From 155ba418332c72970561bdfd71fa9618642e93be Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 6 Jan 2026 15:01:15 +0000 Subject: [PATCH] import UBI mariadb-10.5.29-3.el9_7 --- SOURCES/CVE-2025-13699.patch | 207 +++++++++++++++++++++++++++++++++++ SPECS/mariadb.spec | 8 +- 2 files changed, 214 insertions(+), 1 deletion(-) create mode 100644 SOURCES/CVE-2025-13699.patch diff --git a/SOURCES/CVE-2025-13699.patch b/SOURCES/CVE-2025-13699.patch new file mode 100644 index 0000000..b9d1bd1 --- /dev/null +++ b/SOURCES/CVE-2025-13699.patch @@ -0,0 +1,207 @@ +diff --git a/client/mysqldump.c b/client/mysqldump.c +index e7264c07..7a019f97 100644 +--- a/client/mysqldump.c ++++ b/client/mysqldump.c +@@ -1811,6 +1811,26 @@ static char *cover_definer_clause(const char *stmt_str, + return query_str; + } + ++ ++static const char* build_path_for_table(char *to, const char *dir, ++ const char *table, const char *ext) ++{ ++ char filename[FN_REFLEN], tmp_path[FN_REFLEN]; ++ convert_dirname(tmp_path, path, NULL); ++ my_load_path(tmp_path, tmp_path, NULL); ++ if (check_if_legal_tablename(table)) ++ strxnmov(filename, sizeof(filename) - 1, table, "@@@", NULL); ++ else ++ { ++ uint errors, len; ++ len= my_convert(filename, sizeof(filename) - 1, &my_charset_filename, ++ table, (uint32)strlen(table), charset_info, &errors); ++ filename[len]= 0; ++ } ++ return fn_format(to, filename, tmp_path, ext, MYF(MY_UNPACK_FILENAME)); ++} ++ ++ + /* + Open a new .sql file to dump the table or view into + +@@ -1825,12 +1845,9 @@ static char *cover_definer_clause(const char *stmt_str, + */ + static FILE* open_sql_file_for_table(const char* table, int flags) + { +- FILE* res; +- char filename[FN_REFLEN], tmp_path[FN_REFLEN]; +- convert_dirname(tmp_path,path,NullS); +- res= my_fopen(fn_format(filename, table, tmp_path, ".sql", 4), +- flags, MYF(MY_WME)); +- return res; ++ char filename[FN_REFLEN]; ++ return my_fopen(build_path_for_table(filename, path, table, ".sql"), ++ flags, MYF(MY_WME)); + } + + +@@ -4017,15 +4034,9 @@ static void dump_table(const char *table, const char *db, const uchar *hash_key, + + if (path) + { +- char filename[FN_REFLEN], tmp_path[FN_REFLEN]; ++ char filename[FN_REFLEN]; + +- /* +- Convert the path to native os format +- and resolve to the full filepath. +- */ +- convert_dirname(tmp_path,path,NullS); +- my_load_path(tmp_path, tmp_path, NULL); +- fn_format(filename, table, tmp_path, ".txt", MYF(MY_UNPACK_FILENAME)); ++ build_path_for_table(filename, path, table, ".txt"); + + /* Must delete the file that 'INTO OUTFILE' will write to */ + my_delete(filename, MYF(0)); +@@ -4034,7 +4045,6 @@ static void dump_table(const char *table, const char *db, const uchar *hash_key, + to_unix_path(filename); + + /* now build the query string */ +- + dynstr_append_checked(&query_string, "SELECT /*!40001 SQL_NO_CACHE */ "); + dynstr_append_checked(&query_string, select_field_names.str); + dynstr_append_checked(&query_string, " INTO OUTFILE '"); +diff --git a/client/mysqlimport.c b/client/mysqlimport.c +index 687fd8c2..402affcf 100644 +--- a/client/mysqlimport.c ++++ b/client/mysqlimport.c +@@ -317,7 +317,17 @@ static int write_to_table(char *filename, MYSQL *mysql) + DBUG_ENTER("write_to_table"); + DBUG_PRINT("enter",("filename: %s",filename)); + +- fn_format(tablename, filename, "", "", 1 | 2); /* removes path & ext. */ ++ fn_format(tablename, filename, "", "", MYF(MY_REPLACE_DIR | MY_REPLACE_EXT)); ++ if (strchr(tablename, '@')) ++ { ++ uint errors, len; ++ CHARSET_INFO *cs= ++ get_charset_by_csname(default_charset, MY_CS_PRIMARY, MYF(0)); ++ len= my_convert(escaped_name, sizeof(escaped_name) - 1, cs, tablename, ++ (uint32)strlen(tablename), &my_charset_filename, &errors); ++ if (!errors) ++ strmake(tablename, escaped_name, len); ++ } + if (!opt_local_file) + strmov(hard_path,filename); + else +@@ -466,7 +476,7 @@ static MYSQL *db_connect(char *host, char *database, + mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); + if (!strcmp(default_charset,MYSQL_AUTODETECT_CHARSET_NAME)) + default_charset= (char *)my_default_csname(); +- mysql_options(mysql, MYSQL_SET_CHARSET_NAME, my_default_csname()); ++ mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset); + mysql_options(mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); + mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, + "program_name", "mysqlimport"); +diff --git