Added patches to 2.0.3 per bug #208034 and CVE-2008-0387, CVE-2008-0467. Removed unstable version as this one replaces it.

Package-Manager: portage-2.1.4.1

5 files changed, 737 insertions, 4 deletions

diff --git a/dev-db/firebird/ChangeLog b/dev-db/firebird/ChangeLog
index bb4500099c64..ac969db9025b 100644
--- a/dev-db/firebird/ChangeLog
+++ b/dev-db/firebird/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for dev-db/firebird
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/firebird/ChangeLog,v 1.86 2008/02/13 18:34:31 wltjr Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/firebird/ChangeLog,v 1.87 2008/02/19 16:10:21 wltjr Exp $
+
+*firebird-2.0.3.12981.0-r5 (18 Feb 2008)
+
+  18 Feb 2008; William L. Thomson Jr. <wltjr@gentoo.org>
+  +files/firebird-2.0.3.12981.0-CVE-2008-0387.patch,
+  +files/firebird-2.0.3.12981.0-CVE-2008-0467.patch,
+  -firebird-2.0.3.12981.0-r4.ebuild, +firebird-2.0.3.12981.0-r5.ebuild:
+  Added patches to 2.0.3 per bug #208034 and CVE-2008-0387, CVE-2008-0467.
+  Removed unstable version as this one replaces it.
 
 *firebird-2.1.0.17735_rc1 (13 Feb 2008)
 
diff --git a/dev-db/firebird/Manifest b/dev-db/firebird/Manifest
index 2a35865d710b..6c3b4e439e10 100644
--- a/dev-db/firebird/Manifest
+++ b/dev-db/firebird/Manifest
@@ -1,4 +1,6 @@
 AUX 70firebird 50 RMD160 ebfc2e7a38dbd95b3df0dc4c8a757bd089f69807 SHA1 71b414835ed7c66f94b2908b7793da817d3c4438 SHA256 ca3ca56c53490ac6f849ce78cd1240fc52334f25c8d3841eef1560bed2a80d03
+AUX firebird-2.0.3.12981.0-CVE-2008-0387.patch 3279 RMD160 462a32e8bc64c2ede4852901a9ff7036a7c3b52a SHA1 7c87e7f41e8c408b190d84e80f7c6aa1a5c0753c SHA256 62dd30ec1a785578a4686ba37e82fedbc0b00d0e95735b4aab9b056b5b82ad4b
+AUX firebird-2.0.3.12981.0-CVE-2008-0467.patch 16005 RMD160 2bfd332b7d551402a1c9bed8b4706fc57cc80ec0 SHA1 38bc58cec68a4b9b12315846c3eb5f8c967e83e3 SHA256 f4de4b4b988669378b09fcbba59dac96b22a3b4cfeb6bdf7db45c4a16f81fd05
 AUX firebird-2.0.3.12981.0-external-libs.patch 1891 RMD160 6450f96348d1736ff1101d6bafe7b1057d221175 SHA1 b1ad1e60a538acd88cb9f7dcdea10e90459ed782 SHA256 75697d2d0cdc4e1fa48a6714f1e8e47563e2d2ea7765ae8a56f533a3c7b865da
 AUX firebird-2.0.3.12981.0-flags.patch 960 RMD160 9c75259b1fcd281a7c1e272bd209920cb434940a SHA1 250dcbc322a88b3c8c741ea6e58c637ddf44d066 SHA256 b3ad7f330fd22bcd3dd2189b91c0eb56af0215f2cfbc592e13d9596e9e841045
 AUX firebird-2.0.3.12981.0-make-deps.patch 1369 RMD160 843f3fdf1469ca31ccbf14b0d90f10d240ade63b SHA1 05d6e9c3b3dd0ac8f0093307cc5e3a1313f4dcb8 SHA256 826f6d70b71ec8630a9520dacfade245cff14cd9c766ba5be0eeda204f4bc9fb
@@ -12,7 +14,7 @@ DIST Firebird-2.0.3.12981-0.tar.bz2 12623689 RMD160 6a1139b30a77070e6e74bdaebc5d
 DIST Firebird-2.1.0.17735-ReleaseCandidate1.tar.bz2 13377514 RMD160 924014a93aa8b57152c6a7ffb5f41ca58fa9b9b9 SHA1 7585aa45baca20888bb56629bf74bff9c688f6e8 SHA256 b50888c43f0f44870d067eb4c3e68719238907f265daaaeb0251a3b4b5eae001
 DIST ib_b60_doc.zip 10530848 RMD160 c64b4b6bc9125929928517ba072558a58ddf577d SHA1 5e94fb89e15f738aa8605c913e75ec212fa163ef SHA256 8c0158678b2a2fe3ba3abfea1f5487fc5af2644d66837ab8a558f5ad6b6cfd6d
 EBUILD firebird-2.0.3.12981.0-r2.ebuild 6072 RMD160 b8260dcae6e5cb40c4da7fccdaa97a1f4979d8f7 SHA1 8a441a71c3ec39189649cc92b03c24fe4176a3e0 SHA256 b5c63f2a462b911958cf5fb5ffca4e21c9eb174b08f3e8b4026d1e6328bc1540
