Add format security patch so we can build on systems with '-Werror=format-security' set as an compile option

author: ShapeShifter499 2021-04-22 19:03:19 -0700
committer: ShapeShifter499 2021-04-22 19:03:19 -0700
commit: e0a35542850f78d211c3611c97c2d45e59a3406d (patch)
tree: ef87ca974289955bdccd2a0a25de79dd26139528
parent: 6873842109eac792812a36ebbe4b6a01067f4b9a (diff)
download: aur-e0a35542850f78d211c3611c97c2d45e59a3406d.tar.gz
3 files changed, 70 insertions, 5 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 34c1a78483f6..f6f1f16eac07 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = db4.8
 	pkgdesc = The Berkeley DB embedded database system 4.8
 	pkgver = 4.8.30
-	pkgrel = 6
+	pkgrel = 7
 	url = http://www.oracle.com/technology/software/products/berkeley-db/index.html
 	arch = any
 	license = custom
@@ -11,12 +11,15 @@ pkgbase = db4.8
 	source = http://download.oracle.com/berkeley-db/db-4.8.30.tar.gz
 	source = db-atomic.patch
 	source = CVE-2017-10140-cwd-db_config.patch
+	source = db-4.8.30-format-security.patch
 	md5sums = f80022099c5742cd179343556179aa8c
 	md5sums = d56cef85d0fc9432b54a32993d4c9f06
 	md5sums = c2d29f72c20625c09f30e35af3c4f2ff
+	md5sums = 7609752e93e9f762307c7d9aa204400c
 	sha256sums = e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a
 	sha256sums = 7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0
 	sha256sums = 7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614
+	sha256sums = fbe47fafa17cd15b3343295c6fc191984e1baa94c1f591dc0b14a96953629437
 
 pkgname = db4.8
 
diff --git a/PKGBUILD b/PKGBUILD
index a0ea0b227bf4..fa9160377385 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 # Contributor: Leslie P. Polzer <polzer@gnu.org>
 pkgname=db4.8
 pkgver=4.8.30
-pkgrel=6
+pkgrel=7
 pkgdesc="The Berkeley DB embedded database system 4.8"
 arch=('any')
 license=('custom')
@@ -11,13 +11,16 @@ depends=('gcc-libs')
 options=('!libtool' '!makeflags')
 source=(http://download.oracle.com/berkeley-db/db-${pkgver}.tar.gz
         'db-atomic.patch'
-        'CVE-2017-10140-cwd-db_config.patch')
+        'CVE-2017-10140-cwd-db_config.patch'
+        'db-4.8.30-format-security.patch')
 md5sums=('f80022099c5742cd179343556179aa8c'
 	 'd56cef85d0fc9432b54a32993d4c9f06'
-         'c2d29f72c20625c09f30e35af3c4f2ff')
+         'c2d29f72c20625c09f30e35af3c4f2ff'
+         '7609752e93e9f762307c7d9aa204400c')
 sha256sums=('e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a'
             '7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0'
-            '7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614')
+            '7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614'
+            'fbe47fafa17cd15b3343295c6fc191984e1baa94c1f591dc0b14a96953629437')
 
 prepare() {
   cd "$srcdir/db-$pkgver/"
@@ -27,6 +30,8 @@ prepare() {
   
   chmod +w env/env_open.c
   patch -u -p1 < "$srcdir"/CVE-2017-10140-cwd-db_config.patch
+  
+  patch -u -p1 < "$srcdir"/db-4.8.30-format-security.patch
 }
 
 build() {
diff --git a/db-4.8.30-format-security.patch b/db-4.8.30-format-security.patch
new file mode 100644
index 000000000000..ad8b7c214a73
--- /dev/null
+++ b/db-4.8.30-format-security.patch
@@ -0,0 +1,57 @@
+# Adjustments necessary in order for gcc with -Werror=format-security to compile libdb4
+
+diff -up db-4.8.30/repmgr/repmgr_net.c.broken db-4.8.30/repmgr/repmgr_net.c
+--- db-4.8.30/repmgr/repmgr_net.c.broken	2013-12-03 09:22:53.411671609 +0100
++++ db-4.8.30/repmgr/repmgr_net.c	2013-12-03 09:23:13.020780748 +0100
+@@ -1331,7 +1331,7 @@ __repmgr_listen(env)
+ 	}
+ 
+ 	ret = net_errno;
+-	__db_err(env, ret, why);
++	__db_err(env, ret, "%s", why);
+ clean:	if (s != INVALID_SOCKET)
+ 		(void)closesocket(s);
+ 	return (ret);
+
+diff -up db-4.8.30/crypto/aes_method.c.broken db-4.8.30/crypto/aes_method.c
+--- db-4.8.30/crypto/aes_method.c.broken	2013-12-03 09:31:46.131623201 +0100
++++ db-4.8.30/crypto/aes_method.c	2013-12-03 09:32:12.875772465 +0100
+@@ -267,6 +267,6 @@ __aes_err(env, err)
+ 		errstr = "AES error unrecognized";
+ 		break;
+ 	}
+-	__db_errx(env, errstr);
++	__db_errx(env, "%s", errstr);
+ 	return;
+ }
+
+diff -up db-4.8.30/txn/txn.c.broken db-4.8.30/txn/txn.c
+--- db-4.8.30/txn/txn.c.broken	2013-12-03 09:35:35.259668694 +0100
++++ db-4.8.30/txn/txn.c	2013-12-03 09:36:34.155889373 +0100
+@@ -113,7 +113,7 @@ __txn_begin_pp(dbenv, parent, txnpp, fla
+ 		return (ret);
+ 	if (parent != NULL && !F_ISSET(parent, TXN_SNAPSHOT) &&
+ 	    LF_ISSET(DB_TXN_SNAPSHOT)) {
+-		__db_errx(env,
++		__db_errx(env, "%s",
+ 		    "Child transaction snapshot setting must match parent");
+ 		return (EINVAL);
+ 	}
+@@ -168,7 +168,7 @@ __txn_begin(env, ip, parent, txnpp, flag
+ 
+ 	*txnpp = NULL;
+ 	if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) {
+-		__db_errx(env, TxnAlloc);
++		__db_errx(env, "%s", TxnAlloc);
+ 		return (ret);
+ 	}
+ 
+@@ -315,7 +315,7 @@ __txn_compensate_begin(env, txnpp)
+ 	int ret;
+ 
+ 	if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) {
+-		__db_errx(env, TxnAlloc);
++		__db_errx(env, "%s", TxnAlloc);
+ 		return (ret);
+ 	}
+
author	ShapeShifter499	2021-04-22 19:03:19 -0700
committer	ShapeShifter499	2021-04-22 19:03:19 -0700
commit	e0a35542850f78d211c3611c97c2d45e59a3406d (patch)
tree	ef87ca974289955bdccd2a0a25de79dd26139528
parent	6873842109eac792812a36ebbe4b6a01067f4b9a (diff)
download	aur-e0a35542850f78d211c3611c97c2d45e59a3406d.tar.gz