Merge branch '10.0' into 10.1

Author: vuvova

client/CMakeLists.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -51,6 +51,7 @@ MYSQL_ADD_EXECUTABLE(mysqldump mysqldump.c ../sql-common/my_user.c)
 TARGET_LINK_LIBRARIES(mysqldump mysqlclient)
 
 MYSQL_ADD_EXECUTABLE(mysqlimport mysqlimport.c)
+SET_SOURCE_FILES_PROPERTIES(mysqlimport.c PROPERTIES COMPILE_FLAGS "-DTHREADS")
 TARGET_LINK_LIBRARIES(mysqlimport mysqlclient)
 
 MYSQL_ADD_EXECUTABLE(mysql_upgrade mysql_upgrade.c COMPONENT Server)

client/mysqlimport.c

@@ -1,5 +1,6 @@
 /*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates.
+ Copyright (c) 2000, 2015, Oracle and/or its affiliates.
+ Copyright (c) 2011, 2015, MariaDB
 
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -30,7 +31,6 @@
 
 #include "client_priv.h"
 #include "mysql_version.h"
-#include <my_pthread.h>
 
 #include <welcome_copyright_notice.h> /* ORACLE_WELCOME_COPYRIGHT_NOTICE */
 
@@ -484,7 +484,6 @@ static void db_disconnect(char *host, MYSQL *mysql)
 }
 
 
-
 static void safe_exit(int error, MYSQL *mysql)
 {
  if (error && ignore_errors)

cmake/os/Windows.cmake

@@ -1,4 +1,4 @@
-# Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -49,10 +49,12 @@ IF(CMAKE_C_COMPILER MATCHES "icl")
  SET(MSVC TRUE)
 ENDIF()
 
-ADD_DEFINITIONS("-D_WINDOWS -D__WIN__ -D_CRT_SECURE_NO_DEPRECATE")
-ADD_DEFINITIONS("-D_WIN32_WINNT=0x0501")
+ADD_DEFINITIONS(-D_WINDOWS -D__WIN__ -D_CRT_SECURE_NO_DEPRECATE)
+ADD_DEFINITIONS(-D_WIN32_WINNT=0x0501)
+# We do not want the windows.h macros min/max
+ADD_DEFINITIONS(-DNOMINMAX)
 # Speed up build process excluding unused header files
-ADD_DEFINITIONS("-DWIN32_LEAN_AND_MEAN")
+ADD_DEFINITIONS(-DWIN32_LEAN_AND_MEAN)
 
 # Adjust compiler and linker flags
 IF(MINGW AND CMAKE_SIZEOF_VOID_P EQUAL 4)

extra/yassl/README

@@ -12,6 +12,35 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.8 (9/17/2015)
+ This release of yaSSL fixes a high security vulnerability. All users
+ SHOULD update. If using yaSSL for TLS on the server side with private
+ RSA keys allowing ephemeral key exchange you MUST update and regenerate
+ the RSA private keys. This report is detailed in:
+ https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
+ yaSSL now detects RSA signature faults and returns an error.
+
+yaSSL Patch notes, version 2.3.7e (6/26/2015)
+ This release of yaSSL includes a fix for Date less than comparison.
+ Previously yaSSL would return true on less than comparisons if the Dates
+ were equal. Reported by Oracle. No security problem, but if a cert was
+ generated right now, a server started using it in the same second, and a
+ client tried to verify it in the same second it would report not yet valid.
+
+yaSSL Patch notes, version 2.3.7d (6/22/2015)
+ This release of yaSSL includes a fix for input_buffer set_current with
+ index 0. SSL_peek() at front of waiting data could trigger. Robert
+ Golebiowski of Oracle identified and suggested a fix, thanks!
+
+yaSSL Patch notes, version 2.3.7c (6/12/2015)
+ This release of yaSSL does certificate DATE comparisons to the second
+ instead of to the minute, helpful when using freshly generated certs.
+ Though keep in mind that time sync differences could still show up.
+
+yaSSL Patch notes, version 2.3.7b (3/18/2015)
+ This release of yaSSL fixes a potential crash with corrupted private keys.
+ Also detects bad keys earlier for user.
+
 yaSSL Release notes, version 2.3.7 (12/10/2014)
  This release of yaSSL fixes the potential to process duplicate handshake
  messages by explicitly marking/checking received handshake messages.

extra/yassl/include/openssl/ssl.h

@@ -34,7 +34,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.7"
+#define YASSL_VERSION "2.3.8"
 
 
 #if defined(__cplusplus)

extra/yassl/include/yassl_error.hpp

@@ -53,7 +53,8 @@ enum YasslError {
  compress_error = 118,
  decompress_error = 119,
  pms_version_error = 120,
- sanityCipher_error = 121
+ sanityCipher_error = 121,
+ rsaSignFault_error = 122
 
  // !!!! add error message to .cpp !!!!
 

extra/yassl/src/buffer.cpp

@@ -165,7 +165,7 @@ void input_buffer::set_error()
 
 void input_buffer::set_current(uint i) 
 {
- if (error_ == 0 && (i == 0 || check(i - 1, size_) == 0))
+ if (error_ == 0 && check(i ? i - 1 : 0, size_) == 0)
  current_ = i;
  else
  error_ = -1;

extra/yassl/src/handshake.cpp

@@ -1173,6 +1173,8 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
 
  CertificateVerify verify;
  verify.Build(ssl);
+ if (ssl.GetError()) return;
+
  RecordLayerHeader rlHeader;
  HandShakeHeader hsHeader;
  mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);

extra/yassl/src/ssl.cpp

@@ -37,6 +37,8 @@
 #include "file.hpp" // for TaoCrypt Source
 #include "coding.hpp" // HexDecoder
 #include "helpers.hpp" // for placement new hack
+#include "rsa.hpp" // for TaoCrypt RSA key decode
+#include "dsa.hpp" // for TaoCrypt DSA key decode
 #include <stdio.h>
 #include <time.h>
 
@@ -55,6 +57,8 @@ namespace yaSSL {
 
 int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
 {
+ int ret = SSL_SUCCESS;
+
  if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
  return SSL_BAD_FILETYPE;
 
@@ -142,8 +146,31 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
  }
  }
  }
+
+ if (type == PrivateKey && ctx->privateKey_) {
+ // see if key is valid early
+ TaoCrypt::Source rsaSource(ctx->privateKey_->get_buffer(),
+ ctx->privateKey_->get_length());
+ TaoCrypt::RSA_PrivateKey rsaKey;
+ rsaKey.Initialize(rsaSource);
+
+ if (rsaSource.GetError().What()) {
+ // rsa failed see if DSA works
+
+ TaoCrypt::Source dsaSource(ctx->privateKey_->get_buffer(),
+ ctx->privateKey_->get_length());
+ TaoCrypt::DSA_PrivateKey dsaKey;
+ dsaKey.Initialize(dsaSource);
+
+ if (rsaSource.GetError().What()) {
+ // neither worked
+ ret = SSL_FAILURE;
+ }
+ }
+ }
+
  fclose(input);
- return SSL_SUCCESS;
+ return ret;
 }
 
 

extra/yassl/src/yassl_error.cpp

@@ -148,6 +148,10 @@ void SetErrorString(YasslError error, char* buffer)
  strncpy(buffer, "sanity check on cipher text size error", max);
  break;
 
+ case rsaSignFault_error:
+ strncpy(buffer, "rsa signature fault error", max);
+ break;
+
  // openssl errors
  case SSL_ERROR_WANT_READ :
  strncpy(buffer, "the read operation would block", max);