From nobody Wed Dec 13 10:57:19 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SqsrJ1D27z53b9s; Wed, 13 Dec 2023 10:57:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SqsrJ0mZXz4Vj5; Wed, 13 Dec 2023 10:57:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702465040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aYCFJUk7ZLgXFdcqIK2U+RqjZ45rjw90+g2WJCyi8s4=; b=iiXAvqj0UqAvxlk1ZQgP0xrMEB6bvMcI32IDRpJsbw69oDsKTpNd21j/F7ElYxTZ387XWA BQ+KEtN9enaNuI3hQeRBlsttUiF7wtc8ukajcvfAa7DLhQk3V/3R8isW5vvRSS8nNIwTYs ya1s06JLDsLX1g/rQMC+oVRXeBIAarzpF3Fi822S7JETcefJmA8rXN+MJL0GkShUqx1nbL 6CgA8iRHnBT/HAmPTsr/wnUrMd1ZRhjQgFj2mjpqOzvU695U2I+wWDL9YMs2uwcHCmvx9O ZCGyIpuV8ydwZp4IVLAMLlhdVEbY6aNfmHJPEqdi4OncqXi9R8qYrG6/hKu7Dw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702465040; a=rsa-sha256; cv=none; b=scskA4YoyDB7T838i6gFVtoOtLZhlY2wQIOC8Ibg3gYQ3rvPtCcUHxH3zWHem58via/9IM OHQ+Au0pO8VJhz1SSenYI06ZQV9dFlLy0xIAaFClPzita4xain7KmcTrDfvboaOem6A5b7 HNjpJsUVBLjQy9pP/3/UBNjiQVrcPXo+Te6JItvgKZtNysGxMC2ZO0cgih1kSwMnkvl/Tw HuBoSAjCSassQtEKX7P60dWKg5zKUvwzYiH1aqdyivRAfw1k+S+F3CRHcbUkHKNCPLf80I 55T8JAZlq0gfiLBg1wsc9ucbtDcnD9QNdc+AU33uCEfNAdZYuAbSbnkjVUA6UA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702465040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aYCFJUk7ZLgXFdcqIK2U+RqjZ45rjw90+g2WJCyi8s4=; b=obIsHi6zyvh18od3pVD59WmL4WwFXpUmDzSPzC3lPviaZLdVOj/LDi4HUM/5oxHzvcIy/0 TBWgGLIbY19ZF76gki8z01lcRLz42pCqigCpqfcUv0l20JO+1Gymc39ZLEjaueV9fXGEcW eCJV30KyO5fNbUcpFJLwXgY/VeaBCWmU0+RfYDhdrPPkOsWv/9fX73LPveh7D227dvYDfm YxC62FchKmW0XLgCS6CuSMD0tlV1MlzrDBu6mAclqI6+c9F80hT5SUAsCPkf/p4TjIFLYk kqDar92hSM6v9r6pFEABL9lzMBYMRXX398gJ1S+RSr7g1bEI1yZ1Pbz4oyHkew== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SqsrH6wnHzwBF; Wed, 13 Dec 2023 10:57:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BDAvJ45064032; Wed, 13 Dec 2023 10:57:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BDAvJ2A064029; Wed, 13 Dec 2023 10:57:19 GMT (envelope-from git) Date: Wed, 13 Dec 2023 10:57:19 GMT Message-Id: <202312131057.3BDAvJ2A064029@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Felix Palmen Subject: git: 81d71f93c329 - main - databases/mysql80-server: Fix build with libressl List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zirias X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 81d71f93c329a6d328dc7dddc5db2eb3cd51e1b8 Auto-Submitted: auto-generated The branch main has been updated by zirias: URL: https://cgit.FreeBSD.org/ports/commit/?id=81d71f93c329a6d328dc7dddc5db2eb3cd51e1b8 commit 81d71f93c329a6d328dc7dddc5db2eb3cd51e1b8 Author: Felix Palmen AuthorDate: 2023-12-04 06:50:03 +0000 Commit: Felix Palmen CommitDate: 2023-12-13 10:56:43 +0000 databases/mysql80-server: Fix build with libressl Upstream commit d737d2a [1] introduced three code paths for OpenSSL <1.1, >=3.0 and between, none of which currently works with LibreSSL. 3.x APIs are not yet supported, and the code path for <1.1 directly accesses struct members that were made opaque in LibreSSL as well. Finally, the code path for >=1.1 uses DH_new_by_nid() which is missing from LibreSSL. Therefore add a patch introducing a fourth code path, doing essentially the same as the version for OpenSSL <1.1, but using the accessor methods instead of directly accessing struct members. Also remove patches for viossl[factories].cc, which aren't needed any more for current LibreSSL. [1] https://github.com/mysql/mysql-server/commit/d737d2a3ef6fc82d933a2345769835e8c2e4f700 Approved by: joneum (maintainer, via private mail) Differential Revision: https://reviews.freebsd.org/D42922 --- .../files/patch-include_dh__ecdh__config.h | 63 ++++++++++++++++++++++ databases/mysql80-server/files/patch-vio_viossl.cc | 30 ----------- .../files/patch-vio_viosslfactories.cc | 46 ---------------- 3 files changed, 63 insertions(+), 76 deletions(-) diff --git a/databases/mysql80-server/files/patch-include_dh__ecdh__config.h b/databases/mysql80-server/files/patch-include_dh__ecdh__config.h new file mode 100644 index 000000000000..a33067bbd562 --- /dev/null +++ b/databases/mysql80-server/files/patch-include_dh__ecdh__config.h @@ -0,0 +1,63 @@ +--- include/dh_ecdh_config.h.orig 2023-12-03 10:42:56 UTC ++++ include/dh_ecdh_config.h +@@ -38,7 +38,7 @@ + #endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */ + + namespace { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* Following primes are from