mirror of
https://github.com/openwrt/packages.git
synced 2025-01-31 03:41:44 +00:00
e7badaa6cb
There's no need to maintain an old version. Removed all patches as they are all upstream. Import new ones from Arch, Debian, and OpenEmbedded. Signed-off-by: Rosen Penev <rosenp@gmail.com>
23 lines
900 B
Diff
23 lines
900 B
Diff
Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
|
|
Do not access DB_CONFIG when db_home is not set.
|
|
Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
|
|
Bug-Debian: https://bugs.debian.org/872436
|
|
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
|
|
Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
|
|
Forwarded: no
|
|
Author: Petr Kubat <pkubat@redhat.com>
|
|
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2017-08-17
|
|
|
|
--- a/src/env/env_open.c
|
|
+++ b/src/env/env_open.c
|
|
@@ -473,7 +473,7 @@ __env_config(dbenv, db_home, flagsp, mod
|
|
env->db_mode = mode == 0 ? DB_MODE_660 : mode;
|
|
|
|
/* Read the DB_CONFIG file. */
|
|
- if ((ret = __env_read_db_config(env)) != 0)
|
|
+ if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
|
|
return (ret);
|
|
|
|
/*
|