parent
73eb40a2b0
commit
684314b493
@ -1,24 +0,0 @@
|
||||
Fix things so that chains of certificates work in the server and client
|
||||
certificate files.
|
||||
|
||||
This only really works for OpenSSL-based builds, as yassl is unable to read
|
||||
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
|
||||
doesn't fix that, but just arranges that the viosslfactories.c patch won't
|
||||
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
|
||||
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
|
||||
|
||||
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
|
||||
|
||||
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
|
||||
index 5e881e3..2927e7f 100644
|
||||
--- a/vio/viosslfactories.cc
|
||||
+++ b/vio/viosslfactories.cc
|
||||
@@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file,
|
||||
if (!key_file && cert_file) key_file = cert_file;
|
||||
|
||||
if (cert_file &&
|
||||
- SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
|
||||
+ SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
|
||||
*error = SSL_INITERR_CERT;
|
||||
DBUG_PRINT("error",
|
||||
("%s from file '%s'", sslGetErrString(*error), cert_file));
|
@ -1,13 +0,0 @@
|
||||
# Prevents fails when compiling with gcc11 (Fedora 34)
|
||||
# Upstream PR: https://github.com/mysql/mysql-server/pull/323
|
||||
|
||||
--- mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h.old 2021-02-04 17:15:31.034997221 +0100
|
||||
+++ mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h 2021-02-04 17:15:50.781372066 +0100
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <string>
|
||||
#include <type_traits>
|
||||
#include <utility>
|
||||
+#include <limits>
|
||||
#if __cplusplus >= 201703L
|
||||
# include <string_view>
|
||||
#endif
|
@ -1,206 +0,0 @@
|
||||
Make MySQL compile with openssl 3.x without FIPS properly implemented
|
||||
|
||||
This change takes some pieces from MariaDB, including compat_ssl.h and
|
||||
changes in my_md5.cc.
|
||||
|
||||
MySQL utilizes FIPS_mode() and FIPS_mode_set() functions that are not
|
||||
available in OpenSSL 3.x any more. This patch only mocks the call of
|
||||
those functions, returning 0 every time, which effectively makes usage
|
||||
of those functions non working. For making the MySQL build with
|
||||
OpenSSL 3.x this seems to be enough though.
|
||||
|
||||
Resolves: #1952951
|
||||
|
||||
diff -rup mysql-8.0.22-orig/cmake/ssl.cmake mysql-8.0.22/cmake/ssl.cmake
|
||||
--- mysql-8.0.22-orig/cmake/ssl.cmake 2021-05-19 21:36:33.161996422 +0200
|
||||
+++ mysql-8.0.22/cmake/ssl.cmake 2021-05-19 23:06:54.211877057 +0200
|
||||
@@ -227,8 +227,7 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
ENDIF()
|
||||
IF(OPENSSL_INCLUDE_DIR AND
|
||||
OPENSSL_LIBRARY AND
|
||||
- CRYPTO_LIBRARY AND
|
||||
- OPENSSL_MAJOR_VERSION STREQUAL "1"
|
||||
+ CRYPTO_LIBRARY
|
||||
)
|
||||
SET(OPENSSL_FOUND TRUE)
|
||||
FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
|
||||
diff -rup mysql-8.0.22-orig/include/ssl_compat.h mysql-8.0.22/include/ssl_compat.h
|
||||
--- mysql-8.0.22-orig/include/ssl_compat.h 2021-05-19 23:19:36.152956356 +0200
|
||||
+++ mysql-8.0.22/include/ssl_compat.h 2021-05-19 23:06:55.048885933 +0200
|
||||
@@ -0,0 +1,105 @@
|
||||
+/*
|
||||
+ Copyright (c) 2016, 2021, MariaDB Corporation.
|
||||
+
|
||||
+ This program is free software; you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; version 2 of the License.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ GNU General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program; if not, write to the Free Software
|
||||
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||
+
|
||||
+#include <openssl/opensslv.h>
|
||||
+
|
||||
+/* OpenSSL version specific definitions */
|
||||
+#if defined(OPENSSL_VERSION_NUMBER)
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#define HAVE_OPENSSL11 1
|
||||
+#define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
|
||||
+#define ERR_remove_state(X) ERR_clear_error()
|
||||
+#define EVP_CIPHER_CTX_SIZE 176
|
||||
+#define EVP_MD_CTX_SIZE 48
|
||||
+#undef EVP_MD_CTX_init
|
||||
+#define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
|
||||
+#undef EVP_CIPHER_CTX_init
|
||||
+#define EVP_CIPHER_CTX_init(X) do { memset((X), 0, EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0)
|
||||
+
|
||||
+/*
|
||||
+ Macros below are deprecated. OpenSSL 1.1 may define them or not,
|
||||
+ depending on how it was built.
