From f6614b55337fab8ff03e76423af8898980524e12 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Fri, 18 Jan 2019 13:29:56 +0000 Subject: [PATCH] extra/mariadb to 10.3.12-2 --- extra/mariadb/0001-openssl-1-1-0.patch | 1008 ------------------------ extra/mariadb/PKGBUILD | 217 ++--- extra/mariadb/atomic.patch | 23 +- extra/mariadb/mariadb.install | 12 +- 4 files changed, 148 insertions(+), 1112 deletions(-) delete mode 100644 extra/mariadb/0001-openssl-1-1-0.patch diff --git a/extra/mariadb/0001-openssl-1-1-0.patch b/extra/mariadb/0001-openssl-1-1-0.patch deleted file mode 100644 index 0335f4fa1..000000000 --- a/extra/mariadb/0001-openssl-1-1-0.patch +++ /dev/null @@ -1,1008 +0,0 @@ -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake -index 24e18600402..6fac749fd13 100644 ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -182,7 +182,7 @@ MACRO (MYSQL_CHECK_SSL) - HAVE_SHA512_DIGEST_LENGTH) - SET(CMAKE_REQUIRED_INCLUDES) - IF(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARIES AND -- OPENSSL_MAJOR_VERSION STRLESS "101" AND -+ OPENSSL_MAJOR_VERSION STRLESS "102" AND - CRYPTO_LIBRARY AND HAVE_SHA512_DIGEST_LENGTH) - - SET(SSL_SOURCES "") -diff --git a/include/ssl_compat.h b/include/ssl_compat.h -new file mode 100644 -index 0000000..b0e3ed4 ---- /dev/null -+++ b/include/ssl_compat.h -@@ -0,0 +1,75 @@ -+/* -+ Copyright (c) 2016, 2017 MariaDB Corporation -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; version 2 of the License. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -+ -+#include -+ -+/* OpenSSL version specific definitions */ -+#if !defined(HAVE_YASSL) && defined(OPENSSL_VERSION_NUMBER) -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) -+#define HAVE_X509_check_host 1 -+#endif -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#define HAVE_OPENSSL11 1 -+#define ERR_remove_state(X) ERR_clear_error() -+#define EVP_MD_CTX_cleanup(X) EVP_MD_CTX_reset(X) -+#define EVP_CIPHER_CTX_SIZE 168 -+#define EVP_MD_CTX_SIZE 48 -+#undef EVP_MD_CTX_init -+#define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) -+#undef EVP_CIPHER_CTX_init -+#define EVP_CIPHER_CTX_init(X) do { bzero((X), EVP_CIPHER_CTX_SIZE); EVP_CIPHER_CTX_reset(X); } while(0) -+ -+#else -+#define HAVE_OPENSSL10 1 -+/* -+ Unfortunately RAND_bytes manual page does not provide any guarantees -+ in relation to blocking behavior. Here we explicitly use SSLeay random -+ instead of whatever random engine is currently set in OpenSSL. That way -+ we are guaranteed to have a non-blocking random. -+*/ -+#define RAND_OpenSSL() RAND_SSLeay() -+ -+#ifdef HAVE_ERR_remove_thread_state -+#define ERR_remove_state(X) ERR_remove_thread_state(NULL) -+#endif /* HAVE_ERR_remove_thread_state */ -+ -+#endif /* HAVE_OPENSSL11 */ -+ -+#elif defined(HAVE_YASSL) -+#define BN_free(X) do { } while(0) -+#endif /* !defined(HAVE_YASSL) */ -+ -+#ifndef HAVE_OPENSSL11 -+#define ASN1_STRING_get0_data(X) ASN1_STRING_data(X) -+#define OPENSSL_init_ssl(X,Y) SSL_library_init() -+#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) -+#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) -+#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) -+#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) -+#define EVP_MD_CTX_SIZE sizeof(EVP_MD_CTX) -+#endif -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+int check_openssl_compatibility(); -+ -+#ifdef __cplusplus -+} -+#endif -diff --git a/include/violite.h b/include/violite.h -index a7165ca..572d474 100644 ---- a/include/violite.h -+++ b/include/violite.h -@@ -123,13 +123,6 @@ int vio_getnameinfo(const struct sockaddr *sa, - int flags); - - #ifdef HAVE_OPENSSL --#include --#if OPENSSL_VERSION_NUMBER < 0x0090700f --#define DES_cblock des_cblock --#define DES_key_schedule des_key_schedule --#define DES_set_key_unchecked(k,ks) des_set_key_unchecked((k),*(ks)) --#define DES_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e) des_ede3_cbc_encrypt((i),(o),(l),*(k1),*(k2),*(k3),(iv),(e)) --#endif - /* apple deprecated openssl in MacOSX Lion */ - #ifdef __APPLE__ - #pragma GCC diagnostic ignored "-Wdeprecated-declarations" -@@ -146,14 +139,10 @@ typedef my_socket YASSL_SOCKET_T; - #include - #include - --#ifdef HAVE_ERR_remove_thread_state --#define ERR_remove_state(X) ERR_remove_thread_state(NULL) --#endif -- - enum enum_ssl_init_error - { -- SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, -- SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, -+ SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, -+ SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, - SSL_INITERR_MEMFAIL, SSL_INITERR_DH, SSL_INITERR_LASTERR - }; - const char* sslGetErrString(enum enum_ssl_init_error err); -diff --git a/mysql-test/include/require_openssl_client.inc b/mysql-test/include/require_openssl_client.inc -new file mode 100644 -index 0000000..9b19960 ---- /dev/null -+++ b/mysql-test/include/require_openssl_client.inc -@@ -0,0 +1,5 @@ -+if ($CLIENT_TLS_LIBRARY != "OpenSSL") { -+ if ($CLIENT_TLS_LIBRARY != "LibreSSL") { -+ skip "Test requires Connector/C with OpenSSL library"; -+ } -+} -diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl -index eaec51b..1b28469 100755 ---- a/mysql-test/mysql-test-run.pl -+++ b/mysql-test/mysql-test-run.pl -@@ -2307,6 +2307,11 @@ sub environment_setup { - $ENV{'MYSQL_PLUGIN'}= $exe_mysql_plugin; - $ENV{'MYSQL_EMBEDDED'}= $exe_mysql_embedded; - -+ my $client_config_exe= -+ native_path("$bindir/libmariadb/mariadb_config$opt_vs_config/mariadb_config"); -+ my $tls_info= `$client_config_exe --tlsinfo`; -+ ($ENV{CLIENT_TLS_LIBRARY},$ENV{CLIENT_TLS_LIBRARY_VERSION})= -+ split(/ /, $tls_info, 2); - my $exe_mysqld= find_mysqld($basedir); - $ENV{'MYSQLD'}= $exe_mysqld; - my $extra_opts= join (" ", @opt_extra_mysqld_opt); -diff --git a/mysql-test/r/openssl_6975,tlsv10.result b/mysql-test/r/openssl_6975,tlsv10.result -index 7a4465f..202e7f4 100644 ---- a/mysql-test/r/openssl_6975,tlsv10.result -+++ b/mysql-test/r/openssl_6975,tlsv10.result -@@ -3,11 +3,11 @@ grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA"; - create user ssl_tls12@localhost; - grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256"; - TLS1.2 ciphers: user is ok with any cipher --ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure --ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -+ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -+ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure - TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA --ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure --ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -+ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -+ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure - TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256 - ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure - ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -diff --git a/mysql-test/t/openssl_6975.test b/mysql-test/t/openssl_6975.test -index 49889a3..6a82d01 100644 ---- a/mysql-test/t/openssl_6975.test -+++ b/mysql-test/t/openssl_6975.test -@@ -4,6 +4,7 @@ - # test SSLv3 and TLSv1.2 ciphers when OpenSSL is restricted to SSLv3 or TLSv1.2 - # - source include/have_ssl_communication.inc; -+source include/require_openssl_client.inc; - - # this is OpenSSL test. - -diff --git a/mysql-test/t/ssl_7937.test b/mysql-test/t/ssl_7937.test -index d593b9d..a764579 100644 ---- a/mysql-test/t/ssl_7937.test -+++ b/mysql-test/t/ssl_7937.test -@@ -26,6 +26,7 @@ create procedure have_ssl() - # we fake the test result for yassl - let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; - if (!$yassl) { -+ --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate" - --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 - } - if ($yassl) { -diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test -index 27cffdc..9d5b382 100644 ---- a/mysql-test/t/ssl_8k_key.test -+++ b/mysql-test/t/ssl_8k_key.test -@@ -1,5 +1,5 @@ --# This test should work in embedded server after we fix mysqltest ---- source include/not_embedded.inc -+# schannel does not support keys longer than 4k -+-- source include/not_windows.inc - - -- source include/have_ssl_communication.inc - # -diff --git a/mysys_ssl/CMakeLists.txt b/mysys_ssl/CMakeLists.txt -index 4f6f745..f8a767e 100644 ---- a/mysys_ssl/CMakeLists.txt -+++ b/mysys_ssl/CMakeLists.txt -@@ -28,6 +28,7 @@ SET(MYSYS_SSL_HIDDEN_SOURCES - my_sha384.cc - my_sha512.cc - my_md5.cc -+ openssl.c - ) - - SET(MYSYS_SSL_SOURCES -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc -index 4393394..da60a10 100644 ---- a/mysys_ssl/my_crypt.cc -+++ b/mysys_ssl/my_crypt.cc -@@ -1,6 +1,6 @@ - /* - Copyright (c) 2014 Google Inc. -- Copyright (c) 2014, 2015 MariaDB Corporation -+ Copyright (c) 2014, 2017 MariaDB Corporation - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -17,7 +17,6 @@ - - #include - #include --#include - - #ifdef HAVE_YASSL - #include "yassl.cc" -@@ -28,42 +27,53 @@ - #include - #include - --#ifdef HAVE_ERR_remove_thread_state --#define ERR_remove_state(X) ERR_remove_thread_state(NULL) -+#include - #endif - --#endif -+#include -+#include - - class MyCTX - { - public: -- EVP_CIPHER_CTX ctx; -- MyCTX() { EVP_CIPHER_CTX_init(&ctx); } -- virtual ~MyCTX() { EVP_CIPHER_CTX_cleanup(&ctx); ERR_remove_state(0); } -+ char ctx_buf[EVP_CIPHER_CTX_SIZE]; -+ EVP_CIPHER_CTX *ctx; -+ -+ MyCTX() -+ { -+ ctx= (EVP_CIPHER_CTX *)ctx_buf; -+ EVP_CIPHER_CTX_init(ctx); -+ } -+ virtual ~MyCTX() -+ { -+ EVP_CIPHER_CTX_cleanup(ctx); -+ ERR_remove_state(0); -+ } - - virtual int init(const EVP_CIPHER *cipher, int encrypt, const uchar *key, - uint klen, const uchar *iv, uint ivlen) - { -+ compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX)); - if (unlikely(!cipher)) - return MY_AES_BAD_KEYSIZE; - -- if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt)) -+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, encrypt)) - return MY_AES_OPENSSL_ERROR; - -- DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == (int)klen); -- DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) <= (int)ivlen); -+ DBUG_ASSERT(EVP_CIPHER_CTX_key_length(ctx) == (int)klen); -+ DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(ctx) <= (int)ivlen); - - return MY_AES_OK; - } - virtual int update(const uchar *src, uint slen, uchar *dst, uint *dlen) - { -- if (!EVP_CipherUpdate(&ctx, dst, (int*)dlen, src, slen)) -+ if (!EVP_CipherUpdate(ctx, dst, (int*)dlen, src, slen)) - return MY_AES_OPENSSL_ERROR; - return MY_AES_OK; - } - virtual int finish(uchar *dst, uint *dlen) - { -- if (!EVP_CipherFinal_ex(&ctx, dst, (int*)dlen)) -+ if (!EVP_CipherFinal_ex(ctx, dst, (int*)dlen)) - return MY_AES_BAD_DATA; - return MY_AES_OK; - } -@@ -73,7 +83,8 @@ class MyCTX_nopad : public MyCTX - { - public: - const uchar *key; -- int klen; -+ uint klen, buf_len; -+ uchar oiv[MY_AES_BLOCK_SIZE]; - - MyCTX_nopad() : MyCTX() { } - ~MyCTX_nopad() { } -@@ -84,32 +95,48 @@ class MyCTX_nopad : public MyCTX - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); - this->key= key; - this->klen= klen; -+ this->buf_len= 0; -+ memcpy(oiv, iv, ivlen); -+ DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); -+ - int res= MyCTX::init(cipher, encrypt, key, klen, iv, ivlen); -- memcpy(ctx.oiv, iv, ivlen); // in ECB mode OpenSSL doesn't do that itself -- EVP_CIPHER_CTX_set_padding(&ctx, 0); -+ -+ EVP_CIPHER_CTX_set_padding(ctx, 0); - return res; - } - -+ int update(const uchar *src, uint slen, uchar *dst, uint *dlen) -+ { -+ buf_len+= slen; -+ return MyCTX::update(src, slen, dst, dlen); -+ } -+ - int finish(uchar *dst, uint *dlen) - { -- if (ctx.buf_len) -+ buf_len %= MY_AES_BLOCK_SIZE; -+ if (buf_len) - { -+ uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. -+ -+ NOTE this assumes that there are only buf_len bytes in the buf. -+ If OpenSSL will change that, we'll need to change the implementation -+ of this class too. - */ - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; - - my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD, -- ctx.oiv, sizeof(mask), mask, &mlen, key, klen, 0, 0); -+ oiv, sizeof(mask), mask, &mlen, key, klen, 0, 0); - DBUG_ASSERT(mlen == sizeof(mask)); - -- for (int i=0; i < ctx.buf_len; i++) -- dst[i]= ctx.buf[i] ^ mask[i]; -+ for (uint i=0; i < buf_len; i++) -+ dst[i]= buf[i] ^ mask[i]; - } -- *dlen= ctx.buf_len; -+ *dlen= buf_len; - return MY_AES_OK; - } - }; -@@ -153,7 +180,7 @@ class MyCTX_gcm : public MyCTX - { - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_gcm)); - int res= MyCTX::init(cipher, encrypt, key, klen, iv, ivlen); -- int real_ivlen= EVP_CIPHER_CTX_iv_length(&ctx); -+ int real_ivlen= EVP_CIPHER_CTX_iv_length(ctx); - aad= iv + real_ivlen; - aadlen= ivlen - real_ivlen; - return res; -@@ -167,15 +194,15 @@ class MyCTX_gcm : public MyCTX - before decrypting the data. it can encrypt data piecewise, like, first - half, then the second half, but it must decrypt all at once - */ -- if (!ctx.encrypt) -+ if (!EVP_CIPHER_CTX_encrypting(ctx)) - { - slen-= MY_AES_BLOCK_SIZE; -- if(!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, MY_AES_BLOCK_SIZE, -+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MY_AES_BLOCK_SIZE, - (void*)(src + slen))) - return MY_AES_OPENSSL_ERROR; - } - int unused; -- if (aadlen && !EVP_CipherUpdate(&ctx, NULL, &unused, aad, aadlen)) -+ if (aadlen && !EVP_CipherUpdate(ctx, NULL, &unused, aad, aadlen)) - return MY_AES_OPENSSL_ERROR; - aadlen= 0; - return MyCTX::update(src, slen, dst, dlen); -@@ -184,13 +211,13 @@ class MyCTX_gcm : public MyCTX - int finish(uchar *dst, uint *dlen) - { - int fin; -- if (!EVP_CipherFinal_ex(&ctx, dst, &fin)) -+ if (!EVP_CipherFinal_ex(ctx, dst, &fin)) - return MY_AES_BAD_DATA; - DBUG_ASSERT(fin == 0); - -- if (ctx.encrypt) -+ if (EVP_CIPHER_CTX_encrypting(ctx)) - { -- if(!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, MY_AES_BLOCK_SIZE, dst)) -+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MY_AES_BLOCK_SIZE, dst)) - return MY_AES_OPENSSL_ERROR; - *dlen= MY_AES_BLOCK_SIZE; - } -@@ -258,12 +285,15 @@ int my_aes_crypt(enum my_aes_mode mode, int flags, - { - void *ctx= alloca(MY_AES_CTX_SIZE); - int res1, res2; -- uint d1, d2; -+ uint d1= 0, d2; - if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) - return res1; - res1= my_aes_crypt_update(ctx, src, slen, dst, &d1); - res2= my_aes_crypt_finish(ctx, dst + d1, &d2); -- *dlen= d1 + d2; -+ if (res1 || res2) -+ ERR_remove_state(0); /* in case of failure clear error queue */ -+ else -+ *dlen= d1 + d2; - return res1 ? res1 : res2; - } - -diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc -index 7139ea9..0105082 100644 ---- a/mysys_ssl/my_md5.cc -+++ b/mysys_ssl/my_md5.cc -@@ -1,5 +1,5 @@ - /* Copyright (c) 2012, Oracle and/or its affiliates. -- Copyright (c) 2014, SkySQL Ab. -+ Copyright (c) 2017, MariaDB Corporation - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -29,38 +29,31 @@ - - #if defined(HAVE_YASSL) - #include "md5.hpp" -+#include - --typedef TaoCrypt::MD5 MD5_CONTEXT; -+typedef TaoCrypt::MD5 EVP_MD_CTX; - --static void md5_init(MD5_CONTEXT *context) -+static void md5_init(EVP_MD_CTX *context) - { -- context= new(context) MD5_CONTEXT; -+ context= new(context) EVP_MD_CTX; - context->Init(); - } - --/* -- this is a variant of md5_init to be used in this file only. -- does nothing for yassl, because the context's constructor was called automatically. --*/ --static void md5_init_fast(MD5_CONTEXT *context) --{ --} -- --static void md5_input(MD5_CONTEXT *context, const uchar *buf, unsigned len) -+static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len) - { - context->Update((const TaoCrypt::byte *) buf, len); - } - --static void md5_result(MD5_CONTEXT *context, uchar digest[MD5_HASH_SIZE]) -+static void md5_result(EVP_MD_CTX *context, uchar digest[MD5_HASH_SIZE]) - { - context->Final((TaoCrypt::byte *) digest); - } - - #elif defined(HAVE_OPENSSL) - #include --typedef EVP_MD_CTX MD5_CONTEXT; -+#include - --static void md5_init(MD5_CONTEXT *context) -+static void md5_init(EVP_MD_CTX *context) - { - EVP_MD_CTX_init(context); - #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW -@@ -70,17 +63,12 @@ static void md5_init(MD5_CONTEXT *context) - EVP_DigestInit_ex(context, EVP_md5(), NULL); - } - --static void md5_init_fast(MD5_CONTEXT *context) --{ -- md5_init(context); --} -- --static void md5_input(MD5_CONTEXT *context, const uchar *buf, unsigned len) -+static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len) - { - EVP_DigestUpdate(context, buf, len); - } - --static void md5_result(MD5_CONTEXT *context, uchar digest[MD5_HASH_SIZE]) -+static void md5_result(EVP_MD_CTX *context, uchar digest[MD5_HASH_SIZE]) - { - EVP_DigestFinal_ex(context, digest, NULL); - EVP_MD_CTX_cleanup(context); -@@ -99,58 +87,58 @@ static void md5_result(MD5_CONTEXT *context, uchar digest[MD5_HASH_SIZE]) - */ - void my_md5(uchar *digest, const char *buf, size_t len) - { -- MD5_CONTEXT md5_context; -- -- md5_init_fast(&md5_context); -- md5_input(&md5_context, (const uchar *)buf, len); -- md5_result(&md5_context, digest); -+ char ctx_buf[EVP_MD_CTX_SIZE]; -+ EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf; -+ md5_init(ctx); -+ md5_input(ctx, (const uchar *)buf, len); -+ md5_result(ctx, digest); - } - - - /** - Wrapper function to compute MD5 message digest for -- two messages in order to emulate md5(msg1, msg2). -+ many messages, concatenated. - - @param digest [out] Computed MD5 digest - @param buf1 [in] First message - @param len1 [in] Length of first message -- @param buf2 [in] Second message -- @param len2 [in] Length of second message -+ ... -+ @param bufN [in] NULL terminates the list of buf,len pairs. - - @return void - */ - void my_md5_multi(uchar *digest, ...) - { - va_list args; -- va_start(args, digest); -- -- MD5_CONTEXT md5_context; - const uchar *str; -+ char ctx_buf[EVP_MD_CTX_SIZE]; -+ EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf; -+ va_start(args, digest); - -- md5_init_fast(&md5_context); -+ md5_init(ctx); - for (str= va_arg(args, const uchar*); str; str= va_arg(args, const uchar*)) -- md5_input(&md5_context, str, va_arg(args, size_t)); -+ md5_input(ctx, str, va_arg(args, size_t)); - -- md5_result(&md5_context, digest); -+ md5_result(ctx, digest); - va_end(args); - } - - size_t my_md5_context_size() - { -- return sizeof(MD5_CONTEXT); -+ return EVP_MD_CTX_SIZE; - } - - void my_md5_init(void *context) - { -- md5_init((MD5_CONTEXT *)context); -+ md5_init((EVP_MD_CTX *)context); - } - - void my_md5_input(void *context, const uchar *buf, size_t len) - { -- md5_input((MD5_CONTEXT *)context, buf, len); -+ md5_input((EVP_MD_CTX *)context, buf, len); - } - - void my_md5_result(void *context, uchar *digest) - { -- md5_result((MD5_CONTEXT *)context, digest); -+ md5_result((EVP_MD_CTX *)context, digest); - } -diff --git a/mysys_ssl/openssl.c b/mysys_ssl/openssl.c -new file mode 100644 -index 0000000..a3f1ca2 ---- /dev/null -+++ b/mysys_ssl/openssl.c -@@ -0,0 +1,71 @@ -+/* -+ Copyright (c) 2017, MariaDB Corporation. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; version 2 of the License. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -+ -+#include -+#include -+ -+#ifdef HAVE_YASSL -+ -+int check_openssl_compatibility() -+{ -+ return 0; -+} -+#else -+#include -+ -+#ifdef HAVE_OPENSSL11 -+typedef void *(*CRYPTO_malloc_t)(size_t, const char *, int); -+#endif -+ -+#ifdef HAVE_OPENSSL10 -+typedef void *(*CRYPTO_malloc_t)(size_t); -+#define CRYPTO_malloc malloc -+#define CRYPTO_realloc realloc -+#define CRYPTO_free free -+#endif -+ -+static uint allocated_size, allocated_count; -+ -+static void *coc_malloc(size_t size) -+{ -+ allocated_size+= size; -+ allocated_count++; -+ return malloc(size); -+} -+ -+int check_openssl_compatibility() -+{ -+ EVP_CIPHER_CTX *evp_ctx; -+ EVP_MD_CTX *md5_ctx; -+ -+ CRYPTO_set_mem_functions((CRYPTO_malloc_t)coc_malloc, CRYPTO_realloc, CRYPTO_free); -+ -+ allocated_size= allocated_count= 0; -+ evp_ctx= EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_free(evp_ctx); -+ if (allocated_count != 1 || allocated_size > EVP_CIPHER_CTX_SIZE) -+ return 1; -+ -+ allocated_size= allocated_count= 0; -+ md5_ctx= EVP_MD_CTX_create(); -+ EVP_MD_CTX_destroy(md5_ctx); -+ if (allocated_count != 1 || allocated_size > EVP_MD_CTX_SIZE) -+ return 1; -+ -+ CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free); -+ return 0; -+} -+#endif -diff --git a/mysys_ssl/yassl.cc b/mysys_ssl/yassl.cc -index e9f8e65..268589d 100644 ---- a/mysys_ssl/yassl.cc -+++ b/mysys_ssl/yassl.cc -@@ -45,7 +45,6 @@ typedef struct - int buf_len; - int final_used; - uchar tao_buf[sizeof(TaoCrypt::AES)]; // TaoCrypt::AES object -- uchar oiv[TaoCrypt::AES::BLOCK_SIZE]; // original IV - uchar buf[TaoCrypt::AES::BLOCK_SIZE]; // last partial input block - uchar final[TaoCrypt::AES::BLOCK_SIZE]; // last decrypted (output) block - } EVP_CIPHER_CTX; -@@ -98,10 +97,7 @@ static int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - : TaoCrypt::DECRYPTION, cipher->mode); - TAO(ctx)->SetKey(key, cipher->key_len); - if (iv) -- { - TAO(ctx)->SetIV(iv); -- memcpy(ctx->oiv, iv, TaoCrypt::AES::BLOCK_SIZE); -- } - ctx->encrypt= enc; - ctx->key_len= cipher->key_len; - ctx->flags|= cipher->mode == TaoCrypt::CBC ? EVP_CIPH_CBC_MODE : EVP_CIPH_ECB_MODE; -diff --git a/sql-common/client.c b/sql-common/client.c -index da18a0f..e3280a1 100644 ---- a/sql-common/client.c -+++ b/sql-common/client.c -@@ -105,6 +105,7 @@ my_bool net_flush(NET *net); - #endif - - #include "client_settings.h" -+#include - #include - #include - #include -@@ -1770,9 +1771,8 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused))) - - #if defined(HAVE_OPENSSL) - --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(HAVE_YASSL) -+#ifdef HAVE_X509_check_host - #include --#define HAVE_X509_check_host - #endif - - static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const char **errptr) -@@ -1844,7 +1844,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c - goto error; - } - -- cn= (char *) ASN1_STRING_data(cn_asn1); -+ cn= (char *) ASN1_STRING_get0_data(cn_asn1); - - if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) - { -diff --git a/sql/mysqld.cc b/sql/mysqld.cc -index 0de9d7a..3a92192 100644 ---- a/sql/mysqld.cc -+++ b/sql/mysqld.cc -@@ -338,9 +338,13 @@ static PSI_thread_key key_thread_handle_con_sockets; - static PSI_thread_key key_thread_handle_shutdown; - #endif /* __WIN__ */ - --#if