-EBUILD firebird-2.0.3.12981.0-r4.ebuild 9810 RMD160 027dd946c9ceedaf3b329e7b524d35c039dd8f2a SHA1 ddd7cfad000c4428d7f657f3fdd3e43a4504c2f3 SHA256 84ba4585843cc0a3fbf9eb33420f30a7d3f1e31090907e564e222d43c9077d08
+EBUILD firebird-2.0.3.12981.0-r5.ebuild 9904 RMD160 abba1d35ed7e86f3286afe83c7312a4cbce89bbe SHA1 f5441d4abfcd445eb0389c528ed54bc4cc1a3ddf SHA256 280fc423fafab9063246b03a7a25e29e9d012a28522508385e704478c91f0f6c
 EBUILD firebird-2.1.0.17735_rc1.ebuild 10118 RMD160 340f8685d1adcd8d762397553d914bef005a1888 SHA1 278c4f825f5507036e556e48a370f3f923c2c90d SHA256 209913a166f4b087533813db04bd9707d8379b6e146edfb795eda7d1de590026
-MISC ChangeLog 17595 RMD160 423c05decc0c77acb4eaa161dc34482fcaa5036a SHA1 ca20fd06d20006aa0e38a2bcbeccaf6334e55e79 SHA256 a8311f4f0ab4d9d58ac854f5bbd35c320529ac174ee540e51230724a39872d3e
+MISC ChangeLog 18000 RMD160 5d7987a42b24028200913bd6c0d25053744a093b SHA1 1e136a0cf65056b4eeb48e86a9e326186598acf6 SHA256 34e26ba9dc8ac912343fcd9e6ff9d88bd0d994261239034e1157baeb33554509
 MISC metadata.xml 611 RMD160 f6ee917e095b5fdf35200713fcc5a19b676cc369 SHA1 ce284a4db1ea6aa20a3824fb0c5730385659f84c SHA256 feb96e25e1e94eda2ebdfb016e9c44de6f59374b49ba256a5187f5a76d912e63
diff --git a/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0387.patch b/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0387.patch
new file mode 100644
index 000000000000..374f9454ef89
--- /dev/null
+++ b/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0387.patch
@@ -0,0 +1,91 @@
+diff -Naur Firebird-2.0.3.12981-0_orig/src/remote/protocol.cpp Firebird-2.0.3.12981-0/src/remote/protocol.cpp
+--- Firebird-2.0.3.12981-0_orig/src/remote/protocol.cpp	2007-11-05 21:07:50.000000000 -0500
++++ Firebird-2.0.3.12981-0/src/remote/protocol.cpp	2008-02-17 19:39:16.000000000 -0500
+@@ -1347,7 +1347,7 @@
+ 
+ 	rem_port* port = (rem_port*) xdrs->x_public;
+ 
+-	if (request_id >= port->port_object_vector->vec_count)
++	if (!port->port_objects || request_id >= port->port_object_vector->vec_count)
+ 		return FALSE;
+ 
+ 	rrq* request = (rrq*) port->port_objects[request_id];
+@@ -1644,7 +1644,7 @@
+ 	rem_port* port = (rem_port*) xdrs->x_public;
+ 	RSR statement;
+ 	if (statement_id >= 0) {
+-		if (statement_id >= port->port_object_vector->vec_count)
++		if (!port->port_objects || statement_id >= port->port_object_vector->vec_count)
+ 			return FALSE;
+ 		if (!(statement = (RSR) port->port_objects[statement_id]))
+ 			return FALSE;
+@@ -1736,7 +1736,7 @@
+ 
+ 	rem_port* port = (rem_port*) xdrs->x_public;
+ 	if (statement_id >= 0) {
+-		if (statement_id >= port->port_object_vector->vec_count)
++		if (!port->port_objects || statement_id >= port->port_object_vector->vec_count)
+ 			return FALSE;
+ 		statement = (RSR) port->port_objects[statement_id];
+ 	}
+diff -Naur Firebird-2.0.3.12981-0_orig/src/remote/server.cpp Firebird-2.0.3.12981-0/src/remote/server.cpp
+--- Firebird-2.0.3.12981-0_orig/src/remote/server.cpp	2007-11-05 21:07:50.000000000 -0500
++++ Firebird-2.0.3.12981-0/src/remote/server.cpp	2008-02-17 19:39:31.000000000 -0500
+@@ -74,7 +74,8 @@
+ 
+ #define CHECK_HANDLE(blk, cast, type, id, err)							\
+ 	{																\
+-		if (id >= port->port_object_vector->vec_count ||			\
