Hello community,
here is the log from the commit of package perl-DBI.15087 for
openSUSE:Leap:15.2:Update checked in at 2020-11-27 06:23:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/perl-DBI.15087 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.perl-DBI.15087.new.5913 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-DBI.15087"
Fri Nov 27 06:23:51 2020 rev:1 rq:850330 version:1.642
Changes:
--------
New Changes file:
--- /dev/null 2020-11-18 17:46:03.679371574 +0100
+++
/work/SRC/openSUSE:Leap:15.2:Update/.perl-DBI.15087.new.5913/perl-DBI.changes
2020-11-27 06:23:53.265103446 +0100
@@ -0,0 +1,853 @@
+-------------------------------------------------------------------
+Tue Nov 3 16:29:26 UTC 2020 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix [bsc#1176492, CVE-2014-10401, CVE-2014-10402]
+ * DBD::File drivers can open files from folders other than those
+ specifically passed via the f_dir attribute in the data source
+ name (DSN).
+- Add perl-DBI-CVE-2014-10402.patch
+
+-------------------------------------------------------------------
+Tue Sep 29 16:42:53 UTC 2020 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix: [bsc#1176764, CVE-2019-20919]
+ * NULL profile de-reference in dbi_profile()
+- perl-DBI-CVE-2019-20919.patch
+
+-------------------------------------------------------------------
+Fri Sep 11 06:47:20 UTC 2020 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix: [bsc#1176409, CVE-2020-14393]
+ * CVE-2020-14393: Buffer overflow on an overlong DBD class name
+- Add perl-DBI-CVE-2020-14393.patch
+
+-------------------------------------------------------------------
+Fri Sep 11 06:46:11 UTC 2020 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix: [bsc#1176412, CVE-2020-14392]
+ * CVE-2020-14392: Memory corruption in XS functions when Perl
+ stack is reallocated
+- Add perl-DBI-CVE-2020-14392.patch
+
+-------------------------------------------------------------------
+Mon Sep 23 11:12:59 UTC 2019 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Fix invalid utf-8 encoding in Changelogtext
+
+-------------------------------------------------------------------
+Thu Nov 8 06:11:49 UTC 2018 - Stephan Kulow <co...@suse.com>
+
+- updated to 1.642
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+ =head2 Changes in DBI 1.642 - 28th October 2018
+
+ Fix '.' in @INC for proxy test under parallel load
+ thanks to H.Merijn Brand.
+ Fix driver-related croak() in DBI->connect to report the original DSN
+ thanks to maxatome #67
+
+ Introduce a new statement DBI method $sth->last_insert_id()
+ thanks to pali #64
+ Allow to call $dbh->last_insert_id() method without arguments
+ thanks to pali #64
+ Added a new XS API function variant dbd_db_do6()
+ thanks to Pali #61
+
+ Fix misprints in doc of selectall_hashref
+ thanks to Perlover #69
+ Remove outdated links to DBI related training resources. RT#125999
+
+-------------------------------------------------------------------
+Tue Mar 20 06:11:59 UTC 2018 - co...@suse.com
+
+- updated to 1.641
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+ =head2 Changes in DBI 1.641 - 19th March 2018
+
+ Remove dependency on Storable 2.16 introduced in DBI 1.639
+ thanks to Ribasushi #60
+ Avoid compiler warnings in Driver.xst #59
+ thanks to pali #59
+
+-------------------------------------------------------------------
+Wed Feb 7 15:19:14 UTC 2018 - co...@suse.com
+
+- updated to 1.640
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+-------------------------------------------------------------------
+Fri Dec 29 06:13:44 UTC 2017 - co...@suse.com
+
+- updated to 1.639
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+-------------------------------------------------------------------
+Fri Aug 18 05:16:23 UTC 2017 - co...@suse.com
+
+- updated to 1.637
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+ =head2 Changes in DBI 1.637 - ...
+
+ Fix use of externally controlled format string (CWE-134) thanks to pali
#44
+ This could cause a crash if, for example, a db error contained a %.