defined (HAVE_OPENSSL) && !defined(HAVE_YASSL) -+#ifdef HAVE_OPENSSL -+#include -+ -+#ifdef HAVE_OPENSSL10 - static PSI_rwlock_key key_rwlock_openssl; - #endif -+#endif - #endif /* HAVE_PSI_INTERFACE */ - - #ifdef HAVE_NPTL -@@ -987,7 +991,7 @@ PSI_rwlock_key key_rwlock_LOCK_grant, key_rwlock_LOCK_logger, - - static PSI_rwlock_info all_server_rwlocks[]= - { --#if defined (HAVE_OPENSSL) && !defined(HAVE_YASSL) -+#ifdef HAVE_OPENSSL10 - { &key_rwlock_openssl, "CRYPTO_dynlock_value::lock", 0}, - #endif - { &key_rwlock_LOCK_grant, "LOCK_grant", PSI_FLAG_GLOBAL}, -@@ -1457,7 +1461,7 @@ scheduler_functions *thread_scheduler= &thread_scheduler_struct, - - #ifdef HAVE_OPENSSL - #include --#ifndef HAVE_YASSL -+#ifdef HAVE_OPENSSL10 - typedef struct CRYPTO_dynlock_value - { - mysql_rwlock_t lock; -@@ -1468,7 +1472,7 @@ static openssl_lock_t *openssl_dynlock_create(const char *, int); - static void openssl_dynlock_destroy(openssl_lock_t *, const char *, int); - static void openssl_lock_function(int, int, const char *, int); - static void openssl_lock(int, openssl_lock_t *, const char *, int); --#endif -+#endif /* HAVE_OPENSSL10 */ - char *des_key_file; - #ifndef EMBEDDED_LIBRARY - struct st_VioSSLFd *ssl_acceptor_fd; -@@ -2244,11 +2248,11 @@ static void clean_up_mutexes() - mysql_mutex_destroy(&LOCK_global_index_stats); - #ifdef HAVE_OPENSSL - mysql_mutex_destroy(&LOCK_des_key_file); --#ifndef HAVE_YASSL -+#ifdef HAVE_OPENSSL10 - for (int i= 0; i < CRYPTO_num_locks(); ++i) - mysql_rwlock_destroy(&openssl_stdlocks[i].lock); - OPENSSL_free(openssl_stdlocks); --#endif /* HAVE_YASSL */ -+#endif /* HAVE_OPENSSL10 */ - #endif /* HAVE_OPENSSL */ - #ifdef HAVE_REPLICATION - mysql_mutex_destroy(&LOCK_rpl_status); -@@ -4038,6 +4042,14 @@ static int init_common_variables() - return 1; - } - -+#ifdef HAVE_OPENSSL -+ if (check_openssl_compatibility()) -+ { -+ sql_print_error("Incompatible OpenSSL version. Cannot continue..."); -+ return 1; -+ } -+#endif -+ - if (init_thread_environment() || - mysql_init_variables()) - return 1; -@@ -4584,7 +4596,7 @@ static int init_thread_environment() - #ifdef HAVE_OPENSSL - mysql_mutex_init(key_LOCK_des_key_file, - &LOCK_des_key_file, MY_MUTEX_INIT_FAST); --#ifndef HAVE_YASSL -+#ifdef HAVE_OPENSSL10 - openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() * - sizeof(openssl_lock_t)); - for (int i= 0; i < CRYPTO_num_locks(); ++i) -@@ -4593,8 +4605,8 @@ static int init_thread_environment() - CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy); - CRYPTO_set_dynlock_lock_callback(openssl_lock); - CRYPTO_set_locking_callback(openssl_lock_function); --#endif --#endif -+#endif /* HAVE_OPENSSL10 */ -+#endif /* HAVE_OPENSSL */ - mysql_rwlock_init(key_rwlock_LOCK_sys_init_connect, &LOCK_sys_init_connect); - mysql_rwlock_init(key_rwlock_LOCK_sys_init_slave, &LOCK_sys_init_slave); - mysql_rwlock_init(key_rwlock_LOCK_grant, &LOCK_grant); -@@ -4627,7 +4639,7 @@ static int init_thread_environment() - } - - --#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL) -+#ifdef HAVE_OPENSSL10 - static openssl_lock_t *openssl_dynlock_create(const char *file, int line) - { - openssl_lock_t *lock= new openssl_lock_t; -@@ -4687,8 +4699,7 @@ static void openssl_lock(int mode, openssl_lock_t *lock, const char *file, - abort(); - } - } --#endif /* HAVE_OPENSSL */ -- -+#endif /* HAVE_OPENSSL10 */ - - static void init_ssl() - { -diff --git a/sql/slave.cc b/sql/slave.cc -index da394ff..2096ed1 100644 ---- a/sql/slave.cc -+++ b/sql/slave.cc -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - #include - #include - #include "rpl_handler.h" -@@ -60,7 +61,6 @@ - #include "debug_sync.h" - #include "rpl_parallel.h" - -- - #define FLAGSTR(V,F) ((V)&(F)?#F" ":"") - - #define MAX_SLAVE_RETRY_PAUSE 5 -@@ -4506,9 +4506,7 @@ log space"); - - DBUG_LEAVE; // Must match DBUG_ENTER() - my_thread_end(); --#ifdef HAVE_OPENSSL - ERR_remove_state(0); --#endif - pthread_exit(0); - return 0; // Avoid compiler warnings - } -@@ -5167,9 +5165,7 @@ pthread_handler_t handle_slave_sql(void *arg) - - DBUG_LEAVE; // Must match DBUG_ENTER() - my_thread_end(); --#ifdef HAVE_OPENSSL - ERR_remove_state(0); --#endif - pthread_exit(0); - return 0; // Avoid compiler warnings - } -diff --git a/vio/vio.c b/vio/vio.c -index e3bc8ca..44d0609 100644 ---- a/vio/vio.c -+++ b/vio/vio.c -@@ -22,6 +22,7 @@ - */ - - #include "vio_priv.h" -+#include "ssl_compat.h" - - #ifdef _WIN32 - -diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c -index 52b624d..71ef287 100644 ---- a/vio/viosslfactories.c -+++ b/vio/viosslfactories.c -@@ -15,6 +15,7 @@ - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - - #include "vio_priv.h" -+#include - - #ifdef HAVE_OPENSSL - #ifndef HAVE_YASSL -@@ -26,49 +27,56 @@ static my_bool ssl_algorithms_added = FALSE; - static my_bool ssl_error_strings_loaded= FALSE; - - /* the function below was generated with "openssl dhparam -2 -C 2048" */ -+ - static - DH *get_dh2048() - { -- static unsigned char dh2048_p[]={ -- 0xA1,0xBB,0x7C,0x20,0xC5,0x5B,0xC0,0x7B,0x21,0x8B,0xD6,0xA8, -- 0x15,0xFC,0x3B,0xBA,0xAB,0x9F,0xDF,0x68,0xC4,0x79,0x78,0x0D, -- 0xC1,0x12,0x64,0xE4,0x15,0xC9,0x66,0xDB,0xF6,0xCB,0xB3,0x39, -- 0x02,0x5B,0x78,0x62,0xFB,0x09,0xAE,0x09,0x6B,0xDD,0xD4,0x5D, -- 0x97,0xBC,0xDC,0x7F,0xE6,0xD6,0xF1,0xCB,0xF5,0xEB,0xDA,0xA7, -- 0x2E,0x5A,0x43,0x2B,0xE9,0x40,0xE2,0x85,0x00,0x1C,0xC0,0x0A, -- 0x98,0x77,0xA9,0x31,0xDE,0x0B,0x75,0x4D,0x1E,0x1F,0x16,0x83, -- 0xCA,0xDE,0xBD,0x21,0xFC,0xC1,0x82,0x37,0x36,0x33,0x0B,0x66, -- 0x06,0x3C,0xF3,0xAF,0x21,0x57,0x57,0x80,0xF6,0x94,0x1B,0xA9, -- 0xD4,0xF6,0x8F,0x18,0x62,0x0E,0xC4,0x22,0xF9,0x5B,0x62,0xCC, -- 