DBD-mysql
DBD-mysql copied to clipboard
perl5-dbi
MariaDB 10.6.2 and later changed format for mysql_get_client_version.
Starting with MariaDB 10.6.2+ the format for mysql_get_client_version* changed to report the version of the client library as opposed to the main MariaDB release:
$ cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <mysql.h>
int main() {
my_ulonglong version = mysql_get_client_version();
printf("Version: %d\n", version);
printf("Version: %s\n", mysql_get_client_info());
if ((version >= 50544 && version < 50600) || (version >= 100020 && version < 100100) || version >= 100106) {
printf("TRUE\n");
}
else {
printf("FALSE\n");
}
}
$ gcc -o test -I/usr/include/mysql -I/usr/include/mysql/mysql -L/usr/lib64/ -lmariadb test.c
$ ./test
Version: 100601
Version: 10.6.1
TRUE
$ yum update MariaDB-shared-10.6.2
Loaded plugins: priorities, product-id, search-disabled-repos, subscription-manager, versionlock
Resolving Dependencies
--> Running transaction check
---> Package MariaDB-shared.x86_64 0:10.6.1-1.el7.centos will be updated
---> Package MariaDB-shared.x86_64 0:10.6.2-1.el7.centos will be an update
--> Finished Dependency Resolution
--> Finding unneeded leftover dependencies
Found and removing 0 unneeded dependencies
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Updating:
MariaDB-shared x86_64 10.6.2-1.el7.centos mariadb 112 k
Transaction Summary
========================================================================================================================
Upgrade 1 Package
Total download size: 112 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
MariaDB-shared-10.6.2-1.el7.centos.x86_64.rpm | 112 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : MariaDB-shared-10.6.2-1.el7.centos.x86_64 1/2
Cleanup : MariaDB-shared-10.6.1-1.el7.centos.x86_64 2/2
Verifying : MariaDB-shared-10.6.2-1.el7.centos.x86_64 1/2
Verifying : MariaDB-shared-10.6.1-1.el7.centos.x86_64 2/2
Updated:
MariaDB-shared.x86_64 0:10.6.2-1.el7.centos
Complete!
$ ./test
Version: 30202
Version: 3.2.2
FALSE
This causes anything trying to auto discover the MariaDB version to fail (Like enabling SSL, which is where I ran into this issue).
Not really sure what the fix is to this. Maybe there is another way to check the MariaDB version then mysql_get_client_version. For now, I'll keep my MariaDB-shared libraries locked at 10.6.1, but this will cause an issue going forward and should be looked at.
Based on this
https://jira.mariadb.org/browse/CONC-509
It appears this behavior is by design.
I applied some formatting changes to the description, hope that's ok.
No problem, I was in a bit of a hurry when I opened the ticket and didn't go through all the WIKI tags. I've spent a day banging my head on the wall as to why this wasn't working with a new 10.6 deployment.
Thanks for the report. Any chance you could send a pull request for this?
I don't have a fix for this issue right now, other then to not update the MariabDB-shared package from 10.6.1.
I was looking at if just switching mysql_get_client_version() to mysql_get_server_vesion(sock) in dbdimp.h might resolve the issue but haven't done anything with it yet.
