Bug 247803 - [patch] databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking
Summary: [patch] databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jochen Neumeister
URL:
Keywords: crash
Depends on:
Blocks:
 
Reported: 2020-07-06 13:48 UTC by Eugene Grosbein
Modified: 2020-07-09 21:58 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (joneum)
eugen: maintainer-feedback?


Attachments
backport from MySQL 5.8.20 (949 bytes, patch)
2020-07-06 13:48 UTC, Eugene Grosbein
eugen: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein freebsd_committer 2020-07-06 13:48:03 UTC
Created attachment 216252 [details]
backport from MySQL 5.8.20

As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.

Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.

This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.

The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. Additional chunk is attached.

If you like, is can be added as extra-patch with additional OPTION to the port but I think this change better be added unconditionally.
Comment 1 Eugene Grosbein freebsd_committer 2020-07-06 13:49:11 UTC
https://github.com/openssl/openssl/issues/12368 contains details on the crash: backtrace and discussion.
Comment 2 Eugene Grosbein freebsd_committer 2020-07-06 14:02:08 UTC
The attachment is backport from MySQL 8.0.20, not "5.8.20".
Comment 3 commit-hook freebsd_committer 2020-07-09 10:10:06 UTC
A commit references this bug:

Author: joneum
Date: Thu Jul  9 10:09:41 UTC 2020
New revision: 541739
URL: https://svnweb.freebsd.org/changeset/ports/541739

Log:
  databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking

  As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.

  Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.

  This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.

  The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway.

  https://github.com/openssl/openssl/issues/12368

  PR:		247803
  Reported by:	eugen
  Sponsored by:	Netzkommune GmbH

Changes:
  head/databases/mysql57-client/files/patch-cmake_ssl.cmake
Comment 4 Jochen Neumeister freebsd_committer 2020-07-09 10:10:44 UTC
Thank you eugen for the PR and the Patch. Landed :-)
Comment 5 Eugene Grosbein freebsd_committer 2020-07-09 12:01:21 UTC
(In reply to Jochen Neumeister from comment #4)

Are you sure the second chunk of this commit was intentional? I did not suggest this:

 -    IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0")
-+    CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
-+    IF(HAVE_TLS1_3_VERSION)
++	CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
++	IF(HAVE_TLS1_3_VERSION)
Comment 6 Jochen Neumeister freebsd_committer 2020-07-09 12:07:10 UTC
(In reply to Eugene Grosbein from comment #5)

The patch has only been extended by your PR. This was already in /files/patch-cmake_ssl.cmake

It is necessary for libressl
Comment 7 commit-hook freebsd_committer 2020-07-09 21:58:12 UTC
A commit references this bug:

Author: joneum
Date: Thu Jul  9 21:57:53 UTC 2020
New revision: 541826
URL: https://svnweb.freebsd.org/changeset/ports/541826

Log:
  MFH: r541739

  databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking

  As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.

  Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.

  This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.

  The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway.

  https://github.com/openssl/openssl/issues/12368

  PR:		247803
  Reported by:	eugen
  Sponsored by:	Netzkommune GmbH

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake