subject:"\[arch\-commits\] Commit in mariadb\/trunk \(0001\-openssl\-1\-1\-0.patch PKGBUILD\)"

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2018-11-02 Thread Christian Hesse via arch-commits

Date: Friday, November 2, 2018 @ 09:24:57
  Author: eworm
Revision: 337728

upgpkg: mariadb 10.1.37-1

new upstream release

Modified:
  mariadb/trunk/0001-openssl-1-1-0.patch
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch |   13 +
 PKGBUILD |6 +++---
 2 files changed, 16 insertions(+), 3 deletions(-)

Modified: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch2018-11-02 06:51:23 UTC (rev 337727)
+++ 0001-openssl-1-1-0.patch2018-11-02 09:24:57 UTC (rev 337728)
@@ -1,3 +1,16 @@
+diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
+index 24e18600402..6fac749fd13 100644
+--- a/cmake/ssl.cmake
 b/cmake/ssl.cmake
+@@ -182,7 +182,7 @@ MACRO (MYSQL_CHECK_SSL)
+ HAVE_SHA512_DIGEST_LENGTH)
+ SET(CMAKE_REQUIRED_INCLUDES)
+ IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARIES AND
+-   OPENSSL_MAJOR_VERSION STRLESS "101" AND
++   OPENSSL_MAJOR_VERSION STRLESS "102" AND
+CRYPTO_LIBRARY AND HAVE_SHA512_DIGEST_LENGTH)
+ 
+   SET(SSL_SOURCES "")
 diff --git a/include/ssl_compat.h b/include/ssl_compat.h
 new file mode 100644
 index 000..b0e3ed4

Modified: PKGBUILD
===
--- PKGBUILD2018-11-02 06:51:23 UTC (rev 337727)
+++ PKGBUILD2018-11-02 09:24:57 UTC (rev 337728)
@@ -3,7 +3,7 @@
 
 pkgbase=mariadb
 pkgname=('libmariadbclient' 'mariadb-clients' 'mytop' 'mariadb')
-pkgver=10.1.36
+pkgver=10.1.37
 pkgrel=1
 arch=('x86_64')
 license=('GPL')
@@ -13,9 +13,9 @@
 validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package 
Signing Key 
 
source=("https://mirrors.n-ix.net/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
 '0001-openssl-1-1-0.patch')
-sha256sums=('ad742e8cf02b9294259cc8b0c888f7ba2e105e76554e4183603d275bcd91aa58'
+sha256sums=('8cd516b0a7f7aa36a7c1d6e687dbbad8c0b08c92d5fd60c6e691b19a6cab4d46'
 'SKIP'
-'229d556748119757f36be1e9956834be28db0f5a35cdacce53f6c640784fca77')
+'fe26d22f0150e7460daa83d71d35735b3031cfc97e99bfbb8d6d74c11a28ccea')
 
 prepare() {
   cd $pkgbase-$pkgver/

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2018-03-27 Thread Christian Hesse via arch-commits

Date: Tuesday, March 27, 2018 @ 07:45:51
  Author: eworm
Revision: 320366

upgpkg: mariadb 10.1.32-1

new upstream release

Modified:
  mariadb/trunk/0001-openssl-1-1-0.patch
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch |   23 +--
 PKGBUILD |6 +++---
 2 files changed, 4 insertions(+), 25 deletions(-)

