[packages/db5.3] - rel 4; fix CVE-2017-10140

arekm arekm at pld-linux.org
Sun Aug 13 21:39:41 CEST 2017 

commit 7b42353433599aae8a651a444281eeb3ed5f92bd
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sun Aug 13 21:39:34 2017 +0200

    - rel 4; fix CVE-2017-10140

 db-5.3.28-cwd-db_config.patch | 11 +++++++++++
 db5.3.spec                    |  4 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)
---
diff --git a/db5.3.spec b/db5.3.spec
index 6d1e646..ac1a008 100644
--- a/db5.3.spec
+++ b/db5.3.spec
@@ -17,7 +17,7 @@ Summary:	Berkeley DB database library for C
 Summary(pl.UTF-8):	Biblioteka C do obsługi baz Berkeley DB
 Name:		db5.3
 Version:	%{ver}.%{patchlevel}
-Release:	3
+Release:	4
 License:	BSD-like (see LICENSE)
 Group:		Libraries
 #Source0Download: http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
@@ -25,6 +25,7 @@ Source0:	http://download.oracle.com/berkeley-db/db-%{ver}.tar.gz
 # Source0-md5:	b99454564d5b4479750567031d66fe24
 Patch0:		%{name}-link.patch
 Patch1:		%{name}-sql-features.patch
+Patch2:		db-5.3.28-cwd-db_config.patch
 URL:		http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
 BuildRequires:	automake
 %if %{with java}
@@ -372,6 +373,7 @@ poleceń.
 %setup -q -n db-%{ver}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 cp -f /usr/share/automake/config.sub dist
diff --git a/db-5.3.28-cwd-db_config.patch b/db-5.3.28-cwd-db_config.patch
new file mode 100644
index 0000000..652e962
--- /dev/null
+++ b/db-5.3.28-cwd-db_config.patch
@@ -0,0 +1,11 @@
+--- db-5.3.28/src/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/src/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
++	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/db5.3.git/commitdiff/7b42353433599aae8a651a444281eeb3ed5f92bd

More information about the pld-cvs-commit mailing list