Package: libdbi-perl / 1.642-1+deb10u2
Metadata
Package | Version | Patches format |
---|---|---|
libdbi-perl | 1.642-1+deb10u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
t__06attrs.t__localefix.patch | (download) |
t/06attrs.t |
4 4 + 0 - 0 ! |
fix lc_all to c in tests Fix LC_ALL to C for the error messages in the statement handle tests |
t__40profile.t__NTP.patch | (download) |
t/40profile.t |
2 1 + 1 - 0 ! |
a ntp clock adjustment of -0.00967s lead to ftbfs. |
t__80proxy.t___syslogd.patch | (download) |
t/80proxy.t |
4 4 + 0 - 0 ! |
syslogd isn't necessarily on the buildds |
spelling.patch | (download) |
DBI.pm |
2 1 + 1 - 0 ! |
fix spelling mistakes in the pod |
CVE 2020 14392.patch | (download) |
DBI.xs |
17 13 + 4 - 0 ! |
fix memory corruption in xs functions when perl stack is reallocated Macro ST(*) returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST(*) macro is invalid. . Construction like this: . ST(0) = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password, attribs) ? &PL_sv_yes : &PL_sv_no; . where dbd_db_login6_sv() driver function calls eval may lead to reallocating Perl stack and therefore invalidating ST(0) pointer. So that construction would cause memory corruption as left part of assignment is resolved prior executing dbd_db_login6_sv() function. . Correct way how to handle this problem: First call dbd_db_login6_sv() function and then call ST(0) to retrieve stack pointer. . In this patch are fixes all occurrences of such constructions. . When running perl under valgrind I got memory corruption in DBD::ODBC driver in that dbd_db_login6_sv() function due to above problem. |
CVE 2020 14393.patch | (download) |
DBI.xs |
9 4 + 5 - 0 ! |
fix a buffer overflow on an overlong dbd class name dbih_setup_handle() in DBI.xs does: . static void dbih_setup_handle(pTHX_ SV *orv, char *imp_class, SV *parent, SV *imp_datasv) { [...] char imp_mem_name[300]; [...] strcpy(imp_mem_name, imp_class); strcat(imp_mem_name, "_mem"); [...] } . If imp_class argument string value is longer than 300 - strlen("_mem") - 1 bytes, a data will be written past imp_mem_name[] array. The imp_class comes from DBD driver class name (DBI::_new_drh -> _new_handle() -> dbih_setup_handle()). . People usually do not use so long package names (e.g. DBD::ExampleP calls DBI::_new_drh() in lib/DBD/ExampleP.pm), so the risk is low. . Reproducer: . $ perl -MDBI -e 'DBI::_new_drh(q{x} x 300, {}, 0)' *** buffer overflow detected ***: perl terminated Aborted (core dumped) . https://rt.cpan.org/Ticket/Display.html?id=130191 |
CVE 2019 20919.patch | (download) |
DBI.xs |
8 6 + 2 - 0 ! |
fix a null profile dereference in dbi_profile() hv_fetch() documentation requires checking for NULL and the code does that. But then calls SvOK(profile) uncoditionally two lines later. This patch fixes it. |
t 51dbm_file.t add test from RT 99508.patch | (download) |
t/51dbm_file.t |
23 23 + 0 - 0 ! |
[1/2] t/51dbm_file.t: add test from rt#99508 |
lib DBD File.pm fix CVE 2014 10401.patch | (download) |
lib/DBD/File.pm |
7 5 + 2 - 0 ! |
[2/2] lib/dbd/file.pm: fix cve-2014-10401 |