Ana Guerrero
c85f271cdd
- update to 2.1.1:
* Fix false `MDB_CORRUPTED` error when overwriting values
larger than the page
* size (overflow/bigdata values) with `txn.put(key, value,
overwrite=True)`.
* Two hardening checks from 2.1.0 did not account for
`F_BIGDATA` nodes where
* `NODEDSZ()` returns the logical data size, not the on-page
size. (#431)
* **Security release.** All users who open LMDB databases from
untrusted or potentially-tampered sources should upgrade
immediately.
* **CVE-2019-16224**: heap buffer overflow via `MDB_DUPFIXED`
without `MDB_DUPSORT` in on-disk `md_flags`. (#429)
* **CVE-2019-16225**: `SIGSEGV` from `P_DIRTY` flag set on
mmap'd disk pages, causing `mdb_page_touch()` to skip
copy-on-write. (#429)
* **CVE-2019-16226**: out-of-bounds `memmove` in `mdb_node_del`
via corrupt `mn_hi` making `NODEDSZ()` huge. (#429)
* **CVE-2019-16227**: NULL pointer dereference of `mc_xcursor`
when `F_DUPDATA` is set on a node in a non-DUPSORT database.
* **CVE-2019-16228**: divide-by-zero from zero `mm_psize` in
meta page header. (#429)
* Cross-thread write transactions now block instead of raising
* `lmdb.Error("Attempt to operate on closed/deleted/dropped
object.")`.
* The check added in 1.8.0 was overly strict: it rejected all
- Add the relax_assertion.patch: relax PreloadTest assertion, preserving test intent and fixing openSUSE builds
(gh#jnwatson/py-lmdb#400)
OBS-URL: https://build.opensuse.org/request/show/1342277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-lmdb?expand=0&rev=20