Sun Jul 19 17:58:44 2015 UTC ()
Pullup ticket #4776 - requested by manu
databases/mysql56-client: bug fix patch
databases/mysql56-server: bug fix patch
Revisions pulled up:
- databases/mysql56-client/Makefile 1.17
- databases/mysql56-client/distinfo 1.25
- databases/mysql56-client/patches/patch-include_violite.h 1.1
- databases/mysql56-client/patches/patch-vio_viosslfactories.c 1.1
- databases/mysql56-server/Makefile 1.25
---
Module Name: pkgsrc
Committed By: manu
Date: Tue Jul 14 12:09:24 UTC 2015
Modified Files:
pkgsrc/databases/mysql56-client: Makefile distinfo
Added Files:
pkgsrc/databases/mysql56-client/patches: patch-include_violite.h
patch-vio_viosslfactories.c
Log Message:
Restore SSL functionnality with OpenSSL 1.0.1p
With OpenSSL 1.0.1p upgrade, DH parameters below 1024 bits are now
refused. MySQL hardcodes 512 bits DH parameters and will therefore
fail to run SSL connexions with OpenSSL 1.0.1p
Apply fix from upstream:
https://github.com/mysql/mysql-server/commit/
866b988a76e8e7e217017a7883a52a12ec5024b9
---
Module Name: pkgsrc
Committed By: manu
Date: Tue Jul 14 16:38:56 UTC 2015
Modified Files:
pkgsrc/databases/mysql56-server: Makefile
Log Message:
Restore SSL functionnality with OpenSSL 1.0.1p (revision bump)
This changes just bumps PKGREVISION after patches were added
in mysql56-client/patches which impact mysql56-server.
For the record, the commit log or that patches:
> With OpenSSL 1.0.1p upgrade, DH parameters below 1024 bits are now
> refused. MySQL hardcodes 512 bits DH parameters and will therefore
> fail to run SSL connexions with OpenSSL 1.0.1p
>
> Apply fix from upstream:
> https://github.com/mysql/mysql-server/commit/
866b988a76e8e7e217017a7883a52a12ec5024b9
(tron)
diff -r1.16 -r1.16.2.1 pkgsrc/databases/mysql56-client/Makefile
diff -r1.24 -r1.24.2.1 pkgsrc/databases/mysql56-client/distinfo
diff -r0 -r1.1.2.2 pkgsrc/databases/mysql56-client/patches/patch-include_violite.h
diff -r0 -r1.1.2.2 pkgsrc/databases/mysql56-client/patches/patch-vio_viosslfactories.c
diff -r1.24 -r1.24.2.1 pkgsrc/databases/mysql56-server/Makefile
--- pkgsrc/databases/mysql56-client/Makefile 2015/06/12 10:48:36 1.16
+++ pkgsrc/databases/mysql56-client/Makefile 2015/07/19 17:58:43 1.16.2.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.16 2015/06/12 10:48:36 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.16.2.1 2015/07/19 17:58:43 tron Exp $ |
2 | | | 2 | |
3 | PKGNAME= ${DISTNAME:S/-/-client-/} | | 3 | PKGNAME= ${DISTNAME:S/-/-client-/} |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
5 | COMMENT= MySQL 5, a free SQL database (client) | | 5 | COMMENT= MySQL 5, a free SQL database (client) |
6 | | | 6 | |
7 | CONFLICTS= mysql3-client-[0-9]* | | 7 | CONFLICTS= mysql3-client-[0-9]* |
8 | | | 8 | |
9 | .include "Makefile.common" | | 9 | .include "Makefile.common" |
10 | | | 10 | |
11 | CMAKE_ARGS+= -DWITHOUT_SERVER=ON | | 11 | CMAKE_ARGS+= -DWITHOUT_SERVER=ON |
12 | UNWRAP_FILES+= scripts/mysql_config | | 12 | UNWRAP_FILES+= scripts/mysql_config |
13 | INFO_FILES= yes | | 13 | INFO_FILES= yes |
14 | INSTALL_DIRS+= client include libmysql man scripts tests | | 14 | INSTALL_DIRS+= client include libmysql man scripts tests |
15 | | | 15 | |
16 | REPLACE_PERL= scripts/mysql_convert_table_format.sh | | 16 | REPLACE_PERL= scripts/mysql_convert_table_format.sh |
17 | REPLACE_PERL+= scripts/mysql_find_rows.sh | | 17 | REPLACE_PERL+= scripts/mysql_find_rows.sh |
--- pkgsrc/databases/mysql56-client/distinfo 2015/06/03 03:20:03 1.24
+++ pkgsrc/databases/mysql56-client/distinfo 2015/07/19 17:58:43 1.24.2.1
| @@ -1,41 +1,43 @@ | | | @@ -1,41 +1,43 @@ |
1 | $NetBSD: distinfo,v 1.24 2015/06/03 03:20:03 ryoon Exp $ | | 1 | $NetBSD: distinfo,v 1.24.2.1 2015/07/19 17:58:43 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (mysql-5.6.25.tar.gz) = ace53481400a4ad363ee0453a547b8ba07582fd2 | | 3 | SHA1 (mysql-5.6.25.tar.gz) = ace53481400a4ad363ee0453a547b8ba07582fd2 |
4 | RMD160 (mysql-5.6.25.tar.gz) = a65b1aa209cb2f08295db7cb7259a7ce294c0713 | | 4 | RMD160 (mysql-5.6.25.tar.gz) = a65b1aa209cb2f08295db7cb7259a7ce294c0713 |
5 | Size (mysql-5.6.25.tar.gz) = 33203321 bytes | | 5 | Size (mysql-5.6.25.tar.gz) = 33203321 bytes |
6 | SHA1 (sphinx-2.2.7-release.tar.gz) = dedae28c0deafda90109745230dacbe0dc441e1a | | 6 | SHA1 (sphinx-2.2.7-release.tar.gz) = dedae28c0deafda90109745230dacbe0dc441e1a |
7 | RMD160 (sphinx-2.2.7-release.tar.gz) = d9f0150f6779b43457e30c77be50aa9bc658b03a | | 7 | RMD160 (sphinx-2.2.7-release.tar.gz) = d9f0150f6779b43457e30c77be50aa9bc658b03a |
8 | Size (sphinx-2.2.7-release.tar.gz) = 2969037 bytes | | 8 | Size (sphinx-2.2.7-release.tar.gz) = 2969037 bytes |
9 | SHA1 (patch-CMakeLists.txt) = 1b5dd5a965f87027a03c5f2eaa1c7e6a43395cff | | 9 | SHA1 (patch-CMakeLists.txt) = 1b5dd5a965f87027a03c5f2eaa1c7e6a43395cff |
10 | SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb | | 10 | SHA1 (patch-client_completion_hash.cc) = b86ec80beac624b2aa21c7587e351ff126400ecb |
11 | SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93 | | 11 | SHA1 (patch-client_mysqladmin.cc) = e1650ef3695675bcc01375bacdebcb7318218b93 |
12 | SHA1 (patch-client_sql_string.h) = f26aff4ce4cf6dfef44c85ef95120331ca8fef52 | | 12 | SHA1 (patch-client_sql_string.h) = f26aff4ce4cf6dfef44c85ef95120331ca8fef52 |
13 | SHA1 (patch-cmake_dtrace.cmake) = d953fdf976f3a7e7f0c2c16a9a2d2615f2777396 | | 13 | SHA1 (patch-cmake_dtrace.cmake) = d953fdf976f3a7e7f0c2c16a9a2d2615f2777396 |
14 | SHA1 (patch-cmake_libutils.cmake) = c3e5ab66d2bef43dc2308369e27550553e0f5356 | | 14 | SHA1 (patch-cmake_libutils.cmake) = c3e5ab66d2bef43dc2308369e27550553e0f5356 |
15 | SHA1 (patch-cmake_plugin.cmake) = 03e7a7debd61e870bd76d5c5b253a620662b3595 | | 15 | SHA1 (patch-cmake_plugin.cmake) = 03e7a7debd61e870bd76d5c5b253a620662b3595 |
16 | SHA1 (patch-cmake_readline.cmake) = ace5d3dc0d0737271a0a2e4292d81dff30591c20 | | 16 | SHA1 (patch-cmake_readline.cmake) = ace5d3dc0d0737271a0a2e4292d81dff30591c20 |
17 | SHA1 (patch-cmake_ssl.cmake) = a5a25b00010c6586e5a3e099975ddabe369d4247 | | 17 | SHA1 (patch-cmake_ssl.cmake) = a5a25b00010c6586e5a3e099975ddabe369d4247 |
