From 6991c4c95d5066cc3a9f21cfc6e6971fd04d9197 Mon Sep 17 00:00:00 2001 From: jykanase Date: Fri, 31 Jan 2025 01:20:50 +0530 Subject: [PATCH] [Medium] Patch mysql to fix CVE-2024-9681 (#12108) Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com> Co-authored-by: jslobodzian (cherry picked from commit e1055dfa2d12b7ef34742048b51f549e46217112) --- SPECS/mysql/CVE-2024-9681.patch | 64 +++++++++++++++++++++++++++++++++ SPECS/mysql/mysql.spec | 6 +++- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 SPECS/mysql/CVE-2024-9681.patch diff --git a/SPECS/mysql/CVE-2024-9681.patch b/SPECS/mysql/CVE-2024-9681.patch new file mode 100644 index 00000000000..a1ae05e5153 --- /dev/null +++ b/SPECS/mysql/CVE-2024-9681.patch @@ -0,0 +1,64 @@ +From 4584d3ab388a83e2e0753c69437df975b4a13547 Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Sat, 25 Jan 2025 13:44:11 +0000 +Subject: [PATCH] CVE-2024-9681 + +Backported form: https://github.com/curl/curl/commit/a94973805df96269bf +--- + extra/curl/curl-8.9.1/lib/hsts.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/extra/curl/curl-8.9.1/lib/hsts.c b/extra/curl/curl-8.9.1/lib/hsts.c +index 8cd77ae3..6e2599b1 100644 +--- a/extra/curl/curl-8.9.1/lib/hsts.c ++++ b/extra/curl/curl-8.9.1/lib/hsts.c +@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, + struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, + bool subdomain) + { ++ struct stsentry *bestsub = NULL; + if(h) { + char buffer[MAX_HSTS_HOSTLEN + 1]; + time_t now = time(NULL); + size_t hlen = strlen(hostname); + struct Curl_llist_element *e; + struct Curl_llist_element *n; ++ size_t blen = 0; + + if((hlen > MAX_HSTS_HOSTLEN) || !hlen) + return NULL; +@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, + if(ntail < hlen) { + size_t offs = hlen - ntail; + if((hostname[offs-1] == '.') && +- strncasecompare(&hostname[offs], sts->host, ntail)) +- return sts; ++ strncasecompare(&hostname[offs], sts->host, ntail) && ++ (ntail > blen)) { ++ /* save the tail match with the longest tail */ ++ bestsub = sts; ++ blen = ntail; ++ } + } + } + if(strcasecompare(hostname, sts->host)) + return sts; + } + } +- return NULL; /* no match */ ++ return bestsub; + } + + /* +@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line) + e = Curl_hsts(h, p, subdomain); + if(!e) + result = hsts_create(h, p, subdomain, expires); +- else { ++ else if(strcasecompare(p, e->host)) { + /* the same hostname, use the largest expire time */ + if(expires > e->expires) + e->expires = expires; +-- +2.45.2 + diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec index f16a0212692..a55abebc8ce 100644 --- a/SPECS/mysql/mysql.spec +++ b/SPECS/mysql/mysql.spec @@ -3,7 +3,7 @@ Summary: MySQL. Name: mysql Version: 8.0.40 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 with exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Azure Linux @@ -15,6 +15,7 @@ Patch0: CVE-2012-5627.nopatch # ciphers unavailable. Patch1: fix-tests-for-unsupported-chacha-ciphers.patch Patch2: CVE-2012-2677.patch +Patch3: CVE-2024-9681.patch BuildRequires: cmake BuildRequires: libtirpc-devel BuildRequires: openssl-devel @@ -108,6 +109,9 @@ sudo -u test make test || { cat Testing/Temporary/LastTest.log; false; } %{_libdir}/pkgconfig/mysqlclient.pc %changelog +* Mon Jan 27 2025 Jyoti Kanase - 8.0.40-5 +- Fix CVE-2024-9681 + * Tue Nov 12 2024 Pawel Winogrodzki - 8.0.40-4 - Patched CVE-2012-2677.