commit: 5d874ef4f478adbf245793017b1e6fc02f1e40a8 Author: Brian Evans <grknight <AT> gentoo <DOT> org> AuthorDate: Wed May 2 14:34:28 2018 +0000 Commit: Brian Evans <grknight <AT> gentoo <DOT> org> CommitDate: Wed May 2 14:34:28 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d874ef4
dev-db/mysql-connector-c: Add openssl-1.1 compatibility patch Closes: https://bugs.gentoo.org/606600 Package-Manager: Portage-2.3.31, Repoman-2.3.9 .../files/6.1.11-openssl-1.1.patch | 287 +++++++++++++++++++++ .../mysql-connector-c-6.1.11-r1.ebuild | 3 +- 2 files changed, 289 insertions(+), 1 deletion(-) diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch new file mode 100644 index 00000000000..cbca14de60b --- /dev/null +++ b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch @@ -0,0 +1,287 @@ +From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001 +From: eroen <[email protected]> +Date: Fri, 20 Jan 2017 14:43:53 +0100 +Subject: [PATCH] Don't use deprecated API with openssl 1.1 + +If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using +deprecated APIs causes build errors. + +X-Gentoo-Bug: 606600 +X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600 +--- + mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++------------- + sql-common/client.c | 16 ++++++++++++-- + vio/viossl.c | 8 +++++++ + vio/viosslfactories.c | 23 +++++++++++++++++++ + 4 files changed, 84 insertions(+), 17 deletions(-) + +diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc +index 261ba8a..59a95e3 100644 +--- a/mysys_ssl/my_aes_openssl.cc ++++ b/mysys_ssl/my_aes_openssl.cc +@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + #include <openssl/evp.h> + #include <openssl/err.h> + #include <openssl/bio.h> ++#include <openssl/opensslv.h> ++ ++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) ++#undef OPENSSL_VERSION_NUMBER ++#define OPENSSL_VERSION_NUMBER 0x1000107fL ++#endif + + /* + xplugin needs BIO_new_bio_pair, but the server does not. +@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, + enum my_aes_opmode mode, const unsigned char *iv, + bool padding) + { +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *cipher= aes_evp_type(mode); + int u_len, f_len; + /* The real key to be used for encryption */ +@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, + if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) ++ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) + goto aes_error; /* Error */ +- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) ++ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) + goto aes_error; /* Error */ +- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) ++ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) + goto aes_error; /* Error */ + +- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) ++ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +- EVP_CIPHER_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx); ++#else ++ EVP_CIPHER_CTX_free(ctx); ++#endif + return u_len + f_len; + + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +- EVP_CIPHER_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx); ++#else ++ EVP_CIPHER_CTX_free(ctx); ++#endif + return MY_AES_BAD_DATA; + } + +@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, + bool padding) + { + +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *cipher= aes_evp_type(mode); + int u_len, f_len; + +@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, + if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) + return MY_AES_BAD_DATA; + +- EVP_CIPHER_CTX_init(&ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_init(ctx); ++#endif + +- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) ++ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) + goto aes_error; /* Error */ +- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) ++ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) + goto aes_error; /* Error */ +- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) ++ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) + goto aes_error; /* Error */ +- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) ++ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) + goto aes_error; /* Error */ + +- EVP_CIPHER_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx); ++#else ++ EVP_CIPHER_CTX_free(ctx); ++#endif + return u_len + f_len; + + aes_error: + /* need to explicitly clean up the error if we want to ignore it */ + ERR_clear_error(); +- EVP_CIPHER_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx); ++#else ++ EVP_CIPHER_CTX_free(ctx); ++#endif + return MY_AES_BAD_DATA; + } + +diff --git a/sql-common/client.c b/sql-common/client.c +index 9e88e9f..fe7daf7 100644 +--- a/sql-common/client.c ++++ b/sql-common/client.c +@@ -86,6 +86,14 @@ my_bool net_flush(NET *net); + # include <sys/un.h> + #endif + ++#ifdef HAVE_OPENSSL ++#include <openssl/opensslv.h> ++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) ++#undef OPENSSL_VERSION_NUMBER ++#define OPENSSL_VERSION_NUMBER 0x1000107fL ++#endif ++#endif ++ + #ifndef _WIN32 + #include <errno.h> + #define SOCKET_ERROR -1 +@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c + { + SSL *ssl; + X509 *server_cert= NULL; +- char *cn= NULL; ++ const char *cn= NULL; + int cn_loc= -1; + ASN1_STRING *cn_asn1= NULL; + X509_NAME_ENTRY *cn_entry= NULL; +@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c + goto error; + } + +- cn= (char *) ASN1_STRING_data(cn_asn1); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ cn= (const char *) ASN1_STRING_data(cn_asn1); ++#else ++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); ++#endif + + // There should not be any NULL embedded in the CN + if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) +diff --git a/vio/viossl.c b/vio/viossl.c +index 5622cb7..94b0f09 100644 +--- a/vio/viossl.c ++++ b/vio/viossl.c +@@ -24,6 +24,12 @@ + + #ifdef HAVE_OPENSSL + ++#include <openssl/opensslv.h> ++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) ++#undef OPENSSL_VERSION_NUMBER ++#define OPENSSL_VERSION_NUMBER 0x1000107fL ++#endif ++ + #ifndef DBUG_OFF + + static void +@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio) + } + + #ifndef HAVE_YASSL ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(0); + #endif ++#endif + + vio_delete(vio); + } +diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c +index da5449a..87b30c3 100644 +--- a/vio/viosslfactories.c ++++ b/vio/viosslfactories.c +@@ -16,6 +16,14 @@ + #include "vio_priv.h" + + #ifdef HAVE_OPENSSL ++#include <openssl/bn.h> ++#include <openssl/dh.h> ++#include <openssl/opensslv.h> ++ ++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) ++#undef OPENSSL_VERSION_NUMBER ++#define OPENSSL_VERSION_NUMBER 0x1000107fL ++#endif + + #define TLS_VERSION_OPTION_SIZE 256 + #define SSL_CIPHER_LIST_SIZE 4096 +@@ -121,10 +129,18 @@ static DH *get_dh2048(void) + DH *dh; + if ((dh=DH_new())) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if (! dh->p || ! dh->g) + { ++#else ++ if (! DH_set0_pqg(dh, ++ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL), ++ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL), ++ NULL)) ++ { ++#endif + DH_free(dh); + dh=0; + } +@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value + } openssl_lock_t; + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ + /* Array of locks used by openssl internally for thread synchronization. + The number of locks is equal to CRYPTO_num_locks. + */ +@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions() + { + set_lock_callback_functions(FALSE); + } ++#endif + + void vio_ssl_end() + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int i= 0; + + if (ssl_initialized) { +@@ -409,6 +429,7 @@ void vio_ssl_end() + + ssl_initialized= FALSE; + } ++#endif + } + + #endif //OpenSSL specific +@@ -419,6 +440,7 @@ void ssl_start() + { + ssl_initialized= TRUE; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); +@@ -427,6 +449,7 @@ void ssl_start() + init_ssl_locks(); + init_lock_callback_functions(); + #endif ++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + } + } + +-- +2.11.0 + diff --git a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild index 0895cd112ad..c865a0fc652 100644 --- a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild +++ b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild @@ -45,6 +45,7 @@ DOCS=( README ) PATCHES=( "${FILESDIR}/mysql_com.patch" "${FILESDIR}/20028_all_mysql-5.6-gcc7.patch" + "${FILESDIR}/6.1.11-openssl-1.1.patch" ) src_prepare() { @@ -57,7 +58,7 @@ src_prepare() { } multilib_src_configure() { - mycmakeargs+=( + local mycmakeargs=( -DINSTALL_LAYOUT=RPM -DINSTALL_LIBDIR=$(get_libdir) -DWITH_DEFAULT_COMPILER_OPTIONS=OFF
