- rel 4; fix CVE-2017-10140

diff --git a/db-5.3.28-cwd-db_config.patch b/db-5.3.28-cwd-db_config.patch
new file mode 100644 (file)
index 0000000..652e962
--- /dev/null
+++ b/db-5.3.28-cwd-db_config.patch
@@ -0,0 +1,11 @@
+--- db-5.3.28/src/env/env_open.c.old   2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/src/env/env_open.c       2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+       env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+       /* Read the DB_CONFIG file. */
+-      if ((ret = __env_read_db_config(env)) != 0)
++      if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+               return (ret);
+ 
+       /*

diff --git a/db5.3.spec b/db5.3.spec
index 6d1e646aa288ddccdd16d8040251ff6e8b1db214..ac1a0084bda86071ea74909f9caa803820439fbd 100644 (file)
--- a/db5.3.spec
+++ b/db5.3.spec
@@ -17,7 +17,7 @@ Summary:      Berkeley DB database library for C
 Summary(pl.UTF-8):     Biblioteka C do obsługi baz Berkeley DB
 Name:          db5.3
 Version:       %{ver}.%{patchlevel}
-Release:       3
+Release:       4
 License:       BSD-like (see LICENSE)
 Group:         Libraries
 #Source0Download: http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
@@ -25,6 +25,7 @@ Source0:      http://download.oracle.com/berkeley-db/db-%{ver}.tar.gz
 # Source0-md5: b99454564d5b4479750567031d66fe24
 Patch0:                %{name}-link.patch
 Patch1:                %{name}-sql-features.patch
+Patch2:                db-5.3.28-cwd-db_config.patch
 URL:           http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
 BuildRequires: automake
 %if %{with java}
@@ -372,6 +373,7 @@ poleceń.
 %setup -q -n db-%{ver}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 cp -f /usr/share/automake/config.sub dist