[Medium] Patch mysql to fix CVE-2024-9681 (#12108)

Co-authored-by: Sam Meluch <[email protected]> Co-authored-by: jslobodzian <[email protected]> (cherry picked from commit e1055df)
microsoft · Jan 30, 2025 · 6991c4c · 6991c4c
1 parent 5a51e46
commit 6991c4c
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 1 deletion.
diff --git a/SPECS/mysql/CVE-2024-9681.patch b/SPECS/mysql/CVE-2024-9681.patch
@@ -0,0 +1,64 @@
+From 4584d3ab388a83e2e0753c69437df975b4a13547 Mon Sep 17 00:00:00 2001
+From: jykanase <[email protected]>
+Date: Sat, 25 Jan 2025 13:44:11 +0000
+Subject: [PATCH] CVE-2024-9681
+
+Backported form: https://github.com/curl/curl/commit/a94973805df96269bf   
+---
+ extra/curl/curl-8.9.1/lib/hsts.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/extra/curl/curl-8.9.1/lib/hsts.c b/extra/curl/curl-8.9.1/lib/hsts.c
+index 8cd77ae3..6e2599b1 100644
+--- a/extra/curl/curl-8.9.1/lib/hsts.c
++++ b/extra/curl/curl-8.9.1/lib/hsts.c
+@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                            bool subdomain)
+ {
++  struct stsentry *bestsub = NULL;
+   if(h) {
+     char buffer[MAX_HSTS_HOSTLEN + 1];
+     time_t now = time(NULL);
+     size_t hlen = strlen(hostname);
+     struct Curl_llist_element *e;
+     struct Curl_llist_element *n;
++    size_t blen = 0;
+
+     if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
+       return NULL;
+@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+         if(ntail < hlen) {
+           size_t offs = hlen - ntail;
+           if((hostname[offs-1] == '.') &&
+-             strncasecompare(&hostname[offs], sts->host, ntail))
+-            return sts;
++             strncasecompare(&hostname[offs], sts->host, ntail) &&
++             (ntail > blen)) {
++            /* save the tail match with the longest tail */
++            bestsub = sts;
++            blen = ntail;
++          }
+         }
+       }
+       if(strcasecompare(hostname, sts->host))
+         return sts;
+     }
+   }
+-  return NULL; /* no match */
++  return bestsub;
+ }
+
+ /*
+@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
+     e = Curl_hsts(h, p, subdomain);
+     if(!e)
+       result = hsts_create(h, p, subdomain, expires);
+-    else {
++    else if(strcasecompare(p, e->host)) {
+       /* the same hostname, use the largest expire time */
+       if(expires > e->expires)
+         e->expires = expires;
+-- 
+2.45.2
+
diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec
@@ -3,7 +3,7 @@
 Summary:        MySQL.
 Name:           mysql
 Version:        8.0.40
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,7 @@ Patch0:         CVE-2012-5627.nopatch
 # ciphers unavailable.
 Patch1:         fix-tests-for-unsupported-chacha-ciphers.patch
 Patch2:         CVE-2012-2677.patch
+Patch3:         CVE-2024-9681.patch
 BuildRequires:  cmake
 BuildRequires:  libtirpc-devel
 BuildRequires:  openssl-devel
@@ -108,6 +109,9 @@ sudo -u test make test || { cat Testing/Temporary/LastTest.log; false; }
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Mon Jan 27 2025 Jyoti Kanase <[email protected]> - 8.0.40-5
+- Fix CVE-2024-9681
+
 * Tue Nov 12 2024 Pawel Winogrodzki <[email protected]> - 8.0.40-4
 - Patched CVE-2012-2677.