package/libqb: security bump to version 2.0.8
- Fix CVE-2023-39976: log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. - Drop patch (already in version) and so autoreconf https://github.com/ClusterLabs/libqb/compare/v2.0.6...v2.0.8 https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7 https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
parent
e4572cc705
commit
c89d7a2daf
@ -746,7 +746,6 @@ package/libpjsip/0002-Merge-pull-request-from-GHSA-cxwq-5g9x-x7fr.patch Upstream
|
||||
package/libplatform/0001-cmake-require-c-11-as-the-minimum-standard.patch Upstream
|
||||
package/libpng/0001-Disable-pngfix-and-png-fix-itxt.patch Upstream
|
||||
package/libpthsem/0001-fix-build-on-linux-3.x-host.patch Upstream
|
||||
package/libqb/0001-Add-disable-tests-option.patch Upstream
|
||||
package/libressl/0001-always-expose-SSL_OP_NO_TLSv1_3.patch Upstream
|
||||
package/libroxml/0001-src-roxml_mem.h-add-missing-extern.patch Upstream
|
||||
package/librsvg/0001-gdk-pixbuf-loader-Makefile.am-set-GDK_PIXBUF_MODULED.patch Upstream
|
||||
|
@ -1,62 +0,0 @@
|
||||
From 051d9cfe8f365e30affc6476ed79b9e04a6b15ad Mon Sep 17 00:00:00 2001
|
||||
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
Date: Fri, 4 Nov 2022 00:27:50 +0100
|
||||
Subject: [PATCH] Add --disable-tests option
|
||||
|
||||
Add --disable-tests to allow the user to disable tests. As a
|
||||
side-effect, this will avoid the following build failure when check is
|
||||
found:
|
||||
|
||||
libstat_wrapper.c:11:10: fatal error: gnu/lib-names.h: No such file or directory
|
||||
11 | #include <gnu/lib-names.h>
|
||||
| ^~~~~~~~~~~~~~~~~
|
||||
|
||||
This build failure is raised since version 2.0.5 and
|
||||
https://github.com/ClusterLabs/libqb/commit/78df90b180740712d0c90b6d982b78241cc99d72
|
||||
|
||||
Fixes:
|
||||
- http://autobuild.buildroot.org/results/450cfc36d4fd6dc71c138bec45f05b5a2d92a08d
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Upstream status: https://github.com/ClusterLabs/libqb/pull/475]
|
||||
---
|
||||
Makefile.am | 6 +++++-
|
||||
configure.ac | 5 +++++
|
||||
2 files changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index a08b1d2..6a710a0 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -39,7 +39,11 @@ ACLOCAL_AMFLAGS = -I m4
|
||||
|
||||
dist_doc_DATA = COPYING INSTALL README.markdown
|
||||
|
||||
-SUBDIRS = include lib doxygen2man docs tools tests examples
|
||||
+SUBDIRS = include lib doxygen2man docs tools examples
|
||||
+
|
||||
+if ENABLE_TESTS
|
||||
+SUBDIRS += tests
|
||||
+endif
|
||||
|
||||
dist-clean-local:
|
||||
rm -f .snapshot-version autoconf automake autoheader
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ac44b7e..4946008 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -562,6 +562,11 @@ AC_ARG_WITH([force-sockets-config-file],
|
||||
[ FORCESOCKETSFILE="$withval" ],
|
||||
[ FORCESOCKETSFILE="$sysconfdir/libqb/force-filesystem-sockets" ])
|
||||
|
||||
+AC_ARG_ENABLE([tests],
|
||||
+ [AS_HELP_STRING([--disable-tests],[disable tests])],,
|
||||
+ [ enable_tests="yes" ])
|
||||
+AM_CONDITIONAL([ENABLE_TESTS], [test x$enable_tests = xyes])
|
||||
+
|
||||
AC_ARG_ENABLE([install-tests],
|
||||
[AS_HELP_STRING([--enable-install-tests],[install tests])],,
|
||||
[ enable_install_tests="no" ])
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,5 +1,5 @@
|
||||
# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.6/libqb-2.0.6.sha256
|
||||
sha256 f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c libqb-2.0.6.tar.xz
|
||||
# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.8/libqb-2.0.8.sha256
|
||||
sha256 b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6 libqb-2.0.8.tar.xz
|
||||
|
||||
# Locally calculated
|
||||
sha256 00a89b0d18aacd4114decf79122db87bf35bddaf2bc50e383c9c9f4c263390b2 COPYING
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBQB_VERSION = 2.0.6
|
||||
LIBQB_VERSION = 2.0.8
|
||||
LIBQB_SOURCE = libqb-$(LIBQB_VERSION).tar.xz
|
||||
LIBQB_SITE = \
|
||||
https://github.com/ClusterLabs/libqb/releases/download/v$(LIBQB_VERSION)
|
||||
@ -12,8 +12,6 @@ LIBQB_LICENSE = LGPL-2.1+
|
||||
LIBQB_LICENSE_FILES = COPYING
|
||||
LIBQB_CPE_ID_VENDOR = clusterlabs
|
||||
LIBQB_INSTALL_STAGING = YES
|
||||
# We're patching configure.ac
|
||||
LIBQB_AUTORECONF = YES
|
||||
LIBQB_CONF_OPTS = --disable-tests
|
||||
LIBQB_DEPENDENCIES = libxml2
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user