commit: 1c52fc05c6b46b242e64eb746af429892b986d0a Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Jun 12 01:57:18 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Jun 12 01:57:18 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c52fc05
dev-db/libdbi-drivers: fix memory corruption issues w/ sqlite Backport some memory corruption fixes for sqlite3. Note that I haven't fixed bug #920440 - I have essentially no idea about this package and I'd really prefer someone investigate what it's even trying to do there. Bug: https://bugs.gentoo.org/920440 Closes: https://bugs.gentoo.org/920460 Closes: https://bugs.gentoo.org/933427 Signed-off-by: Sam James <sam <AT> gentoo.org> ...bdbi-drivers-0.9.0-buffer-overflow-sqlite.patch | 14 ++++ .../files/libdbi-drivers-0.9.0-c99.patch | 11 +++ ...ibdbi-drivers-0.9.0-fortify-source-sqlite.patch | 13 ++++ .../libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild | 90 ++++++++++++++++++++++ 4 files changed, 128 insertions(+) diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-buffer-overflow-sqlite.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-buffer-overflow-sqlite.patch new file mode 100644 index 000000000000..3bec6d958bc6 --- /dev/null +++ b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-buffer-overflow-sqlite.patch @@ -0,0 +1,14 @@ +https://bugs.gentoo.org/933427 +https://sourceforge.net/p/libdbi-drivers/libdbi-drivers/ci/7657c4c688c021d5f42a38e998c876d1739d5d8f +--- a/drivers/sqlite3/dbd_sqlite3.c ++++ b/drivers/sqlite3/dbd_sqlite3.c +@@ -585,7 +585,8 @@ + unsigned char *temp; + size_t len; + +- if ((temp = malloc(from_length*2)) == NULL) { ++ /* allocate an extra byte for NULL and two for the quotes */ ++ if ((temp = malloc(2*from_length+1+2)) == NULL) { + return 0; + } + diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-c99.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-c99.patch new file mode 100644 index 000000000000..c75e9f405aec --- /dev/null +++ b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-c99.patch @@ -0,0 +1,11 @@ +https://bugs.gentoo.org/920460 +--- a/drivers/firebird/dbd_firebird.c ++++ b/drivers/firebird/dbd_firebird.c +@@ -43,6 +43,7 @@ + #include <string.h> + #include <time.h> + #include <ibase.h> ++#include <ctype.h> + + #include "dbd_firebird.h" + #include "firebird_charsets.h" diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-fortify-source-sqlite.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-fortify-source-sqlite.patch new file mode 100644 index 000000000000..9624a8c039b6 --- /dev/null +++ b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-fortify-source-sqlite.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/933427 +https://sourceforge.net/p/libdbi-drivers/libdbi-drivers/ci/24f48b86c8988ee3aaebc5f303d71e9d789f77b6/ +--- a/drivers/sqlite3/dbd_sqlite3.c ++++ b/drivers/sqlite3/dbd_sqlite3.c +@@ -1451,7 +1451,7 @@ static int getTables(char** tables, int + break; + } + +- word_lower[item-start+1]; ++ char word_lower[item-start+1]; + strncpy(word_lower,start,item-start); + word_lower[item-start] = '\0'; + int i = 0; diff --git a/dev-db/libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild b/dev-db/libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild new file mode 100644 index 000000000000..d82a8c964d2e --- /dev/null +++ b/dev-db/libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="The libdbi-drivers project maintains drivers for libdbi" +HOMEPAGE="https://libdbi-drivers.sourceforge.net/"; +SRC_URI="https://downloads.sourceforge.net/project/${PN}/${PN}/${P}/${P}.tar.gz"; + +LICENSE="LGPL-2.1+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="doc firebird mysql oci8 postgres +sqlite static-libs" + +REQUIRED_USE="|| ( mysql postgres sqlite firebird oci8 )" +RESTRICT="firebird? ( bindist )" + +RDEPEND=" + >=dev-db/libdbi-0.9.0 + firebird? ( dev-db/firebird ) + mysql? ( dev-db/mysql-connector-c:= ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( dev-db/sqlite:3 ) +" +DEPEND="${RDEPEND}" +BDEPEND="doc? ( app-text/openjade )" + +DOCS=( AUTHORS ChangeLog NEWS README README.osx TODO ) + +PATCHES=( + "${FILESDIR}"/${PN}-0.9.0-doc-build-fix.patch + "${FILESDIR}"/${PN}-0.9.0-slibtool-libdir.patch + "${FILESDIR}"/${PN}-0.9.0-clang16-build-fix.patch + "${FILESDIR}"/${PN}-0.9.0-fortify-source-sqlite.patch + "${FILESDIR}"/${PN}-0.9.0-buffer-overflow-sqlite.patch + "${FILESDIR}"/${PN}-0.9.0-c99.patch +) + +pkg_setup() { + use oci8 && [[ -z "${ORACLE_HOME}" ]] && die "\$ORACLE_HOME is not set!" +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myconf="" + # WARNING: the configure script does NOT work correctly + # --without-$driver does NOT work + # so do NOT use `use_with...` + # Future additions: + # msql + # freetds + # ingres + # db2 + use mysql && myconf+=" --with-mysql" + use postgres && myconf+=" --with-pgsql" + use sqlite && myconf+=" --with-sqlite3" + use firebird && myconf+=" --with-firebird" + if use oci8; then + [[ -z "${ORACLE_HOME}" ]] && die "\$ORACLE_HOME is not set!" + myconf+=" --with-oracle-dir=${ORACLE_HOME} --with-oracle" + fi + + econf \ + $(use_enable doc docs) \ + $(use_enable static-libs static) \ + --with-dbi-libdir=/usr/$(get_libdir) \ + ${myconf} +} + +src_test() { + if [[ -z "${WANT_INTERACTIVE_TESTS}" ]]; then + ewarn "Tests disabled due to interactivity." + ewarn "Run with WANT_INTERACTIVE_TESTS=1 if you want them." + return 0 + fi + einfo "Running interactive tests" + emake check +} + +src_install() { + default + + find "${ED}" -name '*.la' -type f -delete || die +}
