!96 Fix CVE-2022-37434
From: @starlet-dx Reviewed-by: @wang--ge Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot
Gitee
commit
42498c9880
35
CVE-2022-37434-1.patch
Normal file
35
CVE-2022-37434-1.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From a16f5c7b7c5353cda8c8235d9a6765c7fe3c1231 Mon Sep 17 00:00:00 2001
|
||||||
|
From: starlet-dx <15929766099@163.com>
|
||||||
|
Date: Tue, 16 May 2023 15:15:10 +0800
|
||||||
|
Subject: [PATCH 1/1] Fix a bug when getting a gzip header extra field with
|
||||||
|
inflate().
|
||||||
|
|
||||||
|
If the extra field was larger than the space the user provided with
|
||||||
|
inflateGetHeader(), and if multiple calls of inflate() delivered
|
||||||
|
the extra header data, then there could be a buffer overflow of the
|
||||||
|
provided space. This commit assures that provided space is not
|
||||||
|
exceeded.
|
||||||
|
---
|
||||||
|
extra/zlib/zlib-1.2.12/inflate.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/extra/zlib/zlib-1.2.12/inflate.c b/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
index 7be8c636..7a728974 100644
|
||||||
|
--- a/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
+++ b/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
@@ -763,9 +763,10 @@ int flush;
|
||||||
|
copy = state->length;
|
||||||
|
if (copy > have) copy = have;
|
||||||
|
if (copy) {
|
||||||
|
+ len = state->head->extra_len - state->length;
|
||||||
|
if (state->head != Z_NULL &&
|
||||||
|
- state->head->extra != Z_NULL) {
|
||||||
|
- len = state->head->extra_len - state->length;
|
||||||
|
+ state->head->extra != Z_NULL &&
|
||||||
|
+ len < state->head->extra_max) {
|
||||||
|
zmemcpy(state->head->extra + len, next,
|
||||||
|
len + copy > state->head->extra_max ?
|
||||||
|
state->head->extra_max - len : copy);
|
||||||
|
--
|
||||||
|
2.30.0
|
||||||
|
|
||||||
32
CVE-2022-37434-2.patch
Normal file
32
CVE-2022-37434-2.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 49a8fd61c4f8db9b8e9a50e70114cedc5842178e Mon Sep 17 00:00:00 2001
|
||||||
|
From: starlet-dx <15929766099@163.com>
|
||||||
|
Date: Tue, 16 May 2023 15:17:40 +0800
|
||||||
|
Subject: [PATCH 1/1] Fix extra field processing bug that dereferences NULL
|
||||||
|
state->head.
|
||||||
|
|
||||||
|
The recent commit to fix a gzip header extra field processing bug
|
||||||
|
introduced the new bug fixed here.
|
||||||
|
---
|
||||||
|
extra/zlib/zlib-1.2.12/inflate.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/extra/zlib/zlib-1.2.12/inflate.c b/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
index 7a728974..2a3c4fe9 100644
|
||||||
|
--- a/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
+++ b/extra/zlib/zlib-1.2.12/inflate.c
|
||||||
|
@@ -763,10 +763,10 @@ int flush;
|
||||||
|
copy = state->length;
|
||||||
|
if (copy > have) copy = have;
|
||||||
|
if (copy) {
|
||||||
|
- len = state->head->extra_len - state->length;
|
||||||
|
if (state->head != Z_NULL &&
|
||||||
|
state->head->extra != Z_NULL &&
|
||||||
|
- len < state->head->extra_max) {
|
||||||
|
+ (len = state->head->extra_len - state->length) <
|
||||||
|
+ state->head->extra_max) {
|
||||||
|
zmemcpy(state->head->extra + len, next,
|
||||||
|
len + copy > state->head->extra_max ?
|
||||||
|
state->head->extra_max - len : copy);
|
||||||
|
--
|
||||||
|
2.30.0
|
||||||
|
|
||||||
@ -30,7 +30,7 @@
|
|||||||
%global sameevr %{?epoch:%{epoch}:}%{version}-%{release}
|
%global sameevr %{?epoch:%{epoch}:}%{version}-%{release}
|
||||||
Name: mysql
|
Name: mysql
|
||||||
Version: 8.0.30
|
Version: 8.0.30
|
||||||
Release: 2
|
Release: 3
|
||||||
Summary: MySQL client programs and shared libraries
|
Summary: MySQL client programs and shared libraries
|
||||||
URL: http://www.mysql.com
|
URL: http://www.mysql.com
|
||||||
License: GPLv2 with exceptions and LGPLv2 and BSD
|
License: GPLv2 with exceptions and LGPLv2 and BSD
|
||||||
@ -63,6 +63,8 @@ Patch80: %{pkgnamepatch}-fix-includes-robin-hood.patch
|
|||||||
Patch81: disable-moutline-atomics-for-aarch64.patch
|
Patch81: disable-moutline-atomics-for-aarch64.patch
|
||||||
Patch115: boost-1.58.0-pool.patch
|
Patch115: boost-1.58.0-pool.patch
|
||||||
Patch125: boost-1.57.0-mpl-print.patch
|
Patch125: boost-1.57.0-mpl-print.patch
|
||||||
|
Patch126: CVE-2022-37434-1.patch
|
||||||
|
Patch127: CVE-2022-37434-2.patch
|
||||||
|
|
||||||
BuildRequires: cmake gcc-c++ libaio-devel libedit-devel libevent-devel libicu-devel lz4
|
BuildRequires: cmake gcc-c++ libaio-devel libedit-devel libevent-devel libicu-devel lz4
|
||||||
BuildRequires: lz4-devel mecab-devel bison libzstd-devel
|
BuildRequires: lz4-devel mecab-devel bison libzstd-devel
|
||||||
@ -225,6 +227,8 @@ cd ..
|
|||||||
%patch75 -p1
|
%patch75 -p1
|
||||||
%patch80 -p1
|
%patch80 -p1
|
||||||
%patch81 -p1
|
%patch81 -p1
|
||||||
|
%patch126 -p1
|
||||||
|
%patch127 -p1
|
||||||
pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
|
pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
|
||||||
%patch115 -p0
|
%patch115 -p0
|
||||||
%patch125 -p1
|
%patch125 -p1
|
||||||
@ -543,6 +547,9 @@ fi
|
|||||||
%{_mandir}/man1/mysql_config.1*
|
%{_mandir}/man1/mysql_config.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 16 2023 yaoxin <yao_xin001@hoperun.com> - 8.0.30-3
|
||||||
|
- Fix CVE-2022-37434
|
||||||
|
|
||||||
* Fri Mar 3 2023 Ge Wang <wangge20@h-partners.com> - 8.0.30-2
|
* Fri Mar 3 2023 Ge Wang <wangge20@h-partners.com> - 8.0.30-2
|
||||||
- Remove rpath
|
- Remove rpath
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user