From a803418ccaf29fd95bf689ddc98869f2647aa1ab2b313e982f13853d8cd4c9c0 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Mon, 19 Mar 2018 12:01:16 +0000 Subject: [PATCH] - bsc#1082060: Update to 2.3.6: * Fix order of arguments in SQLWriteFileDSN.c, fix unwanted free() in iusql.c * Add pkg-config files - bsc#1082290 (CVE-2018-7409): Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 - bsc#1082484 (CVE-2018-7485): Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c - Remove unixODBC-2.3.1-bison.patch: upstreamed - Remove unixODBC-iaddr.patch: upstreamed - Adapt unixODBC-2.3.1-declarations.patch to unixODBC-2.3.6-declarations.patch - Update unixODBC-gccwarnings.patch OBS-URL: https://build.opensuse.org/package/show/server:database/unixODBC?expand=0&rev=50 --- unixODBC-2.3.1-bison.patch | 22 ---- unixODBC-2.3.1-declarations.patch | 180 ------------------------------ unixODBC-2.3.4.tar.gz | 3 - unixODBC-2.3.6-declarations.patch | 33 ++++++ unixODBC-2.3.6.tar.gz | 3 + unixODBC-gccwarnings.patch | 50 --------- unixODBC-iaddr.patch | 24 ---- unixODBC.changes | 17 +++ unixODBC.spec | 59 +++++----- 9 files changed, 81 insertions(+), 310 deletions(-) delete mode 100644 unixODBC-2.3.1-bison.patch delete mode 100644 unixODBC-2.3.1-declarations.patch delete mode 100644 unixODBC-2.3.4.tar.gz create mode 100644 unixODBC-2.3.6-declarations.patch create mode 100644 unixODBC-2.3.6.tar.gz delete mode 100644 unixODBC-iaddr.patch diff --git a/unixODBC-2.3.1-bison.patch b/unixODBC-2.3.1-bison.patch deleted file mode 100644 index a23a035..0000000 --- a/unixODBC-2.3.1-bison.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: Drivers/nn/yyparse.y -=================================================================== ---- Drivers/nn/yyparse.y.orig -+++ Drivers/nn/yyparse.y -@@ -36,7 +36,7 @@ static char sccsid[] - # define yylex() nnsql_yylex(&yylval, pyyenv) - #endif - --#define yyparse(x) nnsql_yyparse (pyyenv) -+#define yyparse(x) nnsql_yyparse (yyenv_t* pyyenv) - #define yyerror(msg) nnsql_yyerror (pyyenv, msg) - #define SETYYERROR(env, code) { env->pstmt->errcode = code; \ - env->pstmt->errpos = env->errpos;} -@@ -1197,7 +1197,7 @@ static int add_ins_value( yystmt_t* pstm - { - if( !idx ) - { -- MEM_FREE(pstmt->ins_values) -+ MEM_FREE(pstmt->ins_values); - pstmt->ins_values = (node_t*)MEM_ALLOC( FILTER_CHUNK_SIZE * sizeof(node_t)); - } - else if( ! idx%FILTER_CHUNK_SIZE ) diff --git a/unixODBC-2.3.1-declarations.patch b/unixODBC-2.3.1-declarations.patch deleted file mode 100644 index b2cba76..0000000 --- a/unixODBC-2.3.1-declarations.patch +++ /dev/null @@ -1,180 +0,0 @@ -Index: Drivers/nn/SQLBindCol.c -=================================================================== ---- Drivers/nn/SQLBindCol.c.orig -+++ Drivers/nn/SQLBindCol.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLBindCol( - HSTMT hstmt, -Index: Drivers/nn/SQLBindParameter.c -=================================================================== ---- Drivers/nn/SQLBindParameter.c.orig -+++ Drivers/nn/SQLBindParameter.c -@@ -13,6 +13,7 @@ - GNU General Public License for more details. - **/ - #include -+#include - #include "driver.h" - - RETCODE SQL_API SQLBindParameter( -Index: Drivers/nn/SQLDescribeCol.c -=================================================================== ---- Drivers/nn/SQLDescribeCol.c.orig -+++ Drivers/nn/SQLDescribeCol.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLDescribeCol( - HSTMT hstmt, -Index: Drivers/nn/SQLError.c -=================================================================== ---- Drivers/nn/SQLError.c.orig -+++ Drivers/nn/SQLError.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLError( - HENV henv, -Index: Drivers/nn/SQLFetch.c -=================================================================== ---- Drivers/nn/SQLFetch.c.orig -+++ Drivers/nn/SQLFetch.