+ https://cwe.mitre.org/data/definitions/134.html
+ Fix extension detection for DBD::File related drivers
+ Fix tests for perl without dot in @INC RT#120443
+ Fix loss of error message on parent handle, thanks to charsbar #34
+ Fix disappearing $_ inside callbacks, thanks to robschaber #47
+
+ Allow objects to be used as passwords without throwing an error, thanks
to demerphq #40
+ Allow $sth NAME_* attributes to be set from Perl code, re #45
+ Added support for DBD::XMLSimple thanks to nigelhorne #38
+
+ Documentation updates:
+ Improve examples using eval to be more correct, thanks to pali #39
+ Add cautionary note to prepare_cached docs re refs in %attr #46
+ Small POD changes (Getting Help -> Online) thanks to openstrike #33
+ Adds links to more module names and fix typo, thanks to oalders #43
+ Typo fix thanks to bor #37
+
+-------------------------------------------------------------------
+Mon May 23 11:35:58 UTC 2016 - co...@suse.com
+
+- updated to 1.636
+ see /usr/share/doc/packages/perl-DBI/Changes
+
+ =head2 Changes in DBI 1.636 - 24th April 2016
+
+ Fix compilation for threaded perl <= 5.12 broken in 1.635 RT#113955
+ Revert change to DBI::PurePerl DESTROY in 1.635
+ Change t/16destroy.t to avoid race hazard RT#113951
+ Output perl version and archname in t/01basics.t
+ Add perl 5.22 and 5.22-extras to travis-ci config
+
+ =head2 Changes in DBI 1.635 - 24th April 2016
+
+ Fixed RaiseError/PrintError for UTF-8 errors/warnings. RT#102404
+ Fixed cases where ShowErrorStatement might show incorrect Statement
RT#97434
+ Fixed DBD::Gofer for UTF-8-enabled STDIN/STDOUT
+ thanks to mauke PR#32
+ Fixed fetchall_arrayref({}) behavior with no columns
+ thanks to Dan McGee PR#31
+ Fixed tied CachedKids ref leak in attribute cache by weakening
+ thanks to Michael Conrad RT#113852
+ Fixed "panic: attempt to copy freed scalar" upon commit() or rollback()
+ thanks to fbriere for detailed bug report RT#102791
+ Ceased to ignore DESTROY of outer handle in DBI::PurePerl
+ Treat undef in DBI::Profile Path as string "undef"
+ thanks to fREW Schmidt RT#113298
+ Fix SQL::Nano parser to ignore trailing semicolon
+ thanks to H.Merijn Brand.
+
+ Added @ary = $dbh->selectall_array(...) method
+ thanks to Ed Avis RT#106411
+ Added appveyor support (Travis like CI for windows)
+ thanks to mbeijen PR#30
+
+ Corrected spelling errors in pod
+ thanks to Gregor Herrmann RT#107838
+ Corrected and/or removed broken links to SQL standards
+ thanks to David Pottage RT#111437
+ Corrected doc example to use dbi: instead of DBI: in DSN
+ thanks to Michael R. Davis RT#101181
+ Removed/updated broken links in docs
+ thanks to mbeijen PR#29
+ Clarified docs for DBI::hash($string)
+ Removed the ancient DBI::FAQ module RT#102714
+ Fixed t/pod.t to require Test::Pod >= 1.41 RT#101769
+
+ This release was developed at the Perl QA Hackathon 2016
+ L<http://act.qa-hackathon.org/qa2016/>
+ which was made possible by the generosity of many sponsors:
+
+ L<https://www.fastmail.com> FastMail,
+ L<https://www.ziprecruiter.com> ZipRecruiter,
+ L<http://www.activestate.com> ActiveState,
+ L<http://www.opusvl.com> OpusVL,
+ L<https://www.strato.com> Strato,
+ L<http://www.surevoip.co.uk> SureVoIP,
+ L<http://www.cv-library.co.uk> CV-Library,
+ L<https://www.iinteractive.com/> Infinity,
+ L<https://opensource.careers/perl-careers/> Perl Careers,
+ L<https://www.mongodb.com> MongoDB,
+ L<https://www.thinkproject.com> thinkproject!,
+ L<https://www.dreamhost.com/> Dreamhost,
+ L<http://www.perl6.org/> Perl 6,
+ L<http://www.perl-services.de/> Perl Services,
+ L<https://www.evozon.com/> Evozon,
+ L<http://www.booking.com> Booking,
+ L<http://eligo.co.uk> Eligo,
+ L<http://www.oetiker.ch/> Oetiker+Partner,
+ L<http://capside.com/en/> CAPSiDE,
+ L<https://www.procura.nl/> Procura,
+ L<https://constructor.io/> Constructor.io,
+ L<https://metacpan.org/author/BABF> Robbie Bow,
+ L<https://metacpan.org/author/RSAVAGE> Ron Savage,
+ L<https://metacpan.org/author/ITCHARLIE> Charlie Gonzalez,
+ L<https://twitter.com/jscook2345> Justin Cook.
