Version in base suite: 0.10.1-1

Base version: mydumper_0.10.1-1
Target version: mydumper_0.10.1-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mydumper/mydumper_0.10.1-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mydumper/mydumper_0.10.1-1+deb12u1.dsc

 changelog                             |   17 ++++++++++
 gbp.conf                              |   10 ++++++
 patches/0005-CVE-2025-30224.patch     |   12 +++++++
 patches/series                        |    1 
 tests/control                         |    6 +++
 tests/integration-test.sh             |   53 ++++++++++++++++++++++++++++++++++
 tests/integration_test_debian.itd.sql |    7 ++++
 7 files changed, 106 insertions(+)

diff -Nru mydumper-0.10.1/debian/changelog mydumper-0.10.1/debian/changelog
--- mydumper-0.10.1/debian/changelog	2021-02-09 20:49:25.000000000 +0000
+++ mydumper-0.10.1/debian/changelog	2025-05-29 19:07:17.000000000 +0000
@@ -1,3 +1,20 @@
+mydumper (0.10.1-1+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload by the Debian LTS team.
+  * Fix CVE-2025-30224:
+    - The MySQL C client library (libmysqlclient) allows authenticated remote
+      actors to read arbitrary files from client systems via a crafted server
+      response to LOAD LOCAL INFILE query, leading to sensitive information
+      disclosure when clients connect to untrusted MySQL servers without
+      explicitly disabling the local infile capability. Mydumper had the local
+      infile option enabled by default and does not have an option to disable
+      it. This can lead to an unexpected arbitrary file read if the Mydumper
+      tool connects to an untrusted server.
+  * Add autopkgtest integration tests
+  * Add debian/gbp.conf
+
+ -- Lee Garrett <debian@rocketjump.eu>  Thu, 29 May 2025 21:07:17 +0200
+
 mydumper (0.10.1-1) unstable; urgency=medium
 
