Accepting request 73431 from server:database

security fix OBS-URL: https://build.opensuse.org/request/show/73431 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unixODBC?expand=0&rev=12
2011-06-14 08:58:07 +00:00 · 2011-06-14 08:58:07 +00:00 · be709e4f90
commit be709e4f90
parent 85cc9fc6a4
5 changed files with 40 additions and 0 deletions
--- a/unixODBC-2.2.12-CVE-2011-1145.patch
+++ b/unixODBC-2.2.12-CVE-2011-1145.patch
@ -0,0 +1,26 @@
+--- trunk/DriverManager/SQLDriverConnect.c	2011/01/12 15:50:07	23
+++ trunk/DriverManager/SQLDriverConnect.c	2011/03/09 15:38:55	27
+@@ -664,7 +664,7 @@
+ {
+     DMHDBC connection = (DMHDBC)hdbc;
+     struct con_struct con_struct;
+-    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ];
+    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ INI_MAX_PROPERTY_VALUE + 1 ];
+     char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ];
+     char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ];
+     SQLRETURN ret_from_connect;
+@@ -969,7 +969,13 @@
+     tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" );
+     if ( tsavefile )
+     {
+-        strcpy( savefile, tsavefile );
+        if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) {
+            memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE );
+            savefile[ INI_MAX_PROPERTY_VALUE ] = '\0';
+        }
+        else {
+            strcpy( savefile, tsavefile );
+        }
+     }
+     else
+     {
--- a/unixODBC-gui-qt.changes
+++ b/unixODBC-gui-qt.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jun 13 11:17:00 CEST 2011 - mhrusecky@suse.cz
+
+- fixed CVE-2011-1145 (bnc#678796)
+
 -------------------------------------------------------------------
 Mon Oct 13 15:45:51 CEST 2008 - nadvornik@suse.cz

--- a/unixODBC-gui-qt.spec
+++ b/unixODBC-gui-qt.spec
@ -39,6 +39,7 @@ Patch8:         unixODBC-%{version}-dm.patch
 Patch10:        unixODBC-%{version}-libodbcinst-exports.patch
 Patch11:        unixODBC-%{version}-flex.patch
 Patch12:        unixODBC-%{version}-ctracing.patch
+Patch13:        unixODBC-2.2.12-CVE-2011-1145.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -62,6 +63,7 @@ Authors:
 %patch10
 %patch11
 %patch12
+%patch13 -p1
 install -m 644 %{S:1} .

 %build
--- a/unixODBC.changes
+++ b/unixODBC.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jun 13 11:17:49 CEST 2011 - mhrusecky@suse.cz
+
+- fixed CVE-2011-1145 (bnc#678796)
+
 -------------------------------------------------------------------
 Sat Dec 19 13:43:00 CET 2009 - jengelh@medozas.de

--- a/unixODBC.spec
+++ b/unixODBC.spec
@ -49,6 +49,7 @@ Patch10:        %{name}-%{version}-libodbcinst-exports.patch
 Patch11:        %{name}-%{version}-flex.patch
 Patch12:        %{name}-%{version}-sqp.patch
 Patch13:        %{name}-%{version}-uninitialized.patch
+Patch14:        unixODBC-2.2.12-CVE-2011-1145.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %package devel
@ -97,6 +98,7 @@ Authors:
 %patch11
 %patch12
 %patch13
+%patch14 -p1
 install -m 644 %{S:1} .

 %build