subject:"\[arch\-commits\] Commit in mariadb\/repos \(5 files\)"

[arch-commits] Commit in mariadb/repos (5 files)

2020-08-08 Thread Christian Hesse via arch-commits

Date: Saturday, August 8, 2020 @ 22:10:33
  Author: eworm
Revision: 393330

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-arch-specific.patch
(from rev 393329, mariadb/trunk/0001-arch-specific.patch)
  
mariadb/repos/testing-x86_64/0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch
(from rev 393329, 
mariadb/trunk/0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 393329, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 393329, mariadb/trunk/mariadb.install)

--+
 0001-arch-specific.patch |   94 
 0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch |   28 +
 PKGBUILD |  227 
++
 mariadb.install  |   25 +
 4 files changed, 374 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 393329, 
mariadb/trunk/0001-arch-specific.patch)
===
--- testing-x86_64/0001-arch-specific.patch (rev 0)
+++ testing-x86_64/0001-arch-specific.patch 2020-08-08 22:10:33 UTC (rev 
393330)
@@ -0,0 +1,94 @@
+From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:10:17 +0100
+Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security
+---
+ support-files/mariadb.service.in  | 2 +-
+ support-files/mari...@.service.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/support-files/mariadb.service.in 
b/support-files/mariadb.service.in
+index e7665ed1219..a1fe69d61c4 100644
+--- a/support-files/mariadb.service.in
 b/support-files/mariadb.service.in
+@@ -129,7 +129,7 @@ UMask=007
+ 
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+ 
+ # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
+ # this is the same value as used in SysV init scripts in the past
+diff --git a/support-files/mari...@.service.in 
b/support-files/mari...@.service.in
+index ffefc2f22d8..f8b0b8aad8d 100644
+--- a/support-files/mari...@.service.in
 b/support-files/mari...@.service.in
+@@ -241,7 +241,7 @@ UMask=007
+ 
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+ 
+ # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
+ # this is the same value as used in SysV init scripts in the past
+
+From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:10:46 +0100
+Subject: [PATCH 2/3] force preloading jemalloc for memory management
+---
+ support-files/mariadb.service.in  | 1 +
+ support-files/mari...@.service.in | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/support-files/mariadb.service.in 
b/support-files/mariadb.service.in
+index a1fe69d61c4..9a2941ae917 100644
+--- a/support-files/mariadb.service.in
 b/support-files/mariadb.service.in
+@@ -159,6 +159,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit 
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+ 
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+diff --git a/support-files/mari...@.service.in 
b/support-files/mari...@.service.in
+index f8b0b8aad8d..3309127330c 100644
+--- a/support-files/mari...@.service.in
 b/support-files/mari...@.service.in
+@@ -282,6 +282,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit 
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+ 
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+
+From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:11:31 +0100
+Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR
+
+This is a no-op if the directory exists, but makes sure it is created by
+systemd-tmpfiles with proper permissions otherwise.
+
+This solves packaging issues when the user MYSQLD_USER is created by
+systemd-sysusers and uid is not known in advance.
+
+Also this now sets the No_COW attribute.
+---
+ support-files/tmpfiles.conf.in | 2 +
+ 1 file changed, 2

[arch-commits] Commit in mariadb/repos (5 files)

2020-05-12 Thread Christian Hesse via arch-commits

Date: Tuesday, May 12, 2020 @ 06:26:51
  Author: eworm
Revision: 383261

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-arch-specific.patch
(from rev 383260, mariadb/trunk/0001-arch-specific.patch)
  
mariadb/repos/testing-x86_64/0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch
(from rev 383260, 
mariadb/trunk/0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 383260, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 383260, mariadb/trunk/mariadb.install)