Modified: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch2018-03-26 21:31:50 UTC (rev 320365)
+++ 0001-openssl-1-1-0.patch2018-03-27 07:45:51 UTC (rev 320366)
@@ -1,24 +1,3 @@
-diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
-index 407e409..6e181a9 100644
 a/extra/yassl/src/handshake.cpp
-+++ b/extra/yassl/src/handshake.cpp
-@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
- needHdr = true;
- else {
- buffer >> hdr;
-+/*
-+  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
-+  packet needs to specify the highest supported TLS version, but 
not
-+  higher than what client requests. YaSSL highest supported 
version is
-+  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
-+  here to 3.2.
-+  See also Appendix E of RFC 5246 (TLS 1.2)
-+*/
-+if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
-+  hdr.version_.minor_ = 2;
- ssl.verifyState(hdr);
- }
- 
 diff --git a/include/ssl_compat.h b/include/ssl_compat.h
 new file mode 100644
 index 000..b0e3ed4
@@ -150,7 +129,7 @@
 index eaec51b..1b28469 100755
 --- a/mysql-test/mysql-test-run.pl
 +++ b/mysql-test/mysql-test-run.pl
-@@ -2301,6 +2301,11 @@ sub environment_setup {
+@@ -2307,6 +2307,11 @@ sub environment_setup {
$ENV{'MYSQL_PLUGIN'}= $exe_mysql_plugin;
$ENV{'MYSQL_EMBEDDED'}=   $exe_mysql_embedded;
  

Modified: PKGBUILD
===
--- PKGBUILD2018-03-26 21:31:50 UTC (rev 320365)
+++ PKGBUILD2018-03-27 07:45:51 UTC (rev 320366)
@@ -4,7 +4,7 @@
 
 pkgbase=mariadb
 pkgname=('libmariadbclient' 'mariadb-clients' 'mytop' 'mariadb')
-pkgver=10.1.31
+pkgver=10.1.32
 pkgrel=1
 arch=('x86_64')
 license=('GPL')
@@ -15,9 +15,9 @@
 
source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
 '0001-openssl-1-1-0.patch'
 '0002-mroonga-after-merge-CMakeLists.txt-fixes.patch')
-sha256sums=('ab7641c2fe4e5289da6141766a9c3350e013def56fafd6f1377080bc8048b2e6'
+sha256sums=('0e2aae6a6a190d07c8e36e87dd43377057fa82651ca3c583462563f3e9369096'
 'SKIP'
-'c209c939e5b27582df16fe7cef8fd31c2c574165dddce15d157bfcf9a1a38b2f'
+'229d556748119757f36be1e9956834be28db0f5a35cdacce53f6c640784fca77'
 '98736aefef21e575e450f8066685ba82771264409412e33491ab0a54e4407ba7')
 
 prepare() {

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2018-02-06 Thread Christian Hesse via arch-commits

Date: Tuesday, February 6, 2018 @ 10:16:52
  Author: eworm
Revision: 315951

upgpkg: mariadb 10.1.31-1

* new upstream release
* clean up dependencies

Modified:
  mariadb/trunk/0001-openssl-1-1-0.patch
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch |   77 -
 PKGBUILD |   17 -
 2 files changed, 36 insertions(+), 58 deletions(-)

Modified: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch2018-02-06 09:12:23 UTC (rev 315950)
+++ 0001-openssl-1-1-0.patch2018-02-06 10:16:52 UTC (rev 315951)
@@ -147,10 +147,10 @@
 +  }
 +}
 diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
-index 2cd5d2a..22bcaba 100755
+index eaec51b..1b28469 100755
 --- a/mysql-test/mysql-test-run.pl
 +++ b/mysql-test/mysql-test-run.pl
-@@ -2300,6 +2300,11 @@ sub environment_setup {
+@@ -2301,6 +2301,11 @@ sub environment_setup {
$ENV{'MYSQL_PLUGIN'}= $exe_mysql_plugin;
$ENV{'MYSQL_EMBEDDED'}=   $exe_mysql_embedded;
  
@@ -231,7 +231,7 @@
  
  SET(MYSYS_SSL_SOURCES
 diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
-index a0937a8..ed1c82d 100644
+index 4393394..da60a10 100644
 --- a/mysys_ssl/my_crypt.cc
 +++ b/mysys_ssl/my_crypt.cc
 @@ -1,6 +1,6 @@
@@ -242,7 +242,7 @@
  
