From 60412fe67e6402efa0474f261eb861846efdb000 Mon Sep 17 00:00:00 2001 From: wangkaiqiang Date: Fri, 31 May 2024 10:14:29 +0800 Subject: [PATCH] fix CVEs for mysql --- add-loongarch64-support-for-mysql.patch | 26 +++++----- download | 2 +- mysql-mtr.patch | 37 ++++++++++---- mysql.spec | 36 +++++++++++-- revert-be8348a7.patch | 68 ++++++++++++------------- 5 files changed, 107 insertions(+), 62 deletions(-) diff --git a/add-loongarch64-support-for-mysql.patch b/add-loongarch64-support-for-mysql.patch index fb6215c..15c0258 100644 --- a/add-loongarch64-support-for-mysql.patch +++ b/add-loongarch64-support-for-mysql.patch @@ -1,32 +1,32 @@ -From ce258625ef5aa2fb6d5825af9e4000faefa452a9 Mon Sep 17 00:00:00 2001 -From: Wenlong Zhang -Date: Fri, 12 Jan 2024 09:27:08 +0800 +From 5ce30bc8d7dc002504767915c7cb85963e28e1c7 Mon Sep 17 00:00:00 2001 +From: wangkaiqiang +Date: Fri, 31 May 2024 10:13:25 +0800 Subject: [PATCH] add loongarch64 support for mysql --- boost/boost_1_77_0/boost/predef/other/endian.h | 1 + - .../icu/icu-release-69-1/source/i18n/double-conversion-utils.h | 3 ++- + .../icu/icu-release-73-1/source/i18n/double-conversion-utils.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/boost/boost_1_77_0/boost/predef/other/endian.h b/boost/boost_1_77_0/boost/predef/other/endian.h -index d8ec63ff..255a2587 100644 +index d8ec63ff..040db730 100644 --- a/boost/boost_1_77_0/boost/predef/other/endian.h +++ b/boost/boost_1_77_0/boost/predef/other/endian.h @@ -125,6 +125,7 @@ information and acquired knowledge: defined(__MIPSEL) || \ defined(__MIPSEL__) || \ defined(__riscv) || \ -+ defined(__loongarch__) || \ ++ defined(__loongarch__) || \ defined(__e2k__) # undef BOOST_ENDIAN_LITTLE_BYTE # define BOOST_ENDIAN_LITTLE_BYTE BOOST_VERSION_NUMBER_AVAILABLE -diff --git a/extra/icu/icu-release-69-1/source/i18n/double-conversion-utils.h b/extra/icu/icu-release-69-1/source/i18n/double-conversion-utils.h -index c9374636..44e55d58 100644 ---- a/extra/icu/icu-release-69-1/source/i18n/double-conversion-utils.h -+++ b/extra/icu/icu-release-69-1/source/i18n/double-conversion-utils.h -@@ -128,7 +128,8 @@ int main(int argc, char** argv) { +diff --git a/extra/icu/icu-release-73-1/source/i18n/double-conversion-utils.h b/extra/icu/icu-release-73-1/source/i18n/double-conversion-utils.h +index 303668f9..77f5ded2 100644 +--- a/extra/icu/icu-release-73-1/source/i18n/double-conversion-utils.h ++++ b/extra/icu/icu-release-73-1/source/i18n/double-conversion-utils.h +@@ -160,7 +160,8 @@ int main(int argc, char** argv) { defined(__riscv) || defined(__e2k__) || \ - defined(__or1k__) || defined(__arc__) || \ + defined(__or1k__) || defined(__arc__) || defined(__ARC64__) || \ defined(__microblaze__) || defined(__XTENSA__) || \ - defined(__EMSCRIPTEN__) || defined(__wasm32__) + defined(__EMSCRIPTEN__) || defined(__wasm32__) || \ @@ -35,5 +35,5 @@ index c9374636..44e55d58 100644 #elif defined(__mc68000__) || \ defined(__pnacl__) || defined(__native_client__) -- -2.41.0 +2.31.1 diff --git a/download b/download index e13a9a9..7cb5494 100644 --- a/download +++ b/download @@ -1 +1 @@ -20ffc71fb8acd705cdc4a8ae4cdedf23 mysql-boost-8.0.33.tar.gz +e0cb61cbf6e1144c452368c4535ae931 mysql-boost-8.0.37.tar.gz diff --git a/mysql-mtr.patch b/mysql-mtr.patch index 6f193b9..1e56b93 100644 --- a/mysql-mtr.patch +++ b/mysql-mtr.patch @@ -1,4 +1,7 @@ -Avoid errors like: +From 679639e7a72cde3bd067e9301dc5c3ec413ca6f8 Mon Sep 17 00:00:00 2001 +From: wangkaiqiang +Date: Fri, 31 May 2024 09:53:01 +0800 +Subject: [PATCH] Avoid errors like: | Path length (109) is longer than maximum supported length (108) and will be truncated at /usr/lib64/perl5/vendor_perl/Socket.pm