svn commit: r541826 - branches/2020Q3/databases/mysql57-client/files

[Jochen Neumeister]

Author: joneum
Date: Thu Jul  9 21:57:52 2020
New Revision: 541826
URL: https://svnweb.freebsd.org/changeset/ports/541826

Log:
  MFH: r541739
  
  databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking
  
  As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.
  
  Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.
  
  This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.
  
  The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway.
  
  https://github.com/openssl/openssl/issues/12368
  
  PR:		247803
  Reported by:	eugen
  Sponsored by:	Netzkommune GmbH
  
  Approved by:	ports-secteam (with hat)

Modified:
  branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake
Directory Properties:
  branches/2020Q3/   (props changed)

Modified: branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake
==============================================================================
--- branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake	Thu Jul  9 21:56:07 2020	(r541825)
+++ branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake	Thu Jul  9 21:57:52 2020	(r541826)
@@ -1,27 +1,48 @@
---- cmake/ssl.cmake.orig	2019-12-06 10:41:47 UTC
-+++ cmake/ssl.cmake
-@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL)
+--- cmake/ssl.cmake.orig	2020-07-08 22:29:14.999896000 +0200
++++ cmake/ssl.cmake	2020-07-08 22:44:05.251931000 +0200
+@@ -150,22 +150,12 @@ MACRO (MYSQL_CHECK_SSL)
+       MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}")
+     ENDIF()
+ 
+-    # On mac this list is <.dylib;.so;.a>
+-    # We prefer static libraries, so we reverse it here.
+-    IF (WITH_SSL_PATH)
+-      LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES)
+-      MESSAGE(STATUS "suffixes <${CMAKE_FIND_LIBRARY_SUFFIXES}>")
+-    ENDIF()
+-
+     FIND_LIBRARY(OPENSSL_LIBRARY
+                  NAMES ssl libssl ssleay32 ssleay32MD
+                  HINTS ${OPENSSL_ROOT_DIR}/lib)
+     FIND_LIBRARY(CRYPTO_LIBRARY
+                  NAMES crypto libcrypto libeay32
+                  HINTS ${OPENSSL_ROOT_DIR}/lib)
+-    IF (WITH_SSL_PATH)
+-      LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES)
+-    ENDIF()
+ 
+     IF(OPENSSL_INCLUDE_DIR)
+       # Verify version number. Version information looks like:
+@@ -193,7 +183,8 @@ MACRO (MYSQL_CHECK_SSL)
        )
      SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "")
  
 -    IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0")
-+    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
-+    IF(HAVE_TLS1_3_VERSION)
++	CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
++	IF(HAVE_TLS1_3_VERSION)
         ADD_DEFINITIONS(-DHAVE_TLSv13)
         SET(HAVE_TLSv13 1)
         IF(SOLARIS)
-@@ -203,7 +204,13 @@ MACRO (MYSQL_CHECK_SSL)
-     IF(OPENSSL_INCLUDE_DIR AND
+@@ -204,6 +195,12 @@ MACRO (MYSQL_CHECK_SSL)
         OPENSSL_LIBRARY   AND
         CRYPTO_LIBRARY      AND
--       OPENSSL_MAJOR_VERSION STREQUAL "1"
-+       OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
-+      )
-+      SET(OPENSSL_FOUND TRUE)
-+    ELSEIF(OPENSSL_INCLUDE_DIR AND
-+       OPENSSL_LIBRARY   AND
-+       CRYPTO_LIBRARY      AND
-+       OPENSSL_MAJOR_VERSION STREQUAL "2"
+        OPENSSL_MAJOR_VERSION STREQUAL "1"
++	  )
++  	  SET(OPENSSL_FOUND TRUE)
++	ELSEIF(OPENSSL_INCLUDE_DIR AND
++		OPENSSL_LIBRARY   AND
++		CRYPTO_LIBRARY      AND
++		OPENSSL_MAJOR_VERSION STREQUAL "2"
        )
        SET(OPENSSL_FOUND TRUE)
      ELSE()