+
+-------------------------------------------------------------------
+Sun Sep 20 15:44:57 UTC 2015 - co...@suse.com
+
+- updated to 1.634
+ see /usr/share/doc/packages/perl-DBI/Changes
+
++++ 656 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.perl-DBI.15087.new.5913/perl-DBI.changes
New:
----
DBI-1.642.tar.gz
cpanspec.yml
perl-DBI-CVE-2014-10402.patch
perl-DBI-CVE-2019-20919.patch
perl-DBI-CVE-2020-14392.patch
perl-DBI-CVE-2020-14393.patch
perl-DBI.changes
perl-DBI.rpmlintrc
perl-DBI.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-DBI.spec ++++++
#
# spec file for package perl-DBI
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: perl-DBI
Version: 1.642
Release: 0
%define cpan_name DBI
Summary: Database independent interface for Perl
License: Artistic-1.0 OR GPL-1.0-or-later
Group: Development/Libraries/Perl
Url: https://metacpan.org/release/%{cpan_name}
Source0:
https://cpan.metacpan.org/authors/id/T/TI/TIMB/%{cpan_name}-%{version}.tar.gz
Source1: perl-DBI.rpmlintrc
Source2: cpanspec.yml
#PATCH-FIX-UPSTREAM bsc#1176412 CVE-2020-14392 Memory corruption in XS functions
Patch1: perl-DBI-CVE-2020-14392.patch
#PATCH-FIX-UPSTREAM bsc#1176409 CVE-2020-14393 Buffer overflow on an overlong
DBD class name
Patch2: perl-DBI-CVE-2020-14393.patch
#PATCH-FIX-UPSTREAM bsc#1176764 CVE-2019-20919 NULL profile de-reference in
dbi_profile()
Patch3: perl-DBI-CVE-2019-20919.patch
#PATCH-FIX-UPSTREAM bsc#1176492 CVE-2014-10401,CVE-2014-10402: DBD:File drivers
can open
# files from folders other than those specifically passed via the f_dir
attribute.
Patch4: perl-DBI-CVE-2014-10402.patch
BuildRequires: perl
BuildRequires: perl-macros
BuildRequires: perl(Test::Simple) >= 0.90
%{perl_requires}
%description
The DBI is a database access module for the Perl programming language. It
defines a set of methods, variables, and conventions that provide a
consistent database interface, independent of the actual database being
used.
It is important to remember that the DBI is just an interface. The DBI is a
layer of "glue" between an application and one or more database _driver_
modules. It is the driver modules which do most of the real work. The DBI
provides a standard interface and framework for the drivers to operate
within.
This document often uses terms like _references_, _objects_, _methods_. If
you're not familiar with those terms then it would be a good idea to read
at least the following perl manuals first: perlreftut, perldsc, perllol,
and perlboot.
%prep
%setup -q -n %{cpan_name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
%build
perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
make %{?_smp_mflags}
%check
make test
%install
%perl_make_install
%perl_process_packlist
%perl_gen_filelist
%files -f %{name}.files
%defattr(-,root,root,755)
%doc Changes Driver.xst README.md
%license LICENSE
%changelog
++++++ cpanspec.yml ++++++
---
#description_paragraphs: 3
#no_testing: broken upstream
sources:
- perl-DBI.rpmlintrc
#patches:
# foo.patch: -p1
# bar.patch:
#preamble: |-
# BuildRequires: gcc-c++
#post_prep: |-
# hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'`
# sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL
#post_install: |-
# sed on %{name}.files
#license: SUSE-NonFree
#skip_noarch: 1
#custom_build: -
#./Build build flags=%{?_smp_mflags} --myflag
++++++ perl-DBI-CVE-2014-10402.patch ++++++
From 27b10b5c3aacabc091046beaba478e671bb6111c Mon Sep 17 00:00:00 2001
From: Jens Rehsack <s...@netbsd.org>
Date: Tue, 6 Oct 2020 08:23:55 +0200
Subject: [PATCH 2/3] t/51dbm_file.t: add test from RT#99508
Add test with f_dir="something-not-existing" as reported in RT#99508
to verify when it's fixed for real.
Signed-off-by: Jens Rehsack <s...@netbsd.org>
---
t/51dbm_file.t | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/t/51dbm_file.t b/t/51dbm_file.t
index d9824cf..686a3d2 100644
--- a/t/51dbm_file.t
+++ b/t/51dbm_file.t
@@ -15,6 +15,27 @@ use DBI;
do "./t/lib.pl";
+{
+ # test issue reported in RT#99508
+ my @msg;
+ eval {
+ local $SIG{__DIE__} = sub { push @msg, @_ };
+ my $dbh = DBI->connect
("dbi:DBM:f_dir=./hopefully-doesnt-existst;sql_identifier_case=1;RaiseError=1");
+ };
+ like ("@msg", qr{.*hopefully-doesnt-existst.*}, "Cannot open from
non-existing directory with attributes in DSN");
+
+ @msg = ();
+ eval {
+ local $SIG{__DIE__} = sub { push @msg, @_ };
+ my $dbh = DBI->connect ("dbi:DBM:", , undef, undef, {
+ f_dir => "./hopefully-doesnt-existst",
+ sql_identifier_case => 1,
+ RaiseError => 1,
+ });
+ };
+ like ("@msg", qr{.*hopefully-doesnt-existst}, "Cannot open from
non-existing directory with attributes in HASH");
+}
+
my $dir = test_dir();
my $dbh = DBI->connect( 'dbi:DBM:', undef, undef, {
@@ -23,6 +44,8 @@ my $dbh = DBI->connect( 'dbi:DBM:', undef, undef, {
}
);
+ok( $dbh, "Connect with driver attributes in hash" );
+
ok( $dbh->do(q/drop table if exists FRED/), 'drop table' );
my $dirfext = $^O eq 'VMS' ? '.sdbm_dir' : '.dir';
From 19d0fb169eed475e1c053e99036b8668625cfa94 Mon Sep 17 00:00:00 2001
From: Jens Rehsack <s...@netbsd.org>
Date: Tue, 6 Oct 2020 10:22:17 +0200
Subject: [PATCH 3/3] lib/DBD/File.pm: fix CVE-2014-10401
Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and
figure out that DBI->parse_dsn is the wrong helper to parse our attributes in
DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes
parse_dsn to bailout.
Parsing on our own similar to parse_dsn shows the way out.
Signed-off-by: Jens Rehsack <s...@netbsd.org>
---
lib/DBD/File.pm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm
index fb14e9a..f55076f 100644
--- a/lib/DBD/File.pm
+++ b/lib/DBD/File.pm
@@ -109,7 +109,11 @@ sub connect
# We do not (yet) care about conflicting attributes here
# my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir =>
"text" });
# will test here that both test and text should exist
- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) {
+ #
+ # Parsing on our own similar to parse_dsn to find attributes in 'dbname'
parameter.
+ if ($dbname) {
+ my @attrs = split /;/ => $dbname;
+ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs };
if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) {
my $msg = "No such directory '$attr_hash->{f_dir}";
$drh->set_err (2, $msg);
@@ -120,7 +124,6 @@ sub connect
if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) {
my $msg = "No such directory '$attr->{f_dir}";
$drh->set_err (2, $msg);
- $attr->{RaiseError} and croak $msg;
return;
}
From c71b64a678bcd708c7b75ee2bef5a360c836444c Mon Sep 17 00:00:00 2001
From: "H.Merijn Brand - Tux" <li...@tux.freedom.nl>
Date: Wed, 28 Oct 2020 15:57:17 +0100
Subject: [PATCH] Document the new behavior for f_dir
These changes also warrant a version increase
---
lib/DBD/File.pm | 5 +++++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm
index baffefa..afbff26 100644
--- a/lib/DBD/File.pm
+++ b/lib/DBD/File.pm
@@ -1062,6 +1062,11 @@ directory) when the dbh attribute is set.
f_dir => "/data/foo/csv",
+If C<f_dir> is set to a non-existing location, the connection will fail.
+See CVE-2014-10401 for reasoning. Because of this, folders to use cannot
+be created after the connection, but must exist before the connection is
+initiated.
+
See L<KNOWN BUGS AND LIMITATIONS>.
=head4 f_dir_search
From 89f0d4cd38b83f0ee426a5fdf7d1ad5ea371c883 Mon Sep 17 00:00:00 2001
From: "H.Merijn Brand - Tux" <li...@tux.freedom.nl>
Date: Wed, 28 Oct 2020 15:03:48 +0100
Subject: [PATCH] Fix for empty attributes in DSN
dbm_type=SDBM_File;dbm_mldbm=;f_lockfile=.lck'
^
would result in
Odd number of elements in anonymous hash
---
lib/DBD/File.pm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm
index f55076f..baffefa 100644
--- a/lib/DBD/File.pm
+++ b/lib/DBD/File.pm
@@ -112,8 +112,9 @@ sub connect
#
# Parsing on our own similar to parse_dsn to find attributes in 'dbname'
parameter.
