Feat: add gpg sign

configure: WARNING: NO SHARED LATCH IMPLEMENTATION FOUND FOR THIS PLATFORM.
configure: error: Unable to find a mutex implementation

.SRCINFO

@@ -1,17 +1,30 @@
 pkgbase = db4.8
 	pkgdesc = The Berkeley DB embedded database system 4.8
 	pkgver = 4.8.30
-	pkgrel = 4
+	pkgrel = 8
 	url = http://www.oracle.com/technology/software/products/berkeley-db/index.html
-	arch = i686
 	arch = x86_64
+	arch = i686
+	arch = pentium4
+	arch = arm
+	arch = armv6h
+	arch = armv7h
+	arch = aarch64
 	license = custom
 	depends = gcc-libs
 	options = !libtool
 	options = !makeflags
 	source = http://download.oracle.com/berkeley-db/db-4.8.30.tar.gz
+	source = db-atomic.patch
+	source = CVE-2017-10140-cwd-db_config.patch
+	source = db-4.8.30-format-security.patch
 	md5sums = f80022099c5742cd179343556179aa8c
-	sha1sums = ab36c170dda5b2ceaad3915ced96e41c6b7e493c
+	md5sums = d56cef85d0fc9432b54a32993d4c9f06
+	md5sums = c2d29f72c20625c09f30e35af3c4f2ff
+	md5sums = 7609752e93e9f762307c7d9aa204400c
+	sha256sums = e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a
+	sha256sums = 7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0
+	sha256sums = 7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614
+	sha256sums = fbe47fafa17cd15b3343295c6fc191984e1baa94c1f591dc0b14a96953629437
 
 pkgname = db4.8
-

.gitea/workflows/build.yml

@@ -0,0 +1,15 @@
+name: Build package
+on: [push]
+
+jobs:
+  build-package:
+    runs-on: pkgbuilder
+    env:
+    steps:
+      - name: Build and push package
+        uses: https://gitea.konchin.com/action/archbuild@main
+        with:
+          minio-accesskey: ${{ secrets.MINIO_ACCESSKEY }}
+          minio-secretkey: ${{ secrets.MINIO_SECRETKEY }}
+          gpg-password: ${{ secrets.GPG_PASSWORD }}
+          gpg-keygrip: ${{ secrets.GPG_KEYGRIP }}

CVE-2017-10140-cwd-db_config.patch

@@ -0,0 +1,22 @@
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- db-5.3.28/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
++	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*

PKGBUILD

@@ -1,38 +1,73 @@
-# New maintainer: Raansu <Gero3977@gmail.com>
+# Maintainer: Raansu <Gero3977@gmail.com>
-# OLD Contributor: Leslie P. Polzer <polzer@gnu.org>
+# Contributor: Leslie P. Polzer <polzer@gnu.org>
 pkgname=db4.8
 pkgver=4.8.30
-pkgrel=4
+pkgrel=8
 pkgdesc="The Berkeley DB embedded database system 4.8"
-arch=('i686' 'x86_64')
+arch=('x86_64' 'i686' 'pentium4' 'arm' 'armv6h' 'armv7h' 'aarch64')
 license=('custom')
 url="http://www.oracle.com/technology/software/products/berkeley-db/index.html"
 depends=('gcc-libs')
 options=('!libtool' '!makeflags')
-source=(http://download.oracle.com/berkeley-db/db-${pkgver}.tar.gz)
+source=(http://download.oracle.com/berkeley-db/db-${pkgver}.tar.gz
+        'db-atomic.patch'
+        'CVE-2017-10140-cwd-db_config.patch'
+        'db-4.8.30-format-security.patch')
+md5sums=('f80022099c5742cd179343556179aa8c'
+	 'd56cef85d0fc9432b54a32993d4c9f06'
+         'c2d29f72c20625c09f30e35af3c4f2ff'
+         '7609752e93e9f762307c7d9aa204400c')
+sha256sums=('e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a'
+            '7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0'
+            '7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614'
+            'fbe47fafa17cd15b3343295c6fc191984e1baa94c1f591dc0b14a96953629437')
+
+prepare() {
+  cd "$srcdir/db-$pkgver/"
+
+  chmod +w dbinc/atomic.h
+  patch -p1 < "$srcdir"/db-atomic.patch
+  
+  chmod +w env/env_open.c
+  patch -u -p1 < "$srcdir"/CVE-2017-10140-cwd-db_config.patch
+  
+  patch -u -p1 < "$srcdir"/db-4.8.30-format-security.patch
+}
+
+build() {
+  cd "$srcdir/db-$pkgver/"
+
+  cd "build_unix"
+  CFLAGS=-Wno-error=implicit-function-declaration ../dist/configure --prefix=/usr --enable-compat185 --enable-shared --disable-static --enable-cxx
+  make LIBSO_LIBS=-lpthread || return 1
+}
 
 package() {  
-  cd ${srcdir}/db-${pkgver}/
+  cd "$srcdir/db-$pkgver/"
   
-  cd build_unix
+  cd "build_unix"
-  ../dist/configure --prefix=/usr --enable-compat185 \
+  make prefix="$pkgdir/usr" includedir="$pkgdir/usr/include/db4.8" install
-    --enable-shared --disable-static --enable-cxx
-  make LIBSO_LIBS=-lpthread || return 1
-  make prefix=${pkgdir}/usr \
-       includedir=${pkgdir}/usr/include/db4.8 install
 