--+
 0001-arch-specific.patch |   91 
 0004-MDEV-15526-systemd-unit-files-naming-and-installation.patch |   28 +
 PKGBUILD |  227 
++
 mariadb.install  |   25 +
 4 files changed, 371 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 383260, 
mariadb/trunk/0001-arch-specific.patch)
===
--- testing-x86_64/0001-arch-specific.patch (rev 0)
+++ testing-x86_64/0001-arch-specific.patch 2020-05-12 06:26:51 UTC (rev 
383261)
@@ -0,0 +1,91 @@
+From bf66e7d610de0d7d3651742342c01ed9ff93f363 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:10:17 +0100
+Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security
+---
+ support-files/mariadb.service.in  | 2 +-
+ support-files/mari...@.service.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/support-files/mariadb.service.in 
b/support-files/mariadb.service.in
+index e7665ed1219..a1fe69d61c4 100644
+--- a/support-files/mariadb.service.in
 b/support-files/mariadb.service.in
+@@ -129,7 +129,7 @@ UMask=007
+ 
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+ 
+ # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
+ # this is the same value as used in SysV init scripts in the past
+diff --git a/support-files/mari...@.service.in 
b/support-files/mari...@.service.in
+index ffefc2f22d8..f8b0b8aad8d 100644
+--- a/support-files/mari...@.service.in
 b/support-files/mari...@.service.in
+@@ -241,7 +241,7 @@ UMask=007
+ 
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+ 
+ # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
+ # this is the same value as used in SysV init scripts in the past
+
+From 00aab78891a19a14a92039fcc6a73e391a3bb471 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:10:46 +0100
+Subject: [PATCH 2/3] force preloading jemalloc for memory management
+---
+ support-files/mariadb.service.in  | 1 +
+ support-files/mari...@.service.in | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/support-files/mariadb.service.in 
b/support-files/mariadb.service.in
+index a1fe69d61c4..9a2941ae917 100644
+--- a/support-files/mariadb.service.in
 b/support-files/mariadb.service.in
+@@ -159,6 +159,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit 
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+ 
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+diff --git a/support-files/mari...@.service.in 
b/support-files/mari...@.service.in
+index f8b0b8aad8d..3309127330c 100644
+--- a/support-files/mari...@.service.in
 b/support-files/mari...@.service.in
+@@ -282,6 +282,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit 
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+ 
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+
+From a78ff18c83a5eb2556d4f3716f13786dcd8395d2 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Wed, 19 Feb 2020 13:11:31 +0100
+Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR
+
+This is a no-op if the directory exists, but makes sure it is created by
+systemd-tmpfiles with proper permissions otherwise.
+
+This solves packaging issues when the user MYSQLD_USER is created by
+systemd-sysusers and uid is not known in advance.
+---
+ support-files/tmpfiles.conf.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git

[arch-commits] Commit in mariadb/repos (5 files)

2019-01-25 Thread Christian Hesse via arch-commits

Date: Friday, January 25, 2019 @ 15:15:20
  Author: eworm
Revision: 344767

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  
mariadb/repos/testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
(from rev 344766, 
mariadb/trunk/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch)
  
mariadb/repos/testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
(from rev 344766, 
mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 344766, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 344766, mariadb/trunk/mariadb.install)

-+
 
0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch 
|   31 +
 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch   
 |   32 +
 PKGBUILD   
 |  240 ++
 mariadb.install
 |   15 
 4 files changed, 318 insertions(+)

Copied: 
mariadb/repos/testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
 (from rev 344766, 
mariadb/trunk/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch)
===
--- 
testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
  (rev 0)
+++ 
testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
  2019-01-25 15:15:20 UTC (rev 344767)
@@ -0,0 +1,31 @@
+From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= 
+Date: Thu, 24 Jan 2019 00:58:20 +0200
+Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files
+
+If the rlimit.rlim_cur value returned by getrlimit is not the
+RLIM_INFINITY magic constant, but a *very* large number, we can allocate
+too many open files. Restrict set_max_open_files to only return at most
+max_file_limit, as passed via its parameter.
+---
+ mysys/my_file.c | 7 +++
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/mysys/my_file.c b/mysys/my_file.c
+index 8d01285a94b..b3aef8494cb 100644
+--- a/mysys/my_file.c
 b/mysys/my_file.c
+@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit)
+ DBUG_PRINT("info", ("rlim_cur: %u  rlim_max: %u",
+   (uint) rlimit.rlim_cur,
+   (uint) rlimit.rlim_max));
+-if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY)
+-  rlimit.rlim_cur = max_file_limit;
+-if (rlimit.rlim_cur >= max_file_limit)
+-  DBUG_RETURN(rlimit.rlim_cur);   /* purecov: inspected */
++if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY ||
++rlimit.rlim_cur >= max_file_limit)
++  DBUG_RETURN(max_file_limit);
+ rlimit.rlim_cur= rlimit.rlim_max= max_file_limit;
+ if (setrlimit(RLIMIT_NOFILE, ))
+   max_file_limit= old_cur;/* Use original value */

