[debian-mysql] Bug#971367: Bug#971367: Bug#971367: mariadb-10.5 should not embed wolfssl

Otto Kekäläinen otto at debian.org
Tue Sep 29 22:05:29 BST 2020


Hello!

> Thank you for the background. Let me detail on the security side. The
> issue is not with using wolfssl. The issue is with using a bundled ssl
> library. Doing so means that a single bug in wolfssl must be uploaded
> several times in order to fix it. I think it would be ok to use the
> system copy of wolfssl. However, that's not what happens when you
> specifcy -DWITH_SSL=system it seems. Would
> -DWITH_SSL=/usr/include/wolfssl be an option?
>
> Does that look resolvable now?

I've tested this before and it didn't work, but I tested it again and
made sure to document it in the same upstream issue I referenced
earlier: https://jira.mariadb.org/browse/MDEV-21835?focusedCommentId=167192&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-167192

Seems the cmake/ssl.cmake expects to find OpenSSL then given a custom
path, and when it does not, it aborts the build in the configure
stage.



More information about the pkg-mysql-maint mailing list