From c63b7b4d92b430eddb5669f4ec7a43dcc8e1f13fa389b36aa40617b5212ae490 Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 7 Aug 2024 12:49:34 +0000 Subject: [PATCH] - Security fix: [bsc#1174414, CVE-2019-2708] * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864] * Add libdb-4_8-CVE-2019-2708.patch - Security fix: [bsc#1174414, CVE-2019-2708] * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864] * Add libdb-4_8-CVE-2019-2708.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libdb-4_8?expand=0&rev=75 --- .gitattributes | 23 + .gitignore | 1 + 0001-OPD-deadlock-RH-BZ-1349779.patch | 28 + _multibuild | 4 + baselibs.conf | 10 + db-4.8.30.patch | 64 ++ db-4.8.30.tar.gz | 3 + libdb-4_8-CVE-2019-2708.patch | 640 ++++++++++++++++++++ libdb-4_8.changes | 806 ++++++++++++++++++++++++++ libdb-4_8.spec | 245 ++++++++ libdb-fix-atomic.patch | 22 + libdb_java-4_8-fix-java10-comp.patch | 13 + libdb_java-4_8.changes | 171 ++++++ libdb_java-4_8.spec | 167 ++++++ reproducible.patch | 19 + 15 files changed, 2216 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-OPD-deadlock-RH-BZ-1349779.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 db-4.8.30.patch create mode 100644 db-4.8.30.tar.gz create mode 100644 libdb-4_8-CVE-2019-2708.patch create mode 100644 libdb-4_8.changes create mode 100644 libdb-4_8.spec create mode 100644 libdb-fix-atomic.patch create mode 100644 libdb_java-4_8-fix-java10-comp.patch create mode 100644 libdb_java-4_8.changes create mode 100644 libdb_java-4_8.spec create mode 100644 reproducible.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-OPD-deadlock-RH-BZ-1349779.patch b/0001-OPD-deadlock-RH-BZ-1349779.patch new file mode 100644 index 0000000..9b596fd --- /dev/null +++ b/0001-OPD-deadlock-RH-BZ-1349779.patch @@ -0,0 +1,28 @@ +From 5124401571fa1807a6595659ab7a069f17fe1068 Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Tue, 27 Aug 2019 10:01:54 +1000 +Subject: [PATCH] OPD deadlock: RH BZ 1349779 + +--- + db/db_cam.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/db/db_cam.c b/db/db_cam.c +index 4c1322d..7f133e5 100644 +--- a/db/db_cam.c ++++ b/db/db_cam.c +@@ -850,6 +850,11 @@ __dbc_iget(dbc, key, data, flags) + flags == DB_PREV || flags == DB_PREV_DUP)) { + if (tmp_rmw && (ret = dbc->am_writelock(dbc)) != 0) + goto err; ++ /* Latch the primary tree page here in order to not deadlock later. */ ++ if (cp->page == NULL && ++ (ret = __memp_fget(mpf, &cp->pgno, ++ dbc->thread_info, dbc->txn, 0, &cp->page)) != 0) ++ goto err; + if (F_ISSET(dbc, DBC_TRANSIENT)) + opd = cp->opd; + else if ((ret = __dbc_idup(cp->opd, &opd, DB_POSITION)) != 0) +-- +2.20.1 (Apple Git-117) + diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..c63c132 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + libdb_java-4_8 + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..c83dc45 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,10 @@ +libdb-4_8 +libdb-4_8-devel + requires -libdb- + requires "libdb-4_8- = " + provides "libdb-4- = " + provides "libdb- = " + provides "libdb_cxx-4- = " + provides "libdb_cxx- = " + conflicts "libdb-4_5-devel-" + conflicts "libdb-6_0-devel-" diff --git a/db-4.8.30.patch b/db-4.8.30.patch new file mode 100644 index 0000000..9359920 --- /dev/null +++ b/db-4.8.30.patch @@ -0,0 +1,64 @@ +Index: dist/configure.ac +=================================================================== +--- dist/configure.ac.orig ++++ dist/configure.ac +@@ -852,20 +852,20 @@ LTLIBOBJS=`echo "$LIB@&t@OBJS" | + AC_SUBST(LTLIBOBJS) + + # Initial output file list. +-CREATE_LIST="Makefile +- db_cxx.h:$srcdir/../dbinc/db_cxx.in +- db_int.h:$srcdir/../dbinc/db_int.in +- clib_port.h:$srcdir/../dist/clib_port.in ++CREATE_LIST="Makefile \ ++ db_cxx.h:$srcdir/../dbinc/db_cxx.in \ ++ db_int.h:$srcdir/../dbinc/db_int.in \ ++ clib_port.h:$srcdir/../dist/clib_port.in \ + include.tcl:$srcdir/../test/include.tcl" + + # Create the db.h file from a source file, a list of global function + # prototypes, and, if configured for unique names, a list of #defines + # to do DB_VERSION_UNIQUE_NAME substitution. + if test "$db_cv_uniquename" = "yes"; then +- CREATE_LIST="$CREATE_LIST ++ CREATE_LIST="$CREATE_LIST \ + db.h:$srcdir/../dbinc/db.in:$srcdir/../dbinc_auto/api_flags.in:$srcdir/../dbinc_auto/ext_def.in:$srcdir/../dbinc_auto/ext_prot.in" + else +- CREATE_LIST="$CREATE_LIST ++ CREATE_LIST="$CREATE_LIST \ + db.h:$srcdir/../dbinc/db.in:$srcdir/../dbinc_auto/api_flags.in:$srcdir/../dbinc_auto/ext_prot.in" + fi + +@@ -873,7 +873,7 @@ fi + # does the DB_VERSION_UNIQUE_NAME substitution), which is included by + # the db_int.h file. + if test "$db_cv_uniquename" = "yes"; then +- CREATE_LIST="$CREATE_LIST ++ CREATE_LIST="$CREATE_LIST \ + db_int_def.h:$srcdir/../dbinc_auto/int_def.in" + db_int_def='#include "db_int_def.h"' + fi +@@ -883,18 +883,18 @@ fi + # of #defines to do DB_VERSION_UNIQUE_NAME substitution. + if test "$db_cv_compat185" = "yes"; then + if test "$db_cv_uniquename" = "yes"; then +- CREATE_LIST="$CREATE_LIST +- db_185.h:$srcdir/../dbinc/db_185.in:$srcdir/../dbinc_auto/ext_185_def.in:$srcdir/../dbinc_auto/ext_185_prot.in ++ CREATE_LIST="$CREATE_LIST \ ++ db_185.h:$srcdir/../dbinc/db_185.in:$srcdir/../dbinc_auto/ext_185_def.in:$srcdir/../dbinc_auto/ext_185_prot.in \ + db185_int.h:$srcdir/../db185/db185_int.in:$srcdir/../dbinc_auto/ext_185_def.in:$srcdir/../dbinc_auto/ext_185_prot.in" + else +- CREATE_LIST="$CREATE_LIST +- db_185.h:$srcdir/../dbinc/db_185.in:$srcdir/../dbinc_auto/ext_185_prot.in ++ CREATE_LIST="$CREATE_LIST \ ++ db_185.h:$srcdir/../dbinc/db_185.in:$srcdir/../dbinc_auto/ext_185_prot.in \ + db185_int.h:$srcdir/../db185/db185_int.in:$srcdir/../dbinc_auto/ext_185_prot.in" + fi + fi + + if test "$db_cv_stl" = "yes"; then +- CREATE_LIST="$CREATE_LIST ++ CREATE_LIST="$CREATE_LIST \ + dbstl_common.h:$srcdir/../stl/dbstl_common.in" + fi + diff --git a/db-4.8.30.tar.gz b/db-4.8.30.tar.gz new file mode 100644 index 0000000..501a4ef --- /dev/null +++ b/db-4.8.30.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a +size 22887305 diff --git a/libdb-4_8-CVE-2019-2708.patch b/libdb-4_8-CVE-2019-2708.patch new file mode 100644 index 0000000..9c64deb --- /dev/null +++ b/libdb-4_8-CVE-2019-2708.patch @@ -0,0 +1,640 @@ +Index: db-4.8.30/btree/bt_cursor.c +=================================================================== +--- db-4.8.30.orig/btree/bt_cursor.c ++++ db-4.8.30/btree/bt_cursor.c +@@ -282,6 +282,8 @@ __bamc_refresh(dbc) + * + * Recno uses the btree bt_ovflsize value -- it's close enough. + */ ++ if (t->bt_minkey == 0) ++ return (DB_RECOVER); + cp->ovflsize = B_MINKEY_TO_OVFLSIZE( + dbp, F_ISSET(dbc, DBC_OPD) ? 2 : t->bt_minkey, dbp->pgsize); + +Index: db-4.8.30/btree/bt_verify.c +=================================================================== +--- db-4.8.30.orig/btree/bt_verify.c ++++ db-4.8.30/btree/bt_verify.c +@@ -613,7 +613,11 @@ __bam_vrfy_inp(dbp, vdp, h, pgno, nentri + isbad = 1; + goto err; + default: +- DB_ASSERT(env, ret != 0); ++ if (ret == 0) { ++ isbad = 1; ++ ret = DB_VERIFY_FATAL; ++ goto err; ++ } + break; + } + +@@ -934,8 +939,8 @@ __bam_vrfy_itemorder(dbp, vdp, ip, h, pg + F_SET(&dbtb, DB_DBT_REALLOC); + + buf1 = buf2 = NULL; +- +- DB_ASSERT(env, !LF_ISSET(DB_NOORDERCHK)); ++ if (LF_ISSET(DB_NOORDERCHK)) ++ return (EINVAL); + + dupfunc = (dbp->dup_compare == NULL) ? __bam_defcmp : dbp->dup_compare; + if (TYPE(h) == P_LDUP) +@@ -1178,8 +1184,12 @@ overflow: if (!ovflok) { + */ + if (dup_1.data == NULL || + dup_2.data == NULL) { +- DB_ASSERT(env, !ovflok); +- F_SET(pip, VRFY_INCOMPLETE); ++ if (ovflok) { ++ isbad = 1; ++ goto err; ++ } ++ if (pip != NULL) ++ F_SET(pip, VRFY_INCOMPLETE); + goto err; + } + +@@ -1510,9 +1520,10 @@ bad_prev: isbad = 1; + (ret = __db_vrfy_ovfl_structure(dbp, vdp, + child->pgno, child->tlen, + flags | DB_ST_OVFL_LEAF)) != 0) { +- if (ret == DB_VERIFY_BAD) ++ if (ret == DB_VERIFY_BAD) { + isbad = 1; +- else ++ break; ++ } else + goto done; + } + +@@ -1586,9 +1597,10 @@ bad_prev: isbad = 1; + stflags | DB_ST_TOPLEVEL, + NULL, NULL, NULL)) != 0) { + if (ret == +- DB_VERIFY_BAD) ++ DB_VERIFY_BAD) { + isbad = 1; +- else ++ break; ++ } else + goto err; + } + } +@@ -1728,7 +1740,10 @@ bad_prev: isbad = 1; + */ + + /* Otherwise, __db_vrfy_childput would be broken. */ +- DB_ASSERT(env, child->refcnt >= 1); ++ if (child->refcnt < 1) { ++ isbad = 1; ++ goto err; ++ } + + /* + * An overflow referenced more than twice here +@@ -1744,9 +1759,10 @@ bad_prev: isbad = 1; + if ((ret = __db_vrfy_ovfl_structure(dbp, + vdp, child->pgno, child->tlen, + flags)) != 0) { +- if (ret == DB_VERIFY_BAD) ++ if (ret == DB_VERIFY_BAD) { + isbad = 1; +- else ++ break; ++ } else + goto done; + } + } +@@ -2609,7 +2625,11 @@ __bam_meta2pgset(dbp, vdp, btmeta, flags + db_pgno_t current, p; + int err_ret, ret; + +- DB_ASSERT(dbp->env, pgset != NULL); ++ if (pgset == NULL) { ++ EPRINT((dbp->env, ++ "Error, database contains no visible pages.")); ++ return (DB_RUNRECOVERY); ++ } + + mpf = dbp->mpf; + h = NULL; +Index: db-4.8.30/db/db_conv.c +=================================================================== +--- db-4.8.30.orig/db/db_conv.c ++++ db-4.8.30/db/db_conv.c +@@ -447,8 +447,11 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + db_indx_t i, *inp, len, tmp; + u_int8_t *end, *p, *pgend; + +- if (pagesize == 0) +- return (0); ++ /* This function is also used to byteswap logs, so ++ * the pagesize might not be an actual page size. ++ */ ++ if (!(pagesize >= 24 && pagesize <= DB_MAX_PGSIZE)) ++ return (EINVAL); + + env = dbp->env; + +@@ -465,26 +468,41 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + pgend = (u_int8_t *)h + pagesize; + + inp = P_INP(dbp, h); +- if ((u_int8_t *)inp >= pgend) +- goto out; ++ if ((u_int8_t *)inp > pgend) ++ return (__db_pgfmt(env, pg)); + + switch (TYPE(h)) { + case P_HASH_UNSORTED: + case P_HASH: + for (i = 0; i < NUM_ENT(h); i++) { ++ if ((u_int8_t*)(inp + i) >= pgend) ++ return (__db_pgfmt(env, pg)); ++ if (inp[i] == 0) ++ continue; + if (pgin) + M_16_SWAP(inp[i]); ++ if (inp[i] >= pagesize) ++ return (__db_pgfmt(env, pg)); + + if (P_ENTRY(dbp, h, i) >= pgend) +- continue; ++ return (__db_pgfmt(env, pg)); + + switch (HPAGE_TYPE(dbp, h, i)) { + case H_KEYDATA: + break; + case H_DUPLICATE: ++ if (LEN_HITEM(dbp, h, pagesize, i) < ++ HKEYDATA_SIZE(0)) ++ return (__db_pgfmt(env, pg)); ++ + len = LEN_HKEYDATA(dbp, h, pagesize, i); + p = HKEYDATA_DATA(P_ENTRY(dbp, h, i)); +- for (end = p + len; p < end;) { ++ ++ end = p + len; ++ if (end > pgend) ++ return (__db_pgfmt(env, pg)); ++ ++ while (p < end) { + if (pgin) { + P_16_SWAP(p); + memcpy(&tmp, +@@ -496,14 +514,20 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + SWAP16(p); + } + p += tmp; ++ if (p >= end) ++ return (__db_pgfmt(env, pg)); + SWAP16(p); + } + break; + case H_OFFDUP: ++ if ((inp[i] + HOFFDUP_SIZE) > pagesize) ++ return (__db_pgfmt(env, pg)); + p = HOFFPAGE_PGNO(P_ENTRY(dbp, h, i)); + SWAP32(p); /* pgno */ + break; + case H_OFFPAGE: ++ if ((inp[i] + HOFFPAGE_SIZE) > pagesize) ++ return (__db_pgfmt(env, pg)); + p = HOFFPAGE_PGNO(P_ENTRY(dbp, h, i)); + SWAP32(p); /* pgno */ + SWAP32(p); /* tlen */ +@@ -528,8 +552,12 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + case P_LDUP: + case P_LRECNO: + for (i = 0; i < NUM_ENT(h); i++) { ++ if ((u_int8_t *)(inp + i) >= pgend) ++ return (__db_pgfmt(env, pg)); + if (pgin) + M_16_SWAP(inp[i]); ++ if (inp[i] >= pagesize) ++ return (__db_pgfmt(env, pg)); + + /* + * In the case of on-page duplicates, key information +@@ -549,7 +577,7 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + + bk = GET_BKEYDATA(dbp, h, i); + if ((u_int8_t *)bk >= pgend) +- continue; ++ return (__db_pgfmt(env, pg)); + switch (B_TYPE(bk->type)) { + case B_KEYDATA: + M_16_SWAP(bk->len); +@@ -557,6 +585,8 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + case B_DUPLICATE: + case B_OVERFLOW: + bo = (BOVERFLOW *)bk; ++ if (((u_int8_t *)bo + BOVERFLOW_SIZE) > pgend) ++ return (__db_pgfmt(env, pg)); + M_32_SWAP(bo->pgno); + M_32_SWAP(bo->tlen); + break; +@@ -570,12 +600,17 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + break; + case P_IBTREE: + for (i = 0; i < NUM_ENT(h); i++) { ++ if ((u_int8_t *)(inp + i) > pgend) ++ return (__db_pgfmt(env, pg)); + if (pgin) + M_16_SWAP(inp[i]); ++ if ((u_int16_t)(inp[i] + ++ BINTERNAL_SIZE(0) - 1) > pagesize) ++ break; + + bi = GET_BINTERNAL(dbp, h, i); +- if ((u_int8_t *)bi >= pgend) +- continue; ++ if (((u_int8_t *)bi + BINTERNAL_SIZE(0)) > pgend) ++ return (__db_pgfmt(env, pg)); + + M_16_SWAP(bi->len); + M_32_SWAP(bi->pgno); +@@ -586,6 +621,10 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + break; + case B_DUPLICATE: + case B_OVERFLOW: ++ if ((u_int16_t)(inp[i] + ++ BINTERNAL_SIZE(BOVERFLOW_SIZE) - 1) > ++ pagesize) ++ goto out; + bo = (BOVERFLOW *)bi->data; + M_32_SWAP(bo->pgno); + M_32_SWAP(bo->tlen); +@@ -600,12 +639,16 @@ __db_byteswap(dbp, pg, h, pagesize, pgin + break; + case P_IRECNO: + for (i = 0; i < NUM_ENT(h); i++) { ++ if ((u_int8_t *)(inp + i) >= pgend) ++ return (__db_pgfmt(env, pg)); + if (pgin) + M_16_SWAP(inp[i]); ++ if (inp[i] >= pagesize) ++ return (__db_pgfmt(env, pg)); + + ri = GET_RINTERNAL(dbp, h, i); +- if ((u_int8_t *)ri >= pgend) +- continue; ++ if ((((u_int8_t *)ri) + RINTERNAL_SIZE) > pgend) ++ return (__db_pgfmt(env, pg)); + + M_32_SWAP(ri->pgno); + M_32_SWAP(ri->nrecs); +Index: db-4.8.30/db/db_vrfy.c +=================================================================== +--- db-4.8.30.orig/db/db_vrfy.c ++++ db-4.8.30/db/db_vrfy.c +@@ -360,8 +360,10 @@ __db_verify(dbp, ip, name, subdb, handle + vdp, name, 0, lp, rp, flags)) != 0) { + if (t_ret == DB_VERIFY_BAD) + isbad = 1; +- else ++ else { ++ ret = t_ret; + goto err; ++ } + } + + /* +@@ -680,7 +682,10 @@ __db_vrfy_walkpages(dbp, vdp, handle, ca + */ + if ((t_ret = __memp_fget(mpf, &i, + vdp->thread_info, NULL, 0, &h)) != 0) { +- if (dbp->type == DB_HASH) { ++ if ((dbp->type == DB_HASH || ++ (dbp->type == DB_QUEUE && ++ F_ISSET(dbp, DB_AM_INMEM))) && ++ t_ret != DB_RUNRECOVERY) { + if ((t_ret = + __db_vrfy_getpageinfo(vdp, i, &pip)) != 0) + goto err1; +@@ -840,6 +845,8 @@ err: if (h != NULL && (t_ret = __memp_f + return (ret == 0 ? t_ret : ret); + } + ++ if (ret == DB_PAGE_NOTFOUND && isbad == 1) ++ ret = 0; + return ((isbad == 1 && ret == 0) ? DB_VERIFY_BAD : ret); + } + +@@ -1434,7 +1441,7 @@ __db_vrfy_meta(dbp, vdp, meta, pgno, fla + */ + if (pgno == PGNO_BASE_MD && meta->last_pgno != vdp->last_pgno) { + #ifdef HAVE_FTRUNCATE +- isbad = 1; ++ ret = DB_VERIFY_FATAL; + EPRINT((env, + "Page %lu: last_pgno is not correct: %lu != %lu", + (u_long)pgno, +@@ -1475,7 +1482,11 @@ __db_vrfy_freelist(dbp, vdp, meta, flags + + env = dbp->env; + pgset = vdp->pgset; +- DB_ASSERT(env, pgset != NULL); ++ if (pgset == NULL) { ++ EPRINT((env, ++ "Error, database contains no visible pages.")); ++ return (DB_RUNRECOVERY); ++ } + + if ((ret = __db_vrfy_getpageinfo(vdp, meta, &pip)) != 0) + return (ret); +@@ -1851,7 +1862,8 @@ __db_salvage_pg(dbp, vdp, pgno, h, handl + int keyflag, ret, t_ret; + + env = dbp->env; +- DB_ASSERT(env, LF_ISSET(DB_SALVAGE)); ++ if (!LF_ISSET(DB_SALVAGE)) ++ return (EINVAL); + + /* + * !!! +@@ -1974,10 +1986,8 @@ __db_salvage_leaf(dbp, vdp, pgno, h, han + int (*callback) __P((void *, const void *)); + u_int32_t flags; + { +- ENV *env; +- +- env = dbp->env; +- DB_ASSERT(env, LF_ISSET(DB_SALVAGE)); ++ if (!LF_ISSET(DB_SALVAGE)) ++ return (EINVAL); + + /* If we got this page in the subdb pass, we can safely skip it. */ + if (__db_salvage_isdone(vdp, pgno)) +@@ -2068,8 +2078,8 @@ __db_salvage_unknowns(dbp, vdp, handle, + ret = t_ret; + break; + case SALVAGE_OVERFLOW: +- DB_ASSERT(env, 0); /* Shouldn't ever happen. */ +- break; ++ EPRINT((env, "Invalid page type to salvage.")); ++ return (EINVAL); + case SALVAGE_HASH: + if ((t_ret = __ham_salvage(dbp, vdp, + pgno, h, handle, callback, flags)) != 0 && ret == 0) +@@ -2082,8 +2092,8 @@ __db_salvage_unknowns(dbp, vdp, handle, + * Shouldn't happen, but if it does, just do what the + * nice man says. + */ +- DB_ASSERT(env, 0); +- break; ++ EPRINT((env, "Invalid page type to salvage.")); ++ return (EINVAL); + } + if ((t_ret = __memp_fput(mpf, + vdp->thread_info, h, dbp->priority)) != 0 && ret == 0) +@@ -2129,8 +2139,8 @@ __db_salvage_unknowns(dbp, vdp, handle, + ret = t_ret; + break; + default: +- DB_ASSERT(env, 0); /* Shouldn't ever happen. */ +- break; ++ EPRINT((env, "Invalid page type to salvage.")); ++ return (EINVAL); + } + if ((t_ret = __memp_fput(mpf, + vdp->thread_info, h, dbp->priority)) != 0 && ret == 0) +@@ -2187,7 +2197,10 @@ __db_vrfy_inpitem(dbp, h, pgno, i, is_bt + + env = dbp->env; + +- DB_ASSERT(env, himarkp != NULL); ++ if (himarkp == NULL) { ++ __db_msg(env, "Page %lu index has no end.", pgno); ++ return (DB_VERIFY_FATAL); ++ } + inp = P_INP(dbp, h); + + /* +@@ -2597,7 +2610,11 @@ __db_salvage_subdbpg(dbp, vdp, master, h + goto err; + ovfl_bufsz = bkkey->len + 1; + } +- DB_ASSERT(env, subdbname != NULL); ++ if (subdbname == NULL) { ++ EPRINT((env, "Subdatabase cannot be null.")); ++ ret = EINVAL; ++ goto err; ++ } + memcpy(subdbname, bkkey->data, bkkey->len); + subdbname[bkkey->len] = '\0'; + } +Index: db-4.8.30/db/db_vrfyutil.c +=================================================================== +--- db-4.8.30.orig/db/db_vrfyutil.c ++++ db-4.8.30/db/db_vrfyutil.c +@@ -198,7 +198,8 @@ __db_vrfy_getpageinfo(vdp, pgno, pipp) + if ((ret = __db_get(pgdbp, + vdp->thread_info, NULL, &key, &data, 0)) == 0) { + /* Found it. */ +- DB_ASSERT(env, data.size == sizeof(VRFY_PAGEINFO)); ++ if (data.size != sizeof(VRFY_PAGEINFO)) ++ return (DB_VERIFY_FATAL); + pip = data.data; + LIST_INSERT_HEAD(&vdp->activepips, pip, links); + goto found; +@@ -325,7 +326,8 @@ __db_vrfy_pgset_get(dbp, ip, pgno, valp) + F_SET(&data, DB_DBT_USERMEM); + + if ((ret = __db_get(dbp, ip, NULL, &key, &data, 0)) == 0) { +- DB_ASSERT(dbp->env, data.size == sizeof(int)); ++ if (data.size != sizeof(int)) ++ return (EINVAL); + } else if (ret == DB_NOTFOUND) + val = 0; + else +@@ -363,7 +365,8 @@ __db_vrfy_pgset_inc(dbp, ip, pgno) + F_SET(&data, DB_DBT_USERMEM); + + if ((ret = __db_get(dbp, ip, NULL, &key, &data, 0)) == 0) { +- DB_ASSERT(dbp->env, data.size == sizeof(int)); ++ if (data.size != sizeof(int)) ++ return (DB_VERIFY_FATAL); + } else if (ret != DB_NOTFOUND) + return (ret); + +@@ -400,7 +403,8 @@ __db_vrfy_pgset_next(dbc, pgnop) + if ((ret = __dbc_get(dbc, &key, &data, DB_NEXT)) != 0) + return (ret); + +- DB_ASSERT(dbc->env, key.size == sizeof(db_pgno_t)); ++ if (key.size != sizeof(db_pgno_t)) ++ return (DB_VERIFY_FATAL); + *pgnop = pgno; + + return (0); +@@ -547,7 +551,8 @@ __db_vrfy_ccset(dbc, pgno, cipp) + if ((ret = __dbc_get(dbc, &key, &data, DB_SET)) != 0) + return (ret); + +- DB_ASSERT(dbc->env, data.size == sizeof(VRFY_CHILDINFO)); ++ if (data.size != sizeof(VRFY_CHILDINFO)) ++ return (DB_VERIFY_FATAL); + *cipp = (VRFY_CHILDINFO *)data.data; + + return (0); +@@ -575,7 +580,8 @@ __db_vrfy_ccnext(dbc, cipp) + if ((ret = __dbc_get(dbc, &key, &data, DB_NEXT_DUP)) != 0) + return (ret); + +- DB_ASSERT(dbc->env, data.size == sizeof(VRFY_CHILDINFO)); ++ if (data.size != sizeof(VRFY_CHILDINFO)) ++ return (DB_VERIFY_FATAL); + *cipp = (VRFY_CHILDINFO *)data.data; + + return (0); +@@ -702,7 +708,8 @@ __db_salvage_getnext(vdp, dbcp, pgnop, p + return (ret); + + while ((ret = __dbc_get(*dbcp, &key, &data, DB_NEXT)) == 0) { +- DB_ASSERT(dbp->env, data.size == sizeof(u_int32_t)); ++ if (data.size != sizeof(u_int32_t)) ++ return (DB_VERIFY_FATAL); + memcpy(&pgtype, data.data, sizeof(pgtype)); + + if (skip_overflow && pgtype == SALVAGE_OVERFLOW) +@@ -711,8 +718,9 @@ __db_salvage_getnext(vdp, dbcp, pgnop, p + if ((ret = __dbc_del(*dbcp, 0)) != 0) + return (ret); + if (pgtype != SALVAGE_IGNORE) { +- DB_ASSERT(dbp->env, key.size == sizeof(db_pgno_t)); +- DB_ASSERT(dbp->env, data.size == sizeof(u_int32_t)); ++ if (key.size != sizeof(db_pgno_t) ++ || data.size != sizeof(u_int32_t)) ++ return (DB_VERIFY_FATAL); + + *pgnop = *(db_pgno_t *)key.data; + *pgtypep = *(u_int32_t *)data.data; +Index: db-4.8.30/db/partition.c +=================================================================== +--- db-4.8.30.orig/db/partition.c ++++ db-4.8.30/db/partition.c +@@ -452,10 +452,20 @@ __partition_chk_meta(dbp, ip, txn, flags + } else + part->nparts = meta->nparts; + } else if (meta->nparts != 0 && part->nparts != meta->nparts) { ++ ret = EINVAL; + __db_errx(env, "Number of partitions does not match."); + ret = EINVAL; + goto err; + } ++ /* ++ * There is no limit on the number of partitions, but I cannot imagine a real ++ * database having more than 10000. ++ */ ++ if (meta->nparts > 10000) { ++ ret = EINVAL; ++ __db_errx(env, "Too many partitions %lu", meta->nparts); ++ goto err; ++ } + + if (meta->magic == DB_HASHMAGIC) { + if (!F_ISSET(part, PART_CALLBACK)) { +@@ -1863,10 +1874,13 @@ __part_verify(dbp, vdp, fname, handle, c + memcpy(rp->data, key->data, key->size); + B_TSET(rp->type, B_KEYDATA); + } +-vrfy: if ((t_ret = __db_verify(*pdbp, ip, (*pdbp)->fname, +- NULL, handle, callback, +- lp, rp, flags | DB_VERIFY_PARTITION)) != 0 && ret == 0) +- ret = t_ret; ++vrfy: if ((t_ret = __db_verify(*pdbp, ip, (*pdbp)->fname, ++ NULL, handle, callback, ++ lp, rp, flags | DB_VERIFY_PARTITION)) != 0 && ret == 0) { ++ ret = t_ret; ++ if (ret == ENOENT) ++ break; ++ } + } + + err: if (lp != NULL) +Index: db-4.8.30/hash/hash_page.c +=================================================================== +--- db-4.8.30.orig/hash/hash_page.c ++++ db-4.8.30/hash/hash_page.c +@@ -862,7 +862,11 @@ __ham_verify_sorted_page (dbc, p) + /* Validate that next, prev pointers are OK */ + n = NUM_ENT(p); + dbp = dbc->dbp; +- DB_ASSERT(dbp->env, n%2 == 0 ); ++ if (n % 2 != 0) { ++ __db_errx(dbp->env, ++ "Odd number of entries on page: %lu", (u_long)p->pgno); ++ return (DB_VERIFY_FATAL); ++ } + + env = dbp->env; + t = dbp->h_internal; +@@ -933,7 +937,12 @@ __ham_verify_sorted_page (dbc, p) + if ((ret = __db_prpage(dbp, p, DB_PR_PAGE)) != 0) + return (ret); + #endif +- DB_ASSERT(dbp->env, res < 0); ++ if (res >= 0) { ++ __db_errx(env, ++ "Odd number of entries on page: %lu", ++ (u_long)p->pgno); ++ return (DB_VERIFY_FATAL); ++ } + } + + prev = curr; +Index: db-4.8.30/hash/hash_verify.c +=================================================================== +--- db-4.8.30.orig/hash/hash_verify.c ++++ db-4.8.30/hash/hash_verify.c +@@ -562,7 +562,7 @@ __ham_vrfy_bucket(dbp, vdp, m, bucket, f + "Page %lu: impossible first page in bucket %lu", + (u_long)pgno, (u_long)bucket)); + /* Unsafe to continue. */ +- isbad = 1; ++ ret = DB_VERIFY_FATAL; + goto err; + } + +@@ -592,7 +592,7 @@ __ham_vrfy_bucket(dbp, vdp, m, bucket, f + EPRINT((env, + "Page %lu: hash page referenced twice", + (u_long)pgno)); +- isbad = 1; ++ ret = DB_VERIFY_FATAL; + /* Unsafe to continue. */ + goto err; + } else if ((ret = __db_vrfy_pgset_inc(vdp->pgset, +@@ -1036,7 +1036,11 @@ __ham_meta2pgset(dbp, vdp, hmeta, flags, + COMPQUIET(flags, 0); + ip = vdp->thread_info; + +- DB_ASSERT(dbp->env, pgset != NULL); ++ if (pgset == NULL) { ++ EPRINT((dbp->env, ++ "Error, database contains no visible pages.")); ++ return (DB_VERIFY_FATAL); ++ } + + mpf = dbp->mpf; + totpgs = 0; +Index: db-4.8.30/qam/qam_verify.c +=================================================================== +--- db-4.8.30.orig/qam/qam_verify.c ++++ db-4.8.30/qam/qam_verify.c +@@ -445,7 +445,13 @@ __qam_vrfy_walkqueue(dbp, vdp, handle, c + /* Verify/salvage each page. */ + if ((ret = __db_cursor(dbp, vdp->thread_info, NULL, &dbc, 0)) != 0) + return (ret); +-begin: for (; i <= stop; i++) { ++begin: if ((stop - i) > 100000) { ++ EPRINT((env, "Warning, many possible extends files (%lu), will take a long time to verify", ++ (u_long)(stop - i))); ++ } ++ for (; i <= stop; i++) { ++ if (i == UINT32_MAX) ++ break; + /* + * If DB_SALVAGE is set, we inspect our database of completed + * pages, and skip any we've already printed in the subdb pass. diff --git a/libdb-4_8.changes b/libdb-4_8.changes new file mode 100644 index 0000000..a94d2ce --- /dev/null +++ b/libdb-4_8.changes @@ -0,0 +1,806 @@ +------------------------------------------------------------------- +Wed Aug 7 09:15:21 UTC 2024 - Pedro Monreal + +- Security fix: [bsc#1174414, CVE-2019-2708] + * libdb: Data store execution leads to partial DoS + * Backport the upsteam commits: + - Fixed several possible crashes when running db_verify + on a corrupted database. [#27864] + - Fixed several possible hangs when running db_verify + on a corrupted database. [#27864] + - Added a warning message when attempting to verify a queue + database which has many extent files. Verification will take + a long time if there are many extent files. [#27864] + * Add libdb-4_8-CVE-2019-2708.patch + +------------------------------------------------------------------- +Thu Feb 29 16:01:36 UTC 2024 - pgajdos@suse.com + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Wed Jun 21 12:42:57 UTC 2023 - Pedro Monreal + +- Fix incomplete license tag. [bsc#1099695] + +------------------------------------------------------------------- +Thu May 4 13:52:39 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Mar 10 10:25:40 UTC 2023 - Martin Pluskal + +- Build AVX2 enabled hwcaps library for x86_64-v3 + +------------------------------------------------------------------- +Tue Aug 27 00:06:09 UTC 2019 - William Brown + +- Add opd deadlock patch as found and documented by Red Hat. + (bsc#1148244) + * 0001-OPD-deadlock-RH-BZ-1349779.patch + +------------------------------------------------------------------- +Mon Aug 19 06:59:04 UTC 2019 - Tomáš Chvátal + +- Remove the getpatches as it does not work at all, oracle + removed the pages +- Use spec-cleaner +- Fix stripped debuginfo to make sure we can debug with libdb + +------------------------------------------------------------------- +Thu Dec 20 12:41:18 UTC 2018 - Tomáš Chvátal + +- Fix the license to match up really what is in there + +------------------------------------------------------------------- +Tue Mar 13 08:59:56 UTC 2018 - rguenther@suse.com + +- Add libdb-fix-atomic.patch to fix __atomic_compare_exchange clash + with GCCs builtin. Fixes build with GCC8 which now rejects this. + +------------------------------------------------------------------- +Thu Mar 31 09:50:39 UTC 2016 - tchvatal@suse.com + +- Use upstream tarball +- Cleanup a bit with spec-cleaner +- remove unused script check-build.sh + +------------------------------------------------------------------- +Mon May 12 08:52:48 UTC 2014 - schwab@suse.de + +- remove generation of unused tarball +- remove setting of unused variable + +------------------------------------------------------------------- +Mon Oct 21 13:05:38 UTC 2013 - coolo@suse.com + +- fix update-alternatives usage + +------------------------------------------------------------------- +Tue Oct 8 16:27:57 UTC 2013 - jengelh@inai.de + +- Add update-alternatives rules to db48-utils (bnc#840738) + +------------------------------------------------------------------- +Tue Jul 23 07:30:46 UTC 2013 - coolo@suse.com + +- readd the provides of db-*, we're not going to switch to db 6.0 + too eagerly: http://lwn.net/Articles/557487/ + +------------------------------------------------------------------- +Wed Jun 19 11:13:31 UTC 2013 - werner@suse.de + +- Explicit add a conflict to other providers of /usr/lib/libdb.so + and /usr/lib/libdb-4.so + +------------------------------------------------------------------- +Tue Jun 18 11:48:48 UTC 2013 - werner@suse.de + +- Try to change baselibs.conf to fit coolo's comment hopefully + +------------------------------------------------------------------- +Thu Jun 13 23:11:33 UTC 2013 - jengelh@inai.de + +- Rename db_ binaries to db48_ to make room for libdb-6_0 +- Add conflict markers against libdb-4_5 (overlapping files) + +------------------------------------------------------------------- +Sat Nov 17 12:01:29 CET 2012 - ro@suse.de + +- fix check-build.sh for kernel > 3.0 + +------------------------------------------------------------------- +Mon Jan 9 12:08:10 UTC 2012 - aj@suse.de + +- Do not use build date as version string. + +------------------------------------------------------------------- +Thu Dec 22 01:11:27 UTC 2011 - jengelh@medozas.de + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) + +------------------------------------------------------------------- +Tue Dec 20 11:20:14 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Sep 28 18:46:43 UTC 2011 - adrian@suse.de + +- fix arm build + +------------------------------------------------------------------- +Tue Sep 27 16:39:10 UTC 2011 - prusnak@opensuse.org + +- enable C++ bindings +- spec cleanup + +------------------------------------------------------------------- +Fri Sep 16 17:00:33 UTC 2011 - jengelh@medozas.de + +- Add libdb-devel to baselibs + +------------------------------------------------------------------- +Sat Aug 13 03:41:05 UTC 2011 - crrodriguez@opensuse.org + +- Do not build static libraries + +------------------------------------------------------------------- +Mon May 23 15:02:16 UTC 2011 - rhafer@suse.de + +- Fixed summary of the -devel subpackage (bnc#694826) + +------------------------------------------------------------------- +Wed Sep 22 12:08:25 UTC 2010 - rhafer@novell.com + +- Updated to db-4.8.30. Important changes since 4.7: + * Improved scalability and throughput when using BTree databases + especially when running with multiple threads that equal or + exceed the number of available CPUs. + * Berkeley DB has added database partitioning. BTree or Hash + databases may now be partitioned across multiple directories. + Partitioned databases can be used to increase concurrency and to + improve performance by spreading access across disk subsystems. + * Berkeley DB now supports bulk insertion and deletion of data. + Similar to the bulk get interface, the bulk put and bulk delete + allow the developer to populate a buffer of key-value pairs and + then pass it to the BDB library with a single API call. + * Berkeley DB now supports compression when using BTree. + * Berkeley DB introduces a new utility named db_sql which replaces + db_codegen. Similar to db_codegen, db_sql accepts an input file + with DDL statements and generates a Berkeley DB application + using the C API that creates and performs CRUD operations on + the defined tables. The developer can then use that code as a + basis for further application development. + * The Replication Manager now supports shared access to the Master + database environment from multiple processes. In earlier + versions, multiple process support on the Master required use + of the Base Replication API. + * Foreign Key Support has been added to Berkeley DB. + * for a more detailed changelog see the changelog_4_8.html file + in db-doc package. +- Removed db-utils-doc subpackage the utils documentation is now + integrated with the API documentation. + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Wed Dec 16 10:51:58 CET 2009 - jengelh@medozas.de + +- Package documentation as noarch + +------------------------------------------------------------------- +Sun Dec 6 14:22:39 CET 2009 - jengelh@medozas.de + +- Enable parallel building for libdb-4_5 package + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Tue Jan 13 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Fri Nov 21 16:39:20 CET 2008 - ro@suse.de + +- update check-build.sh + +------------------------------------------------------------------- +Fri Jun 27 11:44:14 CEST 2008 - schwab@suse.de + +- Fix configure script. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Tue May 15 12:17:19 CEST 2007 - kesselborn@suse.de + +- copied spec file from db44 +- changed package structure to: +db-doc +db-utils +db-utils-doc +libdb-4_5 +libdb-4_5 +- update to version 4.5: + +Database or Log File On-Disk Format Changes: + + None + +New Features: + + 1. A new event style notification. + 2. Multi-Version Concurrency Control for the Btree/Recno + access methods. + 3. A new replication framework with a default TCP/IP setup. + 4. A new port to the BREW platform (a cell phone OS), not + fully supported but ready for testing. + 5. Several enhancements to the Java Collections API including + the implementation of the size() method. + 6. Online replication upgrades for high availability replicated + 24/7 systems. + +Database Environment Changes: + + 1. Update the DB_ENV->failchk method to garbage collect + per-process mutexes stranded after unexpected process + failure. [#13964] + 2. Fix a bug that could cause memory used to track threads + for DB_ENV->failchk to not be reused when a thread no longer + exists. [#14425] + 3. Add set_event_notify behavior as part of new event + notification in Berkeley DB. [#14534] + 4. Fix a bug so that we no longer panic on DB_ENV->close() + if a previous environment close failed to log. This condition + will now return an error. [#14693] + +Concurrent Data Store Changes: + + 1. Fix a bug where renaming a subdatabase in a Concurrent + Data Store environment could fail. [#14185] + +General Access Method Changes: + + 1. Fix a bug that could leave extra unallocated pages at the + end of a database file. [#14031] + 2. Optimize secondary updates when overwriting primary + records. [#14075] + 3. Fix a bug to prevent a trap when creating a named in-memory + database and there are already temporary files open. [#14133] + 4. Fix a bug which caused a trap if the key parameter to + DBC->c_get was omitted with DB_CURRENT. [#14143] + 5. Fix a bug with secondary cursors when the secondary has + off-page duplicates. This bug resulted in incorrect primary + data being returned. [#14240] + 6. Fix a bug that would not properly upgrade database files + from releases 3.2.9 (and earlier) to releases 4.0 (and + greater). [#14461] + 7. Fix a bug that could cause a DB_READ_UNCOMMITTED get through + a secondary index to return DB_SECONDARY_CORRUPT. [#14487] + 8. Fix a bug so that non-transactional cursor updates of a + transactional database will generate an error. [#14519] + 9. Add a message when the system panics due to a page in the + wrong state at its time of allocation. [#14527] + +Btree Access Method Changes: + + 1. Fix a bug that could cause a diagnostic assertion by setting + the deleted bit on a record in an internal node. [#13944] + 2. Fix 3 problems in BTREE compaction: [#14238] + 1. When deleting a page don't check the next key in + the parent if we are going to delete the parent too. + 2. Need to check that the tree has not collapsed between + dropping a read lock and getting the write lock. If it + has collapsed we will fetch the root of the tree. + 3. Fix a case where we fail to lock the next page before + reading it. + 3. Fix a bug that could cause the compaction of a Btree with + sorted duplicates to fail when attempting to compact an off + page duplicate tree if a key could not fit in an internal + node. [#14771] + 4. Fix a bug that causes a loop if an empty Btree was + compacted. [#14493] + +Hash Access Method Changes: + + 1. Fix a bug that could cause corruption in queue extent + files if multiple processes tried to open the same extent at + the same time. [#14438] + +Queue Access Method Changes: + + 1. Fix a bug that caused locks not maintained where queue + records were read but not present in the queue at the end of + a transaction, therefore violating serializability. [#13719] + +Recno Access Method Changes: + + None + +C++-specific API Changes: + + 1. C++ applications that check could the error code in + exceptions should note that DbMemoryException has been changed + to have the error code DB_BUFFER_SMALL rather than ENOMEM, to + match the error returned by the C API. DbMemoryException will + be thrown when a Dbt is too small to contain data returned + by Berkeley DB. When a call to malloc fails, or some other + resource is exhausted, a plain DbException will be thrown + with error code set to ENOMEM. [#13939] + +Java-specific API Changes: + + 1. Database.verify may now be called. This method is now + static and takes a DatabaseConfig parameter. [#13971] + 2. Add DB_ENV->{fileid_reset, lsn_reset} to the public + API. [#14076] + +Java collections and bind API Changes: + + 1. The com.sleepycat.collections package is now fully + compatible with the Java Collections framework. [#14732] + +Tcl-specific API Changes: + + None + +RPC-specific Client/Server Changes: + + None + +Replication Changes: + + 1. Fix a bug so that internal init will remove client databases + at the start of internal init. [#14147] + 2. Fix a bug in replication internal init so that using + data_dir will be handled correctly. Make internal + init resilient to multiple data_dir calls with the same + directory. [#14489] + 3. Fix a bug in the 4.2 sync-up algorithm that could