From dc46ce04e19603e3d368c8c5ce684d990bfff7d1 Mon Sep 17 00:00:00 2001 From: yangxinyu Date: Tue, 14 Jan 2025 11:12:18 +0800 Subject: [PATCH] [CVE] fix cve-2024-37370 cve-2024-37371 to #bug13450 #13449 fix cve-2024-21203 cve-2024-21198 Project: TC2024080204 Signed-off-by:yangxinyu --- download | 2 +- mysql-mtr.patch | 2 +- mysql.spec | 9 +++++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/download b/download index 7cb5494..3a2ebe4 100644 --- a/download +++ b/download @@ -1 +1 @@ -e0cb61cbf6e1144c452368c4535ae931 mysql-boost-8.0.37.tar.gz +8a3ce5a136cebbe7fe5d8e122afffd30 mysql-boost-8.0.40.tar.gz diff --git a/mysql-mtr.patch b/mysql-mtr.patch index 1e56b93..34bd70c 100644 --- a/mysql-mtr.patch +++ b/mysql-mtr.patch @@ -104,7 +104,7 @@ index f50573a9..82488df1 100755 - # UNIX domain socket's path far below PATH_MAX. Don't allow that - # to happen. - my $res = -- check_socket_path_length("$opt_tmpdir/mysqld.NN.sock", $opt_parallel); +- check_socket_path_length("$opt_tmpdir/mysqld.NN.sock", $opt_parallel, $tmpdir_path_updated); - if ($res) { - mtr_error("Socket path '$opt_tmpdir' too long, it would be ", - "truncated and thus not possible to use for connection to ", diff --git a/mysql.spec b/mysql.spec index dfb82d2..a070018 100644 --- a/mysql.spec +++ b/mysql.spec @@ -75,7 +75,7 @@ %global sameevr %{?epoch:%{epoch}:}%{version}-%{release} Name: mysql -Version: 8.0.37 +Version: 8.0.40 Release: %{anolis_release}%{?dist} Summary: MySQL client programs and shared libraries URL: http://www.mysql.com @@ -376,7 +376,7 @@ pushd boost/boost_$(echo %{boost_bundled_version}| tr . _) %patch111 -p1 %patch112 -p1 popd -%patch113 -p1 +#%patch113 -p1 #%patch114 -p1 # generate a list of tests that fail, but are not disabled by upstream @@ -931,6 +931,11 @@ fi %endif %changelog +* Tue Jan 14 2025 yangxinyu - 8.0.40-1 +- update to 8.0.40 +- fix CVE-2024-21198 +- fix CVE-2024-21203 + * Fri May 31 2024 Kaiqiang Wang - 8.0.37-1 - update to 8.0.37 - fix CVE-2024-21096 -- Gitee