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
-@@ -17,52 +17,60 @@
+@@ -17,7 +17,6 @@
  
  #include 
  #include 
@@ -250,12 +250,10 @@
  
  #ifdef HAVE_YASSL
  #include "yassl.cc"
- #else
--
- #include 
- #include 
+@@ -28,42 +27,53 @@
  #include 
--
+ #include 
+ 
 -#ifdef HAVE_ERR_remove_thread_state
 -#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
 +#include 
@@ -317,7 +315,7 @@
return MY_AES_BAD_DATA;
  return MY_AES_OK;
}
-@@ -72,7 +80,8 @@ class MyCTX_nopad : public MyCTX
+@@ -73,7 +83,8 @@ class MyCTX_nopad : public MyCTX
  {
  public:
const uchar *key;
@@ -327,7 +325,7 @@
  
MyCTX_nopad() : MyCTX() { }
~MyCTX_nopad() { }
-@@ -83,32 +92,48 @@ class MyCTX_nopad : public MyCTX
+@@ -84,32 +95,48 @@ class MyCTX_nopad : public MyCTX
  compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
  this->key= key;
  this->klen= klen;
@@ -383,7 +381,7 @@
  return MY_AES_OK;
}
  };
-@@ -152,7 +177,7 @@ class MyCTX_gcm : public MyCTX
+@@ -153,7 +180,7 @@ class MyCTX_gcm : public MyCTX
{
  compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_gcm));
  int res= MyCTX::init(cipher, encrypt, key, klen, iv, ivlen);
@@ -392,7 +390,7 @@
  aad= iv + real_ivlen;
  aadlen= ivlen - real_ivlen;
  return res;
-@@ -166,15 +191,15 @@ class MyCTX_gcm : public MyCTX
+@@ -167,15 +194,15 @@ class MyCTX_gcm : public MyCTX
before decrypting the data. it can encrypt data piecewise, like, first
half, then the second half, but it must decrypt all at once
  */
@@ -411,7 +409,7 @@
return MY_AES_OPENSSL_ERROR;
  aadlen= 0;
  return MyCTX::update(src, slen, dst, dlen);
-@@ -183,13 +208,13 @@ class MyCTX_gcm : public MyCTX
+@@ -184,13 +211,13 @@ class MyCTX_gcm : public MyCTX
int finish(uchar *dst, uint *dlen)
{
  int fin;
@@ -428,7 +426,7 @@
  return MY_AES_OPENSSL_ERROR;
*dlen= MY_AES_BLOCK_SIZE;
  }
-@@ -257,12 +282,15 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
+@@ -258,12 +285,15 @@ int my_aes_crypt(enum my_aes_mode mode, int flags,
  {
void *ctx= alloca(MY_AES_CTX_SIZE);
int res1, res2;
@@ -446,25 +444,6 @@
return res1 ? res1 : res2;
  }
  
-@@ -301,17 +329,10 @@ int my_random_bytes(uchar* buf, int num)
-   return MY_AES_OK;
- }
- #else
--#include 
- 
- int my_random_bytes(uchar *buf, int num)
- {
--  /*
--Unfortunately RAND_bytes manual page does not provide any guarantees
--in relation to blocking behavior. Here we explicitly use SSLeay random
--instead of whatever random engine is currently set in OpenSSL. That way
--we are guaranteed to have a non-blocking random.
--  */
--  RAND_METHOD *rand = RAND_SSLeay();
-+  RAND_METHOD *rand = RAND_OpenSSL();
-   if (rand == NULL || rand->bytes(buf, num) != 1)
- return MY_AES_OPENSSL_ERROR;
-   return MY_AES_OK;
 diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc
 index 7139ea9..0105082 100644
 --- a/mysys_ssl/my_md5.cc
@@ -698,10 +677,10 @@
 +}
 +#endif
 diff --git a/mysys_ssl/yassl.cc b/mysys_ssl/yassl.cc
-index 9717870..aa5631f 100644
+index e9f8e65..268589d 100644
 --- a/mysys_ssl/yassl.cc
 +++ b/mysys_ssl/yassl.cc
-@@ -44,7 +44,6 @@ typedef struct
+@@ -45,7 +45,6 @@ typedef struct
int buf_len;
int final_used;
uchar tao_buf[sizeof(TaoCrypt::AES)];   // TaoCrypt::AES object
@@ -709,7 +688,7 @@
uchar buf[TaoCrypt::AES::BLOCK_SIZE];   // last partial input block
uchar final[TaoCrypt::AES::BLOCK_SIZE]; //

