From 071d472c962bc31d84c9cf7ce17d1c65b8b78906 Mon Sep 17 00:00:00 2001
From: Daniel Bartholomew <db@dbart.us>
Date: Fri, 19 Aug 2022 10:39:13 -0400
Subject: [PATCH 1/7] bump the VERSION

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8a90eaed..b48a7049 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,7 +36,7 @@ SET(CC_BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR})
 
 SET(CPACK_PACKAGE_VERSION_MAJOR 3)
 SET(CPACK_PACKAGE_VERSION_MINOR 1)
-SET(CPACK_PACKAGE_VERSION_PATCH 18)
+SET(CPACK_PACKAGE_VERSION_PATCH 19)
 SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
 MATH(EXPR MARIADB_PACKAGE_VERSION_ID "${CPACK_PACKAGE_VERSION_MAJOR} * 10000 +
                             ${CPACK_PACKAGE_VERSION_MINOR} * 100   +

From 6ab13971195bcaa4a9df93ce549a80b1073fc735 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Fri, 2 Sep 2022 09:50:58 +0200
Subject: [PATCH 2/7] Fix for CONC-612:

When connecting via socket (non unix-socket) the connection can't
be established if the wait function (usleep) returns an error and
modifies errno. This is the case on MacOSX, where usleep() returns
-1 and sets errno to ETIMED_OUT. This patch saves errno from connect()
call and restores it after usleep.

This bug was introduced with PR204 (commit dfe3563192e43a48bef3a861e72d9d122b9b346c)
---
 plugins/pvio/pvio_socket.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/plugins/pvio/pvio_socket.c b/plugins/pvio/pvio_socket.c
index 11ceaba0..2ebf9717 100644
--- a/plugins/pvio/pvio_socket.c
+++ b/plugins/pvio/pvio_socket.c
@@ -643,12 +643,18 @@ static int pvio_socket_internal_connect(MARIADB_PVIO *pvio,
 
 #ifndef _WIN32
   do {
+    int save_errno;
     rc= connect(csock->socket, (struct sockaddr*) name, (int)namelen);
 
     if (time(NULL) - start_t > (time_t)timeout/1000)
       break;
 
+    /* CONC-612: Since usleep may fail and will set errno (On MacOSX usleep
+      always sets errno=ETIMEDOUT), we need to save and restore errno */
+    save_errno= errno;
     usleep(wait_conn);
+    errno= save_errno;
+
     wait_conn= wait_conn >= 1000000 ? 1000000 : wait_conn * 2;
 
   } while (rc == -1 && (errno == EINTR || errno == EAGAIN));

From d193ce18af4512e9a9c7b54dfe7e290e8f7702bb Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Fri, 2 Sep 2022 14:28:06 +0200
Subject: [PATCH 3/7] removed 10.2 from travis

---
 .travis.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index a151174d..5b4c6cd5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -44,9 +44,8 @@ jobs:
     - env: srv=mariadb v=10.5
       os: windows
       language: shell
-    - env: srv=mariadb v=10.2 local=1
-      dist: bionic
     - env: srv=mariadb v=10.3 local=1
+      dist: bionic
     - env: srv=mariadb v=10.4 local=1
     - env: srv=mariadb v=10.5 local=1
     - env: srv=mariadb v=10.6 local=1
@@ -62,13 +61,13 @@ jobs:
       env: srv=skysql
     - if: type = push AND fork = false
       env: srv=skysql-ha
-    - env: server_branch=10.2
-    - env: server_branch=10.2 TEST_OPTION=--ps-protocol
     - env: server_branch=10.3
     - env: server_branch=10.3 TEST_OPTION=--ps-protocol
     - env: server_branch=10.4
     - env: server_branch=10.4 TEST_OPTION=--ps-protocol
     - env: server_branch=10.5
     - env: server_branch=10.5 TEST_OPTION=--ps-protocol
+    - env: server_branch=10.6
+    - env: server_branch=10.6 TEST_OPTION=--ps-protocol
 
 script: ./travis.sh

From 020ed982b642ddffd55b98ec43bf841a6852f487 Mon Sep 17 00:00:00 2001
From: Haidong Ji <haidongj@amazon.com>
Date: Fri, 2 Sep 2022 20:10:41 +0000
Subject: [PATCH 4/7] More robust call to X509_check_host using strlen not 0

Based on its interpretation of RFC 6125 section 6.4.2[^1], OpenSSL's
implementation[^2] of `X509_check_host` treats the `namelen` parameter
in a peculiar way:

- If `namelen` is non-zero, use it;
- Otherwise, use `strlen(name)` instead

There are now many forks of OpenSSL. Implementer of the forks may
interpret RFC 6125 section 6.4.2 a little differently. They may always
expect `strlen(name)` and NOT `0`. We have come across that with
AWS-LC[^3].  AWS-LC has agreed to make an adjustment so it is consistent
with OpenSSL in this matter. But other forks may not.

To make MariaDB connector C more robust, I think it's better that we
always pass `strlen(name)` instead of `0`. Unless there are compelling
reasons not doing so.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.