++		if (!port->port_objects ||									\
++			id >= port->port_object_vector->vec_count ||			\
+ 			!(blk = (cast) port->port_objects [id]) ||				\
+ 			((BLK) blk)->blk_type != (UCHAR) type)					\
+ 		{															\
+@@ -87,7 +88,8 @@
+ 
+ #define CHECK_HANDLE_MEMBER(blk, cast, type, id, err)					\
+ 	{																\
+-		if (id >= this->port_object_vector->vec_count ||			\
++		if (!this->port_objects ||									\
++			id >= this->port_object_vector->vec_count ||			\
+ 			!(blk = (cast) this->port_objects [id]) ||				\
+ 			((BLK) blk)->blk_type != (UCHAR) type)					\
+ 		{															\
+@@ -1011,6 +1013,12 @@
+ 	port->port_status_vector = status_vector;
+ 	success(status_vector);
+ 
++	// This buffer is used by INET and WNET transports
++	// to return the server identification string
++	UCHAR buffer[BUFFER_TINY];
++	const CSTRING save_string = send->p_resp.p_resp_data;
++	send->p_resp.p_resp_data.cstr_address = buffer;
++
+ 	rem_port* aux_port = port->request(send);
+ 	RDB rdb = port->port_context;
+ 	if (bad_db(status_vector, rdb))
+@@ -1026,6 +1034,7 @@
+ 		/* restore the port status vector */
+ 
+ 		port->port_status_vector = save_status;
++		send->p_resp.p_resp_data = save_string;
+ 		return;
+ 	}
+ 
+@@ -1037,6 +1046,7 @@
+ /* restore the port status vector */
+ 
+ 	port->port_status_vector = save_status;
++	send->p_resp.p_resp_data = save_string;
+ }
+ 
+ 
+@@ -1448,6 +1458,8 @@
+ 	printf("disconnect(server)        free rdb         %x\n", rdb);
+ #endif
+ 	this->port_context = NULL;
++	if (this->port_async)
++		this->port_async->port_context = NULL;
+ 	ALLR_release(rdb);
+ 	if (this->port_object_vector)
+ 	{
diff --git a/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0467.patch b/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0467.patch
new file mode 100644
index 000000000000..83633af5ec05
--- /dev/null
+++ b/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-2008-0467.patch
@@ -0,0 +1,629 @@
+# Stolen from upstream CVS B2_0_Release branch
+# Fixes CVE-2008-0467http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467
+# Debian BTS: http://bugs.debian.org/463596
+# Upstream CORE-1603: http://tracker.firebirdsql.org/browse/CORE-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:cvs-tabpanel
+--- 2.0.orig/src/jrd/constants.h
++++ 2.0/src/jrd/constants.h
+@@ -56,7 +56,7 @@
+ 
+ /* Misc constant values */
+ 
+-const int USERNAME_LENGTH	= 31;	/* Characters */
++const unsigned int USERNAME_LENGTH	= 31;	/* Characters */
+ 
+ const size_t MAX_SQL_IDENTIFIER_SIZE = 32;
+ const size_t MAX_SQL_IDENTIFIER_LEN = MAX_SQL_IDENTIFIER_SIZE - 1;
+--- 2.0.orig/src/jrd/isc.cpp
++++ 2.0/src/jrd/isc.cpp
+@@ -87,14 +87,13 @@
+ 
+ #include <windows.h>
+ #include <aclapi.h>
++#include <lmcons.h>
+ 
+ static USHORT os_type;
+ static SECURITY_ATTRIBUTES security_attr;
+ 
+ //static TEXT interbase_directory[MAXPATHLEN];
+ 
+-static bool check_user_privilege();
+-
+ #endif // WIN_NT
+ 
+ static TEXT user_name[256];
+@@ -393,14 +392,29 @@
+ }
+ #endif
+ 
++const TEXT* ISC_get_host(Firebird::string& host)
++{
++/**************************************
++ *
++ *      I S C _ g e t _ h o s t
++ *
++ **************************************
++ *
++ * Functional description
++ *      Get host name in non-plain buffer.
