Hello community, here is the log from the commit of package perl-DBD-mysql for openSUSE:Factory checked in at 2017-08-19 10:55:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-DBD-mysql (Old) and /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-DBD-mysql" Sat Aug 19 10:55:00 2017 rev:48 rq:516815 version:4.043 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-DBD-mysql/perl-DBD-mysql.changes 2017-07-04 11:55:38.644591217 +0200 +++ /work/SRC/openSUSE:Factory/.perl-DBD-mysql.new/perl-DBD-mysql.changes 2017-08-19 10:55:05.143724257 +0200 @@ -1,0 +2,7 @@ +Mon Jul 17 11:16:13 UTC 2017 - [email protected] + +- Add patch to fix CVE-2017-10788 bsc#1047095 + * Denial of service or possibly RCE through use-after-free + * perl-DBD-mysql-4.043-CVE-2017-10788.patch + +------------------------------------------------------------------- New: ---- perl-DBD-mysql-4.043-CVE-2017-10788.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-DBD-mysql.spec ++++++ --- /var/tmp/diff_new_pack.AdKxei/_old 2017-08-19 10:55:06.483535346 +0200 +++ /var/tmp/diff_new_pack.AdKxei/_new 2017-08-19 10:55:06.487534782 +0200 @@ -26,6 +26,8 @@ Url: http://search.cpan.org/dist/DBD-mysql/ Source0: https://cpan.metacpan.org/authors/id/M/MI/MICHIELB/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml +# PATCH-FIX-UPSTREAM CVE-2017-10788 bsc#1047095 [email protected] - DoS or possibly RCE through use-after-free +Patch1: perl-DBD-mysql-4.043-CVE-2017-10788.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros @@ -49,6 +51,7 @@ %prep %setup -q -n %{cpan_name}-%{version} find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 +%patch1 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" ++++++ perl-DBD-mysql-4.043-CVE-2017-10788.patch ++++++ >From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 From: Pali <[email protected]> Date: Sun, 25 Jun 2017 10:07:39 +0200 Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() Ignore return value from mysql_stmt_close() and also its error message because it points to freed memory after mysql_stmt_close() was called. --- dbdimp.c | 8 ++------ mysql.xs | 7 ++----- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/dbdimp.c b/dbdimp.c index c60a5f6..a6410e5 100644 --- a/dbdimp.c +++ b/dbdimp.c @@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { if (imp_sth->stmt) { - if (mysql_stmt_close(imp_sth->stmt)) - { - do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), - mysql_stmt_error(imp_sth->stmt), - mysql_stmt_sqlstate(imp_sth->stmt)); - } + mysql_stmt_close(imp_sth->stmt); + imp_sth->stmt= NULL; } #endif diff --git a/mysql.xs b/mysql.xs index 55376e1..affde59 100644 --- a/mysql.xs +++ b/mysql.xs @@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) if (bind) Safefree(bind); - if(mysql_stmt_close(stmt)) - { - fprintf(stderr, "\n failed while closing the statement"); - fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); - } + mysql_stmt_close(stmt); + stmt= NULL; if (retval == -2) /* -2 means error */ { -- 1.7.9.5
