| 1 |
commit: af28844cc92f8edd1fcd049e357d169a3dddc176 |
| 2 |
Author: Michael Vetter <jubalh <AT> iodoru <DOT> org> |
| 3 |
AuthorDate: Tue Feb 27 16:04:39 2018 +0000 |
| 4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Feb 27 22:41:35 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af28844c |
| 7 |
|
| 8 |
dev-db/unixODBC: add fix against CVE-2018-7485. |
| 9 |
|
| 10 |
Adding a patch based on |
| 11 |
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f |
| 12 |
|
| 13 |
Without the changes for 2.3.6 in ChangeLog and configure.ac. |
| 14 |
|
| 15 |
Package-Manager: Portage-2.3.19, Repoman-2.3.6 |
| 16 |
Closes: https://github.com/gentoo/gentoo/pull/7300 |
| 17 |
|
| 18 |
.../files/unixODBC-2.3.5-CVE-2018-7485.patch | 135 +++++++++++++++++++++ |
| 19 |
dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild | 65 ++++++++++ |
| 20 |
2 files changed, 200 insertions(+) |
| 21 |
|
| 22 |
diff --git a/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch b/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch |
| 23 |
new file mode 100644 |
| 24 |
index 00000000000..2c4178cda48 |
| 25 |
--- /dev/null |
| 26 |
+++ b/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch |
| 27 |
@@ -0,0 +1,135 @@ |
| 28 |
+From 45ef78e037f578b15fc58938a3a3251655e71d6f Mon Sep 17 00:00:00 2001 |
| 29 |
+From: Nick Gorham <nick@×××××××××××.org> |
| 30 |
+Date: Mon, 8 Jan 2018 11:12:39 +0000 |
| 31 |
+Subject: [PATCH] New Pre Source |
| 32 |
+ |
| 33 |
+diff --git a/DriverManager/SQLGetDiagRecW.c b/DriverManager/SQLGetDiagRecW.c |
| 34 |
+index a6368d7..be89120 100644 |
| 35 |
+--- a/DriverManager/SQLGetDiagRecW.c |
| 36 |
++++ b/DriverManager/SQLGetDiagRecW.c |
| 37 |
+@@ -98,6 +98,8 @@ |
| 38 |
+ |
| 39 |
+ static char const rcsid[]= "$RCSfile: SQLGetDiagRecW.c,v $"; |
| 40 |
+ |
| 41 |
++extern int __is_env( EHEAD * head ); /* in SQLGetDiagRec.c */ |
| 42 |
++ |
| 43 |
+ static SQLRETURN extract_sql_error_rec_w( EHEAD *head, |
| 44 |
+ SQLWCHAR *sqlstate, |
| 45 |
+ SQLINTEGER rec_number, |
| 46 |
+diff --git a/DriverManager/SQLSetDescField.c b/DriverManager/SQLSetDescField.c |
| 47 |
+index 333d786..0e2f67c 100644 |
| 48 |
+--- a/DriverManager/SQLSetDescField.c |
| 49 |
++++ b/DriverManager/SQLSetDescField.c |
| 50 |
+@@ -306,7 +306,7 @@ SQLRETURN SQLSetDescField( SQLHDESC descriptor_handle, |
| 51 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
| 52 |
+ } |
| 53 |
+ |
| 54 |
+- if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) |
| 55 |
++ if ( field_identifier == SQL_DESC_COUNT && (intptr_t)value < 0 ) |
| 56 |
+ { |
| 57 |
+ __post_internal_error( &descriptor -> error, |
| 58 |
+ ERROR_07009, NULL, |
| 59 |
+@@ -315,9 +315,9 @@ SQLRETURN SQLSetDescField( SQLHDESC descriptor_handle, |
| 60 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
| 61 |
+ } |
| 62 |
+ |
| 63 |
+- if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT |
| 64 |
+- && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && |
| 65 |
+- value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) |
| 66 |
++ if ( field_identifier == SQL_DESC_PARAMETER_TYPE && (intptr_t)value != SQL_PARAM_INPUT |
| 67 |
++ && (intptr_t)value != SQL_PARAM_OUTPUT && (intptr_t)value != SQL_PARAM_INPUT_OUTPUT && |
| 68 |
++ (intptr_t)value != SQL_PARAM_INPUT_OUTPUT_STREAM && (intptr_t)value != SQL_PARAM_OUTPUT_STREAM ) |
