Date: Thu, 9 Jul 2020 10:09:41 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r541739 - head/databases/mysql57-client/files Message-ID: <202007091009.069A9fDn039635@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Thu Jul 9 10:09:40 2020 New Revision: 541739 URL: https://svnweb.freebsd.org/changeset/ports/541739 Log: databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL. Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL. This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash. The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. https://github.com/openssl/openssl/issues/12368 PR: 247803 Reported by: eugen Sponsored by: Netzkommune GmbH Modified: head/databases/mysql57-client/files/patch-cmake_ssl.cmake Modified: head/databases/mysql57-client/files/patch-cmake_ssl.cmake ============================================================================== --- head/databases/mysql57-client/files/patch-cmake_ssl.cmake Thu Jul 9 09:35:16 2020 (r541738) +++ head/databases/mysql57-client/files/patch-cmake_ssl.cmake Thu Jul 9 10:09:40 2020 (r541739) @@ -1,27 +1,48 @@ ---- cmake/ssl.cmake.orig 2019-12-06 10:41:47 UTC -+++ cmake/ssl.cmake -@@ -193,7 +193,8 @@ MACRO (MYSQL_CHECK_SSL) +--- cmake/ssl.cmake.orig 2020-07-08 22:29:14.999896000 +0200 ++++ cmake/ssl.cmake 2020-07-08 22:44:05.251931000 +0200 +@@ -150,22 +150,12 @@ MACRO (MYSQL_CHECK_SSL) + MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}") + ENDIF() + +- # On mac this list is <.dylib;.so;.a> +- # We prefer static libraries, so we reverse it here. +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- MESSAGE(STATUS "suffixes <${CMAKE_FIND_LIBRARY_SUFFIXES}>") +- ENDIF() +- + FIND_LIBRARY(OPENSSL_LIBRARY + NAMES ssl libssl ssleay32 ssleay32MD + HINTS ${OPENSSL_ROOT_DIR}/lib) + FIND_LIBRARY(CRYPTO_LIBRARY + NAMES crypto libcrypto libeay32 + HINTS ${OPENSSL_ROOT_DIR}/lib) +- IF (WITH_SSL_PATH) +- LIST(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES) +- ENDIF() + + IF(OPENSSL_INCLUDE_DIR) + # Verify version number. Version information looks like: +@@ -193,7 +183,8 @@ MACRO (MYSQL_CHECK_SSL) ) SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "") - IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION) ADD_DEFINITIONS(-DHAVE_TLSv13) SET(HAVE_TLSv13 1) IF(SOLARIS) -@@ -203,7 +204,13 @@ MACRO (MYSQL_CHECK_SSL) - IF(OPENSSL_INCLUDE_DIR AND +@@ -204,6 +195,12 @@ MACRO (MYSQL_CHECK_SSL) OPENSSL_LIBRARY AND CRYPTO_LIBRARY AND -- OPENSSL_MAJOR_VERSION STREQUAL "1" -+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1" -+ ) -+ SET(OPENSSL_FOUND TRUE) -+ ELSEIF(OPENSSL_INCLUDE_DIR AND -+ OPENSSL_LIBRARY AND -+ CRYPTO_LIBRARY AND -+ OPENSSL_MAJOR_VERSION STREQUAL "2" + OPENSSL_MAJOR_VERSION STREQUAL "1" ++ ) ++ SET(OPENSSL_FOUND TRUE) ++ ELSEIF(OPENSSL_INCLUDE_DIR AND ++ OPENSSL_LIBRARY AND ++ CRYPTO_LIBRARY AND ++ OPENSSL_MAJOR_VERSION STREQUAL "2" ) SET(OPENSSL_FOUND TRUE) ELSE()
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007091009.069A9fDn039635>