diff options
Diffstat (limited to 'meta-oe/recipes-dbs')
20 files changed, 759 insertions, 508 deletions
diff --git a/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch b/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch new file mode 100644 index 0000000000..312809d1d2 --- /dev/null +++ b/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch @@ -0,0 +1,22 @@ +From b4d418bf3f78748d84e3cfb110833443eef34284 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@cold-front.org> +Date: Thu, 25 Aug 2022 17:22:20 -0400 +Subject: [PATCH] make: set soname on liblmdb + +--- + libraries/liblmdb/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile +index 1ec74e6..ea08cd6 100644 +--- a/libraries/liblmdb/Makefile ++++ b/libraries/liblmdb/Makefile +@@ -66,7 +66,7 @@ liblmdb.a: mdb.o midl.o + + liblmdb$(SOEXT): mdb.lo midl.lo + # $(CC) $(LDFLAGS) -pthread -shared -Wl,-Bsymbolic -o $@ mdb.o midl.o $(SOLIBS) +- $(CC) $(LDFLAGS) -pthread -shared -o $@ mdb.lo midl.lo $(SOLIBS) ++ $(CC) $(LDFLAGS) -pthread -shared -Wl,-soname,$@ -o $@ mdb.lo midl.lo $(SOLIBS) + + mdb_stat: mdb_stat.o liblmdb.a + mdb_copy: mdb_copy.o liblmdb.a diff --git a/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb b/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb index b58a36c446..a76d388d70 100644 --- a/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb +++ b/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb @@ -11,16 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972" SRC_URI = "git://github.com/LMDB/lmdb.git;nobranch=1;protocol=https \ file://run-ptest \ file://0001-Makefile-use-libprefix-instead-of-libdir.patch \ + file://0001-make-set-soname-on-liblmdb.patch;patchdir=../.. \ " SRCREV = "8ad7be2510414b9506ec9f9e24f24d04d9b04a1a" -inherit base ptest +inherit ptest S = "${WORKDIR}/git/libraries/liblmdb" -LDFLAGS += "-Wl,-soname,lib${PN}.so.${PV}" - do_compile() { oe_runmake CC="${CC}" SOEXT=".so.${PV}" LDFLAGS="${LDFLAGS}" } diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb index e38726d3f9..17a06349b0 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb @@ -2,7 +2,9 @@ require mariadb.inc inherit native PROVIDES += "mysql5-native" -DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native" +DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native \ +gnutls-native fmt-native \ +" RDEPENDS:${PN} = "" PACKAGES = "" diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 922373b633..7c4b0a467f 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -19,11 +19,14 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://ssize_t.patch \ file://mm_malloc.patch \ file://sys_futex.patch \ - file://mariadb-openssl3.patch \ + file://cross-compiling.patch \ + file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ + file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \ + file://CVE-2023-22084.patch \ " SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch" -SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173" +SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" @@ -61,6 +64,8 @@ FILES:${PN}-setupdb = "${sysconfdir}/init.d/install_db \ ${bindir}/mysql-systemd-start \ " +EXTRA_OEMAKE = "'GEN_LEX_HASH=${STAGING_BINDIR_NATIVE}/gen_lex_hash'" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" PACKAGECONFIG:class-native = "" PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam" @@ -95,9 +100,9 @@ EXTRA_OECMAKE = "-DWITH_EMBEDDED_SERVER=ON \ -DINSTALL_SYSCONFDIR:PATH=${sysconfdir} \ -DMYSQL_DATADIR:PATH=/var/mysql \ -DCAT_EXECUTABLE=`which cat` \ + -DSTACK_DIRECTION=1 \ -DCMAKE_AR:FILEPATH=${AR}" -EXTRA_OECMAKE:prepend:class-target = "-DCMAKE_CROSSCOMPILING_EMULATOR=${WORKDIR}/qemuwrapper " # With Ninja it fails with: # make: *** No rule to make target `install'. Stop. @@ -121,18 +126,12 @@ do_generate_toolchain_file:append:class-native () { sed -i "/set( CMAKE_SYSTEM_PROCESSOR/d" ${WORKDIR}/toolchain.cmake } -do_configure:prepend:class-target () { - # Write out a qemu wrapper that will be used by cmake - # so that it can run target helper binaries through that. - qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_DIR_HOST}${base_libdir}')])}" - cat > ${WORKDIR}/qemuwrapper << EOF -#!/bin/sh -$qemu_binary "\$@" -EOF - chmod +x ${WORKDIR}/qemuwrapper -} do_compile:prepend:class-target () { + # These need to be in-tree or make will think they need to be built, + # and since we're cross-compiling that is disabled + cp ${STAGING_BINDIR_NATIVE}/comp_err ${S}/extra + cp ${STAGING_BINDIR_NATIVE}/comp_sql ${S}/scripts if [ "${@bb.utils.contains('PACKAGECONFIG', 'krb5', 'yes', 'no', d)}" = "no" ]; then if ! [ -e ${B}/include/openssl/kssl.h ] ; then mkdir -p ${B}/include/openssl diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch new file mode 100644 index 0000000000..2fe768d754 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch @@ -0,0 +1,320 @@ +From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001 +From: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> +Date: Tue, 27 Sep 2022 15:22:57 +0900 +Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in + spider_db_mbase::print_warnings() + +The function spider_db_mbase::print_warnings() can potentially result +in a null pointer dereference. + +Remove the null pointer dereference by cleaning up the function. + +Some small changes to the original commit +422fb63a9bbee35c50b6c7be19d199afe0bc98fa. + +CVE: CVE-2022-47015 + +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0] + +Co-Authored-By: Yuchen Pei <yuchen.pei@mariadb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + .../spider/bugfix/r/mdev_29644.result | 41 ++++++ + .../mysql-test/spider/bugfix/t/mdev_29644.cnf | 3 + + .../spider/bugfix/t/mdev_29644.test | 56 ++++++++ + storage/spider/spd_db_mysql.cc | 124 ++++++++---------- + storage/spider/spd_db_mysql.h | 2 +- + 5 files changed, 154 insertions(+), 72 deletions(-) + create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test + +diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +new file mode 100644 +index 00000000000..b52cecc5bb7 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +@@ -0,0 +1,41 @@ ++# ++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++# ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 ++connection child2_1; ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++CREATE TABLE tbl_a ( ++a CHAR(5) ++) ENGINE=InnoDB DEFAULT CHARSET=utf8; ++SET GLOBAL sql_mode=''; ++connection master_1; ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++CREATE TABLE tbl_a ( ++a CHAR(255) ++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"'; ++SET sql_mode=''; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++SET GLOBAL spider_log_result_errors=4; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++connection master_1; ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++connection child2_1; ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +new file mode 100644 +index 00000000000..05dfd8a0bce +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +@@ -0,0 +1,3 @@ ++!include include/default_mysqld.cnf ++!include ../my_1_1.cnf ++!include ../my_2_1.cnf +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +new file mode 100644 +index 00000000000..3a8fbb251e1 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +@@ -0,0 +1,56 @@ ++--echo # ++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++--echo # ++ ++# The test case below does not cause the potential null pointer dereference. ++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works. ++ ++--disable_query_log ++--disable_result_log ++--source ../../t/test_init.inc ++--enable_result_log ++--enable_query_log ++ ++--connection child2_1 ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++eval CREATE TABLE tbl_a ( ++ a CHAR(5) ++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET; ++ ++SET GLOBAL sql_mode=''; ++ ++--connection master_1 ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++eval CREATE TABLE tbl_a ( ++ a CHAR(255) ++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"'; ++ ++SET sql_mode=''; ++ ++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err; ++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should not find ++ ++SET GLOBAL spider_log_result_errors=4; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should find ++ ++--connection master_1 ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++ ++--connection child2_1 ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++ ++--disable_query_log ++--disable_result_log ++--source ../t/test_deinit.inc ++--enable_query_log ++--enable_result_log +diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc +index d377d2bd807..bc8383017f7 100644 +--- a/storage/spider/spd_db_mysql.cc ++++ b/storage/spider/spd_db_mysql.cc +@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query( + db_conn->affected_rows, db_conn->insert_id, + db_conn->server_status, db_conn->warning_count); + if (spider_param_log_result_errors() >= 3) +- print_warnings(l_time); ++ fetch_and_print_warnings(l_time); + } else if (log_result_errors >= 4) + { + time_t cur_time = (time_t) time((time_t*) 0); +@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error( + DBUG_RETURN(xa_nota); + } + +-int spider_db_mbase::print_warnings( +- struct tm *l_time +-) { ++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time) ++{ + int error_num = 0; +- DBUG_ENTER("spider_db_mbase::print_warnings"); ++ DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings"); + DBUG_PRINT("info",("spider this=%p", this)); +- if (db_conn->status == MYSQL_STATUS_READY) ++ ++ if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY || ++ db_conn->server_status & SERVER_MORE_RESULTS_EXISTS || ++ !db_conn->warning_count) ++ DBUG_RETURN(0); ++ ++ if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, ++ SPIDER_SQL_SHOW_WARNINGS_LEN)) ++ DBUG_RETURN(0); ++ ++ MYSQL_RES *res= mysql_store_result(db_conn); ++ if (!res) ++ DBUG_RETURN(0); ++ ++ uint num_fields= mysql_num_fields(res); ++ if (num_fields != 3) + { +- if ( +-#if MYSQL_VERSION_ID < 50500 +- !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->last_used_con->warning_count +-#else +- !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->warning_count +-#endif +- ) { +- if ( +- spider_param_dry_access() || +- !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, +- SPIDER_SQL_SHOW_WARNINGS_LEN) +- ) { +- MYSQL_RES *res = NULL; +- MYSQL_ROW row = NULL; +- uint num_fields; +- if ( +- spider_param_dry_access() || +- !(res = mysql_store_result(db_conn)) || +- !(row = mysql_fetch_row(res)) +- ) { +- if (mysql_errno(db_conn)) +- { +- if (res) +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- /* no record is ok */ +- } +- num_fields = mysql_num_fields(res); +- if (num_fields != 3) +- { +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- if (l_time) +- { +- while (row) +- { +- fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] " +- "from [%s] %ld to %ld: %s %s %s\n", ++ mysql_free_result(res); ++ DBUG_RETURN(0); ++ } ++ ++ MYSQL_ROW row= mysql_fetch_row(res); ++ if (l_time) ++ { ++ while (row) ++ { ++ fprintf(stderr, ++ "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld " ++ "to %ld: %s %s %s\n", + l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday, +- l_time->tm_hour, l_time->tm_min, l_time->tm_sec, +- conn->tgt_host, (ulong) db_conn->thread_id, +- (ulong) current_thd->thread_id, row[0], row[1], row[2]); +- row = mysql_fetch_row(res); +- } +- } else { +- while (row) +- { +- DBUG_PRINT("info",("spider row[0]=%s", row[0])); +- DBUG_PRINT("info",("spider row[1]=%s", row[1])); +- DBUG_PRINT("info",("spider row[2]=%s", row[2])); +- longlong res_num = +- (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); +- DBUG_PRINT("info",("spider res_num=%lld", res_num)); +- my_printf_error((int) res_num, row[2], MYF(0)); +- error_num = (int) res_num; +- row = mysql_fetch_row(res); +- } +- } +- if (res) +- mysql_free_result(res); +- } ++ l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, ++ (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], ++ row[1], row[2]); ++ row= mysql_fetch_row(res); ++ } ++ } else { ++ while (row) ++ { ++ DBUG_PRINT("info",("spider row[0]=%s", row[0])); ++ DBUG_PRINT("info",("spider row[1]=%s", row[1])); ++ DBUG_PRINT("info",("spider row[2]=%s", row[2])); ++ longlong res_num = ++ (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); ++ DBUG_PRINT("info",("spider res_num=%lld", res_num)); ++ my_printf_error((int) res_num, row[2], MYF(0)); ++ error_num = (int) res_num; ++ row = mysql_fetch_row(res); + } + } ++ ++ mysql_free_result(res); ++ + DBUG_RETURN(error_num); + } + +@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status( + DBUG_RETURN(error_num); + } + } +- if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL))) ++ if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL))) + { + DBUG_RETURN(error_num); + } +diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h +index e90461ea278..a2012352f21 100644 +--- a/storage/spider/spd_db_mysql.h ++++ b/storage/spider/spd_db_mysql.h +@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn + bool is_xa_nota_error( + int error_num + ); +- int print_warnings( ++ int fetch_and_print_warnings( + struct tm *l_time + ); + spider_db_result *store_result( +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch new file mode 100644 index 0000000000..456a2bad64 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch @@ -0,0 +1,69 @@ +From f92f657973997df30afdb0032c88ad3a14ead46b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 15:48:21 +0800 +Subject: [PATCH] sql/CMakeLists.txt: fix gen_lex_hash not found + +Fix the below do_compile issue in cross-compiling env. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_hash', needed by 'sql/lex_hash.h'. Stop. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_token', needed by 'sql/lex_token.h'. Stop. + +Upstream-Status: Inappropriate [oe build specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + sql/CMakeLists.txt | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt +index 241b482..27a3991 100644 +--- a/sql/CMakeLists.txt ++++ b/sql/CMakeLists.txt +@@ -60,11 +60,18 @@ ${CMAKE_BINARY_DIR}/sql + ${CMAKE_SOURCE_DIR}/tpool + ) + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h +- COMMAND gen_lex_token > lex_token.h +- DEPENDS gen_lex_token ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h ++ DEPENDS gen_lex_token ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h + ) ++ENDIF() + + FIND_PACKAGE(BISON 2.4) + +@@ -372,11 +379,18 @@ IF(NOT CMAKE_CROSSCOMPILING OR DEFINED CMAKE_CROSSCOMPILING_EMULATOR) + ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc) + ENDIF() + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h +- COMMAND gen_lex_hash > lex_hash.h +- DEPENDS gen_lex_hash ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h ++ DEPENDS gen_lex_hash ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h + ) ++ENDIF() + + MYSQL_ADD_EXECUTABLE(mariadb-tzinfo-to-sql tztime.cc) + SET_TARGET_PROPERTIES(mariadb-tzinfo-to-sql PROPERTIES COMPILE_FLAGS "-DTZINFO2SQL") +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch new file mode 100644 index 0000000000..3053614854 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch @@ -0,0 +1,91 @@ +From 15ae97b1c2c14f1263cdc853673c4129625323de Mon Sep 17 00:00:00 2001 +From: Marko Mäkelä <marko.makela@mariadb.com> +Date: Thu, 8 Feb 2024 08:09:20 +0000 +Subject: [PATCH] MDEV-32578 row_merge_fts_doc_tokenize() handles parser plugin + inconsistently + +When mysql/mysql-server@0c954c2 +added a plugin interface for FULLTEXT INDEX tokenization to MySQL 5.7, +fts_tokenize_ctx::processed_len got a second meaning, which is only +partly implemented in row_merge_fts_doc_tokenize(). + +This inconsistency could cause a crash when using FULLTEXT...WITH PARSER. +A test case that would crash MySQL 8.0 when using an n-gram parser and +single-character words would fail to crash in MySQL 5.7, because the +buf_full condition in row_merge_fts_doc_tokenize() was not met. + +This change is inspired by +mysql/mysql-server@38e9a07 +that appeared in MySQL 5.7.44. + +CVE: CVE-2023-22084 +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/15ae97b1c2c1] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + storage/innobase/include/row0ftsort.h | 6 +++++- + storage/innobase/row/row0ftsort.cc | 11 ++++++++--- + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/storage/innobase/include/row0ftsort.h b/storage/innobase/include/row0ftsort.h +index 65508caf..3ffa8243 100644 +--- a/storage/innobase/include/row0ftsort.h ++++ b/storage/innobase/include/row0ftsort.h +@@ -104,7 +104,10 @@ typedef UT_LIST_BASE_NODE_T(row_fts_token_t) fts_token_list_t; + + /** Structure stores information from string tokenization operation */ + struct fts_tokenize_ctx { +- ulint processed_len; /*!