similarity index 100%
rename from meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb
rename to meta-oe/recipes-dbs/mysql/mariadb-native_10.8.3.bb
@@ -19,11 +19,10 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
file://ssize_t.patch \
file://mm_malloc.patch \
file://sys_futex.patch \
- file://mariadb-openssl3.patch \
"
SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch"
-SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173"
+SRC_URI[sha256sum] = "887eadc55176ac1ead1fccfc89ade4b5990ef192745ad4dcd879acb41c050892"
UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
@@ -66,7 +65,6 @@ PACKAGECONFIG:class-native = ""
PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam"
PACKAGECONFIG[valgrind] = "-DWITH_VALGRIND=TRUE,-DWITH_VALGRIND=FALSE,valgrind"
PACKAGECONFIG[krb5] = ", ,krb5"
-PACKAGECONFIG[zstd] = "-DWITH_ROCKSDB_ZSTD=ON,-DWITH_ROCKSDB_ZSTD=OFF,zstd"
PACKAGECONFIG[openssl] = "-DWITH_SSL='system',-DWITH_SSL='bundled',openssl"
# MariaDB doesn't link properly with gold
@@ -176,6 +174,13 @@ do_install() {
if [ -f ${D}${datadir}/doc/README ]; then
mv ${D}${datadir}/doc/README ${D}${datadir}/doc/${PN}/
fi
+
+ # mini-benchmark used for Gitlab-CI to run on every commit to catch
+ # if there are severe performance regressions.
+ # remove it to avoid introducing bash dependency
+ if [ -f ${D}${datadir}/mysql/mini-benchmark ]; then
+ rm -rf ${D}${datadir}/mysql/mini-benchmark
+ fi
if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
pam_so=$(find ${D} -name pam_user_map.so)
if [ x"${pam_so}" != x ]; then
deleted file mode 100644
@@ -1,416 +0,0 @@
-From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001
-From: Vladislav Vaintroub <wlad@mariadb.com>
-Date: Mon, 8 Nov 2021 18:48:19 +0100
-Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
-
-Summary of changes
-
-- MD_CTX_SIZE is increased
-
-- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
- to nobody knows where. The assumption made previously was that
- (since the function does not seem to be documented)
- was that it points to the last partial source block.
- Add own partial block buffer for NOPAD encryption instead
-
-- SECLEVEL in CipherString in openssl.cnf
- had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
-
-- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
- in addition to what was set in --ssl-cipher
-
-- ctx_buf buffer now must be aligned to 16 bytes with openssl(
- previously with WolfSSL only), ot crashes will happen
-
-- updated aes-t , to be better debuggable
- using function, rather than a huge multiline macro
- added test that does "nopad" encryption piece-wise, to test
- replacement of EVP_CIPHER_CTX_buf_noconst
-
-Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch
-
-Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- cmake/ssl.cmake | 21 +++++-
- include/mysql/service_my_crypt.h | 2 +-
- include/ssl_compat.h | 3 +-
- mysql-test/lib/openssl.cnf | 2 +-
- mysql-test/main/ssl_cipher.result | 6 +-
- mysql-test/main/ssl_cipher.test | 2 +-
- mysys_ssl/my_crypt.cc | 46 +++++++-----
- unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++--------
- 8 files changed, 143 insertions(+), 60 deletions(-)
-
-diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
-index a6793cf3..64c93ff9 100644
---- a/cmake/ssl.cmake
-+++ b/cmake/ssl.cmake
-@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
- ENDIF()
- FIND_PACKAGE(OpenSSL)
- SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
-- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
-+ IF(OPENSSL_FOUND)
- SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
- INCLUDE(CheckSymbolExists)
- SET(SSL_SOURCES "")
-@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
- SET(SSL_INTERNAL_INCLUDE_DIRS "")
- SET(SSL_DEFINES "-DHAVE_OPENSSL")
-
-+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
-+ ENDFOREACH()
-+
-+ # Silence "deprecated in OpenSSL 3.0"
-+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
-+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
-+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
-+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
-+ ENDIF()
-+
- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
- SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
-- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+
- CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
- HAVE_ERR_remove_thread_state)
- CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
-@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
- HAVE_EncryptAes128Gcm)
- CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
- HAVE_X509_check_host)
-- SET(CMAKE_REQUIRED_INCLUDES)
-- SET(CMAKE_REQUIRED_LIBRARIES)
-+
-+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
-+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
