diff --git a/backport-CVE-2024-35618.patch b/backport-CVE-2024-35618.patch new file mode 100644 index 0000000000000000000000000000000000000000..7948c6641036b56dfc97c7795e1fee97924cb310 --- /dev/null +++ b/backport-CVE-2024-35618.patch @@ -0,0 +1,33 @@ +From 8c1b9cf6c36cdf141d356042849d7f749ea2ff70 Mon Sep 17 00:00:00 2001 +From: Yiding Cui +Date: Mon, 27 May 2024 09:31:12 +0800 +Subject: [PATCH] planner: column pruning should use a shallow copy slice + +--- + planner/core/rule_column_pruning.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/planner/core/rule_column_pruning.go b/planner/core/rule_column_pruning.go +index 76a1e68..c4032ed 100644 +--- a/planner/core/rule_column_pruning.go ++++ b/planner/core/rule_column_pruning.go +@@ -15,6 +15,7 @@ package core + + import ( + "context" ++ "slices" + + "github.com/pingcap/parser/ast" + "github.com/pingcap/parser/model" +@@ -28,7 +29,7 @@ type columnPruner struct { + } + + func (s *columnPruner) optimize(ctx context.Context, lp LogicalPlan) (LogicalPlan, error) { +- err := lp.PruneColumns(lp.Schema().Columns) ++ lp, err := lp.PruneColumns(slices.Clone(lp.Schema().Columns), opt) + return lp, err + } + +-- +2.33.0 + diff --git a/tidb.spec b/tidb.spec index aaf7ab3859870270b660768715e083890cc3ea59..74fe18949b5b3b98b918f8cf0e28e166876c8384 100644 --- a/tidb.spec +++ b/tidb.spec @@ -1,6 +1,6 @@ Name: tidb Version: 4.0.14 -Release: 4 +Release: 5 Summary: TiDB is a distributed NewSQL database compatible with MySQL protocol License: QL and STRUTIL @@ -16,6 +16,8 @@ Patch1: 0001-fix-release-version.patch Patch2: add-riscv-support.patch Patch3: add-riscv-support-for-vendor.patch %endif +Patch4: backport-CVE-2024-35618.patch + BuildRequires: golang >= 1.10.0 Requires(pre): shadow-utils Requires(post): systemd @@ -83,6 +85,9 @@ exit 0 %license LICENSE %changelog +* Mon May 27 2024 cenhuilin - 4.0.14-5 +- fix CVE-2024-35618 + * Mon Jul 17 2023 zhangxiang - 4.0.14-4 - add riscv64 support