Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Cody Pierce has reported a vulnerability in Firebird, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the handling of
"connect" requests (0x1) with a large "p_cnct_count" value. This can
be exploited to cause a buffer overflow by sending a specially
crafted connect request to a vulnerable server (default port
3050/TCP).

The vulnerability is reported in Firebird 2. Other versions may also
be affected.

SOLUTION:
Update to version 2.0.1.

setting status and cc'ing maintainers. I see that there is a 2.0.1 in the tree,
is it ok for going stable?

I have not switched to 2.0.1 on my production systems yet. Mainly due to a
character set issue. Another user helped out with that, and I committed the
changes last night. Really just needs testing.

That and I need to modify the pkg_config or etc stuff to deal with backing up
and restoring the security.gdb -> security2.gdb. Which the meta has to be
updated modified first. A sql script is provided. I just need to modify that to
call it before it backs up and restores. Or in that process.

Beyond that, testing, baring any bugs should be good to go for stabilization.

William, I'm not sure wether that was a yes or no :) 
Are these changes essential for successful user upgrades or should we just go
ahead and test the current version? The issue looks pretty serious.

If you want a clear yes or no, it would likely be no for now. One way around
that is to get rid of pkg_config, and leave backing/restoring/migrating the
security.fdb -> security2.fdb entirely to the user.

So it's kinda up to personal preference as to what is essential for a user.
However upstream pushes everyone toward 2.0.x anyway. I myself have no problems
with going ahead, testing and stabilizing 2.0.x.

I believe their could be a problem with the user created log file symlink or
etc. That is also done in pkg_config, in past ebuilds. In 2.0.1 I moved that to
src_install so firebird can start upon install out of the box. Just need to
remove that from 2.0.1's pkg_config.

Other than those two things, which depending on the person can be moot or
major. We should be good to go for stabilizing and testing.

So with that, let's go ahead and look to test and stabilize per the security
issue. I will address what ever I need to during that process. If and when
those issues or others surface.

Began with a NO, ending with a YES. Confused yet :)

YES. Please make sure that there proper upgrade instructions/warnings :)

Arches please test and mark firebird-2.0.1.12855.0-r3 stable.

dev-db/firebird-2.0.1.12855.0-r3  USE="doc examples -debug -xinetd"
1. emerges on x86, I am not shure if this is a problem:
>>> Install firebird-2.0.1.12855.0-r3 into /var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r3/image/ category dev-db
install: omitting directory `examples/api'
bzip2: Can't open input file
/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r3/image/usr/share/doc/firebird-2.0.1.12855.0-r3/examples/api:
No such file or directory.
...

2. passes collision test
3. dev-db/flamerobin-0.7.6 emerges with it
4. seems to work


Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3,
2.6.20.14 i686)
=================================================================
System uname: 2.6.20.14 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Wed, 13 Jun 2007 19:30:01 +0000
dev-java/java-config: 1.3.7, 2.0.32
dev-lang/python:     2.3.5-r3, 2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox
sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa apache2 asf avahi berkdb bitmap-fonts cairo cdr
cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss
encode evo fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal
iconv ipv6 isdnlog java jpeg kde kdeenablefinal kerberos ldap libg++ mad midi
mikmod mmx mono mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp
oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline
reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd
test tetex theora threads tiff truetype truetype-fonts type1-fonts unicode vcd
vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de
en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

I am losing my mind. I forgot to commit a fix for character sets the other day.
Please test and stabilize -r4. I do have one other change I need to make to
pkg_config, wrt to security.fdb -> security2.fdb. Will try to address that
tomorrow/today. It's getting a bit late now.

There is some minor QT stuff that needs addressing before we stabilize. That
will cause stable packages to break. Not sure if those QT packages will need to
go stable. If we have a fix in ~arch that's good enough for now, and QT can be
stabilized on it's own time frame. Up to you all there. Added bug as a
dependency of this one. It will cause qt to fail when firebird use flag is set
on 64bit systems. But that can also be address with a use flag mask or etc in
lieu of a rush qt stabilization.

