From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 24 14:32:16 2017 Received: (at submit) by debbugs.gnu.org; 24 Jul 2017 18:32:16 +0000 Received: from localhost ([127.0.0.1]:54641 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZi9Q-0006LT-Gx for submit@debbugs.gnu.org; Mon, 24 Jul 2017 14:32:16 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60385) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZi9M-0006LG-UH for submit@debbugs.gnu.org; Mon, 24 Jul 2017 14:32:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZi9G-0007Bz-GH for submit@debbugs.gnu.org; Mon, 24 Jul 2017 14:32:07 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:36393) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dZi9G-0007Bv-Cz for submit@debbugs.gnu.org; Mon, 24 Jul 2017 14:32:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51354) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZi9F-0003Lc-08 for guix-patches@gnu.org; Mon, 24 Jul 2017 14:32:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZi9B-0007B3-G8 for guix-patches@gnu.org; Mon, 24 Jul 2017 14:32:05 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:38212 helo=mail.openmailbox.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dZi9B-0007AQ-3z for guix-patches@gnu.org; Mon, 24 Jul 2017 14:32:01 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id 461FE4EA31F; Mon, 24 Jul 2017 20:31:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1500921119; bh=6ldn6lpekTIRMV9YKbzXl8u2ku9hZFIIxy0vnMAO6ZQ=; h=From:To:Cc:Subject:Date:From; b=UBpj7a0DtVm4Q/DZsFHvO2gWcSjZ/lu91AwtX+Ou8d7Y9aqNqSH01yQC2/xCbCs7h yDeERGo+VjWl6vdldq7OUTnC/b0mFknslrRiP999W3SWh+XdvVVYdt9CC7Yj2SQ5xp EGYSJIr08rTobeK/yPu48FKQo9Q8Ycbt4zkwdpAc= From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1500921118; bh=6ldn6lpekTIRMV9YKbzXl8u2ku9hZFIIxy0vnMAO6ZQ=; h=From:To:Cc:Subject:Date:From; b=0qVauxfydEqsP40Bcf+W+7SDstoUj5uiljL3lipU1U0JHrHKSJXruT89alqTJnxVe Ix0xaNqqlHM4hNebZm9LTDoB6MRChKdbzp0qRz17Z3ZqMNfOGzKfYxvObRkCLDH8t8 QLRm7wxNG0dO0DFTWb0cQOb5//MyEtO/zq2a/1Bk= To: guix-patches@gnu.org Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. Date: Mon, 24 Jul 2017 14:31:44 -0400 Message-Id: <20170724183144.18241-1-kei@openmailbox.org> X-Mailer: git-send-email 2.13.3 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -6.3 (------) X-Debbugs-Envelope-To: submit Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.3 (------) * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/databases.scm | 3 +- .../patches/perl-dbd-mysql-CVE-2017-10788.patch | 51 ++++++++++++++++++++++ 3 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3eccc879b..4292d705c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -902,6 +902,7 @@ dist_patch_DATA = \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ + %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index ee340505e..7e62452ea 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and relationships.") "DBD-mysql-" version ".tar.gz")) (sha256 (base32 - "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")))) + "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")) + (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch")))) (build-system perl-build-system) ;; Tests require running MySQL server (arguments `(#:tests? #f)) diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch new file mode 100644 index 000000000..344f2d803 --- /dev/null +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch @@ -0,0 +1,51 @@ +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 +From: Pali +Date: Sun, 25 Jun 2017 10:07:39 +0200 +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() + +Ignore return value from mysql_stmt_close() and also its error message +because it points to freed memory after mysql_stmt_close() was called. +--- + dbdimp.c | 8 ++------ + mysql.xs | 7 ++----- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index c60a5f6..a6410e5 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { + + if (imp_sth->stmt) + { +- if (mysql_stmt_close(imp_sth->stmt)) +- { +- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), +- mysql_stmt_error(imp_sth->stmt), +- mysql_stmt_sqlstate(imp_sth->stmt)); +- } ++ mysql_stmt_close(imp_sth->stmt); ++ imp_sth->stmt= NULL; + } + #endif + +diff --git a/mysql.xs b/mysql.xs +index 55376e1..affde59 100644 +--- a/mysql.xs ++++ b/mysql.xs +@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) + if (bind) + Safefree(bind); + +- if(mysql_stmt_close(stmt)) +- { +- fprintf(stderr, "\n failed while closing the statement"); +- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); +- } ++ mysql_stmt_close(stmt); ++ stmt= NULL; + + if (retval == -2) /* -2 means error */ + { +-- +1.7.9.5 -- 2.13.3 From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 24 15:18:04 2017 Received: (at 27805) by debbugs.gnu.org; 24 Jul 2017 19:18:04 +0000 Received: from localhost ([127.0.0.1]:54675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZirj-0007RJ-W6 for submit@debbugs.gnu.org; Mon, 24 Jul 2017 15:18:04 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:38645) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZirf-0007Qr-Vb for 27805@debbugs.gnu.org; Mon, 24 Jul 2017 15:18:02 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8EDA022321; Mon, 24 Jul 2017 15:17:59 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 24 Jul 2017 15:17:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Droj9cYou8AbIIKsQhOyzxMcd5bSK7tf08V3hP AzZ5s=; b=QNfGcAYy3RhURa25Ms3yDHjg4POJ8eDSWTa+L51Yv+aMqde/pGlXH1 Ztnm/2N6ty8pCjoRXtyKoAnYjSqwvxL62SPIPV9S/KpogYpIerBgBrcVM/LJjUmq LSgEKjSkPG+LBxWK/YV/VMp5rsMY2o5F2gt0mjEQJoTQbisHat4c0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Droj9cYou8AbIIKsQh OyzxMcd5bSK7tf08V3hPAzZ5s=; b=Zng6ZcBJBQN0F8Kn2Pdh7P9IgnCzpYgGdx H1GtlWphiI4199j5879KkpbhQGkekcFqA3wzsS4ROowik5L4CRUp0Tslb1epmw7N 20PLOSqAFOjy3iLtQg2GjdFC7YsFVmMZ4e2KCqUOWUsZTKkJWpTtySfSoJk0zW4J CW6enZI/9mbE/JiYLaaxCDaBKUgqO3P/KjiW7EcLKxBaALR870ggHdvEndnlrxfv tVE+/Mhj2WuHyrWR3N6qI6oTxKkpz19Oi4xLL2kCoHNtg+WuZFGzaNGA30aFa0f1 +cki16hIkKq/DOIk7X/IYRJhJfgS9cuCQ1mV2D2CudWn0NbOMhkA== X-ME-Sender: X-Sasl-enc: fsc8KR57TqM1kXFHf8rstsd9SL5vllsMjybQ/mAQievg 1500923879 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 4C9377E186; Mon, 24 Jul 2017 15:17:59 -0400 (EDT) Date: Mon, 24 Jul 2017 15:17:45 -0400 From: Leo Famulari To: Kei Kebreau Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. Message-ID: <20170724191745.GA26221@jasmine.lan> References: <20170724183144.18241-1-kei@openmailbox.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline In-Reply-To: <20170724183144.18241-1-kei@openmailbox.