result + in no open files. [#14552] + 4. Fix a bug where a PERM bulk buffer could have a zero LSN + passed to the application callback. [#14675] + 5. Change names of some existing replication API methods + as described in "Replication Method Naming" page of the + "Upgrading Berkeley DB Applications to Release 4.5" section + of Berkeley DB Reference Guide. [#14723] + 6. Fix a bug which could cause an election to succeed only + after waiting for the timeout to expire, even when all sites + responded in a timely manner. The bug was most easily visible + in an election between 2 sites. [#14752] + +XA Resource Manager Changes: + + None + +Locking Subsystem Changes: + + 1. Fix a bug that could cause a writer to hang if + readuncommitted is enabled and it tries to reacquire a write + lock. [#14919] + +Logging Subsystem Changes: + + 1. Fix a bug so that log headers are now included in + the check sum. This avoids a possible race in doing hot + backups. [#11636]. + 2. Fix a bug where recovery fails if there is no disk space + for the forced checkpoint that occurs at the end of processing + the log. [#13986] + 3. Fix a bug which could cause a page to be missing from + the end of a database file if the page at the end of the + file was freed while it contained data and the system was + restarted prior to the log record for that free was flushed + to disk. [#14090] + 4. Fix a bug that could cause log files to be incorrectly + removed by log_archive if it was run immediately after + recovery. [#14874] + +Memory Pool Subsystem Changes: + + 1. Fix a bug that could cause corruption to the buffer + pool cache if a race condition was hit while using + DB->Compact. [#14360] + 2. Fix a bug where cache pages could be leaked in applications + creating temporary files for which the DB_MPOOL_NOFILE flag + was set. [#14544] + +Transaction Subsystem Changes: + + 1. Fix a bug that could cause extra empty pages to appear in + a database file after recovery. [#11118] + 2. Fix a bug triggered when running recovery with a feedback + function that could cause a NULL pointer dereference. [#13834] + 3. Fix a bug where running recovery could create duplicate + entries in the data directory list. [#13884] + 4. Fix a bug to not trade locks if a write lock is already + owned. [#13917] + 5. Fix a bug that could cause traps or hangs if the + DB_TXN->set_name function is used in a multithreaded + application. [#14033] + 6. Fix a bug so that a transaction can no longer be committed + after it had deadlocked. [#14037] + 7. Fix a bug that could cause a trap during recovery if + multiple operations that could remove the same extent are + recovered. [#14061] + 8. Fix a bug that could cause an extent file to be deleted + after the last record in the extent was consumed but the + consuming transaction was aborted. [#14179] + 9. Fix a bug where the parent database would not use + DB_READ_UNCOMMITTED in certain cases when calling + DBC->c_pget. [#14361] + 10. Fix a bug so that it is no longer possible to do a + non-transactional cursor update on a database that is opened + transactionally. [#14519] + 11. Fix a bug that causes a sequence to ignore the + DB_AUTO_COMMIT settings. [#14582] + 12. Fix a bug, change txn_recover so that multiple processes + will recover prepared transactions without requiring that the + first process stay active. [#14707] + +Utility Changes: + + 1. Fix a bug that caused db_verify to not check the order on + leaf pages which were the leftmost children of an internal + node. [#13004] + 2. Fix a bug that caused db_hotbackup to not backup queue + extent files. [#13848] + 3. Fix a bug so that db_verify no longer reports that an + unused hash page is not fully zeroed. [#14030] + 4. Fix a bug where db_stat ignored the -f option to return + "fast statistics". [#14283] + 5. Fix a bug that prevented the db_stat utility from opening + database files with write permission so that meta data + statistics would be updated. [#14755] + +Configuration, Documentation, Portability and Build Changes: + + 1. The Berkeley DB 4.3 and 4.4 releases disallowed using + the --with-uniquename configuration option with the C++, + Java, or RPC --enable-XXX options. The 4.5 release returns + to the 4.2 release behavior, allowing those combinations of + configuration options. [#14067] + 2. Fix build issues when CONFIG_TEST is not enabled for + Tcl. [#14507] + 3. There are updated build instructions for Berkeley DB PHP + module on Linux. [#14249] + 4. Use libtool's "standard" environment variable names so that + you can set "AR" to "ar -X64" for example, and modify both + libtool and the Makefile commands. Remove the install-strip + target from the Makefile, it is no longer used. [#14726] + + + +------------------------------------------------------------------- +Fri May 4 16:20:31 CEST 2007 - dbornkessel@suse.de + +- moved libdb-4.so to devel package +- renamed package to db44 +- cleaned up spec file + +------------------------------------------------------------------- +Thu Apr 19 12:00:12 CEST 2007 - dmueller@suse.de + +- remove unused db_cxx libraries + +------------------------------------------------------------------- +Tue Mar 20 18:04:25 CET 2007 - rguenther@suse.de + +- Remove unused ed BuildRequires. + +------------------------------------------------------------------- +Tue Sep 12 15:14:31 CEST 2006 - rhafer@suse.de + +- updated to db-4.4.20 (plus released Sleepycat patches). Most + important changes: + * Add support to compact an existing Btree database. + * Add support for named in-memory databases. + * Add support for database environment recovery serialization. + * Add utility for performing hot backups of a database + environment. + * Add replication configuration API. +- removed Assembler mutex code patch which wasn't used anymore + anyways + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 00:15:07 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Sun Oct 23 21:02:05 CEST 2005 - kukuk@suse.de + +- Libtool is crap + +------------------------------------------------------------------- +Thu Oct 20 13:38:18 CEST 2005 - kukuk@suse.de + +- Remove LinuxThreads support + +------------------------------------------------------------------- +Mon Oct 10 15:38:24 CEST 2005 - kukuk@suse.de + +- Update to version 4.3.29 +- Add Getting Started Guide to devel package [#117776] + +------------------------------------------------------------------- +Sun Sep 18 13:38:23 CEST 2005 - kukuk@suse.de + +- Compile with -fno-strict-aliasing + +------------------------------------------------------------------- +Wed Jul 13 12:55:18 CEST 2005 - kukuk@suse.de + +- Remove duplicate index.html from db-devel + +------------------------------------------------------------------- +Mon Jul 11 11:07:28 CEST 2005 - kukuk@suse.de + +- Fix compiling with NPTL only glibc +- Remove *.la files +- Add glibc-devel to db-devel Requires + +------------------------------------------------------------------- +Thu Jun 9 14:31:08 CEST 2005 - kukuk@suse.de + +- Fix compiler warnings, remove obsolete compiler flags + +------------------------------------------------------------------- +Tue Jan 25 09:46:12 CET 2005 - choeger@suse.de + +- Update to 4.3.27 + +------------------------------------------------------------------- +Thu Nov 18 13:32:12 CET 2004 - kukuk@suse.de + +- Update to 4.3.21 + +------------------------------------------------------------------- +Fri Sep 10 17:26:08 CEST 2004 - kukuk@suse.de + +- i586 now also has NPTL support + +------------------------------------------------------------------- +Mon May 10 17:17:45 CEST 2004 - kukuk@suse.de + +- Add libtool workaround to always get a soname [Bug #39128] + +------------------------------------------------------------------- +Thu Mar 25 17:12:13 CET 2004 - kukuk@suse.de + +- Add a locking fix for replication clients + +------------------------------------------------------------------- +Wed Mar 24 22:05:01 CET 2004 - meissner@suse.de + +- Slightly adjusted ppc locking to use isync at + the right place. +- actually apply Thorstens last patch. + +------------------------------------------------------------------- +Mon Jan 12 16:57:06 CET 2004 - kukuk@suse.de + +- Add patch to fix problem with long-running applications + hanging in DB cache. + +------------------------------------------------------------------- +Mon Jan 12 09:33:28 CET 2004 - kukuk@suse.de + +- Add/Remove nptl libraries to/from ldconfig cache + +------------------------------------------------------------------- +Tue Dec 16 15:25:37 CET 2003 - kukuk@suse.de + +- Fix libtool.ac for AMD64 +- Fix mutex.ac for MIPS + +------------------------------------------------------------------- +Mon Dec 15 18:15:30 CET 2003 - kukuk@suse.de + +- Update to version 4.2.52 +- Disable MIPS patch temporary + +------------------------------------------------------------------- +Tue Dec 9 16:01:06 CET 2003 - kukuk@suse.de + +- Add s390 as NPTL architecture + +------------------------------------------------------------------- +Thu Nov 27 08:32:36 CET 2003 - kukuk@suse.de + +- Fix linking of libdb_cxx.so + +------------------------------------------------------------------- +Mon Nov 24 08:46:51 CET 2003 - kukuk@suse.de + +- Link