[AutoPR- Security] Patch mysql for CVE-2025-62813 [MEDIUM] (microsoft#14935)

Author: azurelinux-security

SPECS/mysql/CVE-2025-62813.patch

@@ -0,0 +1,60 @@
+From 72cf772c8e6651232c812dcc5488e9c7ee91b615 Mon Sep 17 00:00:00 2001
+From: AllSpark <[email protected]>
+Date: Tue, 28 Oct 2025 05:29:52 +0000
+Subject: [PATCH] fix(lz4frame): improve error handling when passing NULL
+ pointers to functions.
+
+- LZ4F_createCDict_advanced: Check for NULL dictBuffer and error on allocation failure.
+- LZ4F_getFrameInfo: Add assertions and RETURN_ERROR_IF guards for NULL frameInfoPtr and srcSizePtr.
+
+Preserve original comments and formatting from upstream patch.
+
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: AI Backport of https://github.com/lz4/lz4/pull/1593.patch
+---
+ extra/lz4/lz4-1.10.0/lib/lz4frame.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/extra/lz4/lz4-1.10.0/lib/lz4frame.c b/extra/lz4/lz4-1.10.0/lib/lz4frame.c
+index f89c0557..35ac7545 100644
+--- a/extra/lz4/lz4-1.10.0/lib/lz4frame.c
++++ b/extra/lz4/lz4-1.10.0/lib/lz4frame.c
+@@ -539,9 +539,15 @@ LZ4F_CDict*
+ LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize)
+ {
+     const char* dictStart = (const char*)dictBuffer;
+-    LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    LZ4F_CDict* cdict = NULL;
++
+     DEBUGLOG(4, "LZ4F_createCDict_advanced");
+-    if (!cdict) return NULL;
++
++    if (!dictStart)
++        return NULL;
++    cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    if (!cdict)
++        return NULL;
+     cdict->cmem = cmem;
+     if (dictSize > 64 KB) {
+         dictStart += dictSize - 64 KB;
+@@ -1480,12 +1486,17 @@ size_t LZ4F_headerSize(const void* src, size_t srcSize)
+  * @return : an hint about how many srcSize bytes LZ4F_decompress() expects for next call,
+  *           or an error code which can be tested using LZ4F_isError()
+  *  note 1 : in case of error, dctx is not modified. Decoding operations can resume from where they stopped.
++
+  *  note 2 : frame parameters are *copied into* an already allocated LZ4F_frameInfo_t structure.
+  */
+ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx,
+                                    LZ4F_frameInfo_t* frameInfoPtr,
+                              const void* srcBuffer, size_t* srcSizePtr)
+ {
++    assert(dctx != NULL);
++    RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null);
++    RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null);
++
+     LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader);
+     if (dctx->dStage > dstage_storeFrameHeader) {
+         /* frameInfo already decoded */
+-- 
+2.45.4
+

SPECS/mysql/mysql.spec

@@ -3,7 +3,7 @@
 Summary:        MySQL.
 Name:           mysql
 Version:        8.0.44
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,6 +14,7 @@ Source0:        https://dev.mysql.com/get/Downloads/MySQL-%{majmin}/%{name}-boos
 # ciphers unavailable.
 Patch1:         fix-tests-for-unsupported-chacha-ciphers.patch
 Patch2:         CVE-2012-2677.patch
+Patch3:         CVE-2025-62813.patch
 BuildRequires:  cmake
 BuildRequires:  libtirpc-devel
 BuildRequires:  openssl-devel
@@ -113,6 +114,9 @@ sudo -u test ctest || { cat Testing/Temporary/LastTest.log || echo 'No log found
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Tue Oct 28 2025 Azure Linux Security Servicing Account <[email protected]> - 8.0.44-2
+- Patch for CVE-2025-62813
+
 * Wed Oct 22 2025 Kanishk Bansal <[email protected]> - 8.0.44-1
 - Upgrade to 8.0.44 for CVE-2025-53069, CVE-2025-53042, CVE-2025-53044, CVE-2025-53040, CVE-2025-53062, CVE-2025-53053, CVE-2025-53045, CVE-2025-53054