-+ ENDFOREACH()
- ELSE()
- IF(WITH_SSL STREQUAL "system")
- MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
-diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
-index 2a232117..bb038aaa 100644
---- a/include/mysql/service_my_crypt.h
-+++ b/include/mysql/service_my_crypt.h
-@@ -45,7 +45,7 @@ extern "C" {
- /* The max key length of all supported algorithms */
- #define MY_AES_MAX_KEY_LENGTH 32
-
--#define MY_AES_CTX_SIZE 656
-+#define MY_AES_CTX_SIZE 672
-
- enum my_aes_mode {
- MY_AES_ECB, MY_AES_CBC
-diff --git a/include/ssl_compat.h b/include/ssl_compat.h
-index 8dc12254..6db1baab 100644
---- a/include/ssl_compat.h
-+++ b/include/ssl_compat.h
-@@ -24,7 +24,7 @@
- #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
- #define ERR_remove_state(X) ERR_clear_error()
- #define EVP_CIPHER_CTX_SIZE 176
--#define EVP_MD_CTX_SIZE 48
-+#define EVP_MD_CTX_SIZE 72
- #undef EVP_MD_CTX_init
- #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
- #undef EVP_CIPHER_CTX_init
-@@ -77,7 +77,6 @@
- #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
- #endif
-
--#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
- #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
- #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
-
-diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf
-index b9ab37ac..7cd6f748 100644
---- a/mysql-test/lib/openssl.cnf
-+++ b/mysql-test/lib/openssl.cnf
-@@ -9,4 +9,4 @@ ssl_conf = ssl_section
- system_default = system_default_section
-
- [system_default_section]
--CipherString = ALL:@SECLEVEL=1
-+CipherString = ALL:@SECLEVEL=0
-diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result
-index 930d384e..66d817b7 100644
---- a/mysql-test/main/ssl_cipher.result
-+++ b/mysql-test/main/ssl_cipher.result
-@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL;
- SHOW STATUS LIKE 'Ssl_cipher';
- Variable_name Value
- Ssl_cipher AES128-SHA
--SHOW STATUS LIKE 'Ssl_cipher_list';
--Variable_name Value
--Ssl_cipher_list AES128-SHA
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
-+VARIABLE_VALUE like '%AES128-SHA%'
-+1
- disconnect ssl_con;
- connection default;
-diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test
-index 36549d76..d4cdcffb 100644
---- a/mysql-test/main/ssl_cipher.test
-+++ b/mysql-test/main/ssl_cipher.test
-@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA;
- source include/restart_mysqld.inc;
- connect (ssl_con,localhost,root,,,,,SSL);
- SHOW STATUS LIKE 'Ssl_cipher';
--SHOW STATUS LIKE 'Ssl_cipher_list';
-+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
- disconnect ssl_con;
- connection default;
-diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
-index e512eee9..4d7ebc7b 100644
---- a/mysys_ssl/my_crypt.cc
-+++ b/mysys_ssl/my_crypt.cc
-@@ -29,11 +29,7 @@
- #include <ssl_compat.h>
- #include <cstdint>
-
--#ifdef HAVE_WOLFSSL
- #define CTX_ALIGN 16
--#else
--#define CTX_ALIGN 0
--#endif
-
- class MyCTX
- {
-@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
- {
- public:
- const uchar *key;
-- uint klen, buf_len;
-+ uint klen, source_tail_len;
- uchar oiv[MY_AES_BLOCK_SIZE];
-+ uchar source_tail[MY_AES_BLOCK_SIZE];
-
- MyCTX_nopad() : MyCTX() { }
- ~MyCTX_nopad() { }
-@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX
- compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
- this->key= key;
- this->klen= klen;
-- this->buf_len= 0;
-+ this->source_tail_len= 0;
- if (ivlen)
- memcpy(oiv, iv, ivlen);
- DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
-@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX
- return res;
- }
-
-+ /** Update last partial source block, stored in source_tail array. */
-+ void update_source_tail(const uchar* src, uint slen)
-+ {
-+ if (!slen)
-+ return;
-+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
-+ if (new_tail_len)
-+ {
-+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
-+ {
-+ memcpy(source_tail + source_tail_len, src, slen);
-+ }
-+ else
-+ {
-+ DBUG_ASSERT(slen > new_tail_len);
-+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
-+ }
-+ }
-+ source_tail_len= new_tail_len;
-+ }
-+
- int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
- {
-- buf_len+= slen;
-+ update_source_tail(src, slen);
- return MyCTX::update(src, slen, dst, dlen);
- }
-
- int finish(uchar *dst, uint *dlen)
- {
-- buf_len %= MY_AES_BLOCK_SIZE;
-- if (buf_len)
-+ if (source_tail_len)
- {
-- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
- /*
- Not much we can do, block ciphers cannot encrypt data that aren't
- a multiple of the block length. At least not without padding.
- Let's do something CTR-like for the last partial block.
--
-- NOTE this assumes that there are only buf_len bytes in the buf.
-- If OpenSSL will change that, we'll need to change the implementation
-- of this class too.