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27805 Cc: 27805@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Jul 24, 2017 at 02:31:44PM -0400, Kei Kebreau wrote: > * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. Thanks! > diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch > new file mode 100644 > index 000000000..344f2d803 > --- /dev/null > +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch > @@ -0,0 +1,51 @@ > +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 > +From: Pali > +Date: Sun, 25 Jun 2017 10:07:39 +0200 > +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() > + > +Ignore return value from mysql_stmt_close() and also its error message > +because it points to freed memory after mysql_stmt_close() was called. Can you add a link to the MITRE page for this CVE (and any other pages you think are relevant) and to the source of this patch? Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if you are unsure. There is also CVE-2017-10789. I'm not sure if there is a fix merged upstream yet: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789 --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll2R9kACgkQJkb6MLrK fwgVjg//VlpskWuYx96WD5+K5QjSJZ7s9bmcGyNJEBfoWY001SLLzlgwfzjyiYug LW4ypt6yA0Sx5Lsnk+SqVZ29gDptB0CeRST6QKa6g9uAsTrr3pIvalbcAti5IGQs JszIkGF5q5+/Bz6ze9e167P/STpiOCRyXtZJkBTpCQ+E9wnxnekzdh8s5BwzUHBs iZ+H688J9fgnT9X5Fqb1Co42pe56BD7M/IJaLhv8YLVnKAYUddQHHtPwowAXbFSg LcRsRVA4leXxTQPAH2MWtfwwBOsW5qrRAj8dLqzJXo0WjZPX6T9P5HKWf02TqFYd fyXCcJ2IOKnLX8ippfi/vYvd9a7maQgBFSm9cLv7+yf4bN6OVP4GfnuMUBrdmFU2 cHh85Qc60S0ztbVgJkVo6yBzjjGfourFkDFhlpEH8sDbBaaQoOrgwtdkfRWZKvfE 9l3cmusykcPad6yJukFFTNUh06vLgDLwbtIxg4FY1rbnwE7fsZqbm6DsKyCaMMDM GAw0MVEWZ6qkwCyHCqYetZssYhRbVsagOcUg6AWVn7iQHjOwY2RoXG/omDAI4cLF fB3mRL6djKi49SCcS6XOrTmAdxj8cwZ1u/KYTMicGPnNcvAG6tor/U/Vg1gSbAfc XYv8i64ljZ4q2yej6IaJFzG4V6ObRFGuIezFzTNJYD7Ve7FhoBY= =1nTQ -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 24 18:08:43 2017 Received: (at 27805) by debbugs.gnu.org; 24 Jul 2017 22:08:43 +0000 Received: from localhost ([127.0.0.1]:54758 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZlWk-0003Gy-QC for submit@debbugs.gnu.org; Mon, 24 Jul 2017 18:08:43 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:47305 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dZlWf-0003Gm-AX for 27805@debbugs.gnu.org; Mon, 24 Jul 2017 18:08:32 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id B34054E1B57; Tue, 25 Jul 2017 00:07:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1500934057; bh=XJ0bqrtCUZod7+ZkR+1u5KcZXQ8Askeh6OV0VixGNFY=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=hRJqcVi28OYd4fa7+/26fA8H2rAAQXbudkb9ioR/aTUzCNFMdkxcQXGSt9sqQjX9J QV62CYnALiFu+wmNG7ubGDNdwXqyQjfLLc5lxJN/RuzWRq6OJt1tnx5WcmsMs8u/3i /rp/sK5ZXAdCntgHkRluKceWNkqLGntJS0VEWgSk= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR003 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1500934056; bh=XJ0bqrtCUZod7+ZkR+1u5KcZXQ8Askeh6OV0VixGNFY=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=AWXc/pjbX3QpSmoWb4ZrIT8RGfy6iphzmnnQu5ZXCevh79OIIA5eEBm1QACtkglue S2HqyyrpeO+WUMpvDkxyfV9eIWocyAW0UUc4RgrxNDM5R/GoZgT3n8m3yt7Xpd517n byM7OOShrO5w220j5xmGco6fnooXIBIVSGr5gHMY= To: Leo Famulari Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. References: <20170724183144.18241-1-kei@openmailbox.org> <20170724191745.GA26221@jasmine.lan> Date: Mon, 24 Jul 2017 18:07:25 -0400 In-Reply-To: <20170724191745.GA26221@jasmine.lan> (Leo Famulari's message of "Mon, 24 Jul 2017 15:17:45 -0400") Message-ID: <87tw215w0y.