]> TLD Linux GIT Repositories - packages/php.git/commitdiff
- temporarily revert mysql 8 auth fix, breaks build
authorMarcin Krol <hawk@tld-linux.org>
Sun, 22 Jul 2018 00:39:21 +0000 (00:39 +0000)
committerMarcin Krol <hawk@tld-linux.org>
Sun, 22 Jul 2018 00:39:21 +0000 (00:39 +0000)
php.spec
revert-mysql-8-auth-fix.patch [new file with mode: 0644]

index 9030e4f05707efe576fdb6723101cf8b33bdc54a..d0e596fd129cb6cbf2dbfb83a9e96fbe07af01e3 100644 (file)
--- a/php.spec
+++ b/php.spec
@@ -143,7 +143,7 @@ Summary(ru.UTF-8):  PHP Версии 7 - язык препроцессирова
 Summary(uk.UTF-8):     PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:          %{orgname}%{php_suffix}
 Version:       7.1.20
-Release:       1
+Release:       2
 Epoch:         4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -207,6 +207,7 @@ Patch69:    fpm-conf-split.patch
 Patch70:       mysqlnd-ssl.patch
 Patch71:       libdb-info.patch
 Patch72:       phar-hash-shared.patch
+Patch73:       revert-mysql-8-auth-fix.patch
 URL:           http://php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:       Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:  aspell-devel >= 2:0.50.0}
@@ -1971,6 +1972,7 @@ cp -p php.ini-production php.ini
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
+%patch73 -p1
 
 %{__sed} -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
 
diff --git a/revert-mysql-8-auth-fix.patch b/revert-mysql-8-auth-fix.patch
new file mode 100644 (file)
index 0000000..ccde5b8
--- /dev/null
@@ -0,0 +1,632 @@
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_auth.c php-7.2.8.rev/ext/mysqlnd/mysqlnd_auth.c
+--- php-7.2.8/ext/mysqlnd/mysqlnd_auth.c       2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_auth.c   2018-07-22 00:12:44.558404079 +0000
+@@ -89,7 +89,6 @@ mysqlnd_run_authentication(
+                       }
+               }
+-
+               {
+                       zend_uchar * switch_to_auth_protocol_data = NULL;
+                       size_t switch_to_auth_protocol_data_len = 0;
+@@ -114,11 +113,10 @@ mysqlnd_run_authentication(
+                       DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
+                       /* The data should be allocated with malloc() */
+                       if (auth_plugin) {
+-                              scrambled_data = auth_plugin->methods.get_auth_data(
+-                                      NULL, &scrambled_data_len, conn, user, passwd,
+-                                      passwd_len, plugin_data, plugin_data_len,
+-                                      session_options, conn->protocol_frame_codec->data,
+-                                      mysql_flags);
++                              scrambled_data =
++                                      auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
++                                                                                                         plugin_data, plugin_data_len, session_options,
++                                                                                                         conn->protocol_frame_codec->data, mysql_flags);
+                       }
+                       if (conn->error_info->error_no) {
+@@ -129,7 +127,6 @@ mysqlnd_run_authentication(
+                                                                                       charset_no,
+                                                                                       first_call,
+                                                                                       requested_protocol,
+-                                                                                      auth_plugin, plugin_data, plugin_data_len,
+                                                                                       scrambled_data, scrambled_data_len,
+                                                                                       &switch_to_auth_protocol, &switch_to_auth_protocol_len,
+                                                                                       &switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
+@@ -251,9 +248,6 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA
+                                                         unsigned int server_charset_no,
+                                                         zend_bool use_full_blown_auth_packet,
+                                                         const char * const auth_protocol,
+-                                                        struct st_mysqlnd_authentication_plugin * auth_plugin,
+-                                                        const zend_uchar * const orig_auth_plugin_data,
+-                                                        const size_t orig_auth_plugin_data_len,
