Fix overflowing integer in bundled-in lemon.c

Resolves: #1423842

db-5.3.28-lemon_hash.patch

@@ -0,0 +1,20 @@
+--- db-5.3.28/lang/sql/sqlite/tool/lemon.c.lemon_hash	2013-09-09 17:35:07.000000000 +0200
++++ db-5.3.28/lang/sql/sqlite/tool/lemon.c	2017-02-22 13:12:08.564106051 +0100
+@@ -3428,7 +3428,7 @@
+   int maxdtlength;          /* Maximum length of any ".datatype" field. */
+   char *stddt;              /* Standardized name for a datatype */
+   int i,j;                  /* Loop counters */
+-  int hash;                 /* For hashing the name of a type */
++  unsigned hash;            /* For hashing the name of a type */
+   const char *name;         /* Name of the parser */
+ 
+   /* Allocate and initialize types[] and allocate stddt[] */
+@@ -3491,7 +3491,7 @@
+         break;
+       }
+       hash++;
+-      if( hash>=arraysize ) hash = 0;
++      if( hash>=(unsigned)arraysize ) hash = 0;
+     }
+     if( types[hash]==0 ){
+       sp->dtnum = hash + 1;

libdb.spec

@@ -30,6 +30,8 @@ Patch26: java8-fix.patch
 Patch27: db-5.3.21-memp_stat-upstream-fix.patch
 # fix for mutexes not being released provided by upstream (rhbz#1277887)
 Patch28: db-5.3.21-mutex_leak.patch
+# fix for overflowing hash variable inside bundled lemon
+Patch29: db-5.3.28-lemon_hash.patch
 
 URL: http://www.oracle.com/database/berkeley-db/
 License: BSD and LGPLv2 and Sleepycat
@@ -221,6 +223,7 @@ popd
 %patch26 -p1 -b .java8-fix
 %patch27 -p1 -b .memp_stat-fix
 %patch28 -p1 -b .mutex_leak
+%patch29 -p1 -b .lemon_hash
 
 cd dist
 ./s_config
@@ -429,6 +432,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/libdb_java.so
 
 %changelog
+* Wed Feb 22 2017 Petr Kubat <pkubat@redhat.com> - 5.3.28-17
+- Fix overflowing integer in bundled-in lemon.c (#1423842)
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.28-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild