aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2018-08-22 15:39:14 -0400
committerLeo Famulari <leo@famulari.name>2018-08-22 15:40:08 -0400
commit58927996d9171aa7054d20de7dbd393ebd7a3efa (patch)
tree3748c46cb2dd42e9b92fdf6d4b27b0c520b116c4
parent414f620fbbba353986b2ecdb6274e35a53950323 (diff)
downloadguix-58927996d9171aa7054d20de7dbd393ebd7a3efa.tar
guix-58927996d9171aa7054d20de7dbd393ebd7a3efa.tar.gz
gnu: perl-dbd-mysql: Update to 4.046.
* gnu/packages/databases.scm (perl-dbd-mysql): Update to 4.046. [source]: Update URL. Remove 'perl-dbd-mysql-CVE-2017-10788.patch'. * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/databases.scm7
-rw-r--r--gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch62
3 files changed, 3 insertions, 67 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 72f0e192c9..71f3583f88 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1018,7 +1018,6 @@ dist_patch_DATA = \
%D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch \
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
- %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
%D%/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9dca5f4e62..4e64fb78b4 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1472,16 +1472,15 @@ columns, primary keys, unique constraints and relationships.")
(define-public perl-dbd-mysql
(package
(name "perl-dbd-mysql")
- (version "4.043")
+ (version "4.046")
(source
(origin
(method url-fetch)
- (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/"
+ (uri (string-append "mirror://cpan/authors/id/C/CA/CAPTTOFU/"
"DBD-mysql-" version ".tar.gz"))
(sha256
(base32
- "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
- (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
+ "1xziv9w87cl3fbl1mqkdrx28mdqly3gs6gs1ynbmpl2rr4p6arb1"))))
(build-system perl-build-system)
;; Tests require running MySQL server
(arguments `(#:tests? #f))
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
deleted file mode 100644
index 74613cb632..0000000000
--- a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Fix CVE-2017-10788:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788
-
-Patch written to match corrected documentation specifications:
-
-Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
-New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
-
-The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660.
-
-From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
-From: Pali <pali@cpan.org>
-Date: Sun, 25 Jun 2017 10:07:39 +0200
-Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
-
-Ignore return value from mysql_stmt_close() and also its error message
-because it points to freed memory after mysql_stmt_close() was called.
----
- dbdimp.c | 8 ++------
- mysql.xs | 7 ++-----
- 2 files changed, 4 insertions(+), 11 deletions(-)
-
-diff --git a/dbdimp.c b/dbdimp.c
-index c60a5f6..a6410e5 100644
---- a/dbdimp.c
-+++ b/dbdimp.c
-@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
-
- if (imp_sth->stmt)
- {
-- if (mysql_stmt_close(imp_sth->stmt))
-- {
-- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
-- mysql_stmt_error(imp_sth->stmt),
-- mysql_stmt_sqlstate(imp_sth->stmt));
-- }
-+ mysql_stmt_close(imp_sth->stmt);
-+ imp_sth->stmt= NULL;
- }
- #endif
-
-diff --git a/mysql.xs b/mysql.xs
-index 55376e1..affde59 100644
---- a/mysql.xs
-+++ b/mysql.xs
-@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
- if (bind)
- Safefree(bind);
-
-- if(mysql_stmt_close(stmt))
-- {
-- fprintf(stderr, "\n failed while closing the statement");
-- fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
-- }
-+ mysql_stmt_close(stmt);
-+ stmt= NULL;
-
- if (retval == -2) /* -2 means error */
- {
---
-1.7.9.5