[^1]: https://www.rfc-editor.org/rfc/rfc6125.html#section-6.4.2
[^2]: https://www.openssl.org/docs/man3.0/man3/X509_check_host.html
[^3]: https://github.com/awslabs/aws-lc
---
 libmariadb/secure/openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
index 75b50892..6b23fd8a 100644
--- a/libmariadb/secure/openssl.c
+++ b/libmariadb/secure/openssl.c
@@ -684,7 +684,7 @@ int ma_tls_verify_server_cert(MARIADB_TLS *ctls)
     return 1;
   }
 #ifdef HAVE_OPENSSL_CHECK_HOST
-  if (X509_check_host(cert, mysql->host, 0, 0, 0) != 1
+  if (X509_check_host(cert, mysql->host, strlen(mysql->host), 0, 0) != 1
      && X509_check_ip_asc(cert, mysql->host, 0) != 1)
     goto error;
 #else

From 9ca66a70388cb77adefbc449c3beda2db4eb5993 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <vuvova@gmail.com>
Date: Tue, 13 Sep 2022 20:31:39 +0200
Subject: [PATCH 5/7] don't require libraries that aren't needed

krb5-config (used by FindGSSAPI) returns `-lkrb5 -lk5crypto -lcom_err`
but only libkrb5 is actually used by the plugin. The other two result
in unneeded dependencies unless they're tagged optional when linked
with --as-needed.

Some distributions use --as-needed automatically, which causes our
builds to differ from srpm builds, introducing failures in buildbot.
---
 plugins/auth/CMakeLists.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/auth/CMakeLists.txt b/plugins/auth/CMakeLists.txt
index e5448f88..5e184334 100644
--- a/plugins/auth/CMakeLists.txt
+++ b/plugins/auth/CMakeLists.txt
@@ -99,6 +99,7 @@ IF(NOT WIN32)
   INCLUDE(${CC_SOURCE_DIR}/cmake/FindGSSAPI.cmake)
   IF(GSSAPI_FOUND)
     SET(GSSAPI_SOURCES ${AUTH_DIR}/auth_gssapi_client.c ${AUTH_DIR}/gssapi_client.c ${AUTH_DIR}/gssapi_errmsg.c)
+    CHECK_C_COMPILER_FLAG(-Wl,--as-needed have_C__Wl___as_needed)
   ENDIF()
 ELSE()
   SET(GSSAPI_LIBS secur32)
@@ -115,6 +116,9 @@ IF(GSSAPI_SOURCES)
   IF(CMAKE_C_COMPILER_ID MATCHES "Clang")
     SET_SOURCE_FILES_PROPERTIES(${GSSAPI_SOURCES} PROPERTY COMPILE_FLAGS "-Wno-deprecated-declarations")
   ENDIF()
+  IF(have_C__Wl___as_needed)
+    SET_TARGET_PROPERTIES(auth_gssapi_client PROPERTIES LINK_FLAGS "-Wl,--as-needed")
+  ENDIF()
 ENDIF()
 
 # old_password plugin

From 44383e3df4896f2d04d9141f640934d3e74e04d7 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Sun, 6 Nov 2022 13:25:10 +0100
Subject: [PATCH 6/7] Fix for MDEV-29925

Since CHECK_COMPILER_FLAG doesn't work for linker flags,
we need to check the options with CHECK_LINKER_FLAG
(which is available since CMake 3.18)
---
 plugins/auth/CMakeLists.txt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/plugins/auth/CMakeLists.txt b/plugins/auth/CMakeLists.txt
index 5e184334..4ab6dbc4 100644
--- a/plugins/auth/CMakeLists.txt
+++ b/plugins/auth/CMakeLists.txt
@@ -99,7 +99,10 @@ IF(NOT WIN32)
   INCLUDE(${CC_SOURCE_DIR}/cmake/FindGSSAPI.cmake)
   IF(GSSAPI_FOUND)
     SET(GSSAPI_SOURCES ${AUTH_DIR}/auth_gssapi_client.c ${AUTH_DIR}/gssapi_client.c ${AUTH_DIR}/gssapi_errmsg.c)
-    CHECK_C_COMPILER_FLAG(-Wl,--as-needed have_C__Wl___as_needed)
+    IF (CMAKE_VERSION VERSION_GREATER 3.18)
+      INCLUDE(CheckLinkerFlag)
+      CHECK_LINKER_FLAG(C -Wl,--as-needed have__Wl___as_needed)
+    ENDIF()
   ENDIF()
 ELSE()
   SET(GSSAPI_LIBS secur32)
@@ -116,7 +119,7 @@ IF(GSSAPI_SOURCES)
   IF(CMAKE_C_COMPILER_ID MATCHES "Clang")
     SET_SOURCE_FILES_PROPERTIES(${GSSAPI_SOURCES} PROPERTY COMPILE_FLAGS "-Wno-deprecated-declarations")
   ENDIF()
-  IF(have_C__Wl___as_needed)
+  IF(have__Wl___as_needed)
     SET_TARGET_PROPERTIES(auth_gssapi_client PROPERTIES LINK_FLAGS "-Wl,--as-needed")
   ENDIF()
 ENDIF()

From 45a5ee1724edc71d831e5e1cf79eea07848c85df Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Mon, 7 Nov 2022 08:41:46 +0100
Subject: [PATCH 7/7] Set new cmake policy CMP0057

This fixes build error with cmake 3.20.3 in
CheckLinkerFlag.cmake.
---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b48a7049..ea5e201f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
 CMAKE_MINIMUM_REQUIRED(VERSION 2.8.12 FATAL_ERROR)
 INCLUDE(CheckFunctionExists)
 IF(COMMAND CMAKE_POLICY)
-  SET(NEW_POLICIES CMP0003 CMP0022 CMP0023 CMP0077 CMP0069 CMP0075)
+  SET(NEW_POLICIES CMP0003 CMP0022 CMP0023 CMP0057 CMP0077 CMP0069 CMP0075)
   FOREACH(TYPE OLD NEW)
     FOREACH(P ${${TYPE}_POLICIES})
       IF(POLICY ${P})