+                                                         const zend_uchar * const auth_plugin_data,
+                                                         const size_t auth_plugin_data_len,
+                                                         char ** switch_to_auth_protocol,
+@@ -324,11 +318,6 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA
+               conn->charset = mysqlnd_find_charset_nr(auth_packet->charset_no);
+       }
+-      if (auth_plugin && auth_plugin->methods.handle_server_response) {
+-              auth_plugin->methods.handle_server_response(auth_plugin, conn,
+-                      orig_auth_plugin_data, orig_auth_plugin_data_len, passwd, passwd_len);
+-      }
+-
+       if (FAIL == PACKET_READ(auth_resp_packet) || auth_resp_packet->response_code >= 0xFE) {
+               if (auth_resp_packet->response_code == 0xFE) {
+                       /* old authentication with new server  !*/
+@@ -624,8 +613,7 @@ static struct st_mysqlnd_authentication_
+               }
+       },
+       {/* methods */
+-              mysqlnd_native_auth_get_auth_data,
+-              NULL
++              mysqlnd_native_auth_get_auth_data
+       }
+ };
+@@ -674,8 +662,7 @@ static struct st_mysqlnd_authentication_
+               }
+       },
+       {/* methods */
+-              mysqlnd_pam_auth_get_auth_data,
+-              NULL
++              mysqlnd_pam_auth_get_auth_data
+       }
+ };
+@@ -859,283 +846,17 @@ static struct st_mysqlnd_authentication_
+               }
+       },
+       {/* methods */
+-              mysqlnd_sha256_auth_get_auth_data,
+-              NULL
++              mysqlnd_sha256_auth_get_auth_data
+       }
+ };
+ #endif
+-/*************************************** CACHING SHA2 Password *******************************/
+-
+-#undef L64
+-
+-#include "ext/hash/php_hash.h"
+-#include "ext/hash/php_hash_sha.h"
+-
+-#define SHA256_LENGTH 32
+-
+-/* {{{ php_mysqlnd_scramble_sha2 */
+-void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len)
+-{
+-      PHP_SHA256_CTX context;
+-      zend_uchar sha1[SHA256_LENGTH];
+-      zend_uchar sha2[SHA256_LENGTH];
+-
+-      /* Phase 1: hash password */
+-      PHP_SHA256Init(&context);
+-      PHP_SHA256Update(&context, password, password_len);
+-      PHP_SHA256Final(sha1, &context);
+-
+-      /* Phase 2: hash sha1 */
+-      PHP_SHA256Init(&context);
+-      PHP_SHA256Update(&context, (zend_uchar*)sha1, SHA256_LENGTH);
+-      PHP_SHA256Final(sha2, &context);
+-
+-      /* Phase 3: hash scramble + sha2 */
+-      PHP_SHA256Init(&context);
+-      PHP_SHA256Update(&context, (zend_uchar*)sha2, SHA256_LENGTH);
+-      PHP_SHA256Update(&context, scramble, SCRAMBLE_LENGTH);
+-      PHP_SHA256Final(buffer, &context);
+-
+-      /* let's crypt buffer now */
+-      php_mysqlnd_crypt(buffer, (const zend_uchar *)sha1, (const zend_uchar *)buffer, SHA256_LENGTH);
+-}
+-/* }}} */
+-
+-
+-/* {{{ mysqlnd_native_auth_get_auth_data */
+-static zend_uchar *
+-mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
+-                                                                 size_t * auth_data_len,
+-                                                                 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
+-                                                                 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+-                                                                 const MYSQLND_SESSION_OPTIONS * const session_options,
+-                                                                 const MYSQLND_PFC_DATA * const pfc_data,
+-                                                                 zend_ulong mysql_flags
+-                                                                )
+-{
+-      zend_uchar * ret = NULL;
+-      DBG_ENTER("mysqlnd_caching_sha2_get_auth_data");
+-      DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
+-      *auth_data_len = 0;
+-
+-      DBG_INF("First auth step: send hashed password");
+-      /* copy scrambled pass*/
+-      if (passwd && passwd_len) {
+-              ret = malloc(SHA256_LENGTH + 1);
+-              *auth_data_len = SHA256_LENGTH;
+-              php_mysqlnd_scramble_sha2((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
+-              ret[SHA256_LENGTH] = '\0';
+-              DBG_INF_FMT("hash(%d)=[%.*s]", *auth_data_len, *auth_data_len, ret);
+-      }
+-
+-      DBG_RETURN(ret);
+-}
+-/* }}} */
+-
+-#ifdef MYSQLND_HAVE_SSL
+-static RSA *
+-mysqlnd_caching_sha2_get_key(MYSQLND_CONN_DATA *conn)
+-{
+-      RSA * ret = NULL;
+-      const MYSQLND_PFC_DATA * const pfc_data = conn->protocol_frame_codec->data;
+-      const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')?
