[firebird/el5] added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
Philippe Makowski
makowski at fedoraproject.org
Sun Mar 10 18:55:02 UTC 2013
commit e69a12c7a39cde2794da4a9a94fbdf264a4b3e0a
Author: Philippe Makowski <pmakowski at espelida.com>
Date: Sun Mar 10 19:54:42 2013 +0100
added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
firebird-2.5.2-svn-CORE-4058.patch | 11 +++++++++++
firebird.spec | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/firebird-2.5.2-svn-CORE-4058.patch b/firebird-2.5.2-svn-CORE-4058.patch
new file mode 100644
index 0000000..52ac6bd
--- /dev/null
+++ b/firebird-2.5.2-svn-CORE-4058.patch
@@ -0,0 +1,11 @@
+--- src/remote/inet.cpp (révision 57727)
++++ src/remote/inet.cpp (révision 57728)
+@@ -1252,7 +1252,7 @@
+ case CNCT_group:
+ {
+ const size_t length = id.getClumpLength();
+- if (length != 0)
++ if (length <= sizeof(eff_gid) && length > 0)
+ {
+ eff_gid = 0;
+ memcpy(&eff_gid, id.getBytes(), length);
diff --git a/firebird.spec b/firebird.spec
index 69c1723..5913d6b 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
Summary: SQL relational database management system
Name: firebird
Version: 2.1.5.18496.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: Applications/Databases
License: Interbase
@@ -20,6 +20,7 @@ Source2: README.Fedora
Patch0: firebird-mcpu-to-mtune.patch
Patch2: firebird-fix-initscript.patch
Patch3: firebird_lock-file-location.patch
+Patch4: firebird-2.5.2-svn-CORE-4058.patch
BuildRequires: autoconf
@@ -128,6 +129,7 @@ iconv -f ISO-8859-1 -t utf-8 -c ./doc/README.intl -o ./doc/README.intl
%patch2
%patch0
%patch3
+%patch4
%build
@@ -533,6 +535,9 @@ fi
%changelog
+* Sun Mar 10 2013 Philippe Makowski <makowski at fedoraproject.org> 2.1.5.18496.0-4
+- added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
+
* Mon Dec 31 2012 Philippe Makowski <makowski at fedoraproject.org> 2.1.5.18496.0-3
- set correct setuid for Classic lock manager (upstream bug tracker CORE-4022)
More information about the scm-commits
mailing list