I've noted that mariadb_get_infov might be a reasonable replacement:
[root@beech mytest]# rpm -q MariaDB-shared
MariaDB-shared-10.6.1-1.el7.centos.x86_64
[root@beech mytest]# cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <mysql.h>
int main() {
unsigned long version;
version = mysql_get_client_version();
printf("mysql_get_client_version: %d\n", version);
mariadb_get_infov(NULL, MARIADB_CLIENT_VERSION_ID, (void *) &version);
printf("MARIADB_CLIENT_VERSION_ID: %d\n", version);
}
[root@beech mytest]# gcc -o test -I/usr/include/mysql -I/usr/include/mysql/mysql -L/usr/lib64/ -lmariadb test.c
[root@beech mytest]# ./test
mysql_get_client_version: 100601
MARIADB_CLIENT_VERSION_ID: 100601
[root@beech mytest]#
[root@beech mytest]# yum update MariaDB-shared-10.6.2
Loaded plugins: priorities, product-id, search-disabled-repos, subscription-manager, versionlock
Resolving Dependencies
--> Running transaction check
---> Package MariaDB-shared.x86_64 0:10.6.1-1.el7.centos will be updated
---> Package MariaDB-shared.x86_64 0:10.6.2-1.el7.centos will be an update
--> Finished Dependency Resolution
--> Finding unneeded leftover dependencies
Found and removing 0 unneeded dependencies
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Updating:
MariaDB-shared x86_64 10.6.2-1.el7.centos mariadb 112 k
Transaction Summary
========================================================================================================================
Upgrade 1 Package
Total download size: 112 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
MariaDB-shared-10.6.2-1.el7.centos.x86_64.rpm | 112 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : MariaDB-shared-10.6.2-1.el7.centos.x86_64 1/2
Cleanup : MariaDB-shared-10.6.1-1.el7.centos.x86_64 2/2
Verifying : MariaDB-shared-10.6.2-1.el7.centos.x86_64 1/2
Verifying : MariaDB-shared-10.6.1-1.el7.centos.x86_64 2/2
Updated:
MariaDB-shared.x86_64 0:10.6.2-1.el7.centos
Complete!
[root@beech mytest]# ./test
mysql_get_client_version: 30202
MARIADB_CLIENT_VERSION_ID: 100602
[root@beech mytest]# yum update MariaDB-shared-10.6.3
Loaded plugins: priorities, product-id, search-disabled-repos, subscription-manager, versionlock
Resolving Dependencies
--> Running transaction check
---> Package MariaDB-shared.x86_64 0:10.6.2-1.el7.centos will be updated
---> Package MariaDB-shared.x86_64 0:10.6.3-1.el7.centos will be an update
--> Finished Dependency Resolution
--> Finding unneeded leftover dependencies
Found and removing 0 unneeded dependencies
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Updating:
MariaDB-shared x86_64 10.6.3-1.el7.centos mariadb 112 k
Transaction Summary
========================================================================================================================
Upgrade 1 Package
Total download size: 112 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
MariaDB-shared-10.6.3-1.el7.centos.x86_64.rpm | 112 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : MariaDB-shared-10.6.3-1.el7.centos.x86_64 1/2
Cleanup : MariaDB-shared-10.6.2-1.el7.centos.x86_64 2/2
Verifying : MariaDB-shared-10.6.3-1.el7.centos.x86_64 1/2
Verifying : MariaDB-shared-10.6.2-1.el7.centos.x86_64 2/2
Updated:
MariaDB-shared.x86_64 0:10.6.3-1.el7.centos
Complete!
[root@beech mytest]# ./test
mysql_get_client_version: 30203
MARIADB_CLIENT_VERSION_ID: 100603
[root@beech mytest]#
The issue is, it isn't clear to me if this is an over site on the part of MariaDB developers in that MARIADB_CLIENT_VERSION_ID was suppose to return what mysql_get_client_version() is or if its suppose to always return what MARIADB_VERSION_ID is.
If it's useful, this seems to work for me:
--- dbdimp.h.orig 2021-07-20 14:56:52.137770032 -0400
+++ dbdimp.h 2021-07-20 14:58:05.025975566 -0400
@@ -110,7 +110,8 @@
/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT automatically enforce SSL mode */
static inline bool ssl_verify_also_enforce_ssl(void) {
#ifdef MARIADB_BASE_VERSION
- my_ulonglong version = mysql_get_client_version();
+ my_ulonglong version;
+ mariadb_get_infov(NULL, MARIADB_CLIENT_VERSION_ID, (void *) &version);
return ((version >= 50544 && version < 50600) || (version >= 100020 && version < 100100) || version >= 100106);
#else
return false;
@@ -119,7 +120,8 @@
/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT is not vulnerable (CVE-2016-2047) and can be used */
static inline bool ssl_verify_usable(void) {
- my_ulonglong version = mysql_get_client_version();
+ my_ulonglong version;
+ mariadb_get_infov(NULL, MARIADB_CLIENT_VERSION_ID, (void *) &version);
#ifdef MARIADB_BASE_VERSION
return ((version >= 50547 && version < 50600) || (version >= 100023 && version < 100100) || version >= 100110);
#else
Using the above patch against 4.046 (From the Red Hat perl-DBD-MySQL SRC RPM), rebuilding the RPM from SRC and re-deploying the RPM to my system allows my Perl scripts to connect via SSL to MariaDB 10.6.2+.
