diff --git a/db-5.3.28-lemon_hash.patch b/db-5.3.28-lemon_hash.patch new file mode 100644 index 0000000..1556d5d --- /dev/null +++ b/db-5.3.28-lemon_hash.patch @@ -0,0 +1,20 @@ +--- db-5.3.28/lang/sql/sqlite/tool/lemon.c.lemon_hash 2013-09-09 17:35:07.000000000 +0200 ++++ db-5.3.28/lang/sql/sqlite/tool/lemon.c 2017-02-22 13:12:08.564106051 +0100 +@@ -3428,7 +3428,7 @@ + int maxdtlength; /* Maximum length of any ".datatype" field. */ + char *stddt; /* Standardized name for a datatype */ + int i,j; /* Loop counters */ +- int hash; /* For hashing the name of a type */ ++ unsigned hash; /* For hashing the name of a type */ + const char *name; /* Name of the parser */ + + /* Allocate and initialize types[] and allocate stddt[] */ +@@ -3491,7 +3491,7 @@ + break; + } + hash++; +- if( hash>=arraysize ) hash = 0; ++ if( hash>=(unsigned)arraysize ) hash = 0; + } + if( types[hash]==0 ){ + sp->dtnum = hash + 1; diff --git a/libdb.spec b/libdb.spec index 91d53f5..80f6728 100644 --- a/libdb.spec +++ b/libdb.spec @@ -30,6 +30,8 @@ Patch26: java8-fix.patch Patch27: db-5.3.21-memp_stat-upstream-fix.patch # fix for mutexes not being released provided by upstream (rhbz#1277887) Patch28: db-5.3.21-mutex_leak.patch +# fix for overflowing hash variable inside bundled lemon +Patch29: db-5.3.28-lemon_hash.patch URL: http://www.oracle.com/database/berkeley-db/ License: BSD and LGPLv2 and Sleepycat @@ -221,6 +223,7 @@ popd %patch26 -p1 -b .java8-fix %patch27 -p1 -b .memp_stat-fix %patch28 -p1 -b .mutex_leak +%patch29 -p1 -b .lemon_hash cd dist ./s_config @@ -429,6 +432,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/libdb_java.so %changelog +* Wed Feb 22 2017 Petr Kubat - 5.3.28-17 +- Fix overflowing integer in bundled-in lemon.c (#1423842) + * Fri Feb 10 2017 Fedora Release Engineering - 5.3.28-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild