package/libqb: security bump to version 2.0.8

- Fix CVE-2023-39976: log_blackbox.c in libqb before 2.0.8 allows a
  buffer overflow via long log messages because the header size is not
  considered.
- Drop patch (already in version) and so autoreconf

https://github.com/ClusterLabs/libqb/compare/v2.0.6...v2.0.8
https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7
https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2023-09-15 00:06:48 +02:00 committed by Yann E. MORIN
parent e4572cc705
commit c89d7a2daf
4 changed files with 3 additions and 68 deletions

View File

@ -746,7 +746,6 @@ package/libpjsip/0002-Merge-pull-request-from-GHSA-cxwq-5g9x-x7fr.patch Upstream
package/libplatform/0001-cmake-require-c-11-as-the-minimum-standard.patch Upstream
package/libpng/0001-Disable-pngfix-and-png-fix-itxt.patch Upstream
package/libpthsem/0001-fix-build-on-linux-3.x-host.patch Upstream
package/libqb/0001-Add-disable-tests-option.patch Upstream
package/libressl/0001-always-expose-SSL_OP_NO_TLSv1_3.patch Upstream
package/libroxml/0001-src-roxml_mem.h-add-missing-extern.patch Upstream
package/librsvg/0001-gdk-pixbuf-loader-Makefile.am-set-GDK_PIXBUF_MODULED.patch Upstream

View File

@ -1,62 +0,0 @@
From 051d9cfe8f365e30affc6476ed79b9e04a6b15ad Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 4 Nov 2022 00:27:50 +0100
Subject: [PATCH] Add --disable-tests option
Add --disable-tests to allow the user to disable tests. As a
side-effect, this will avoid the following build failure when check is
found:
libstat_wrapper.c:11:10: fatal error: gnu/lib-names.h: No such file or directory
11 | #include <gnu/lib-names.h>
| ^~~~~~~~~~~~~~~~~
This build failure is raised since version 2.0.5 and
https://github.com/ClusterLabs/libqb/commit/78df90b180740712d0c90b6d982b78241cc99d72
Fixes:
- http://autobuild.buildroot.org/results/450cfc36d4fd6dc71c138bec45f05b5a2d92a08d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/ClusterLabs/libqb/pull/475]
---
Makefile.am | 6 +++++-
configure.ac | 5 +++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index a08b1d2..6a710a0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -39,7 +39,11 @@ ACLOCAL_AMFLAGS = -I m4
dist_doc_DATA = COPYING INSTALL README.markdown
-SUBDIRS = include lib doxygen2man docs tools tests examples
+SUBDIRS = include lib doxygen2man docs tools examples
+
+if ENABLE_TESTS
+SUBDIRS += tests
+endif
dist-clean-local:
rm -f .snapshot-version autoconf automake autoheader
diff --git a/configure.ac b/configure.ac
index ac44b7e..4946008 100644
--- a/configure.ac
+++ b/configure.ac
@@ -562,6 +562,11 @@ AC_ARG_WITH([force-sockets-config-file],
[ FORCESOCKETSFILE="$withval" ],
[ FORCESOCKETSFILE="$sysconfdir/libqb/force-filesystem-sockets" ])
+AC_ARG_ENABLE([tests],
+ [AS_HELP_STRING([--disable-tests],[disable tests])],,
+ [ enable_tests="yes" ])
+AM_CONDITIONAL([ENABLE_TESTS], [test x$enable_tests = xyes])
+
AC_ARG_ENABLE([install-tests],
[AS_HELP_STRING([--enable-install-tests],[install tests])],,
[ enable_install_tests="no" ])
--
2.35.1

View File

@ -1,5 +1,5 @@
# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.6/libqb-2.0.6.sha256
sha256 f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c libqb-2.0.6.tar.xz
# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.8/libqb-2.0.8.sha256
sha256 b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6 libqb-2.0.8.tar.xz
# Locally calculated
sha256 00a89b0d18aacd4114decf79122db87bf35bddaf2bc50e383c9c9f4c263390b2 COPYING

View File

@ -4,7 +4,7 @@
#
################################################################################
LIBQB_VERSION = 2.0.6
LIBQB_VERSION = 2.0.8
LIBQB_SOURCE = libqb-$(LIBQB_VERSION).tar.xz
LIBQB_SITE = \
https://github.com/ClusterLabs/libqb/releases/download/v$(LIBQB_VERSION)
@ -12,8 +12,6 @@ LIBQB_LICENSE = LGPL-2.1+
LIBQB_LICENSE_FILES = COPYING
LIBQB_CPE_ID_VENDOR = clusterlabs
LIBQB_INSTALL_STAGING = YES
# We're patching configure.ac
LIBQB_AUTORECONF = YES
LIBQB_CONF_OPTS = --disable-tests
LIBQB_DEPENDENCIES = libxml2