From 5f25a9114051b078696813628c37add0e15d88f2 Mon Sep 17 00:00:00 2001
From: Brad Smith <brad@comstyle.com>
Date: Sun, 16 Oct 2022 13:44:51 -0400
Subject: Cleanup the alloca.h header handling to further reduce hardcoded OS
 lists (#2289)

---
 plugin/cracklib_password_check/cracklib_password_check.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugin')

diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c
index 72f87db94da..55a1fd1c738 100644
--- a/plugin/cracklib_password_check/cracklib_password_check.c
+++ b/plugin/cracklib_password_check/cracklib_password_check.c
@@ -13,10 +13,10 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
 
+#include <my_global.h>
 #include <mysql/plugin_password_validation.h>
 #include <crack.h>
 #include <string.h>
-#include <alloca.h>
 #include <mysqld_error.h>
 
 static char *dictionary;
-- 
cgit v1.2.1


From cee7175b79a22c29a82ef328aba208f90afcea86 Mon Sep 17 00:00:00 2001
From: kurt <dingweiqings@163.com>
Date: Wed, 21 Sep 2022 11:29:07 +0800
Subject: MDEV-25343 add read secret size in file key plugin

---
 plugin/file_key_management/parser.cc | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'plugin')

diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 5a9e5e55d63..8e78e230964 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -174,13 +174,24 @@ bool Parser::read_filekey(const char *filekey, char *secret)
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE);
+  int len= read(f, secret, MAX_SECRET_SIZE + 1);
   if (len <= 0)
   {
     my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
+
+  if (len > MAX_SECRET_SIZE)
+  {
+    my_printf_error(EE_READ,
+                    "Cannot decrypt %s, the secret file has incorrect length, "
+                    "max secret size is %dB ",
+                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
+    close(f);
+    return 1;
+  }
+
   close(f);
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
   secret[len]= '\0';
-- 
cgit v1.2.1


From 3a62ff7e8980239a39e85393c6a797bb7acf97ed Mon Sep 17 00:00:00 2001
From: Daniel Black <daniel@mariadb.org>
Date: Wed, 19 Oct 2022 19:25:48 +1100
Subject: Revert "MDEV-25343 add read secret size in file key plugin"

This reverts commit cee7175b79a22c29a82ef328aba208f90afcea86.
---
 plugin/file_key_management/parser.cc | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'plugin')

diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 8e78e230964..5a9e5e55d63 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -174,24 +174,13 @@ bool Parser::read_filekey(const char *filekey, char *secret)
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE + 1);
+  int len= read(f, secret, MAX_SECRET_SIZE);
   if (len <= 0)
   {
     my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
-
-  if (len > MAX_SECRET_SIZE)
-  {
-    my_printf_error(EE_READ,
-                    "Cannot decrypt %s, the secret file has incorrect length, "
-                    "max secret size is %dB ",
-                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
-    close(f);
-    return 1;
-  }
-
   close(f);
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
   secret[len]= '\0';
-- 
cgit v1.2.1


From 3905c12b0938a760dd99886fc69b7c5ae214e302 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Thu, 20 Oct 2022 20:41:44 +0200
Subject: MDEV-29031 Change maturity of plugins for October 2022 Releases

---
 plugin/password_reuse_check/password_reuse_check.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugin')

diff --git a/plugin/password_reuse_check/password_reuse_check.c b/plugin/password_reuse_check/password_reuse_check.c
index 103eb4e4144..8f5973721d8 100644
--- a/plugin/password_reuse_check/password_reuse_check.c
+++ b/plugin/password_reuse_check/password_reuse_check.c
@@ -257,6 +257,6 @@ maria_declare_plugin(password_reuse_check)
   NULL,
   sysvars,
   "2.0",
-  MariaDB_PLUGIN_MATURITY_GAMMA
+  MariaDB_PLUGIN_MATURITY_STABLE
 }
 maria_declare_plugin_end;
-- 
cgit v1.2.1


From e11661a4a2c0d50d78b86dac71a0e3d226f0ddcf Mon Sep 17 00:00:00 2001
From: kurt <dingweiqings@163.com>
Date: Wed, 21 Sep 2022 11:29:07 +0800
Subject: MDEV-25343 Error log message not helpful when filekey is too long

Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file

Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).
---
 plugin/file_key_management/parser.cc | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'plugin')

diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 5a9e5e55d63..ec1b528da24 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
   int f= open(filekey, O_RDONLY|O_BINARY);
   if (f == -1)
   {
-    my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE);
+  int len= read(f, secret, MAX_SECRET_SIZE + 1);
   if (len <= 0)
   {
-    my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
   close(f);
+
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
+  if (len > MAX_SECRET_SIZE)
+  {
+    my_printf_error(EE_READ,
+                    "Cannot read %s, the filekey is too long, "
+                    "max secret size is %dB ",
+                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
+    return 1;
+  }
   secret[len]= '\0';
   return 0;
 }
-- 
cgit v1.2.1


From 4b87d3628acf815836c0efc84fbcd878517d9b89 Mon Sep 17 00:00:00 2001
From: Brad Smith <brad@comstyle.com>
Date: Sat, 15 Oct 2022 20:19:41 -0400
Subject: Further tweaking the alloca handling in Hashicorp plugin

---
 plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'plugin')

diff --git a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
index 730707ff52b..7c72af688e4 100644
--- a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
+++ b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
@@ -13,12 +13,10 @@
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
 
+#include <my_global.h>
 #include <mysql/plugin_encryption.h>
 #include <mysqld_error.h>
 #include <string.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <time.h>
 #include <errno.h>
 #include <string>
 #include <sstream>
@@ -26,8 +24,6 @@
 #ifdef _WIN32
 #include <malloc.h>
 #define alloca _alloca
-#elif !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__) && !defined(__DragonFly__)
-#include <alloca.h>
 #endif
 #include <algorithm>
 #include <unordered_map>
-- 
cgit v1.2.1