[firebird/el6: 1/2] added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
Philippe Makowski
makowski at fedoraproject.org
Sun Mar 10 18:48:34 UTC 2013
commit e90f254e72700ff13818b5f48d1e13a7e864086d
Author: Philippe Makowski <pmakowski at espelida.com>
Date: Sun Mar 10 19:42:54 2013 +0100
added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
firebird-2.5.2-svn-CORE-4058.patch | 11 +++++++++++
firebird.spec | 9 +++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
---
diff --git a/firebird-2.5.2-svn-CORE-4058.patch b/firebird-2.5.2-svn-CORE-4058.patch
new file mode 100644
index 0000000..52ac6bd
--- /dev/null
+++ b/firebird-2.5.2-svn-CORE-4058.patch
@@ -0,0 +1,11 @@
+--- src/remote/inet.cpp (révision 57727)
++++ src/remote/inet.cpp (révision 57728)
+@@ -1252,7 +1252,7 @@
+ case CNCT_group:
+ {
+ const size_t length = id.getClumpLength();
+- if (length != 0)
++ if (length <= sizeof(eff_gid) && length > 0)
+ {
+ eff_gid = 0;
+ memcpy(&eff_gid, id.getBytes(), length);
diff --git a/firebird.spec b/firebird.spec
index 3c97a1b..d9a45b0 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
Summary: SQL relational database management system
Name: firebird
Version: 2.5.2.26539.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Applications/Databases
License: Interbase
@@ -19,6 +19,7 @@ Source2: README.Fedora
# from upstream
Patch0: firebird-2.5.2-svn-CORE-3946.patch
+Patch1: firebird-2.5.2-svn-CORE-4058.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -145,7 +146,8 @@ Multi-process, local client libraries for Firebird SQL RDBMS
%prep
%setup -q -n %{pkgname}
-%patch0
+%patch0
+%patch1
# convert intl character to UTF-8
iconv -f ISO-8859-1 -t utf-8 -c ./doc/README.intl -o ./doc/README.intl
@@ -504,6 +506,9 @@ fi
%changelog
+* Sun Mar 10 2013 Philippe Makowski <makowski at fedoraproject.org> 2.5.2.26539.0-2
+- added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
+
* Fri Nov 09 2012 Philippe Makowski <makowski at fedoraproject.org> 2.5.2.26539.0-1
- new upstream (bug fix release)
- added patch from upstream to fix Firebird CORE-3946
More information about the scm-commits
mailing list