|
||||
+*/
|
||||
+#undef ERR_free_strings
|
||||
+#define ERR_free_strings()
|
||||
+#undef EVP_cleanup
|
||||
+#define EVP_cleanup()
|
||||
+#undef CRYPTO_cleanup_all_ex_data
|
||||
+#define CRYPTO_cleanup_all_ex_data()
|
||||
+#undef SSL_load_error_strings
|
||||
+#define SSL_load_error_strings()
|
||||
+
|
||||
+#else
|
||||
+#define HAVE_OPENSSL10 1
|
||||
+#ifdef HAVE_WOLFSSL
|
||||
+#define SSL_LIBRARY "WolfSSL " WOLFSSL_VERSION
|
||||
+#else
|
||||
+#define SSL_LIBRARY SSLeay_version(SSLEAY_VERSION)
|
||||
+#endif
|
||||
+
|
||||
+#ifdef HAVE_WOLFSSL
|
||||
+#undef ERR_remove_state
|
||||
+#define ERR_remove_state(x) do {} while(0)
|
||||
+#elif defined (HAVE_ERR_remove_thread_state)
|
||||
+#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
|
||||
+#endif /* HAVE_ERR_remove_thread_state */
|
||||
+
|
||||
+#endif /* HAVE_OPENSSL11 */
|
||||
+#endif
|
||||
+
|
||||
+#ifdef HAVE_WOLFSSL
|
||||
+#define EVP_MD_CTX_SIZE sizeof(wc_Md5)
|
||||
+#endif
|
||||
+
|
||||
+#ifndef HAVE_OPENSSL11
|
||||
+#ifndef ASN1_STRING_get0_data
|
||||
+#define ASN1_STRING_get0_data(X) ASN1_STRING_data(X)
|
||||
+#endif
|
||||
+#ifndef EVP_MD_CTX_SIZE
|
||||
+#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX)
|
||||
+#endif
|
||||
+
|
||||
+#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
|
||||
+#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
|
||||
+#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
|
||||
+#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
|
||||
+
|
||||
+#ifndef HAVE_WOLFSSL
|
||||
+#define OPENSSL_init_ssl(X,Y) SSL_library_init()
|
||||
+#define EVP_MD_CTX_reset(X) EVP_MD_CTX_cleanup(X)
|
||||
+#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
|
||||
+#define X509_get0_notBefore(X) X509_get_notBefore(X)
|
||||
+#define X509_get0_notAfter(X) X509_get_notAfter(X)
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
+#ifndef TLS1_3_VERSION
|
||||
+//#define SSL_CTX_set_ciphersuites(X,Y) 0
|
||||
+#endif
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif /* __cplusplus */
|
||||
+
|
||||
+int check_openssl_compatibility();
|
||||
+
|
||||
+#define FIPS_mode_set(X) 0
|
||||
+#define FIPS_mode() 0
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
diff -rup mysql-8.0.22-orig/mysys/my_md5.cc mysql-8.0.22/mysys/my_md5.cc
|
||||
--- mysql-8.0.22-orig/mysys/my_md5.cc 2021-05-19 21:36:31.738980913 +0200
|
||||
+++ mysql-8.0.22/mysys/my_md5.cc 2021-05-19 23:13:41.380194493 +0200
|
||||
@@ -34,13 +34,12 @@
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/md5.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <ssl_compat.h>
|
||||
|
||||
static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
|
||||
int len) {
|
||||
- MD5_CTX ctx;
|
||||
- MD5_Init(&ctx);
|
||||
- MD5_Update(&ctx, buf, len);
|
||||
- MD5_Final(digest, &ctx);
|
||||
+ MD5(buf, len, digest);
|
||||
}
|
||||
|
||||
/**
|
||||
diff -Naurp mysql-8.0.27/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/network/xcom_network_provider_ssl_native_lib.cc*
|
||||
--- mysql-8.0.27/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/network/xcom_network_provider_ssl_native_lib.cc 2021-09-28 13:46:34.000000000 +0200
|
||||
+++ mysql-8.0.27/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/network/xcom_network_provider_ssl_native_lib.cc_patched 2021-10-31 10:57:37.865934624 +0100
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
+#include <openssl/crypto.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/x509v3.h>
|
||||
@@ -39,6 +40,7 @@
|
||||
