Created attachment 216252 [details] backport from MySQL 5.8.20 As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL. Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL. This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash. The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. Additional chunk is attached. If you like, is can be added as extra-patch with additional OPTION to the port but I think this change better be added unconditionally.
https://github.com/openssl/openssl/issues/12368 contains details on the crash: backtrace and discussion.
The attachment is backport from MySQL 8.0.20, not "5.8.20".
A commit references this bug: Author: joneum Date: Thu Jul 9 10:09:41 UTC 2020 New revision: 541739 URL: https://svnweb.freebsd.org/changeset/ports/541739 Log: databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL. Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL. This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash. The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. https://github.com/openssl/openssl/issues/12368 PR: 247803 Reported by: eugen Sponsored by: Netzkommune GmbH Changes: head/databases/mysql57-client/files/patch-cmake_ssl.cmake
Thank you eugen for the PR and the Patch. Landed :-)
(In reply to Jochen Neumeister from comment #4) Are you sure the second chunk of this commit was intentional? I did not suggest this: - IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0") -+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) -+ IF(HAVE_TLS1_3_VERSION) ++ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION) ++ IF(HAVE_TLS1_3_VERSION)
(In reply to Eugene Grosbein from comment #5) The patch has only been extended by your PR. This was already in /files/patch-cmake_ssl.cmake It is necessary for libressl
A commit references this bug: Author: joneum Date: Thu Jul 9 21:57:53 UTC 2020 New revision: 541826 URL: https://svnweb.freebsd.org/changeset/ports/541826 Log: MFH: r541739 databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL. Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL. This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash. The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway. https://github.com/openssl/openssl/issues/12368 PR: 247803 Reported by: eugen Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Changes: _U branches/2020Q3/ branches/2020Q3/databases/mysql57-client/files/patch-cmake_ssl.cmake