+-                                                              pfc_data->sha256_server_public_key:
+-                                                              MYSQLND_G(sha256_server_public_key);
+-      php_stream * stream;
+-      DBG_ENTER("mysqlnd_cached_sha2_get_key");
+-      DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
+-                               pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a",
+-                               MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
+-      if (!fname || fname[0] == '\0') {
+-              MYSQLND_PACKET_CACHED_SHA2_RESULT *req_packet = NULL;
+-              MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE *pk_resp_packet = NULL;
+-
+-              do {
+-                      DBG_INF("requesting the public key from the server");
+-                      req_packet = conn->payload_decoder_factory->m.get_cached_sha2_result_packet(conn->payload_decoder_factory, FALSE);
+-                      pk_resp_packet = conn->payload_decoder_factory->m.get_sha256_pk_request_response_packet(conn->payload_decoder_factory, FALSE);
+-                      req_packet->request = 1;
+-
+-                      if (! PACKET_WRITE(req_packet)) {
+-                              DBG_ERR_FMT("Error while sending public key request packet");
+-                              php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
+-                              SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+-                              break;
+-                      }
+-                      if (FAIL == PACKET_READ(pk_resp_packet) || NULL == pk_resp_packet->public_key) {
+-                              DBG_ERR_FMT("Error while receiving public key");
+-                              php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
+-                              SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+-                              break;
+-                      }
+-                      DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet->public_key_len, pk_resp_packet->public_key);
+-                      /* now extract the public key */
+-                      {
+-                              BIO * bio = BIO_new_mem_buf(pk_resp_packet->public_key, pk_resp_packet->public_key_len);
+-                              ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+-                              BIO_free(bio);
+-                      }
+-              } while (0);
+-              PACKET_FREE(req_packet);
+-              PACKET_FREE(pk_resp_packet);
+-
+-              DBG_INF_FMT("ret=%p", ret);
+-              DBG_RETURN(ret);
+-
+-              SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
+-                      "caching_sha2_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
+-              DBG_ERR("server_public_key is not set");
+-              DBG_RETURN(NULL);
+-      } else {
+-              zend_string * key_str;
+-              DBG_INF_FMT("Key in a file. [%s]", fname);
+-              stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
+-
+-              if (stream) {
+-                      if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
+-                              BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
+-                              ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+-                              BIO_free(bio);
+-                              DBG_INF("Successfully loaded");
+-                              DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
+-                              zend_string_release(key_str);
+-                      }
+-                      php_stream_close(stream);
+-              }
+-      }
+-      DBG_RETURN(ret);
+-
+-}
+-#endif
+-
+-
+-/* {{{ mysqlnd_caching_sha2_get_key */
+-static size_t
+-mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
+-              const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+-              unsigned char **crypted,
+-              const char * const passwd,
+-              const size_t passwd_len)
+-{
+-#ifdef MYSQLND_HAVE_SSL
+-      static RSA *server_public_key;
+-      server_public_key = mysqlnd_caching_sha2_get_key(conn);
+-
+-      DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
+-
+-      if (server_public_key) {
+-              int server_public_key_len;
+-              char xor_str[passwd_len + 1];
+-              memcpy(xor_str, passwd, passwd_len);
+-              xor_str[passwd_len] = '\0';
+-              mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
+-
+-              server_public_key_len = RSA_size(server_public_key);
+-              /*
+-                Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
+-                RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
+-                http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
+-              */
+-              if ((size_t) server_public_key_len - 41 <= passwd_len) {
+-                      /* password message is to long */
+-                      SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
+-                      DBG_ERR("password is too long");
+-                      DBG_RETURN(0);
+-              }
+-
+-              *crypted = emalloc(server_public_key_len);
+-              RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING);
+-              DBG_RETURN(server_public_key_len);
+-      }
+-      DBG_RETURN(0);
+-#else
+-      DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
+-      php_error_docref(NULL, E_WARNING, "PHP was built without openssl extension, can't send password encrypted");
+-      DBG_RETURN(0);
+-#endif
+-}
+-/* }}} */
+-
+-/* {{{ mysqlnd_native_auth_get_auth_data */
+-static void
+-mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
+-              MYSQLND_CONN_DATA * conn,
+-              const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+-              const char * const passwd,
+-              const size_t passwd_len)
+-{
+-      DBG_ENTER("mysqlnd_caching_sha2_handle_server_response");
+-      MYSQLND_PACKET_CACHED_SHA2_RESULT *result_packet;
+-      result_packet = conn->payload_decoder_factory->m.get_cached_sha2_result_packet(conn->payload_decoder_factory, FALSE);
+-
+-      if (FAIL == PACKET_READ(result_packet)) {
+-              DBG_VOID_RETURN;
+-      }
+-
+-      switch (result_packet->response_code) {
+-              case 3:
+-                      DBG_INF("fast path suceeded");
+-                      PACKET_FREE(result_packet);
+-                      DBG_VOID_RETURN;
+-              case 4:
+-                      if (conn->vio->data->ssl || conn->unix_socket.s) {
+-                              DBG_INF("fast path failed, doing full auth via SSL");
+-                              result_packet->password = (zend_uchar *)passwd;
+-                              result_packet->password_len = passwd_len + 1;
+-                              PACKET_WRITE(result_packet);
+-                      } else {
+-                              DBG_INF("fast path failed, doing full auth without SSL");
+-                              result_packet->password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet->password, passwd, passwd_len);
+-                              PACKET_WRITE(result_packet);
+-                              efree(result_packet->password);
+-                      }
+-                      PACKET_FREE(result_packet);
+-                      DBG_VOID_RETURN;
+-              case 2:
+-                      // The server tried to send a key, which we didn't expect
+-                      // fall-through
+-              default:
+-                      php_error_docref(NULL, E_WARNING, "Unexpected server respose while doing caching_sha2 auth: %i", result_packet->response_code);
+-      }
+-
+-      PACKET_FREE(result_packet);
+-
+-      DBG_VOID_RETURN;
+-}
+-/* }}} */
+-
+-static struct st_mysqlnd_authentication_plugin mysqlnd_caching_sha2_auth_plugin =
+-{
+-      {
+-              MYSQLND_PLUGIN_API_VERSION,
+-              "auth_plugin_caching_sha2_password",
+-              MYSQLND_VERSION_ID,
+-              PHP_MYSQLND_VERSION,
+-              "PHP License 3.01",
+-              "Johannes Schlüter <johannes.schlueter@php.net>",
+-              {
+-                      NULL, /* no statistics , will be filled later if there are some */
+-                      NULL, /* no statistics */
+-              },
+-              {
+-                      NULL /* plugin shutdown */
+-              }
+-      },
+-      {/* methods */
+-              mysqlnd_caching_sha2_get_auth_data,
+-              mysqlnd_caching_sha2_handle_server_response
+-      }
+-};
+-
+-
+ /* {{{ mysqlnd_register_builtin_authentication_plugins */
+ void
+ mysqlnd_register_builtin_authentication_plugins(void)
+ {
+       mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
+       mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
+-      mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin);
+ #ifdef MYSQLND_HAVE_SSL
+       mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
+ #endif
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_auth.h php-7.2.8.rev/ext/mysqlnd/mysqlnd_auth.h
+--- php-7.2.8/ext/mysqlnd/mysqlnd_auth.h       2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_auth.h   2018-07-22 00:10:53.908410675 +0000
+@@ -31,9 +31,26 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA
+                                               unsigned int server_charset_no,
+                                               zend_bool use_full_blown_auth_packet,
+                                               const char * const auth_protocol,
+-                                              struct st_mysqlnd_authentication_plugin * auth_plugin,
+-                                              const zend_uchar * const orig_auth_plugin_data,
+-                                              const size_t orig_auth_plugin_data_len,
++                                              const zend_uchar * const auth_plugin_data,
++                                              const size_t auth_plugin_data_len,
++                                              char ** switch_to_auth_protocol,
++                                              size_t * switch_to_auth_protocol_len,
++                                              zend_uchar ** switch_to_auth_protocol_data,
++                                              size_t * switch_to_auth_protocol_data_len
++                                              );
++
++enum_func_status
++mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
++                                              const char * const user,
++                                              const char * const passwd,
++                                              const size_t passwd_len,
++                                              const char * const db,
++                                              const size_t db_len,
++                                              const MYSQLND_SESSION_OPTIONS * const session_options,
++                                              zend_ulong mysql_flags,
++                                              unsigned int server_charset_no,
++                                              zend_bool use_full_blown_auth_packet,
++                                              const char * const auth_protocol,
+                                               const zend_uchar * const auth_plugin_data,
+                                               const size_t auth_plugin_data_len,
+                                               char ** switch_to_auth_protocol,
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_connection.c php-7.2.8.rev/ext/mysqlnd/mysqlnd_connection.c
+--- php-7.2.8/ext/mysqlnd/mysqlnd_connection.c 2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_connection.c     2018-07-22 00:10:53.909410674 +0000
+@@ -678,10 +678,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, connec
+       {
+               const MYSQLND_CSTRING scheme = { transport.s, transport.l };
+-              /* This will be overwritten below with a copy, but we can use it during authentication */
+-              conn->unix_socket.s = (char *)socket_or_pipe.s;
+               if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
+-                      conn->unix_socket.s = NULL;
+                       goto err;
+               }
+               conn->unix_socket.s = NULL;
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_enum_n_def.h php-7.2.8.rev/ext/mysqlnd/mysqlnd_enum_n_def.h
+--- php-7.2.8/ext/mysqlnd/mysqlnd_enum_n_def.h 2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_enum_n_def.h     2018-07-22 00:10:53.909410674 +0000
+@@ -631,7 +631,6 @@ enum mysqlnd_packet_type
+       PROT_CHG_USER_RESP_PACKET,
+       PROT_SHA256_PK_REQUEST_PACKET,
+       PROT_SHA256_PK_REQUEST_RESPONSE_PACKET,
+-      PROT_CACHED_SHA2_RESULT_PACKET,
+       PROT_LAST /* should always be last */
+ };
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_structs.h php-7.2.8.rev/ext/mysqlnd/mysqlnd_structs.h
+--- php-7.2.8/ext/mysqlnd/mysqlnd_structs.h    2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_structs.h        2018-07-22 00:10:53.909410674 +0000
+@@ -970,7 +970,6 @@ struct st_mysqlnd_packet_chg_user_resp;
+ struct st_mysqlnd_packet_auth_pam;
+ struct st_mysqlnd_packet_sha256_pk_request;
+ struct st_mysqlnd_packet_sha256_pk_request_response;
+-struct st_mysqlnd_packet_cached_sha2_result;
+ typedef struct st_mysqlnd_packet_greet *              (*func_mysqlnd_protocol_payload_decoder_factory__get_greet_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+ typedef struct st_mysqlnd_packet_auth *                       (*func_mysqlnd_protocol_payload_decoder_factory__get_auth_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+@@ -987,7 +986,6 @@ typedef struct st_mysqlnd_packet_prepare
+ typedef struct st_mysqlnd_packet_chg_user_resp*(*func_mysqlnd_protocol_payload_decoder_factory__get_change_user_response_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+ typedef struct st_mysqlnd_packet_sha256_pk_request *(*func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+ typedef struct st_mysqlnd_packet_sha256_pk_request_response *(*func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_response_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+-typedef struct st_mysqlnd_packet_cached_sha2_result *(*func_mysqlnd_protocol_payload_decoder_factory__get_cached_sha2_result_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
+ typedef enum_func_status (*func_mysqlnd_protocol_payload_decoder_factory__send_command)(
+                       MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * payload_decoder_factory,
+@@ -1045,7 +1043,6 @@ MYSQLND_CLASS_METHODS_TYPE(mysqlnd_proto
+       func_mysqlnd_protocol_payload_decoder_factory__get_change_user_response_packet get_change_user_response_packet;
+       func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_packet get_sha256_pk_request_packet;
+       func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_response_packet get_sha256_pk_request_response_packet;
+-      func_mysqlnd_protocol_payload_decoder_factory__get_cached_sha2_result_packet get_cached_sha2_result_packet;
+       func_mysqlnd_protocol_payload_decoder_factory__send_command send_command;
+       func_mysqlnd_protocol_payload_decoder_factory__send_command_handle_response send_command_handle_response;
+@@ -1358,18 +1355,11 @@ typedef zend_uchar * (*func_auth_plugin_
+                                                                                                               const MYSQLND_PFC_DATA * const pfc_data, zend_ulong mysql_flags
+                                                                                                               );
+-typedef void (*func_auth_plugin__handle_server_response)(struct st_mysqlnd_authentication_plugin * self, 
+-              MYSQLND_CONN_DATA * conn,
+-              const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+-              const char * const passwd,
+-              const size_t passwd_len);
+-
+ struct st_mysqlnd_authentication_plugin
+ {
+       struct st_mysqlnd_plugin_header plugin_header;
+       struct {
+               func_auth_plugin__get_auth_data get_auth_data;
+-              func_auth_plugin__handle_server_response handle_server_response;
+       } methods;
+ };
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_wireprotocol.c php-7.2.8.rev/ext/mysqlnd/mysqlnd_wireprotocol.c
+--- php-7.2.8/ext/mysqlnd/mysqlnd_wireprotocol.c       2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_wireprotocol.c   2018-07-22 00:11:47.108407504 +0000
+@@ -2273,85 +2273,6 @@ php_mysqlnd_sha256_pk_request_response_f
+ }
+ /* }}} */
+-static
+-size_t php_mysqlnd_cached_sha2_result_write(void * _packet)
+-{
+-      MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+-      MYSQLND_ERROR_INFO * error_info = packet->header.error_info;
+-      MYSQLND_PFC * pfc = packet->header.protocol_frame_codec;
+-      MYSQLND_VIO * vio = packet->header.vio;
+-      MYSQLND_STATS * stats = packet->header.stats;
+-#ifndef _MSC_VER
+-      zend_uchar buffer[MYSQLND_HEADER_SIZE + packet->password_len + 1];
+-#else
+-      ALLOCA_FLAG(use_heap)
+-      zend_uchar *buffer = do_alloca(MYSQLND_HEADER_SIZE + packet->password_len + 1, use_heap);
+-#endif
+-      size_t sent;
+-
+-      DBG_ENTER("php_mysqlnd_cached_sha2_result_write");
+-
+-      if (packet->request == 1) {
+-              int1store(buffer + MYSQLND_HEADER_SIZE, '\2');
+-              sent = pfc->data->m.send(pfc, vio, buffer, 1, stats, error_info);
+-      } else {
+-              memcpy(buffer + MYSQLND_HEADER_SIZE, packet->password, packet->password_len);
+-              sent = pfc->data->m.send(pfc, vio, buffer, packet->password_len, stats, error_info);
+-      }
+-
+-#ifdef _MSC_VER
+-      free_alloca(buffer, use_heap);
+-#endif
+-
+-      DBG_RETURN(sent);
+-}
+-
+-static enum_func_status
+-php_mysqlnd_cached_sha2_result_read(void * _packet)
+-{
+-      MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+-      MYSQLND_ERROR_INFO * error_info = packet->header.error_info;
+-      MYSQLND_PFC * pfc = packet->header.protocol_frame_codec;
+-      MYSQLND_VIO * vio = packet->header.vio;
+-      MYSQLND_STATS * stats = packet->header.stats;
+-      MYSQLND_CONNECTION_STATE * connection_state = packet->header.connection_state;
+-      zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
+-      zend_uchar *p = buf;
+-      const zend_uchar * const begin = buf;
