[firebird/f16] added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492

Philippe Makowski makowski at fedoraproject.org
Sun Mar 10 18:38:04 UTC 2013 

commit 02be1d420a73aeb64073bddbbc63efc473d9ea03
Author: Philippe Makowski <pmakowski at espelida.com>
Date:   Sun Mar 10 19:37:48 2013 +0100

    added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492

 firebird-2.5.2-svn-CORE-4058.patch |   11 +++++++++++
 firebird.spec                      |    7 ++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/firebird-2.5.2-svn-CORE-4058.patch b/firebird-2.5.2-svn-CORE-4058.patch
new file mode 100644
index 0000000..52ac6bd
--- /dev/null
+++ b/firebird-2.5.2-svn-CORE-4058.patch
@@ -0,0 +1,11 @@
+--- src/remote/inet.cpp	(révision 57727)
++++ src/remote/inet.cpp	(révision 57728)
+@@ -1252,7 +1252,7 @@
+ 		case CNCT_group:
+ 			{
+ 				const size_t length = id.getClumpLength();
+-				if (length != 0)
++				if (length <= sizeof(eff_gid) && length > 0)
+ 				{
+ 					eff_gid = 0;
+ 					memcpy(&eff_gid, id.getBytes(), length);
diff --git a/firebird.spec b/firebird.spec
index 49828a3..6ed79f8 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
 Summary: SQL relational database management system
 Name:  firebird
 Version: 2.5.2.26539.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 Group:  Applications/Databases
 License: Interbase
@@ -24,6 +24,7 @@ Source7: firebird-superserver.service
 
 # from upstream
 Patch0: firebird-2.5.2-svn-CORE-3946.patch
+Patch1: firebird-2.5.2-svn-CORE-4058.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -159,6 +160,7 @@ Multi-process, local client libraries for Firebird SQL RDBMS
 %prep
 %setup -q -n %{pkgname}
 %patch0
+%patch1
 # convert intl character to UTF-8
 iconv -f ISO-8859-1 -t utf-8 -c ./doc/README.intl     -o ./doc/README.intl
 
@@ -556,6 +558,9 @@ fi
 
 
 %changelog
+* Sun Mar 10 2013 Philippe Makowski <makowski at fedoraproject.org>  2.5.2.26539.0-2
+- added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
+
 * Fri Nov 09 2012 Philippe Makowski <makowski at fedoraproject.org>  2.5.2.26539.0-1
 - new upstream (bug fix release)
 - added patch from upstream to fix Firebird CORE-3946

More information about the scm-commits mailing list