From ac5429b4979b8cc0e5b2a2d25d4445506ae0b24d Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Tue, 26 May 2020 11:04:24 +0000 Subject: [PATCH] databases/percona57-{client, server}: update to 5.7.30-33 release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bugs Fixed: PS-6979: Modify the processing to call clean up functions to remove CREATE USER statement from the processlist after the statement has completed (Upstream #99200) PS-6860: Merge innodb_buffer_pool_pages_LRU_flushed into buf_get_total_stat() PS-6811: Correct service failure of asserting ACL_PROXY_USER when skip-name-resolve=1 and there is a Proxy user (Upstream #98908) PS-6112: Correct Binlog_snapshot_gtid inconsistency when mysqldump was used with –single-transaction. PS-6945: Correct tokubackup plugin process exported API to allow large file backups. PS-6856: Correct binlogs corruptions in PS 5.7.28 and 5.7.29 (Upstream #97531) PS-6946: Correct tokubackup processing to free memory use from the address and thread sanitizers PS-5893: Add support for running multiple instances with systemD on Debian. PS-5620: Modify Docker image to support supplying custom TLS certificates PS-4573: Implement use of a single config file - mysqld.cnf file. PS-7041: Correct Compilation error when -DWITH_EDITLINE=bundled is used PS-7020: Modify MTR tests for Ubuntu 20.04 to include python2 (python 2.6 or higher) and python3 PS-6974: Correct instability in the rocksdb.drop_cf_* tests PS-6969: Correct instability in the rocksdb.index_stats_large_table PS-6954: Correct tokudb-backup-plugin to avoid collision between -std=c++11 and -std=gnu++03. PS-6925: Correct mismatched default socket values for mysqld and mysqld_safe PS-6899: Correct main.events_bugs and main.events_1 to interpret date 01-01-2020 properly (Upstream #98860) PS-6796: Correct instability in percona_changed_page_bmp_shutdown_thread PS-6773: Initialize values in sha256_password_authenticate (Upstream #98223) PS-5844: Fix a memory leak after ‘innodb.alter_crash’ in ‘prepare_inplace_alter_table_dict()’ (Upstream #96472) PS-5735: Correct 5.7 package to install the charsets on CentOS 7 PS-4757: Remove CHECK_IF_CURL_DEPENDS_ON_RTMP to build keyring_vault for unconditional test PS-4649: Document PerconaFT in TokuDB which is fractal tree indexing to enhance the B-tree data structure MFH: 2020Q2 Relnotes: https://www.percona.com/doc/percona-server/5.7/release-notes/Percona-Server-5.7.30-33.html Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server) Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client) --- .../files/patch-client__mysql.cc | 22 ++++++++--- .../files/patch-cmake_ssl.cmake | 12 +++--- .../files/patch-include_my__openssl.h | 11 ++++++ .../files/patch-mysys__ssl_my__crypt.cc | 22 ++++++++++- .../percona57-client/files/patch-vio_viossl.c | 20 ++++++++++ .../files/patch-vio_viosslfactories.c | 38 ++++++++++++++++++- databases/percona57-server/Makefile | 6 ++- databases/percona57-server/distinfo | 6 +-- .../files/patch-cmake_ssl.cmake | 12 +++--- .../files/patch-include_my__openssl.h | 11 ++++++ .../files/patch-mysys__ssl_my__crypt.cc | 22 ++++++++++- ...rc_bindings_xcom_xcom_xcom_ssl_transport.c | 37 ++++++++++++++++++ .../patch-storage_rocksdb_CMakeLists.txt | 24 +++++++++--- .../percona57-server/files/patch-vio_viossl.c | 20 ++++++++++ .../files/patch-vio_viosslfactories.c | 38 ++++++++++++++++++- 15 files changed, 264 insertions(+), 37 deletions(-) create mode 100644 databases/percona57-client/files/patch-include_my__openssl.h create mode 100644 databases/percona57-client/files/patch-vio_viossl.c create mode 100644 databases/percona57-server/files/patch-include_my__openssl.h create mode 100644 databases/percona57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c