diff options
| author | drochner <drochner@pkgsrc.org> | 2011-03-11 15:18:43 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-03-11 15:18:43 +0000 |
| commit | 7580c65eea3b3471476f88758a1611a3acb8b739 (patch) | |
| tree | 41b0d1e5954d2dad80dbf1bcb5a108f81f7755e2 /databases | |
| parent | 588e1f2bc6d2a7e7c59de07e0cfd0fd3b635af73 (diff) | |
| download | pkgsrc-7580c65eea3b3471476f88758a1611a3acb8b739.tar.gz | |
add patch from upstream to fix possible buffer overflow (CVE-2011-1145)
bump PKGREV
Diffstat (limited to 'databases')
| -rw-r--r-- | databases/unixodbc/Makefile | 3 | ||||
| -rw-r--r-- | databases/unixodbc/distinfo | 3 | ||||
| -rw-r--r-- | databases/unixodbc/patches/patch-ap | 30 |
3 files changed, 34 insertions, 2 deletions
diff --git a/databases/unixodbc/Makefile b/databases/unixodbc/Makefile index 113a6ee9251..93f5beef901 100644 --- a/databases/unixodbc/Makefile +++ b/databases/unixodbc/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.30 2011/01/18 23:12:29 schwarz Exp $ +# $NetBSD: Makefile,v 1.31 2011/03/11 15:18:43 drochner Exp $ DISTNAME= unixODBC-2.3.0 +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/ODBC/odbc/} CATEGORIES= databases MASTER_SITES= http://www.unixodbc.org/ diff --git a/databases/unixodbc/distinfo b/databases/unixodbc/distinfo index c0c242be7ce..1cb3ccb6caa 100644 --- a/databases/unixodbc/distinfo +++ b/databases/unixodbc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2010/05/03 02:10:43 jnemeth Exp $ +$NetBSD: distinfo,v 1.11 2011/03/11 15:18:43 drochner Exp $ SHA1 (unixODBC-2.3.0.tar.gz) = b2839b5210906e3ee286a4b621f177db9c7be7a8 RMD160 (unixODBC-2.3.0.tar.gz) = 166a96c31fe013ced6b6ef93da5871f672cfe456 @@ -16,3 +16,4 @@ SHA1 (patch-al) = 350c2562cad9b72e41a5f3cb38df39e4f5624199 SHA1 (patch-am) = 095ed0aa4e5882160fbf50d53c09ea23eafe1589 SHA1 (patch-an) = e3ce589f9dd7e97fa1dac43b9fbe981a352e8f0b SHA1 (patch-ao) = db7d39c31e478162afa48e3effde2d60f0f6cc46 +SHA1 (patch-ap) = 7947cb0491235190961a04257add4b29e45a5e0e diff --git a/databases/unixodbc/patches/patch-ap b/databases/unixodbc/patches/patch-ap new file mode 100644 index 00000000000..89b6c0b76d5 --- /dev/null +++ b/databases/unixodbc/patches/patch-ap @@ -0,0 +1,30 @@ +$NetBSD: patch-ap,v 1.1 2011/03/11 15:18:43 drochner Exp $ + +CVE-2011-1145 + +--- DriverManager/SQLDriverConnect.c.orig 2010-04-13 16:38:26.000000000 +0000 ++++ DriverManager/SQLDriverConnect.c +@@ -639,7 +639,7 @@ SQLRETURN SQLDriverConnect( + { + DMHDBC connection = (DMHDBC)hdbc; + struct con_struct con_struct; +- char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ]; ++ char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ INI_MAX_PROPERTY_VALUE + 1 ]; + char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; + char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; + SQLRETURN ret_from_connect; +@@ -944,7 +944,13 @@ SQLRETURN SQLDriverConnect( + tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" ); + if ( tsavefile ) + { +- strcpy( savefile, tsavefile ); ++ if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) { ++ memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE ); ++ savefile[ INI_MAX_PROPERTY_VALUE ] = '\0'; ++ } ++ else { ++ strcpy( savefile, tsavefile ); ++ } + } + else + { |