[packages/db5.3] - rel 4; fix CVE-2017-10140
arekm
arekm at pld-linux.org
Sun Aug 13 21:39:41 CEST 2017
commit 7b42353433599aae8a651a444281eeb3ed5f92bd
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sun Aug 13 21:39:34 2017 +0200
- rel 4; fix CVE-2017-10140
db-5.3.28-cwd-db_config.patch | 11 +++++++++++
db5.3.spec | 4 +++-
2 files changed, 14 insertions(+), 1 deletion(-)
---
diff --git a/db5.3.spec b/db5.3.spec
index 6d1e646..ac1a008 100644
--- a/db5.3.spec
+++ b/db5.3.spec
@@ -17,7 +17,7 @@ Summary: Berkeley DB database library for C
Summary(pl.UTF-8): Biblioteka C do obsługi baz Berkeley DB
Name: db5.3
Version: %{ver}.%{patchlevel}
-Release: 3
+Release: 4
License: BSD-like (see LICENSE)
Group: Libraries
#Source0Download: http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
@@ -25,6 +25,7 @@ Source0: http://download.oracle.com/berkeley-db/db-%{ver}.tar.gz
# Source0-md5: b99454564d5b4479750567031d66fe24
Patch0: %{name}-link.patch
Patch1: %{name}-sql-features.patch
+Patch2: db-5.3.28-cwd-db_config.patch
URL: http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
BuildRequires: automake
%if %{with java}
@@ -372,6 +373,7 @@ poleceń.
%setup -q -n db-%{ver}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
cp -f /usr/share/automake/config.sub dist
diff --git a/db-5.3.28-cwd-db_config.patch b/db-5.3.28-cwd-db_config.patch
new file mode 100644
index 0000000..652e962
--- /dev/null
+++ b/db-5.3.28-cwd-db_config.patch
@@ -0,0 +1,11 @@
+--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+
+ /* Read the DB_CONFIG file. */
+- if ((ret = __env_read_db_config(env)) != 0)
++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ return (ret);
+
+ /*
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/db5.3.git/commitdiff/7b42353433599aae8a651a444281eeb3ed5f92bd
More information about the pld-cvs-commit
mailing list