   * New upstream version 0.10.1
diff -Nru mydumper-0.10.1/debian/gbp.conf mydumper-0.10.1/debian/gbp.conf
--- mydumper-0.10.1/debian/gbp.conf	1970-01-01 00:00:00.000000000 +0000
+++ mydumper-0.10.1/debian/gbp.conf	2025-05-29 19:06:32.000000000 +0000
@@ -0,0 +1,10 @@
+# Configuration for git-buildpackage and affiliated tools
+
+[DEFAULT]
+debian-branch = debian/bookworm
+pristine-tar = True
+sign-tags = True
+upstream-branch = upstream/bookworm
+
+[import-orig]
+merge-mode = replace
diff -Nru mydumper-0.10.1/debian/patches/0005-CVE-2025-30224.patch mydumper-0.10.1/debian/patches/0005-CVE-2025-30224.patch
--- mydumper-0.10.1/debian/patches/0005-CVE-2025-30224.patch	1970-01-01 00:00:00.000000000 +0000
+++ mydumper-0.10.1/debian/patches/0005-CVE-2025-30224.patch	2025-05-29 18:46:33.000000000 +0000
@@ -0,0 +1,12 @@
+--- a/connection.c
++++ b/connection.c
+@@ -51,5 +51,9 @@
+ 
+   mysql_ssl_set(conn, key, cert, ca, capath, cipher);
+   mysql_options(conn, MYSQL_OPT_SSL_ENFORCE, &i);
++
++  /* unconditionally disable infile to fix CVE-2025-30224 */
++  mysql_options(conn, MYSQL_OPT_LOCAL_INFILE, NULL);
++
+ #endif
+ }
diff -Nru mydumper-0.10.1/debian/patches/series mydumper-0.10.1/debian/patches/series
--- mydumper-0.10.1/debian/patches/series	2021-02-09 20:46:48.000000000 +0000
+++ mydumper-0.10.1/debian/patches/series	2025-05-29 18:46:33.000000000 +0000
@@ -2,3 +2,4 @@
 0002-dont-install-documentation-source.patch
 0001-Link-mydumper-against-libm.patch
 0003-ssl-mariadb-connector.patch
+0005-CVE-2025-30224.patch
diff -Nru mydumper-0.10.1/debian/tests/control mydumper-0.10.1/debian/tests/control
--- mydumper-0.10.1/debian/tests/control	1970-01-01 00:00:00.000000000 +0000
+++ mydumper-0.10.1/debian/tests/control	2025-05-29 18:46:33.000000000 +0000
@@ -0,0 +1,6 @@
+Tests: integration-test.sh
+Depends: @,
+         default-mysql-server
+Restrictions:
+  isolation-machine,
+  needs-root,
diff -Nru mydumper-0.10.1/debian/tests/integration-test.sh mydumper-0.10.1/debian/tests/integration-test.sh
--- mydumper-0.10.1/debian/tests/integration-test.sh	1970-01-01 00:00:00.000000000 +0000
+++ mydumper-0.10.1/debian/tests/integration-test.sh	2025-05-29 18:46:33.000000000 +0000
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# This script will
+# - create a database
+# - dump this database with mydumper and compare it with the reference
+# - restore the dump to another database
+# - dump that other database with mydumper and compare it with the reference
+# - delete the database that were created.
+
+set -eu
+
+echo "pwd is $(pwd)"
+
+# check that it outputs something sensible and doesn't error out
+echo "### minimal functionality check of mydumper binary ###"
+mydumper -V | grep mydumper
+
+echo "### create a mariadb database, tables, and adding some values ###"
+mysql -e 'CREATE DATABASE IF NOT EXISTS integration_test_debian;'
+mysql -e 'CREATE DATABASE IF NOT EXISTS integration_test_debian2;'
+mysql -e 'CREATE TABLE itd (id INT AUTO_INCREMENT, words VARCHAR(50), PRIMARY KEY (id));' integration_test_debian
+mysql -e 'INSERT INTO itd (words) VALUES ("foo"), ("bar"), ("baz");' integration_test_debian
+
+echo "\n\n### Dump the database we just created ###"
+mydumper --database integration_test_debian -v 3 2>&1
+
+# find the latest dump file of the database created above
+DUMPFILE=$(ls -1t ./*/integration_test_debian.itd.sql | head -n 1)
+echo "dumpfile is located at ${DUMPFILE}."
+
+echo "\n\n### Ensure the dumped database is identical with the reference ###"
+diff -urN ./debian/tests/integration_test_debian.itd.sql "${DUMPFILE}"
+echo "./debian/tests/integration_test_debian.itd.sql and ${DUMPFILE} match."
+
+myloader --database integration_test_debian2 --directory $(ls -1td ./export-* | head -n 1)
+
+echo '\n\n### sleep for 2 seconds to make sure the export dir increments ###'
+sleep 2
+
+echo "\n\n### Dump the new database we just restored ###"
+mydumper --database integration_test_debian2 -v 3 2>&1
+
+# find the latest dump file of the database created above
+DUMPFILE=$(ls -1t ./*/integration_test_debian2.itd.sql | head -n 1)
+echo "dumpfile is located at ${DUMPFILE}."
+
+echo "\n\n### Ensure the dumped database is identical with the reference ###"
+diff -urN ./debian/tests/integration_test_debian.itd.sql "${DUMPFILE}"
+echo "./debian/tests/integration_test_debian.itd.sql and ${DUMPFILE} match."
+
+echo "\n\n### Cleaning up databases ###"
+mysql -e 'drop database integration_test_debian;'
+mysql -e 'drop database integration_test_debian2;'
diff -Nru mydumper-0.10.1/debian/tests/integration_test_debian.itd.sql mydumper-0.10.1/debian/tests/integration_test_debian.itd.sql
--- mydumper-0.10.1/debian/tests/integration_test_debian.itd.sql	1970-01-01 00:00:00.000000000 +0000
+++ mydumper-0.10.1/debian/tests/integration_test_debian.itd.sql	2025-05-29 18:46:33.000000000 +0000
@@ -0,0 +1,7 @@
+/*!40101 SET NAMES binary*/;
+/*!40014 SET FOREIGN_KEY_CHECKS=0*/;
+/*!40103 SET TIME_ZONE='+00:00' */;
+INSERT INTO `itd` VALUES
+(1,"foo"),
+(2,"bar"),
+(3,"baz");