if ($dbname) {
- my @attrs = split /;/ => $dbname;
- my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs };
+ my $attr_hash = {
+ map { (m/^\s* (\S+) \s*(?: =>? | , )\s* (\S*) \s*$/x) }
+ split m/;/ => $dbname };
if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) {
my $msg = "No such directory '$attr_hash->{f_dir}";
$drh->set_err (2, $msg);
From 2eda0ec996d0a9357885acd442c72ac206adb7b3 Mon Sep 17 00:00:00 2001
From: "H.Merijn Brand - Tux" <li...@tux.freedom.nl>
Date: Wed, 28 Oct 2020 15:09:01 +0100
Subject: [PATCH] Catch warning
---
t/51dbm_file.t | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/t/51dbm_file.t b/t/51dbm_file.t
index 686a3d2..0ae910c 100644
--- a/t/51dbm_file.t
+++ b/t/51dbm_file.t
@@ -18,21 +18,25 @@ do "./t/lib.pl";
{
# test issue reported in RT#99508
my @msg;
- eval {
- local $SIG{__DIE__} = sub { push @msg, @_ };
- my $dbh = DBI->connect
("dbi:DBM:f_dir=./hopefully-doesnt-existst;sql_identifier_case=1;RaiseError=1");
+ my $dbh = eval {
+ local $SIG{__WARN__} = sub { push @msg, @_ };
+ local $SIG{__DIE__} = sub { push @msg, @_ };
+ DBI->connect
("dbi:DBM:f_dir=./hopefully-doesnt-existst;sql_identifier_case=1;RaiseError=1");
};
+ is ($dbh, undef, "Connect failed");
like ("@msg", qr{.*hopefully-doesnt-existst.*}, "Cannot open from
non-existing directory with attributes in DSN");
@msg = ();
- eval {
- local $SIG{__DIE__} = sub { push @msg, @_ };
- my $dbh = DBI->connect ("dbi:DBM:", , undef, undef, {
+ $dbh = eval {
+ local $SIG{__WARN__} = sub { push @msg, @_ };
+ local $SIG{__DIE__} = sub { push @msg, @_ };
+ DBI->connect ("dbi:DBM:", , undef, undef, {
f_dir => "./hopefully-doesnt-existst",
sql_identifier_case => 1,
RaiseError => 1,
});
};
+ is ($dbh, undef, "Connect failed");
like ("@msg", qr{.*hopefully-doesnt-existst}, "Cannot open from
non-existing directory with attributes in HASH");
}
++++++ perl-DBI-CVE-2019-20919.patch ++++++
From eca7d7c8f43d96f6277e86d1000e842eb4cc67ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Mon, 29 Jul 2019 15:22:31 +0200
Subject: [PATCH] Fix a NULL profile dereference in dbi_profile()
hv_fetch() documentation requires checking for NULL and the code does
that. But then calls SvOK(profile) uncoditionally two lines later.
This patch fixes it.
---
DBI.xs | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: DBI-1.642/DBI.xs
===================================================================
--- DBI-1.642.orig/DBI.xs
+++ DBI-1.642/DBI.xs
@@ -2904,8 +2904,12 @@ dbi_profile(SV *h, imp_xxh_t *imp_xxh, S
mg_get(profile); /* FETCH */
if (!profile || !SvROK(profile)) {
DBIc_set(imp_xxh, DBIcf_Profile, 0); /* disable */
- if (SvOK(profile) && !PL_dirty)
- warn("Profile attribute isn't a hash ref (%s,%ld)",
neatsvpv(profile,0), (long)SvTYPE(profile));
+ if (!PL_dirty) {
+ if (!profile)
+ warn("Profile attribute does not exist");
+ else if (SvOK(profile))
+ warn("Profile attribute isn't a hash ref (%s,%ld)",
neatsvpv(profile,0), (long)SvTYPE(profile));
+ }
return &PL_sv_undef;
}
++++++ perl-DBI-CVE-2020-14392.patch ++++++
From ea99b6aafb437db53c28fd40d5eafbe119cd66e1 Mon Sep 17 00:00:00 2001
From: Pali <p...@cpan.org>
Date: Wed, 31 Jul 2019 14:01:35 +0200
Subject: [PATCH] Fix memory corruption in XS functions when Perl stack is
reallocated
Macro ST(*) returns pointer to Perl stack. Other Perl functions which use
Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer
returned by ST(*) macro is invalid.
Construction like this:
ST(0) = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password, attribs) ?
&PL_sv_yes : &PL_sv_no;
where dbd_db_login6_sv() driver function calls eval may lead to
reallocating Perl stack and therefore invalidating ST(0) pointer.
So that construction would cause memory corruption as left part of
assignment is resolved prior executing dbd_db_login6_sv() function.
Correct way how to handle this problem: First call dbd_db_login6_sv()
function and then call ST(0) to retrieve stack pointer.
In this patch are fixes all occurrences of such constructions.
When running perl under valgrind I got memory corruption in DBD::ODBC
driver in that dbd_db_login6_sv() function due to above problem.
