+#include "mysql/udf_registration_types.h" - - /** - @addtogroup group_cs_compresson_constants Constants when using compression diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch deleted file mode 100644 index 1fc949ae8564..000000000000 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.19-libressl.patch +++ /dev/null @@ -1,297 +0,0 @@ ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -229,13 +229,14 @@ MACRO (MYSQL_CHECK_SSL) - OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" - ) - ENDIF() -- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) - ENDIF() - IF(OPENSSL_INCLUDE_DIR AND - OPENSSL_LIBRARY AND - CRYPTO_LIBRARY AND -- OPENSSL_MAJOR_VERSION STREQUAL "1" -+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" - ) - SET(OPENSSL_FOUND TRUE) - FIND_PROGRAM(OPENSSL_EXECUTABLE openssl ---- a/mysys/my_md5.cc -+++ b/mysys/my_md5.cc -@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf, - int compute_md5_hash(char *digest, const char *buf, int len) { - int retval = 0; - int fips_mode = 0; -+#ifndef LIBRESSL_VERSION_NUMBER - fips_mode = FIPS_mode(); -+#endif - /* If fips mode is ON/STRICT restricted method calls will result into abort, - * skipping call. */ - if (fips_mode == 0) { ---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -@@ -329,6 +329,7 @@ error: - return 1; - } - -+#ifndef LIBRESSL_VERSION_NUMBER - #define OPENSSL_ERROR_LENGTH 512 - static int configure_ssl_fips_mode(const uint fips_mode) { - int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) { - EXIT: - return rc; - } -+#endif - - static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, - const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, - int verify_server = SSL_VERIFY_NONE; - int verify_client = SSL_VERIFY_NONE; - -+#ifndef LIBRESSL_VERSION_NUMBER - if (configure_ssl_fips_mode(ssl_fips_mode) != 1) { - G_ERROR("Error setting the ssl fips mode"); - goto error; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); -@@ -622,7 +626,7 @@ error: - void xcom_cleanup_ssl() { - if (!xcom_use_ssl()) return; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ERR_remove_thread_state(0); - #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } ---- a/plugin/x/client/xconnection_impl.cc -+++ b/plugin/x/client/xconnection_impl.cc -@@ -520,6 +520,7 @@ XError Connection_impl::get_ssl_error(const int error_id) { - return XError(CR_SSL_CONNECTION_ERROR, buffer); - } - -+#ifndef LIBRESSL_VERSION_NUMBER - /** - Set fips mode in openssl library, - When we set fips mode ON/STRICT, it will perform following operations: -@@ -559,6 +560,7 @@ int set_fips_mode(const uint32_t fips_mode, - EXIT: - return rc; - } -+#endif - - XError Connection_impl::activate_tls() { - if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET); -@@ -569,12 +571,14 @@ XError Connection_impl::activate_tls() { - if (!m_context->m_ssl_config.is_configured()) - return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true}; - -+#ifndef LIBRESSL_VERSION_NUMBER - char err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - if (set_fips_mode( - static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode), - err_string) != 1) { - return XError{CR_SSL_CONNECTION_ERROR, err_string, true}; - } -+#endif - auto ssl_ctx_flags = process_tls_version( - details::null_when_empty(m_context->m_ssl_config.m_tls_version)); - ---- a/router/src/http/src/tls_client_context.cc -+++ b/router/src/http/src/tls_client_context.cc -@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { - - void TlsClientContext::cipher_suites(const std::string &ciphers) { - // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites() --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { - throw TlsError("set-cipher-suites"); - } ---- a/router/src/http/src/tls_context.cc -+++ b/router/src/http/src/tls_context.cc -@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) { - return TLS1_1_VERSION; - case TlsVersion::TLS_1_2: - return TLS1_2_VERSION; --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - case TlsVersion::TLS_1_3: - return TLS1_3_VERSION; - #endif -@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) { - switch (min_version) { - default: - // unknown, leave all disabled -+#ifdef TLS1_3_VERSION - // fallthrough - case TlsVersion::TLS_1_3: - opts |= SSL_OP_NO_TLSv1_2; -+#endif - // fallthrough - case TlsVersion::TLS_1_2: - opts |= SSL_OP_NO_TLSv1_1; -@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const { - return TlsVersion::TLS_1_1; - case TLS1_2_VERSION: - return TlsVersion::TLS_1_2; -+#ifdef TLS1_3_VERSION - case TLS1_3_VERSION: - return TlsVersion::TLS_1_3; -+#endif - case 0: - return TlsVersion::AUTO; - default: -@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const { - } - - int TlsContext::security_level() const { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - return SSL_CTX_get_security_level(ssl_ctx_.get()); - #else - return 0; ---- a/router/src/http/src/tls_server_context.cc -+++ b/router/src/http/src/tls_server_context.cc -@@ -166,7 +166,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) { - } - - } else { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - dh2048.reset(DH_get_2048_256()); - #else - /* ---- a/sql-common/client.cc -+++ b/sql-common/client.cc -@@ -7730,7 +7730,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, - #endif - break; - case MYSQL_OPT_SSL_FIPS_MODE: { --#if defined(HAVE_OPENSSL) -+#if defined(HAVE_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - ENSURE_EXTENSIONS_PRESENT(&mysql->options); - mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg); ---- a/sql/mysqld.cc -+++ b/sql/mysqld.cc -@@ -4818,7 +4818,7 @@ static int init_thread_environment() { - - static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define FILE_LINE_ARGS - #else - #define FILE_LINE_ARGS , const char *, int -@@ -4854,12 +4854,14 @@ static void init_ssl() { - } - - static int init_ssl_communication() { -+#ifndef LIBRESSL_VERSION_NUMBER - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - int ret_fips_mode = set_fips_mode(opt_ssl_fips_mode, ssl_err_string); - if (ret_fips_mode != 1) { - LogErr(ERROR_LEVEL, ER_SSL_FIPS_MODE_ERROR, ssl_err_string); - return 1; - } -+#endif - if (SslAcceptorContext::singleton_init(opt_use_ssl)) return 1; - - #if OPENSSL_VERSION_NUMBER < 0x10100000L ---- a/sql/sys_vars.cc -+++ b/sql/sys_vars.cc -@@ -4417,6 +4417,7 @@ static Sys_var_ulong Sys_max_execution_time( - HINT_UPDATEABLE SESSION_VAR(max_execution_time), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1)); - -+#ifndef LIBRESSL_VERSION_NUMBER - static bool update_fips_mode(sys_var *, THD *, enum_var_type) { - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - if (set_fips_mode(opt_ssl_fips_mode, ssl_err_string) != 1) { -@@ -4427,15 +4428,30 @@ static bool update_fips_mode(sys_var *, THD *, enum_var_type) { - return false; - } - } -+#endif - -+#if defined(LIBRESSL_VERSION_NUMBER) -+static const char *ssl_fips_mode_names[] = {"OFF", 0}; -+#else - static const char *ssl_fips_mode_names[] = {"OFF", "ON", "STRICT", 0}; -+#endif - static Sys_var_enum Sys_ssl_fips_mode( - "ssl_fips_mode", - "SSL FIPS mode (applies only for OpenSSL); " -+#ifndef LIBRESSL_VERSION_NUMBER - "permitted values are: OFF, ON, STRICT", -+#else -+ "permitted values are: OFF", -+#endif - GLOBAL_VAR(opt_ssl_fips_mode), CMD_LINE(REQUIRED_ARG, OPT_SSL_FIPS_MODE), - ssl_fips_mode_names, DEFAULT(0), NO_MUTEX_GUARD, NOT_IN_BINLOG, -- ON_CHECK(NULL), ON_UPDATE(update_fips_mode), NULL); -+ ON_CHECK(NULL), -+#ifndef LIBRESSL_VERSION_NUMBER -+ ON_UPDATE(update_fips_mode), -+#else -+ ON_UPDATE(NULL), -+#endif -+ NULL); - - #if defined(HAVE_OPENSSL) - static Sys_var_bool Sys_auto_generate_certs( ---- a/vio/viossl.cc -+++ b/vio/viossl.cc -@@ -45,7 +45,7 @@ - BIO_set_callback_ex was added in openSSL 1.1.1 - For older openSSL, use the deprecated BIO_set_callback. - */ --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - #define HAVE_BIO_SET_CALLBACK_EX - #endif - -@@ -637,7 +637,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, - #if !defined(DBUG_OFF) - { - STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; -- ssl_comp_methods = SSL_COMP_get_compression_methods(); -+ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods(); - n = sk_SSL_COMP_num(ssl_comp_methods); - DBUG_PRINT("info", ("Available compression methods:\n")); - if (n == 0) -@@ -645,7 +645,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, - else - for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); - #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - DBUG_PRINT("info", ---- a/vio/viosslfactories.cc -+++ b/vio/viosslfactories.cc -@@ -420,6 +420,7 @@ void ssl_start() { - } - } - -+#ifndef LIBRESSL_VERSION_NUMBER - /** - Set fips mode in openssl library, - When we set fips mode ON/STRICT, it will perform following operations: -@@ -473,6 +474,7 @@ EXIT: - @returns openssl current fips mode - */ - uint get_fips_mode() { return FIPS_mode(); } -+#endif - - long process_tls_version(const char *tls_version) { - const char *separator = ","; diff --git a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch b/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch deleted file mode 100644 index 88f32419239a..000000000000 --- a/dev-db/mysql-connector-c/files/mysql-connector-c-8.0.20-libressl.patch +++ /dev/null @@ -1,332 +0,0 @@ -From 2108922a8292d74874ede834158c208d81c3cf76 Mon Sep 17 00:00:00 2001 -From: Thomas Deutschmann <whissi@gentoo.org> -Date: Thu, 30 Apr 2020 20:01:48 +0200 -Subject: [PATCH 5/5] Add LibreSSL support - -Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ---- - cmake/ssl.cmake | 5 +++-- - mysys/my_md5.cc | 2 ++ - .../bindings/xcom/xcom/xcom_ssl_transport.c | 6 +++++- - plugin/x/client/xconnection_impl.cc | 4 ++++ - router/src/http/src/tls_client_context.cc | 2 +- - router/src/http/src/tls_context.cc | 9 ++++++-- - router/src/http/src/tls_server_context.cc | 3 ++- - sql-common/client.cc | 2 ++ - sql/mysqld.cc | 4 +++- - sql/sys_vars.cc | 21 +++++++++++++++++-- - vio/viossl.cc | 8 +++---- - vio/viosslfactories.cc | 2 ++ - 12 files changed, 54 insertions(+), 14 deletions(-) - ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -222,13 +222,14 @@ MACRO (MYSQL_CHECK_SSL) - OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" - ) - ENDIF() -- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) - ADD_DEFINITIONS(-DHAVE_TLSv13) - ENDIF() - IF(OPENSSL_INCLUDE_DIR AND - OPENSSL_LIBRARY AND - CRYPTO_LIBRARY AND -- OPENSSL_MAJOR_VERSION STREQUAL "1" -+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" - ) - SET(OPENSSL_FOUND TRUE) - FIND_PROGRAM(OPENSSL_EXECUTABLE openssl ---- a/mysys/my_md5.cc -+++ b/mysys/my_md5.cc -@@ -56,7 +56,9 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf, - int compute_md5_hash(char *digest, const char *buf, int len) { - int retval = 0; - int fips_mode = 0; -+#ifndef LIBRESSL_VERSION_NUMBER - fips_mode = FIPS_mode(); -+#endif - /* If fips mode is ON/STRICT restricted method calls will result into abort, - * skipping call. */ - if (fips_mode == 0) { ---- a/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -+++ b/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c -@@ -329,6 +329,7 @@ error: - return 1; - } - -+#ifndef LIBRESSL_VERSION_NUMBER - #define OPENSSL_ERROR_LENGTH 512 - static int configure_ssl_fips_mode(const uint fips_mode) { - int rc = -1; -@@ -352,6 +353,7 @@ static int configure_ssl_fips_mode(const uint fips_mode) { - EXIT: - return rc; - } -+#endif - - static int configure_ssl_ca(SSL_CTX *ssl_ctx, const char *ca_file, - const char *ca_path) { -@@ -555,10 +557,12 @@ int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, - int verify_server = SSL_VERIFY_NONE; - int verify_client = SSL_VERIFY_NONE; - -+#ifndef LIBRESSL_VERSION_NUMBER - if (configure_ssl_fips_mode(ssl_fips_mode) != 1) { - G_ERROR("Error setting the ssl fips mode"); - goto error; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); -@@ -622,7 +626,7 @@ error: - void xcom_cleanup_ssl() { - if (!xcom_use_ssl()) return; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ERR_remove_thread_state(0); - #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - } ---- a/plugin/x/client/xconnection_impl.cc -+++ b/plugin/x/client/xconnection_impl.cc -@@ -511,6 +511,7 @@ XError Connection_impl::get_ssl_error(const int error_id) { - return