18 | SHA1 (patch-include_CMakeLists.txt) = 49d351a958e63c69ad8bfe5c50961fe3751e86c4 | | 18 | SHA1 (patch-include_CMakeLists.txt) = 49d351a958e63c69ad8bfe5c50961fe3751e86c4 |
19 | SHA1 (patch-include_my__global.h) = 843b9527faf880eee59cf02239ba601f5985ddfb | | 19 | SHA1 (patch-include_my__global.h) = 843b9527faf880eee59cf02239ba601f5985ddfb |
20 | SHA1 (patch-include_my_compare.h) = f45bac4b488332a668b0005751856279b67401f5 | | 20 | SHA1 (patch-include_my_compare.h) = f45bac4b488332a668b0005751856279b67401f5 |
21 | SHA1 (patch-include_my_net.h) = b08aa36921efd023f9ecaac4cd3fb8a16d200abd | | 21 | SHA1 (patch-include_my_net.h) = b08aa36921efd023f9ecaac4cd3fb8a16d200abd |
22 | SHA1 (patch-include_my_pthread.h) = ff3bf1fddd04edd7804d810f79de64387464b5ca | | 22 | SHA1 (patch-include_my_pthread.h) = ff3bf1fddd04edd7804d810f79de64387464b5ca |
| | | 23 | SHA1 (patch-include_violite.h) = 1a5f404da44e24d5deebf1d54418aa910f54fc02 |
23 | SHA1 (patch-libmysql_CMakeLists.txt) = 229044de6d11b26ee99b25be99b628a9f146b795 | | 24 | SHA1 (patch-libmysql_CMakeLists.txt) = 229044de6d11b26ee99b25be99b628a9f146b795 |
24 | SHA1 (patch-mysql-test_CMakeLists.txt) = b7dd562d55678b13ac487aa0ee59bf2551af1f9d | | 25 | SHA1 (patch-mysql-test_CMakeLists.txt) = b7dd562d55678b13ac487aa0ee59bf2551af1f9d |
25 | SHA1 (patch-mysys__ssl_CMakeLists.txt) = e50bad459520be78ea2d5c4d0699cda8c1141884 | | 26 | SHA1 (patch-mysys__ssl_CMakeLists.txt) = e50bad459520be78ea2d5c4d0699cda8c1141884 |
26 | SHA1 (patch-mysys_stacktrace.c) = 27ddd012c9ca299cfe2b9935b9f99fe603415e7e | | 27 | SHA1 (patch-mysys_stacktrace.c) = 27ddd012c9ca299cfe2b9935b9f99fe603415e7e |
27 | SHA1 (patch-scripts_CMakeLists.txt) = 3f4621b3256034c5a3114e98c108658794f06008 | | 28 | SHA1 (patch-scripts_CMakeLists.txt) = 3f4621b3256034c5a3114e98c108658794f06008 |
28 | SHA1 (patch-scripts_mysqld_safe.sh) = 0784314227657aa0bc3f4a0b4e21c173a86fa94b | | 29 | SHA1 (patch-scripts_mysqld_safe.sh) = 0784314227657aa0bc3f4a0b4e21c173a86fa94b |
29 | SHA1 (patch-sql_CMakeLists.txt) = 83c1e50de6b53a0af5ff010f248dd595745b3eb5 | | 30 | SHA1 (patch-sql_CMakeLists.txt) = 83c1e50de6b53a0af5ff010f248dd595745b3eb5 |
30 | SHA1 (patch-sql_log_event.h) = a413038ffa29103c75e1d243864615ccb3d9621e | | 31 | SHA1 (patch-sql_log_event.h) = a413038ffa29103c75e1d243864615ccb3d9621e |
31 | SHA1 (patch-sql_sql_string.h) = 1ce4d4db59310ea45e384f34e33c0d61935059bf | | 32 | SHA1 (patch-sql_sql_string.h) = 1ce4d4db59310ea45e384f34e33c0d61935059bf |
32 | SHA1 (patch-storage_archive_CMakeLists.txt) = e739ef4884a154d7e33e8aae24234fd6855119b7 | | 33 | SHA1 (patch-storage_archive_CMakeLists.txt) = e739ef4884a154d7e33e8aae24234fd6855119b7 |
33 | SHA1 (patch-storage_blackhole_CMakeLists.txt) = b9c526783cabd04ea7859d62cb1930ff35f905f8 | | 34 | SHA1 (patch-storage_blackhole_CMakeLists.txt) = b9c526783cabd04ea7859d62cb1930ff35f905f8 |
34 | SHA1 (patch-storage_csv_CMakeLists.txt) = 739accd1fb85b051e28f5c3f16a6c3c0f77d6dae | | 35 | SHA1 (patch-storage_csv_CMakeLists.txt) = 739accd1fb85b051e28f5c3f16a6c3c0f77d6dae |