create mode 100644 databases/percona57-server/files/patch-vio_viossl.c diff --git a/databases/percona57-client/files/patch-client__mysql.cc b/databases/percona57-client/files/patch-client__mysql.cc index a3717a4dbf26..cfa890924934 100644 --- a/databases/percona57-client/files/patch-client__mysql.cc +++ b/databases/percona57-client/files/patch-client__mysql.cc @@ -14,17 +14,27 @@ MYSQL_SERVER_VERSION, SYSTEM_TYPE, MACHINE_TYPE); #endif -@@ -2865,9 +2865,11 @@ static void initialize_readline (char *name) - rl_add_defun("magic-space", (rl_command_func_t *)&fake_magic_space, -1); +y@@ -2858,15 +2858,18 @@ static void initialize_readline (char *name) + + /* Tell the completer that we want a crack first. */ + #if defined(USE_NEW_XLINE_INTERFACE) +- rl_attempted_completion_function= &new_mysql_completion; +- rl_completion_entry_function= &no_completion; +- ++ rl_attempted_completion_function= (rl_completion_func_t*)&new_mysql_completion; ++ rl_completion_entry_function= (rl_compentry_func_t*)&no_completion; ++/* + rl_add_defun("magic-space", &fake_magic_space, -1); ++*/ #elif defined(USE_LIBEDIT_INTERFACE) setlocale(LC_ALL,""); /* so as libedit use isprint */ -- rl_attempted_completion_function= (CPPFunction*)&new_mysql_completion; +- rl_attempted_completion_function= &new_mysql_completion; - rl_completion_entry_function= &no_completion; + rl_attempted_completion_function= (rl_completion_func_t*)&new_mysql_completion; + rl_completion_entry_function= (rl_compentry_func_t*)&no_completion; -+ /* - rl_add_defun("magic-space", (Function*)&fake_magic_space, -1); -+ */ ++/* + rl_add_defun("magic-space", &fake_magic_space, -1); ++*/ #else rl_attempted_completion_function= (CPPFunction*)&new_mysql_completion; rl_completion_entry_function= &no_completion; diff --git a/databases/percona57-client/files/patch-cmake_ssl.cmake b/databases/percona57-client/files/patch-cmake_ssl.cmake index d32169c23961..4dfe79fa311b 100644 --- a/databases/percona57-client/files/patch-cmake_ssl.cmake +++ b/databases/percona57-client/files/patch-cmake_ssl.cmake @@ -1,16 +1,16 @@ --- cmake/ssl.cmake.orig 2019-11-09 00:33:40.000000000 +1000 +++ cmake/ssl.cmake 2019-12-13 23:08:53.686402000 +1000 -@@ -189,7 +189,8 @@ MACRO (MYSQL_CHECK_SSL) - OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" - ) - ENDIF() -- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL) + ) + SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") + +- IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) ADD_DEFINITIONS(-DHAVE_TLSv13) SET(HAVE_TLSv13 1) IF(SOLARIS) -@@ -198,8 +199,7 @@ MACRO (MYSQL_CHECK_SSL) +@@ -202,8 +203,7 @@ MACRO (MYSQL_CHECK_SSL) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND diff --git a/databases/percona57-client/files/patch-include_my__openssl.h b/databases/percona57-client/files/patch-include_my__openssl.h new file mode 100644 index 000000000000..43ddb2935038 --- /dev/null +++ b/databases/percona57-client/files/patch-include_my__openssl.h @@ -0,0 +1,11 @@ +--- include/my_openssl.h.orig 2020-03-23 17:35:17 UTC ++++ include/my_openssl.h +@@ -51,7 +51,7 @@ extern "C" { + */ + static inline int mysql_OPENSSL_init() + { +-#if defined(HAVE_STATIC_OPENSSL) ++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) + return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); + #else + return SSL_library_init(); diff --git a/databases/percona57-client/files/patch-mysys__ssl_my__crypt.cc b/databases/percona57-client/files/patch-mysys__ssl_my__crypt.cc index 56a64a6300a5..453c89a71c12 100644 --- a/databases/percona57-client/files/patch-mysys__ssl_my__crypt.cc +++ b/databases/percona57-client/files/patch-mysys__ssl_my__crypt.cc @@ -1,6 +1,6 @@ --- mysys_ssl/my_crypt.cc.orig 2019-05-16 05:06:00 UTC +++ mysys_ssl/my_crypt.cc -@@ -30,7 +30,7 @@ +@@ -26,7 +26,7 @@ #include #include @@ -9,7 +9,16 @@ #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) #define RAND_OpenSSL() RAND_SSLeay() #endif -@@ -95,7 +95,8 @@ MyEncryptionCTX::MyEncryptionCTX() +@@ -80,7 +80,7 @@ class MyEncryptionCTX : private boost::noncopyable (pr + + MyEncryptionCTX::MyEncryptionCTX() + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ctx= new EVP_CIPHER_CTX(); + EVP_CIPHER_CTX_init(ctx); + #else +@@ -91,7 +91,8 @@ MyEncryptionCTX::MyEncryptionCTX() MyEncryptionCTX::~MyEncryptionCTX() { @@ -19,3 +28,12 @@ EVP_CIPHER_CTX_cleanup(ctx); delete ctx; ERR_remove_thread_state(0); +@@ -340,7 +341,7 @@ int my_aes_crypt(const my_aes_mode mode, int flags, + res2= my_aes_crypt_finish(ctx, dst + d1, &d2); + if (res1 || res2) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* in case of failure clear error queue */ + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ diff --git a/databases/percona57-client/files/patch-vio_viossl.c b/databases/percona57-client/files/patch-vio_viossl.c new file mode 100644 index 000000000000..39bcb6b765b5 --- /dev/null +++ b/databases/percona57-client/files/patch-vio_viossl.c @@ -0,0 +1,20 @@ +--- vio/viossl.c.orig 2020-05-13 20:59:55 UTC ++++ vio/viossl.c +@@ -396,7 +396,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + #if !defined(DBUG_OFF) + { + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; +- ssl_comp_methods = SSL_COMP_get_compression_methods(); ++ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods(); + n= sk_SSL_COMP_num(ssl_comp_methods); + DBUG_PRINT("info", ("Available compression methods:\n")); + if (n == 0) +@@ -405,7 +405,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + for (j = 0; j < n; j++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); diff --git a/databases/percona57-client/files/patch-vio_viosslfactories.c b/databases/percona57-client/files/patch-vio_viosslfactories.c index 35fadb4c302e..b37d41d49108 100644 --- a/databases/percona57-client/files/patch-vio_viosslfactories.c +++ b/databases/percona57-client/files/patch-vio_viosslfactories.c @@ -1,6 +1,6 @@ ---- vio/viosslfactories.c.orig 2019-05-16 05:06:00 UTC +--- vio/viosslfactories.c.orig 2020-05-13 20:59:55 UTC +++ vio/viosslfactories.c -@@ -123,7 +123,7 @@ static DH *get_dh2048(void) +@@ -126,7 +126,7 @@ static DH *get_dh2048(void) { BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); @@ -9,3 +9,37 @@ dh->p= p; dh->g= g; if (! dh->p || ! dh->g) +@@ -500,7 +500,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ; +@@ -536,7 +536,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET +@@ -557,6 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + } + ++#ifndef LIBRESSL_VERSION_NUMBER + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + + #ifdef HAVE_TLSv13 +@@ -573,6 +574,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + } + #endif /* HAVE_TLSv13 */ ++#endif /* LIBRESSL_VERSION_NUMBER */ + + /* + We explicitly prohibit weak ciphers. diff --git a/databases/percona57-server/Makefile b/databases/percona57-server/Makefile index 62ddca8a2e58..ed63927d9fc8 100644 --- a/databases/percona57-server/Makefile +++ b/databases/percona57-server/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME?= percona -DISTVERSION= 5.7.29-32 +DISTVERSION= 5.7.30-33 PORTREVISION?= 0 CATEGORIES= databases MASTER_SITES= http://www.percona.com/downloads/Percona-Server-5.7/Percona-Server-${DISTVERSION}/source/tarball/:percona \ @@ -16,6 +16,9 @@ MAINTAINER= fluffy@FreeBSD.org COMMENT?= Multithreaded SQL database (server) LICENSE?