0x3F,0x19,0x95,0xCF,0x4B,0x00,0xA6,0x6C,0x0B,0xAF,0x9F,0xD5, -- 0xFA,0x3D,0x6D,0xDA,0x30,0x83,0x07,0x91,0xAC,0x15,0xFF,0x8F, -- 0x59,0x54,0xEA,0x25,0xBC,0x4E,0xEB,0x6A,0x54,0xDF,0x75,0x09, -- 0x72,0x0F,0xEF,0x23,0x70,0xE0,0xA8,0x04,0xEA,0xFF,0x90,0x54, -- 0xCD,0x84,0x18,0xC0,0x75,0x91,0x99,0x0F,0xA1,0x78,0x0C,0x07, -- 0xB7,0xC5,0xDE,0x55,0x06,0x7B,0x95,0x68,0x2C,0x33,0x39,0xBC, -- 0x2C,0xD0,0x6D,0xDD,0xFA,0xDC,0xB5,0x8F,0x82,0x39,0xF8,0x67, -- 0x44,0xF1,0xD8,0xF7,0x78,0x11,0x9A,0x77,0x9B,0x53,0x47,0xD6, -- 0x2B,0x5D,0x67,0xB8,0xB7,0xBC,0xC1,0xD7,0x79,0x62,0x15,0xC2, -- 0xC5,0x83,0x97,0xA7,0xF8,0xB4,0x9C,0xF6,0x8F,0x9A,0xC7,0xDA, -- 0x1B,0xBB,0x87,0x07,0xA7,0x71,0xAD,0xB2,0x8A,0x50,0xF8,0x26, -- 0x12,0xB7,0x3E,0x0B, -- }; -- static unsigned char dh2048_g[]={ -- 0x02, -- }; -- DH *dh; -- -- if ((dh=DH_new()) == NULL) return(NULL); -- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); -- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); -- if ((dh->p == NULL) || (dh->g == NULL)) -- { DH_free(dh); return(NULL); } -- return(dh); -+ static unsigned char dhp_2048[] = { -+ 0xA1,0xBB,0x7C,0x20,0xC5,0x5B,0xC0,0x7B,0x21,0x8B,0xD6,0xA8, -+ 0x15,0xFC,0x3B,0xBA,0xAB,0x9F,0xDF,0x68,0xC4,0x79,0x78,0x0D, -+ 0xC1,0x12,0x64,0xE4,0x15,0xC9,0x66,0xDB,0xF6,0xCB,0xB3,0x39, -+ 0x02,0x5B,0x78,0x62,0xFB,0x09,0xAE,0x09,0x6B,0xDD,0xD4,0x5D, -+ 0x97,0xBC,0xDC,0x7F,0xE6,0xD6,0xF1,0xCB,0xF5,0xEB,0xDA,0xA7, -+ 0x2E,0x5A,0x43,0x2B,0xE9,0x40,0xE2,0x85,0x00,0x1C,0xC0,0x0A, -+ 0x98,0x77,0xA9,0x31,0xDE,0x0B,0x75,0x4D,0x1E,0x1F,0x16,0x83, -+ 0xCA,0xDE,0xBD,0x21,0xFC,0xC1,0x82,0x37,0x36,0x33,0x0B,0x66, -+ 0x06,0x3C,0xF3,0xAF,0x21,0x57,0x57,0x80,0xF6,0x94,0x1B,0xA9, -+ 0xD4,0xF6,0x8F,0x18,0x62,0x0E,0xC4,0x22,0xF9,0x5B,0x62,0xCC, -+ 0x3F,0x19,0x95,0xCF,0x4B,0x00,0xA6,0x6C,0x0B,0xAF,0x9F,0xD5, -+ 0xFA,0x3D,0x6D,0xDA,0x30,0x83,0x07,0x91,0xAC,0x15,0xFF,0x8F, -+ 0x59,0x54,0xEA,0x25,0xBC,0x4E,0xEB,0x6A,0x54,0xDF,0x75,0x09, -+ 0x72,0x0F,0xEF,0x23,0x70,0xE0,0xA8,0x04,0xEA,0xFF,0x90,0x54, -+ 0xCD,0x84,0x18,0xC0,0x75,0x91,0x99,0x0F,0xA1,0x78,0x0C,0x07, -+ 0xB7,0xC5,0xDE,0x55,0x06,0x7B,0x95,0x68,0x2C,0x33,0x39,0xBC, -+ 0x2C,0xD0,0x6D,0xDD,0xFA,0xDC,0xB5,0x8F,0x82,0x39,0xF8,0x67, -+ 0x44,0xF1,0xD8,0xF7,0x78,0x11,0x9A,0x77,0x9B,0x53,0x47,0xD6, -+ 0x2B,0x5D,0x67,0xB8,0xB7,0xBC,0xC1,0xD7,0x79,0x62,0x15,0xC2, -+ 0xC5,0x83,0x97,0xA7,0xF8,0xB4,0x9C,0xF6,0x8F,0x9A,0xC7,0xDA, -+ 0x1B,0xBB,0x87,0x07,0xA7,0x71,0xAD,0xB2,0x8A,0x50,0xF8,0x26, -+ 0x12,0xB7,0x3E,0x0B, -+ }; -+ static unsigned char dhg_2048[] = { -+ 0x02 -+ }; -+ DH *dh = DH_new(); -+ BIGNUM *dhp_bn, *dhg_bn; -+ -+ if (dh == NULL) -+ return NULL; -+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); -+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); -+ if (dhp_bn == NULL || dhg_bn == NULL -+ || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { -+ DH_free(dh); -+ BN_free(dhp_bn); -+ BN_free(dhg_bn); -+ return NULL; -+ } -+ return dh; - } - -- - static const char* --ssl_error_string[] = -+ssl_error_string[] = - { - "No error", - "Unable to get certificate", -@@ -148,9 +156,7 @@ static void check_ssl_init() - if (!ssl_algorithms_added) - { - ssl_algorithms_added= TRUE; -- SSL_library_init(); -- OpenSSL_add_all_algorithms(); -- -+ OPENSSL_init_ssl(0, NULL); - } - - if (!ssl_error_strings_loaded) diff --git a/extra/mariadb/PKGBUILD b/extra/mariadb/PKGBUILD index f198538ff..8fdea4319 100644 --- a/extra/mariadb/PKGBUILD +++ b/extra/mariadb/PKGBUILD @@ -6,22 +6,21 @@ # - patch to link (unused) static libs against libatomic on v5/v6 to fix FTBFS pkgbase=mariadb -pkgname=('libmariadbclient' 'mariadb-clients' 'mytop' 'mariadb') -pkgver=10.1.37 -pkgrel=1 +pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop') +pkgdesc='Fast SQL database server, derived from MySQL' +pkgver=10.3.12 +pkgrel=2 arch=('x86_64') license=('GPL') url='https://mariadb.org/' makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo' - 'openssl' 'systemd' 'zlib') + 'openssl' 'systemd' 'zlib' 'zstd') validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key -source=("https://mirrors.n-ix.net/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc} - '0001-openssl-1-1-0.patch' +source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc} 'atomic.patch') -sha256sums=('8cd516b0a7f7aa36a7c1d6e687dbbad8c0b08c92d5fd60c6e691b19a6cab4d46' +sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6' 'SKIP' - 'fe26d22f0150e7460daa83d71d35735b3031cfc97e99bfbb8d6d74c11a28ccea' - '2ddfe7dc5eae905ed77d7438d6869f9bb26684945c2f82cc19f84926b1cb849f') + '7769fd8eb2bb3a6644a2200d01918ff887be25638d79dbec25897fe0d87badc4') prepare() { cd $pkgbase-$pkgver/ @@ -29,91 +28,113 @@ prepare() { # Changes to the upstream unit files: # * remove the alias from unit files, we install symlinks in package function # * enable PrivateTmp for a little bit more security + # * force preloading jemalloc for memory management sed -i -e '/^Alias/d' \ -e '/^PrivateTmp/c PrivateTmp=true' \ + -e '/# Environment="LD_/a Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"' \ support-files/mariadb{,@}.service.in - # openssl 1.1.0 - patch -Np1 < "${srcdir}"/0001-openssl-1-1-0.patch - # let's create the datadir from tmpfiles echo 'd @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -' >> support-files/tmpfiles.conf.in + # instantiated configs are not subject to be included from main config + sed -i 's|@sysconf2dir@|@sysconfdir@|' support-files/mariadb@.service.in + + # fix path to our config + sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset} + if [[ $CARCH == arm || $CARCH == armv6h ]]; then patch -p0 -i ../atomic.patch fi } build() { + local _cmake_options=( + # build options + -DCMAKE_BUILD_TYPE=RelWithDebInfo + -Wno-dev + + # file paths + # /etc + -DINSTALL_SYSCONFDIR=/etc/mysql + -DINSTALL_SYSCONF2DIR=/etc/mysql/my.cnf.d + # /run + -DINSTALL_UNIX_ADDRDIR=/run/mysqld/mysqld.sock + # /usr + -DCMAKE_INSTALL_PREFIX=/usr + # /usr/bin /usr/include + -DINSTALL_SCRIPTDIR=bin + -DINSTALL_INCLUDEDIR=include/mysql + # /usr/lib + -DINSTALL_PLUGINDIR=lib/mysql/plugin + -DINSTALL_SYSTEMD_UNITDIR=/usr/lib/systemd/system/ + -DINSTALL_SYSTEMD_SYSUSERSDIR=/usr/lib/sysusers.d/ + -DINSTALL_SYSTEMD_TMPFILESDIR=/usr/lib/tmpfiles.d/ + # /usr/share + -DINSTALL_SHAREDIR=share + -DINSTALL_SUPPORTFILESDIR=share/mysql + -DINSTALL_MYSQLSHAREDIR=share/mysql + -DINSTALL_DOCREADMEDIR=share/doc/mariadb + -DINSTALL_DOCDIR=share/doc/mariadb + -DINSTALL_MANDIR=share/man + # /var + -DMYSQL_DATADIR=/var/lib/mysql + + # default settings + -DDEFAULT_CHARSET=utf8mb4 + -DDEFAULT_COLLATION=utf8mb4_unicode_ci + + # features + -DENABLED_LOCAL_INFILE=ON + -DPLUGIN_EXAMPLE=NO + -DPLUGIN_FEDERATED=NO + -DPLUGIN_FEEDBACK=NO + -DWITHOUT_MROONGA_STORAGE_ENGINE=1 + -DWITH_EMBEDDED_SERVER=ON + -DWITH_EXTRA_CHARSETS=complex + -DWITH_JEMALLOC=ON + -DWITH_LIBWRAP=OFF + -DWITH_PCRE=bundled + -DWITH_READLINE=ON + -DWITH_SSL=system + -DWITH_SYSTEMD=yes + -DWITH_UNIT_TESTS=OFF + -DWITH_ZLIB=system + ) + mkdir build cd build - cmake ../$pkgbase-$pkgver \ - -DCMAKE_AR=/usr/bin/gcc-ar \ - -DCMAKE_RANLIB=/usr/bin/gcc-ranlib \ - -DBUILD_CONFIG=mysql_release \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DMYSQL_DATADIR=/var/lib/mysql \ - -DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock \ - -DDEFAULT_CHARSET=utf8mb4 \ - -DDEFAULT_COLLATION=utf8mb4_unicode_ci \ - -DENABLED_LOCAL_INFILE=ON \ - -DINSTALL_DOCDIR=share/doc/mariadb \ - -DINSTALL_DOCREADMEDIR=share/doc/mariadb \ - -DINSTALL_MANDIR=share/man \ - -DINSTALL_PLUGINDIR=lib/mysql/plugin \ - -DINSTALL_SCRIPTDIR=bin \ - -DINSTALL_SYSCONFDIR=/etc/mysql \ - -DINSTALL_SYSCONF2DIR=/etc/mysql \ - -DINSTALL_INCLUDEDIR=include/mysql \ - -DINSTALL_SUPPORTFILESDIR=share/mysql \ - -DINSTALL_MYSQLSHAREDIR=share/mysql \ - -DINSTALL_SHAREDIR=share/mysql \ - -DINSTALL_SYSTEMD_SYSUSERSDIR=/usr/lib/sysusers.d/ \ - -DINSTALL_SYSTEMD_TMPFILESDIR=/usr/lib/tmpfiles.d/ \ - -DINSTALL_SYSTEMD_UNITDIR=/usr/lib/systemd/system/ \ - -DWITH_SYSTEMD=yes \ - -DWITH_READLINE=ON \ - -DWITH_ZLIB=system \ - -DWITH_SSL=system \ - -DWITH_PCRE=bundled \ - -DWITH_LIBWRAP=OFF \ - -DWITH_JEMALLOC=ON \ - -DWITH_EXTRA_CHARSETS=complex \ - -DWITH_EMBEDDED_SERVER=ON \ - -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ - -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ - -DWITH_INNOBASE_STORAGE_ENGINE=1 \ - -DWITH_PARTITION_STORAGE_ENGINE=1 \ - -DWITH_TOKUDB_STORAGE_ENGINE=1 \ - -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 \ - -DWITHOUT_FEDERATED_STORAGE_ENGINE=1 \ - -DWITHOUT_PBXT_STORAGE_ENGINE=1 \ - -DCMAKE_EXE_LINKER_FLAGS='-ljemalloc' \ - -DWITHOUT_MROONGA_STORAGE_ENGINE=1 \ - -DCMAKE_C_FLAGS="-fPIC $CFLAGS -fno-strict-aliasing -DBIG_JOINS=1 -fomit-frame-pointer -fno-delete-null-pointer-checks" \ - -DCMAKE_CXX_FLAGS="-fPIC $CXXFLAGS -fno-strict-aliasing -DBIG_JOINS=1 -felide-constructors -fno-rtti -fno-delete-null-pointer-checks" \ - -DWITH_MYSQLD_LDFLAGS="-pie ${LDFLAGS},-z,now" + cmake ../"$pkgbase-$pkgver" "${_cmake_options[@]}" make } -package_libmariadbclient() { - pkgdesc='MariaDB client libraries' +check() { + cd build/mysql-test + + # Takes *really* long, so disabled by default. + #./mtr --parallel=5 --mem --force --max-test-fail=0 +} + +package_mariadb-libs() { + pkgdesc='MariaDB libraries' depends=('bzip2' 'libaio' 'lz4' 'lzo' 'openssl' 'xz' 'zlib') - conflicts=('libmysqlclient') + conflicts=('libmysqlclient' 'libmariadbclient' 'mariadb-connector-c') + provides=('libmariadbclient' 'mariadb-connector-c') + replaces=('libmariadbclient') cd build - for dir in libmysql libmysqld libservices include; do - make -C $dir DESTDIR="$pkgdir" install + for dir in libmariadb libmysqld libservices include; do + make -C "$dir" DESTDIR="$pkgdir" install done - install -D -m0755 scripts/mysql_config "$pkgdir"/usr/bin/mysql_config - install -D -m0644 "$srcdir"/$pkgbase-$pkgver/man/mysql_config.1 "$pkgdir"/usr/share/man/man1/mysql_config.1 + ln -s mariadb_config "$pkgdir"/usr/bin/mysql_config + install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/mysql_config.1 "$pkgdir"/usr/share/man/man1/mysql_config.1 install -D -m0644 support-files/mariadb.pc "$pkgdir"/usr/share/pkgconfig/mariadb.pc - install -D -m0644 "$srcdir"/$pkgbase-$pkgver/support-files/mysql.m4 "$pkgdir"/usr/share/aclocal/mysql.m4 + install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/support-files/mysql.m4 "$pkgdir"/usr/share/aclocal/mysql.m4 # remove static libraries rm "$pkgdir"/usr/lib/*.a @@ -121,7 +142,7 @@ package_libmariadbclient() { package_mariadb-clients() { pkgdesc='MariaDB client tools' - depends=("libmariadbclient=${pkgver}" 'jemalloc') + depends=("mariadb-libs=${pkgver}" 'jemalloc') conflicts=('mysql-clients') provides=("mysql-clients=$pkgver") @@ -131,25 +152,19 @@ package_mariadb-clients() { # install man pages for man in mysql mysql_plugin mysql_upgrade mysqladmin mysqlbinlog mysqlcheck mysqldump mysqlimport mysqlshow mysqlslap mysqltest; do - install -D -m0644 "$srcdir"/$pkgbase-$pkgver/man/$man.1 "$pkgdir"/usr/share/man/man1/$man.1 + install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/"$man.1" "$pkgdir"/usr/share/man/man1/"$man.1" done } -package_mytop() { - pkgdesc='Top clone for MariaDB' - depends=('perl' 'perl-dbd-mysql' 'perl-term-readkey') - - cd