non-NPTL libdb on NPTL archs against pthread library, too + +------------------------------------------------------------------- +Fri Nov 21 08:22:27 CET 2003 - kukuk@suse.de + +- Remove old, unused patches +- Compile with no-execstack +- Add db linked against nptl pthread library + +------------------------------------------------------------------- +Fri Oct 17 21:12:16 CEST 2003 - adrian@suse.de + +- revert last change and implement fast mutexes for mips + (partly taken from linux kernel source) + +------------------------------------------------------------------- +Wed Oct 15 19:38:18 CEST 2003 - adrian@suse.de + +- use posixmutexes on mips + +------------------------------------------------------------------- +Wed Oct 15 17:12:17 CEST 2003 - kukuk@suse.de + +- Build as non root + +------------------------------------------------------------------- +Thu Oct 2 17:56:34 CEST 2003 - kukuk@suse.de + +- Remove ed from needed for build + +------------------------------------------------------------------- +Fri Sep 26 12:55:21 CEST 2003 - kukuk@suse.de + +- Disable db_dump185 +- Enable compiler warnings +- Disable strict aliasing + +------------------------------------------------------------------- +Mon Jun 23 17:30:54 CEST 2003 - meissner@suse.de + +- PPC needs isync after bne or it might break on SMP systems + and lwsync (sync all previous memory operations) on unset. + +------------------------------------------------------------------- +Mon May 12 18:47:05 CEST 2003 - kukuk@suse.de + +- Add examples_{c,cxx} to devel filelist + +------------------------------------------------------------------- +Thu May 8 17:47:01 CEST 2003 - kukuk@suse.de + +- Update to 4.1.25 + +------------------------------------------------------------------- +Thu Jan 23 20:31:56 CET 2003 - bg@suse.de + +- Fix mutex support for hppa + (patch by Keith Bostic, bostic@sleepycat.com) + +------------------------------------------------------------------- +Thu Jan 9 10:58:58 CET 2003 - kukuk@suse.de + +- Add db4-4.0.14-recover.patch: fix endless loop with db_recover + +------------------------------------------------------------------- +Mon Sep 16 17:45:11 CEST 2002 - rhafer@suse.de + +- Added locker-leak-fix.dif, which fixes a resource leak triggerd + by openldap2 and larger databases. For more details see: + www.openldap.org/its/index.cgi/Software%20Bugs?id=2040 + +------------------------------------------------------------------- +Sat Aug 31 00:55:21 CEST 2002 - schwab@suse.de + +- Fix last libstdc++ change for real. + +------------------------------------------------------------------- +Fri Aug 30 12:57:27 CEST 2002 - kukuk@suse.de + +- Fix last libstdc++ change + +------------------------------------------------------------------- +Tue Aug 27 17:25:05 CEST 2002 - pthomas@suse.de + +- Explicitely link libdb_cxx against libstdc++. This is a hack + until libtool 1.4e is released. + +- Directly pass RPM_OPT_FLAGS as CFLAGS and CXXFLAGS. + +------------------------------------------------------------------- +Thu Jul 25 13:18:59 CEST 2002 - rhafer@suse.de + +- fix for mutex support on s390 (by bk@suse.de) +- rebuild configure script during build (using s_conf) + +------------------------------------------------------------------- +Wed Jul 3 14:27:13 CEST 2002 - uli@suse.de + +- added mutex support for x86-64 + +------------------------------------------------------------------- +Fri May 10 15:34:10 CEST 2002 - kukuk@suse.de + +- Add patch to fix missing mutex support on Alpha, SPARC and s390 + +------------------------------------------------------------------- +Fri May 3 14:51:50 CEST 2002 - kukuk@suse.de + +- correct calculation of needed space for shalloc [Bug #12096] + +------------------------------------------------------------------- +Mon Jan 21 15:29:20 CET 2002 - kukuk@suse.de + +- Update to db 4.0.14 +- put all documenation into /usr/share/doc/packages/db, so html + index works. + +------------------------------------------------------------------- +Thu Nov 15 10:22:29 CET 2001 - ro@suse.de + +- added patch 3.3.11.1 + Fix a bug in DB 1.85 compatibility mode that could cause + DB 1.85 applications to fail to compile + +------------------------------------------------------------------- +Mon Nov 5 14:47:13 CET 2001 - adrian@suse.de + +- update to 3.3.11 +- move optional documentation to db-extensions-devel package + +------------------------------------------------------------------- +Fri Jul 20 14:09:04 CEST 2001 - kukuk@suse.de + +- Fix build on multilib archs + +------------------------------------------------------------------- +Wed Jun 6 15:39:19 EDT 2001 - bk@suse.de + +- add suse_update_config for s390x + +------------------------------------------------------------------- +Wed May 9 14:05:29 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Sat Mar 31 21:43:05 CEST 2001 - schwab@suse.de + +- Build static and shared libraries in one go. + +------------------------------------------------------------------- +Mon Nov 6 10:51:07 CET 2000 - kukuk@suse.de + +- Add /usr/include/db_185.h and /usr/include/db_cxx.h + +------------------------------------------------------------------- +Wed Oct 25 21:08:46 CEST 2000 - kukuk@suse.de + +- Install static library versions, too + +------------------------------------------------------------------- +Sat Oct 21 18:53:08 CEST 2000 - kukuk@suse.de + +- Fix documentation +- Add /usr/include/db.h + +------------------------------------------------------------------- +Wed Oct 18 09:50:12 CEST 2000 - kukuk@suse.de + +- initial version + diff --git a/libdb-4_8.spec b/libdb-4_8.spec new file mode 100644 index 0000000..b7a32f2 --- /dev/null +++ b/libdb-4_8.spec @@ -0,0 +1,245 @@ +# +# spec file for package libdb-4_8 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define util_list archive checkpoint deadlock dump hotbackup load printlog recover sql stat upgrade verify +%define generic_name db +%define major 4 +%define minor 8 +Name: libdb-4_8 +Version: %{major}.%{minor}.30 +Release: 0 +Summary: Berkeley DB Database Library Version 4.8 +License: BSD-3-Clause AND Sleepycat +Group: System/Libraries +URL: https://oracle.com/technetwork/products/berkeleydb/ +Source: http://download.oracle.com/berkeley-db/db-%{version}.tar.gz +Source1: %{name}.changes +Source2: baselibs.conf +Patch0: db-%{version}.patch +# PATCH-FIX-OPENSUSE Fix build with GCC8, conflict with reserved builtin name +Patch1: libdb-fix-atomic.patch +Patch2: 0001-OPD-deadlock-RH-BZ-1349779.patch +# PATCH-FIX-UPSTREAM bsc#1174414 CVE-2019-2708 libdb: data store execution leads to partial DoS +Patch3: libdb-4_8-CVE-2019-2708.patch +BuildRequires: autoconf +BuildRequires: fdupes +BuildRequires: gcc-c++ +Provides: db = %{version} +%{?suse_build_hwcaps_libs} + +%description +The Berkeley DB Database is a programmatic toolkit that provides +database support for applications. + +This package contains the necessary runtime libraries. + +%package -n db48-utils +Summary: Command Line tools for Managing Berkeley DB Databases +Group: Productivity/Databases/Tools +Requires(post): update-alternatives +Provides: db-utils = %{version} +Obsoletes: db-utils < %{version} + +%description -n db48-utils +The Berkeley DB Database is a programmatic toolkit that provides +database support for applications. + +This package contains the command line tools for managing Berkeley DB +databases. + +%package -n db48-doc +Summary: Documentation for Berkeley DB +Group: Development/Libraries/C and C++ +Provides: db-doc = %{version} +Provides: db-utils-doc = %{version} +Obsoletes: db-doc < %{version} +%if 0%{?suse_version} >= 1120 +BuildArch: noarch +%endif + +%description -n db48-doc +The Berkeley DB Database is a programmatic toolkit that provides +database support for applications. + +This package contains the documentation. + +%package devel +Summary: Development Files and Libraries for the Berkeley DB library Version 4.8 +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} +Requires: glibc-devel +Conflicts: libdb-4_5-devel +Provides: db-devel = %{version} + +%description devel +The Berkeley DB Database is a programmatic toolkit that provides +database support for applications. + +This package contains the header files and libraries. + +%prep +%setup -q -n %{generic_name}-%{version} +%patch -P 0 +%patch -P 1 +%patch -P 2 -p1 +%patch -P 3 -p1 + +%build +cd dist +# dist/RELEASE codes the build date into the binary. +# Use last change of changes file instead +LAST_MOD=`stat --format="%%Y" %{SOURCE1}` +DIST_DATE=`date '+%%B %%e, %%Y' --date="@$LAST_MOD"` +sed -i -e "s/^DB_RELEASE_DATE=.*$/DB_RELEASE_DATE=\"$DIST_DATE\"/" RELEASE +./s_config +CFLAGS="%{optflags} -fno-strict-aliasing" +CC=gcc +export CFLAGS CXXFLAGS CC +# +# Build now the NPTL version +# +mkdir ../build_nptl +cd ../build_nptl +%define _configure ../dist/configure +%configure \ + --enable-compat185 --disable-dump185 \ + --enable-shared --disable-static \ + --enable-cxx \ + --with-mutex="POSIX/pthreads/library" \ +%ifarch %{arm} + %{_target_cpu}-suse-linux-gnueabi +%else + %{_target_cpu}-suse-linux +%endif +# Make sure O_DIRECT is really disabled (build host could have old kernel) +perl -pi -e 's/#define HAVE_O_DIRECT 1/#undef HAVE_O_DIRECT/' db_config.h +# Remove libtool predep_objects and postdep_objects wonkiness +perl -pi -e 's/^predep_objects=".*$/predep_objects=""/' libtool +perl -pi -e 's/^postdep_objects=".*$/postdep_objects=""/' libtool +perl -pi -e 's/-shared -nostdlib/-shared/' libtool + +make %{?_smp_mflags} LIBSO_LIBS='$(LIBS)' LIBXSO_LIBS='$(LIBS)'" -L%{_libdir} -lstdc++" + +%install +mkdir -p %{buildroot}%{_includedir}/db4 +mkdir -p %{buildroot}%{_libdir} +cd build_nptl +%make_install STRIP=true +cd .. +# make ldd happy: +chmod 755 %{buildroot}%{_libdir}/libdb*.so +# Fix header file installation +mv %{buildroot}%{_includedir}/*.h %{buildroot}%{_includedir}/db4 +echo "#include " > %{buildroot}%{_includedir}/db.h +echo "#include " > %{buildroot}%{_includedir}/db_185.h +echo "#include " > %{buildroot}%{_includedir}/db_cxx.h +# remove dangling tags symlink from examples. +rm -f examples_cxx/tags +rm -f examples_c/tags +# Move documentation to the right directory +mkdir -p %{buildroot}%{_docdir}/%{name} +mv %{buildroot}%{_prefix}/docs/* %{buildroot}/%{_docdir}/%{name} +cp -a examples_cxx examples_c %{buildroot}/%{_docdir}/%{name} +cp -a LICENSE README %{buildroot}/%{_docdir}/%{name} +# Remove api documentation for C++, Java and TCL +rm -rf %{buildroot}/%{_docdir}/%{name}/csharp +rm -rf %{buildroot}/%{_docdir}/%{name}/java +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/CXX +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/STL +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/TCL +rm -rf %{buildroot}/%{_docdir}/%{name}/gsg*/CXX +rm -rf %{buildroot}/%{_docdir}/%{name}/gsg*/JAVA +mv %{buildroot}/%{_docdir}/%{name}/collections/tutorial %{buildroot}/%{_docdir}/%{name}/ +# Remove crappy *.la files +find %{buildroot} -type f -name "*.la" -delete -print + +mkdir -p %{buildroot}%{_sysconfdir}/alternatives + +for i in %{util_list}; do + # dummy + mkdir -p %{buildroot}%{_sysconfdir}/alternatives/ + touch "%{buildroot}%{_sysconfdir}/alternatives/db_$i" + mv "%{buildroot}/%{_bindir}/db_$i" "%{buildroot}/%{_bindir}/db48_$i" + ln -s "%{_sysconfdir}/alternatives/db_$i" "%{buildroot}%{_bindir}/db_$i" +done + +%fdupes -s %{buildroot} + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%post -n db48-utils +for i in %{util_list}; do + update-alternatives --install "%{_bindir}/db_$i" \ + "db_$i" "%{_bindir}/db48_$i" 48 +done + +%postun -n db48-utils +for i in %{util_list}; do + update-alternatives --remove "db_$i" "%{_bindir}/db_$i" +done + +%files +%{_libdir}/libdb-%{major}.%{minor}.so +%{_libdir}/libdb_cxx-%{major}.%{minor}.so + +%files -n db48-doc +%dir %{_docdir}/%{name} +%license %{_docdir}/%{name}/LICENSE +%doc %{_docdir}/%{name}/README +%doc %{_docdir}/%{name}/index.html +%license %{_docdir}/%{name}/license +%doc %{_docdir}/%{name}/articles +%doc %{_docdir}/%{name}/api_reference +%doc %{_docdir}/%{name}/examples_c +%doc %{_docdir}/%{name}/examples_cxx +%doc %{_docdir}/%{name}/gsg* +%doc %{_docdir}/%{name}/porting +%doc %{_docdir}/%{name}/programmer_reference +%doc %{_docdir}/%{name}/tutorial + +%files -n db48-utils +%{_bindir}/db48_* +%ghost %{_sysconfdir}/alternatives/db_archive +%ghost %{_sysconfdir}/alternatives/db_checkpoint +%ghost %{_sysconfdir}/alternatives/db_deadlock +%ghost %{_sysconfdir}/alternatives/db_dump +%ghost %{_sysconfdir}/alternatives/db_hotbackup +%ghost %{_sysconfdir}/alternatives/db_load +%ghost %{_sysconfdir}/alternatives/db_printlog +%ghost %{_sysconfdir}/alternatives/db_recover +%ghost %{_sysconfdir}/alternatives/db_sql +%ghost %{_sysconfdir}/alternatives/db_stat +%ghost %{_sysconfdir}/alternatives/db_upgrade +%ghost %{_sysconfdir}/alternatives/db_verify +%{_bindir}/db_* + +%files devel +%dir %{_includedir}/db4 +%{_includedir}/db.h +%{_includedir}/db_185.h +%{_includedir}/db_cxx.h +%{_includedir}/db4/db.h +%{_includedir}/db4/db_185.h +%{_includedir}/db4/db_cxx.h +%{_libdir}/libdb.so +%{_libdir}/libdb-%{major}.so +%{_libdir}/libdb_cxx.so +%{_libdir}/libdb_cxx-%{major}.so + +%changelog diff --git a/libdb-fix-atomic.patch b/libdb-fix-atomic.patch new file mode 100644 index 0000000..f906fa6 --- /dev/null +++ b/libdb-fix-atomic.patch @@ -0,0 +1,22 @@ +Fix use of reserved identifier __atomic_compare_exchange by renaming + +--- dbinc/atomic.h.orig 2018-03-13 09:44:13.197929296 +0100 ++++ dbinc/atomic.h 2018-03-13 09:45:09.582831244 +0100 +@@ -144,7 +144,7 @@ + #define atomic_inc(env, p) __atomic_inc(p) + #define atomic_dec(env, p) __atomic_dec(p) + #define atomic_compare_exchange(env, p, o, n) \ +- __atomic_compare_exchange((p), (o), (n)) ++ __db_atomic_compare_exchange((p), (o), (n)) + static inline int __atomic_inc(db_atomic_t *p) + { + int temp; +@@ -176,7 +176,7 @@ + * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html + * which configure could be changed to use. + */ +-static inline int __atomic_compare_exchange( ++static inline int __db_atomic_compare_exchange( + db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval) + { + atomic_value_t was; diff --git a/libdb_java-4_8-fix-java10-comp.patch b/libdb_java-4_8-fix-java10-comp.patch new file mode 100644 index 0000000..c4b3d27 --- /dev/null +++ b/libdb_java-4_8-fix-java10-comp.patch @@ -0,0 +1,13 @@ +Index: db-4.8.30/dist/configure.ac +=================================================================== +--- db-4.8.30.orig/dist/configure.ac ++++ db-4.8.30/dist/configure.ac +@@ -416,7 +416,7 @@ if test "$db_cv_java" = "yes"; then + esac + AC_MSG_RESULT($JAVA_VERSION) + case "$JAVA_VERSION" in +- 1.[[3456789]]* | 1.[[1-9]][[0-9]]* | [[23456789]]* ) ;; ++ 1.[[3456789]]* | 1.[[1-9]][[0-9]]* | [[23456789]]* | [[1-9]][[0-9]]* ) ;; + * ) + AC_MSG_ERROR([Java version 1.3 or higher required, got $JAVA_VERSION]) ;; + esac diff --git a/libdb_java-4_8.changes b/libdb_java-4_8.changes new file mode 100644 index 0000000..30c2792 --- /dev/null +++ b/libdb_java-4_8.changes @@ -0,0 +1,171 @@ +------------------------------------------------------------------- +Wed Aug 7 09:15:21 UTC 2024 - Pedro Monreal + +- Security fix: [bsc#1174414, CVE-2019-2708] + * libdb: Data store execution leads to partial DoS + * Backport the upsteam commits: + - Fixed several possible crashes when running db_verify + on a corrupted database. [#27864] + - Fixed several possible hangs when running db_verify + on a corrupted database. [#27864] + - Added a warning message when attempting to verify a queue + database which has many extent files. Verification will take + a long time if there are many extent files. [#27864] + * Add libdb-4_8-CVE-2019-2708.patch + +------------------------------------------------------------------- +Tue Jul 16 07:01:52 UTC 2024 - Bernhard Wiedemann + +- Add reproducible.patch to set .jar mtime to a constant. + +------------------------------------------------------------------- +Wed Jun 21 12:42:57 UTC 2023 - Pedro Monreal + +- Fix incomplete license tag. [bsc#1099695] + +------------------------------------------------------------------- +Thu May 4 13:52:39 UTC 2023 - Frederic Crozat + +- Add _multibuild to define additional spec files as additional + flavors. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Fri Apr 8 12:39:20 UTC 2022 - Fridrich Strba + +- Build with java source and target levels 8 + * fixes build in Factory + +------------------------------------------------------------------- +Mon Aug 19 06:59:04 UTC 2019 - Tomáš Chvátal + +- Remove the getpatches as it does not work at all, oracle + removed the pages +- Use spec-cleaner +- Fix stripped debuginfo to make sure we can debug with libdb + +------------------------------------------------------------------- +Mon Apr 9 05:32:56 UTC 2018 - fstrba@suse.com + +- Changed libdb_java-4_8-fix-java10-comp.patch to acount for Java + 10 properly and for following Java versions in a generic way. + +------------------------------------------------------------------- +Tue Mar 13 08:59:56 UTC 2018 - rguenther@suse.com + +- Add libdb-fix-atomic.patch to fix __atomic_compare_exchange clash + with GCCs builtin. Fixes build with GCC8 which now rejects this. + +------------------------------------------------------------------- +Tue Jan 9 13:26:27 UTC 2018 - pmonrealgonzalez@suse.com + +- Added libdb_java-4_8-fix-java10-comp.patch to fix the build with + Java 10 (10-internal) + +------------------------------------------------------------------- +Wed Oct 18 07:00:16 UTC 2017 - jayvdb@gmail.com + +- Remove unnecessary dependency on update-alternatives + +------------------------------------------------------------------- +Mon Oct 2 09:23:07 UTC 2017 - fstrba@suse.com + +- Specify java target and soure level 1.6 to allow building with + jdk9 + +------------------------------------------------------------------- +Thu Mar 31 09:50:54 UTC 2016 - tchvatal@suse.com + +- Use upstream tarball +- Cleanup with spec-cleaner +- remove unused script check-build.sh + +------------------------------------------------------------------- +Mon May 12 08:52:48 UTC 2014 - schwab@suse.de + +- remove generation of unused tarball +- remove setting of unused variable + +------------------------------------------------------------------- +Thu Jun 13 23:11:33 UTC 2013 - jengelh@inai.de + +- Add conflict markers against libdb-4_5 (overlapping