GNU bug report logs - #47257
mariadb is vulnerable to CVE-2021-27928 (RCE)

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 19 Mar 2021 10:26:02 UTC

Severity: normal

Tags: security

Done: Léo Le Bouter <lle-bout <at> zaclys.net>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 47257 <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: 47257 <at> debbugs.gnu.org
Cc: Léo Le Bouter <lle-bout <at> zaclys.net>
Subject: [PATCH 1/1] gnu: mariadb: Update to 10.5.9 [fixes CVE-2021-27928].
Date: Fri, 19 Mar 2021 12:35:37 +0100

* gnu/packages/databases.scm (mariadb/fixed): New variable.
(mariadb)[replacement]: Graft.
---
 gnu/packages/databases.scm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 8be83f5cbe..6fdb22d7fb 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -734,6 +734,7 @@ Language.")
                             (append (find-files "extra/wolfssl")
                                     (find-files "zlib")))
                   #t))))
+    (replacement mariadb/fixed)
     (build-system cmake-build-system)
     (outputs '("out" "lib" "dev"))
     (arguments
@@ -969,6 +970,38 @@ Language.")
 as a drop-in replacement of MySQL.")
     (license license:gpl2)))
 
+(define mariadb/fixed
+  (package/inherit mariadb
+    (version "10.5.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://downloads.mariadb.com/MariaDB"
+                                  "/mariadb-" version "/source/mariadb-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1kv8226ydyh4nyfx432dxqdkbry92c92bwlc33f1y56yp2p1kas0"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete bundled snappy and xz.
+                  (delete-file-recursively "storage/tokudb/PerconaFT/third_party")
+                  (substitute* "storage/tokudb/PerconaFT/CMakeLists.txt"
+                    ;; This file checks that the bundled sources are present and
+                    ;; declares build procedures for them.
+                    (("^include\\(TokuThirdParty\\)") ""))
+                  (substitute* "storage/tokudb/PerconaFT/ft/CMakeLists.txt"
+                    ;; Don't attempt to use the procedures we just removed.
+                    ((" build_lzma build_snappy") ""))
+
+                  ;; Preserve CMakeLists.txt for these.
+                  (for-each (lambda (file)
+                              (unless (string-suffix? "CMakeLists.txt" file)
+                                (delete-file file)))
+                            (append (find-files "extra/wolfssl")
+                                    (find-files "zlib")))
+                  #t))))))
+
 (define-public mariadb-connector-c
   (package
     (name "mariadb-connector-c")
-- 
2.31.0
This bug report was last modified 4 years and 49 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.