| 69 |
+ { |
| 70 |
+ __post_internal_error( &descriptor -> error, |
| 71 |
+ ERROR_HY105, NULL, |
| 72 |
+diff --git a/DriverManager/SQLSetDescFieldW.c b/DriverManager/SQLSetDescFieldW.c |
| 73 |
+index 5e066ac..45125ff 100644 |
| 74 |
+--- a/DriverManager/SQLSetDescFieldW.c |
| 75 |
++++ b/DriverManager/SQLSetDescFieldW.c |
| 76 |
+@@ -288,7 +288,7 @@ SQLRETURN SQLSetDescFieldW( SQLHDESC descriptor_handle, |
| 77 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
| 78 |
+ } |
| 79 |
+ |
| 80 |
+- if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) |
| 81 |
++ if ( field_identifier == SQL_DESC_COUNT && (intptr_t)value < 0 ) |
| 82 |
+ { |
| 83 |
+ __post_internal_error( &descriptor -> error, |
| 84 |
+ ERROR_07009, NULL, |
| 85 |
+@@ -297,9 +297,9 @@ SQLRETURN SQLSetDescFieldW( SQLHDESC descriptor_handle, |
| 86 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
| 87 |
+ } |
| 88 |
+ |
| 89 |
+- if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT |
| 90 |
+- && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && |
| 91 |
+- value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) |
| 92 |
++ if ( field_identifier == SQL_DESC_PARAMETER_TYPE && (intptr_t)value != SQL_PARAM_INPUT |
| 93 |
++ && (intptr_t)value != SQL_PARAM_OUTPUT && (intptr_t)value != SQL_PARAM_INPUT_OUTPUT && |
| 94 |
++ (intptr_t)value != SQL_PARAM_INPUT_OUTPUT_STREAM && (intptr_t)value != SQL_PARAM_OUTPUT_STREAM ) |
| 95 |
+ { |
| 96 |
+ __post_internal_error( &descriptor -> error, |
| 97 |
+ ERROR_HY105, NULL, |
| 98 |
+diff --git a/exe/iusql.c b/exe/iusql.c |
| 99 |
+index aac5329..484a889 100644 |
| 100 |
+--- a/exe/iusql.c |
| 101 |
++++ b/exe/iusql.c |
| 102 |
+@@ -413,7 +413,6 @@ static int ExecuteSQL( SQLHDBC hDbc, char *szSQL, char cDelimiter, int bColumnNa |
| 103 |
+ if ( bVerbose ) DumpODBCLog( hEnv, hDbc, hStmt ); |
| 104 |
+ fprintf( stderr, "[ISQL]ERROR: Could not SQLExecDirect\n" ); |
| 105 |
+ SQLFreeStmt( hStmt, SQL_DROP ); |
| 106 |
+- free(szSepLine); |
| 107 |
+ return 0; |
| 108 |
+ } |
| 109 |
+ } |
| 110 |
+diff --git a/odbcinst/SQLCreateDataSource.c b/odbcinst/SQLCreateDataSource.c |
| 111 |
+index a9fa735..83a1e9e 100644 |
| 112 |
+--- a/odbcinst/SQLCreateDataSource.c |
| 113 |
++++ b/odbcinst/SQLCreateDataSource.c |
| 114 |
+@@ -26,7 +26,7 @@ char* _multi_string_alloc_and_copy( LPCWSTR in ) |
| 115 |
+ |
| 116 |
+ if ( !in ) |
| 117 |
+ { |
| 118 |
+- return in; |
| 119 |
++ return NULL; |
| 120 |
+ } |
| 121 |
+ |
| 122 |
+ while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) |
| 123 |
+@@ -55,7 +55,7 @@ char* _single_string_alloc_and_copy( LPCWSTR in ) |
| 124 |
+ |
| 125 |
+ if ( !in ) |
| 126 |
+ { |
| 127 |
+- return in; |
| 128 |
++ return NULL; |
| 129 |
+ } |
| 130 |
+ |
| 131 |
+ while ( in[ len ] != 0 ) |
| 132 |
+@@ -83,7 +83,7 @@ SQLWCHAR* _multi_string_alloc_and_expand( LPCSTR in ) |
| 133 |
+ |
| 134 |
+ if ( !in ) |
| 135 |
+ { |
| 136 |
+- return in; |
| 137 |
++ return NULL; |
| 138 |
+ } |
| 139 |
+ |
| 140 |
+ while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) |
| 141 |
+@@ -112,7 +112,7 @@ SQLWCHAR* _single_string_alloc_and_expand( LPCSTR in ) |
| 142 |
+ |
| 143 |
+ if ( !in ) |
| 144 |
+ { |
| 145 |
+- return in; |
| 146 |
++ return NULL; |
| 147 |
+ } |
| 148 |