line 880, line 1. | worker[2] mysql-test-run: *** ERROR: Socket path '/builddir/build/BUILDROOT/community-mysql-8.0.24-1.fc35.s390x/usr/share/mysql-test/var/tmp/2' too long, @@ -9,7 +12,7 @@ Avoid errors like: On Fedora 32: | $ grep -e "PATH" /usr/include/linux/limits.h -| #define PATH_MAX 4096 /* # chars in a path name including nul */ +| #define PATH_MAX 4096 /* # chars in a path name including nul */ === @@ -51,6 +54,15 @@ which was not originally present in the SPECfile. However the MariaDB implementation does not have this issue, even though it has the same SPECfile %check phase code. +=== + +The likely cause is the added + +| cd %{buildroot}%{_datadir}/mysql-test + +which was not originally present in the SPECfile. + +However the MariaDB implementation does not have this issue, even though it has the same SPECfile %check phase code. === @@ -76,13 +88,15 @@ I'm not sure whether the output is synchronous, but even if it wasn'tit still lo | Creating var directory '/builddir/build/BUILDROOT/community-mysql-8.0.24-1.fc35.x86_64/usr/share/mysql-test/var' | > Creating /dev/shm/var_933_jfTb | - symlinking 'var' to '/dev/shm/var_933_jfTb' - - - - ---- mysql-8.0.24/mysql-test/mysql-test-run.pl 2021-05-10 04:29:44.391897891 +0200 -+++ mysql-8.0.24/mysql-test/mysql-test-run.pl_patched 2021-05-10 04:38:51.031702753 +0200 -@@ -3374,17 +3374,6 @@ sub setup_vardir() { +--- + mysql-test/mysql-test-run.pl | 11 ----------- + 1 file changed, 11 deletions(-) + +diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl +index f50573a9..82488df1 100755 +--- a/mysql-test/mysql-test-run.pl ++++ b/mysql-test/mysql-test-run.pl +@@ -3551,17 +3551,6 @@ sub setup_vardir() { mkpath("$opt_vardir/tmp"); mkpath($opt_tmpdir) if ($opt_tmpdir ne "$opt_vardir/tmp"); @@ -99,4 +113,7 @@ I'm not sure whether the output is synchronous, but even if it wasn'tit still lo - # Copy all files from std_data into var/std_data # and make them world readable - copytree("$glob_mysql_test_dir/std_data", "$opt_vardir/std_data", "0022"); + copytree("$glob_mysql_test_dir/std_data", "$opt_vardir/std_data", "0022") +-- +2.31.1 + diff --git a/mysql.spec b/mysql.spec index 0a47e0a..dfb82d2 100644 --- a/mysql.spec +++ b/mysql.spec @@ -1,4 +1,4 @@ -%define anolis_release 3 +%define anolis_release 1 # Name of the package without any prefixes %global pkg_name %{name} %global pkgnamepatch mysql @@ -75,7 +75,7 @@ %global sameevr %{?epoch:%{epoch}:}%{version}-%{release} Name: mysql -Version: 8.0.33 +Version: 8.0.37 Release: %{anolis_release}%{?dist} Summary: MySQL client programs and shared libraries URL: http://www.mysql.com @@ -84,7 +84,7 @@ URL: http://www.mysql.com # not only GPL code. See README.mysql-license License: GPLv2 with exceptions and LGPLv2 and BSD -Source0: https://downloads.mysql.com/archives/get/p/23/file/%{name}-boost-%{version}.tar.gz +Source0: https://dev.mysql.com/get/Downloads/MySQL-8.0/%{name}-boost-%{version}.tar.gz Source2: mysql_config_multilib.sh Source3: my.cnf.in Source6: README.mysql-docs @@ -377,7 +377,7 @@ pushd boost/boost_$(echo %{boost_bundled_version}| tr . _) %patch112 -p1 popd %patch113 -p1 -%patch114 -p1 +#%patch114 -p1 # generate a list of tests that fail, but are not disabled by upstream cat %{SOURCE50} | tee -a mysql-test/%{skiplist} @@ -931,6 +931,34 @@ fi %endif %changelog +* Fri May 31 2024 Kaiqiang Wang - 8.0.37-1 +- update to 8.0.37 +- fix CVE-2024-21096 +- fix CVE-2024-21062 +- fix CVE-2024-21054 +- fix CVE-2024-21102 +- fix CVE-2024-21008 +- fix CVE-2024-21060 +- fix CVE-2024-21051 +- fix CVE-2024-21057 +- fix CVE-2024-21013 +- fix CVE-2024-21015 +- fix CVE-2024-21055 +- fix CVE-2024-21053 +- fix