From: Randy MacLeod <randy.macleod@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: Re: [PATCH][meta-oe] mariadb: Security Advisory -CVE-2015-2305
Date: Wed, 17 Jun 2015 15:42:34 -0400 [thread overview]
Message-ID: <5581CDAA.6030405@windriver.com> (raw)
In-Reply-To: <557B03F0.7080306@windriver.com>
On 2015-06-12 12:08 PM, Randy MacLeod wrote:
> On 2015-06-01 04:04 AM, rongqing.li@windriver.com wrote:
>> From: Roy Li <rongqing.li@windriver.com>
>>
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2305
>
> That's fine for now.
>
> (GA) releases are: 10.0.19 and 5.5.44
> and we have 5.5.43.
>
> Should we update to 5.5.44 or replace it with 10.0 or wait for
> 10.1 to turn into 10.2 ? If anyone knows the approximate timeline
> for 10.2, that would be helpful.
I found a MariaDB, Jira page that tracks defects/features:
https://mariadb.atlassian.net/projects/MDEV?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page
Today (June 17) 10.2 has the following stats:
4 - done
11 - in progress
134 - to do
so it looks like the 10.2 release is not just around the corner.
If anyone wants to add 10.0 that would be useful. I'll probably
check back in a month to see how 10.2 is going...
../Randy
>
> ../Randy
>
>
>>
>> Signed-off-by: Roy Li <rongqing.li@windriver.com>
>> ---
>> meta-oe/recipes-support/mysql/mariadb.inc | 1 +
>> .../mysql/mariadb/fix-CVE-2015-2305.patch | 43
>> ++++++++++++++++++++++
>> 2 files changed, 44 insertions(+)
>> create mode 100644
>> meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
>>
>> diff --git a/meta-oe/recipes-support/mysql/mariadb.inc
>> b/meta-oe/recipes-support/mysql/mariadb.inc
>> index 00fa965..540b159 100644
>> --- a/meta-oe/recipes-support/mysql/mariadb.inc
>> +++ b/meta-oe/recipes-support/mysql/mariadb.inc
>> @@ -12,6 +12,7 @@ SRC_URI =
>> "http://mirror.stshosting.co.uk/mariadb/mariadb-${PV}/source/mariadb-$
>> file://mysqld.service \
>> file://configure.cmake-fix-valgrind.patch \
>> file://fix-a-building-failure.patch \
>> + file://fix-CVE-2015-2305.patch \
>> "
>>
>> SRC_URI[md5sum] = "c8760d6b5890fc1de76c07af48092c88"
>> diff --git
>> a/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
>> b/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
>> new file mode 100644
>> index 0000000..2d1b467
>> --- /dev/null
>> +++ b/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
>> @@ -0,0 +1,43 @@
>> +From f5c1d00a9ceb61acfe038dcf2ec0236c2939328c Mon Sep 17 00:00:00 2001
>> +From: Roy Li <rongqing.li@windriver.com>
>> +Date: Mon, 1 Jun 2015 15:31:48 +0800
>> +Subject: [PATCH] From 70bc2965604b6b8aaf260049e64c708dddf85334 Mon
>> Sep 17
>> + 00:00:00 2001 From: Gary Houston <ghouston@arglist.com> Date: Wed,
>> 25 Feb
>> + 2015 13:29:03 +1100 Subject: [PATCH] Bug fix for integer overflow in
>> regcomp
>> + for excessively long pattern strings. CERT Vulnerability Note
>> VU#695940.
>> + Found by Guido Vranken.
>> +
>> +Upsteam-Status: Backport
>> +
>> +https://bugzilla.suse.com/attachment.cgi?id=627001
>> +
>> +Signed-off-by: Roy Li <rongqing.li@windriver.com>
>> +---
>> + regex/regcomp.c | 11 ++++++++++-
>> + 1 file changed, 10 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/regex/regcomp.c b/regex/regcomp.c
>> +index abc1817..31e57c1 100644
>> +--- a/regex/regcomp.c
>> ++++ b/regex/regcomp.c
>> +@@ -138,7 +138,16 @@ struct cclass cclasses[CCLASS_LAST+1]= {
>> + (NC-1)*sizeof(cat_t));
>> + if (g == NULL)
>> + return(REG_ESPACE);
>> +- p->ssize = (long) (len/(size_t)2*(size_t)3 + (size_t)1); /* ugh */
>> ++ {
>> ++ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */
>> ++ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */
>> ++ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) {
>> ++ free((char *) g);
>> ++ return REG_INVARG;
>> ++ }
>> ++ p->ssize = new_ssize;
>> ++ }
>> ++
>> + p->strip = (sop *)malloc(p->ssize * sizeof(sop));
>> + p->slen = 0;
>> + if (p->strip == NULL) {
>> +--
>> +1.9.1
>> +
>>
>
>
--
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON,
Canada, K2K 2W5
prev parent reply other threads:[~2015-06-17 19:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-01 8:04 [PATCH][meta-oe] mariadb: Security Advisory -CVE-2015-2305 rongqing.li
2015-06-12 16:08 ` Randy MacLeod
2015-06-17 19:42 ` Randy MacLeod [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5581CDAA.6030405@windriver.com \
--to=randy.macleod@windriver.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.