Mailinglist Archive: opensuse-commit (914 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package unixODBC for openSUSE:11.3
checked in at Tue Jun 14 18:24:23 CEST 2011.



--------
--- old-versions/11.3/all/unixODBC/unixODBC-gui-qt.changes      2008-10-13 
17:00:11.000000000 +0200
+++ 11.3/unixODBC/unixODBC-gui-qt.changes       2011-06-13 11:20:11.000000000 
+0200
@@ -1,0 +2,5 @@
+Mon Jun 13 11:17:00 CEST 2011 - mhrusecky@xxxxxxx
+
+- fixed CVE-2011-1145 (bnc#678796)
+
+-------------------------------------------------------------------
--- old-versions/11.3/all/unixODBC/unixODBC.changes     2009-12-19 
13:43:18.000000000 +0100
+++ 11.3/unixODBC/unixODBC.changes      2011-06-13 11:20:12.000000000 +0200
@@ -1,0 +2,5 @@
+Mon Jun 13 11:17:49 CEST 2011 - mhrusecky@xxxxxxx
+
+- fixed CVE-2011-1145 (bnc#678796)
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.3/all/unixODBC
Destination is old-versions/11.3/UPDATES/all/unixODBC
calling whatdependson for 11.3-i586


New:
----
  unixODBC-2.2.12-CVE-2011-1145.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ unixODBC-gui-qt.spec ++++++
--- /var/tmp/diff_new_pack.2IHjUR/_old  2011-06-14 18:23:29.000000000 +0200
+++ /var/tmp/diff_new_pack.2IHjUR/_new  2011-06-14 18:23:29.000000000 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package unixODBC-gui-qt (Version 2.2.12)
+# spec file for package unixODBC-gui-qt
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 Name:           unixODBC-gui-qt
 BuildRequires:  qt3-devel
 Version:        2.2.12
-Release:        200
+Release:        204.<RELEASE2>
 Summary:        ODBC Configuration  Utility, Data Source Browser, and ODBC 
Test Tool based
 License:        GPLv2+
 Url:            http://www.unixodbc.org/
@@ -39,6 +39,7 @@
 Patch10:        unixODBC-%{version}-libodbcinst-exports.patch
 Patch11:        unixODBC-%{version}-flex.patch
 Patch12:        unixODBC-%{version}-ctracing.patch
+Patch13:        unixODBC-2.2.12-CVE-2011-1145.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -62,6 +63,7 @@
 %patch10
 %patch11
 %patch12
+%patch13 -p1
 install -m 644 %{S:1} .
 
 %build

++++++ unixODBC.spec ++++++
--- /var/tmp/diff_new_pack.2IHjUR/_old  2011-06-14 18:23:29.000000000 +0200
+++ /var/tmp/diff_new_pack.2IHjUR/_new  2011-06-14 18:23:29.000000000 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package unixODBC (Version 2.2.12)
+# spec file for package unixODBC
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 Name:           unixODBC
 BuildRequires:  gcc-c++
 Version:        2.2.12
-Release:        122
+Release:        204.<RELEASE2>
 Summary:        ODBC driver manager with some drivers included
 License:        GPLv2+ ; LGPLv2.1+
 Url:            http://www.unixodbc.org/
@@ -49,6 +49,7 @@
 Patch11:        %{name}-%{version}-flex.patch
 Patch12:        %{name}-%{version}-sqp.patch
 Patch13:        %{name}-%{version}-uninitialized.patch
+Patch14:        unixODBC-2.2.12-CVE-2011-1145.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %package devel
@@ -97,6 +98,7 @@
 %patch11
 %patch12
 %patch13
+%patch14 -p1
 install -m 644 %{S:1} .
 
 %build

++++++ unixODBC-2.2.12-CVE-2011-1145.patch ++++++
--- trunk/DriverManager/SQLDriverConnect.c      2011/01/12 15:50:07     23
+++ trunk/DriverManager/SQLDriverConnect.c      2011/03/09 15:38:55     27
@@ -664,7 +664,7 @@
 {
     DMHDBC connection = (DMHDBC)hdbc;
     struct con_struct con_struct;
-    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ];
+    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 
INI_MAX_PROPERTY_VALUE + 1 ];
     char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ];
     char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ];
     SQLRETURN ret_from_connect;
@@ -969,7 +969,13 @@
     tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" );
     if ( tsavefile )
     {
-        strcpy( savefile, tsavefile );
+        if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) {
+            memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE );
+            savefile[ INI_MAX_PROPERTY_VALUE ] = '\0';
+        }
+        else {
+            strcpy( savefile, tsavefile );
+        }
     }
     else
     {

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx