summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2020-10-08 00:16:25 +0200
committerThomas Deutschmann <whissi@gentoo.org>2020-10-08 00:30:09 +0200
commit0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4 (patch)
treef456e978fb74ab5c5150ccfcd67fda2fb410c09b
parentdev-db/mariadb: bump to v10.3.25 (diff)
downloadgentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.tar.gz
gentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.tar.bz2
gentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.zip
dev-db/mariadb: 10.3.x rev bump for CVE-2020-15180
Bug: https://bugs.gentoo.org/747166 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
-rw-r--r--dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch75
-rw-r--r--dev-db/mariadb/mariadb-10.3.23-r3.ebuild (renamed from dev-db/mariadb/mariadb-10.3.23-r2.ebuild)1
2 files changed, 76 insertions, 0 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch
new file mode 100644
index 00000000000..85d378f8232
--- /dev/null
+++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch
@@ -0,0 +1,75 @@
+https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842
+
+--- a/sql/wsrep_sst.cc
++++ b/sql/wsrep_sst.cc
+@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method,
+ return arg.err;
+ }
+
++/* return true if character can be a part of a filename */
++static bool filename_char(int const c)
++{
++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.');
++}
++
++/* return true if character can be a part of an address string */
++static bool address_char(int const c)
++{
++ return filename_char(c) ||
++ (c == ':') || (c == '[') || (c == ']') || (c == '/');
++}
++
++static bool check_request_str(const char* const str,
++ bool (*check) (int c))
++{
++ for (size_t i(0); str[i] != '\0'; ++i)
++ {
++ if (!check(str[i]))
++ {
++ WSREP_WARN("Illegal character in state transfer request: %i (%c).",
++ str[i], str[i]);
++ return true;
++ }
++ }
++
++ return false;
++}
++
+ wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx,
+ const void* msg, size_t msg_len,
+ const wsrep_gtid_t* current_gtid,
+ const char* state, size_t state_len,
+ bool bypass)
+ {
+- /* This will be reset when sync callback is called.
+- * Should we set wsrep_ready to FALSE here too? */
+-
+- wsrep_config_state->set(WSREP_MEMBER_DONOR);
+-
+ const char* method = (char*)msg;
+ size_t method_len = strlen (method);
++
++ if (check_request_str(method, filename_char))
++ {
++ WSREP_ERROR("Bad SST method name. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ const char* data = method + method_len + 1;
+
++ if (check_request_str(data, address_char))
++ {
++ WSREP_ERROR("Bad SST address string. SST canceled.");
++ return WSREP_CB_FAILURE;
++ }
++
+ char uuid_str[37];
+ wsrep_uuid_print (&current_gtid->uuid, uuid_str, sizeof(uuid_str));
+
++ /* This will be reset when sync callback is called.
++ * Should we set wsrep_ready to FALSE here too? */
++ wsrep_config_state->set(WSREP_MEMBER_DONOR);
++
+ wsp::env env(NULL);
+ if (env.error())
+ {
diff --git a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild
index 815d86f66db..fdadccc6415 100644
--- a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild
+++ b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild
@@ -238,6 +238,7 @@ src_unpack() {
src_prepare() {
eapply "${WORKDIR}"/mariadb-patches
+ eapply "${FILESDIR}"/mariadb-10.3-CVE-2020-15180.patch
eapply_user