diff options
author | Leo Famulari <leo@famulari.name> | 2018-08-22 15:39:14 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-08-22 15:40:08 -0400 |
commit | 58927996d9171aa7054d20de7dbd393ebd7a3efa (patch) | |
tree | 3748c46cb2dd42e9b92fdf6d4b27b0c520b116c4 | |
parent | 414f620fbbba353986b2ecdb6274e35a53950323 (diff) | |
download | guix-58927996d9171aa7054d20de7dbd393ebd7a3efa.tar.gz |
gnu: perl-dbd-mysql: Update to 4.046.
* gnu/packages/databases.scm (perl-dbd-mysql): Update to 4.046. [source]: Update URL. Remove 'perl-dbd-mysql-CVE-2017-10788.patch'. * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/databases.scm | 7 | ||||
-rw-r--r-- | gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch | 62 |
3 files changed, 3 insertions, 67 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 72f0e192c9..71f3583f88 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1018,7 +1018,6 @@ dist_patch_DATA = \ %D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ - %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ %D%/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 9dca5f4e62..4e64fb78b4 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1472,16 +1472,15 @@ columns, primary keys, unique constraints and relationships.") (define-public perl-dbd-mysql (package (name "perl-dbd-mysql") - (version "4.043") + (version "4.046") (source (origin (method url-fetch) - (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/" + (uri (string-append "mirror://cpan/authors/id/C/CA/CAPTTOFU/" "DBD-mysql-" version ".tar.gz")) (sha256 (base32 - "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")) - (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch")))) + "1xziv9w87cl3fbl1mqkdrx28mdqly3gs6gs1ynbmpl2rr4p6arb1")))) (build-system perl-build-system) ;; Tests require running MySQL server (arguments `(#:tests? #f)) diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch deleted file mode 100644 index 74613cb632..0000000000 --- a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch +++ /dev/null @@ -1,62 +0,0 @@ -Fix CVE-2017-10788: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788 - -Patch written to match corrected documentation specifications: - -Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html -New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html - -The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660. - -From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 -From: Pali <pali@cpan.org> -Date: Sun, 25 Jun 2017 10:07:39 +0200 -Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() - -Ignore return value from mysql_stmt_close() and also its error message -because it points to freed memory after mysql_stmt_close() was called. ---- - dbdimp.c | 8 ++------ - mysql.xs | 7 ++----- - 2 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/dbdimp.c b/dbdimp.c -index c60a5f6..a6410e5 100644 ---- a/dbdimp.c -+++ b/dbdimp.c -@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { - - if (imp_sth->stmt) - { -- if (mysql_stmt_close(imp_sth->stmt)) -- { -- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), -- mysql_stmt_error(imp_sth->stmt), -- mysql_stmt_sqlstate(imp_sth->stmt)); -- } -+ mysql_stmt_close(imp_sth->stmt); -+ imp_sth->stmt= NULL; - } - #endif - -diff --git a/mysql.xs b/mysql.xs -index 55376e1..affde59 100644 ---- a/mysql.xs -+++ b/mysql.xs -@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) - if (bind) - Safefree(bind); - -- if(mysql_stmt_close(stmt)) -- { -- fprintf(stderr, "\n failed while closing the statement"); -- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); -- } -+ mysql_stmt_close(stmt); -+ stmt= NULL; - - if (retval == -2) /* -2 means error */ - { --- -1.7.9.5 |