-  rm -rf ${pkgdir}/usr/docs
+# Remove documents to save space, these can be found online if needed.
-  rm -f ${pkgdir}/usr/lib/libdb{,_cxx}.so
+  rm -rf "$pkgdir/usr/docs"
-  rm -f ${pkgdir}/usr/lib/libdb{,_cxx}-4.so
 
-  cd ${pkgdir}/usr/bin
+# Remove conflicting symlinks created by make, should never overwrite 
+# main libdb symlinks to current version. Programs that need or use 
+# db4.8 should be able to find it.
+  rm -f "$pkgdir/usr/lib/libdb.so"
+  rm -f "$pkgdir/usr/lib/libdb_cxx.so"
+  rm -f "$pkgdir/usr/lib/libdb-4.so"
+  rm -f "$pkgdir/usr/lib/libdb_cxx-4.so"
+
+# Rename db4.8 bin files to not conflict with current db version 
+# installed. Programs that need or use db4.8 should be aware of this 
+# name change. 
+  cd "$pkgdir/usr/bin"
   for i in *; do
     mv $i db4.8_${i/db_/}
   done
-  mkdir -p ${pkgdir}/usr/share/licenses/${pkgname}
+
-  install -m644 ${srcdir}/db-${pkgver}/LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+# Install license.
+  install -Dm644 "$srcdir/db-$pkgver/LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
 }
 
-md5sums=('f80022099c5742cd179343556179aa8c')
-sha1sums=('ab36c170dda5b2ceaad3915ced96e41c6b7e493c')
-

db-4.8.30-format-security.patch

@@ -0,0 +1,57 @@
+# Adjustments necessary in order for gcc with -Werror=format-security to compile libdb4
+
+diff -up db-4.8.30/repmgr/repmgr_net.c.broken db-4.8.30/repmgr/repmgr_net.c
+--- db-4.8.30/repmgr/repmgr_net.c.broken	2013-12-03 09:22:53.411671609 +0100
++++ db-4.8.30/repmgr/repmgr_net.c	2013-12-03 09:23:13.020780748 +0100
+@@ -1331,7 +1331,7 @@ __repmgr_listen(env)
+ 	}
+ 
+ 	ret = net_errno;
+-	__db_err(env, ret, why);
++	__db_err(env, ret, "%s", why);
+ clean:	if (s != INVALID_SOCKET)
+ 		(void)closesocket(s);
+ 	return (ret);
+
+diff -up db-4.8.30/crypto/aes_method.c.broken db-4.8.30/crypto/aes_method.c
+--- db-4.8.30/crypto/aes_method.c.broken	2013-12-03 09:31:46.131623201 +0100
++++ db-4.8.30/crypto/aes_method.c	2013-12-03 09:32:12.875772465 +0100
+@@ -267,6 +267,6 @@ __aes_err(env, err)
+ 		errstr = "AES error unrecognized";
+ 		break;
+ 	}
+-	__db_errx(env, errstr);
++	__db_errx(env, "%s", errstr);
+ 	return;
+ }
+
+diff -up db-4.8.30/txn/txn.c.broken db-4.8.30/txn/txn.c
+--- db-4.8.30/txn/txn.c.broken	2013-12-03 09:35:35.259668694 +0100
++++ db-4.8.30/txn/txn.c	2013-12-03 09:36:34.155889373 +0100
+@@ -113,7 +113,7 @@ __txn_begin_pp(dbenv, parent, txnpp, fla
+ 		return (ret);
+ 	if (parent != NULL && !F_ISSET(parent, TXN_SNAPSHOT) &&
+ 	    LF_ISSET(DB_TXN_SNAPSHOT)) {
+-		__db_errx(env,
++		__db_errx(env, "%s",
+ 		    "Child transaction snapshot setting must match parent");
+ 		return (EINVAL);
+ 	}
+@@ -168,7 +168,7 @@ __txn_begin(env, ip, parent, txnpp, flag
+ 
+ 	*txnpp = NULL;
+ 	if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) {
+-		__db_errx(env, TxnAlloc);
++		__db_errx(env, "%s", TxnAlloc);
+ 		return (ret);
+ 	}
+ 
+@@ -315,7 +315,7 @@ __txn_compensate_begin(env, txnpp)
+ 	int ret;
+ 
+ 	if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) {
+-		__db_errx(env, TxnAlloc);
++		__db_errx(env, "%s", TxnAlloc);
+ 		return (ret);
+ 	}
+ 

db-atomic.patch

@@ -0,0 +1,22 @@
+diff --git a/dbinc/atomic.h b/dbinc/atomic.h
+index 0034dcc..50b8b74 100644
+--- a/dbinc/atomic.h
++++ b/dbinc/atomic.h
+@@ -144,7 +144,7 @@ typedef LONG volatile *interlocked_val;
+ #define	atomic_inc(env, p)	__atomic_inc(p)
+ #define	atomic_dec(env, p)	__atomic_dec(p)
+ #define	atomic_compare_exchange(env, p, o, n)	\
+-	__atomic_compare_exchange((p), (o), (n))
++	__atomic_compare_exchange_db((p), (o), (n))
+ static inline int __atomic_inc(db_atomic_t *p)
+ {
+ 	int	temp;
+@@ -176,7 +176,7 @@ static inline int __atomic_dec(db_atomic_t *p)
+  * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html
+  * which configure could be changed to use.
+  */
+-static inline int __atomic_compare_exchange(
++static inline int __atomic_compare_exchange_db(
+ 	db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval)
+ {
+ 	atomic_value_t was;