+ |
| 149 |
+ while ( in[ len ] != 0 ) |
| 150 |
+diff --git a/odbcinst/SQLWriteFileDSN.c b/odbcinst/SQLWriteFileDSN.c |
| 151 |
+index c2f987b..e225796 100644 |
| 152 |
+--- a/odbcinst/SQLWriteFileDSN.c |
| 153 |
++++ b/odbcinst/SQLWriteFileDSN.c |
| 154 |
+@@ -21,7 +21,7 @@ BOOL SQLWriteFileDSN( LPCSTR pszFileName, |
| 155 |
+ |
| 156 |
+ if ( pszFileName[0] == '/' ) |
| 157 |
+ { |
| 158 |
+- strncpy( szFileName, sizeof(szFileName) - 5, pszFileName ); |
| 159 |
++ strncpy( szFileName, pszFileName, sizeof(szFileName) - 5 ); |
| 160 |
+ } |
| 161 |
+ else |
| 162 |
+ { |
| 163 |
|
| 164 |
diff --git a/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild b/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild |
| 165 |
new file mode 100644 |
| 166 |
index 00000000000..502428bed7f |
| 167 |
--- /dev/null |
| 168 |
+++ b/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild |
| 169 |
@@ -0,0 +1,65 @@ |
| 170 |
+# Copyright 1999-2018 Gentoo Foundation |
| 171 |
+# Distributed under the terms of the GNU General Public License v2 |
| 172 |
+ |
| 173 |
+EAPI=6 |
| 174 |
+inherit libtool ltprune multilib-minimal |
| 175 |
+ |
| 176 |
+DESCRIPTION="A complete ODBC driver manager" |
| 177 |
+HOMEPAGE="http://www.unixodbc.org/" |
| 178 |
+SRC_URI="ftp://ftp.unixodbc.org/pub/${PN}/${P}.tar.gz" |
| 179 |
+ |
| 180 |
+LICENSE="GPL-2 LGPL-2.1" |
| 181 |
+SLOT="0" |
| 182 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
| 183 |
+IUSE="+minimal odbcmanual static-libs unicode" |
| 184 |
+ |
| 185 |
+RDEPEND=" |
| 186 |
+ || ( |
| 187 |
+ dev-libs/libltdl:0[${MULTILIB_USEDEP}] |
| 188 |
+ >=sys-devel/libtool-2.4.2-r1[${MULTILIB_USEDEP}] |
| 189 |
+ ) |
| 190 |
+ >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}] |
| 191 |
+ >=sys-libs/ncurses-5.9-r3:0=[${MULTILIB_USEDEP}] |
| 192 |
+ >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}] |
| 193 |
+" |
| 194 |
+DEPEND="${RDEPEND} |
| 195 |
+ sys-devel/flex |
| 196 |
+" |
| 197 |
+ |
| 198 |
+MULTILIB_CHOST_TOOLS=( /usr/bin/odbc_config ) |
| 199 |
+MULTILIB_WRAPPED_HEADERS=( /usr/include/unixodbc_conf.h ) |
| 200 |
+ |
| 201 |
+PATCHES=( |
| 202 |
+ "${FILESDIR}/${PN}-2.3.5-CVE-2018-7485.patch" |
| 203 |
+) |
| 204 |
+ |
| 205 |
+multilib_src_configure() { |
| 206 |
+ # --enable-driver-conf is --enable-driverc as per configure.in |
| 207 |
+ myeconfargs=( |
| 208 |
+ --sysconfdir="${EPREFIX}"/etc/${PN} |
| 209 |
+ --disable-static |
| 210 |
+ --enable-iconv |
| 211 |
+ --enable-shared |
| 212 |
+ $(use_enable static-libs static) |
| 213 |
+ $(use_enable !minimal drivers) |
| 214 |
+ $(use_enable !minimal driverc) |
| 215 |
+ $(use_with unicode iconv-char-enc UTF8) |
| 216 |
+ $(use_with unicode iconv-ucode-enc UTF16LE) |
| 217 |
+ ) |
| 218 |
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
| 219 |
+} |
| 220 |
+ |
| 221 |
+multilib_src_install_all() { |
| 222 |
+ einstalldocs |
| 223 |
+ |
| 224 |
+ if use odbcmanual ; then |
| 225 |
+ # We could simply run "make install-html" if we'd not had |
| 226 |
+ # out-of-source builds here. |
| 227 |
+ docinto html |
| 228 |
+ dodoc -r doc/. |
| 229 |
+ find "${ED%/}/usr/share/doc/${PF}/html" -name "Makefile*" -delete || die |
| 230 |
+ fi |
| 231 |
+ |
| 232 |
+ use prefix && dodoc README* |
| 233 |
+ prune_libtool_files |
| 234 |
+} |
Archives