commit: 0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Wed Oct 7 22:16:25 2020 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Wed Oct 7 22:30:09 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f20dcf0
dev-db/mariadb: 10.3.x rev bump for CVE-2020-15180 Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> .../files/mariadb-10.3-CVE-2020-15180.patch | 75 ++++++++++++++++++++++ ...10.3.23-r2.ebuild => mariadb-10.3.23-r3.ebuild} | 1 + 2 files changed, 76 insertions(+) diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch new file mode 100644 index 00000000000..85d378f8232 --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch @@ -0,0 +1,75 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, + const void* msg, size_t msg_len, + const wsrep_gtid_t* current_gtid, + const char* state, size_t state_len, + bool bypass) + { +- /* This will be reset when sync callback is called. +- * Should we set wsrep_ready to FALSE here too? */ +- +- wsrep_config_state->set(WSREP_MEMBER_DONOR); +- + const char* method = (char*)msg; + size_t method_len = strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data = method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + char uuid_str[37]; + wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); + ++ /* This will be reset when sync callback is called. ++ * Should we set wsrep_ready to FALSE here too? */ ++ wsrep_config_state->set(WSREP_MEMBER_DONOR); ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild similarity index 99% rename from dev-db/mariadb/mariadb-10.3.23-r2.ebuild rename to dev-db/mariadb/mariadb-10.3.23-r3.ebuild index 815d86f66db..fdadccc6415 100644 --- a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild +++ b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild @@ -238,6 +238,7 @@ src_unpack() { src_prepare() { eapply "${WORKDIR}"/mariadb-patches + eapply "${FILESDIR}"/mariadb-10.3-CVE-2020-15180.patch eapply_user