35 | SHA1 (patch-storage_example_CMakeLists.txt) = a80b1dd3c6020b3fe958db35bebe3bd181136f0d | | 36 | SHA1 (patch-storage_example_CMakeLists.txt) = a80b1dd3c6020b3fe958db35bebe3bd181136f0d |
36 | SHA1 (patch-storage_federated_CMakeLists.txt) = f809504bad63129a06ce455b49ee40cca940891e | | 37 | SHA1 (patch-storage_federated_CMakeLists.txt) = f809504bad63129a06ce455b49ee40cca940891e |
37 | SHA1 (patch-storage_heap_CMakeLists.txt) = 0a1a5a7b5e83f14cec43bfa4782dd4bb7b629347 | | 38 | SHA1 (patch-storage_heap_CMakeLists.txt) = 0a1a5a7b5e83f14cec43bfa4782dd4bb7b629347 |
38 | SHA1 (patch-storage_myisam_CMakeLists.txt) = 55897ae78208f78a396776d1082cb5f98631fff8 | | 39 | SHA1 (patch-storage_myisam_CMakeLists.txt) = 55897ae78208f78a396776d1082cb5f98631fff8 |
39 | SHA1 (patch-storage_myisammrg_CMakeLists.txt) = 0a56a16ccaff3fa9de996fec6ffc324af9855a4e | | 40 | SHA1 (patch-storage_myisammrg_CMakeLists.txt) = 0a56a16ccaff3fa9de996fec6ffc324af9855a4e |
40 | SHA1 (patch-storage_ndb_include_util_Parser.hpp) = 037fc153619bf79ee95cb03a5ac4a71c14952c3a | | 41 | SHA1 (patch-storage_ndb_include_util_Parser.hpp) = 037fc153619bf79ee95cb03a5ac4a71c14952c3a |
41 | SHA1 (patch-strings_decimal.c) = 069c9d930c735f74510702baa9bef38aec425903 | | 42 | SHA1 (patch-strings_decimal.c) = 069c9d930c735f74510702baa9bef38aec425903 |
| | | 43 | SHA1 (patch-vio_viosslfactories.c) = ad3fa2152243c9d384c312d5554580e139c6398e |
$NetBSD: patch-include_violite.h,v 1.1.2.2 2015/07/19 17:58:43 tron Exp $
Backport from upstream to mysql 5.6.x:
https://github.com/mysql/mysql-server/commit/866b988a76e8e7e217017a7883a52a12ec5024b9
From 866b988a76e8e7e217017a7883a52a12ec5024b9 Mon Sep 17 00:00:00 2001
From: Marek Szymczak <marek.szymczak@oracle.com>
Date: Thu, 9 Oct 2014 16:39:43 +0200
Subject: [PATCH] Bug#18367167 DH KEY LENGTH OF 1024 BITS TO MEET MINIMUM REQ
OF FIPS 140-2
Perfect Forward Secrecy (PFS) requires Diffie-Hellman (DH) parameters to be set.
Current implementation uses DH key of 512 bit.
--- include/violite.h.orig 2015-05-05 13:05:53.000000000 +0200
+++ include/violite.h 2015-07-14 05:20:18.000000000 +0200
@@ -146,9 +146,10 @@
enum enum_ssl_init_error
{
SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY,
SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS,
- SSL_INITERR_MEMFAIL, SSL_INITERR_LASTERR
+ SSL_INITERR_MEMFAIL, SSL_INITERR_NO_USABLE_CTX, SSL_INITERR_DHFAIL,
+ SSL_INITERR_LASTERR
};
const char* sslGetErrString(enum enum_ssl_init_error err);
struct st_VioSSLFd
$NetBSD: patch-vio_viosslfactories.c,v 1.1.2.2 2015/07/19 17:58:43 tron Exp $
Backport from upstream to mysql 5.6.x:
https://github.com/mysql/mysql-server/commit/866b988a76e8e7e217017a7883a52a12ec5024b9
From 866b988a76e8e7e217017a7883a52a12ec5024b9 Mon Sep 17 00:00:00 2001
From: Marek Szymczak <marek.szymczak@oracle.com>
Date: Thu, 9 Oct 2014 16:39:43 +0200
Subject: [PATCH] Bug#18367167 DH KEY LENGTH OF 1024 BITS TO MEET MINIMUM REQ
OF FIPS 140-2
Perfect Forward Secrecy (PFS) requires Diffie-Hellman (DH) parameters to be set.
