- added link patch to fix libgds linking (use -ldl -lcrypt, added soname)

- added chmod patch to avoid security problems during build (*EVIL* perms)
- added env-overflows patch which removes direct overflows through "INTERBASE"
  (and similar) environment vars, mentioned in CAN-2003-0281
- release 2

Changed files:
    Firebird-chmod.patch -> 1.1
    Firebird-env-overflows.patch -> 1.1
    Firebird-link.patch -> 1.1
    Firebird.spec -> 1.11

diff --git a/Firebird-chmod.patch b/Firebird-chmod.patch
new file mode 100644 (file)
index 0000000..c9f2d02
--- /dev/null
+++ b/Firebird-chmod.patch
@@ -0,0 +1,24 @@
+--- firebird-1.0.2.908/builds/original/prefix.linux.orig       2002-03-01 14:16:31.000000000 +0100
++++ firebird-1.0.2.908/builds/original/prefix.linux    2003-10-29 19:58:41.558232152 +0100
+@@ -65,7 +65,7 @@
+ BACKEND_BRIDGE_MISC=  head5.o allp.o
+ BIN_PATH=             /usr/isc/bin
+ BRIDGE_MISC=          head5.o allp.o
+-CHMOD_VAL=            666
++CHMOD_VAL=            644
+ 
+ #NOTE: I removed CURSES_LIB=  -lbsd because it breaks the build on SuSE systems
+ #      and isn't necessary anymore. 
+@@ -163,9 +163,9 @@
+ SH=                   sh -c
+ RM=                   rm -f
+ CHMOD=                        chmod
+-CHMOD_6=              chmod 666
+-CHMOD_7=              chmod 777
+-CHMOD_S7=             chmod 06777
++CHMOD_6=              chmod 644
++CHMOD_7=              chmod 755
++CHMOD_S7=             chmod 06755
+ MV=                   mv -f
+ TOUCH=                        touch
+ CP=                   cp

diff --git a/Firebird-env-overflows.patch b/Firebird-env-overflows.patch
new file mode 100644 (file)
index 0000000..f9da09f
--- /dev/null
+++ b/Firebird-env-overflows.patch
@@ -0,0 +1,375 @@
+Some fixes for overflows through "INTERBASE"* environment variables
+(CAN-2003-0281); not sure if it's complete - overflows may still exist
+in further usage of buffers initialized from env vars truncard to
+MAXPATHLEN...
+
+--- firebird-1.0.2.908/wal/wal.c.orig  2000-08-03 22:54:30.000000000 +0200
++++ firebird-1.0.2.908/wal/wal.c       2003-10-29 21:12:08.203320272 +0100
+@@ -1142,7 +1142,7 @@
+  *
+  **************************************/              
+ WALS  WAL_segment;
+-TEXT  image_name [256];
++TEXT  image_name [MAXPATHLEN];
+ int   pid;
+ 
+ gds__prefix (image_name, WAL_WRITER);  
+--- firebird-1.0.2.908/utilities/srvrmgr.c.orig        2003-10-29 21:13:23.238913128 +0100
++++ firebird-1.0.2.908/utilities/srvrmgr.c     2003-10-29 21:13:11.768656872 +0100
+@@ -446,7 +446,7 @@
+  *
+  **************************************/
+ TEXT    msg [MSG_LEN];
+-TEXT    path[PATHLEN];
++TEXT    path[MAXPATHLEN];
+ TEXT  *argv[4];
+ int   retry;
+ pid_t pid, ret_value;
+@@ -572,7 +572,7 @@
+  *
+  **************************************/
+ STATUS                status[STATUS_BUFLEN];
+-TEXT          path[PATHLEN];
++TEXT          path[MAXPATHLEN];
+ TEXT          db_name[128];
+ isc_db_handle db_handle = 0L;
+ BOOLEAN               ok;
+--- firebird-1.0.2.908/remote/inet.c.orig      2002-08-22 07:45:42.000000000 +0200
++++ firebird-1.0.2.908/remote/inet.c   2003-10-29 21:10:52.813781224 +0100
+@@ -2373,7 +2373,7 @@
+  *
+  **************************************/
+ IB_FILE       *proxy;
+-TEXT  *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
++TEXT  *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
+       target_user [64], line [128];
+ int   c;
+ BOOLEAN       result;
+--- firebird-1.0.2.908/lock/lock.c.orig        2002-04-11 03:04:25.000000000 +0200
++++ firebird-1.0.2.908/lock/lock.c     2003-10-29 21:09:57.632170104 +0100
+@@ -2239,8 +2239,8 @@
+     /* The lock file has some problem - copy it for later analysis */
+     {
+     TEXT      *lock_file;
+-    TEXT      buffer [256];   
+-    TEXT      buffer2 [256];  
++    TEXT      buffer [MAXPATHLEN*2 + 256];
++    TEXT      buffer2 [MAXPATHLEN + 256];
+     TEXT      hostname [64];
+     gds__prefix_lock (buffer, LOCK_FILE);
+     lock_file = buffer;
+@@ -3007,7 +3007,7 @@
+  *    Fork lock manager process.
