Patched CVE-2012-2677 in mysql. (#10891)

PawelWMS · web-flow · commit 4f0ad929a808 · 2024-11-12T14:48:17.000-08:00
diff --git a/SPECS/mysql/CVE-2012-2677.patch b/SPECS/mysql/CVE-2012-2677.patch
@@ -0,0 +1,128 @@
+From 2d28e88f243997312e584e0190b72ee03cd59825 Mon Sep 17 00:00:00 2001
+From: Pawel Winogrodzki <pawelwi@microsoft.com>
+Date: Wed, 30 Oct 2024 13:41:03 -0700
+Subject: [PATCH] Patch for CVE-2012-2677.
+
+Patch retrieved from Fedora's "boost-1.48.0-13.fc17" SRPM:
+https://rpm.pbone.net/results_srodzaj_2_search_boost-1.48.0-13.fc17.src.rpm.html
+
+This is a modified version of the patch "boost-1.48.0-pool.patch"
+from the mentioned SRPM. Modifications:
+- Skipping addition of the "libs/pool/test/test_bug_6701.cpp" file.
+  MySQL's embedded version of "boost" doesn't contain the "libs" directory.
+- Removal of trailing whitespaces in "boost/pool/pool.hpp"
+  to avoid noisy build logs.
+
+Bugzilla thread #828858:
+https://bugzilla.redhat.com/show_bug.cgi?id=828858
+---
+ boost/boost_1_77_0/boost/pool/pool.hpp | 34 +++++++++++++++++++-------
+ 1 file changed, 25 insertions(+), 9 deletions(-)
+
+diff --git a/boost/boost_1_77_0/boost/pool/pool.hpp b/boost/boost_1_77_0/boost/pool/pool.hpp
+index c47b11fa..62ddd3bc 100644
+--- a/boost/boost_1_77_0/boost/pool/pool.hpp
++++ b/boost/boost_1_77_0/boost/pool/pool.hpp
+@@ -26,6 +26,8 @@
+ 
+ #include <boost/pool/poolfwd.hpp>
+ 
++// std::numeric_limits
++#include <boost/limits.hpp>
+ // boost::integer::static_lcm
+ #include <boost/integer/common_factor_ct.hpp>
+ // boost::simple_segregated_storage
+@@ -355,6 +357,15 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+       return s;
+     }
+ 
++    size_type max_chunks() const
++    { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool.
++      size_type partition_size = alloc_size();
++      size_type POD_size = math::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type);
++      size_type max_chunks = (std::numeric_limits<size_type>::max() - POD_size) / alloc_size();
++
++      return max_chunks;
++    }
++
+     static void * & nextof(void * const ptr)
+     { //! \returns Pointer dereferenced.
+       //! (Provided and used for the sake of code readability :)
+@@ -375,6 +386,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+       //!   the first time that object needs to allocate system memory.
+       //!   The default is 32. This parameter may not be 0.
+       //! \param nmax_size is the maximum number of chunks to allocate in one block.
++      set_next_size(nnext_size);
++      set_max_size(nmax_size);
+     }
+ 
+     ~pool()
+@@ -398,8 +411,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+     }
+     void set_next_size(const size_type nnext_size)
+     { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
+-      //! \returns nnext_size.
+-      next_size = start_size = nnext_size;
++      BOOST_USING_STD_MIN();
++      next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks());
+     }
+     size_type get_max_size() const
+     { //! \returns max_size.
+@@ -407,7 +420,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+     }
+     void set_max_size(const size_type nmax_size)
+     { //! Set max_size.
+-      max_size = nmax_size;
++      BOOST_USING_STD_MIN();
++      max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks());
+     }
+     size_type get_requested_size() const
+     { //!   \returns the requested size passed into the constructor.
+@@ -708,9 +722,9 @@ void * pool<UserAllocator>::malloc_need_resize()
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  initialize it,
+   store().add_block(node.begin(), node.element_size(), partition_size);
+@@ -748,9 +762,9 @@ void * pool<UserAllocator>::ordered_malloc_need_resize()
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  initialize it,
+   //  (we can use "add_block" here because we know that
+@@ -792,6 +806,8 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+ { //! Gets address of a chunk n, allocating new memory if not already available.
+   //! \returns Address of chunk n if allocated ok.
+   //! \returns 0 if not enough memory for n chunks.
++  if (n > max_chunks())
++    return 0;
+ 
+   const size_type partition_size = alloc_size();
+   const size_type total_req_size = n * requested_size;
+@@ -840,9 +856,9 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  insert it into the list,
+   //   handle border case.
+-- 
+2.34.1
+
diff --git a/SPECS/mysql/mysql.spec b/SPECS/mysql/mysql.spec
@@ -3,7 +3,7 @@
 Summary:        MySQL.
 Name:           mysql
 Version:        8.0.40
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,6 +14,7 @@ Patch0:         CVE-2012-5627.nopatch
 # AZL's OpenSSL builds with the "no-chacha" option making all ChaCha
 # ciphers unavailable.
 Patch1:         fix-tests-for-unsupported-chacha-ciphers.patch
+Patch2:         CVE-2012-2677.patch
 BuildRequires:  cmake
 BuildRequires:  libtirpc-devel
 BuildRequires:  openssl-devel
@@ -107,6 +108,9 @@ sudo -u test make test || { cat Testing/Temporary/LastTest.log; false; }
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Tue Nov 12 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 8.0.40-4
+- Patched CVE-2012-2677.
+
 * Tue Nov 05 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 8.0.40-3
 - Explicitly setting "WITH_CURL=none".
 