Exactly same problem was present in Encode module which was fixed in pull
request: https://github.com/dankogai/p5-encode/pull/72
---
DBI.xs | 17 ++++++++---
Driver.xst | 84 +++++++++++++++++++++++++++++++++---------------------
2 files changed, 65 insertions(+), 36 deletions(-)
Index: DBI-1.642/DBI.xs
===================================================================
--- DBI-1.642.orig/DBI.xs
+++ DBI-1.642/DBI.xs
@@ -5252,9 +5252,12 @@ bind_col(sth, col, ref, attribs=Nullsv)
SV * col
SV * ref
SV * attribs
+ PREINIT:
+ SV *ret;
CODE:
DBD_ATTRIBS_CHECK("bind_col", sth, attribs);
- ST(0) = boolSV(dbih_sth_bind_col(sth, col, ref, attribs));
+ ret = boolSV(dbih_sth_bind_col(sth, col, ref, attribs));
+ ST(0) = ret;
(void)cv;
@@ -5492,21 +5495,27 @@ void
FETCH(h, keysv)
SV * h
SV * keysv
+ PREINIT:
+ SV *ret;
CODE:
- ST(0) = dbih_get_attr_k(h, keysv, 0);
+ ret = dbih_get_attr_k(h, keysv, 0);
+ ST(0) = ret;
(void)cv;
void
DELETE(h, keysv)
SV * h
SV * keysv
+ PREINIT:
+ SV *ret;
CODE:
/* only private_* keys can be deleted, for others DELETE acts like FETCH */
/* because the DBI internals rely on certain handle attributes existing */
if (strnEQ(SvPV_nolen(keysv),"private_",8))
- ST(0) = hv_delete_ent((HV*)SvRV(h), keysv, 0, 0);
+ ret = hv_delete_ent((HV*)SvRV(h), keysv, 0, 0);
else
- ST(0) = dbih_get_attr_k(h, keysv, 0);
+ ret = dbih_get_attr_k(h, keysv, 0);
+ ST(0) = ret;
(void)cv;
Index: DBI-1.642/Driver.xst
===================================================================
--- DBI-1.642.orig/Driver.xst
+++ DBI-1.642/Driver.xst
@@ -60,7 +60,7 @@ dbixs_revision(...)
#ifdef dbd_discon_all
# disconnect_all renamed and ALIAS'd to avoid length clash on VMS :-(
-void
+bool
discon_all_(drh)
SV * drh
ALIAS:
@@ -68,7 +68,9 @@ discon_all_(drh)
CODE:
D_imp_drh(drh);
PERL_UNUSED_VAR(ix);
- ST(0) = dbd_discon_all(drh, imp_drh) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_discon_all(drh, imp_drh);
+ OUTPUT:
+ RETVAL
#endif /* dbd_discon_all */
@@ -102,7 +104,7 @@ data_sources(drh, attr = Nullsv)
MODULE = DBD::~DRIVER~ PACKAGE = DBD::~DRIVER~::db
-void
+bool
_login(dbh, dbname, username, password, attribs=Nullsv)
SV * dbh
SV * dbname
@@ -118,14 +120,16 @@ _login(dbh, dbname, username, password,
char *p = (SvOK(password)) ? SvPV(password,lna) : (char*)"";
#endif
#ifdef dbd_db_login6_sv
- ST(0) = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password,
attribs) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password,
attribs);
#elif defined(dbd_db_login6)
- ST(0) = dbd_db_login6(dbh, imp_dbh, SvPV_nolen(dbname), u, p, attribs) ?
&PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_db_login6(dbh, imp_dbh, SvPV_nolen(dbname), u, p, attribs);
#else
PERL_UNUSED_ARG(attribs);
- ST(0) = dbd_db_login( dbh, imp_dbh, SvPV_nolen(dbname), u, p) ? &PL_sv_yes
: &PL_sv_no;
+ RETVAL = dbd_db_login( dbh, imp_dbh, SvPV_nolen(dbname), u, p);
#endif
}
+ OUTPUT:
+ RETVAL
void
@@ -296,33 +300,38 @@ last_insert_id(dbh, catalog=&PL_sv_undef
CODE:
{
D_imp_dbh(dbh);
- ST(0) = dbd_db_last_insert_id(dbh, imp_dbh, catalog, schema, table, field,
attr);
+ SV *ret = dbd_db_last_insert_id(dbh, imp_dbh, catalog, schema, table,
field, attr);
+ ST(0) = ret;
}
#endif
-void
+bool
commit(dbh)
SV * dbh
CODE:
D_imp_dbh(dbh);
if (DBIc_has(imp_dbh,DBIcf_AutoCommit) && DBIc_WARN(imp_dbh))
warn("commit ineffective with AutoCommit enabled");
- ST(0) = dbd_db_commit(dbh, imp_dbh) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_db_commit(dbh, imp_dbh);
+ OUTPUT:
+ RETVAL
-void
+bool
rollback(dbh)
SV * dbh
CODE:
D_imp_dbh(dbh);
if (DBIc_has(imp_dbh,DBIcf_AutoCommit) && DBIc_WARN(imp_dbh))
warn("rollback ineffective with AutoCommit enabled");
- ST(0) = dbd_db_rollback(dbh, imp_dbh) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_db_rollback(dbh, imp_dbh);
+ OUTPUT:
+ RETVAL
-void
+bool
disconnect(dbh)
SV * dbh
CODE:
@@ -339,8 +348,10 @@ disconnect(dbh)
SvPV(dbh,lna), (int)DBIc_ACTIVE_KIDS(imp_dbh), plural,
"(either destroy statement handles or call finish on them before
disconnecting)");
}
- ST(0) = dbd_db_disconnect(dbh, imp_dbh) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_db_disconnect(dbh, imp_dbh);
DBIc_ACTIVE_off(imp_dbh); /* ensure it's off, regardless */
+ OUTPUT:
+ RETVAL
void
@@ -474,7 +485,7 @@ data_sources(dbh, attr = Nullsv)
MODULE = DBD::~DRIVER~ PACKAGE = DBD::~DRIVER~::st
-void
+bool
_prepare(sth, statement, attribs=Nullsv)
SV * sth
SV * statement
@@ -484,11 +495,13 @@ _prepare(sth, statement, attribs=Nullsv)
D_imp_sth(sth);
DBD_ATTRIBS_CHECK("_prepare", sth, attribs);
#ifdef dbd_st_prepare_sv
- ST(0) = dbd_st_prepare_sv(sth, imp_sth, statement, attribs) ? &PL_sv_yes :
&PL_sv_no;
+ RETVAL = dbd_st_prepare_sv(sth, imp_sth, statement, attribs);
#else
- ST(0) = dbd_st_prepare(sth, imp_sth, SvPV_nolen(statement), attribs) ?
&PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_st_prepare(sth, imp_sth, SvPV_nolen(statement), attribs);
#endif
}
+ OUTPUT:
+ RETVAL
#ifdef dbd_st_rows
@@ -505,7 +518,7 @@ rows(sth)
#ifdef dbd_st_bind_col
-void
+bool
bind_col(sth, col, ref, attribs=Nullsv)
SV * sth
SV * col
@@ -530,20 +543,21 @@ bind_col(sth, col, ref, attribs=Nullsv)
}
}
switch(dbd_st_bind_col(sth, imp_sth, col, ref, sql_type, attribs)) {
- case 2: ST(0) = &PL_sv_yes; /* job done completely */
+ case 2: RETVAL = TRUE; /* job done completely */
break;
case 1: /* fallback to DBI default */
- ST(0) = (DBIc_DBISTATE(imp_sth)->bind_col(sth, col, ref,
attribs))
- ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = DBIc_DBISTATE(imp_sth)->bind_col(sth, col, ref,
attribs);
break;
- default: ST(0) = &PL_sv_no; /* dbd_st_bind_col has called
set_err */
+ default: RETVAL = FALSE; /* dbd_st_bind_col has called
set_err */
break;
}
}
+ OUTPUT:
+ RETVAL
#endif /* dbd_st_bind_col */
-void
+bool
bind_param(sth, param, value, attribs=Nullsv)
SV * sth
SV * param
@@ -567,12 +581,13 @@ bind_param(sth, param, value, attribs=Nu
DBD_ATTRIB_GET_IV(attribs, "TYPE",4, svp, sql_type);
}
}
- ST(0) = dbd_bind_ph(sth, imp_sth, param, value, sql_type, attribs, FALSE,
0)
- ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_bind_ph(sth, imp_sth, param, value, sql_type, attribs, FALSE,
0);
}
+ OUTPUT:
+ RETVAL
-void
+bool
bind_param_inout(sth, param, value_ref, maxlen, attribs=Nullsv)
SV * sth
SV * param
@@ -602,9 +617,10 @@ bind_param_inout(sth, param, value_ref,
DBD_ATTRIB_GET_IV(attribs, "TYPE",4, svp, sql_type);
}
}
- ST(0) = dbd_bind_ph(sth, imp_sth, param, value, sql_type, attribs, TRUE,
maxlen)
- ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_bind_ph(sth, imp_sth, param, value, sql_type, attribs, TRUE,
maxlen);
}
+ OUTPUT:
+ RETVAL
void
@@ -640,7 +656,8 @@ execute_for_fetch(sth, fetch_tuple_sub,
CODE:
{
D_imp_sth(sth);
- ST(0) = dbd_st_execute_for_fetch(sth, imp_sth, fetch_tuple_sub,
tuple_status);
+ SV *ret = dbd_st_execute_for_fetch(sth, imp_sth, fetch_tuple_sub,
tuple_status);
+ ST(0) = ret;
}
#endif
@@ -659,7 +676,8 @@ last_insert_id(sth, catalog=&PL_sv_undef
CODE:
{
D_imp_sth(sth);
- ST(0) = dbd_st_last_insert_id(sth, imp_sth, catalog, schema, table, field,
attr);
+ SV *ret = dbd_st_last_insert_id(sth, imp_sth, catalog, schema, table,
field, attr);
+ ST(0) = ret;
}
#endif
@@ -716,7 +734,7 @@ fetchall_arrayref(sth, slice=&PL_sv_unde
}
-void
+bool
finish(sth)
SV * sth
CODE:
@@ -733,10 +751,12 @@ finish(sth)
XSRETURN_YES;
}
#ifdef dbd_st_finish3
- ST(0) = dbd_st_finish3(sth, imp_sth, 0) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_st_finish3(sth, imp_sth, 0);
#else
- ST(0) = dbd_st_finish(sth, imp_sth) ? &PL_sv_yes : &PL_sv_no;
+ RETVAL = dbd_st_finish(sth, imp_sth);
#endif
+ OUTPUT:
+ RETVAL
void
++++++ perl-DBI-CVE-2020-14393.patch ++++++
From 36f2a2c5fea36d7d47d6871e420286643460e71b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Fri, 26 Jul 2019 13:23:09 +0200
Subject: [PATCH] Fix a buffer overlfow on an overlong DBD class name
dbih_setup_handle() in DBI.xs does:
static void
dbih_setup_handle(pTHX_ SV *orv, char *imp_class, SV *parent, SV *imp_datasv)
{
[...]