+-
+-      DBG_ENTER("php_mysqlnd_cached_sha2_result_read");
+-      if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
+-              DBG_RETURN(FAIL);
+-      }
+-      BAIL_IF_NO_MORE_DATA;
+-
+-      p++;
+-      packet->response_code = uint1korr(p);
+-      BAIL_IF_NO_MORE_DATA;
+-
+-      p++;
+-      packet->result = uint1korr(p);
+-      BAIL_IF_NO_MORE_DATA;
+-
+-      DBG_RETURN(PASS);
+-
+-premature_end:
+-      DBG_ERR_FMT("OK packet %d bytes shorter than expected", p - begin - packet->header.size);
+-      php_error_docref(NULL, E_WARNING, "SHA256_PK_REQUEST_RESPONSE packet "MYSQLND_SZ_T_SPEC" bytes shorter than expected",
+-                                       p - begin - packet->header.size);
+-      DBG_RETURN(FAIL);
+-}
+-
+-static void
+-php_mysqlnd_cached_sha2_result_free_mem(void * _packet, zend_bool stack_allocation)
+-{
+-      MYSQLND_PACKET_CACHED_SHA2_RESULT * p = (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+-
+-      if (!stack_allocation) {
+-              mnd_pefree(p, p->header.persistent);
+-      }
+-}
+-/* }}} */
+ /* {{{ packet_methods */
+ static
+ mysqlnd_packet_methods packet_methods[PROT_LAST] =
+@@ -2445,15 +2366,9 @@ mysqlnd_packet_methods packet_methods[PR
+               php_mysqlnd_sha256_pk_request_response_read,
+               NULL, /* write */
+               php_mysqlnd_sha256_pk_request_response_free_mem,
+-      }, /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+-      {
+-              sizeof(MYSQLND_PACKET_CACHED_SHA2_RESULT),
+-              php_mysqlnd_cached_sha2_result_read,
+-              php_mysqlnd_cached_sha2_result_write,
+-              php_mysqlnd_cached_sha2_result_free_mem
+-      } /* PROT_CACHED_SHA2_RESULT_PACKET */
++      } /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+ };
+-/* }}} */     
++/* }}} */
+ /* {{{ mysqlnd_protocol::get_greet_packet */
+@@ -2802,30 +2717,6 @@ MYSQLND_METHOD(mysqlnd_protocol, get_sha
+ }
+ /* }}} */
+-/* {{{ mysqlnd_protocol::init_cached_sha2_result_packet */
+-static struct st_mysqlnd_packet_cached_sha2_result *
+-MYSQLND_METHOD(mysqlnd_protocol, get_cached_sha2_result_packet)
+-(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent)
+-{
+-      struct st_mysqlnd_packet_cached_sha2_result * packet = mnd_pecalloc(1, packet_methods[PROT_CACHED_SHA2_RESULT_PACKET].struct_size, persistent);
+-      DBG_ENTER("mysqlnd_protocol::init_cached_sha2_result_packet");
+-      if (packet) {
+-              memset(packet, 0, sizeof(*packet));
+-              packet->header.m = &packet_methods[PROT_CACHED_SHA2_RESULT_PACKET];
+-              packet->header.factory = factory;
+-
+-              packet->header.protocol_frame_codec = factory->conn->protocol_frame_codec;
+-              packet->header.vio = factory->conn->vio;
+-              packet->header.stats = factory->conn->stats;
+-              packet->header.error_info = factory->conn->error_info;
+-              packet->header.connection_state = &factory->conn->state;
+-
+-              packet->header.persistent = persistent;
+-      }
+-      DBG_RETURN(packet);
+-}
+-/* }}} */
+-
+ /* {{{ mysqlnd_protocol::send_command */
+ static enum_func_status
+@@ -3056,7 +2947,6 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_prot
+       MYSQLND_METHOD(mysqlnd_protocol, get_change_user_response_packet),
+       MYSQLND_METHOD(mysqlnd_protocol, get_sha256_pk_request_packet),
+       MYSQLND_METHOD(mysqlnd_protocol, get_sha256_pk_request_response_packet),
+-      MYSQLND_METHOD(mysqlnd_protocol, get_cached_sha2_result_packet),
+       MYSQLND_METHOD(mysqlnd_protocol, send_command),
+       MYSQLND_METHOD(mysqlnd_protocol, send_command_handle_response),
+diff -urpa php-7.2.8/ext/mysqlnd/mysqlnd_wireprotocol.h php-7.2.8.rev/ext/mysqlnd/mysqlnd_wireprotocol.h
+--- php-7.2.8/ext/mysqlnd/mysqlnd_wireprotocol.h       2018-07-17 05:35:47.000000000 +0000
++++ php-7.2.8.rev/ext/mysqlnd/mysqlnd_wireprotocol.h   2018-07-22 00:10:53.910410674 +0000
+@@ -292,16 +292,6 @@ typedef struct  st_mysqlnd_packet_sha256
+       size_t                                  public_key_len;
+ } MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE;
+-typedef struct st_mysqlnd_packet_cached_sha2_result {
+-      MYSQLND_PACKET_HEADER           header;
+-      uint8_t         response_code;
+-      uint8_t         result;
+-      uint8_t         request;
+-      zend_uchar * password;
+-      size_t password_len;
+-} MYSQLND_PACKET_CACHED_SHA2_RESULT;
+-
+-
+ zend_ulong            php_mysqlnd_net_field_length(const zend_uchar **packet);
+ zend_uchar *  php_mysqlnd_net_store_length(zend_uchar *packet, const uint64_t length);