CVE-2024-20994 +- fix CVE-2024-21056 +- fix CVE-2024-21052 +- fix CVE-2024-20998 +- fix CVE-2024-21047 +- fix CVE-2024-21087 +- fix CVE-2024-20993 +- fix CVE-2024-21061 +- fix CVE-2024-21009 +- fix CVE-2024-21069 +- fix CVE-2024-21000 +- fix CVE-2024-21049 +- fix CVE-2024-21050 + * Fri Jan 12 2024 Wenlong Zhang - 8.0.33-3 - mysql 8.0.33 binary crashes on startup on loongarch64 diff --git a/revert-be8348a7.patch b/revert-be8348a7.patch index b394e3a..3077f68 100644 --- a/revert-be8348a7.patch +++ b/revert-be8348a7.patch @@ -1,8 +1,7 @@ -From 0f8503643565e78b13c3d61a6839c149bccab9c6 Mon Sep 17 00:00:00 2001 -From: Wenlong Zhang -Date: Fri, 12 Jan 2024 14:56:17 +0800 -Subject: [PATCH] revert be8348a7 -This patch reverts the following commit: +From 5796a0b335912734094c70e0903a9570b37142ab Mon Sep 17 00:00:00 2001 +From: wangkaiqiang +Date: Fri, 31 May 2024 10:05:30 +0800 +Subject: [PATCH] This patch reverts the following commit: From be8348a7c3e8510b998a063065b626a459631b32 Mon Sep 17 00:00:00 2001 From: Slawomir Maludzinski @@ -42,35 +41,35 @@ object of another type. The major drawback is probably that the construction of an array of Aligned_atomic will allocate many small objects instead of one big, which uses more memory and CPU than necessary. - --- - include/my_aligned_malloc.h | 55 ---------------- + include/my_aligned_malloc.h | 56 ---------------- mysys/CMakeLists.txt | 1 - - mysys/my_aligned_malloc.cc | 79 ----------------------- - sql/memory/aligned_atomic.h | 71 ++++++-------------- + mysys/my_aligned_malloc.cc | 80 ----------------------- + sql/memory/aligned_atomic.h | 71 +++++--------------- unittest/gunit/memory/aligned_atomic-t.cc | 34 ---------- - 5 files changed, 18 insertions(+), 222 deletions(-) + 5 files changed, 18 insertions(+), 224 deletions(-) delete mode 100644 include/my_aligned_malloc.h delete mode 100644 mysys/my_aligned_malloc.cc diff --git a/include/my_aligned_malloc.h b/include/my_aligned_malloc.h deleted file mode 100644 -index 1673b744..00000000 +index 5ede856f..00000000 --- a/include/my_aligned_malloc.h +++ /dev/null -@@ -1,55 +0,0 @@ --/* Copyright (c) 2022, 2023, Oracle and/or its affiliates. +@@ -1,56 +0,0 @@ +-/* Copyright (c) 2022, 2024, Oracle and/or its affiliates. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License, version 2.0, - as published by the Free Software Foundation. - -- This program is also distributed with certain software (including +- This program is designed to work with certain software (including - but not limited to OpenSSL) that is licensed under separate terms, - as designated in a particular file or component or in included license - documentation. The authors of MySQL hereby grant you an additional - permission to link the program and your derivative works with the -- separately licensed software that they have included with MySQL. +- separately licensed software that they have either included with +- the program or referenced in the documentation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -115,10 +114,10 @@ index 1673b744..00000000 - -#endif /* __MY_ALIGNED_MALLOC_H__ */ diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt -index 7b2f108c..e83d1642 100644 +index bd8fc3a6..55ad8adb 100644 --- a/mysys/CMakeLists.txt +++ b/mysys/CMakeLists.txt -@@ -55,7 +55,6 @@ SET(MYSYS_SOURCES +@@ -56,7 +56,6 @@ SET(MYSYS_SOURCES mf_wcomp.cc mulalloc.cc my_access.cc @@ -128,22 +127,23 @@ index 7b2f108c..e83d1642 100644 my_bitmap.cc diff --git a/mysys/my_aligned_malloc.cc b/mysys/my_aligned_malloc.cc deleted file mode 100644 -index 8de56246..00000000 +index c0799fe5..00000000 --- a/mysys/my_aligned_malloc.cc +++ /dev/null -@@ -1,79 +0,0 @@ --/* Copyright (c) 2022, 2023, Oracle and/or its affiliates. +@@ -1,80 +0,0 @@ +-/* Copyright (c) 2022, 2024, Oracle and/or its affiliates. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License, version 2.0, - as published by the Free Software Foundation. - -- This program is also distributed with certain software (including +- This program is designed to work with certain software (including - but not limited to OpenSSL) that is licensed under separate terms, - as designated in a particular file or component or in included license - documentation. The authors of MySQL hereby grant you an additional - permission to link the program and your derivative works with the -- separately licensed software that they have included with MySQL. +- separately licensed software that they have either included with +- the program or referenced in the documentation. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -212,10 +212,10 @@ index 8de56246..00000000 -#endif -} diff --git a/sql/memory/aligned_atomic.h b/sql/memory/aligned_atomic.h -index 423366da..985efb75 100644 +index 3eaa398b..4f01a1e8 100644 --- a/sql/memory/aligned_atomic.h +++ b/sql/memory/aligned_atomic.h -@@ -38,9 +38,8 @@ +@@ -39,9 +39,8 @@ #include #endif @@ -226,7 +226,7 @@ index 423366da..985efb75 100644 /** Calculates and returns the size of the CPU cache line. -@@ -259,28 +258,14 @@ class Aligned_atomic { +@@ -261,28 +260,14 @@ class Aligned_atomic { @return The pointer to the underlying `std::atomic` object. */ @@ -257,7 +257,7 @@ index 423366da..985efb75 100644 /* The size of `std::atomic`, as returned by `sizeof std::atomic`. -@@ -298,7 +283,7 @@ class Aligned_atomic { +@@ -300,7 +285,7 @@ class Aligned_atomic { /** The size of the byte buffer. */ size_t m_storage_size{0}; /** The byte buffer to use as underlying storage. */ @@ -266,7 +266,7 @@ index 423366da..985efb75 100644 /** The pointer to the underlying `std::atomic` object. */ std::atomic *m_underlying{nullptr}; }; -@@ -306,10 +291,9 @@ class Aligned_atomic { +@@ -308,10 +293,9 @@ class Aligned_atomic { template memory::Aligned_atomic::Aligned_atomic() @@ -280,7 +280,7 @@ index 423366da..985efb75 100644 template memory::Aligned_atomic::Aligned_atomic(T value) -@@ -318,16 +302,12 @@ memory::Aligned_atomic::Aligned_atomic(T value) +@@ -320,16 +304,12 @@ memory::Aligned_atomic::Aligned_atomic(T value) } template @@ -301,7 +301,7 @@ index 423366da..985efb75 100644 rhs.m_underlying = nullptr; } -@@ -335,25 +315,22 @@ template +@@ -337,25 +317,22 @@ template memory::Aligned_atomic::~Aligned_atomic() { if (this->m_underlying != nullptr) { this->m_underlying->~atomic(); @@ -332,7 +332,7 @@ index 423366da..985efb75 100644 rhs.m_underlying = nullptr; return (*this); } -@@ -393,25 +370,13 @@ bool memory::Aligned_atomic::operator!=(T rhs) const { +@@ -395,25 +372,13 @@ bool memory::Aligned_atomic::operator!=(T rhs) const { } template @@ -361,10 +361,10 @@ index 423366da..985efb75 100644 return *this->m_underlying; } diff --git a/unittest/gunit/memory/aligned_atomic-t.cc b/unittest/gunit/memory/aligned_atomic-t.cc -index 39ac0724..63fdc3aa 100644 +index 71a67498..7f6c710c 100644 --- a/unittest/gunit/memory/aligned_atomic-t.cc +++ b/unittest/gunit/memory/aligned_atomic-t.cc -@@ -25,9 +25,7 @@ +@@ -26,9 +26,7 @@ #include #include @@ -374,7 +374,7 @@ index 39ac0724..63fdc3aa 100644 #include #include -@@ -59,37 +57,5 @@ TEST_F(Aligned_atomic_test, Class_template_test) { +@@ -60,37 +58,5 @@ TEST_F(Aligned_atomic_test, Class_template_test) { EXPECT_EQ(atm3->load(), 2); } @@ -413,5 +413,5 @@ index 39ac0724..63fdc3aa 100644 } // namespace unittests } // namespace memory -- -2.41.0 +2.31.1 -- Gitee