< processed string length */ ++ /** the processed string length in bytes ++ (when using the built-in tokenizer), ++ or the number of row_merge_fts_doc_tokenize_by_parser() calls */ ++ ulint processed_len; + ulint init_pos; /*!< doc start position */ + ulint buf_used; /*!< the sort buffer (ID) when + tokenization stops, which +@@ -115,6 +118,7 @@ struct fts_tokenize_ctx { + ib_rbt_t* cached_stopword;/*!< in: stopword list */ + dfield_t sort_field[FTS_NUM_FIELDS_SORT]; + /*!< in: sort field */ ++ /** parsed tokens (when using an external parser) */ + fts_token_list_t fts_token_list; + + fts_tokenize_ctx() : +diff --git a/storage/innobase/row/row0ftsort.cc b/storage/innobase/row/row0ftsort.cc +index 86e96624..406ff60f 100644 +--- a/storage/innobase/row/row0ftsort.cc ++++ b/storage/innobase/row/row0ftsort.cc +@@ -491,7 +491,10 @@ row_merge_fts_doc_tokenize( + + /* Tokenize the data and add each word string, its corresponding + doc id and position to sort buffer */ +- while (t_ctx->processed_len < doc->text.f_len) { ++ while (parser ++ ? (!t_ctx->processed_len ++ || UT_LIST_GET_LEN(t_ctx->fts_token_list)) ++ : t_ctx->processed_len < doc->text.f_len) { + ulint idx = 0; + ulint cur_len; + doc_id_t write_doc_id; +@@ -831,7 +834,8 @@ void fts_parallel_tokenization( + /* Not yet finish processing the "doc" on hand, + continue processing it */ + ut_ad(doc.text.f_str); +- ut_ad(t_ctx.processed_len < doc.text.f_len); ++ ut_ad(buf[0]->index->parser ++ || t_ctx.processed_len < doc.text.f_len); + } + + processed = row_merge_fts_doc_tokenize( +@@ -841,7 +845,8 @@ void fts_parallel_tokenization( + + /* Current sort buffer full, need to recycle */ + if (!processed) { +- ut_ad(t_ctx.processed_len < doc.text.f_len); ++ ut_ad(buf[0]->index->parser ++ || t_ctx.processed_len < doc.text.f_len); + ut_ad(t_ctx.rows_added[t_ctx.buf_used]); + break; + } +-- +2.40.0 diff --git a/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch new file mode 100644 index 0000000000..d0d6e3c730 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch @@ -0,0 +1,34 @@ +From 80be37351d995654f86b838f6b5ed47e8a90261b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 12:05:17 +0800 +Subject: [PATCH] CMakeLists.txt: not include import_executables.cmake + +building failed since native does not generate import_executables.cmake +In fact, our building system will export the needed commands. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + CMakeLists.txt | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f9e2b1b..34924ba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -394,11 +394,6 @@ CHECK_LIBFMT() + ADD_SUBDIRECTORY(tpool) + CHECK_SYSTEMD() + +-IF(CMAKE_CROSSCOMPILING AND NOT DEFINED CMAKE_CROSSCOMPILING_EMULATOR) +- SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build") +- INCLUDE(${IMPORT_EXECUTABLES}) +-ENDIF() +- + # + # Setup maintainer mode options. Platform checks are + # not run with the warning options as to not perturb fragile checks +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch deleted file mode 100644 index 878675f30d..0000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001 -From: Vladislav Vaintroub <wlad@mariadb.com> -Date: Mon, 8 Nov 2021 18:48:19 +0100 -Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 - -Summary of changes - -- MD_CTX_SIZE is increased - -- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points - to nobody knows where. The assumption made previously was that - (since the function does not seem to be documented) - was that it points to the last partial source block. - Add own partial block buffer for NOPAD encryption instead - -- SECLEVEL in CipherString in openssl.cnf - had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible - -- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, - in addition to what was set in --ssl-cipher - -- ctx_buf buffer now must be aligned to 16 bytes with openssl( - previously with WolfSSL only), ot crashes will happen - -- updated aes-t , to be better debuggable - using function, rather than a huge multiline macro - added test that does "nopad" encryption piece-wise, to test - replacement of EVP_CIPHER_CTX_buf_noconst - -Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch - -Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e] -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - cmake/ssl.cmake | 21 +++++- - include/mysql/service_my_crypt.h | 2 +- - include/ssl_compat.h | 3 +- - mysql-test/lib/openssl.cnf | 2 +- - mysql-test/main/ssl_cipher.result | 6 +- - mysql-test/main/ssl_cipher.test | 2 +- - mysys_ssl/my_crypt.cc | 46 +++++++----- - unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- - 8 files changed, 143 insertions(+), 60 deletions(-) - -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake -index a6793cf3..64c93ff9 100644 ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL) - ENDIF() - FIND_PACKAGE(OpenSSL) - SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED) -- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0") -+ IF(OPENSSL_FOUND) - SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) - INCLUDE(CheckSymbolExists) - SET(SSL_SOURCES "") -@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) - SET(SSL_INTERNAL_INCLUDE_DIRS "") - SET(SSL_DEFINES "-DHAVE_OPENSSL") - -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() -+ -+ # Silence "deprecated in OpenSSL 3.0" -+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake -+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) -+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") -+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) -+ ENDIF() -+ - SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) -- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) -+ - CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" - HAVE_ERR_remove_thread_state) - CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" -@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) - HAVE_EncryptAes128Gcm) - CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" - HAVE_X509_check_host) -- SET(CMAKE_REQUIRED_INCLUDES) -- SET(CMAKE_REQUIRED_LIBRARIES) -+ -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() - ELSE() - IF(WITH_SSL STREQUAL "system") - MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") -diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h -index 2a232117..bb038aaa 100644 ---- a/include/mysql/service_my_crypt.h -+++ b/include/mysql/service_my_crypt.h -@@ -45,7 +45,7 @@ extern "C" { - /* The max key length of all supported algorithms */ - #define MY_AES_MAX_KEY_LENGTH 32 - --#define MY_AES_CTX_SIZE 656 -+#define MY_AES_CTX_SIZE 672 - - enum my_aes_mode { - MY_AES_ECB, MY_AES_CBC -diff --git a/include/ssl_compat.h b/include/ssl_compat.h -index 8dc12254..6db1baab 100644 ---- a/include/ssl_compat.h -+++ b/include/ssl_compat.h -@@ -24,7 +24,7 @@ - #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) - #define ERR_remove_state(X) ERR_clear_error() - #define EVP_CIPHER_CTX_SIZE 176 --#define EVP_MD_CTX_SIZE 48 -+#define EVP_MD_CTX_SIZE 72 - #undef EVP_MD_CTX_init - #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) - #undef EVP_CIPHER_CTX_init -@@ -77,7 +77,6 @@ - #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) - #endif - --#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) - #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) - #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) - -diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf -index b9ab37ac..7cd6f748 100644 ---- a/mysql-test/lib/openssl.cnf -+++ b/mysql-test/lib/openssl.cnf -@@ -9,4 +9,4 @@ ssl_conf = ssl_section - system_default = system_default_section - - [system_default_section] --CipherString = ALL:@SECLEVEL=1 -+CipherString = ALL:@SECLEVEL=0 -diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result -index 930d384e..66d817b7 100644 ---- a/mysql-test/main/ssl_cipher.result -+++ b/mysql-test/main/ssl_cipher.result -@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; - SHOW STATUS LIKE 'Ssl_cipher'; - Variable_name Value - Ssl_cipher AES128-SHA --SHOW STATUS LIKE 'Ssl_cipher_list'; --Variable_name Value --Ssl_cipher_list AES128-SHA -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; -+VARIABLE_VALUE like '%AES128-SHA%' -+1 - disconnect ssl_con; - connection default; -diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test -index 36549d76..d4cdcffb 100644 ---- a/mysql-test/main/ssl_cipher.test -+++ b/mysql-test/main/ssl_cipher.test -@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA; - source include/restart_mysqld.inc; - connect (ssl_con,localhost,root,,,,,SSL); - SHOW STATUS LIKE 'Ssl_cipher'; --SHOW STATUS LIKE 'Ssl_cipher_list'; -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; - disconnect ssl_con; - connection default; -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc -index e512eee9..4d7ebc7b 100644 ---- a/mysys_ssl/my_crypt.cc -+++ b/mysys_ssl/my_crypt.cc -@@ -29,11 +29,7 @@ - #include <ssl_compat.h> - #include <cstdint> - --#ifdef HAVE_WOLFSSL - #define CTX_ALIGN 16 --#else --#define CTX_ALIGN 0 --#endif - - class MyCTX - { -@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX - { - public: - const uchar *key; -- uint klen, buf_len; -+ uint klen, source_tail_len; - uchar oiv[MY_AES_BLOCK_SIZE]; -+ uchar source_tail[MY_AES_BLOCK_SIZE]; - - MyCTX_nopad() : MyCTX() { } - ~MyCTX_nopad() { } -@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); - this->key= key; - this->klen= klen; -- this->buf_len= 0; -+ this->source_tail_len= 0; - if (ivlen) - memcpy(oiv, iv, ivlen); - DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); -@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX - return res; - } - -+ /** Update last partial source block, stored in source_tail array. */ -+ void update_source_tail(const uchar* src, uint slen) -+ { -+ if (!slen) -+ return; -+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; -+ if (new_tail_len) -+ { -+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) -+ { -+ memcpy(source_tail + source_tail_len, src, slen); -+ } -+ else -+ { -+ DBUG_ASSERT(slen > new_tail_len); -+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); -+ } -+ } -+ source_tail_len= new_tail_len; -+ } -+ - int update(const uchar *src, uint slen, uchar *dst, uint *dlen) - { -- buf_len+= slen; -+ update_source_tail(src, slen); - return MyCTX::update(src, slen, dst, dlen); - } - - int finish(uchar *dst, uint *dlen) - { -- buf_len %= MY_AES_BLOCK_SIZE; -- if (buf_len) -+ if (source_tail_len) - { -- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. -- -- NOTE this assumes that there are only buf_len bytes in the buf. -- If OpenSSL will change that, we'll need to change the implementation -- of this class too. - */ - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; -@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX - return rc; - DBUG_ASSERT(mlen == sizeof(mask)); - -- for (uint i=0; i < buf_len; i++) -- dst[i]= buf[i] ^ mask[i]; -+ for (uint i=0; i < source_tail_len; i++) -+ dst[i]= source_tail[i] ^ mask[i]; - } -- *dlen= buf_len; -+ *dlen= source_tail_len; - return MY_AES_OK; - } - }; -diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c -index 34704e06..cbec2760 100644 ---- a/unittest/mysys/aes-t.c -+++ b/unittest/mysys/aes-t.c -@@ -21,27 +21,96 @@ - #include <string.h> - #include <ctype.h> - --#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ -- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ -- { \ -- memset(src, fill, src_len= slen); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ -- src, src_len, dst, &dst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ -- if (!nopad) \ -- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ -- my_md5(md5, (char*)dst, dst_len); \ -- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ -- dst, dst_len, ddst, &ddst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "decrypt " #mode " %u", dst_len); \ -- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ -+ -+/** Test streaming encryption, bytewise update.*/ -+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, -+ unsigned int slen, unsigned char *dst, unsigned int *dlen, -+ const unsigned char *key, unsigned int klen, -+ const unsigned char *iv, unsigned int ivlen) -+{ -+ /* Allocate context on odd address on stack, in order to -+ catch misalignment errors.*/ -+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; -+ -+ int res1, res2; -+ uint d1= 0, d2; -+ uint i; -+ -+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) -+ return res1; -+ for (i= 0; i < slen; i++) -+ { -+ uint tmp_d1=0; -+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); -+ if (res1) -+ return res1; -+ d1+= tmp_d1; -+ dst+= tmp_d1; -+ } -+ res2= my_aes_crypt_finish(ctx, dst, &d2); -+ *dlen= d1 + d2; -+ return res1 ? res1 : res2; -+} -+ -+ -+#ifndef HAVE_EncryptAes128Ctr -+const uint MY_AES_CTR=0xDEADBEAF; -+#endif -+#ifndef HAVE_EncryptAes128Gcm -+const uint MY_AES_GCM=0xDEADBEAF; -+#endif -+ -+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) -+ -+static void do_test(uint mode, const char *mode_str, int nopad, uint slen, -+ char fill, size_t dlen, const char *hash) -+{ -+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; -+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; -+ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; -+ uchar md5[MY_MD5_HASH_SIZE]; -+ uint src_len, dst_len, dst_len2, ddst_len; -+ int result; -+ -+ if (MY_AES_UNSUPPORTED(mode)) -+ { -+ skip(nopad?7:6, "%s not supported", mode_str); -+ return; -+ } -+ memset(src, fill, src_len= slen); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, -+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, -+ nopad ? "nopad" : "pad"); -+ -+ if (nopad) -+ { -+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, -+ src_len, dst2, &dst_len2, key, sizeof(key), -+ iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); -+ /* Compare with non-bytewise encryption result*/ -+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, -+ "memcmp bytewise %s %u", mode_str, src_len); -+ } -+ else -+ { -+ int dst_len_real= my_aes_get_size(mode, src_len); -+ ok(dst_len_real= dst_len, "my_aes_get_size"); - } -+ my_md5(md5, (char *) dst, dst_len); -+ ok(dst_len == dlen, "md5 len"); -+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, -+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, -+ sizeof(iv)); -+ -+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); -+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); -+} - --#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) --#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) -+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) -+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) - - /* useful macro for debugging */ - #define PRINT_MD5() \ -@@ -53,25 +122,15 @@ - printf("\"\n"); \ - } while(0); - --#ifndef HAVE_EncryptAes128Ctr --const uint MY_AES_CTR=0xDEADBEAF; --#endif --#ifndef HAVE_EncryptAes128Gcm --const uint MY_AES_GCM=0xDEADBEAF; --#endif - - int - main(int argc __attribute__((unused)),char *argv[]) - { -- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; -- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; -- uchar src[1000], dst[1100], ddst[1000]; -- uchar md5[MY_MD5_HASH_SIZE]; -- uint src_len, dst_len, ddst_len; - - MY_INIT(argv[0]); - -- plan(87); -+ plan(122); -+ - DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); - DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); - DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb index c800c4c56c..87faabfa27 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb @@ -1,9 +1,7 @@ require mariadb.inc -inherit qemu - -DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \ - zlib libaio libedit libevent libxml2 gnutls fmt lzo" +DEPENDS += "mariadb-native bison-native boost libpcre2 curl ncurses \ + zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd" PROVIDES += "mysql5 libmysqlclient" diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index 90b7419495..46343674fc 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -1,16 +1,17 @@ -From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001 +From 0801befde991250b4502954fdec61bec8c33da3b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" <rjones@redhat.com> Date: Sun, 20 Nov 2016 15:04:52 +0000 Subject: [PATCH] Add support for RISC-V. The architecture is sufficiently similar to aarch64 that simply extending the existing aarch64 macro works. + --- src/include/storage/s_lock.