1 |
commit: 5d874ef4f478adbf245793017b1e6fc02f1e40a8 |
2 |
Author: Brian Evans <grknight <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 2 14:34:28 2018 +0000 |
4 |
Commit: Brian Evans <grknight <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 2 14:34:28 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d874ef4 |
7 |
|
8 |
dev-db/mysql-connector-c: Add openssl-1.1 compatibility patch |
9 |
|
10 |
Closes: https://bugs.gentoo.org/606600 |
11 |
Package-Manager: Portage-2.3.31, Repoman-2.3.9 |
12 |
|
13 |
.../files/6.1.11-openssl-1.1.patch | 287 +++++++++++++++++++++ |
14 |
.../mysql-connector-c-6.1.11-r1.ebuild | 3 +- |
15 |
2 files changed, 289 insertions(+), 1 deletion(-) |
16 |
|
17 |
diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..cbca14de60b |
20 |
--- /dev/null |
21 |
+++ b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch |
22 |
@@ -0,0 +1,287 @@ |
23 |
+From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001 |
24 |
+From: eroen <eroen@×××××××××××.eu> |
25 |
+Date: Fri, 20 Jan 2017 14:43:53 +0100 |
26 |
+Subject: [PATCH] Don't use deprecated API with openssl 1.1 |
27 |
+ |
28 |
+If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using |
29 |
+deprecated APIs causes build errors. |
30 |
+ |
31 |
+X-Gentoo-Bug: 606600 |
32 |
+X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600 |
33 |
+--- |
34 |
+ mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++------------- |
35 |
+ sql-common/client.c | 16 ++++++++++++-- |
36 |
+ vio/viossl.c | 8 +++++++ |
37 |
+ vio/viosslfactories.c | 23 +++++++++++++++++++ |
38 |
+ 4 files changed, 84 insertions(+), 17 deletions(-) |
39 |
+ |
40 |
+diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc |
41 |
+index 261ba8a..59a95e3 100644 |
42 |
+--- a/mysys_ssl/my_aes_openssl.cc |
43 |
++++ b/mysys_ssl/my_aes_openssl.cc |
44 |
+@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ |
45 |
+ #include <openssl/evp.h> |
46 |
+ #include <openssl/err.h> |
47 |
+ #include <openssl/bio.h> |
48 |
++#include <openssl/opensslv.h> |
49 |
++ |
50 |
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |
51 |
++#undef OPENSSL_VERSION_NUMBER |
52 |
++#define OPENSSL_VERSION_NUMBER 0x1000107fL |
53 |
++#endif |
54 |
+ |
55 |
+ /* |
56 |
+ xplugin needs BIO_new_bio_pair, but the server does not. |
57 |
+@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, |
58 |
+ enum my_aes_opmode mode, const unsigned char *iv, |
59 |
+ bool padding) |
60 |
+ { |
61 |
+- EVP_CIPHER_CTX ctx; |
62 |
++ EVP_CIPHER_CTX *ctx; |
63 |
+ const EVP_CIPHER *cipher= aes_evp_type(mode); |
64 |
+ int u_len, f_len; |
65 |
+ /* The real key to be used for encryption */ |
66 |
+@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, |
67 |
+ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
68 |
+ return MY_AES_BAD_DATA; |
69 |
+ |
70 |
+- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) |
71 |
++ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) |
72 |
+ goto aes_error; /* Error */ |
73 |
+- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) |
74 |
++ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) |
75 |
+ goto aes_error; /* Error */ |
76 |
+- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) |
77 |
++ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) |
78 |
+ goto aes_error; /* Error */ |
79 |
+ |
80 |
+- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) |
81 |
++ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) |
82 |
+ goto aes_error; /* Error */ |
83 |
+ |
84 |
+- EVP_CIPHER_CTX_cleanup(&ctx); |
85 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
86 |
++ EVP_CIPHER_CTX_cleanup(ctx); |
87 |
++#else |
88 |
++ EVP_CIPHER_CTX_free(ctx); |
89 |
++#endif |
90 |
+ return u_len + f_len; |
91 |
+ |
92 |
+ aes_error: |
93 |
+ /* need to explicitly clean up the error if we want to ignore it */ |
94 |
+ ERR_clear_error(); |
95 |
+- EVP_CIPHER_CTX_cleanup(&ctx); |