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27805 Cc: 27805@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Leo Famulari writes: > On Mon, Jul 24, 2017 at 02:31:44PM -0400, Kei Kebreau wrote: >> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Add it. >> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. > > Thanks! > >> diff --git >> a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch >> b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch >> new file mode 100644 >> index 000000000..344f2d803 >> --- /dev/null >> +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch >> @@ -0,0 +1,51 @@ >> +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 >> +From: Pali >> +Date: Sun, 25 Jun 2017 10:07:39 +0200 >> +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() >> + >> +Ignore return value from mysql_stmt_close() and also its error message >> +because it points to freed memory after mysql_stmt_close() was called. > > Can you add a link to the MITRE page for this CVE (and any other pages > you think are relevant) and to the source of this patch? > Done! FYI, this patch is tentative (i.e. not merged upstream as of yet). It seems to do the right thing, but I'm not quite sure, as I'm not an experienced C programmer, nor am I a user of this package. > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if > you are unsure. > > There is also CVE-2017-10789. I'm not sure if there is a fix merged > upstream yet: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789 There was a fix that was merged and later reverted in the latest version, 4.043. How does the attached patch look? --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-perl-dbd-mysql-Fix-CVE-2017-10788.patch Content-Transfer-Encoding: quoted-printable From=20d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Mon, 24 Jul 2017 13:51:50 -0400 Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. =2D-- gnu/local.mk | 1 + gnu/packages/databases.scm | 3 +- .../patches/perl-dbd-mysql-CVE-2017-10788.patch | 62 ++++++++++++++++++= ++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3eccc879b..4292d705c 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -902,6 +902,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ + %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index ee340505e..7e62452ea 100644 =2D-- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and relatio= nships.") "DBD-mysql-" version ".tar.gz")) (sha256 (base32 =2D "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")))) + "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")) + (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch")))) (build-system perl-build-system) ;; Tests require running MySQL server (arguments `(#:tests? #f)) diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu= /packages/patches/perl-dbd-mysql-CVE-2017-10788.patch new file mode 100644 index 000000000..74613cb63 =2D-- /dev/null +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch @@ -0,0 +1,62 @@ +Fix CVE-2017-10788: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-10788 + +Patch written