From 4abdd8db3253deba8a5b4c4192447ec5a2c6fba9 Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jples...@redhat.com>
Date: Tue, 26 Jul 2016 14:46:27 +0200
Subject: Fix use after free error (bug #1360280)
---
DBD-MySQL-4.035-Fix-use-after-free-error.patch | 38 ++++++++++++++++++++++++++
perl-DBD-MySQL.spec | 7 ++++-
2 files changed, 44 insertions(+), 1 deletion(-)
create mode 100644 DBD-MySQL-4.035-Fix-use-after-free-error.patch
diff --git a/DBD-MySQL-4.035-Fix-use-after-free-error.patch
b/DBD-MySQL-4.035-Fix-use-after-free-error.patch
new file mode 100644
index 0000000..dacd489
--- /dev/null
+++ b/DBD-MySQL-4.035-Fix-use-after-free-error.patch
@@ -0,0 +1,38 @@
+From 2e1cbd0034cf0041f832ba81d07c24db886782d8 Mon Sep 17 00:00:00 2001
+From: Hanno <ha...@gentoo.org>
+Date: Sat, 14 Nov 2015 23:06:12 +0100
+Subject: [PATCH] Fix use after free error.
+
+---
+ dbdimp.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index d507588..acdfee8 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -2085,10 +2085,6 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+ }
+ result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port,
user,
+ password, dbname, imp_dbh) ? TRUE : FALSE;
+- if (fresh && !result) {
+- /* Prevent leaks, but do not free in case of a reconnect. See #97625 */
+- Safefree(imp_dbh->pmysql);
+- }
+ return result;
+ }
+
+@@ -2142,9 +2138,12 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char*
dbname, char* user,
+
+ if (!my_login(aTHX_ dbh, imp_dbh))
+ {
+- if(imp_dbh->pmysql)
++ if(imp_dbh->pmysql) {
+ do_error(dbh, mysql_errno(imp_dbh->pmysql),
+ mysql_error(imp_dbh->pmysql)
,mysql_sqlstate(imp_dbh->pmysql));
++ Safefree(imp_dbh->pmysql);
++
++ }
+ return FALSE;
+ }
+
diff --git a/perl-DBD-MySQL.spec b/perl-DBD-MySQL.spec
index bea73d6..83cb2a1 100644
--- a/perl-DBD-MySQL.spec
+++ b/perl-DBD-MySQL.spec
@@ -1,11 +1,12 @@
Name: perl-DBD-MySQL
Version: 4.033
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A MySQL interface for Perl
Group: Development/Libraries
License: GPL+ or Artistic
URL: http://search.cpan.org/dist/DBD-mysql/
Source0:
http://www.cpan.org/authors/id/C/CA/CAPTTOFU/DBD-mysql-%{version}.tar.gz
+Patch0: DBD-MySQL-4.035-Fix-use-after-free-error.patch
BuildRequires: mariadb, mariadb-devel, zlib-devel
BuildRequires: coreutils
BuildRequires: findutils
@@ -37,6 +38,7 @@ management system.
%prep
%setup -q -n DBD-mysql-%{version}
+%patch0 -p1
# Correct file permissions
find . -type f | xargs chmod -x
@@ -69,6 +71,9 @@ find %{buildroot} -type f -name '*.bs' -empty -exec rm -f {}
';'
%{_mandir}/man3/*.3*
%changelog
+* Tue Jul 26 2016 Jitka Plesnikova <jples...@redhat.com> - 4.033-2
+- Fix use after free error (bug #1360280)
+
* Tue Oct 27 2015 Jitka Plesnikova <jples...@redhat.com> - 4.033-1
- 4.033 bump
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl-DBD-MySQL.git/commit/?h=f23&id=4abdd8db3253deba8a5b4c4192447ec5a2c6fba9
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