96 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
97 |
++ EVP_CIPHER_CTX_cleanup(ctx); |
98 |
++#else |
99 |
++ EVP_CIPHER_CTX_free(ctx); |
100 |
++#endif |
101 |
+ return MY_AES_BAD_DATA; |
102 |
+ } |
103 |
+ |
104 |
+@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, |
105 |
+ bool padding) |
106 |
+ { |
107 |
+ |
108 |
+- EVP_CIPHER_CTX ctx; |
109 |
++ EVP_CIPHER_CTX *ctx; |
110 |
+ const EVP_CIPHER *cipher= aes_evp_type(mode); |
111 |
+ int u_len, f_len; |
112 |
+ |
113 |
+@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, |
114 |
+ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
115 |
+ return MY_AES_BAD_DATA; |
116 |
+ |
117 |
+- EVP_CIPHER_CTX_init(&ctx); |
118 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
119 |
++ EVP_CIPHER_CTX_init(ctx); |
120 |
++#endif |
121 |
+ |
122 |
+- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) |
123 |
++ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) |
124 |
+ goto aes_error; /* Error */ |
125 |
+- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) |
126 |
++ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) |
127 |
+ goto aes_error; /* Error */ |
128 |
+- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) |
129 |
++ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) |
130 |
+ goto aes_error; /* Error */ |
131 |
+- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) |
132 |
++ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) |
133 |
+ goto aes_error; /* Error */ |
134 |
+ |
135 |
+- EVP_CIPHER_CTX_cleanup(&ctx); |
136 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
137 |
++ EVP_CIPHER_CTX_cleanup(ctx); |
138 |
++#else |
139 |
++ EVP_CIPHER_CTX_free(ctx); |
140 |
++#endif |
141 |
+ return u_len + f_len; |
142 |
+ |
143 |
+ aes_error: |
144 |
+ /* need to explicitly clean up the error if we want to ignore it */ |
145 |
+ ERR_clear_error(); |
146 |
+- EVP_CIPHER_CTX_cleanup(&ctx); |
147 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
148 |
++ EVP_CIPHER_CTX_cleanup(ctx); |
149 |
++#else |
150 |
++ EVP_CIPHER_CTX_free(ctx); |
151 |
++#endif |
152 |
+ return MY_AES_BAD_DATA; |
153 |
+ } |
154 |
+ |
155 |
+diff --git a/sql-common/client.c b/sql-common/client.c |
156 |
+index 9e88e9f..fe7daf7 100644 |
157 |
+--- a/sql-common/client.c |
158 |
++++ b/sql-common/client.c |
159 |
+@@ -86,6 +86,14 @@ my_bool net_flush(NET *net); |
160 |
+ # include <sys/un.h> |
161 |
+ #endif |
162 |
+ |
163 |
++#ifdef HAVE_OPENSSL |
164 |
++#include <openssl/opensslv.h> |
165 |
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |
166 |
++#undef OPENSSL_VERSION_NUMBER |
167 |
++#define OPENSSL_VERSION_NUMBER 0x1000107fL |
168 |
++#endif |
169 |
++#endif |
170 |
++ |
171 |
+ #ifndef _WIN32 |
172 |
+ #include <errno.h> |
173 |
+ #define SOCKET_ERROR -1 |
174 |
+@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c |
175 |
+ { |
176 |
+ SSL *ssl; |
177 |
+ X509 *server_cert= NULL; |
178 |
+- char *cn= NULL; |
179 |
++ const char *cn= NULL; |
180 |
+ int cn_loc= -1; |
181 |
+ ASN1_STRING *cn_asn1= NULL; |
182 |
+ X509_NAME_ENTRY *cn_entry= NULL; |
183 |
+@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c |
184 |
+ goto error; |
185 |
+ } |
186 |
+ |
187 |
+- cn= (char *) ASN1_STRING_data(cn_asn1); |
188 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
189 |
++ cn= (const char *) ASN1_STRING_data(cn_asn1); |
190 |
++#else |
191 |
++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); |
192 |
++#endif |
193 |
+ |
194 |
+ // There should not be any NULL embedded in the CN |
195 |
+ if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) |
196 |
+diff --git a/vio/viossl.c b/vio/viossl.c |
197 |
+index 5622cb7..94b0f09 100644 |
198 |
+--- a/vio/viossl.c |
199 |
++++ b/vio/viossl.c |
200 |
+@@ -24,6 +24,12 @@ |
201 |
+ |
202 |
+ #ifdef HAVE_OPENSSL |
203 |
+ |
204 |
++#include <openssl/opensslv.h> |
205 |
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |
206 |
++#undef OPENSSL_VERSION_NUMBER |
207 |
++#define OPENSSL_VERSION_NUMBER 0x1000107fL |
208 |
++#endif |
209 |
++ |
210 |
+ #ifndef DBUG_OFF |
211 |
+ |
212 |
+ static void |
213 |
+@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio) |
214 |
+ } |
215 |
+ |
216 |
+ #ifndef HAVE_YASSL |
217 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
218 |
+ ERR_remove_thread_state(0); |
219 |
+ #endif |
220 |
++#endif |
221 |
+ |
222 |
+ vio_delete(vio); |
223 |
+ } |
224 |
+diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c |
225 |
+index da5449a..87b30c3 100644 |
226 |
+--- a/vio/viosslfactories.c |
227 |
++++ b/vio/viosslfactories.c |
228 |
+@@ -16,6 +16,14 @@ |
229 |
+ #include "vio_priv.h" |
230 |
+ |
231 |
+ #ifdef HAVE_OPENSSL |
232 |
++#include <openssl/bn.h> |
233 |
++#include <openssl/dh.h> |
234 |
++#include <openssl/opensslv.h> |
235 |
++ |
236 |
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |
237 |
++#undef OPENSSL_VERSION_NUMBER |
238 |
++#define OPENSSL_VERSION_NUMBER 0x1000107fL |
239 |
++#endif |
240 |
+ |
241 |
+ #define TLS_VERSION_OPTION_SIZE 256 |
242 |
+ #define SSL_CIPHER_LIST_SIZE 4096 |
243 |
+@@ -121,10 +129,18 @@ static DH *get_dh2048(void) |
244 |
+ DH *dh; |
245 |
+ if ((dh=DH_new())) |
246 |
+ { |
247 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
248 |
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); |
249 |
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); |
250 |
+ if (! dh->p || ! dh->g) |
251 |
+ { |
252 |
++#else |
253 |
++ if (! DH_set0_pqg(dh, |
254 |
++ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL), |
255 |
++ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL), |
256 |
++ NULL)) |
257 |
++ { |
258 |
++#endif |
259 |
+ DH_free(dh); |
260 |
+ dh=0; |
261 |
+ } |
262 |
+@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value |
263 |
+ } openssl_lock_t; |
264 |
+ |
265 |
+ |
266 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
267 |
++ |
268 |
+ /* Array of locks used by openssl internally for thread synchronization. |
269 |
+ The number of locks is equal to CRYPTO_num_locks. |
270 |
+ */ |
271 |
+@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions() |
272 |
+ { |
273 |
+ set_lock_callback_functions(FALSE); |
274 |
+ } |
275 |
++#endif |
276 |
+ |
277 |
+ void vio_ssl_end() |
278 |
+ { |
279 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
280 |
+ int i= 0; |
281 |
+ |
282 |
+ if (ssl_initialized) { |
283 |
+@@ -409,6 +429,7 @@ void vio_ssl_end() |
284 |
+ |
285 |
+ ssl_initialized= FALSE; |
286 |
+ } |
287 |
++#endif |
288 |
+ } |
289 |
+ |
290 |
+ #endif //OpenSSL specific |
291 |
+@@ -419,6 +440,7 @@ void ssl_start() |
292 |
+ { |
293 |
+ ssl_initialized= TRUE; |
294 |
+ |
295 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
296 |
+ SSL_library_init(); |
297 |
+ OpenSSL_add_all_algorithms(); |
298 |
+ SSL_load_error_strings(); |
299 |
+@@ -427,6 +449,7 @@ void ssl_start() |
300 |
+ init_ssl_locks(); |
301 |
+ init_lock_callback_functions(); |
302 |
+ #endif |
303 |
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
304 |
+ } |
305 |
+ } |
306 |
+ |
307 |
+-- |
308 |
+2.11.0 |
309 |
+ |
310 |
|
311 |
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild |
312 |
index 0895cd112ad..c865a0fc652 100644 |
313 |
--- a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild |
314 |
+++ b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild |
315 |
@@ -45,6 +45,7 @@ DOCS=( README ) |
316 |
PATCHES=( |
317 |
"${FILESDIR}/mysql_com.patch" |
318 |
"${FILESDIR}/20028_all_mysql-5.6-gcc7.patch" |
319 |
+ "${FILESDIR}/6.1.11-openssl-1.1.patch" |
320 |
) |
321 |
|
322 |
src_prepare() { |
323 |
@@ -57,7 +58,7 @@ src_prepare() { |
324 |
} |
325 |
|
326 |
multilib_src_configure() { |
327 |
- mycmakeargs+=( |
328 |
+ local mycmakeargs=( |
329 |
-DINSTALL_LAYOUT=RPM |
330 |
-DINSTALL_LIBDIR=$(get_libdir) |
331 |
-DWITH_DEFAULT_COMPILER_OPTIONS=OFF |