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2017-08-10 Thread Christian Hesse

Date: Thursday, August 10, 2017 @ 10:46:06
  Author: eworm
Revision: 301838

upgpkg: mariadb 10.1.26-1

Modified:
  mariadb/trunk/0001-openssl-1-1-0.patch
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch | 1605 +++--
 PKGBUILD |6 
 2 files changed, 270 insertions(+), 1341 deletions(-)

Modified: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch2017-08-10 10:44:25 UTC (rev 301837)
+++ 0001-openssl-1-1-0.patch2017-08-10 10:46:06 UTC (rev 301838)
@@ -1,43 +1,5 @@
-From fb57acd98f96b3d2684cd29c126b4904db81f84c Mon Sep 17 00:00:00 2001
-From: Georg Richter 
-Date: Wed, 8 Mar 2017 17:39:47 +0100
-Subject: [PATCH 1/2] MDEV-10332  support for OpenSSL 1.1 and LibreSSL
-
-Initial support
-
-tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
-not working on Windows with native SChannel support, due to wrong cipher
-mapping: Latter one requires push of CONC-241 fixes.
-Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if
-the build succeeds, test cases will fail with various errors, especially
-when using different tls libraries or versions for client and server.
-
-Upstream commit: f8866f8f665ac26beb31842fef48ecee5feb346e

- extra/yassl/src/handshake.cpp |  10 +++
- include/my_crypt.h|  15 
- include/violite.h |   9 +-
- mysql-test/include/require_openssl_client.inc |   5 ++
- mysql-test/mysql-test-run.pl  |   5 ++
- mysql-test/r/openssl_1.result |   2 +-
- mysql-test/r/openssl_6975,tlsv10.result   |  18 ++--
- mysql-test/r/openssl_6975,tlsv12.result   |  14 ++--
- mysql-test/t/openssl_1.test   |   4 +-
- mysql-test/t/openssl_6975.test|  19 +++--
- mysql-test/t/ssl_7937.test|   1 +
- mysql-test/t/ssl_8k_key.test  |   1 +
- mysys_ssl/my_crypt.cc | 115 ++
- mysys_ssl/my_md5.cc   |  39 ++---
- mysys_ssl/yassl.cc|  15 
- sql-common/client.c   |   6 +-
- sql/mysqld.cc |  14 +++-
- sql/slave.cc  |  13 +++
- vio/viosslfactories.c |  54 
- 19 files changed, 263 insertions(+), 96 deletions(-)
- create mode 100644 mysql-test/include/require_openssl_client.inc
-
 diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
-index 407e4092ccc..6e181a997bd 100644
+index 407e409..6e181a9 100644
 --- a/extra/yassl/src/handshake.cpp
 +++ b/extra/yassl/src/handshake.cpp
 @@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
@@ -57,44 +19,112 @@
  ssl.verifyState(hdr);
  }
  