= GPLv2+ +LICENSE_FILE= ${WRKSRC}/LICENSE + +CPE_VENDOR= percona LIB_DEPENDS= libevent.so:devel/libevent \ liblz4.so:archivers/liblz4 \ @@ -172,7 +175,6 @@ MY_SSL= system MY_SSL= ${OPENSSLBASE} .endif - .if ${PORT_OPTIONS:MTOKUDB} NOT_FOR_ARCHS= i386 NOT_FOR_ARCHS_REASON= TokuDB not supported on 32-bit platforms, see \ diff --git a/databases/percona57-server/distinfo b/databases/percona57-server/distinfo index ed134b974562..86c3a02e8bd9 100644 --- a/databases/percona57-server/distinfo +++ b/databases/percona57-server/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1582802737 -SHA256 (percona-server-5.7.29-32.tar.gz) = e3a7e6a0d966e41f62645f88cfbc75e052756f6ab45bd8b981343a0d9f5c3aa4 -SIZE (percona-server-5.7.29-32.tar.gz) = 84750473 +TIMESTAMP = 1590380978 +SHA256 (percona-server-5.7.30-33.tar.gz) = 93c7d82a95549696aedc41a4d74d888eae86c042f27bdc72f9a1f92fc76ecae0 +SIZE (percona-server-5.7.30-33.tar.gz) = 85909418 SHA256 (boost_1_59_0.tar.gz) = 47f11c8844e579d02691a607fbd32540104a9ac7a2534a8ddaef50daf502baac SIZE (boost_1_59_0.tar.gz) = 83709983 diff --git a/databases/percona57-server/files/patch-cmake_ssl.cmake b/databases/percona57-server/files/patch-cmake_ssl.cmake index d32169c23961..4dfe79fa311b 100644 --- a/databases/percona57-server/files/patch-cmake_ssl.cmake +++ b/databases/percona57-server/files/patch-cmake_ssl.cmake @@ -1,16 +1,16 @@ --- cmake/ssl.cmake.orig 2019-11-09 00:33:40.000000000 +1000 +++ cmake/ssl.cmake 2019-12-13 23:08:53.686402000 +1000 -@@ -189,7 +189,8 @@ MACRO (MYSQL_CHECK_SSL) - OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}" - ) - ENDIF() -- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0") +@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL) + ) + SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") + +- IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") + CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) + IF(HAVE_TLS1_3_VERSION) ADD_DEFINITIONS(-DHAVE_TLSv13) SET(HAVE_TLSv13 1) IF(SOLARIS) -@@ -198,8 +199,7 @@ MACRO (MYSQL_CHECK_SSL) +@@ -202,8 +203,7 @@ MACRO (MYSQL_CHECK_SSL) ENDIF() IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARY AND diff --git a/databases/percona57-server/files/patch-include_my__openssl.h b/databases/percona57-server/files/patch-include_my__openssl.h new file mode 100644 index 000000000000..43ddb2935038 --- /dev/null +++ b/databases/percona57-server/files/patch-include_my__openssl.h @@ -0,0 +1,11 @@ +--- include/my_openssl.h.orig 2020-03-23 17:35:17 UTC ++++ include/my_openssl.h +@@ -51,7 +51,7 @@ extern "C" { + */ + static inline int mysql_OPENSSL_init() + { +-#if defined(HAVE_STATIC_OPENSSL) ++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) + return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); + #else + return SSL_library_init(); diff --git a/databases/percona57-server/files/patch-mysys__ssl_my__crypt.cc b/databases/percona57-server/files/patch-mysys__ssl_my__crypt.cc index 56a64a6300a5..453c89a71c12 100644 --- a/databases/percona57-server/files/patch-mysys__ssl_my__crypt.cc +++ b/databases/percona57-server/files/patch-mysys__ssl_my__crypt.cc @@ -1,6 +1,6 @@ --- mysys_ssl/my_crypt.cc.orig 2019-05-16 05:06:00 UTC +++ mysys_ssl/my_crypt.cc -@@ -30,7 +30,7 @@ +@@ -26,7 +26,7 @@ #include #include @@ -9,7 +9,16 @@ #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) #define RAND_OpenSSL() RAND_SSLeay() #endif -@@ -95,7 +95,8 @@ MyEncryptionCTX::MyEncryptionCTX() +@@ -80,7 +80,7 @@ class MyEncryptionCTX : private boost::noncopyable (pr + + MyEncryptionCTX::MyEncryptionCTX() + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ctx= new EVP_CIPHER_CTX(); + EVP_CIPHER_CTX_init(ctx); + #else +@@ -91,7 +91,8 @@ MyEncryptionCTX::MyEncryptionCTX() MyEncryptionCTX::~MyEncryptionCTX() { @@ -19,3 +28,12 @@ EVP_CIPHER_CTX_cleanup(ctx); delete ctx; ERR_remove_thread_state(0); +@@ -340,7 +341,7 @@ int my_aes_crypt(const my_aes_mode mode, int flags, + res2= my_aes_crypt_finish(ctx, dst + d1, &d2); + if (res1 || res2) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* in case of failure clear error queue */ + ERR_remove_thread_state(0); + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ diff --git a/databases/percona57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c b/databases/percona57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c new file mode 100644 index 000000000000..f4cadfc93dff --- /dev/null +++ b/databases/percona57-server/files/patch-rapid_plugin_group_replication_libmysqlgcs_src_bindings_xcom_xcom_xcom_ssl_transport.c @@ -0,0 +1,37 @@ +--- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig 2020-03-23 17:35:17 UTC ++++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c +@@ -230,7 +230,7 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, + const char* tls_version) + { + DH *dh= NULL; +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* We support TLS up to 1.2, so explicitly disable TLS 1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3; + #else +@@ -255,14 +255,14 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ); + + SSL_CTX_set_options(ssl_ctx, ssl_ctx_options); + +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + /* We do not support TLS 1.3. + Setting empty TLS 1.3 ciphersuites disables them. */ + if (SSL_CTX_set_ciphersuites(ssl_ctx, "") == 0) +@@ -527,7 +527,7 @@ int xcom_init_ssl(const char *server_key_file, const c + break e.g. ODBC clients (if the client also uses SSL). + */ + +-#if defined(HAVE_STATIC_OPENSSL) ++#if defined(HAVE_STATIC_OPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); + #else + SSL_library_init(); diff --git a/databases/percona57-server/files/patch-storage_rocksdb_CMakeLists.txt b/databases/percona57-server/files/patch-storage_rocksdb_CMakeLists.txt index b5d718c2fa2e..83311674583d 100644 --- a/databases/percona57-server/files/patch-storage_rocksdb_CMakeLists.txt +++ b/databases/percona57-server/files/patch-storage_rocksdb_CMakeLists.txt @@ -1,6 +1,6 @@ --- storage/rocksdb/CMakeLists.txt.orig 2019-05-16 05:06:00 UTC +++ storage/rocksdb/CMakeLists.txt -@@ -23,8 +23,8 @@ +@@ -23,8 +23,8 @@ ELSE () ENDIF () # check platform support, no 32 bit @@ -11,7 +11,7 @@ RETURN () ENDIF () -@@ -119,38 +119,11 @@ EXECUTE_PROCESS( +@@ -111,50 +111,11 @@ EXECUTE_PROCESS( # split the list into lines STRING(REGEX MATCHALL "[^\n]+" ROCKSDB_LIB_SOURCES ${SCRIPT_OUTPUT}) @@ -28,12 +28,24 @@ - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/threading.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/xxhash.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common/zstd_common.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress_literals.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress_sequences.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_double_fast.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_fast.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_lazy.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_ldm.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_opt.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/hist.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/fse_compress.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/huf_compress.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstd_compress.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/compress/zstdmt_compress.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/huf_decompress.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_decompress.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_decompress_block.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/decompress/zstd_ddict.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/cover.c +- ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/fastcover.