package/libqb: security bump to version 2.0.8

- Fix CVE-2023-39976: log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. - Drop patch (already in version) and so autoreconf https://github.com/ClusterLabs/libqb/compare/v2.0.6...v2.0.8 https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7 https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-15 00:06:48 +02:00 · 2023-09-15 00:06:48 +02:00 · c89d7a2daf
commit c89d7a2daf
parent e4572cc705
4 changed files with 3 additions and 68 deletions
--- a/.checkpackageignore
+++ b/.checkpackageignore
@ -746,7 +746,6 @@ package/libpjsip/0002-Merge-pull-request-from-GHSA-cxwq-5g9x-x7fr.patch Upstream
 package/libplatform/0001-cmake-require-c-11-as-the-minimum-standard.patch Upstream
 package/libpng/0001-Disable-pngfix-and-png-fix-itxt.patch Upstream
 package/libpthsem/0001-fix-build-on-linux-3.x-host.patch Upstream
-package/libqb/0001-Add-disable-tests-option.patch Upstream
 package/libressl/0001-always-expose-SSL_OP_NO_TLSv1_3.patch Upstream
 package/libroxml/0001-src-roxml_mem.h-add-missing-extern.patch Upstream
 package/librsvg/0001-gdk-pixbuf-loader-Makefile.am-set-GDK_PIXBUF_MODULED.patch Upstream
--- a/package/libqb/0001-Add-disable-tests-option.patch
+++ b/package/libqb/0001-Add-disable-tests-option.patch
@ -1,62 +0,0 @@
-From 051d9cfe8f365e30affc6476ed79b9e04a6b15ad Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 4 Nov 2022 00:27:50 +0100
-Subject: [PATCH] Add --disable-tests option
-
-Add --disable-tests to allow the user to disable tests. As a
-side-effect, this will avoid the following build failure when check is
-found:
-
-libstat_wrapper.c:11:10: fatal error: gnu/lib-names.h: No such file or directory
-   11 | #include <gnu/lib-names.h>
-      |          ^~~~~~~~~~~~~~~~~
-
-This build failure is raised since version 2.0.5 and
-https://github.com/ClusterLabs/libqb/commit/78df90b180740712d0c90b6d982b78241cc99d72
-
-Fixes:
- - http://autobuild.buildroot.org/results/450cfc36d4fd6dc71c138bec45f05b5a2d92a08d
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/ClusterLabs/libqb/pull/475]
---
- Makefile.am  | 6 +++++-
- configure.ac | 5 +++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index a08b1d2..6a710a0 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -39,7 +39,11 @@ ACLOCAL_AMFLAGS		= -I m4
- 
- dist_doc_DATA		= COPYING INSTALL README.markdown
- 
-SUBDIRS			= include lib doxygen2man docs tools tests examples
-+SUBDIRS			= include lib doxygen2man docs tools examples
-+
-+if ENABLE_TESTS
-+SUBDIRS			+= tests
-+endif
- 
- dist-clean-local:
- 	rm -f .snapshot-version autoconf automake autoheader
-diff --git a/configure.ac b/configure.ac
-index ac44b7e..4946008 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -562,6 +562,11 @@ AC_ARG_WITH([force-sockets-config-file],
- 	[ FORCESOCKETSFILE="$withval" ],
- 	[ FORCESOCKETSFILE="$sysconfdir/libqb/force-filesystem-sockets" ])
- 
-+AC_ARG_ENABLE([tests],
-+  [AS_HELP_STRING([--disable-tests],[disable tests])],,
-+  [ enable_tests="yes" ])
-+AM_CONDITIONAL([ENABLE_TESTS], [test x$enable_tests = xyes])
-+
- AC_ARG_ENABLE([install-tests],
-   [AS_HELP_STRING([--enable-install-tests],[install tests])],,
-   [ enable_install_tests="no" ])
-- 
-2.35.1
-
--- a/package/libqb/libqb.hash
+++ b/package/libqb/libqb.hash
@ -1,5 +1,5 @@
-# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.6/libqb-2.0.6.sha256
-sha256  f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c  libqb-2.0.6.tar.xz
+# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.8/libqb-2.0.8.sha256
+sha256  b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6  libqb-2.0.8.tar.xz

 # Locally calculated
 sha256  00a89b0d18aacd4114decf79122db87bf35bddaf2bc50e383c9c9f4c263390b2  COPYING
--- a/package/libqb/libqb.mk
+++ b/package/libqb/libqb.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBQB_VERSION = 2.0.6
+LIBQB_VERSION = 2.0.8
 LIBQB_SOURCE = libqb-$(LIBQB_VERSION).tar.xz
 LIBQB_SITE = \
 	https://github.com/ClusterLabs/libqb/releases/download/v$(LIBQB_VERSION)
@ -12,8 +12,6 @@ LIBQB_LICENSE = LGPL-2.1+
 LIBQB_LICENSE_FILES = COPYING
 LIBQB_CPE_ID_VENDOR = clusterlabs
 LIBQB_INSTALL_STAGING = YES
-# We're patching configure.ac
-LIBQB_AUTORECONF = YES
 LIBQB_CONF_OPTS = --disable-tests
 LIBQB_DEPENDENCIES = libxml2