+  *
+  **************************************/
+-TEXT          string [256];
++TEXT          string [MAXPATHLEN];
+ struct stat   stat_buf;
+ int           pid;
+ 
+@@ -3280,7 +3280,7 @@
+ #ifdef WINDOWS_ONLY
+ TEXT          *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
+ #else
+-TEXT          buffer [256];
++TEXT          buffer [MAXPATHLEN];
+ #endif
+ #endif
+ 
+--- firebird-1.0.2.908/jrd/gds.c.orig  2002-10-13 07:39:08.000000000 +0200
++++ firebird-1.0.2.908/jrd/gds.c       2003-10-29 20:43:18.367295320 +0100
+@@ -2710,8 +2710,9 @@
+ 
+                               ib_prefix = getenv("ProgramFiles");
+                               if (ib_prefix) {
+-                                      strcpy(ib_prefix_val, ib_prefix);
+-                                      strcat(ib_prefix_val, "\\Borland\\Interbase\\");
++                                      ib_prefix_val[MAXPATHLEN - 1] = 0;
++                                      strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
++                                      strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
+                               } else {
+                                       /* ISC_PREFIX currently defaults to      */
+                                       /* "C:\Program Files\Borland\InterBase\" */
+@@ -2742,16 +2743,28 @@
+             ib_prefix = ib_prefix_val;
+         }
+     }
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+-    strcat (string, root);
+-    strcat (string, ib_prefix);
++    strncat (string, root, MAXPATHLEN - 1);
++    if(strlen(root) >= MAXPATHLEN - 1)
++      string[MAXPATHLEN - 1] = 0;
++    else {
++      strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
++      if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
++          string[MAXPATHLEN - 1] = 0;
++    }
+ #else /* mpexl */
+-    strcat (string, ib_prefix);
++    strncat (string, ib_prefix, MAXPATHLEN - 1);
++    if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++      string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+-    if (string [strlen (string) - 1] != '/')
++    if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+         strcat (string, "/");
+ #endif
+-    strcat (string, root);
++    if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++      string[MAXPATHLEN - 1] = 0;
++    strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif        /* mpexl */
+ }
+ #endif        /* !defined(VMS) */
+@@ -2838,20 +2851,33 @@
+         }
+     else
+         {
+-        strcat (ib_prefix_lock_val, ib_prefix_lock); 
++      ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
++        strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
+         ib_prefix_lock = ib_prefix_lock_val;
+         }
+     }
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+-strcat (string, root);
+-strcat (string, ib_prefix_lock);
++strncat (string, root, MAXPATHLEN - 1);
++if(strlen(root) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
++else {
++    strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
++    if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
++      string[MAXPATHLEN - 1] = 0;
++}
+ #else
+-strcat (string, ib_prefix_lock);
++strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
++if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+-if (string [strlen (string) - 1] != '/')
++if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+     strcat (string, "/");
+ #endif
+-strcat (string, root);
++if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
++strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif
+ }
+ #endif
+@@ -2939,21 +2965,34 @@
+         }
+     else
+         {
+-        strcat (ib_prefix_msg_val, ib_prefix_msg); 
++      ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
++        strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val)); 
+         ib_prefix_msg = ib_prefix_msg_val;
+         }
+     }
+ 
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+-strcat (string, root);
+-strcat (string, ib_prefix_msg);
++strncat (string, root, MAXPATHLEN - 1);
++if(strlen(root) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
++else {
++    strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
++    if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
++      string[MAXPATHLEN - 1] = 0;
++}
+ #else
+-strcat (string, ib_prefix_msg);
++strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
++if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+-if (string [strlen (string) - 1] != '/')
++if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+     strcat (string, "/");
+ #endif
+-strcat (string, root);
++if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++    string[MAXPATHLEN - 1] = 0;
++strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif
+ }
+ #endif
+--- firebird-1.0.2.908/jrd/builtin.c.orig      2000-12-29 14:05:07.000000000 +0100
++++ firebird-1.0.2.908/jrd/builtin.c   2003-10-29 20:56:16.270036128 +0100
+@@ -74,7 +74,7 @@
+  *
+  **************************************/
+ FN    *function;
+-TEXT  *p, temp [256], *ep;
++TEXT  *p, temp [MAXPATHLEN], *ep;
+ TEXT  *modname;
+ 
+ /* Strip off any preceeding $INTERBASE path location from the 
+--- firebird-1.0.2.908/jrd/event.c.orig        2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/event.c     2003-10-29 20:57:01.379178496 +0100
+@@ -258,7 +258,7 @@
+  *    exits, otherwise return NULL.
+  *
+  **************************************/
+-TEXT  *event_file, buffer [256];
++TEXT  *event_file, buffer [MAXPATHLEN];
+ 
+ /* If we're already initialized, there's nothing to do */
+ 
+--- firebird-1.0.2.908/jrd/isc.c.orig  2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc.c       2003-10-29 21:00:27.988769064 +0100
+@@ -520,7 +520,7 @@
+     {
+     IB_FILE        *fd;
+     TEXT        *p, *q, buf[80];
+-    TEXT        buffer [256];
++    TEXT        buffer [MAXPATHLEN];
+ #ifdef SUPERSERVER
+     int         n;
+     TEXT        dir_name[MAX_PATH_LENGTH];
+@@ -724,7 +724,7 @@
+ IB_FILE       *fd = NULL;
+ IPCCFG        h;
+ struct        cfgtbl *t;
+-TEXT  buffer [256];
++TEXT  buffer [MAXPATHLEN];
+ int   ret = 1;
+ 
+ if (config_file)
+--- firebird-1.0.2.908/jrd/isc_cray.c.orig     2000-08-03 22:50:47.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc_cray.c  2003-10-29 21:01:52.928856208 +0100
+@@ -654,7 +654,7 @@
+  **************************************/
+ SLONG msg [3];
+ int   status, pipes [2];
+-TEXT  process [64], arg [10];
++TEXT  process [MAXPATHLEN], arg [10];
+ 
+ status = kill (pid, signal_number);
+ 
+--- firebird-1.0.2.908/jrd/isc_ipc.c.orig      2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc_ipc.c   2003-10-29 21:02:12.890821528 +0100
+@@ -773,7 +773,7 @@
+  **************************************/
+ SLONG msg [3];
+ int   status, pipes [2];
+-TEXT  process [64], arg [10];
++TEXT  process [MAXPATHLEN], arg [10];
+ 
+ #ifdef NeXT
+ /* If not a UNIX signal, send to port watcher */
+--- firebird-1.0.2.908/jrd/log.c.orig  2000-08-03 22:50:56.000000000 +0200
++++ firebird-1.0.2.908/jrd/log.c       2003-10-29 21:03:49.526130728 +0100
+@@ -632,7 +632,7 @@
+ DBB   dbb;
+ LOG   log;
+ #ifndef STACK_REDUCTION
+-SCHAR *log_name, buffer [256];
++SCHAR *log_name, buffer [MAXPATHLEN];
+ #else
+ SCHAR *log_name, *buffer;
+ #endif /* !STACK_REDUCTION */
+@@ -640,7 +640,7 @@
+ int   mask;
+ 
+ #ifdef STACK_REDUCTION
+-buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
++buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
+ if(!buffer) /* NOMEM: */
+   {
+   error ("can't open log file (out of memory)");
+--- firebird-1.0.2.908/jrd/svc.c.orig  2002-10-07 12:49:25.000000000 +0200
++++ firebird-1.0.2.908/jrd/svc.c       2003-10-29 21:07:08.137937144 +0100
+@@ -149,7 +149,7 @@
+                                *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
+                                *status++ = isc_arg_end; }
+ 
+-#define ERR_FILE_IN_USE               { TEXT buffer[256]; \
++#define ERR_FILE_IN_USE               { TEXT buffer[MAXPATHLEN]; \
+                                 gds__prefix (buffer, LOCK_HEADER); \
+                                 *status++ = isc_file_in_use; \
+                                 *status++ = isc_arg_string; \
+@@ -849,7 +849,7 @@
+  *
+  **************************************/
+ SCHAR item, *items, *end_items, *end; 
+-UCHAR buffer [256], dbbuf [1024];
++UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
+ USHORT        l, length, version, get_flags;
+ STATUS        *status;
+ #ifndef WINDOWS_ONLY
+@@ -1361,7 +1361,7 @@
+  *
+  **************************************/
+ SCHAR item, *items, *end_items, *end, *p, *q; 
+-UCHAR buffer [256];
++UCHAR buffer [MAXPATHLEN /* >=256 */];
+ USHORT        l, length, version, get_flags;
+ USHORT  num_att = 0;
+ USHORT  num_dbs = 0;
+--- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/gpre/ftn.c      2003-10-29 21:01:14.106758064 +0100
+@@ -1551,7 +1551,7 @@
+ TPB           tpb;
+ REQ           request;
+ BOOLEAN               any_extern;
+-TEXT          include_buffer[512];
++TEXT          include_buffer[MAXPATHLEN];
+ 
+ #ifndef mpexl
+ ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
+--- firebird-1.0.2.908/intl/dtest.c.orig       2000-08-03 22:49:04.000000000 +0200
++++ firebird-1.0.2.908/intl/dtest.c    2003-10-29 20:55:40.683446112 +0100
+@@ -124,7 +124,7 @@
+ #ifdef LIKE_JRD
+       {
+       char    module[ 200 ];
+-      char    path[ 200 ];
++      char    path[ MAXPATHLEN ];
+       char    entry[ 200 ];
+       int     t_type;
+       t_type = atoi( vector[ i ] );
+--- firebird-1.0.2.908/csv/csi.c.orig  2000-08-03 22:43:03.000000000 +0200
++++ firebird-1.0.2.908/csv/csi.c       2003-10-29 20:53:28.947473024 +0100
+@@ -3733,7 +3733,7 @@
+  *
+  **************************************/
+ UCHAR         output [128], error [128], *p, *q, process_name [16],
+-              pipe_temp [256], pipe_file [256];
++              pipe_temp [MAXPATHLEN], pipe_file [256];
+ USHORT                i, len;
+ ULONG         status, pid, flags, item;
+ SLONG         *privileges, procpriv [2], priority;
+--- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig     2001-02-04 05:06:13.000000000 +0100
++++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c  2003-10-29 20:55:01.392419256 +0100
