From 5267d395ec3e6d8a954eebec5670623c2f68e2d8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 10:03:27 +0000 Subject: import unixODBC-2.3.1-14.el7 --- diff --git a/SOURCES/fixed-buffer-overflow.patch b/SOURCES/fixed-buffer-overflow.patch new file mode 100644 index 0000000..4ffdcc8 --- /dev/null +++ b/SOURCES/fixed-buffer-overflow.patch @@ -0,0 +1,28 @@ +From dd6c67cf1ed69067b6adb045e14903f805beaf26 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 16 Apr 2019 12:52:09 +0200 +Subject: [PATCH] fixed possible buffer overflow (#1571528) + +--- + DriverManager/__info.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/DriverManager/__info.c b/DriverManager/__info.c +index 4201185..3620ccb 100644 +--- a/DriverManager/__info.c ++++ b/DriverManager/__info.c +@@ -728,7 +728,10 @@ char *unicode_to_ansi_copy( char * dest, int dest_len, SQLWCHAR *src, SQLINTEGER + #endif + } + +- dest[ i ] = '\0'; ++ if (dest_len) ++ { ++ dest[ i < dest_len ? i : i-1 ] = '\0'; ++ } + + return dest; + } +-- +2.17.1 + diff --git a/SOURCES/insecure-buffer-copy.patch b/SOURCES/insecure-buffer-copy.patch new file mode 100644 index 0000000..4644603 --- /dev/null +++ b/SOURCES/insecure-buffer-copy.patch @@ -0,0 +1,25 @@ +From 81a23859ef6de8765e57fc047e103f98126c26d1 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Tue, 16 Apr 2019 11:17:01 +0200 +Subject: [PATCH] fixed insecure buffer copy + +--- + odbcinst/SQLWriteFileDSN.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/odbcinst/SQLWriteFileDSN.c b/odbcinst/SQLWriteFileDSN.c +index c22a4bf..9891c73 100644 +--- a/odbcinst/SQLWriteFileDSN.c ++++ b/odbcinst/SQLWriteFileDSN.c +@@ -21,7 +21,7 @@ BOOL SQLWriteFileDSN( LPCSTR pszFileName, + + if ( pszFileName[0] == '/' ) + { +- strcpy( szFileName, pszFileName ); ++ strncpy( szFileName, pszFileName, sizeof(szFileName) ); + } + else + { +-- +2.17.1 + diff --git a/SPECS/unixODBC.spec b/SPECS/unixODBC.spec index 61f420b..16f0d18 100644 --- a/SPECS/unixODBC.spec +++ b/SPECS/unixODBC.spec @@ -1,7 +1,7 @@ Summary: A complete ODBC driver manager for Linux Name: unixODBC Version: 2.3.1 -Release: 11%{?dist} +Release: 14%{?dist} Group: System Environment/Libraries URL: http://www.unixODBC.org/ # Programs are GPL, libraries are LGPL, except News Server library is GPL. @@ -24,6 +24,8 @@ Patch6: export-symbols.patch Patch8: so-version-bump.patch Patch9: keep-typedefs.patch Patch10: coverity-fixes.patch +Patch11: insecure-buffer-copy.patch +Patch12: fixed-buffer-overflow.patch Conflicts: iodbc @@ -52,6 +54,8 @@ ODBC, you need to install this package. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 chmod 0644 Drivers/MiniSQL/*.c chmod 0644 Drivers/nn/*.c @@ -161,6 +165,17 @@ install -m644 %{SOURCE12} $RPM_BUILD_ROOT%{_mandir}/man1/odbc_config.1 %postun -p /sbin/ldconfig %changelog +* Tue Apr 16 2019 - 2.3.1-14 +- fixed insecure buffer copy (#1571530) +- fixed possible buffer overflow (#1571528) + +* Fri Nov 04 2016 Pavel Raiskup - 2.3.1-13 +- revert: ltdl bundling + +* Wed Oct 19 2016 Tomas Repik - 2.3.1-12 +- fix the libtool-ltdl compatibility + Resolves: rhbz#1267438 + * Wed Jul 15 2015 Jan Stanek - 2.3.1-11 - Turn on versioning of cursor library. Resolves: rhbz#1194065