From ba0b6ec867a872a27141b45b334cdfc59fa41312 Mon Sep 17 00:00:00 2001 From: jykanase Date: Fri, 31 Jan 2025 01:16:10 +0530 Subject: [PATCH] [Medium] patch mysql to fix CVE-2024-9681 (#12146) Co-authored-by: jslobodzian --- SPECS/mysql/CVE-2024-9681.patch | 64 +++++++++++++++++++++++++++++++++ SPECS/mysql/mysql.spec | 6 +++- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 SPECS/mysql/CVE-2024-9681.patch diff --git a/SPECS/mysql/CVE-2024-9681.patch b/SPECS/mysql/CVE-2024-9681.patch new file mode 100644 index 00000000000..28c8d4fc5a6 --- /dev/null +++ b/SPECS/mysql/CVE-2024-9681.patch @@ -0,0 +1,64 @@ +From 2f9a68a817e71e9ec40a2fc17269eb9367aa520a Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Sun, 26 Jan 2025 14:06:42 +0000 +Subject: [PATCH] CVE-2024-9681 + +Backported form: https://github.com/curl/curl/commit/a94973805df96269bf +--- + extra/curl/curl-8.9.1/lib/hsts.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/extra/curl/curl-8.9.1/lib/hsts.c b/extra/curl/curl-8.9.1/lib/hsts.c +index 8cd77ae3..6e2599b1 100644 +--- a/extra/curl/curl-8.9.1/lib/hsts.c ++++ b/extra/curl/curl-8.9.1/lib/hsts.c +@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, + struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, + bool subdomain) + { ++ struct stsentry *bestsub = NULL; + if(h) { + char buffer[MAX_HSTS_HOSTLEN + 1]; + time_t now = time(NULL); + size_t hlen = strlen(hostname); + struct Curl_llist_element *e; + struct Curl_llist_element *n; ++ size_t blen = 0; + + if((hlen > MAX_HSTS_HOSTLEN) || !hlen) + return NULL; +@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, + if(ntail < hlen) { + size_t offs = hlen - ntail; + if((hostname[offs-1] == '.') && +- strncasecompare(&hostname[offs], sts->host, ntail)) +- return sts; ++ strncasecompare(&hostname[offs], sts->host, ntail) && ++ (ntail > blen)) { ++ /* save the tail match with the longest tail */ ++ bestsub = sts; ++ blen = ntail; ++ } + } + } + if(strcasecompare(hostname, sts->host)) + return sts; + } + } +- return NULL; /* no match */ ++ return bestsub; + } + + /* +@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line) + e = Curl_hsts(h, p, subdomain); + if(!e) + result = hsts_create(h, p, subdomain, expires); +- else { ++ else if(strcasecompare(p, e->host)) { + /* the same hostname, use the largest expire time */ + if(expires > e->expires) + e->expires = expires; +-- +2.45.2 + diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec index edeb96232ef..d396b739c1e 100644 --- a/SPECS/mysql/mysql.spec +++ b/SPECS/mysql/mysql.spec @@ -1,7 +1,7 @@ Summary: MySQL. Name: mysql Version: 8.0.40 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 with exceptions AND LGPLv2 AND BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -15,6 +15,7 @@ Patch1: CVE-2024-2410.patch # AZL's OpenSSL builds with the "no-chacha" option making all ChaCha # ciphers unavailable. Patch2: fix-tests-for-unsupported-chacha-ciphers.patch +Patch3: CVE-2024-9681.patch BuildRequires: cmake BuildRequires: libtirpc-devel BuildRequires: openssl-devel @@ -114,6 +115,9 @@ fi %{_libdir}/pkgconfig/mysqlclient.pc %changelog +* Thu Jan 30 2025 Jyoti Kanase - 8.0.40-3 +- Fix CVE-2024-9681 + * Tue Oct 29 2024 Pawel Winogrodzki - 8.0.40-2 - Patched CVE-2024-2410.