char imp_mem_name[300];
[...]
strcpy(imp_mem_name, imp_class);
strcat(imp_mem_name, "_mem");
[...]
}
If imp_class argument string value is longer than 300 - strlen("_mem")
- 1 bytes, a data will be written past imp_mem_name[] array. The
imp_class comes from DBD driver class name (DBI::_new_drh ->
_new_handle() -> dbih_setup_handle()).
People usually do not use so long package names (e.g. DBD::ExampleP
calls DBI::_new_drh() in lib/DBD/ExampleP.pm), so the risk is low.
Reproducer:
$ perl -MDBI -e 'DBI::_new_drh(q{x} x 300, {}, 0)'
*** buffer overflow detected ***: perl terminated
Aborted (core dumped)
https://rt.cpan.org/Ticket/Display.html?id=130191
---
DBI.xs | 9 ++++-----
t/02dbidrv.t | 12 +++++++++++-
2 files changed, 15 insertions(+), 6 deletions(-)
Index: DBI-1.639/DBI.xs
===================================================================
--- DBI-1.639.orig/DBI.xs
+++ DBI-1.639/DBI.xs
@@ -1422,7 +1422,7 @@ dbih_setup_handle(pTHX_ SV *orv, char *i
SV *dbih_imp_rv;
SV *dbi_imp_data = Nullsv;
SV **svp;
- char imp_mem_name[300];
+ SV *imp_mem_name;
HV *imp_mem_stash;
imp_xxh_t *imp;
imp_xxh_t *parent_imp;
@@ -1449,10 +1449,9 @@ dbih_setup_handle(pTHX_ SV *orv, char *i
if (mg_find(SvRV(h), DBI_MAGIC) != NULL)
croak(errmsg, neatsvpv(orv,0), imp_class, "already a DBI (or ~magic)
handle");
- strcpy(imp_mem_name, imp_class);
- strcat(imp_mem_name, "_mem");
- if ( (imp_mem_stash = gv_stashpv(imp_mem_name, FALSE)) == NULL)
- croak(errmsg, neatsvpv(orv,0), imp_mem_name, "unknown _mem package");
+ imp_mem_name = sv_2mortal(newSVpvf("%s_mem", imp_class));
+ if ( (imp_mem_stash = gv_stashsv(imp_mem_name, FALSE)) == NULL)
+ croak(errmsg, neatsvpv(orv,0), SvPVbyte_nolen(imp_mem_name), "unknown
_mem package");
if ((svp = hv_fetch((HV*)SvRV(h), "dbi_imp_data", 12, 0))) {
dbi_imp_data = *svp;
Index: DBI-1.639/t/02dbidrv.t
===================================================================
--- DBI-1.639.orig/t/02dbidrv.t
+++ DBI-1.639/t/02dbidrv.t
@@ -4,7 +4,7 @@ $|=1;
use strict;
-use Test::More tests => 53;
+use Test::More tests => 54;
## ----------------------------------------------------------------------------
## 02dbidrv.t - ...
@@ -21,6 +21,16 @@ BEGIN {
use_ok('DBI');
}
+## DBI::_new_drh had an internal limit on a driver class name and crashed.
+SKIP: {
+ Test::More::skip "running DBI::PurePerl", 1 if $DBI::PurePerl;
+ eval {
+ DBI::_new_drh('DBD::Test::OverLong' . 'x' x 300,
+ { Name => 'Test', Version => 'Test', }, 42);
+ };
+ like($@, qr/unknown _mem package/, 'Overlong DBD class name is processed');
+}
+
## ----------------------------------------------------------------------------
## create a Test Driver (DBD::Test)
++++++ perl-DBI.rpmlintrc ++++++
addFilter("devel-file-in-non-devel-package")
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