++ *
++ **************************************/
++	TEXT buffer[BUFFER_SMALL];
++	ISC_get_host(buffer, sizeof(buffer));
++	host = buffer;
++	return host.c_str();
++}
++
+ #ifdef UNIX
+-int ISC_get_user(TEXT*	name,
+-									  int*	id,
+-									  int*	group,
+-									  TEXT*	project,
+-									  TEXT*	organization,
+-									  int*	node,
+-									  const TEXT*	user_string)
++bool ISC_get_user(Firebird::string*	name, 
++				  int*	id,
++				  int*	group,
++				  const TEXT*	user_string)
+ {
+ /**************************************
+  *
+@@ -448,7 +462,7 @@
+ 	}
+ 
+ 	if (name)
+-		strcpy(name, p);
++		*name = p;
+ 
+ 	if (id)
+ 		*id = euid;
+@@ -456,15 +470,6 @@
+ 	if (group)
+ 		*group = egid;
+ 
+-	if (project)
+-		*project = 0;
+-
+-	if (organization)
+-		*organization = 0;
+-
+-	if (node)
+-		*node = 0;
+-
+ 	return (euid == 0);
+ }
+ #endif
+@@ -573,13 +578,10 @@
+ #endif
+ 
+ #ifdef WIN_NT
+-int ISC_get_user(TEXT*	name,
+-									  int*	id,
+-									  int*	group,
+-									  TEXT*	project,
+-									  TEXT*	organization,
+-									  int*	node,
+-									  const TEXT*	user_string)
++bool ISC_get_user(Firebird::string*	name, 
++				  int*	id,
++				  int*	group,
++				  const TEXT*	user_string)
+ {
+ /**************************************
+  *
+@@ -597,162 +599,25 @@
+ 	if (group)
+ 		*group = -1;
+ 
+-	if (project)
+-		*project = 0;
+-
+-	if (organization)
+-		*organization = 0;
+-
+-	if (node)
+-		*node = 0;
+-
+ 	if (name)
+ 	{
+-		name[0] = 0;
+-		DWORD  name_len = 128;
+-		if (GetUserName(name, &name_len))
+-		{
+-			name[name_len] = 0;
+-
+-			/* NT user name is case insensitive */
+-
+-			for (DWORD i = 0; i < name_len; i++)
+-			{
+-				name[i] = UPPER7(name[i]);
+-			}
+-
+-/* This check is not internationalized, the security model needs to be
+- * reengineered, especially on SUPERSERVER where none of these local
+- * user (in process) assumptions are valid.
+-			if (!strcmp(name, "ADMINISTRATOR"))
+-			{
+-				if (id)
+-					*id = 0;
+-
+-				if (group)
+-					*group = 0;
+-			}
+- */
+-		}
+-	}
+-
+-	return check_user_privilege();
+-}
+-
+-
+-//____________________________________________________________
+-//
+-// Check to see if the user belongs to the administrator group.
+-//
+-// This routine was adapted from code in routine RunningAsAdminstrator
+-// in \mstools\samples\regmpad\regdb.c.
+-//
+-static bool check_user_privilege()
+-{
+-	HANDLE tkhandle;
+-	SID_IDENTIFIER_AUTHORITY system_sid_authority = {SECURITY_NT_AUTHORITY};
+-
+-	// First we must open a handle to the access token for this thread.
+-
+-	if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tkhandle))
+-	{
+-		if (GetLastError() == ERROR_NO_TOKEN)
++		DWORD name_len = UNLEN;
++		TEXT* nm = name->getBuffer(name_len + 1);
++		if (GetUserName(nm, &name_len))
+ 		{
+-			// If the thread does not have an access token, we'll examine the
+-			// access token associated with the process.