- */
- uchar mask[MY_AES_BLOCK_SIZE];
- uint mlen;
-@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX
- return rc;
- DBUG_ASSERT(mlen == sizeof(mask));
-
-- for (uint i=0; i < buf_len; i++)
-- dst[i]= buf[i] ^ mask[i];
-+ for (uint i=0; i < source_tail_len; i++)
-+ dst[i]= source_tail[i] ^ mask[i];
- }
-- *dlen= buf_len;
-+ *dlen= source_tail_len;
- return MY_AES_OK;
- }
- };
-diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c
-index 34704e06..cbec2760 100644
---- a/unittest/mysys/aes-t.c
-+++ b/unittest/mysys/aes-t.c
-@@ -21,27 +21,96 @@
- #include <string.h>
- #include <ctype.h>
-
--#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \
-- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \
-- { \
-- memset(src, fill, src_len= slen); \
-- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \
-- src, src_len, dst, &dst_len, \
-- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
-- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \
-- if (!nopad) \
-- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
-- my_md5(md5, (char*)dst, dst_len); \
-- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \
-- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \
-- dst, dst_len, ddst, &ddst_len, \
-- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
-- "decrypt " #mode " %u", dst_len); \
-- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
-+
-+/** Test streaming encryption, bytewise update.*/
-+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
-+ unsigned int slen, unsigned char *dst, unsigned int *dlen,
-+ const unsigned char *key, unsigned int klen,
-+ const unsigned char *iv, unsigned int ivlen)
-+{
-+ /* Allocate context on odd address on stack, in order to
-+ catch misalignment errors.*/
-+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
-+
-+ int res1, res2;
-+ uint d1= 0, d2;
-+ uint i;
-+
-+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
-+ return res1;
-+ for (i= 0; i < slen; i++)
-+ {
-+ uint tmp_d1=0;
-+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
-+ if (res1)
-+ return res1;
-+ d1+= tmp_d1;
-+ dst+= tmp_d1;
-+ }
-+ res2= my_aes_crypt_finish(ctx, dst, &d2);
-+ *dlen= d1 + d2;
-+ return res1 ? res1 : res2;
-+}
-+
-+
-+#ifndef HAVE_EncryptAes128Ctr
-+const uint MY_AES_CTR=0xDEADBEAF;
-+#endif
-+#ifndef HAVE_EncryptAes128Gcm
-+const uint MY_AES_GCM=0xDEADBEAF;
-+#endif
-+
-+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF)
-+
-+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
-+ char fill, size_t dlen, const char *hash)
-+{
-+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
-+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
-+ uchar src[1000], dst[1100], dst2[1100], ddst[1000];
-+ uchar md5[MY_MD5_HASH_SIZE];
-+ uint src_len, dst_len, dst_len2, ddst_len;
-+ int result;
-+
-+ if (MY_AES_UNSUPPORTED(mode))
-+ {
-+ skip(nopad?7:6, "%s not supported", mode_str);
-+ return;
-+ }
-+ memset(src, fill, src_len= slen);
-+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
-+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
-+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
-+ nopad ? "nopad" : "pad");
-+
-+ if (nopad)
-+ {
-+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
-+ src_len, dst2, &dst_len2, key, sizeof(key),
-+ iv, sizeof(iv));
-+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
-+ /* Compare with non-bytewise encryption result*/
-+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
-+ "memcmp bytewise %s %u", mode_str, src_len);
-+ }
-+ else
-+ {
-+ int dst_len_real= my_aes_get_size(mode, src_len);
-+ ok(dst_len_real= dst_len, "my_aes_get_size");
- }
-+ my_md5(md5, (char *) dst, dst_len);
-+ ok(dst_len == dlen, "md5 len");
-+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
-+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
-+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
-+ sizeof(iv));
-+
-+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
-+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
-+}
-
--#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
--#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
-+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
-+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
-
- /* useful macro for debugging */
- #define PRINT_MD5() \
-@@ -53,25 +122,15 @@
- printf("\"\n"); \
- } while(0);
-
--#ifndef HAVE_EncryptAes128Ctr
--const uint MY_AES_CTR=0xDEADBEAF;
--#endif
--#ifndef HAVE_EncryptAes128Gcm
--const uint MY_AES_GCM=0xDEADBEAF;
--#endif
-
- int
- main(int argc __attribute__((unused)),char *argv[])
- {
-- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
-- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
-- uchar src[1000], dst[1100], ddst[1000];
-- uchar md5[MY_MD5_HASH_SIZE];
-- uint src_len, dst_len, ddst_len;
-
- MY_INIT(argv[0]);
-
-- plan(87);
-+ plan(122);
-+
- DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
- DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
- DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
-2.25.1
-
similarity index 91%
rename from meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb
rename to meta-oe/recipes-dbs/mysql/mariadb_10.8.3.bb
@@ -3,7 +3,7 @@ require mariadb.inc
inherit qemu
DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \
- zlib libaio libedit libevent libxml2 gnutls fmt lzo"
+ zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd"
PROVIDES += "mysql5 libmysqlclient"