-diff --git a/include/my_crypt.h b/include/my_crypt.h
-index 719e349bfb9..e7dd9d80100 100644
 a/include/my_crypt.h
-+++ b/include/my_crypt.h
-@@ -21,4 +21,19 @@
- #include  /* HAVE_EncryptAes128{Ctr,Gcm} */
- #include 
- 
+diff --git a/include/ssl_compat.h b/include/ssl_compat.h
+new file mode 100644
+index 000..b0e3ed4
+--- /dev/null
 b/include/ssl_compat.h
+@@ -0,0 +1,75 @@
++/*
++ Copyright (c) 2016, 2017 MariaDB Corporation
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 of the License.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
++
++#include 
++
 +/* OpenSSL version specific definitions */
 +#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
++#define HAVE_X509_check_host 1
++#endif
++
 +#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
-+#define ERR_remove_state(X)
++#define HAVE_OPENSSL11 1
++#define ERR_remove_state(X) ERR_clear_error()
++#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X)
++#define EVP_CIPHER_CTX_SIZE 168
++#define EVP_MD_CTX_SIZE 48
++#undef EVP_MD_CTX_init
++#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); 
EVP_MD_CTX_reset(X); } while(0)
++#undef EVP_CIPHER_CTX_init
++#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); 
EVP_CIPHER_CTX_reset(X); } while(0)
++
 +#else
-+#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
-+#define RAND_OpenSSL()

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2017-05-31 Thread Christian Hesse

Date: Wednesday, May 31, 2017 @ 11:02:26
  Author: eworm
Revision: 296927

upgpkg: mariadb 10.1.24-1

* new upstream release
* minor changes (mariadb.pc and mysql.m4 moved to libmariadbclient, ...)

Added:
  mariadb/trunk/0001-openssl-1-1-0.patch
Modified:
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch | 2108 +
 PKGBUILD |   56 -
 2 files changed, 2127 insertions(+), 37 deletions(-)

Added: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch(rev 0)
+++ 0001-openssl-1-1-0.patch2017-05-31 11:02:26 UTC (rev 296927)
@@ -0,0 +1,2108 @@
+From fb57acd98f96b3d2684cd29c126b4904db81f84c Mon Sep 17 00:00:00 2001
+From: Georg Richter 
+Date: Wed, 8 Mar 2017 17:39:47 +0100
+Subject: [PATCH 1/2] MDEV-10332  support for OpenSSL 1.1 and LibreSSL
+
+Initial support
+
+tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
+not working on Windows with native SChannel support, due to wrong cipher
+mapping: Latter one requires push of CONC-241 fixes.
+Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if
+the build succeeds, test cases will fail with various errors, especially
+when using different tls libraries or versions for client and server.
+
+Upstream commit: f8866f8f665ac26beb31842fef48ecee5feb346e
+---
+ extra/yassl/src/handshake.cpp |  10 +++
+ include/my_crypt.h|  15 
+ include/violite.h |   9 +-
+ mysql-test/include/require_openssl_client.inc |   5 ++
+ mysql-test/mysql-test-run.pl  |   5 ++
+ mysql-test/r/openssl_1.result |   2 +-
+ mysql-test/r/openssl_6975,tlsv10.result   |  18 ++--
+ mysql-test/r/openssl_6975,tlsv12.result   |  14 ++--
+ mysql-test/t/openssl_1.test   |   4 +-
+ mysql-test/t/openssl_6975.test|  19 +++--
+ mysql-test/t/ssl_7937.test|   1 +
+ mysql-test/t/ssl_8k_key.test  |   1 +
+ mysys_ssl/my_crypt.cc | 115 ++
+ mysys_ssl/my_md5.cc   |  39 ++---
+ mysys_ssl/yassl.cc|  15 
+ sql-common/client.c   |   6 +-
+ sql/mysqld.cc |  14 +++-
+ sql/slave.cc  |  13 +++
+ vio/viosslfactories.c |  54 
+ 19 files changed, 263 insertions(+), 96 deletions(-)
+ create mode 100644 mysql-test/include/require_openssl_client.inc
+
+diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
+index 407e4092ccc..6e181a997bd 100644
+--- a/extra/yassl/src/handshake.cpp
 b/extra/yassl/src/handshake.cpp
+@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
+ needHdr = true;
+ else {
+ buffer >> hdr;
++/*
++  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
++  packet needs to specify the highest supported TLS version, but 
not
++  higher than what client requests. YaSSL highest supported 
version is
++  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
++  here to 3.2.
++  See also Appendix E of RFC 5246 (TLS 1.2)
++*/
++if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
++  hdr.version_.minor_ = 2;
+ ssl.verifyState(hdr);
+ }
+ 
+diff --git a/include/my_crypt.h b/include/my_crypt.h
+index 719e349bfb9..e7dd9d80100 100644
+--- a/include/my_crypt.h
 b/include/my_crypt.h
+@@ -21,4 +21,19 @@
+ #include  /* HAVE_EncryptAes128{Ctr,Gcm} */
+ #include 
+ 
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define ERR_remove_state(X)
++#else
++#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
++#define RAND_OpenSSL() RAND_SSLeay();
++#if defined(HAVE_ERR_remove_thread_state)
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif
++#endif
++#elif defined(HAVE_YASSL)
++#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
++#endif /* !defined(HAVE_YASSL) */
++
+ #endif /* MY_CRYPT_INCLUDED */
+diff --git a/include/violite.h b/include/violite.h
+index a7165ca91a9..23800696e5a 100644
+--- a/include/violite.h
 b/include/violite.h
+@@ -146,14 +146,15 @@ typedef my_socket YASSL_SOCKET_T;
+ #include 
+ #include 
+ 
+-#ifdef HAVE_ERR_remove_thread_state
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define ERR_remove_state(X)
++#elif defined(HAVE_ERR_remove_thread_state)
+ #define ERR_remove_state(X) ERR_remove_thread_state(NULL)
+ #endif
+-
+ enum