++			nm[name_len] = 0;
+ 
+-			if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tkhandle))
+-			{
+-				CloseHandle(tkhandle);
+-				return false;
+-			}
++			// NT user name is case insensitive
++			CharUpperBuff(nm, name_len);
++			name->recalculate_length();
+ 		}
+ 		else
+ 		{
+-			return false;
++			*name = "";
+ 		}
+ 	}
+ 
+-	TOKEN_GROUPS*	ptg       = NULL;
+-	DWORD			token_len = 0;
+-
+-	while (true)
+-	{
+-		/* Then we must query the size of the group information associated with
+-		   the token.  This is guarenteed to fail the first time through
+-		   because there is no buffer. */
+-
+-		if (GetTokenInformation(tkhandle,
+-								TokenGroups,
+-								ptg,
+-								token_len,
+-								&token_len))
+-		{
+-			break;
+-		}
+-
+-		/* If there had been a buffer, it's either too small or something
+-		   else is wrong.  Either way, we can dispose of it. */
+-
+-		if (ptg)
+-		{
+-			gds__free(ptg);
+-		}
+-
+-		/* Here we verify that GetTokenInformation failed for lack of a large
+-		   enough buffer. */
+-
+-		if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+-		{
+-			CloseHandle(tkhandle);
+-			return false;
+-		}
+-
+-		// Allocate a buffer for the group information.
+-		ptg = (TOKEN_GROUPS *) gds__alloc((SLONG) token_len);
+-
+-		if (!ptg)
+-		{
+-			CloseHandle(tkhandle);
+-			return false;		/* NOMEM: */
+-		}
+-		// FREE: earlier in this loop, and at procedure return
+-	}
+-
+-	// Create a System Identifier for the Admin group.
+-
+-	PSID admin_sid;
+-
+-	if (!AllocateAndInitializeSid(&system_sid_authority, 2,
+-								  SECURITY_BUILTIN_DOMAIN_RID,
+-								  DOMAIN_ALIAS_RID_ADMINS,
+-								  0, 0, 0, 0, 0, 0, &admin_sid))
+-	{
+-		gds__free(ptg);
+-		CloseHandle(tkhandle);
+-		return false;
+-	}
+-
+-	// Finally we'll iterate through the list of groups for this access
+-	// token looking for a match against the SID we created above.
+-
+-	bool admin_priv = false;
+-
+-	for (DWORD i = 0; i < ptg->GroupCount; i++)
+-	{
+-		if (EqualSid(ptg->Groups[i].Sid, admin_sid))
+-		{
+-			admin_priv = true;
+-			break;
+-		}
+-	}
+-
+-	// Deallocate the SID we created.
+-
+-	FreeSid(admin_sid);
+-	gds__free(ptg);
+-	CloseHandle(tkhandle);
+-	return admin_priv;
++	return false;
+ }
+ #endif
+ 
+--- 2.0.orig/src/jrd/isc_proto.h
++++ 2.0/src/jrd/isc_proto.h
+@@ -25,6 +25,7 @@
+ #define JRD_ISC_PROTO_H
+ 
+ #include "../jrd/isc.h"
++#include "../common/classes/fb_string.h"
+ 
+ void	ISC_ast_enter(void);
+ void	ISC_ast_exit(void);
+@@ -32,9 +33,9 @@
+ // There's no body for those functions.
+ //void	ISC_get_config(TEXT *, struct ipccfg *);
+ //int		ISC_set_config(TEXT *, struct ipccfg *);
+-TEXT*	ISC_get_host(TEXT *, USHORT);
+-int		ISC_get_user(TEXT*, int*, int*, TEXT*,
+-											 TEXT*, int*, const TEXT*);
++TEXT*  ISC_get_host(TEXT *, USHORT);
++const TEXT* ISC_get_host(Firebird::string&);
++bool  ISC_get_user(Firebird::string*, int*, int*, const TEXT*);
+ SLONG	ISC_get_user_group_id(const TEXT*);
+ void	ISC_set_user(const TEXT*);
+ SLONG	ISC_get_prefix(const TEXT*);
+--- 2.0.orig/src/jrd/jrd.cpp
++++ 2.0/src/jrd/jrd.cpp
+@@ -6699,12 +6699,9 @@
+  **/
+ static void getUserInfo(UserId& user, const DatabaseOptions& options)
+ {
+-	TEXT name[129] = "";
+-	TEXT project[33] = "";
+-	TEXT organization[33] = "";
+-
+-	int node_id = 0;
+ 	int id = -1, group = -1;	// CVC: This var contained trash