Current implementation uses DH key of 512 bit.
--- vio/viosslfactories.c.orig 2015-05-05 13:05:53.000000000 +0200
+++ vio/viosslfactories.c 2015-07-14 05:22:11.000000000 +0200
@@ -19,29 +19,58 @@
static my_bool ssl_algorithms_added = FALSE;
static my_bool ssl_error_strings_loaded= FALSE;
-static unsigned char dh512_p[]=
-{
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
+/*
+ Diffie-Hellman key.
+ Generated using: >openssl dhparam -5 -C 2048
+
+ -----BEGIN DH PARAMETERS-----
+ MIIBCAKCAQEAil36wGZ2TmH6ysA3V1xtP4MKofXx5n88xq/aiybmGnReZMviCPEJ
+ 46+7VCktl/RZ5iaDH1XNG1dVQmznt9pu2G3usU+k1/VB4bQL4ZgW4u0Wzxh9PyXD
+ glm99I9Xyj4Z5PVE4MyAsxCRGA1kWQpD9/zKAegUBPLNqSo886Uqg9hmn8ksyU9E
+ BV5eAEciCuawh6V0O+Sj/C3cSfLhgA0GcXp3OqlmcDu6jS5gWjn3LdP1U0duVxMB
+ h/neTSCSvtce4CAMYMjKNVh9P1nu+2d9ZH2Od2xhRIqMTfAS1KTqF3VmSWzPFCjG
+ mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ==
+ -----END DH PARAMETERS-----
+ */
+static unsigned char dh2048_p[]=
+{
+ 0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37,
+ 0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C,
+ 0xC6, 0xAF, 0xDA, 0x8B, 0x26, 0xE6, 0x1A, 0x74, 0x5E, 0x64, 0xCB, 0xE2,
+ 0x08, 0xF1, 0x09, 0xE3, 0xAF, 0xBB, 0x54, 0x29, 0x2D, 0x97, 0xF4, 0x59,
+ 0xE6, 0x26, 0x83, 0x1F, 0x55, 0xCD, 0x1B, 0x57, 0x55, 0x42, 0x6C, 0xE7,
+ 0xB7, 0xDA, 0x6E, 0xD8, 0x6D, 0xEE, 0xB1, 0x4F, 0xA4, 0xD7, 0xF5, 0x41,
+ 0xE1, 0xB4, 0x0B, 0xE1, 0x98, 0x16, 0xE2, 0xED, 0x16, 0xCF, 0x18, 0x7D,
+ 0x3F, 0x25, 0xC3, 0x82, 0x59, 0xBD, 0xF4, 0x8F, 0x57, 0xCA, 0x3E, 0x19,
+ 0xE4, 0xF5, 0x44, 0xE0, 0xCC, 0x80, 0xB3, 0x10, 0x91, 0x18, 0x0D, 0x64,
+ 0x59, 0x0A, 0x43, 0xF7, 0xFC, 0xCA, 0x01, 0xE8, 0x14, 0x04, 0xF2, 0xCD,
+ 0xA9, 0x2A, 0x3C, 0xF3, 0xA5, 0x2A, 0x83, 0xD8, 0x66, 0x9F, 0xC9, 0x2C,
+ 0xC9, 0x4F, 0x44, 0x05, 0x5E, 0x5E, 0x00, 0x47, 0x22, 0x0A, 0xE6, 0xB0,
+ 0x87, 0xA5, 0x74, 0x3B, 0xE4, 0xA3, 0xFC, 0x2D, 0xDC, 0x49, 0xF2, 0xE1,
+ 0x80, 0x0D, 0x06, 0x71, 0x7A, 0x77, 0x3A, 0xA9, 0x66, 0x70, 0x3B, 0xBA,
+ 0x8D, 0x2E, 0x60, 0x5A, 0x39, 0xF7, 0x2D, 0xD3, 0xF5, 0x53, 0x47, 0x6E,
+ 0x57, 0x13, 0x01, 0x87, 0xF9, 0xDE, 0x4D, 0x20, 0x92, 0xBE, 0xD7, 0x1E,
+ 0xE0, 0x20, 0x0C, 0x60, 0xC8, 0xCA, 0x35, 0x58, 0x7D, 0x3F, 0x59, 0xEE,
+ 0xFB, 0x67, 0x7D, 0x64, 0x7D, 0x8E, 0x77, 0x6C, 0x61, 0x44, 0x8A, 0x8C,
+ 0x4D, 0xF0, 0x12, 0xD4, 0xA4, 0xEA, 0x17, 0x75, 0x66, 0x49, 0x6C, 0xCF,
+ 0x14, 0x28, 0xC6, 0x9A, 0x3C, 0x71, 0xFD, 0xB8, 0x3A, 0x6C, 0xE3, 0xA3,
+ 0xA6, 0x06, 0x5A, 0xA6, 0xF0, 0x7A, 0x00, 0x15, 0xA5, 0x5A, 0x64, 0x66,