to match corrected documentation specifications: + +Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/r= efman/5.7/en/mysql-stmt-close.html +New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html + +The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120= #issuecomment-312420660. + +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 +From: Pali +Date: Sun, 25 Jun 2017 10:07:39 +0200 +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() + +Ignore return value from mysql_stmt_close() and also its error message +because it points to freed memory after mysql_stmt_close() was called. +--- + dbdimp.c | 8 ++------ + mysql.xs | 7 ++----- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index c60a5f6..a6410e5 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { + + if (imp_sth->stmt) + { +- if (mysql_stmt_close(imp_sth->stmt)) +- { +- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), +- mysql_stmt_error(imp_sth->stmt), +- mysql_stmt_sqlstate(imp_sth->stmt)); +- } ++ mysql_stmt_close(imp_sth->stmt); ++ imp_sth->stmt=3D NULL; + } + #endif + +diff --git a/mysql.xs b/mysql.xs +index 55376e1..affde59 100644 +--- a/mysql.xs ++++ b/mysql.xs +@@ -434,11 +434,8 @@ do(dbh, statement, attr=3DNullsv, ...) + if (bind) + Safefree(bind); + +- if(mysql_stmt_close(stmt)) +- { +- fprintf(stderr, "\n failed while closing the statement"); +- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); +- } ++ mysql_stmt_close(stmt); ++ stmt=3D NULL; + + if (retval =3D=3D -2) /* -2 means error */ + { +-- +1.7.9.5 =2D-=20 2.13.3 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAll2b50ACgkQ5qXuPBlG eg1W3g/+IqjU+ouThkzH9bMfYYuhmOulvzBC5gJiyFW6A4Q0CGypyMGoWBVnKIOj 8EHJr0/YIX4fPGosh3U0BzK2XzdTAm9qBwWdYhoZNwQfvLOX+JI3u8hqydk3n8ZJ 9fDv+CIKs0pfek4Uy21AfO93aFW8s8YrfBx6wURq9eUmkN3LSnR1tHUj1+DOnu+S O68t6F1NSHqF4sNhcdFroVDvz88I78rLt7CVMTiE9WOGCVY0YOW5HipJ/8+7ZYfi kQl4TNPUZ2C6lfXoZtZJOzleehNig6w0OJN7MKYE6Uhl1PyYDx52H2fdMhiUXBYa Wpy9AXzTrC1QkzAucI3YFL2f95Yn75c5oLHQUGk0uuJ9F6iGFAh6SzMsWXEXJ8Ty EEOAAYS23bufqwmsBfH7dPG5zf/IGcskATVubSDeHxQW86bfYIcM9oy5dWITVNLb RlCWLINq+6wZ54MuxXhcc8GhDe9Iw8J8OiEzNfcxMxFW9hCIWE6klcjmkKRsw/6p /LHuuPOBsForKE7RpkWM7og0ZbuTbzBe/DeZcYK29kJjG40H0xZf6QRCE/Rpg7Ll 5+HjuUWnXDcSg3lifSpHXhb+vHwWMQUg6c3k0r0KV3PO1qMNeJfKRLtvBnGRi6p0 OGOZ+I6Zix9LWvhEdmtQjGiM5n5if4b6eYDgaOigG/HS7Njf1Ls= =KZQH -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 25 14:00:17 2017 Received: (at 27805) by debbugs.gnu.org; 25 Jul 2017 18:00:17 +0000 Received: from localhost ([127.0.0.1]:56209 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1da481-0004NS-DR for submit@debbugs.gnu.org; Tue, 25 Jul 2017 14:00:17 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:58379) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1da47w-0004NH-H0 for 27805@debbugs.gnu.org; Tue, 25 Jul 2017 14:00:15 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5B72E20C41; Tue, 25 Jul 2017 14:00:12 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Tue, 25 Jul 2017 14:00:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=3J8ec3XJuJ2lpJ1fnQ3RUZL5LiSn6Qoe9rozPk yXJ0k=; b=T/4I1YP+XIC6RjL2UTZ7UwNvIBRiIbgyiA754p8amE7GcVRuaoQ3V8 w9tGGcJrrW/Ge7qgqh+PPzkUyK6lY4mCON1Z39ApXUbH10X2UKO1qTLKPqT7MNXI Dt1xV4/hz6UbBBr7VQYE5XxcNVkS/uwA5Wl4Sn/qx5uw2AuK7cz/A= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=3J8ec3XJuJ2lpJ1fnQ 