a/mysql-test/main/mysqldump.result b/mysql-test/main/mysqldump.result +index 8e8e342d..4a9c1b50 100644 +--- a/mysql-test/main/mysqldump.result ++++ b/mysql-test/main/mysqldump.result +@@ -6624,3 +6624,48 @@ SET character_set_client = @saved_cs_client; + drop view `v'1"2`; + drop table t1; + # End of 10.5 tests ++# ++# MDEV-37483 mariadb-dump -T doesn't convert table names ++# ++create database foo; ++use foo; ++create table `con_schöne_grüße` (a int) select 1 as a; ++create table `con` (b int) select 2 as b; ++create table `con/bar` (c int) select 3 as c; ++create table `con@fame` (d int) select 4 as d; ++drop database foo; ++use test; ++con@002fbar.sql ++con@002fbar.txt ++con@@@.sql ++con@@@.txt ++con@fame.sql ++con@fame.txt ++con_sch@1ine_gr@1o@1je.sql ++con_sch@1ine_gr@1o@1je.txt ++show tables; ++Tables_in_test ++con ++con/bar ++con@fame ++con_schöne_grüße ++test.con: Records: 1 Deleted: 0 Skipped: 0 Warnings: 0 ++test.con/bar: Records: 1 Deleted: 0 Skipped: 0 Warnings: 0 ++test.con@fame: Records: 1 Deleted: 0 Skipped: 0 Warnings: 0 ++select * from `con_schöne_grüße`; ++a ++1 ++select * from `con`; ++b ++2 ++select * from `con/bar`; ++c ++3 ++select * from `con@fame`; ++d ++4 ++drop table `con_schöne_grüße`; ++drop table `con`; ++drop table `con/bar`; ++drop table `con@fame`; ++# End of 10.6 tests +diff --git a/mysql-test/main/mysqldump.test b/mysql-test/main/mysqldump.test +index 58790c15..6dc3eff5 100644 +--- a/mysql-test/main/mysqldump.test ++++ b/mysql-test/main/mysqldump.test +@@ -3033,3 +3033,44 @@ drop view `v'1"2`; # "' + drop table t1; + + --echo # End of 10.5 tests ++ ++--echo # ++--echo # MDEV-37483 mariadb-dump -T doesn't convert table names ++--echo # ++create database foo; ++use foo; ++ ++create table `con_schöne_grüße` (a int) select 1 as a; ++create table `con` (b int) select 2 as b; ++create table `con/bar` (c int) select 3 as c; ++create table `con@fame` (d int) select 4 as d; ++exec $MYSQL_DUMP foo --tab $MYSQLTEST_VARDIR/tmp; ++drop database foo; ++use test; ++move_file $MYSQLTEST_VARDIR/tmp/con@0040fame.sql $MYSQLTEST_VARDIR/tmp/con@fame.sql; ++move_file $MYSQLTEST_VARDIR/tmp/con@0040fame.txt $MYSQLTEST_VARDIR/tmp/con@fame.txt; ++list_files $MYSQLTEST_VARDIR/tmp con*; ++exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/con@@@.sql; ++exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/con@002fbar.sql; ++exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/con_sch@1ine_gr@1o@1je.sql; ++exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/con@fame.sql; ++show tables; ++exec $MYSQL_IMPORT test $MYSQLTEST_VARDIR/tmp/con@@@.txt; ++exec $MYSQL_IMPORT test $MYSQLTEST_VARDIR/tmp/con@002fbar.txt; ++if (`select @@version like '10.6.%'`) { ++# utf8 console output on Windows is fixed in MDEV-26713, until then ++--disable_result_log ++} ++exec $MYSQL_IMPORT --default-character-set=utf8mb4 test $MYSQLTEST_VARDIR/tmp/con_sch@1ine_gr@1o@1je.txt; ++--enable_result_log ++exec $MYSQL_IMPORT test $MYSQLTEST_VARDIR/tmp/con@fame.txt; ++select * from `con_schöne_grüße`; ++select * from `con`; ++select * from `con/bar`; ++select * from `con@fame`; ++drop table `con_schöne_grüße`; ++drop table `con`; ++drop table `con/bar`; ++drop table `con@fame`; ++ ++--echo # End of 10.6 tests diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec index 95ee827..ec94873 100644 --- a/SPECS/mariadb.spec +++ b/SPECS/mariadb.spec @@ -158,7 +158,7 @@ ExcludeArch: %{ix86} Name: mariadb Version: 10.5.29 -Release: 2%{?with_debug:.debug}%{?dist} +Release: 3%{?with_debug:.debug}%{?dist} Epoch: 3 Summary: A very fast and robust SQL database server @@ -226,6 +226,8 @@ Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch # Patch14: make MTR port calculation reasonably predictable Patch14: %{pkgnamepatch}-mtr.patch +Patch18: CVE-2025-13699.patch + BuildRequires: make BuildRequires: cmake gcc-c++ BuildRequires: multilib-rpm-config @@ -757,6 +759,7 @@ rm -r storage/rocksdb/ # Keeping the patch commented out, need to revisit # once the test is re-enabled by upstream in some future release #%%patch10 -p1 +%patch18 -p1 # generate a list of tests that fail, but are not disabled by upstream cat %{SOURCE50} | tee -a mysql-test/unstable-tests @@ -1655,6 +1658,9 @@ fi %endif %changelog +* Tue Dec 02 2025 Pavol Sloboda - 3:10.5.29-3 +- Release bump for rebuild + * Wed Oct 01 2025 Pavol Sloboda - 3:10.5.29-2 - Release bump for rebuild