++	int node_id = 0;
++	Firebird::string name;
+ 
+ #ifdef BOOT_BUILD
+ 	bool wheel = true;
+@@ -6712,12 +6709,9 @@
+ 	bool wheel = false;
+ 	if (options.dpb_user_name.isEmpty()) 
+ 	{
+-       wheel = ISC_get_user(name,
++       wheel = ISC_get_user(&name,
+                             &id,
+                             &group,
+-                            project,
+-                            organization,
+-                            &node_id,
+                             options.dpb_sys_user_name.nullStr());
+ 	}
+ 
+@@ -6738,18 +6732,18 @@
+ 		{
+ 			if (options.dpb_user_name.hasData())
+ 			{
+-				options.dpb_user_name.copyTo(name, sizeof name);
++				name = options.dpb_user_name;
+ 			}
+ 			else
+ 			{
+-				strcpy(name, "<Unknown>");
++				name = "<Unknown>";
+ 			}
+ 		}
+ 
+ 		// if the name from the user database is defined as SYSDBA,
+ 		// we define that user id as having system privileges
+ 
+-		if (!strcmp(name, SYSDBA_USER_NAME))
++		if (name == SYSDBA_USER_NAME)
+ 		{
+ 			wheel = true;
+ 		}
+@@ -6761,12 +6755,12 @@
+ 
+ 	if (wheel)
+ 	{
+-		strcpy(name, SYSDBA_USER_NAME);
++		name = SYSDBA_USER_NAME;
+ 	}
+ 
+ 	user.usr_user_name = name;
+-	user.usr_project_name = project;
+-	user.usr_org_name = organization;
++	user.usr_project_name = "";
++	user.usr_org_name = "";
+ 	user.usr_sql_role_name = options.dpb_role_name;
+ 	user.usr_user_id = id;
+ 	user.usr_group_id = group;
+--- 2.0.orig/src/jrd/jrd_pwd.h
++++ 2.0/src/jrd/jrd_pwd.h
+@@ -66,11 +66,11 @@
+ 
+ 	static void initialize();
+ 	static void shutdown();
+-	static void verifyUser(TEXT*, const TEXT*, const TEXT*, const TEXT*,
++	static void verifyUser(Firebird::string&, const TEXT*, const TEXT*, const TEXT*,
+ 		int*, int*, int*, const Firebird::string&);
+ 
+ 	static void hash(Firebird::string& h, 
+-					 const TEXT* userName, 
++					 const Firebird::string& userName, 
+ 					 const TEXT* passwd)
+ 	{
+ 		Firebird::string salt;
+@@ -79,7 +79,7 @@
+ 	}
+ 
+ 	static void hash(Firebird::string& h, 
+-					 const TEXT* userName, 
++					 const Firebird::string& userName, 
+ 					 const TEXT* passwd,
+ 					 const Firebird::string& oldHash)
+ 	{
+@@ -110,7 +110,7 @@
+ 
+ 	void fini();
+ 	void init();
+-	bool lookup_user(TEXT*, int*, int*, TEXT*);
++	bool lookup_user(const TEXT*, int*, int*, TEXT*);
+ 	bool prepare();
+ 
+ 	static SecurityDatabase instance;
+--- 2.0.orig/src/jrd/pwd.cpp
++++ 2.0/src/jrd/pwd.cpp
+@@ -263,7 +263,7 @@
+ 	counter += (is_cached) ? 1 : 0;
+ }
+ 
+-bool SecurityDatabase::lookup_user(TEXT * user_name, int *uid, int *gid, TEXT * pwd)
++bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TEXT* pwd)
+ {
+ 	bool found = false;		// user found flag
+ 	TEXT uname[129];		// user name buffer
+@@ -433,7 +433,7 @@
+ 	instance.fini();
+ }
+ 
+-void SecurityDatabase::verifyUser(TEXT* name,
++void SecurityDatabase::verifyUser(Firebird::string& name,
+ 								  const TEXT* user_name,
+ 								  const TEXT* password,
+ 								  const TEXT* password_enc,
+@@ -444,12 +444,11 @@
+ {
+ 	if (user_name)
+ 	{
+-		TEXT* p = name;
+-		for (const TEXT* q = user_name; *q; ++q, ++p)
++		name = user_name;
++		for (unsigned int n = 0; n < name.length(); ++n)
+ 		{
+-			*p = UPPER7(*q);
++			name[n] = UPPER7(name[n]);
+ 		}
+-		*p = 0;
+ 	}
+ 
+ #ifndef EMBEDDED
+@@ -459,7 +458,7 @@
+ 	// that means the current context must be saved and restored.