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2017-05-25 Thread Christian Hesse

Date: Thursday, May 25, 2017 @ 13:58:42
  Author: eworm
Revision: 296571

prepare for mariadb 10.2.6

Modified:
  mariadb/trunk/PKGBUILD
Deleted:
  mariadb/trunk/0001-openssl-1-1-0.patch

--+
 0001-openssl-1-1-0.patch | 2129 -
 PKGBUILD |   76 -
 2 files changed, 36 insertions(+), 2169 deletions(-)

Deleted: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch2017-05-25 11:35:31 UTC (rev 296570)
+++ 0001-openssl-1-1-0.patch2017-05-25 13:58:42 UTC (rev 296571)
@@ -1,2129 +0,0 @@
-From fb57acd98f96b3d2684cd29c126b4904db81f84c Mon Sep 17 00:00:00 2001
-From: Georg Richter 
-Date: Wed, 8 Mar 2017 17:39:47 +0100
-Subject: [PATCH 1/2] MDEV-10332  support for OpenSSL 1.1 and LibreSSL
-
-Initial support
-
-tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
-not working on Windows with native SChannel support, due to wrong cipher
-mapping: Latter one requires push of CONC-241 fixes.
-Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if
-the build succeeds, test cases will fail with various errors, especially
-when using different tls libraries or versions for client and server.
-
-Upstream commit: f8866f8f665ac26beb31842fef48ecee5feb346e