build - - install -Dm0755 scripts/mytop "$pkgdir"/usr/bin/mytop -} - package_mariadb() { - pkgdesc='Fast SQL database server, drop-in replacement for MySQL' + pkgdesc='Fast SQL database server, derived from MySQL' backup=('etc/mysql/my.cnf' - 'etc/mysql/wsrep.cnf') + 'etc/mysql/my.cnf.d/client.cnf' + 'etc/mysql/my.cnf.d/enable_encryption.preset' + 'etc/mysql/my.cnf.d/mysql-clients.cnf' + 'etc/mysql/my.cnf.d/server.cnf') install=mariadb.install - depends=("mariadb-clients=${pkgver}" 'inetutils' 'libsystemd' 'libxml2') + depends=("mariadb-clients=${pkgver}" 'inetutils' 'libsystemd' 'libxml2' 'zstd') optdepends=('galera: for MariaDB cluster with Galera WSREP' 'perl-dbd-mysql: for mysqlhotcopy, mysql_convert_table_format and mysql_setpermission') conflicts=('mysql') @@ -162,16 +177,16 @@ package_mariadb() { cd "$pkgdir" - # We specified INSTALL_SYSCONFDIR and INSTALL_SYSCONF2DIR to have proper paths - # in binaries and support file. But we want our own files... - # TOOD: Change to upstream file layout with version 10.2.x? - rm -r etc/ - install -Dm0644 usr/share/mysql/my-medium.cnf etc/mysql/my.cnf - install -Dm0644 usr/share/mysql/wsrep.cnf etc/mysql/wsrep.cnf + # no SysV init, please! + rm -r etc/mysql/{init.d,logrotate.d} + rm usr/bin/rcmysql + rm usr/share/mysql/{binary-configure,mysql{,d_multi}.server} + # these should have useful names mv usr/lib/sysusers.d/{sysusers,mariadb}.conf mv usr/lib/tmpfiles.d/{tmpfiles,mariadb}.conf + # links service files with old name for compatibility ln -s mariadb.service usr/lib/systemd/system/mysqld.service ln -s mariadb@.service usr/lib/systemd/system/mysqld@.service @@ -179,18 +194,23 @@ package_mariadb() { install -d usr/share/licenses/mariadb mv usr/share/doc/mariadb/COPYING* usr/share/licenses/mariadb/ - # already installed to real systemd unit directory + # move it where one might look for it + #mv usr/share/{groonga,doc/mariadb/} + #mv usr/share/{groonga-normalizer-mysql,doc/mariadb/} + + # already installed to real systemd unit directory or useless rm -r usr/share/mysql/systemd/ + rm -r usr/lib/systemd/system/mariadb@bootstrap.service.d - # left over from sysvinit - rm usr/bin/rcmysql - - # provided by libmariadbclient + # provided by mariadb-libs + rm usr/bin/mariadb_config rm usr/bin/mysql_config - rm usr/lib/libmysql* - rm usr/share/man/man1/mysql_config.1 rm -r usr/include/ - rm -r usr/share/mysql/{aclocal,pkgconfig} + rm usr/share/man/man1/mysql_config.1 + rm -r usr/share/{aclocal,pkgconfig} + rm usr/lib/lib* + rm usr/lib/mysql/plugin/{auth_gssapi_client,caching_sha2_password,dialog,mysql_clear_password,sha256_password}.so + rm -r usr/lib/pkgconfig/ # provided by mariadb-clients rm usr/bin/{mysql,mysql_plugin,mysql_upgrade,mysqladmin,mysqlbinlog,mysqlcheck,mysqldump,mysqlimport,mysqlshow,mysqlslap,mysqltest} @@ -203,3 +223,12 @@ package_mariadb() { rm -r usr/{data,mysql-test,sql-bench} rm usr/share/man/man1/mysql-test-run.pl.1 } + +package_mytop() { + pkgdesc='Top clone for MariaDB' + depends=('perl' 'perl-dbd-mysql' 'perl-term-readkey') + + cd build + + install -D -m0755 scripts/mytop "$pkgdir"/usr/bin/mytop +} diff --git a/extra/mariadb/atomic.patch b/extra/mariadb/atomic.patch index 37a5ba4a6..f5ee9fde8 100644 --- a/extra/mariadb/atomic.patch +++ b/extra/mariadb/atomic.patch @@ -1,6 +1,6 @@ ---- libmysqld/CMakeLists.txt.orig 2017-06-02 07:40:08.506002423 -0600 -+++ libmysqld/CMakeLists.txt 2017-06-02 07:40:21.575972304 -0600 -@@ -137,6 +137,7 @@ +--- libmysqld/CMakeLists.txt.orig 2019-01-04 08:28:48.000000000 -0700 ++++ libmysqld/CMakeLists.txt 2019-01-17 06:52:10.668544469 -0700 +@@ -150,6 +150,7 @@ ${LIBWRAP} ${LIBCRYPT} ${LIBDL} ${MYSQLD_STATIC_PLUGIN_LIBS} sql_embedded @@ -8,9 +8,9 @@ ) # Some storage engine were compiled for embedded specifically ---- sql/CMakeLists.txt.orig 2017-06-02 17:52:45.041823696 -0600 -+++ sql/CMakeLists.txt 2017-06-02 17:52:25.446874245 -0600 -@@ -176,7 +176,8 @@ +--- sql/CMakeLists.txt.orig 2019-01-04 08:28:49.000000000 -0700 ++++ sql/CMakeLists.txt 2019-01-17 06:52:10.672544438 -0700 +@@ -169,7 +169,8 @@ ${LIBWRAP} ${LIBCRYPT} ${LIBDL} ${CMAKE_THREAD_LIBS_INIT} ${WSREP_LIB} ${SSL_LIBRARIES} @@ -20,3 +20,14 @@ IF(WIN32) SET(MYSQLD_SOURCE main.cc nt_servc.cc message.rc) +--- storage/rocksdb/build_rocksdb.cmake.orig 2019-01-17 07:52:59.896149354 -0700 ++++ storage/rocksdb/build_rocksdb.cmake 2019-01-17 07:53:34.996081204 -0700 +@@ -423,7 +423,7 @@ + list(APPEND SOURCES ${CMAKE_CURRENT_BINARY_DIR}/build_version.cc) + + ADD_CONVENIENCE_LIBRARY(rocksdblib ${SOURCES}) +-target_link_libraries(rocksdblib ${THIRDPARTY_LIBS} ${SYSTEM_LIBS}) ++target_link_libraries(rocksdblib ${THIRDPARTY_LIBS} ${SYSTEM_LIBS} atomic) + IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set_target_properties(rocksdblib PROPERTIES COMPILE_FLAGS "-fPIC -fno-builtin-memcmp -frtti") + endif() diff --git a/extra/mariadb/mariadb.install b/extra/mariadb/mariadb.install index c1cbf9259..df322be13 100644 --- a/extra/mariadb/mariadb.install +++ b/extra/mariadb/mariadb.install @@ -1,11 +1,15 @@ #!/bin/sh -post_install(){ - +post_install() { echo ":: You need to initialize the MariaDB data directory prior to starting" echo " the service. This can be done with mysql_install_db command, e.g.:" echo " mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql" - } - +post_upgrade(){ + # show for feature release: 10.1 -> 10.2 -> 10.3 -> ... + if [ $(vercmp "${1%.*}" "${2%.*}") -ne 0 ]; then + echo ":: MariaDB was updated to a new feature release. To update the data run:" + echo " systemctl restart mariadb.service && mysql_upgrade -u root -p" + fi +}