[firebird/el5] added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492

Philippe Makowski makowski at fedoraproject.org
Sun Mar 10 18:55:02 UTC 2013 

commit e69a12c7a39cde2794da4a9a94fbdf264a4b3e0a
Author: Philippe Makowski <pmakowski at espelida.com>
Date:   Sun Mar 10 19:54:42 2013 +0100

    added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492

 firebird-2.5.2-svn-CORE-4058.patch |   11 +++++++++++
 firebird.spec                      |    7 ++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/firebird-2.5.2-svn-CORE-4058.patch b/firebird-2.5.2-svn-CORE-4058.patch
new file mode 100644
index 0000000..52ac6bd
--- /dev/null
+++ b/firebird-2.5.2-svn-CORE-4058.patch
@@ -0,0 +1,11 @@
+--- src/remote/inet.cpp	(révision 57727)
++++ src/remote/inet.cpp	(révision 57728)
+@@ -1252,7 +1252,7 @@
+ 		case CNCT_group:
+ 			{
+ 				const size_t length = id.getClumpLength();
+-				if (length != 0)
++				if (length <= sizeof(eff_gid) && length > 0)
+ 				{
+ 					eff_gid = 0;
+ 					memcpy(&eff_gid, id.getBytes(), length);
diff --git a/firebird.spec b/firebird.spec
index 69c1723..5913d6b 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
 Summary:	SQL relational database management system
 Name:		firebird
 Version:	2.1.5.18496.0
-Release:	3%{?dist}
+Release:	4%{?dist}
 
 Group:		Applications/Databases
 License:	Interbase
@@ -20,6 +20,7 @@ Source2:	README.Fedora
 Patch0:		firebird-mcpu-to-mtune.patch
 Patch2:		firebird-fix-initscript.patch
 Patch3:		firebird_lock-file-location.patch
+Patch4:		firebird-2.5.2-svn-CORE-4058.patch
 
 
 BuildRequires:	autoconf
@@ -128,6 +129,7 @@ iconv	-f	ISO-8859-1	-t	utf-8	-c	./doc/README.intl					-o	./doc/README.intl
 %patch2
 %patch0
 %patch3
+%patch4
 
 %build
 
@@ -533,6 +535,9 @@ fi
 
 
 %changelog
+* Sun Mar 10 2013 Philippe Makowski <makowski at fedoraproject.org>  2.1.5.18496.0-4
+- added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
+
 * Mon Dec 31 2012 Philippe Makowski <makowski at fedoraproject.org>  2.1.5.18496.0-3
 - set correct setuid for Classic lock manager (upstream bug tracker CORE-4022)

More information about the scm-commits mailing list