Copied: 
mariadb/repos/testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
 (from rev 344766, 
mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
===
--- 
testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 
(rev 0)
+++ 
testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 
2019-01-25 15:15:20 UTC (rev 344767)
@@ -0,0 +1,32 @@
+From 5936f0be4a49eda7b05ea1591a3d72e4d7b9 Mon Sep 17 00:00:00 2001
+From: Christian Hesse 
+Date: Fri, 25 Jan 2019 14:50:53 +0100
+Subject: fix galera_recovery with fs.protected_regular enabled
+
+The fs.protected_regular sysctls was added in Linux 4.19 to make some
+data spoofing attacks harder. With systemd v241 these will be enabled
+by default.
+
+With this protection enabled galera_recovery fails with EPERM
+(permission denied). This is caused by a wrong security measure:
+The script changes ownership of $log_file to $user, though $user never
+touches it. The shell redirection writes output to the file, not mysqld.
+So just drop chown to fix this.
+---
+ scripts/galera_recovery.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index c58f3d8f6b9..c70decc0005 100644
+--- a/scripts/galera_recovery.sh
 b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+ 
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+-  [ "$euid" = "0" ] && chown $user

[arch-commits] Commit in mariadb/repos (5 files)

2018-05-09 Thread Christian Hesse via arch-commits

Date: Wednesday, May 9, 2018 @ 12:12:50
  Author: eworm
Revision: 323616

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch
(from rev 323615, mariadb/trunk/0001-openssl-1-1-0.patch)
  
mariadb/repos/testing-x86_64/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch
(from rev 323615, 
mariadb/trunk/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 323615, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 323615, mariadb/trunk/mariadb.install)

-+
 0001-openssl-1-1-0.patch|  995 ++
 0002-mroonga-after-merge-CMakeLists.txt-fixes.patch |   53 
 PKGBUILD|  201 +++
 mariadb.install |   11 
 4 files changed, 1260 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 323615, 
mariadb/trunk/0001-openssl-1-1-0.patch)
===
--- testing-x86_64/0001-openssl-1-1-0.patch (rev 0)
+++ testing-x86_64/0001-openssl-1-1-0.patch 2018-05-09 12:12:50 UTC (rev 
323616)
@@ -0,0 +1,995 @@
+diff --git a/include/ssl_compat.h b/include/ssl_compat.h
+new file mode 100644
+index 000..b0e3ed4
+--- /dev/null
 b/include/ssl_compat.h
+@@ -0,0 +1,75 @@
++/*
++ Copyright (c) 2016, 2017 MariaDB Corporation
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 of the License.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
++
++#include 
++
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_X509_check_host 1
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_OPENSSL11 1
++#define ERR_remove_state(X) ERR_clear_error()
++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X)
++#define EVP_CIPHER_CTX_SIZE 168
++#define EVP_MD_CTX_SIZE 48
++#undef EVP_MD_CTX_init
++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); 
EVP_MD_CTX_reset(X); } while(0)
++#undef EVP_CIPHER_CTX_init
++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); 
EVP_CIPHER_CTX_reset(X); } while(0)
++
++#else
++#define HAVE_OPENSSL10 1
++/*
++  Unfortunately RAND_bytes manual page does not provide any guarantees
++  in relation to blocking behavior. Here we explicitly use SSLeay random
++  instead of whatever random engine is currently set in OpenSSL. That way
++  we are guaranteed to have a non-blocking random.
++*/
++#define RAND_OpenSSL() RAND_SSLeay()
++
++#ifdef HAVE_ERR_remove_thread_state
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif /* HAVE_ERR_remove_thread_state */
++
++#endif /* HAVE_OPENSSL11 */
++
++#elif defined(HAVE_YASSL)
++#define BN_free(X) do { } while(0)
++#endif /* !defined(HAVE_YASSL) */
++
++#ifndef HAVE_OPENSSL11
++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X)
++#define OPENSSL_init_ssl(X,Y)   SSL_library_init()
++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G))
++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
++#define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX)
++#endif
++
++#ifdef__cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++int check_openssl_compatibility();
++
++#ifdef__cplusplus
++}
++#endif
+diff --git a/include/violite.h b/include/violite.h
+index a7165ca..572d474 100644
+--- a/include/violite.h
 b/include/violite.h
+@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa,
+ int flags);
+ 
+ #ifdef HAVE_OPENSSL
+-#include 
+-#if OPENSSL_VERSION_NUMBER < 0x0090700f
+-#define DES_cblock des_cblock
+-#define DES_key_schedule des_key_schedule
+-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks))
+-#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) 
des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e))
+-#endif
+ /* apple deprecated openssl in MacOSX Lion */
+ #ifdef __APPLE__
+ #pragma GCC diagnostic ignored

[arch-commits] Commit in mariadb/repos (5 files)

2018-03-27 Thread Christian Hesse via arch-commits

Date: Tuesday, March 27, 2018 @ 07:45:57
  Author: eworm
Revision: 320367

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch
(from rev 320366, mariadb/trunk/0001-openssl-1-1-0.patch)
  
mariadb/repos/testing-x86_64/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch
(from rev 320366, 
mariadb/trunk/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 320366, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 320366, mariadb/trunk/mariadb.install)

-+
 0001-openssl-1-1-0.patch|  995 ++
 0002-mroonga-after-merge-CMakeLists.txt-fixes.patch |   53 
 PKGBUILD|  201 +++
 mariadb.install |   11 
 4 files changed, 1260 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 320366, 
mariadb/trunk/0001-openssl-1-1-0.patch)
===
--- testing-x86_64/0001-openssl-1-1-0.patch (rev 0)
+++ testing-x86_64/0001-openssl-1-1-0.patch 2018-03-27 07:45:57 UTC (rev 
320367)
@@ -0,0 +1,995 @@
+diff --git a/include/ssl_compat.h b/include/ssl_compat.h
+new file mode 100644
+index 000..b0e3ed4
+--- /dev/null
 b/include/ssl_compat.h
+@@ -0,0 +1,75 @@
++/*
++ Copyright (c) 2016, 2017 MariaDB Corporation
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 of the License.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
++
++#include 
++
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_X509_check_host 1
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_OPENSSL11 1
++#define ERR_remove_state(X) ERR_clear_error()
++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X)
++#define EVP_CIPHER_CTX_SIZE 168
++#define EVP_MD_CTX_SIZE 48
++#undef EVP_MD_CTX_init
++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); 
EVP_MD_CTX_reset(X); } while(0)
++#undef EVP_CIPHER_CTX_init
++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); 
EVP_CIPHER_CTX_reset(X); } while(0)
++
++#else
++#define HAVE_OPENSSL10 1
++/*
++  Unfortunately RAND_bytes manual page does not provide any guarantees
++  in relation to blocking behavior. Here we explicitly use SSLeay random
++  instead of whatever random engine is currently set in OpenSSL. That way
++  we are guaranteed to have a non-blocking random.
++*/
++#define RAND_OpenSSL() RAND_SSLeay()
++
++#ifdef HAVE_ERR_remove_thread_state
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif /* HAVE_ERR_remove_thread_state */
++
++#endif /* HAVE_OPENSSL11 */
++
++#elif defined(HAVE_YASSL)
++#define BN_free(X) do { } while(0)
++#endif /* !defined(HAVE_YASSL) */
++
++#ifndef HAVE_OPENSSL11
++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X)
++#define OPENSSL_init_ssl(X,Y)   SSL_library_init()
++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G))
++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
++#define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
++#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
++#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX)
++#endif
++
++#ifdef__cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++int check_openssl_compatibility();
++
++#ifdef__cplusplus
++}
++#endif
+diff --git a/include/violite.h b/include/violite.h
+index a7165ca..572d474 100644
+--- a/include/violite.h
 b/include/violite.h
+@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa,
+ int flags);
+ 
+ #ifdef HAVE_OPENSSL
+-#include 
+-#if OPENSSL_VERSION_NUMBER < 0x0090700f
+-#define DES_cblock des_cblock
+-#define DES_key_schedule des_key_schedule
+-#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks))
+-#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) 
des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e))
+-#endif
+ /* apple deprecated openssl in MacOSX Lion */
+ #ifdef __APPLE__
+ #pragma GCC diagnostic ignored