3RUZL5LiSn6Qoe9rozPkyXJ0k=; b=cn+oEf3//LFtL93NN+RxAYmTjIeQet8f95 WGUBi+aHdnXawbbHm3qkBoNQkzmDYuLO5nv8585P6SD8Dd5clHl6nhVqu0UZ7RSy O2aOV33BR6TG32QD/Ia8U/cw70kzSbgstisl9SmQhWuw/ffvmUZxVsOIesD3HeY9 FZ20W1c7HJPTR5maeF8Z9scjQWnd7tEQwyia7su2oJy5RpRfsaHS8XAifIWmTHJM fjUPJmfDDnKgw6Lq0xy4k+3+3aAT2NiGsvJZrp7pPNPOvDZbu4FytzfkcZC+4/0t JJ31RjgBjIxkKBO3/0SRC4dSgSk5bnfmPYNoQ4H9Nye5lqJgNiTg== X-ME-Sender: X-Sasl-enc: rY3BANEZqha6zfCmGcrR2BBqzQAffM2OEiY4Q16OSsCD 1501005611 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id EE5717E1FC; Tue, 25 Jul 2017 14:00:11 -0400 (EDT) Date: Tue, 25 Jul 2017 14:00:03 -0400 From: Leo Famulari To: Kei Kebreau Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. Message-ID: <20170725180003.GA32650@jasmine.lan> References: <20170724183144.18241-1-kei@openmailbox.org> <20170724191745.GA26221@jasmine.lan> <87tw215w0y.fsf@openmailbox.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: <87tw215w0y.fsf@openmailbox.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27805 Cc: 27805@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote: > Done! FYI, this patch is tentative (i.e. not merged upstream as of > yet). It seems to do the right thing, but I'm not quite sure, as I'm not > an experienced C programmer, nor am I a user of this package. I'm not an expert but, I agree, it seems to do the right thing. > > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if > > you are unsure. > > > > There is also CVE-2017-10789. I'm not sure if there is a fix merged > > upstream yet: > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2017-10789 Okay, let's wait on that one. Can you try to keep track of it? > How does the attached patch look? > From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001 > From: Kei Kebreau > Date: Mon, 24 Jul 2017 13:51:50 -0400 > Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. >=20 > * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. Please push! --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll3hyMACgkQJkb6MLrK fwgOEA/+Kx+6ymFLagiGr06B6HVuQglNlrTSCQ9Qg/MLkltPM4PxBA7PxyJa2759 8SUDUpWE+9dN0NrBiNf6WAunkP6WXjEB8CEnQ1+3AWwqxOy5/VbDDVAt+WXYLRlw AQLpoNwZQK1rMQKkGsoklgLb8S+w7DpUMlXIhv4P2fmD/LfmvjJAga2rDMl0iieP DMoBwkImKpNB43OPOjelh3nyN6QDQONwcK9EQ6TEY50eFdvwbKrFfS7wQFImxae6 AlSW3Q0xIStKWNxF13wXIzqI46EuygGpdLEgf2In7TCHax2AYDvKDlnPzTXK1U4I WNsg7Mg1EKbJxwxtERqPS/XIiTKFCoEewuSnERJZ7drWScovLWw+HXOLqW7Yc3y+ cI8GdNDPZ+4r3qp4jWuKhw2RQMJsl7BWMd6m3DDh1DXZyZ4NdHv+cgdl1Aj9X1FC nvmbNqsYvvaccoka1CuSlclPavbenW2m54z+6t5RG3HaxOwgOqTv78nYQVPOgwyj ztJcWJpdZNxIenYXY1Rir6JBxN1UTiU/GtD6rwes5tMKb+rhU1CLbLI2OEdnf+WT yBBAFCQFGEyRu/FyO17UAzBAToj9/OC6Gb4hL4UJGUCKBgDFw9jHSjVcPBLxMueN 1xTvYgdHt82V1rWYTwZ07NE66KoyK0OQflB+Gaaeo8MyLOgVnZM= =qUP+ -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 25 14:13:16 2017 Received: (at 27805-done) by debbugs.gnu.org; 25 Jul 2017 18:13:16 +0000 Received: from localhost ([127.0.0.1]:56236 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1da4KZ-0004gq-ST for submit@debbugs.gnu.org; Tue, 25 Jul 2017 14:13:16 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:46905 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1da4KW-0004ge-4V for 27805-done@debbugs.gnu.org; Tue, 25 Jul 2017 14:13:14 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id 