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/divsufsort.c - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/dictBuilder/zdict.c -) @@ -42,7 +54,7 @@ ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/include ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/include/rocksdb - ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/third-party/gtest-1.7.0/fused-src + ${CMAKE_CURRENT_SOURCE_DIR}/rocksdb/third-party/gtest-1.8.1/fused-src - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/lz4/lib - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib - ${CMAKE_CURRENT_SOURCE_DIR}/third_party/zstd/lib/common @@ -50,12 +62,12 @@ ) ADD_DEFINITIONS(-DROCKSDB_PLATFORM_POSIX -DROCKSDB_LIB_IO_POSIX -DZLIB -DLZ4 -@@ -183,7 +156,7 @@ SET(ROCKSDB_SOURCES +@@ -188,7 +149,7 @@ SET(ROCKSDB_SOURCES ${ROCKSDB_LIB_SOURCES} ) --SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt") -+SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt -llz4 -lzstd") +-SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt" "-ldl") ++SET(rocksdb_static_libs ${rocksdb_static_libs} ${ZLIB_LIBRARY} "-lrt" "-ldl -llz4 -lzstd") MYSQL_ADD_PLUGIN(rocksdb ${ROCKSDB_SOURCES} STORAGE_ENGINE DEFAULT MODULE_ONLY LINK_LIBRARIES ${rocksdb_static_libs} diff --git a/databases/percona57-server/files/patch-vio_viossl.c b/databases/percona57-server/files/patch-vio_viossl.c new file mode 100644 index 000000000000..39bcb6b765b5 --- /dev/null +++ b/databases/percona57-server/files/patch-vio_viossl.c @@ -0,0 +1,20 @@ +--- vio/viossl.c.orig 2020-05-13 20:59:55 UTC ++++ vio/viossl.c +@@ -396,7 +396,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + #if !defined(DBUG_OFF) + { + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; +- ssl_comp_methods = SSL_COMP_get_compression_methods(); ++ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods(); + n= sk_SSL_COMP_num(ssl_comp_methods); + DBUG_PRINT("info", ("Available compression methods:\n")); + if (n == 0) +@@ -405,7 +405,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, + for (j = 0; j < n; j++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); + #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); diff --git a/databases/percona57-server/files/patch-vio_viosslfactories.c b/databases/percona57-server/files/patch-vio_viosslfactories.c index 35fadb4c302e..b37d41d49108 100644 --- a/databases/percona57-server/files/patch-vio_viosslfactories.c +++ b/databases/percona57-server/files/patch-vio_viosslfactories.c @@ -1,6 +1,6 @@ ---- vio/viosslfactories.c.orig 2019-05-16 05:06:00 UTC +--- vio/viosslfactories.c.orig 2020-05-13 20:59:55 UTC +++ vio/viosslfactories.c -@@ -123,7 +123,7 @@ static DH *get_dh2048(void) +@@ -126,7 +126,7 @@ static DH *get_dh2048(void) { BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); @@ -9,3 +9,37 @@ dh->p= p; dh->g= g; if (! dh->p || ! dh->g) +@@ -500,7 +500,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + struct st_VioSSLFd *ssl_fd; + /* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */ + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + ; +@@ -536,7 +536,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 + | SSL_OP_NO_TLSv1_2 +-#ifdef HAVE_TLSv13 ++#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) + | SSL_OP_NO_TLSv1_3 + #endif /* HAVE_TLSv13 */ + | SSL_OP_NO_TICKET +@@ -557,6 +557,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + } + ++#ifndef LIBRESSL_VERSION_NUMBER + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); + + #ifdef HAVE_TLSv13 +@@ -573,6 +574,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi + DBUG_RETURN(0); + } + #endif /* HAVE_TLSv13 */ ++#endif /* LIBRESSL_VERSION_NUMBER */ + + /* + We explicitly prohibit weak ciphers.