+@@ -7,7 +7,7 @@
+ 
+ int main()
+ {
+-    char buff[2048];
++    char buff[MAXPATHLEN + 10];
+     int offset;
+ 
+ #ifdef VAR_PATH
+--- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100
++++ firebird-1.0.2.908/porting/qli/help.c      2003-10-29 20:51:01.799842864 +0100
+@@ -201,7 +201,7 @@
+  **************************************/
+ NAM   *ptr, *end, name;
+ USHORT        max_level;
+-TEXT  target [128], **topic, *topics [16];
++TEXT  target [MAXPATHLEN /* >=128 */], **topic, *topics [16];
+ 
+ if (!HELP_DB)
+     {

diff --git a/Firebird-link.patch b/Firebird-link.patch
new file mode 100644 (file)
index 0000000..5c6e915
--- /dev/null
+++ b/Firebird-link.patch
@@ -0,0 +1,11 @@
+--- firebird-1.0.2.908/builds/original/sfx.jrd.orig    2002-06-21 20:56:54.000000000 +0200
++++ firebird-1.0.2.908/builds/original/sfx.jrd 2003-10-29 19:54:23.282496032 +0100
+@@ -437,7 +437,7 @@
+               $(CSI_P_MISC) $(DSQL_P_MISC) $(LOCK_P_MISC) \
+               $(REMOTE_P_MISC) $(SECURITY_P_MISC) $(BRIDGE_P_MISC) $(INTL_P_MISC) \
+               $(REGISTER_P_MISC) $(WAL_P_MISC) $(FUNCTIONS) $(GDSF_LIB) \
+-              $(LD_LIBS) -o gds.so
++              $(LD_LIBS) -o gds.so -ldl -lcrypt -soname libgds.so.1
+       $(CHMOD_6) gds.so
+       $(MV) gds.so $(GDSSHR)
+       $(TOUCH) gds.so

diff --git a/Firebird.spec b/Firebird.spec
index 80209156fe355493912174618b4d3600803205fa..60eca6e433822beaf05a207ad343c47fa85acd85 100644 (file)
--- a/Firebird.spec
+++ b/Firebird.spec
@@ -3,7 +3,7 @@ Summary(pl):    Firebird - serwer baz danych SQL oraz narz
 Name:          Firebird
 # FirebirdCS/FirebirdSS (Classic Server/Super Server)?
 Version:       1.0.2.908
-Release:       1
+Release:       2
 License:       Interbase Public License 1.0
 Group:         Applications/Databases
 Source0:       http://dl.sourceforge.net/firebird/%{name}-%{version}.src.tar.gz
@@ -21,9 +21,12 @@ Source4:     http://www.ibphoenix.com/downloads/isc_docs.zip
 #  by codes.h regeneration from messages.gbak(?))
 Patch0:                %{name}-fix.patch
 Patch1:                %{name}-gcc33.patch
+Patch2:                %{name}-link.patch
+Patch3:                %{name}-chmod.patch
+Patch4:                %{name}-env-overflows.patch
 URL:           http://firebird.sourceforge.net/
 BuildRequires: unzip
-Requires:      %{name}-lib = %{version}
+Requires:      %{name}-lib = %{version}-%{release}
 # see firebird-*/jrd/{common.h,gds.h,ibase.h} if you want to add support for more
 ExclusiveArch: %{ix86}
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -54,7 +57,7 @@ Biblioteka wsp
 Summary:       Header files for Firebird library
 Summary(pl):   Pliki nag³ówkowe biblioteki Firebird
 Group:         Development/Libraries
-Requires:      %{name}-lib = %{version}
+Requires:      %{name}-lib = %{version}-%{release}
 
 %description devel
 Header files for Firebird library.
@@ -66,7 +69,7 @@ Pliki nag
 Summary:       Static Firebird library
 Summary(pl):   Statyczna biblioteka Firebird
 Group:         Development/Libraries
-Requires:      %{name}-devel = %{version}
+Requires:      %{name}-devel = %{version}-%{release}
 
 %description static
 Static Firebird library (libgds).
@@ -89,6 +92,9 @@ Obszerna dokumentacja do baz InterBase i Firebird.
 %setup -q -n firebird-%{version} -a1
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 install -d docs/{IB3.0,IB4.0,IB6.0}
 unzip -q %{SOURCE2} -d docs/IB6.0