#endif
|
||||
|
||||
#include "openssl/engine.h"
|
||||
+#include <ssl_compat.h>
|
||||
|
||||
#include "xcom/task_debug.h"
|
||||
#include "xcom/x_platform.h"
|
||||
diff -rup mysql-8.0.22-orig/plugin/x/client/xconnection_impl.cc mysql-8.0.22/plugin/x/client/xconnection_impl.cc
|
||||
--- mysql-8.0.22-orig/plugin/x/client/xconnection_impl.cc 2021-05-19 21:36:14.388791818 +0200
|
||||
+++ mysql-8.0.22/plugin/x/client/xconnection_impl.cc 2021-05-19 23:06:55.049885943 +0200
|
||||
@@ -31,6 +31,7 @@
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif // HAVE_NETINET_IN_H
|
||||
+#include <openssl/crypto.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <cassert>
|
||||
#include <chrono> // NOLINT(build/c++11)
|
||||
@@ -38,6 +39,7 @@
|
||||
#include <limits>
|
||||
#include <sstream>
|
||||
#include <string>
|
||||
+#include <ssl_compat.h>
|
||||
|
||||
#include "errmsg.h" // NOLINT(build/include_subdir)
|
||||
#include "my_config.h" // NOLINT(build/include_subdir)
|
||||
diff -rup mysql-8.0.22-orig/vio/viosslfactories.cc mysql-8.0.22/vio/viosslfactories.cc
|
||||
--- mysql-8.0.22-orig/vio/viosslfactories.cc 2021-05-19 21:36:33.310998046 +0200
|
||||
+++ mysql-8.0.22/vio/viosslfactories.cc 2021-05-19 23:06:55.049885943 +0200
|
||||
@@ -39,7 +39,9 @@
|
||||
#include "mysys_err.h"
|
||||
#include "vio/vio_priv.h"
|
||||
|
||||
+#include <openssl/crypto.h>
|
||||
#include <openssl/dh.h>
|
||||
+#include <ssl_compat.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||
#include <openssl/ec.h>
|
@ -1,41 +0,0 @@
|
||||
Support s390/s390x in performance schema's cycle-counting functions.
|
||||
Filed upstream at http://bugs.mysql.com/bug.php?id=59953
|
||||
|
||||
diff --git a/include/my_rdtsc.h b/include/my_rdtsc.h
|
||||
index 6e378e94..7703cf85 100644
|
||||
--- a/include/my_rdtsc.h
|
||||
+++ b/include/my_rdtsc.h
|
||||
@@ -137,5 +137,6 @@ void my_timer_init(MY_TIMER_INFO *mti);
|
||||
/* #define MY_TIMER_ROUTINE_ASM_SUNPRO_X86_64 27 - No longer used */
|
||||
#define MY_TIMER_ROUTINE_ASM_AARCH64 28
|
||||
#define MY_TIMER_ROUTINE_GET_THREAD_TIMES 29
|
||||
+#define MY_TIMER_ROUTINE_ASM_S390 30
|
||||
|
||||
#endif
|
||||
diff --git a/mysys/my_rdtsc.cc b/mysys/my_rdtsc.cc
|
||||
index 3869db57..655a955e 100644
|
||||
--- a/mysys/my_rdtsc.cc
|
||||
+++ b/mysys/my_rdtsc.cc
|
||||
@@ -169,6 +169,13 @@ ulonglong my_timer_cycles(void) {
|
||||
__asm __volatile__("mrs %[rt],cntvct_el0" : [ rt ] "=r"(result));
|
||||
return result;
|
||||
}
|
||||
+#elif defined(__GNUC__) && defined(__s390__)
|
||||
+ /* covers both s390 and s390x */
|
||||
+ {
|
||||
+ ulonglong result;
|
||||
+ __asm__ __volatile__ ("stck %0" : "=Q" (result) : : "cc");
|
||||
+ return result;
|
||||
+ }
|
||||
#elif defined(HAVE_SYS_TIMES_H) && defined(HAVE_GETHRTIME)
|
||||
/* gethrtime may appear as either cycle or nanosecond counter */
|
||||
return (ulonglong)gethrtime();
|
||||
@@ -491,6 +498,8 @@ void my_timer_init(MY_TIMER_INFO *mti) {
|
||||
mti->cycles.routine = MY_TIMER_ROUTINE_ASM_GCC_SPARC64;
|
||||
#elif defined(__GNUC__) && defined(__aarch64__)
|
||||
mti->cycles.routine = MY_TIMER_ROUTINE_ASM_AARCH64;
|
||||
+#elif defined(__GNUC__) && defined(__s390__)
|
||||
+ mti->cycles.routine = MY_TIMER_ROUTINE_ASM_S390;
|
||||
#elif defined(HAVE_SYS_TIMES_H) && defined(HAVE_GETHRTIME)
|
||||
mti->cycles.routine = MY_TIMER_ROUTINE_GETHRTIME;
|
||||
#else
|
41
mysql.spec
41
mysql.spec
@ -74,7 +74,7 @@
|
||||
%global sameevr %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
|
||||
Name: mysql
|
||||
Version: 8.0.29
|
||||
Version: 8.0.30
|
||||
Release: 1%{?with_debug:.debug}%{?dist}
|
||||
Summary: MySQL client programs and shared libraries
|
||||
URL: http://www.mysql.com
|
||||
@ -108,26 +108,22 @@ Source53: rh-skipped-tests-list-ppc.list
|
||||
# Comments for these patches are in the patch files
|
||||
# Patches common for more mysql-like packages
|
||||
Patch1: %{pkgnamepatch}-install-test.patch
|
||||
Patch2: %{pkgnamepatch}-s390-tsc.patch
|
||||
Patch3: %{pkgnamepatch}-file-contents.patch
|
||||
Patch4: %{pkgnamepatch}-scripts.patch
|
||||
Patch5: %{pkgnamepatch}-paths.patch
|
||||
|
||||
# Patches specific for this mysql package
|
||||
Patch51: %{pkgnamepatch}-chain-certs.patch
|
||||
Patch52: %{pkgnamepatch}-sharedir.patch
|
||||
Patch55: %{pkgnamepatch}-rpath.patch
|
||||
Patch56: %{pkgnamepatch}-mtr.patch
|
||||
Patch75: %{pkgnamepatch}-arm32-timer.patch
|
||||
Patch79: %{pkgnamepatch}-openssl3.patch
|
||||
Patch80: %{pkgnamepatch}-fix-includes-robin-hood.patch
|
||||
Patch51: %{pkgnamepatch}-sharedir.patch
|
||||
Patch52: %{pkgnamepatch}-rpath.patch
|
||||
Patch53: %{pkgnamepatch}-mtr.patch
|
||||
Patch54: %{pkgnamepatch}-arm32-timer.patch
|
||||
|
||||
# Patches taken from boost 1.59
|
||||
Patch115: boost-1.58.0-pool.patch
|
||||
Patch125: boost-1.57.0-mpl-print.patch
|
||||
Patch111: boost-1.58.0-pool.patch
|
||||
Patch112: boost-1.57.0-mpl-print.patch
|
||||
|
||||
# Patches taken from boost 1.76
|
||||
Patch126: boost-1.76.0-fix_multiprecision_issue_419-ppc64le.patch
|
||||
Patch113: boost-1.76.0-fix_multiprecision_issue_419-ppc64le.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
@ -386,23 +382,19 @@ the MySQL sources.
|
||||
%prep
|
||||
%setup -q -n mysql-%{version}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch51 -p1
|
||||
%patch52 -p1
|
||||
%patch55 -p1
|
||||
%patch56 -p1
|
||||
%patch75 -p1
|
||||
%patch79 -p1
|
||||
%patch80 -p1
|
||||
%patch53 -p1
|
||||
%patch54 -p1
|
||||
|
||||
# Patch Boost
|
||||
pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
|
||||
%patch115 -p0
|
||||
%patch125 -p1
|
||||
%patch126 -p2
|
||||
%patch111 -p0
|
||||
%patch112 -p1
|
||||
%patch113 -p2
|
||||
popd
|
||||
|
||||
# generate a list of tests that fail, but are not disabled by upstream
|
||||
@ -812,6 +804,7 @@ fi
|
||||
%{_libdir}/mysql/plugin/component_query_attributes.so
|
||||
%{_libdir}/mysql/plugin/component_reference_cache.so
|
||||
%{_libdir}/mysql/plugin/component_validate_password.so
|
||||
%{_libdir}/mysql/plugin/conflicting_variables.so
|
||||
%{_libdir}/mysql/plugin/connection_control.so
|
||||
%{_libdir}/mysql/plugin/daemon_example.ini
|
||||
%{_libdir}/mysql/plugin/ddl_rewriter.so
|
||||
@ -981,6 +974,12 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 06 2022 Lars Tangvald <lars.tangvald@oracle.com> - 8.0.30-1
|
||||
- Update to MySQL 8.0.30
|
||||
- Remove patches now upstream:
|
||||
chain certs, OpenSSL 3, s390 and robin hood
|
||||
- Add a new plugin
|
||||
|
||||
* Wed Apr 20 2022 Lars Tangvald <lars.tangvald@oracle.com> - 8.0.29-1
|
||||
- Update to MySQL 8.0.29
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (mysql-boost-8.0.29.tar.gz) = fd67f306ef8be60b4010e34e8ccc2c26577256200c183d71149743eeb5c038fd72adde107bfee34abd7df318902db6f94646a482f9f29a8396a6d57014b81b8a
|
||||
SHA512 (mysql-boost-8.0.30.tar.gz) = 03cf3f97c9ddac949311f201f0a2c8f46a9785e518b6671fac927df1c05e2bf30edac3ac0316d91e99bb3da04ce2866e1e47394ee6eb2ca8f43bbbd38ab4247a
|
||||
|
Loading…
Reference in New Issue
Block a user