libdb-4_8/reproducible.patch
David Anes c63b7b4d92 - Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
  * Backport the upsteam commits:
    - Fixed several possible crashes when running db_verify
      on a corrupted database. []
    - Fixed several possible hangs when running db_verify
      on a corrupted database. []
    - Added a warning message when attempting to verify a queue
      database which has many extent files. Verification will take
      a long time if there are many extent files. []
  * Add libdb-4_8-CVE-2019-2708.patch

- Security fix: [bsc#1174414, CVE-2019-2708]
  * libdb: Data store execution leads to partial DoS
  * Backport the upsteam commits:
    - Fixed several possible crashes when running db_verify
      on a corrupted database. []
    - Fixed several possible hangs when running db_verify
      on a corrupted database. []
    - Added a warning message when attempting to verify a queue
      database which has many extent files. Verification will take
      a long time if there are many extent files. []
  * Add libdb-4_8-CVE-2019-2708.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libdb-4_8?expand=0&rev=75
2024-08-07 12:49:34 +00:00

20 lines
744 B
Diff

Date: 2024-07-16
Author: Bernhard M. Wiedemann
make .jar build reproducible
by setting the build date to a constant.
Index: db-4.8.30/dist/Makefile.in
===================================================================
--- db-4.8.30.orig/dist/Makefile.in
+++ db-4.8.30/dist/Makefile.in
@@ -830,7 +830,7 @@ $(libj_jarfile): $(JAVA_DBSRCS)
$(JAVA) -classpath $(JAVA_CLASSTOP) \
com.sleepycat.persist.model.ClassEnhancer $(JAVA_CLASSTOP)
cd $(JAVA_CLASSTOP) && \
- $(JAR) cfm ../$(libj_jarfile) ../$(JAVA_MANIFEST) ./com/sleepycat
+ $(JAR) --date=2000-01-01T00:00:00+00:00 -c -f ../$(libj_jarfile) -m ../$(JAVA_MANIFEST) ./com/sleepycat
$(libj_exjarfile): $(libj_jarfile) $(JAVA_EXSRCS)
@test -d $(JAVA_EXCLASSTOP) || \