diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-10-24 13:03:20 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-10-24 13:20:37 +0200 |
commit | 5072f4792e890c809a43763c8e0b283a22ee0c14 (patch) | |
tree | 004d3afacfdc5ee7c29fbd7af3aefedf27cadbda /pkgs/development/libraries/db | |
parent | 9bd930560292209b569158a0a591b59108dd4dd9 (diff) | |
download | nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar.gz nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar.bz2 nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar.lz nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar.xz nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.tar.zst nixlib-5072f4792e890c809a43763c8e0b283a22ee0c14.zip |
db{48,53,60,62}: add patch to fix CVE-2017-10140
Diffstat (limited to 'pkgs/development/libraries/db')
-rw-r--r-- | pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch | 11 | ||||
-rw-r--r-- | pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch | 11 | ||||
-rw-r--r-- | pkgs/development/libraries/db/db-4.8.nix | 2 | ||||
-rw-r--r-- | pkgs/development/libraries/db/db-5.3.nix | 2 | ||||
-rw-r--r-- | pkgs/development/libraries/db/db-6.0.nix | 2 | ||||
-rw-r--r-- | pkgs/development/libraries/db/db-6.2.nix | 2 |
6 files changed, 26 insertions, 4 deletions
diff --git a/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch b/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch new file mode 100644 index 000000000000..ed916fcf4d1f --- /dev/null +++ b/pkgs/development/libraries/db/CVE-2017-10140-4.8-cwd-db_config.patch @@ -0,0 +1,11 @@ +--- a/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200 ++++ b/env/env_open.c 2017-06-26 10:32:46.893721233 +0200 +@@ -473,7 +473,7 @@ + env->db_mode = mode == 0 ? DB_MODE_660 : mode; + + /* Read the DB_CONFIG file. */ +- if ((ret = __env_read_db_config(env)) != 0) ++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0) + return (ret); + + /* diff --git a/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch b/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch new file mode 100644 index 000000000000..652e962bbe18 --- /dev/null +++ b/pkgs/development/libraries/db/CVE-2017-10140-cwd-db_config.patch @@ -0,0 +1,11 @@ +--- db-5.3.28/src/env/env_open.c.old 2017-06-26 10:32:11.011419981 +0200 ++++ db-5.3.28/src/env/env_open.c 2017-06-26 10:32:46.893721233 +0200 +@@ -473,7 +473,7 @@ + env->db_mode = mode == 0 ? DB_MODE_660 : mode; + + /* Read the DB_CONFIG file. */ +- if ((ret = __env_read_db_config(env)) != 0) ++ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0) + return (ret); + + /* diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index bce91e5a9401..76e30e921ba1 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -3,7 +3,7 @@ import ./generic.nix (args // rec { version = "4.8.30"; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; - extraPatches = [ ./clang-4.8.patch ]; + extraPatches = [ ./clang-4.8.patch ./CVE-2017-10140-4.8-cwd-db_config.patch ]; drvArgs.hardeningDisable = [ "format" ]; drvArgs.doCheck = false; diff --git a/pkgs/development/libraries/db/db-5.3.nix b/pkgs/development/libraries/db/db-5.3.nix index 066eca4e63d8..7894e4c73262 100644 --- a/pkgs/development/libraries/db/db-5.3.nix +++ b/pkgs/development/libraries/db/db-5.3.nix @@ -3,5 +3,5 @@ import ./generic.nix (args // rec { version = "5.3.28"; sha256 = "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"; - extraPatches = [ ./clang-5.3.patch ]; + extraPatches = [ ./clang-5.3.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.0.nix b/pkgs/development/libraries/db/db-6.0.nix index b7c5667b883e..bafca3bd52d2 100644 --- a/pkgs/development/libraries/db/db-6.0.nix +++ b/pkgs/development/libraries/db/db-6.0.nix @@ -4,5 +4,5 @@ import ./generic.nix (args // rec { version = "6.0.20"; sha256 = "00r2aaglq625y8r9xd5vw2y070plp88f1mb2gbq3kqsl7128lsl0"; license = stdenv.lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) diff --git a/pkgs/development/libraries/db/db-6.2.nix b/pkgs/development/libraries/db/db-6.2.nix index f897e3744af1..96f7668aa903 100644 --- a/pkgs/development/libraries/db/db-6.2.nix +++ b/pkgs/development/libraries/db/db-6.2.nix @@ -4,5 +4,5 @@ import ./generic.nix (args // rec { version = "6.2.23"; sha256 = "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7"; license = stdenv.lib.licenses.agpl3; - extraPatches = [ ./clang-6.0.patch ]; + extraPatches = [ ./clang-6.0.patch ./CVE-2017-10140-cwd-db_config.patch ]; }) |