No for sparc:  After adding the required libedit package, the firebird build
fails with a bus error, thus.
==========================================
make[3]: Leaving directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make -f ../gen/Makefile.refDatabases empty_db
make[3]: Entering directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make -f ../gen/Makefile.embed.util ../gen/firebird/bin/create_db
make[4]: Entering directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make[4]: `../gen/firebird/bin/create_db' is up to date.
make[4]: Leaving directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
rm -f empty.fdb
../gen/firebird/bin/create_db empty.fdb
make[3]: *** [empty.fdb] Bus error
make[3]: *** Deleting file `empty.fdb'
make[3]: Leaving directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make[2]: *** [empty_db] Error 2
make[2]: Leaving directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make[1]: *** [../gen/firebird/security2.fdb] Error 2
make[1]: Leaving directory
`/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen'
make: *** [firebird] Error 2
===================================
On sparc, this means create_db tried to use a misaligned pointer.  Typically,
this is because of an impermissible widening of a (char*) to something else.

I'm removing sparc from the CC and adding myself.  Ask again when the pointer
reference is fixed.

Might i add that firebird is generally USE.masked...

Back to ebuild to get a fix for sparc. Otherwise we'll have to mask it on
sparc.

what do we do? it's a quite serious issue... should we mask it on sparc?
sparc/maintainers please advise. 

I lack C/C++ skills to help or resolve myself. Not to mention no access to said
arch. So not much I can do.

It's already USE.masked mainstream it seems, so just dropping keywords from the
package should suffice (double-check to avoid broken deps though).

Ok will do. Tied up with other things atm, but will do it before I pass out
sometime later tonight, EDT :)

Ok I have dropped firebird 1.5.x down to -sparc. So we should be good to go now
to stabilize firebird on amd64 and x86.

There are still some Debian patches I would like to introduce. And some other
refinements. I would likely consider all that enhancements. But we will find
out as we stabilize. I am sure if there are problems users or testers will let
us know. I will respond to any bugs that come up after stabilization ASAP.

Still need to make a change in pkg_config wrt to backing up/restoring
security.fdb -> security2.fdb.  Rest of pkg_config should be fine. Although I
am pretty sure no one is using that. Since aspects have been broken or outdated
for some time. 

amd64 and x86 please test and mark stable.

Created an attachment (id=122909) [details]
firebird-2.0.1 build log

fails to compile on amd64 here

Is that on a live system or in a chroot? This looks mighty odd?

rm -f empty.fdb
../gen/firebird/bin/create_db empty.fdb
Unable to complete network request to host "2".
-Failed to establish a connection.
-Invalid argument
make[3]: *** [empty.fdb] Error 254

That looks to be where the error is coming from. Not really a compiling error,
but one that is happening during the building/compiling of Firebird. Never seen
that before. Let me see if I can replicate on my production amd64 firebird
server. I had planned up upgrading that tomorrow. Not sure if I can squeeze it
in today.

that was inside a chroot, it compiles fine outside of it - both systems differ
pretty much though

Yeah that was failure to make a network request to the engine. I would assume
more chroot specific than diff envs.

  21 Jun 2007; William L. Thomson Jr. <wltjr@gentoo.org>
  firebird-1.5.4-r2.ebuild, firebird-1.5.4-r3.ebuild:
  Dropped sparc keyword down to -sparc per bug #181811

You need to drop sparc keywords from dev-python/kinterbasdb as well, it depends
on firebird.

(In reply to comment #22)
> 
> You need to drop sparc keywords from dev-python/kinterbasdb as well, it depends
> on firebird.
> 

Done, thanks sorry I missed that. Also that package might have a dead upstream?
http://kinterbasdb.sourceforge.net/

Seems no version was stabilized. If upstream continues to be stagnant, might be
a candidate for last rights. To at least gauge user interest or use.

x86 stable

amd64 done

We're good to go.

GLSA 200707-01, thanks everybody!