[arch-commits] Commit in mariadb/repos (5 files)

2018-02-06 Thread Christian Hesse via arch-commits

Date: Tuesday, February 6, 2018 @ 10:16:56
  Author: eworm
Revision: 315952

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch
(from rev 315951, mariadb/trunk/0001-openssl-1-1-0.patch)
  
mariadb/repos/testing-x86_64/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch
(from rev 315951, 
mariadb/trunk/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 315951, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 315951, mariadb/trunk/mariadb.install)

-+
 0001-openssl-1-1-0.patch| 1016 ++
 0002-mroonga-after-merge-CMakeLists.txt-fixes.patch |   53 
 PKGBUILD|  201 +++
 mariadb.install |   11 
 4 files changed, 1281 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 315951, 
mariadb/trunk/0001-openssl-1-1-0.patch)
===
--- testing-x86_64/0001-openssl-1-1-0.patch (rev 0)
+++ testing-x86_64/0001-openssl-1-1-0.patch 2018-02-06 10:16:56 UTC (rev 
315952)
@@ -0,0 +1,1016 @@
+diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
+index 407e409..6e181a9 100644
+--- a/extra/yassl/src/handshake.cpp
 b/extra/yassl/src/handshake.cpp
+@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
+ needHdr = true;
+ else {
+ buffer >> hdr;
++/*
++  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
++  packet needs to specify the highest supported TLS version, but 
not
++  higher than what client requests. YaSSL highest supported 
version is
++  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
++  here to 3.2.
++  See also Appendix E of RFC 5246 (TLS 1.2)
++*/
++if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
++  hdr.version_.minor_ = 2;
+ ssl.verifyState(hdr);
+ }
+ 
+diff --git a/include/ssl_compat.h b/include/ssl_compat.h
+new file mode 100644
+index 000..b0e3ed4
+--- /dev/null
 b/include/ssl_compat.h
+@@ -0,0 +1,75 @@
++/*
++ Copyright (c) 2016, 2017 MariaDB Corporation
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 of the License.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
++
++#include 
++
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_X509_check_host 1
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_OPENSSL11 1
++#define ERR_remove_state(X) ERR_clear_error()
++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X)
++#define EVP_CIPHER_CTX_SIZE 168
++#define EVP_MD_CTX_SIZE 48
++#undef EVP_MD_CTX_init
++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); 
EVP_MD_CTX_reset(X); } while(0)
++#undef EVP_CIPHER_CTX_init
++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); 
EVP_CIPHER_CTX_reset(X); } while(0)
++
++#else
++#define HAVE_OPENSSL10 1
++/*
++  Unfortunately RAND_bytes manual page does not provide any guarantees
++  in relation to blocking behavior. Here we explicitly use SSLeay random
++  instead of whatever random engine is currently set in OpenSSL. That way
++  we are guaranteed to have a non-blocking random.
++*/
++#define RAND_OpenSSL() RAND_SSLeay()
++
++#ifdef HAVE_ERR_remove_thread_state
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif /* HAVE_ERR_remove_thread_state */
++
++#endif /* HAVE_OPENSSL11 */
++
++#elif defined(HAVE_YASSL)
++#define BN_free(X) do { } while(0)
++#endif /* !defined(HAVE_YASSL) */
++
++#ifndef HAVE_OPENSSL11
++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X)
++#define OPENSSL_init_ssl(X,Y)   SSL_library_init()
++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G))
++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
++#define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
++#define EVP_CIPHER_CTX_SIZE

[arch-commits] Commit in mariadb/repos (5 files)