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h -index dccbd29..ad60429 100644 +index 95049f0..e08c963 100644 --- a/src/include/storage/s_lock.h +++ b/src/include/storage/s_lock.h @@ -317,11 +317,12 @@ tas(volatile slock_t *lock) @@ -35,7 +36,4 @@ index dccbd29..ad60429 100644 +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* --- -2.34.1 - + /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch index 02f4c9e513..eeffe6bcb1 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch @@ -1,4 +1,4 @@ -From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001 +From e167d58d6be1b1ee4d49571650444700ab97ed7c Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Mon, 28 Dec 2020 16:38:21 +0800 Subject: [PATCH] Improve reproducibility, @@ -18,6 +18,7 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> update patch for v13.1 Signed-off-by: Changqing Li <changqing.li@windriver.com> + --- src/common/Makefile | 3 --- 1 file changed, 3 deletions(-) @@ -36,6 +37,3 @@ index 880722f..7a9b9d4 100644 override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\"" override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\"" override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" --- -2.34.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch new file mode 100644 index 0000000000..eff69140f7 --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -0,0 +1,117 @@ +From 805f03529c7fc33685979651562112bab524e5a5 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Mon, 1 Aug 2022 15:44:38 +0800 +Subject: [PATCH] config_info.c: not expose build info + +Don't collect the build information to fix the buildpaths issue. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + +--- + configure.ac | 2 +- + src/common/config_info.c | 70 +--------------------------------------- + 2 files changed, 2 insertions(+), 70 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 54a539e..c6edc0a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group]) + AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) + AC_CONFIG_AUX_DIR(config) + AC_PREFIX_DEFAULT(/usr/local/pgsql) +-AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["$ac_configure_args"], [Saved arguments from configure]) ++AC_DEFINE_UNQUOTED(CONFIGURE_ARGS, ["ac_configure_args"], [Saved arguments from configure]) + + [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`] + [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`] +diff --git a/src/common/config_info.c b/src/common/config_info.c +index e72e729..a020236 100644 +--- a/src/common/config_info.c ++++ b/src/common/config_info.c +@@ -38,7 +38,7 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) + int i = 0; + + /* Adjust this to match the number of items filled below */ +- *configdata_len = 23; ++ *configdata_len = 14; + configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData)); + + configdata[i].name = pstrdup("BINDIR"); +@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) + configdata[i].setting = pstrdup(path); + i++; + +- configdata[i].name = pstrdup("CONFIGURE"); +- configdata[i].setting = pstrdup(CONFIGURE_ARGS); +- i++; +- +- configdata[i].name = pstrdup("CC"); +-#ifdef VAL_CC +- configdata[i].setting = pstrdup(VAL_CC); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CPPFLAGS"); +-#ifdef VAL_CPPFLAGS +- configdata[i].setting = pstrdup(VAL_CPPFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS"); +-#ifdef VAL_CFLAGS +- configdata[i].setting = pstrdup(VAL_CFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("CFLAGS_SL"); +-#ifdef VAL_CFLAGS_SL +- configdata[i].setting = pstrdup(VAL_CFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS"); +-#ifdef VAL_LDFLAGS +- configdata[i].setting = pstrdup(VAL_LDFLAGS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_EX"); +-#ifdef VAL_LDFLAGS_EX +- configdata[i].setting = pstrdup(VAL_LDFLAGS_EX); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LDFLAGS_SL"); +-#ifdef VAL_LDFLAGS_SL +- configdata[i].setting = pstrdup(VAL_LDFLAGS_SL); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- +- configdata[i].name = pstrdup("LIBS"); +-#ifdef VAL_LIBS +- configdata[i].setting = pstrdup(VAL_LIBS); +-#else +- configdata[i].setting = pstrdup(_("not recorded")); +-#endif +- i++; +- + configdata[i].name = pstrdup("VERSION"); + configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION); + i++; diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index 78f24585e8..807eac219b 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From f7084ba49758a6b8db46b917b7c0f831bd65a08f Mon Sep 17 00:00:00 2001 +From c48f2f132744a0b4a2473ec178d63c1d4d1a4a86 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@windriver.com> Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index d3c55f2..9120184 100644 +index e59dc99..41b4732 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [14.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.11], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch new file mode 100644 index 0000000000..555fd7f1fc --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch @@ -0,0 +1,47 @@ +From 5a17b7b88776cbbe5b37838baff71726b8a6e7dd Mon Sep 17 00:00:00 2001 +From: Manoj Saun <manojsingh.saun@windriver.com> +Date: Wed, 22 Mar 2023 08:07:26 +0000 +Subject: [PATCH] postgresql: fix ptest failure of sysviews + +The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info +in pg_config table which reduces the count of rows from pg_config and leads to +sysviews test failure. +To fix it we need to reduce the count of parameters in sysviews test. +Also we need to reduce the row count in expected result of sysview test +to make the test output shown as pass. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com> + +--- + src/test/regress/expected/sysviews.out | 2 +- + src/test/regress/sql/sysviews.sql | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out +index 2088857..96a15cc 100644 +--- a/src/test/regress/expected/sysviews.out ++++ b/src/test/regress/expected/sysviews.out +@@ -29,7 +29,7 @@ select name, ident, parent, level, total_bytes >= free_bytes + (1 row) + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + ok + ---- + t +diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql +index b24816e..72ff887 100644 +--- a/src/test/regress/sql/sysviews.sql ++++ b/src/test/regress/sql/sysviews.sql +@@ -18,7 +18,7 @@ select name, ident, parent, level, total_bytes >= free_bytes + from pg_backend_memory_contexts where level = 0; + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + + -- We expect no cursors in this test; see also portals.sql + select count(*) = 0 as ok from pg_cursors; diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch index fa46912eef..b742bd53bd 100644 --- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch +++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch @@ -1,4 +1,4 @@ -From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001 +From 09fad1883f3312965a8d066f8477166eaa4db2c7 Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Tue, 27 Nov 2018 13:25:15 +0800 Subject: [PATCH] not check libperl under cross compiling @@ -15,15 +15,16 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> update patch to version 11.1 Signed-off-by: Changqing Li <changqing.li@windriver.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index fba79ee..7170f26 100644 +index 159f2a2..d0f0b14 100644 --- a/configure.ac +++ b/configure.ac -@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.]) +@@ -2332,7 +2332,7 @@ Use --without-tcl to disable building PL/Tcl.]) fi # check for <perl.h> @@ -32,6 +33,3 @@ index fba79ee..7170f26 100644 ac_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $perl_includespec" AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])], --- -2.34.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch deleted file mode 100644 index 92a3dcc710..0000000000 --- a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch +++ /dev/null @@ -1,38 +0,0 @@ -Remove duplicate code for riscv - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- a/src/include/storage/s_lock.h -+++ b/src/include/storage/s_lock.h -@@ -341,30 +341,6 @@ tas(volatile slock_t *lock) - #endif /* HAVE_GCC__SYNC_INT32_TAS */ - #endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - -- --/* -- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available. -- */ --#if defined(__riscv) --#ifdef HAVE_GCC__SYNC_INT32_TAS --#define HAS_TEST_AND_SET -- --#define TAS(lock) tas(lock) -- --typedef int slock_t; -- --static __inline__ int --tas(volatile slock_t *lock) --{ -- return __sync_lock_test_and_set(lock, 1); --} -- --#define S_UNLOCK(lock) __sync_lock_release(lock) -- --#endif /* HAVE_GCC__SYNC_INT32_TAS */ --#endif /* __riscv */ -- -- - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ - #if defined(__s390__) || defined(__s390x__) - #define HAS_TEST_AND_SET diff --git a/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-oe/recipes-dbs/postgresql/postgresql.inc index 00c0107469..60d44ce979 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -205,7 +205,7 @@ do_install:append() { # multiple server config directory install -d -m 700 ${D}${sysconfdir}/default/${BPN} - if [ "${@d.getVar('enable_pam')}" = "pam" ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/pam.d install -m 644 ${WORKDIR}/postgresql.pam ${D}${sysconfdir}/pam.d/postgresql fi @@ -215,6 +215,14 @@ do_install:append() { install -m 0644 ${WORKDIR}/postgresql.service ${D}${systemd_unitdir}/system sed -i -e 's,@BINDIR@,${bindir},g' \ ${D}${systemd_unitdir}/system/postgresql.service + # Remove the build path + if [ -f ${D}${libdir}/${BPN}/pgxs/src/Makefile.global ]; then + sed -i -e 's#${RECIPE_SYSROOT}##g' \ + -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${WORKDIR}##g' \ + -e 's#${TMPDIR}##g' \ + ${D}${libdir}/${BPN}/pgxs/src/Makefile.global + fi } SSTATE_SCAN_FILES += "Makefile.global" diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb new file mode 100644 index 0000000000..8a8c3b9f1e --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb @@ -0,0 +1,18 @@ +require postgresql.inc + +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89afbb2d7716371015101c2b2cb4297a" + +SRC_URI += "\ + file://not-check-libperl.patch \ + file://0001-Add-support-for-RISC-V.patch \ + file://0001-Improve-reproducibility.patch \ + file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ + file://0001-config_info.c-not-expose-build-info.patch \ + file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ +" + +SRC_URI[sha256sum] = "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8" + +CVE_CHECK_IGNORE += "\ + CVE-2017-8806 \ +" diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb deleted file mode 100644 index c686c9b358..0000000000 --- a/meta-oe/recipes-dbs/postgresql/postgresql_14.3.bb +++ /dev/null @@ -1,13 +0,0 @@ -require postgresql.inc - -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3" - -SRC_URI += "\ - file://not-check-libperl.patch \ - file://0001-Add-support-for-RISC-V.patch \ - file://0001-Improve-reproducibility.patch \ - file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ - file://remove_duplicate.patch \ -" - -SRC_URI[sha256sum] = "279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38" |