1 |
commit: af28844cc92f8edd1fcd049e357d169a3dddc176 |
2 |
Author: Michael Vetter <jubalh <AT> iodoru <DOT> org> |
3 |
AuthorDate: Tue Feb 27 16:04:39 2018 +0000 |
4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 27 22:41:35 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af28844c |
7 |
|
8 |
dev-db/unixODBC: add fix against CVE-2018-7485. |
9 |
|
10 |
Adding a patch based on |
11 |
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f |
12 |
|
13 |
Without the changes for 2.3.6 in ChangeLog and configure.ac. |
14 |
|
15 |
Package-Manager: Portage-2.3.19, Repoman-2.3.6 |
16 |
Closes: https://github.com/gentoo/gentoo/pull/7300 |
17 |
|
18 |
.../files/unixODBC-2.3.5-CVE-2018-7485.patch | 135 +++++++++++++++++++++ |
19 |
dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild | 65 ++++++++++ |
20 |
2 files changed, 200 insertions(+) |
21 |
|
22 |
diff --git a/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch b/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch |
23 |
new file mode 100644 |
24 |
index 00000000000..2c4178cda48 |
25 |
--- /dev/null |
26 |
+++ b/dev-db/unixODBC/files/unixODBC-2.3.5-CVE-2018-7485.patch |
27 |
@@ -0,0 +1,135 @@ |
28 |
+From 45ef78e037f578b15fc58938a3a3251655e71d6f Mon Sep 17 00:00:00 2001 |
29 |
+From: Nick Gorham <nick@×××××××××××.org> |
30 |
+Date: Mon, 8 Jan 2018 11:12:39 +0000 |
31 |
+Subject: [PATCH] New Pre Source |
32 |
+ |
33 |
+diff --git a/DriverManager/SQLGetDiagRecW.c b/DriverManager/SQLGetDiagRecW.c |
34 |
+index a6368d7..be89120 100644 |
35 |
+--- a/DriverManager/SQLGetDiagRecW.c |
36 |
++++ b/DriverManager/SQLGetDiagRecW.c |
37 |
+@@ -98,6 +98,8 @@ |
38 |
+ |
39 |
+ static char const rcsid[]= "$RCSfile: SQLGetDiagRecW.c,v $"; |
40 |
+ |
41 |
++extern int __is_env( EHEAD * head ); /* in SQLGetDiagRec.c */ |
42 |
++ |
43 |
+ static SQLRETURN extract_sql_error_rec_w( EHEAD *head, |
44 |
+ SQLWCHAR *sqlstate, |
45 |
+ SQLINTEGER rec_number, |
46 |
+diff --git a/DriverManager/SQLSetDescField.c b/DriverManager/SQLSetDescField.c |
47 |
+index 333d786..0e2f67c 100644 |
48 |
+--- a/DriverManager/SQLSetDescField.c |
49 |
++++ b/DriverManager/SQLSetDescField.c |
50 |
+@@ -306,7 +306,7 @@ SQLRETURN SQLSetDescField( SQLHDESC descriptor_handle, |
51 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
52 |
+ } |
53 |
+ |
54 |
+- if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) |
55 |
++ if ( field_identifier == SQL_DESC_COUNT && (intptr_t)value < 0 ) |
56 |
+ { |
57 |
+ __post_internal_error( &descriptor -> error, |
58 |
+ ERROR_07009, NULL, |
59 |
+@@ -315,9 +315,9 @@ SQLRETURN SQLSetDescField( SQLHDESC descriptor_handle, |
60 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
61 |
+ } |
62 |
+ |
63 |
+- if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT |
64 |
+- && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && |
65 |
+- value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) |
66 |
++ if ( field_identifier == SQL_DESC_PARAMETER_TYPE && (intptr_t)value != SQL_PARAM_INPUT |
67 |
++ && (intptr_t)value != SQL_PARAM_OUTPUT && (intptr_t)value != SQL_PARAM_INPUT_OUTPUT && |
68 |
++ (intptr_t)value != SQL_PARAM_INPUT_OUTPUT_STREAM && (intptr_t)value != SQL_PARAM_OUTPUT_STREAM ) |
69 |
+ { |
70 |
+ __post_internal_error( &descriptor -> error, |
71 |
+ ERROR_HY105, NULL, |
72 |
+diff --git a/DriverManager/SQLSetDescFieldW.c b/DriverManager/SQLSetDescFieldW.c |
73 |
+index 5e066ac..45125ff 100644 |
74 |
+--- a/DriverManager/SQLSetDescFieldW.c |
75 |
++++ b/DriverManager/SQLSetDescFieldW.c |
76 |
+@@ -288,7 +288,7 @@ SQLRETURN SQLSetDescFieldW( SQLHDESC descriptor_handle, |
77 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
78 |
+ } |
79 |
+ |
80 |
+- if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) |
81 |
++ if ( field_identifier == SQL_DESC_COUNT && (intptr_t)value < 0 ) |
82 |
+ { |
83 |
+ __post_internal_error( &descriptor -> error, |
84 |
+ ERROR_07009, NULL, |
85 |
+@@ -297,9 +297,9 @@ SQLRETURN SQLSetDescFieldW( SQLHDESC descriptor_handle, |
86 |
+ return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); |
87 |
+ } |
88 |
+ |
89 |
+- if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT |
90 |
+- && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && |
91 |
+- value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) |
92 |
++ if ( field_identifier == SQL_DESC_PARAMETER_TYPE && (intptr_t)value != SQL_PARAM_INPUT |
93 |
++ && (intptr_t)value != SQL_PARAM_OUTPUT && (intptr_t)value != SQL_PARAM_INPUT_OUTPUT && |
94 |
++ (intptr_t)value != SQL_PARAM_INPUT_OUTPUT_STREAM && (intptr_t)value != SQL_PARAM_OUTPUT_STREAM ) |
95 |
+ { |
96 |
+ __post_internal_error( &descriptor -> error, |
97 |
+ ERROR_HY105, NULL, |
98 |
+diff --git a/exe/iusql.c b/exe/iusql.c |
99 |
+index aac5329..484a889 100644 |
100 |
+--- a/exe/iusql.c |
101 |
++++ b/exe/iusql.c |
102 |
+@@ -413,7 +413,6 @@ static int ExecuteSQL( SQLHDBC hDbc, char *szSQL, char cDelimiter, int bColumnNa |
103 |
+ if ( bVerbose ) DumpODBCLog( hEnv, hDbc, hStmt ); |
104 |
+ fprintf( stderr, "[ISQL]ERROR: Could not SQLExecDirect\n" ); |
105 |
+ SQLFreeStmt( hStmt, SQL_DROP ); |
106 |
+- free(szSepLine); |
107 |
+ return 0; |
108 |
+ } |
109 |
+ } |
110 |
+diff --git a/odbcinst/SQLCreateDataSource.c b/odbcinst/SQLCreateDataSource.c |
111 |
+index a9fa735..83a1e9e 100644 |
112 |
+--- a/odbcinst/SQLCreateDataSource.c |
113 |
++++ b/odbcinst/SQLCreateDataSource.c |
114 |
+@@ -26,7 +26,7 @@ char* _multi_string_alloc_and_copy( LPCWSTR in ) |
115 |
+ |
116 |
+ if ( !in ) |
117 |
+ { |
118 |
+- return in; |
119 |
++ return NULL; |
120 |
+ } |
121 |
+ |
122 |
+ while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) |
123 |
+@@ -55,7 +55,7 @@ char* _single_string_alloc_and_copy( LPCWSTR in ) |
124 |
+ |
125 |
+ if ( !in ) |
126 |
+ { |
127 |
+- return in; |
128 |
++ return NULL; |
129 |
+ } |
130 |
+ |
131 |
+ while ( in[ len ] != 0 ) |
132 |
+@@ -83,7 +83,7 @@ SQLWCHAR* _multi_string_alloc_and_expand( LPCSTR in ) |
133 |
+ |
134 |
+ if ( !in ) |
135 |
+ { |
136 |
+- return in; |
137 |
++ return NULL; |
138 |
+ } |
139 |
+ |
140 |
+ while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) |
141 |
+@@ -112,7 +112,7 @@ SQLWCHAR* _single_string_alloc_and_expand( LPCSTR in ) |
142 |
+ |
143 |
+ if ( !in ) |
144 |
+ { |
145 |
+- return in; |
146 |
++ return NULL; |
147 |
+ } |
148 |
+ |
149 |
+ while ( in[ len ] != 0 ) |
150 |
+diff --git a/odbcinst/SQLWriteFileDSN.c b/odbcinst/SQLWriteFileDSN.c |
151 |
+index c2f987b..e225796 100644 |
152 |
+--- a/odbcinst/SQLWriteFileDSN.c |
153 |
++++ b/odbcinst/SQLWriteFileDSN.c |
154 |
+@@ -21,7 +21,7 @@ BOOL SQLWriteFileDSN( LPCSTR pszFileName, |
155 |
+ |
156 |
+ if ( pszFileName[0] == '/' ) |
157 |
+ { |
158 |
+- strncpy( szFileName, sizeof(szFileName) - 5, pszFileName ); |
159 |
++ strncpy( szFileName, pszFileName, sizeof(szFileName) - 5 ); |
160 |
+ } |
161 |
+ else |
162 |
+ { |
163 |
|
164 |
diff --git a/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild b/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild |
165 |
new file mode 100644 |
166 |
index 00000000000..502428bed7f |
167 |
--- /dev/null |
168 |
+++ b/dev-db/unixODBC/unixODBC-2.3.5-r1.ebuild |
169 |
@@ -0,0 +1,65 @@ |
170 |
+# Copyright 1999-2018 Gentoo Foundation |
171 |
+# Distributed under the terms of the GNU General Public License v2 |
172 |
+ |
173 |
+EAPI=6 |
174 |
+inherit libtool ltprune multilib-minimal |
175 |
+ |
176 |
+DESCRIPTION="A complete ODBC driver manager" |
177 |
+HOMEPAGE="http://www.unixodbc.org/" |
178 |
+SRC_URI="ftp://ftp.unixodbc.org/pub/${PN}/${P}.tar.gz" |
179 |
+ |
180 |
+LICENSE="GPL-2 LGPL-2.1" |
181 |
+SLOT="0" |
182 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
183 |
+IUSE="+minimal odbcmanual static-libs unicode" |
184 |
+ |
185 |
+RDEPEND=" |
186 |
+ || ( |
187 |
+ dev-libs/libltdl:0[${MULTILIB_USEDEP}] |
188 |
+ >=sys-devel/libtool-2.4.2-r1[${MULTILIB_USEDEP}] |
189 |
+ ) |
190 |
+ >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}] |
191 |
+ >=sys-libs/ncurses-5.9-r3:0=[${MULTILIB_USEDEP}] |
192 |
+ >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}] |
193 |
+" |
194 |
+DEPEND="${RDEPEND} |
195 |
+ sys-devel/flex |
196 |
+" |
197 |
+ |
198 |
+MULTILIB_CHOST_TOOLS=( /usr/bin/odbc_config ) |
199 |
+MULTILIB_WRAPPED_HEADERS=( /usr/include/unixodbc_conf.h ) |
200 |
+ |
201 |
+PATCHES=( |
202 |
+ "${FILESDIR}/${PN}-2.3.5-CVE-2018-7485.patch" |
203 |
+) |
204 |
+ |
205 |
+multilib_src_configure() { |
206 |
+ # --enable-driver-conf is --enable-driverc as per configure.in |
207 |
+ myeconfargs=( |
208 |
+ --sysconfdir="${EPREFIX}"/etc/${PN} |
209 |
+ --disable-static |
210 |
+ --enable-iconv |
211 |
+ --enable-shared |
212 |
+ $(use_enable static-libs static) |
213 |
+ $(use_enable !minimal drivers) |
214 |
+ $(use_enable !minimal driverc) |
215 |
+ $(use_with unicode iconv-char-enc UTF8) |
216 |
+ $(use_with unicode iconv-ucode-enc UTF16LE) |
217 |
+ ) |
218 |
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
219 |
+} |
220 |
+ |
221 |
+multilib_src_install_all() { |
222 |
+ einstalldocs |
223 |
+ |
224 |
+ if use odbcmanual ; then |
225 |
+ # We could simply run "make install-html" if we'd not had |
226 |
+ # out-of-source builds here. |
227 |
+ docinto html |
228 |
+ dodoc -r doc/. |
229 |
+ find "${ED%/}/usr/share/doc/${PF}/html" -name "Makefile*" -delete || die |
230 |
+ fi |
231 |
+ |
232 |
+ use prefix && dodoc README* |
233 |
+ prune_libtool_files |
234 |
+} |