- extra/yassl/src/handshake.cpp |  10 +++
- include/my_crypt.h|  15 
- include/violite.h |   9 +-
- mysql-test/include/require_openssl_client.inc |   5 ++
- mysql-test/mysql-test-run.pl  |   5 ++
- mysql-test/r/openssl_1.result |   2 +-
- mysql-test/r/openssl_6975,tlsv10.result   |  18 ++--
- mysql-test/r/openssl_6975,tlsv12.result   |  14 ++--
- mysql-test/t/openssl_1.test   |   4 +-
- mysql-test/t/openssl_6975.test|  19 +++--
- mysql-test/t/ssl_7937.test|   1 +
- mysql-test/t/ssl_8k_key.test  |   1 +
- mysys_ssl/my_crypt.cc | 115 ++
- mysys_ssl/my_md5.cc   |  39 ++---
- mysys_ssl/yassl.cc|  15 
- sql-common/client.c   |   6 +-
- sql/mysqld.cc |  14 +++-
- sql/slave.cc  |  13 +++
- vio/viosslfactories.c |  54 
- 19 files changed, 263 insertions(+), 96 deletions(-)
- create mode 100644 mysql-test/include/require_openssl_client.inc
-
-diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
-index 407e4092ccc..6e181a997bd 100644
 a/extra/yassl/src/handshake.cpp
-+++ b/extra/yassl/src/handshake.cpp
-@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
- needHdr = true;
- else {
- buffer >> hdr;
-+/*
-+  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
-+  packet needs to specify the highest supported TLS version, but 
not
-+  higher than what client requests. YaSSL highest supported 
version is
-+  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
-+  here to 3.2.
-+  See also Appendix E of RFC 5246 (TLS 1.2)
-+*/
-+if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
-+  hdr.version_.minor_ = 2;
- ssl.verifyState(hdr);
- }
- 
-diff --git a/include/my_crypt.h b/include/my_crypt.h
-index 719e349bfb9..e7dd9d80100 100644
 a/include/my_crypt.h
-+++ b/include/my_crypt.h
-@@ -21,4 +21,19 @@
- #include  /* HAVE_EncryptAes128{Ctr,Gcm} */
- #include 
- 
-+/* OpenSSL version specific definitions */
-+#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
-+#define ERR_remove_state(X)
-+#else
-+#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
-+#define RAND_OpenSSL() RAND_SSLeay();
-+#if defined(HAVE_ERR_remove_thread_state)
-+#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
-+#endif
-+#endif
-+#elif defined(HAVE_YASSL)
-+#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
-+#endif /* !defined(HAVE_YASSL) */
-+
- #endif /* MY_CRYPT_INCLUDED */
-diff --git a/include/violite.h b/include/violite.h
-index a7165ca91a9..23800696e5a 100644
 a/include/violite.h
-+++ b/include/violite.h
-@@ -146,14 +146,15 @@ typedef my_socket YASSL_SOCKET_T;
- #include 
- #include 
- 
--#ifdef HAVE_ERR_remove_thread_state
-+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
-+#define ERR_remove_state(X)
-+#elif defined(HAVE_ERR_remove_thread_state)
- #define ERR_remove_state(X) ERR_remove_thread_state(NULL)
- #endif
--
- enum enum_ssl_init_error
- {
--  SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, 
--

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

2017-05-14 Thread Christian Hesse

Date: Sunday, May 14, 2017 @ 21:36:51
  Author: eworm
Revision: 296001

upgpkg: mariadb 10.1.23-2

back to system ssl with openssl 1.1.0

Added:
  mariadb/trunk/0001-openssl-1-1-0.patch
Modified:
  mariadb/trunk/PKGBUILD

--+
 0001-openssl-1-1-0.patch | 2129 +
 PKGBUILD |   27 
 2 files changed, 2143 insertions(+), 13 deletions(-)