https://www.rfc-editor.org/rfc/rfc7919#appendix-A + */ + +@@ -257,6 +257,7 @@ bool set_dh(SSL_CTX *ctx) { + + DH *dh = nullptr; + #if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if !defined(LIBRESSL_VERSION_NUMBER) + switch (security_level) { + case 1: + [[fallthrough]]; +@@ -275,6 +276,43 @@ bool set_dh(SSL_CTX *ctx) { + default: + break; + }; ++#else ++ dh = DH_new(); ++ if (!dh) return true; ++ ++ BIGNUM *dhp = nullptr; ++ BIGNUM *dhg = nullptr; ++ switch (security_level) { ++ case 1: ++ [[fallthrough]]; ++ case 2: ++ dhp = ++ BN_bin2bn(rfc7919_ffdhe2048_p, sizeof(rfc7919_ffdhe2048_p), nullptr); ++ break; ++ case 3: ++ dhp = ++ BN_bin2bn(rfc7919_ffdhe3072_p, sizeof(rfc7919_ffdhe3072_p), nullptr); ++ break; ++ case 4: ++ dhp = ++ BN_bin2bn(rfc7919_ffdhe8192_p, sizeof(rfc7919_ffdhe8192_p), nullptr); ++ break; ++ case 5: ++ /* There is no RFC7919 approved prime for sec level 5 */ ++ [[fallthrough]]; ++ default: ++ DH_free(dh); ++ return true; ++ }; ++ ++ dhg = BN_bin2bn(rfc7919_g, sizeof(rfc7919_g), nullptr); ++ if (!dhp || !dhg || !DH_set0_pqg(dh, dhp, nullptr, dhg)) { ++ DH_free(dh); ++ BN_free(dhg); ++ BN_free(dhp); ++ return true; ++ } ++#endif /* !defined(LIBRESSL_VERSION_NUMBER) */ + #else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ + dh = DH_new(); + if (!dh) return true; diff --git a/databases/mysql80-server/files/patch-vio_viossl.cc b/databases/mysql80-server/files/patch-vio_viossl.cc deleted file mode 100644 index 8fe78ce89f2a..000000000000 --- a/databases/mysql80-server/files/patch-vio_viossl.cc +++ /dev/null @@ -1,30 +0,0 @@ ---- vio/viossl.cc.orig 2021-12-17 16:07:27 UTC -+++ vio/viossl.cc -@@ -45,7 +45,8 @@ - BIO_set_callback_ex was added in openSSL 1.1.1 - For older openSSL, use the deprecated BIO_set_callback. - */ --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && \ -+ !defined(LIBRESSL_VERSION_NUMBER) - #define HAVE_BIO_SET_CALLBACK_EX - #endif - -@@ -640,7 +641,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, l - #if !defined(NDEBUG) - { - STACK_OF(SSL_COMP) *ssl_comp_methods = nullptr; -- ssl_comp_methods = SSL_COMP_get_compression_methods(); -+ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods(); - n = sk_SSL_COMP_num(ssl_comp_methods); - DBUG_PRINT("info", ("Available compression methods:\n")); - if (n == 0) -@@ -648,7 +649,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, l - else - for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); - #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - DBUG_PRINT("info", diff --git a/databases/mysql80-server/files/patch-vio_viosslfactories.cc b/databases/mysql80-server/files/patch-vio_viosslfactories.cc deleted file mode 100644 index 4951cc995df3..000000000000 --- a/databases/mysql80-server/files/patch-vio_viosslfactories.cc +++ /dev/null @@ -1,46 +0,0 @@ ---- vio/viosslfactories.cc.orig 2023-11-18 20:56:37.098235000 +0100 -+++ vio/viosslfactories.cc 2023-11-19 09:20:02.284708000 +0100 -@@ -43,6 +43,7 @@ - #include - - #include "my_openssl_fips.h" -+#include "openssl/crypto.h" - #define TLS_VERSION_OPTION_SIZE 256 - - /* -@@ -417,7 +418,7 @@ long process_tls_version(const char *tls_version) { - const char *separator = ","; - char *token, *lasts = nullptr; - --#ifdef HAVE_TLSv13 -+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) - const char *tls_version_name_list[] = {"TLSv1.2", "TLSv1.3"}; - const char ctx_flag_default[] = "TLSv1.2,TLSv1.3"; - const long tls_ctx_list[] = {SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3}; -@@ -489,7 +490,7 @@ static struct st_VioSSLFd *new_VioSSLFd( - ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) & - (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | - SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 --#ifdef HAVE_TLSv13 -+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) - | SSL_OP_NO_TLSv1_3 - #endif /* HAVE_TLSv13 */ - | SSL_OP_NO_TICKET); -@@ -498,7 +499,7 @@ static struct st_VioSSLFd *new_VioSSLFd( - return nullptr; - - if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ? --#ifdef HAVE_TLSv13 -+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) - TLS_client_method() - : TLS_server_method() - #else /* HAVE_TLSv13 */ -@@ -513,7 +514,7 @@ static struct st_VioSSLFd *new_VioSSLFd( - return nullptr; - } - --#ifdef HAVE_TLSv13 -+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER) - /* - Set OpenSSL TLS v1.3 ciphersuites. - Note that an empty list is permissible.