2017-12-23 Thread Christian Hesse via arch-commits

Date: Saturday, December 23, 2017 @ 22:30:03
  Author: eworm
Revision: 313573

archrelease: copy trunk to testing-x86_64

Added:
  mariadb/repos/testing-x86_64/
  mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch
(from rev 313572, mariadb/trunk/0001-openssl-1-1-0.patch)
  
mariadb/repos/testing-x86_64/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch
(from rev 313572, 
mariadb/trunk/0002-mroonga-after-merge-CMakeLists.txt-fixes.patch)
  mariadb/repos/testing-x86_64/PKGBUILD
(from rev 313572, mariadb/trunk/PKGBUILD)
  mariadb/repos/testing-x86_64/mariadb.install
(from rev 313572, mariadb/trunk/mariadb.install)

-+
 0001-openssl-1-1-0.patch| 1037 ++
 0002-mroonga-after-merge-CMakeLists.txt-fixes.patch |   53 
 PKGBUILD|  202 +++
 mariadb.install |   11 
 4 files changed, 1303 insertions(+)

Copied: mariadb/repos/testing-x86_64/0001-openssl-1-1-0.patch (from rev 313572, 
mariadb/trunk/0001-openssl-1-1-0.patch)
===
--- testing-x86_64/0001-openssl-1-1-0.patch (rev 0)
+++ testing-x86_64/0001-openssl-1-1-0.patch 2017-12-23 22:30:03 UTC (rev 
313573)
@@ -0,0 +1,1037 @@
+diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
+index 407e409..6e181a9 100644
+--- a/extra/yassl/src/handshake.cpp
 b/extra/yassl/src/handshake.cpp
+@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
+ needHdr = true;
+ else {
+ buffer >> hdr;
++/*
++  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
++  packet needs to specify the highest supported TLS version, but 
not
++  higher than what client requests. YaSSL highest supported 
version is
++  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
++  here to 3.2.
++  See also Appendix E of RFC 5246 (TLS 1.2)
++*/
++if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
++  hdr.version_.minor_ = 2;
+ ssl.verifyState(hdr);
+ }
+ 
+diff --git a/include/ssl_compat.h b/include/ssl_compat.h
+new file mode 100644
+index 000..b0e3ed4
+--- /dev/null
 b/include/ssl_compat.h
+@@ -0,0 +1,75 @@
++/*
++ Copyright (c) 2016, 2017 MariaDB Corporation
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 of the License.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
++
++#include 
++
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_X509_check_host 1
++#endif
++
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_OPENSSL11 1
++#define ERR_remove_state(X) ERR_clear_error()
++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X)
++#define EVP_CIPHER_CTX_SIZE 168
++#define EVP_MD_CTX_SIZE 48
++#undef EVP_MD_CTX_init
++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); 
EVP_MD_CTX_reset(X); } while(0)
++#undef EVP_CIPHER_CTX_init
++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); 
EVP_CIPHER_CTX_reset(X); } while(0)
++
++#else
++#define HAVE_OPENSSL10 1
++/*
++  Unfortunately RAND_bytes manual page does not provide any guarantees
++  in relation to blocking behavior. Here we explicitly use SSLeay random
++  instead of whatever random engine is currently set in OpenSSL. That way
++  we are guaranteed to have a non-blocking random.
++*/
++#define RAND_OpenSSL() RAND_SSLeay()
++
++#ifdef HAVE_ERR_remove_thread_state
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif /* HAVE_ERR_remove_thread_state */
++
++#endif /* HAVE_OPENSSL11 */
++
++#elif defined(HAVE_YASSL)
++#define BN_free(X) do { } while(0)
++#endif /* !defined(HAVE_YASSL) */
++
++#ifndef HAVE_OPENSSL11
++#define ASN1_STRING_get0_data(X)ASN1_STRING_data(X)
++#define OPENSSL_init_ssl(X,Y)   SSL_library_init()
++#define DH_set0_pqg(D,P,Q,G)((D)->p= (P), (D)->g= (G))
++#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
++#define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
++#define EVP_CIPHER_CTX_SIZE

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

[arch-commits] Commit in mariadb/repos (5 files)

7 matches

Site Navigation

Mail list logo

Footer information