+ 0x00, 0x05, 0x85, 0xB7,
};
-static unsigned char dh512_g[]={
- 0x02,
+static unsigned char dh2048_g[]={
+ 0x05,
};
-static DH *get_dh512(void)
+static DH *get_dh2048(void)
{
DH *dh;
if ((dh=DH_new()))
{
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if (! dh->p || ! dh->g)
{
DH_free(dh);
dh=0;
@@ -80,9 +109,11 @@
"Unable to get private key",
"Private key does not match the certificate public key",
"SSL_CTX_set_default_verify_paths failed",
"Failed to set ciphers to use",
- "SSL_CTX_new failed"
+ "SSL_CTX_new failed",
+ "SSL context is not usable without certificate and private key",
+ "SSL_CTX_set_tmp_dh failed"
};
const char*
sslGetErrString(enum enum_ssl_init_error e)
@@ -284,10 +315,19 @@
DBUG_RETURN(0);
}
/* DH stuff */
- dh=get_dh512();
- SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
+ dh= get_dh2048();
+ if (SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh) == 0)
+ {
+ *error= SSL_INITERR_DHFAIL;
+ DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
+ report_errors();
+ DH_free(dh);
+ SSL_CTX_free(ssl_fd->ssl_context);
+ my_free(ssl_fd);
+ DBUG_RETURN(0);
+ }
DH_free(dh);
DBUG_PRINT("exit", ("OK 1"));
--- pkgsrc/databases/mysql56-server/Makefile 2015/04/08 10:38:48 1.24
+++ pkgsrc/databases/mysql56-server/Makefile 2015/07/19 17:58:43 1.24.2.1
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.24 2015/04/08 10:38:48 adam Exp $ | | 1 | # $NetBSD: Makefile,v 1.24.2.1 2015/07/19 17:58:43 tron Exp $ |
2 | | | 2 | |
3 | PKGNAME= ${DISTNAME:S/-/-server-/} | | 3 | PKGNAME= ${DISTNAME:S/-/-server-/} |
| | | 4 | PKGREVISION= 1 |
4 | COMMENT= MySQL 5, a free SQL database (server) | | 5 | COMMENT= MySQL 5, a free SQL database (server) |
5 | | | 6 | |
6 | CONFLICTS= mysql3-server-[0-9]* | | 7 | CONFLICTS= mysql3-server-[0-9]* |
7 | | | 8 | |
8 | .include "../../databases/mysql56-client/Makefile.common" | | 9 | .include "../../databases/mysql56-client/Makefile.common" |
9 | | | 10 | |
10 | CMAKE_ARGS+= -DWITH_LIBWRAP=ON | | 11 | CMAKE_ARGS+= -DWITH_LIBWRAP=ON |
11 | CMAKE_ARGS+= -DINSTALL_INFODIR=${PKGINFODIR} | | 12 | CMAKE_ARGS+= -DINSTALL_INFODIR=${PKGINFODIR} |
12 | | | 13 | |
13 | .if !empty(PKG_OPTIONS:Membedded-server) | | 14 | .if !empty(PKG_OPTIONS:Membedded-server) |
14 | CMAKE_ARGS+= -DWITH_EMBEDDED_SERVER=ON | | 15 | CMAKE_ARGS+= -DWITH_EMBEDDED_SERVER=ON |
15 | PLIST.embedded= yes | | 16 | PLIST.embedded= yes |
16 | .else | | 17 | .else |