files) + +------------------------------------------------------------------- +Mon Jan 9 12:08:54 UTC 2012 - aj@suse.de + +- Do not use build date as version string. + +------------------------------------------------------------------- +Thu Dec 22 01:11:58 UTC 2011 - jengelh@medozas.de + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) + +------------------------------------------------------------------- +Tue Sep 27 16:39:58 UTC 2011 - prusnak@opensuse.org + +- spec cleanup + +------------------------------------------------------------------- +Sat Aug 13 03:50:05 UTC 2011 - crrodriguez@opensuse.org + +- Disable static libraries + +------------------------------------------------------------------- +Wed Sep 22 12:08:25 UTC 2010 - rhafer@novell.com + +- Updated to db-4.8.30. Important changes since 4.7: + * Improved scalability and throughput when using BTree databases + especially when running with multiple threads that equal or + exceed the number of available CPUs. + * Berkeley DB has added database partitioning. BTree or Hash + databases may now be partitioned across multiple directories. + Partitioned databases can be used to increase concurrency and to + improve performance by spreading access across disk subsystems. + * Berkeley DB now supports bulk insertion and deletion of data. + Similar to the bulk get interface, the bulk put and bulk delete + allow the developer to populate a buffer of key-value pairs and + then pass it to the BDB library with a single API call. + * Berkeley DB now supports compression when using BTree. + * Berkeley DB introduces a new utility named db_sql which replaces + db_codegen. Similar to db_codegen, db_sql accepts an input file + with DDL statements and generates a Berkeley DB application + using the C API that creates and performs CRUD operations on + the defined tables. The developer can then use that code as a + basis for further application development. + * The Replication Manager now supports shared access to the Master + database environment from multiple processes. In earlier + versions, multiple process support on the Master required use + of the Base Replication API. + * Foreign Key Support has been added to Berkeley DB. + * for a more detailed changelog see the changelog_4_8.html file + in db-doc package. +- Removed db-utils-doc subpackage the utils documentation is now + integrated with the API documentation. + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Fri Nov 21 16:39:20 CET 2008 - ro@suse.de + +- update check-build.sh + +------------------------------------------------------------------- +Thu Jul 31 00:12:53 CEST 2008 - ro@suse.de + +- changed buildreq to use any java > 1.5 + +------------------------------------------------------------------- +Thu Jul 5 14:51:30 CEST 2007 - dbornkessel@suse.de + +- corrected file list +- added update-alternatives to work around a ia64 problem + +------------------------------------------------------------------- +Mon Jun 11 18:55:03 CEST 2007 - dbornkessel@suse.de + +- first version + diff --git a/libdb_java-4_8.spec b/libdb_java-4_8.spec new file mode 100644 index 0000000..3a2b8bc --- /dev/null +++ b/libdb_java-4_8.spec @@ -0,0 +1,167 @@ +# +# spec file for package libdb_java-4_8 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define generic_name db +%define major 4 +%define minor 8 +Name: libdb_java-4_8 +Version: %{major}.%{minor}.30 +Release: 0 +Summary: Java Bindings for the Berkeley DB +License: BSD-3-Clause AND Sleepycat +Group: Productivity/Databases/Servers +URL: https://oracle.com/technetwork/products/berkeleydb/ +Source: http://download.oracle.com/berkeley-db/db-%{version}.tar.gz +Source1: %{name}.changes +Patch0: db-%{version}.patch +# PATCH-FIX-OPENSUSE Fix compilation with Java 10 (10-internal) +Patch1: libdb_java-4_8-fix-java10-comp.patch +# PATCH-FIX-OPENSUSE Fix build with GCC8, conflict with reserved builtin name +Patch2: libdb-fix-atomic.patch +Patch3: reproducible.patch +# PATCH-FIX-UPSTREAM bsc#1174414 CVE-2019-2708 libdb: data store execution leads to partial DoS +Patch4: libdb-4_8-CVE-2019-2708.patch +BuildRequires: autoconf +BuildRequires: gcc-c++ +BuildRequires: java-sdk >= 1.8 +BuildRequires: unzip +Requires: libdb-%{major}_%{minor} = %{version} +Conflicts: libdb_java-4_5 +Provides: db-java = %{version} + +%description +These are the Java bindings for the Berkeley DB. They are needed for +the Java support of db and dbxml. + +%package devel +Summary: Java Bindings for the Berkeley DB +Group: Productivity/Databases/Servers +Requires: %{name} = %{version} +Requires: glibc-devel +Conflicts: libdb_java-4_5-devel +Provides: db-java-devel = %{version} + +%description devel +These are the Java bindings for the Berkeley DB. They are needed for +the Java support of db and dbxml. + +These are the development files. + +%prep +%setup -q -n %{generic_name}-%{version} +%patch -P 0 +%patch -P 1 -p1 +%patch -P 2 +# the Leap build happens with an old jar version that does not know the --date option, so we need to test for that +if jar --help|grep -q -- --date=TIMESTAMP ; then +%patch -P 3 -p1 +fi +%patch -P 4 -p1 + +%build +cd dist +# dist/RELEASE codes the build date into the binary. +# Use last change of changes file instead +LAST_MOD=`stat --format="%%Y" %{SOURCE1}` +DIST_DATE=`date '+%%B %%e, %%Y' --date="@$LAST_MOD"` +sed -i -e "s/^DB_RELEASE_DATE=.*$/DB_RELEASE_DATE=\"$DIST_DATE\"/" RELEASE +./s_config +CFLAGS="%{optflags} -fno-strict-aliasing" +CC=gcc +export CFLAGS CXXFLAGS CC +# +# Build now the NPTL version +# +mkdir ../build_nptl +cd ../build_nptl +%define _configure ../dist/configure +%configure \ + --enable-compat185 --disable-dump185 \ + --enable-shared --disable-static \ + --enable-cxx \ + --with-mutex="POSIX/pthreads/library" \ + --enable-java JAVACFLAGS="-source 1.8 -target 1.8" \ +%ifarch %{arm} + %{_target_cpu}-suse-linux-gnueabi +%else + %{_target_cpu}-suse-linux +%endif +# Make sure O_DIRECT is really disabled (build host could have old kernel) +perl -pi -e 's/#define HAVE_O_DIRECT 1/#undef HAVE_O_DIRECT/' db_config.h +# Remove libtool predep_objects and postdep_objects wonkiness +perl -pi -e 's/^predep_objects=".*$/predep_objects=""/' libtool +perl -pi -e 's/^postdep_objects=".*$/postdep_objects=""/' libtool +perl -pi -e 's/-shared -nostdlib/-shared/' libtool + +make %{?_smp_mflags} LIBSO_LIBS='$(LIBS)' LIBXSO_LIBS='$(LIBS)'" -L%{_libdir} -lstdc++" + +%install +mkdir -p %{buildroot}%{_includedir}/db4 +mkdir -p %{buildroot}%{_libdir} +cd build_nptl +%make_install STRIP=true +cd .. +# make ldd happy: +chmod 755 %{buildroot}%{_libdir}/libdb*.so +# Fix header file installation +mv %{buildroot}%{_includedir}/*.h %{buildroot}%{_includedir}/db4 +echo "#include " > %{buildroot}%{_includedir}/db.h +echo "#include " > %{buildroot}%{_includedir}/db_185.h +echo "#include " > %{buildroot}%{_includedir}/db_cxx.h +# remove dangling tags symlink from examples. +rm -f examples_cxx/tags +rm -f examples_c/tags +# Move documentation to the right directory +mkdir -p %{buildroot}%{_docdir}/%{name} +mv %{buildroot}%{_prefix}/docs/* %{buildroot}/%{_docdir}/%{name} +cp -a examples_cxx examples_c %{buildroot}/%{_docdir}/%{name} +cp -a LICENSE README %{buildroot}/%{_docdir}/%{name} +# Remove api documentation for C++, Java and TCL +rm -rf %{buildroot}/%{_docdir}/%{name}/csharp +rm -rf %{buildroot}/%{_docdir}/%{name}/java +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/CXX +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/STL +rm -rf %{buildroot}/%{_docdir}/%{name}/api_reference/TCL +rm -rf %{buildroot}/%{_docdir}/%{name}/gsg*/CXX +rm -rf %{buildroot}/%{_docdir}/%{name}/gsg*/JAVA +mv %{buildroot}/%{_docdir}/%{name}/collections/tutorial %{buildroot}/%{_docdir}/%{name}/ +# Remove crappy *.la files +find %{buildroot} -type f -name "*.la" -delete -print +pushd %{buildroot} +for file in `find | grep -v "\(java\|jar\)"` +do + rm $file || true +done +rm -rf %{buildroot}/%{_defaultdocdir} +mkdir -p %{buildroot}/%{_javadir} +mv %{buildroot}/%{_libdir}/*.jar %{buildroot}/%{_javadir}/db-%{version}.jar +ln -sf %{_javadir}/db-%{version}.jar %{buildroot}/%{_javadir}/db.jar + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%{_javadir}/* +%{_libdir}/libdb_java-%{major}.%{minor}.so + +%files devel +%{_libdir}/*_g.so +%{_libdir}/libdb_java.so +%{_libdir}/libdb_java-%{major}.so + +%changelog diff --git a/reproducible.patch b/reproducible.patch new file mode 100644 index 0000000..ec2ebcc --- /dev/null +++ b/reproducible.patch @@ -0,0 +1,19 @@ +Date: 2024-07-16 +Author: Bernhard M. Wiedemann + +make .jar build reproducible +by setting the build date to a constant. + +Index: db-4.8.30/dist/Makefile.in +=================================================================== +--- db-4.8.30.orig/dist/Makefile.in ++++ db-4.8.30/dist/Makefile.in +@@ -830,7 +830,7 @@ $(libj_jarfile): $(JAVA_DBSRCS) + $(JAVA) -classpath $(JAVA_CLASSTOP) \ + com.sleepycat.persist.model.ClassEnhancer $(JAVA_CLASSTOP) + cd $(JAVA_CLASSTOP) && \ +- $(JAR) cfm ../$(libj_jarfile) ../$(JAVA_MANIFEST) ./com/sleepycat ++ $(JAR) --date=2000-01-01T00:00:00+00:00 -c -f ../$(libj_jarfile) -m ../$(JAVA_MANIFEST) ./com/sleepycat + + $(libj_exjarfile): $(libj_jarfile) $(JAVA_EXSRCS) + @test -d $(JAVA_EXCLASSTOP) || \