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLFetch( HSTMT hstmt ) - { -Index: Drivers/nn/SQLGetData.c -=================================================================== ---- Drivers/nn/SQLGetData.c.orig -+++ Drivers/nn/SQLGetData.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLGetData( - HSTMT hstmt, -Index: Drivers/nn/SQLPutData.c -=================================================================== ---- Drivers/nn/SQLPutData.c.orig -+++ Drivers/nn/SQLPutData.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - RETCODE SQL_API SQLPutData( - HSTMT hstmt, -Index: Drivers/nn/convert.c -=================================================================== ---- Drivers/nn/convert.c.orig -+++ Drivers/nn/convert.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - /* It looks silly to use a MEM_ALLOC() in function char2str(), etc, - * for converting C data type into STRING SQL data type. Esspecially -Index: Drivers/nn/nndate.c -=================================================================== ---- Drivers/nn/nndate.c.orig -+++ Drivers/nn/nndate.c -@@ -16,6 +16,7 @@ - #include - - #include -+#include - #include "misc.h" - - static char* month_name[] = -Index: Drivers/nn/prepare.c -=================================================================== ---- Drivers/nn/prepare.c.orig -+++ Drivers/nn/prepare.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - void* nnodbc_getstmterrstack(void* hstmt) - { -Index: Drivers/nn/yyevl.c -=================================================================== ---- Drivers/nn/yyevl.c.orig -+++ Drivers/nn/yyevl.c -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - #include - #include - -Index: Drivers/nn/yyparse.y -=================================================================== ---- Drivers/nn/yyparse.y.orig -+++ Drivers/nn/yyparse.y -@@ -25,6 +25,7 @@ static char sccsid[] - #include - #include - #include -+#include - - # ifdef YYLSP_NEEDED - # undef YYLSP_NEEDED -Index: Drivers/nn/yystmt.c -=================================================================== ---- Drivers/nn/yystmt.c.orig -+++ Drivers/nn/yystmt.c -@@ -14,6 +14,7 @@ - **/ - #include - #include "driver.h" -+#include - - static char sccsid[] - = "@(#)NNSQL(NetNews SQL) v0.5, Copyright(c) 1995, 1996 by Ke Jin"; -Index: Drivers/nn/connect.c -=================================================================== ---- Drivers/nn/connect.c.orig -+++ Drivers/nn/connect.c -@@ -14,6 +14,7 @@ - **/ - #include - #include -+#include - #include - #include "driver.h" - #include "misc.h" -Index: Drivers/nn/yylex.c -=================================================================== ---- Drivers/nn/yylex.c.orig -+++ Drivers/nn/yylex.c -@@ -26,6 +26,7 @@ - - #include - #include -+#include - - static int getcmpopidxbyname(char* name) - { diff --git a/unixODBC-2.3.4.tar.gz b/unixODBC-2.3.4.tar.gz deleted file mode 100644 index d9f3791..0000000 --- a/unixODBC-2.3.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2e1509a96bb18d248bf08ead0d74804957304ff7c6f8b2e5965309c632421e39 -size 1830660 diff --git a/unixODBC-2.3.6-declarations.patch b/unixODBC-2.3.6-declarations.patch new file mode 100644 index 0000000..c4c70cf --- /dev/null +++ b/unixODBC-2.3.6-declarations.patch @@ -0,0 +1,33 @@ +diff -urEbwB unixODBC-2.3.6/Drivers/nn/yyevl.c unixODBC-2.3.6.new/Drivers/nn/yyevl.c +--- unixODBC-2.3.6/Drivers/nn/yyevl.c 2014-01-06 10:37:01.000000000 +0100 ++++ unixODBC-2.3.6.new/Drivers/nn/yyevl.c 2018-03-19 12:36:19.380485884 +0100 +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + typedef struct { + int type; /* can only be en_nt_qstr, en_nt_num and en_nt_null */ +diff -urEbwB unixODBC-2.3.6/Drivers/nn/yyparse.y unixODBC-2.3.6.new/Drivers/nn/yyparse.y +--- unixODBC-2.3.6/Drivers/nn/yyparse.y 2018-02-26 15:43:58.000000000 +0100 ++++ unixODBC-2.3.6.new/Drivers/nn/yyparse.y 2018-03-19 12:36:56.752790303 +0100 +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + # ifdef YYLSP_NEEDED + # undef YYLSP_NEEDED +diff -urEbwB unixODBC-2.3.6/Drivers/nn/yystmt.c unixODBC-2.3.6.new/Drivers/nn/yystmt.c +--- unixODBC-2.3.6/Drivers/nn/yystmt.c 2014-01-06 10:37:01.000000000 +0100 ++++ unixODBC-2.3.6.new/Drivers/nn/yystmt.c 2018-03-19 12:37:25.593024943 +0100 +@@ -14,6 +14,7 @@ + **/ + #include + #include "driver.h" ++#include "string.h" + + static char sccsid[] + = "@(#)NNSQL(NetNews SQL) v0.5, Copyright(c) 1995, 1996 by Ke Jin"; diff --git a/unixODBC-2.3.6.tar.gz b/unixODBC-2.3.6.tar.gz new file mode 100644 index 0000000..909cfa5 --- /dev/null +++ b/unixODBC-2.3.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88b637f647c052ecc3861a3baa275c3b503b193b6a49ff8c28b2568656d14d69 +size 1661914 diff --git a/unixODBC-gccwarnings.patch b/unixODBC-gccwarnings.patch index 593321f..2ebacdc 100644 --- a/unixODBC-gccwarnings.patch +++ b/unixODBC-gccwarnings.patch @@ -1,16 +1,3 @@ -Index: exe/odbc-config.c -=================================================================== ---- exe/odbc-config.c.orig -+++ exe/odbc-config.c -@@ -23,6 +23,8 @@ - - #include - #include -+#include -+#include - - #ifdef HAVE_STDLIB_H - #include Index: Drivers/nn/nndate.c =================================================================== --- Drivers/nn/nndate.c.orig @@ -85,40 +72,3 @@ Index: Drivers/nn/nncol.c int nnsql_getcolidxbyname( char* col_name ) { -Index: Drivers/Postgre7.1/dlg_specific.c -=================================================================== ---- Drivers/Postgre7.1/dlg_specific.c.orig -+++ Drivers/Postgre7.1/dlg_specific.c -@@ -21,11 +21,11 @@ - #endif - - #ifndef WIN32 --# include - # include - # ifdef UNIXODBC - # include - # else -+# include - # include "gpps.h" - # define SQLGetPrivateProfileString(a,b,c,d,e,f) GetPrivateProfileString(a,b,c,d,e,f) - # define SQLWritePrivateProfileString(a,b,c,d) WritePrivateProfileString(a,b,c,d) -@@ -38,6 +38,7 @@ - - #include "dlg_specific.h" - #include "convert.h" -+#include - - #ifndef BOOL - #define BOOL int -Index: Drivers/nn/yylex.c -=================================================================== ---- Drivers/nn/yylex.c.orig -+++ Drivers/nn/yylex.c -@@ -25,6 +25,7 @@ - # define YYERRCODE 256 - - #include -+#include - - static int getcmpopidxbyname(char* name) - { diff --git a/unixODBC-iaddr.patch b/unixODBC-iaddr.patch deleted file mode 100644 index a1c16ca..0000000 --- a/unixODBC-iaddr.patch +++ /dev/null @@ -1,24 +0,0 @@ -Index: Drivers/Postgre7.1/socket.c -=================================================================== ---- Drivers/Postgre7.1/socket.c.orig -+++ Drivers/Postgre7.1/socket.c -@@ -100,7 +100,7 @@ SOCK_connect_to_ip(SocketClass *self, un - { - struct hostent *host; - struct sockaddr_in sadr; --unsigned long iaddr; -+struct in_addr iaddr; - - if (self->socket != -1) { - self->errornumber = SOCKET_ALREADY_CONNECTED; -@@ -113,8 +113,8 @@ unsigned long iaddr; - /* If it is a valid IP address, use it. - Otherwise use hostname lookup. - */ -- iaddr = inet_addr(hostname); -- if (iaddr == INADDR_NONE) { -+ iaddr.s_addr = inet_addr(hostname); -+ if (iaddr.s_addr == INADDR_NONE) { - host = gethostbyname(hostname); - if (host == NULL) { - self->errornumber = SOCKET_HOST_NOT_FOUND; diff --git a/unixODBC.changes b/unixODBC.changes index 0ee9cb2..0c58596 100644 --- a/unixODBC.changes +++ b/unixODBC.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Mar 19 11:52:05 UTC 2018 - mvetter@suse.com + +- bsc#1082060: Update to 2.3.6: + * Fix order of arguments in SQLWriteFileDSN.c, fix unwanted + free() in iusql.c + * Add pkg-config files +- bsc#1082290 (CVE-2018-7409): Buffer overflow in + unicode_to_ansi_copy() was fixed in 2.3.5 +- bsc#1082484 (CVE-2018-7485): Swapped arguments in + SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c +- Remove unixODBC-2.3.1-bison.patch: upstreamed +- Remove unixODBC-iaddr.patch: upstreamed +- Adapt unixODBC-2.3.1-declarations.patch to + unixODBC-2.3.6-declarations.patch +- Update unixODBC-gccwarnings.patch + ------------------------------------------------------------------- Wed Feb 21 13:34:18 UTC 2018 - mvetter@suse.com diff --git a/unixODBC.spec b/unixODBC.spec index 5acc59b..9de1c36 100644 --- a/unixODBC.spec +++ b/unixODBC.spec @@ -17,27 +17,25 @@ Name: unixODBC -Version: 2.3.4 +Version: 2.3.6 Release: 0 Summary: ODBC driver manager with some drivers included -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0-or-later AND LGPL-2.1-or-later Group: Productivity/Databases/Tools Url: http://www.unixodbc.org/ -Source: ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-%{version}.tar.gz -Source2: baselibs.conf +Source0: ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-%{version}.tar.gz +Source1: baselibs.conf Patch1: unixODBC-paths.patch -Patch5: unixODBC-iaddr.patch -Patch7: unixODBC-gccwarnings.patch -Patch10: %{name}-2.3.1-libodbcinst-exports.patch -Patch15: %{name}-2.3.1-bison.patch -Patch16: %{name}-2.3.1-declarations.patch +Patch2: unixODBC-gccwarnings.patch +# https://github.com/lurcher/unixODBC/issues/8 +Patch3: unixODBC-2.3.1-libodbcinst-exports.patch +Patch4: unixODBC-2.3.6-declarations.patch BuildRequires: automake BuildRequires: bison BuildRequires: gcc-c++ BuildRequires: libltdl-devel BuildRequires: libtool BuildRequires: readline-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build %package devel Summary: Includes for ODBC Development @@ -55,11 +53,9 @@ Includes for ODBC development (based on unixODBC). %prep %setup -q %patch1 -%patch5 -%patch7 -%patch10 -%patch15 -%patch16 +%patch2 +%patch3 +%patch4 -p1 %build perl -i -pe 's{^ACLOCAL_AMFLAGS.*}{}' Makefile.am @@ -85,31 +81,30 @@ make %{?_smp_mflags} %install install -d -m 755 "%{buildroot}/%{_sysconfdir}/%{name}" install -d -m 755 "%{buildroot}/%{_libdir}/%{name}" -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install rm -rf "%{buildroot}/%{_datadir}/libtool" # packaged in gui-gtk rm -f "%{buildroot}/%{_libdir}"/libmimerS.* -rm -f %{buildroot}/%{_libdir}/*.la +find %{buildroot} -type f -name "*.la" -delete -print # bsc#1062860: we want psqlODBC instead of this unmaintained example driver rm -f "%{buildroot}/%{_libdir}"/unixODBC/libodbcpsql.* %post -p /sbin/ldconfig - %postun -p /sbin/ldconfig %files -%defattr(-, root, root) -%doc AUTHORS COPYING ChangeLog NEWS README doc/*.html doc/*.gif +%license COPYING +%attr(644,root,root) %doc AUTHORS ChangeLog NEWS README doc/*.html doc/*.gif %docdir %{_mandir} -%{_mandir}/man1/dltest.1.* -%{_mandir}/man1/isql.1.* -%{_mandir}/man1/iusql.1.* -%{_mandir}/man1/odbc_config.1.* -%{_mandir}/man1/odbcinst.1.* -%{_mandir}/man5/odbc.ini.5.* -%{_mandir}/man5/odbcinst.ini.5.* -%{_mandir}/man7/unixODBC.7.* +%{_mandir}/man1/dltest.1%{ext_man} +%{_mandir}/man1/isql.1%{ext_man} +%{_mandir}/man1/iusql.1%{ext_man} +%{_mandir}/man1/odbc_config.1%{ext_man} +%{_mandir}/man1/odbcinst.1%{ext_man} +%{_mandir}/man5/odbc.ini.5%{ext_man} +%{_mandir}/man5/odbcinst.ini.5%{ext_man} +%{_mandir}/man7/unixODBC.7%{ext_man} %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/ODBCDataSources %dir %{_libdir}/%{name} @@ -124,15 +119,17 @@ rm -f "%{buildroot}/%{_libdir}"/unixODBC/libodbcpsql.* %{_libdir}/libodbc.so.* %{_libdir}/libodbcinst.so.* %{_libdir}/libodbccr.so.* -%{_libdir}/libodbc.so -%{_libdir}/libodbcinst.so +%{_libdir}/libodbc.so +%{_libdir}/libodbcinst.so %{_libdir}/libodbccr.so %{_libdir}/%{name} # All .so files are in the main package as many ext apps # dlopen those so you need these on regular package. %files devel -%defattr(-, root, root) %{_includedir}/* +%{_libdir}/pkgconfig/odbc.pc +%{_libdir}/pkgconfig/odbccr.pc +%{_libdir}/pkgconfig/odbcinst.pc %changelog