Added: 0001-openssl-1-1-0.patch
===
--- 0001-openssl-1-1-0.patch(rev 0)
+++ 0001-openssl-1-1-0.patch2017-05-14 21:36:51 UTC (rev 296001)
@@ -0,0 +1,2129 @@
+From fb57acd98f96b3d2684cd29c126b4904db81f84c Mon Sep 17 00:00:00 2001
+From: Georg Richter 
+Date: Wed, 8 Mar 2017 17:39:47 +0100
+Subject: [PATCH 1/2] MDEV-10332  support for OpenSSL 1.1 and LibreSSL
+
+Initial support
+
+tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
+not working on Windows with native SChannel support, due to wrong cipher
+mapping: Latter one requires push of CONC-241 fixes.
+Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if
+the build succeeds, test cases will fail with various errors, especially
+when using different tls libraries or versions for client and server.
+
+Upstream commit: f8866f8f665ac26beb31842fef48ecee5feb346e
+---
+ extra/yassl/src/handshake.cpp |  10 +++
+ include/my_crypt.h|  15 
+ include/violite.h |   9 +-
+ mysql-test/include/require_openssl_client.inc |   5 ++
+ mysql-test/mysql-test-run.pl  |   5 ++
+ mysql-test/r/openssl_1.result |   2 +-
+ mysql-test/r/openssl_6975,tlsv10.result   |  18 ++--
+ mysql-test/r/openssl_6975,tlsv12.result   |  14 ++--
+ mysql-test/t/openssl_1.test   |   4 +-
+ mysql-test/t/openssl_6975.test|  19 +++--
+ mysql-test/t/ssl_7937.test|   1 +
+ mysql-test/t/ssl_8k_key.test  |   1 +
+ mysys_ssl/my_crypt.cc | 115 ++
+ mysys_ssl/my_md5.cc   |  39 ++---
+ mysys_ssl/yassl.cc|  15 
+ sql-common/client.c   |   6 +-
+ sql/mysqld.cc |  14 +++-
+ sql/slave.cc  |  13 +++
+ vio/viosslfactories.c |  54 
+ 19 files changed, 263 insertions(+), 96 deletions(-)
+ create mode 100644 mysql-test/include/require_openssl_client.inc
+
+diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
+index 407e4092ccc..6e181a997bd 100644
+--- a/extra/yassl/src/handshake.cpp
 b/extra/yassl/src/handshake.cpp
+@@ -788,6 +788,16 @@ int DoProcessReply(SSL& ssl)
+ needHdr = true;
+ else {
+ buffer >> hdr;
++/*
++  According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server 
Hello
++  packet needs to specify the highest supported TLS version, but 
not
++  higher than what client requests. YaSSL highest supported 
version is
++  TLSv1.1 (=3.2) - if the client requests a higher version, 
downgrade it
++  here to 3.2.
++  See also Appendix E of RFC 5246 (TLS 1.2)
++*/
++if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
++  hdr.version_.minor_ = 2;
+ ssl.verifyState(hdr);
+ }
+ 
+diff --git a/include/my_crypt.h b/include/my_crypt.h
+index 719e349bfb9..e7dd9d80100 100644
+--- a/include/my_crypt.h
 b/include/my_crypt.h
+@@ -21,4 +21,19 @@
+ #include  /* HAVE_EncryptAes128{Ctr,Gcm} */
+ #include 
+ 
++/* OpenSSL version specific definitions */
++#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define ERR_remove_state(X)
++#else
++#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
++#define RAND_OpenSSL() RAND_SSLeay();
++#if defined(HAVE_ERR_remove_thread_state)
++#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
++#endif
++#endif
++#elif defined(HAVE_YASSL)
++#define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
++#endif /* !defined(HAVE_YASSL) */
++
+ #endif /* MY_CRYPT_INCLUDED */
+diff --git a/include/violite.h b/include/violite.h
+index a7165ca91a9..23800696e5a 100644
+--- a/include/violite.h
 b/include/violite.h
+@@ -146,14 +146,15 @@ typedef my_socket YASSL_SOCKET_T;
+ #include 
+ #include 
+ 
+-#ifdef HAVE_ERR_remove_thread_state
++#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
++#define ERR_remove_state(X)
++#elif defined(HAVE_ERR_remove_thread_state)
+ #define ERR_remove_state(X) ERR_remove_thread_state(NULL)
+ #endif
+-
+ enum enum_ssl_init_error
+ {
+-  SSL_INITERR_NOERROR= 0,

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

[arch-commits] Commit in mariadb/trunk (0001-openssl-1-1-0.patch PKGBUILD)

7 matches

Site Navigation

Mail list logo

Footer information