Hi,
I'm wondering if this change may manifest itself in other ways. I've had a working SSL connection to Mariadb but following the latest Mariadb update to 10.6, I'm now getting the following error (from a SpamAssassin 'bayes' learning update):
unable to connect to database: SSL connection error: Enforcing SSL encryption is not supported
This uses a connection string of:
DBI:mysql:sabayes:*serveraddress*;mysql_ssl=1;mysql_ssl_ca_path=/etc/ssl/certs/;mysql_ssl_verify_server_cert=1
Adding the 'ssl option' string allows the connection to work - the MariaDB servers enforces SSL for this user anyway:
DBI:mysql:sabayes:*serveraddress*;mysql_ssl=1;mysql_ssl_ca_path=/etc/ssl/certs/;mysql_ssl_verify_server_cert=1;mysql_ssl_optional=1
It's not entirely obvious if this relates to the amended MariaDB version but does seem to be in the same area.
This is on an Arch Linux install using:
mariadb & mariadb-libs 10.6.3-1 perl-dbd-mysql 4.050-7
For me, on Debian, this occurs when I upgrade libmariadb3 to 10.6.5 (and presumably earlier 10.6.x versions).
Thanks @bviviano, your patch works and appears to me to be a good approach, with the caveat that I am unfamiliar with mysql/mariadb development. I would suggest only changing the variable type to unsigned int, since that is the documented type for MARIADB_CLIENT_VERSION_ID.
https://mariadb.com/kb/en/mariadb_get_infov/
diff --git a/dbdimp.h b/dbdimp.h
index c30188e..3e99bc3 100644
--- a/dbdimp.h
+++ b/dbdimp.h
@@ -106,7 +106,8 @@
/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT automatically enforce SSL mode */
static inline bool ssl_verify_also_enforce_ssl(void) {
#ifdef MARIADB_BASE_VERSION
- my_ulonglong version = mysql_get_client_version();
+ unsigned int version;
+ mariadb_get_infov(NULL, MARIADB_CLIENT_VERSION_ID, &version);
return ((version >= 50544 && version < 50600) || (version >= 100020 && version < 100100) || version >= 100106);
#else
return false;
@@ -115,7 +116,8 @@ static inline bool ssl_verify_also_enforce_ssl(void) {
/* MYSQL_OPT_SSL_VERIFY_SERVER_CERT is not vulnerable (CVE-2016-2047) and can be used */
static inline bool ssl_verify_usable(void) {
- my_ulonglong version = mysql_get_client_version();
+ unsigned int version;
+ mariadb_get_infov(NULL, MARIADB_CLIENT_VERSION_ID, &version);
#ifdef MARIADB_BASE_VERSION
return ((version >= 50547 && version < 50600) || (version >= 100023 && version < 100100) || version >= 100110);
#else
@bviviano would you like to submit a PR for this? Otherwise, I can, but you should get the credit if you prefer.
Thanks, Corey
@bugfood feel free to submit it back if you want, don't really care about credit. I figured if the DBD-mysql developers had wanted to incorporate my suggested fix, I would of expected they would of done so. I also opened a ticket on the Red Hat side for their RPM package version as a bug, figuring it might eventually find its way here from the RH side.
Ok, that's fine. I opened a PR: https://github.com/perl5-dbi/DBD-mysql/pull/339 ...including my understanding of the issue in the commit message. Please correct me if I got any details wrong.
Thanks, Corey
Reopening again. Stupid github, it closes this issue everytime I push some commits into my forked repo which reference this issue, ah :-(