+ 
+ 	TEXT pw1[MAX_PASSWORD_LENGTH + 1];
+-	const bool found = instance.lookup_user(name, uid, gid, pw1);
++	const bool found = instance.lookup_user(name.c_str(), uid, gid, pw1);
+ 	pw1[MAX_PASSWORD_LENGTH] = 0;
+ 	Firebird::string storedHash(pw1, MAX_PASSWORD_LENGTH);
+ 	storedHash.rtrim();
+--- 2.0.orig/src/jrd/svc.cpp
++++ 2.0/src/jrd/svc.cpp
+@@ -516,7 +516,7 @@
+ 		}
+ 		else 
+ 		{
+-			TEXT name[129]; // unused after retrieved
++			Firebird::string name; // unused after retrieved
+ 			int id, group, node_id;
+ 			
+ 			Firebird::string remote = options.spb_network_protocol +
+--- 2.0.orig/src/remote/inet.cpp
++++ 2.0/src/remote/inet.cpp
+@@ -462,20 +462,16 @@
+ 
+ /* Pick up some user identification information */
+ 	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
+-	char buffer[BUFFER_SMALL];
+-
++	Firebird::string buffer;
+ 	int eff_gid;
+ 	int eff_uid;
+-	ISC_get_user(buffer, &eff_uid, &eff_gid, 0, 0, 0, user_string);
+-	user_id.insertString(CNCT_user, buffer, strlen(buffer));
+ 
+-	ISC_get_host(buffer, sizeof(buffer));
+-	for (char* p = buffer; *p; p++) {
+-		if (*p >= 'A' && *p <= 'Z') {
+-			*p = *p - 'A' + 'a';
+-		}
+-	}
+-	user_id.insertString(CNCT_host, buffer, strlen(buffer));
++	ISC_get_user(&buffer, &eff_uid, &eff_gid, user_string);
++	user_id.insertString(CNCT_user, buffer);
++
++	ISC_get_host(buffer);
++	buffer.lower();
++	user_id.insertString(CNCT_host, buffer);
+ 
+ 	if ((eff_uid == -1) || uv_flag) {
+ 		user_id.insertTag(CNCT_user_verification);
+--- 2.0.orig/src/remote/inet_server.cpp
++++ 2.0/src/remote/inet_server.cpp
+@@ -96,6 +96,7 @@
+ #include "../jrd/sch_proto.h"
+ #include "../jrd/thread_proto.h"
+ #include "../common/utils_proto.h"
++#include "../common/classes/fb_string.h"
+ 
+ #ifdef UNIX
+ #ifdef NETBSD
+@@ -328,14 +329,14 @@
+             // Remove restriction on username, for DEV builds
+             // restrict only for production builds.  MOD 21-July-2002
+ #ifndef DEV_BUILD
+-			TEXT user_name[256];	/* holds the user name */
++			Firebird::string user_name;	/* holds the user name */
+ 			/* check user id */
+-			ISC_get_user(user_name, NULL, NULL, NULL, NULL, NULL, NULL);
++			ISC_get_user(&user_name, NULL, NULL, NULL);
+ 
+-			if (strcmp(user_name, "root") &&
+-				strcmp(user_name, FIREBIRD_USER_NAME) &&
+-				strcmp(user_name, INTERBASE_USER_NAME) &&
+-				strcmp(user_name, INTERBASE_USER_SHORT))
++			if (user_name != "root" &&
++				user_name != FIREBIRD_USER_NAME &&
++				user_name != INTERBASE_USER_NAME &&
++				user_name != INTERBASE_USER_SHORT)
+ 			{
+ 				/* invalid user -- bail out */
+ 				fprintf(stderr,
+--- 2.0.orig/src/remote/os/win32/wnet.cpp
++++ 2.0/src/remote/os/win32/wnet.cpp
+@@ -135,25 +135,17 @@
+ 	PACKET* packet = &rdb->rdb_packet;
+ 
+ /* Pick up some user identification information */
+-	TEXT buffer[128];
++	Firebird::string buffer;
+ 	TEXT *p;
+ 	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
+ 
+-	ISC_get_user(buffer, 0, 0, 0, 0, 0, 0);
+-	for (p = buffer; *p; p++) {
+-		if (*p >= 'A' && *p <= 'Z') {
+-			*p = *p - 'A' + 'a';
+-		}
+-	}
+-	user_id.insertString(CNCT_user, buffer, strlen(buffer));
+-
+-	ISC_get_host(buffer, sizeof(buffer));
+-	for (p = buffer; *p; p++) {
+-		if (*p >= 'A' && *p <= 'Z') {
+-			*p = *p - 'A' + 'a';
+-		}
+-	}
+-	user_id.insertString(CNCT_host, buffer, strlen(buffer));
++	ISC_get_user(&buffer, 0, 0, 0);
++	buffer.lower();
++	user_id.insertString(CNCT_user, buffer);
++
++	ISC_get_host(buffer);
++	buffer.lower();
++	user_id.insertString(CNCT_host, buffer);
+ 
+ 	if (uv_flag) {
+ 		user_id.insertTag(CNCT_user_verification);
+--- 2.0.orig/src/remote/xnet.cpp
++++ 2.0/src/remote/xnet.cpp
+@@ -214,25 +214,16 @@
+ 
+ 	// Pick up some user identification information
+ 
+-	TEXT buffer[BUFFER_TINY];
+-	TEXT *p;
++	Firebird::string buffer;
+ 	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
+ 
+-	ISC_get_user(buffer, 0, 0, 0, 0, 0, 0);
+-	for (p = buffer; *p; p++) {
+-		if (*p >= 'A' && *p <= 'Z') {
+-			*p = *p - 'A' + 'a';
+-		}
+-	}
+-	user_id.insertString(CNCT_user, buffer, strlen(buffer));
+-
+-	ISC_get_host(buffer, sizeof(buffer));
+-	for (p = buffer; *p; p++) {
+-		if (*p >= 'A' && *p <= 'Z') {
+-			*p = *p - 'A' + 'a';
+-		}
+-	}
+-	user_id.insertString(CNCT_host, buffer, strlen(buffer));
++	ISC_get_user(&buffer, 0, 0, 0);
++	buffer.lower();
++	user_id.insertString(CNCT_user, buffer);
++
++	ISC_get_host(buffer);
++	buffer.lower();
++	user_id.insertString(CNCT_host, buffer);
+ 
+ 	if (uv_flag) {
+ 		user_id.insertTag(CNCT_user_verification);
+--- 2.0.orig/src/utilities/guard/guard.cpp
++++ 2.0/src/utilities/guard/guard.cpp
+@@ -45,6 +45,7 @@
+ #include "../jrd/gds_proto.h"
+ #include "../jrd/file_params.h"
+ #include "../utilities/guard/util_proto.h"
++#include "../common/classes/fb_string.h"
+ 
+ const USHORT FOREVER	= 1;
+ const USHORT ONETIME	= 2;
+@@ -107,12 +108,13 @@
+ 	}							/* while */
+ 
+ /* check user id */
+-	TEXT user_name[256];		/* holds the user name */
+-	ISC_get_user(user_name, NULL, NULL, NULL, NULL, NULL, NULL);
++	Firebird::string user_name;		/* holds the user name */
++	ISC_get_user(&user_name, NULL, NULL, NULL);
+ 
+-	if (strcmp(user_name, INTERBASE_USER) && strcmp(user_name, "root")
+-		&& strcmp(user_name, FIREBIRD_USER)
+-		&& strcmp(user_name, INTERBASE_USER_SHORT))
++	if (user_name != INTERBASE_USER && 
++		user_name != "root" &&
++		user_name != FIREBIRD_USER &&
++		user_name != INTERBASE_USER_SHORT)
+ 	{
+ 		/* invalid user bail out */
+ 		fprintf(stderr,
diff --git a/dev-db/firebird/firebird-2.0.3.12981.0-r4.ebuild b/dev-db/firebird/firebird-2.0.3.12981.0-r5.ebuild
index 65d54d5f38d9..8d628179f86d 100644
--- a/dev-db/firebird/firebird-2.0.3.12981.0-r4.ebuild
+++ b/dev-db/firebird/firebird-2.0.3.12981.0-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/firebird/firebird-2.0.3.12981.0-r4.ebuild,v 1.2 2008/01/16 06:50:10 wltjr Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/firebird/firebird-2.0.3.12981.0-r5.ebuild,v 1.1 2008/02/19 16:10:21 wltjr Exp $
 
 inherit flag-o-matic eutils autotools versionator
 
@@ -58,6 +58,8 @@ src_unpack() {
 
 	cd "${S}"
 
+	epatch "${FILESDIR}/${P}-CVE-2008-0387.patch"
+	epatch "${FILESDIR}/${P}-CVE-2008-0467.patch"
 	epatch "${FILESDIR}/${P}-external-libs.patch"
 	epatch "${FILESDIR}/${P}-flags.patch"
 	epatch "${FILESDIR}/${P}-make-deps.patch"