[AutoPR- Security] Patch mysql for CVE-2025-62813 [MEDIUM] (microsoft#14933)

Author: azurelinux-security

SPECS/mysql/CVE-2025-62813.patch

@@ -0,0 +1,60 @@
+From 8c26ee46da1cca4559c8b9da023c06ab5a2fb2c8 Mon Sep 17 00:00:00 2001
+From: AllSpark <[email protected]>
+Date: Mon, 27 Oct 2025 18:38:03 +0000
+Subject: [PATCH] fix(null): improve error handlings when passing a null
+ pointer to some functions from lz4frame
+
+- LZ4F_createCDict_advanced: guard null dictBuffer and proper allocation check
+- LZ4F_getFrameInfo: validate input pointers before use
+- frametest: adjust cdict creation order and null check (not present in this tree)
+
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: AI Backport of https://github.com/lz4/lz4/pull/1593.patch
+---
+ extra/lz4/lz4-1.10.0/lib/lz4frame.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/extra/lz4/lz4-1.10.0/lib/lz4frame.c b/extra/lz4/lz4-1.10.0/lib/lz4frame.c
+index f89c055..a00b31a 100644
+--- a/extra/lz4/lz4-1.10.0/lib/lz4frame.c
++++ b/extra/lz4/lz4-1.10.0/lib/lz4frame.c
+@@ -539,9 +539,15 @@ LZ4F_CDict*
+ LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize)
+ {
+     const char* dictStart = (const char*)dictBuffer;
+-    LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    LZ4F_CDict* cdict = NULL;
++
+     DEBUGLOG(4, "LZ4F_createCDict_advanced");
+-    if (!cdict) return NULL;
++
++    if (!dictStart)
++        return NULL;
++    cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    if (!cdict)
++        return NULL;
+     cdict->cmem = cmem;
+     if (dictSize > 64 KB) {
+         dictStart += dictSize - 64 KB;
+@@ -1480,12 +1486,18 @@ size_t LZ4F_headerSize(const void* src, size_t srcSize)
+  * @return : an hint about how many srcSize bytes LZ4F_decompress() expects for next call,
+  *           or an error code which can be tested using LZ4F_isError()
+  *  note 1 : in case of error, dctx is not modified. Decoding operations can resume from where they stopped.
++
+  *  note 2 : frame parameters are *copied into* an already allocated LZ4F_frameInfo_t structure.
+  */
+ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx,
+                                    LZ4F_frameInfo_t* frameInfoPtr,
+                              const void* srcBuffer, size_t* srcSizePtr)
+ {
++    assert(dctx != NULL);
++    RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null);
++    RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null);
++
++
+     LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader);
+     if (dctx->dStage > dstage_storeFrameHeader) {
+         /* frameInfo already decoded */
+-- 
+2.45.4
+

SPECS/mysql/mysql.spec

@@ -1,7 +1,7 @@
 Summary:        MySQL.
 Name:           mysql
 Version:        8.0.44
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2 with exceptions AND LGPLv2 AND BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -14,6 +14,7 @@ Patch1:         CVE-2024-2410.patch
 # AZL's OpenSSL builds with the "no-chacha" option making all ChaCha
 # ciphers unavailable.
 Patch2:         fix-tests-for-unsupported-chacha-ciphers.patch
+Patch3:         CVE-2025-62813.patch
 BuildRequires:  cmake
 BuildRequires:  libtirpc-devel
 BuildRequires:  openssl-devel
@@ -114,6 +115,9 @@ fi
 %{_libdir}/pkgconfig/mysqlclient.pc
 
 %changelog
+* Mon Oct 27 2025 Azure Linux Security Servicing Account <[email protected]> - 8.0.44-2
+- Patch for CVE-2025-62813
+
 * Wed Oct 22 2025 Kanishk Bansal <[email protected]> - 8.0.44-1
 - Upgrade to 8.0.44 for CVE-2025-53069, CVE-2025-53042, CVE-2025-53044, CVE-2025-53040,
   CVE-2025-53062, CVE-2025-53053, CVE-2025-53045, CVE-2025-53054