XError(CR_SSL_CONNECTION_ERROR, buffer); - } - -+#ifndef LIBRESSL_VERSION_NUMBER - /** - Set fips mode in openssl library, - When we set fips mode ON/STRICT, it will perform following operations: -@@ -550,6 +551,7 @@ int set_fips_mode(const uint32_t fips_mode, - EXIT: - return rc; - } -+#endif - - XError Connection_impl::activate_tls() { - if (nullptr == m_vio) return get_socket_error(SOCKET_ECONNRESET); -@@ -560,12 +562,14 @@ XError Connection_impl::activate_tls() { - if (!m_context->m_ssl_config.is_configured()) - return XError{CR_SSL_CONNECTION_ERROR, ER_TEXT_TLS_NOT_CONFIGURATED, true}; - -+#ifndef LIBRESSL_VERSION_NUMBER - char err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - if (set_fips_mode( - static_cast<uint32_t>(m_context->m_ssl_config.m_ssl_fips_mode), - err_string) != 1) { - return XError{CR_SSL_CONNECTION_ERROR, err_string, true}; - } -+#endif - auto ssl_ctx_flags = process_tls_version( - details::null_when_empty(m_context->m_ssl_config.m_tls_version)); - ---- a/router/src/http/src/tls_client_context.cc -+++ b/router/src/http/src/tls_client_context.cc -@@ -54,7 +54,7 @@ void TlsClientContext::verify(TlsVerify verify) { - - void TlsClientContext::cipher_suites(const std::string &ciphers) { - // TLSv1.3 ciphers are controlled via SSL_CTX_set_ciphersuites() --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - if (1 != SSL_CTX_set_ciphersuites(ssl_ctx_.get(), ciphers.c_str())) { - throw TlsError("set-cipher-suites"); - } ---- a/router/src/http/src/tls_context.cc -+++ b/router/src/http/src/tls_context.cc -@@ -91,7 +91,7 @@ static int o11x_version(TlsVersion version) { - return TLS1_1_VERSION; - case TlsVersion::TLS_1_2: - return TLS1_2_VERSION; --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 1) -+#ifdef TLS1_3_VERSION - case TlsVersion::TLS_1_3: - return TLS1_3_VERSION; - #endif -@@ -120,9 +120,11 @@ void TlsContext::version_range(TlsVersion min_version, TlsVersion max_version) { - switch (min_version) { - default: - // unknown, leave all disabled -+#ifdef TLS1_3_VERSION - // fallthrough - case TlsVersion::TLS_1_3: - opts |= SSL_OP_NO_TLSv1_2; -+#endif - // fallthrough - case TlsVersion::TLS_1_2: - opts |= SSL_OP_NO_TLSv1_1; -@@ -170,8 +172,10 @@ TlsVersion TlsContext::min_version() const { - return TlsVersion::TLS_1_1; - case TLS1_2_VERSION: - return TlsVersion::TLS_1_2; -+#ifdef TLS1_3_VERSION - case TLS1_3_VERSION: - return TlsVersion::TLS_1_3; -+#endif - case 0: - return TlsVersion::AUTO; - default: -@@ -230,7 +234,8 @@ TlsContext::InfoCallback TlsContext::info_callback() const { - } - - int TlsContext::security_level() const { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - return SSL_CTX_get_security_level(ssl_ctx_.get()); - #else - return 0; ---- a/router/src/http/src/tls_server_context.cc -+++ b/router/src/http/src/tls_server_context.cc -@@ -167,7 +167,8 @@ void TlsServerContext::init_tmp_dh(const std::string &dh_params) { - } - - } else { --#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) -+#if OPENSSL_VERSION_NUMBER >= ROUTER_OPENSSL_VERSION(1, 1, 0) && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - dh2048.reset(DH_get_2048_256()); - #else - /* ---- a/sql-common/client.cc -+++ b/sql-common/client.cc -@@ -7752,6 +7752,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, - return 1; - break; - case MYSQL_OPT_SSL_FIPS_MODE: { -+#if !defined(LIBRESSL_VERSION_NUMBER) - char ssl_err_string[OPENSSL_ERROR_LENGTH] = {'\0'}; - ENSURE_EXTENSIONS_PRESENT(&mysql->options); - mysql->options.extension->ssl_fips_mode = *static_cast<const uint *>(arg); -@@ -7763,6 +7764,7 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, - "Set Fips mode ON/STRICT failed, detail: '%s'.", ssl_err_string); - return 1; - } -+#endif - } break; - case MYSQL_OPT_SSL_MODE: - ENSURE_EXTENSIONS_PRESENT(&mysql->options); ---- a/sql/mysqld.cc -+++ b/sql/mysqld.cc -@@ -4857,7 +4857,7 @@ static int init_thread_environment() { - - static PSI_memory_key key_memory_openssl = PSI_NOT_INSTRUMENTED; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - #define FILE_LINE_ARGS - #else - #define FILE_LINE_ARGS , const char *, |