0CF604E9770; Tue, 25 Jul 2017 20:13:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1501006391; bh=/PGyn5hrz1Mg2HCnHrayKj8fKjUVD9XZ3bW72EPRoBo=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=0Xv2uvKjqlhW01OSf49+NdOyrXEfMUsflnOBRaAm9LBSIfX8qSnnslnxoFkhiEtIR 5WONnitRaXxoiTAafGdQzrHHwjGeItNvZp1BEDeIYXjZ3YbR+KxNfllESjp2QhyLiG LAhVlmuk3jkrKQ5yfkY4mXjjzkn40qBR/+1PkGHk= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR003 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1501006389; bh=/PGyn5hrz1Mg2HCnHrayKj8fKjUVD9XZ3bW72EPRoBo=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=c+K9aCw7JPJJm5X7hyvUztRcSMhF6H8dvooJmtu+AzOPKdaXl2jyA0G42LthGpTcK cPSB9E6LOOxYUsqXMDgAq9tiyWqrLfFd/nQTjAr/Lhd79uNTaNo2Cv4fNSKzfnjRmu DFHBbU9tRJbgDlzLahytD3o6FXtZhltpEmx1OrBA= To: Leo Famulari Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. References: <20170724183144.18241-1-kei@openmailbox.org> <20170724191745.GA26221@jasmine.lan> <87tw215w0y.fsf@openmailbox.org> <20170725180003.GA32650@jasmine.lan> Date: Tue, 25 Jul 2017 14:13:04 -0400 In-Reply-To: <20170725180003.GA32650@jasmine.lan> (Leo Famulari's message of "Tue, 25 Jul 2017 14:00:03 -0400") Message-ID: <87lgnc5qrz.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27805-done Cc: 27805-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote: >> Done! FYI, this patch is tentative (i.e. not merged upstream as of >> yet). It seems to do the right thing, but I'm not quite sure, as I'm not >> an experienced C programmer, nor am I a user of this package. > > I'm not an expert but, I agree, it seems to do the right thing. > >> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if >> > you are unsure. >> > >> > There is also CVE-2017-10789. I'm not sure if there is a fix merged >> > upstream yet: >> > >> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2017-10789 > > Okay, let's wait on that one. Can you try to keep track of it? > Will do! >> How does the attached patch look? > >> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001 >> From: Kei Kebreau >> Date: Mon, 24 Jul 2017 13:51:50 -0400 >> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. >>=20 >> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Add it. >> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. > > Please push! Pushed to master! Thank you for reviewing. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAll3ijEACgkQ5qXuPBlG eg0TbxAAlXP2o6RWlWvuA5Cq074A8x76aT5ogVMjKrSivpwg+X9TAM+OZB3PCh/K U5H2T9WAG73KZVYUD4IZdf2OgLXnctigJBhJe52PCr/i9qkhNTfDVLmr9UEesdde KZLtBVMLfm1D6Vggj/l3lcxb2buhG+HhaDyAH/wAhvY7CYhK6mSKc0TLsPb29DOV Cl9AMtlwZoSdFy7QXSjRqqSiLjD7hCbo2zTs1BJzBPd0btOuSpV7+G5/Erw79/zI IFweDHN5dGrJMg/RIEZcQreCcw7hFgOz9zWnYPrqqddjLZzUNyBhU4Jp7J9iAjr3 o32+JcSz9LZmiCkMr28pZAEmobAxdvyzhsnPKR+KhF6IhmcETyoH6g0GCmrmJP1O KEay57HPMtuOFdkc1DhyFhRTuYlPaL/uslV20uwnjuCBKvnrJpdtGjr8p8T4LDYX NHTrZsy8IgisYqhq8NgfvApSzF24a6stlNyKiEqh4yZy6d/5HMo2DaBilYmFuBEJ t+MGujzJbpCWeGiaBoACIIbDwywUH9uDNe72mZcrYkgmdypS5M6Yi0Fjl6mhU/oP 31eq6uwba2r6hSQGBCYrO71xPNX0LqQ11uEYBiB/p1Kqs0iogMM4an+YYT11Gv1N tt7ntvgPf+68YNHKO4KHrZsPQZX95uYaXz5YsHqGGLtoP2VLilQ= =StIj -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Aug 14 22:23:51 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 23 Aug 2017 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator