* [Buildroot] [PATCH 1/1] package/berkeleydb: add security fix for CVE-2017-10140
@ 2018-01-27 22:41 Bernd Kuhls
2018-01-29 19:55 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Bernd Kuhls @ 2018-01-27 22:41 UTC (permalink / raw)
To: buildroot
For details read
https://security-tracker.debian.org/tracker/CVE-2017-10140
Added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/berkeleydb/0001-cwd-db_config.patch | 21 +++++++++++++++++++++
package/berkeleydb/berkeleydb.hash | 1 +
2 files changed, 22 insertions(+)
create mode 100644 package/berkeleydb/0001-cwd-db_config.patch
diff --git a/package/berkeleydb/0001-cwd-db_config.patch b/package/berkeleydb/0001-cwd-db_config.patch
new file mode 100644
index 0000000000..08ce5a3931
--- /dev/null
+++ b/package/berkeleydb/0001-cwd-db_config.patch
@@ -0,0 +1,21 @@
+Do not access DB_CONFIG when db_home is not set
+
+Fixes CVE-2017-10140:
+https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
+
+Downloaded from
+http://pkgs.fedoraproject.org/cgit/rpms/libdb.git/commit/?id=8047fa8580659fcae740c25e91b490539b8453eb
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+
+--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+
+ /* Read the DB_CONFIG file. */
+- if ((ret = __env_read_db_config(env)) != 0)
++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ return (ret);
+
+ /*
diff --git a/package/berkeleydb/berkeleydb.hash b/package/berkeleydb/berkeleydb.hash
index e47c578cbe..7529329748 100644
--- a/package/berkeleydb/berkeleydb.hash
+++ b/package/berkeleydb/berkeleydb.hash
@@ -1,2 +1,3 @@
# Locally calculated
sha256 76a25560d9e52a198d37a31440fd07632b5f1f8f9f2b6d5438f4bc3e7c9013ef db-5.3.28.NC.tar.gz
+sha256 b78815181a53241f9347c6b47d1031fd669946f863e1edc807a291354cec024b LICENSE
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/berkeleydb: add security fix for CVE-2017-10140
2018-01-27 22:41 [Buildroot] [PATCH 1/1] package/berkeleydb: add security fix for CVE-2017-10140 Bernd Kuhls
@ 2018-01-29 19:55 ` Peter Korsgaard
2018-01-31 12:35 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2018-01-29 19:55 UTC (permalink / raw)
To: buildroot
On Sat, Jan 27, 2018 at 11:41 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
> For details read
> https://security-tracker.debian.org/tracker/CVE-2017-10140
>
> Added license hash.
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed after extending the commit message a bit, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/berkeleydb: add security fix for CVE-2017-10140
2018-01-29 19:55 ` Peter Korsgaard
@ 2018-01-31 12:35 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-01-31 12:35 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> On Sat, Jan 27, 2018 at 11:41 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
>> For details read
>> https://security-tracker.debian.org/tracker/CVE-2017-10140
>>
>> Added license hash.
>>
>> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2017.02.x and 2017.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-31 12:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-27 22:41 [Buildroot] [PATCH 1/1] package/berkeleydb: add security fix for CVE-2017-10140 Bernd Kuhls
2018-01-29 19:55 ` Peter Korsgaard
2018-01-31 12:35 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.