commit firebird for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package firebird for openSUSE:Factory 
checked in at 2017-02-11 01:32:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firebird (Old)
 and      /work/SRC/openSUSE:Factory/.firebird.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "firebird"

Changes:
--------
--- /work/SRC/openSUSE:Factory/firebird/firebird.changes        2016-10-14 
03:37:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.firebird.new/firebird.changes   2017-02-11 
01:32:12.445009181 +0100
@@ -1,0 +2,7 @@
+Tue Feb  7 10:58:14 UTC 2017 - mkube...@suse.cz
+
+- Backported-fix-for-CORE-5474-Restrict-UDF-is-not-eff.patch
+  security vulnerability fix for bypassing 'Restrict UDF' value of
+  UdfAccess config directive (bsc#1023990)                                     
 
+
+-------------------------------------------------------------------

New:
----
  Backported-fix-for-CORE-5474-Restrict-UDF-is-not-eff.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firebird.spec ++++++
--- /var/tmp/diff_new_pack.1SGKDv/_old  2017-02-11 01:32:14.464724135 +0100
+++ /var/tmp/diff_new_pack.1SGKDv/_new  2017-02-11 01:32:14.464724135 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package firebird
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -52,6 +52,7 @@
 Patch6:         unicode-handle-the-ICU-version-hack-from-SuSE.patch
 Patch7:         Make-the-generated-code-compatible-with-gcc-6-in-C-1.patch
 Patch8:         Provide-sized-global-delete-operators-when-compiled-.patch
+Patch9:         Backported-fix-for-CORE-5474-Restrict-UDF-is-not-eff.patch
 # work around a problem with old g++
 Patch91:        work-around-g-problem-in-SLE11.patch
 
@@ -76,6 +77,7 @@
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 # --
 # work around a problem with old g++
 %if 0%{?suse_version} < 1140

++++++ Backported-fix-for-CORE-5474-Restrict-UDF-is-not-eff.patch ++++++
From: AlexPeshkoff <peshk...@mail.ru>
Date: Mon, 6 Feb 2017 19:50:03 +0300
Subject: Backported fix for CORE-5474: 'Restrict UDF' is not effective, because 
fbudf.so is dynamically linked against libc
Patch-mainline: Not tagged yet (likely 4.0-alpha1 / 3.0.2 / 2.5.7)
Git-commit: 8b2a9cb44bf6055e15f016d70a6842b8ada60375
References: bsc#1023990

---
 src/common/os/mod_loader.h         |  8 --------
 src/common/os/posix/mod_loader.cpp | 20 +++++++++++++++++---
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/common/os/mod_loader.h b/src/common/os/mod_loader.h
index b27d35630d20..b57af4ac9f8d 100644
--- a/src/common/os/mod_loader.h
+++ b/src/common/os/mod_loader.h
@@ -70,23 +70,15 @@ public:
                /// Destructor
                virtual ~Module() {}
 
-#ifdef WIN_NT
                const Firebird::PathName fileName;
-#endif
 
        protected:
                /// The constructor is protected so normal code can't allocate 
instances
                /// of the class, but the class itself is still able to be 
subclassed.
-#ifdef WIN_NT
                Module(MemoryPool& pool, const Firebird::PathName& aFileName)
                        : fileName(pool, aFileName)
                {
                }
-#else
-               Module()
-               {
-               }
-#endif
 
        private:
                /// Copy construction is not supported, hence the copy 
constructor is private
diff --git a/src/common/os/posix/mod_loader.cpp 
b/src/common/os/posix/mod_loader.cpp
index a03c3065bcd8..2b42c59a5c35 100644
--- a/src/common/os/posix/mod_loader.cpp
+++ b/src/common/os/posix/mod_loader.cpp
@@ -27,6 +27,7 @@
 
 #include "firebird.h"
 #include "../common/os/mod_loader.h"
+#include "../common/os/path_utils.h"
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -39,8 +40,9 @@
 class DlfcnModule : public ModuleLoader::Module
 {
 public:
-       DlfcnModule(void* m)
-               : module(m)
+       DlfcnModule(MemoryPool& pool, const Firebird::PathName& aFileName, 
void* m)
+               : ModuleLoader::Module(pool, aFileName),
+                 module(m)
        {}
 
        ~DlfcnModule();
@@ -104,7 +106,7 @@ ModuleLoader::Module* ModuleLoader::loadModule(const 
Firebird::PathName& modPath
        system(command.c_str());
 #endif
 
-       return FB_NEW_POOL(*getDefaultMemoryPool()) DlfcnModule(module);
+       return FB_NEW_POOL(*getDefaultMemoryPool()) 
DlfcnModule(*getDefaultMemoryPool(), modPath, module);
 }
 
 DlfcnModule::~DlfcnModule()
@@ -122,6 +124,18 @@ void* DlfcnModule::findSymbol(const Firebird::string& 
symName)
 
                result = dlsym(module, newSym.c_str());
        }
+
+#ifdef HAVE_DLADDR
+       if (!PathUtils::isRelative(fileName))
+       {
+               Dl_info info;
+               if (!dladdr(result, &info))
+                       return NULL;
+               if (fileName != info.dli_fname)
+                       return NULL;
+       }
+#endif
+
        return result;
 }
 
-- 
2.11.1