package/netatalk: security bump to version 3.1.17

- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
  9bd45cc06e
  6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
  execute arbitrary code on affected installations of Netatalk.
  Authentication is not required to exploit this vulnerability. The
  specific flaw exists within the dsi_writeinit function. The issue
  results from the lack of proper validation of the length of
  user-supplied data prior to copying it to a fixed-length heap-based
  buffer. An attacker can leverage this vulnerability to execute code in
  the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
  heap-based buffer overflow resulting in code execution via a crafted
  .appl file. This provides remote root access on some platforms such as
  FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()

https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

.checkpackageignore

@@ -947,8 +947,6 @@ package/neard/S53neard Indent Shellcheck Variables
 package/neardal/0001-lib-neardal.h-fix-build-with-gcc-10.patch Upstream
 package/neon/0001-Revert-Advertise-TS_SSL-feature-with-OpenSSL-1.1.0.patch Upstream
 package/neon/0002-configure.ac-fix-autoreconf.patch Upstream
-package/netatalk/0001-Fix-setting-of-LD_LIBRARY_FLAGS-shlibpath_var.patch Upstream
-package/netatalk/0002-etc-uams-openssl_compat.h-fix-build-with-libressl-2..patch Upstream
 package/netatalk/S50netatalk EmptyLastLine Indent Variables
 package/netcat/0001-signed-bit-counting.patch Sob Upstream
 package/netopeer2/S52netopeer2 Shellcheck Variables

package/netatalk/0001-Fix-setting-of-LD_LIBRARY_FLAGS-shlibpath_var.patch

@@ -1,48 +0,0 @@
-From 60d100713b5289948e9cdf5b0646ff3cdd2c206b Mon Sep 17 00:00:00 2001
-From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
-Date: Mon, 17 Dec 2012 22:32:44 +0100
-Subject: [PATCH] Fix setting of LD_LIBRARY_FLAGS ($shlibpath_var).
-
-LD_LIBRARY_PATH should not be set when cross-compiling, because it
-adds the cross-libraries to the build's LD-path.
-
-Also the restoring of LD_LIBRARY_PATH was done incorrectly: it would
-set LD_LIBRARY_PATH=LD_LIBRARY_PATH.
-
-Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
----
- macros/db3-check.m4 |    6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/macros/db3-check.m4 b/macros/db3-check.m4
-index 902220b..d5a5446 100644
---- a/macros/db3-check.m4
-+++ b/macros/db3-check.m4
-@@ -94,7 +94,7 @@ if test "x$bdb_required" = "xyes"; then
-     savedldflags="$LDFLAGS"
-     savedcppflags="$CPPFLAGS"
-     savedlibs="$LIBS"
--    saved_shlibpath_var=$shlibpath_var
-+    eval saved_shlibpath_var=\$$shlibpath_var
- 
-     dnl required BDB version: 4.6, because of cursor API change
-     DB_MAJOR_REQ=4
-@@ -148,7 +148,7 @@ if test "x$bdb_required" = "xyes"; then
-                         dnl -- LD_LIBRARY_PATH on many platforms. This will be fairly
-                         dnl -- portable hopefully. Reference:
-                         dnl -- http://lists.gnu.org/archive/html/autoconf/2009-03/msg00040.html
--                        eval export $shlibpath_var=$bdblibdir
-+                        test "$cross_compiling" = yes || eval export $shlibpath_var=$bdblibdir
-                         NETATALK_BDB_TRY_LINK
-                         eval export $shlibpath_var=$saved_shlibpath_var
- 
-@@ -171,7 +171,7 @@ if test "x$bdb_required" = "xyes"; then
-                            CPPFLAGS="-I${bdbdir}/include${subdir} $CPPFLAGS"
-                            LDFLAGS="-L$bdblibdir $LDFLAGS"
- 
--                           eval export $shlibpath_var=$bdblibdir
-+                           test "$cross_compiling" = yes || eval export $shlibpath_var=$bdblibdir
-                            NETATALK_BDB_TRY_LINK
-                            eval export $shlibpath_var=$saved_shlibpath_var
- 
--- 

package/netatalk/0002-etc-uams-openssl_compat.h-fix-build-with-libressl-2..patch

@@ -1,43 +0,0 @@
-From 58ddc137021a938f37c3794305a839f8df449d3f Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Tue, 5 Apr 2022 23:59:15 +0200
-Subject: [PATCH] etc/uams/openssl_compat.h: fix build with libressl >= 2.7.0
-
-Fix the following build failure with libressl >= 2.7.0 which added
-DH_set0_pqg with
-https://github.com/libressl-portable/openbsd/commit/848e2a019c796b685fc8c5848283b86e48fbe0bf:
-
-In file included from uams_dhx_passwd.c:35:
-openssl_compat.h:15:19: error: static declaration of 'DH_set0_pqg' follows non-static declaration
-   15 | inline static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-      |                   ^~~~~~~~~~~
-In file included from uams_dhx_passwd.c:33:
-/home/autobuild/autobuild/instance-2/output-1/host/mips64-buildroot-linux-uclibc/sysroot/usr/include/openssl/dh.h:195:5: note: previous declaration of 'DH_set0_pqg' was here
-  195 | int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-      |     ^~~~~~~~~~~
-
-Fixes:
- - http://autobuild.buildroot.org/results/fc6e308f346570f8198542602bc8c1bdd0a4869e
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not sent yet]
----
- etc/uams/openssl_compat.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/etc/uams/openssl_compat.h b/etc/uams/openssl_compat.h
-index ded377bc..5cc8de34 100644
---- a/etc/uams/openssl_compat.h
-+++ b/etc/uams/openssl_compat.h
-@@ -11,7 +11,7 @@ http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
- #ifndef OPENSSL_COMPAT_H
- #define OPENSSL_COMPAT_H
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000L)
- inline static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
- {
-    /* If the fields p and g in d are NULL, the corresponding input
--- 
-2.35.1
-

package/netatalk/netatalk.hash

@@ -1,7 +1,7 @@
-# From http://sourceforge.net/projects/netatalk/files/netatalk/3.1.13/
-md5  697421623c32ee0ab9c8076191766e5f  netatalk-3.1.13.tar.bz2
-sha1  16dd7fa84962a44b36b795b8c44393e728785947  netatalk-3.1.13.tar.bz2
+# From http://sourceforge.net/projects/netatalk/files/netatalk/3.1.17/
+md5  a6429a28948f85b69c9012fb437dd9c2  netatalk-3.1.17.tar.xz
+sha1  bc6578d9fa874b3816fd4ddd60a30a8f3aadc71d  netatalk-3.1.17.tar.xz
 # Locally computed
-sha256  89ada6bcfe1b39ad94f58c236654d1d944f2645c3e7de98b3374e0bd37d5e05d  netatalk-3.1.13.tar.bz2
-sha256  32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670  COPYING
+sha256  8c208e2c94bf3047db33cdbc3ce4325d2b80db61d6cc527f18f9dbd8e95b5cff  netatalk-3.1.17.tar.xz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  7599ae145e53be03a08f8b558b2f2e0c828e1630f1843cc04f41981b8cefcd65  COPYRIGHT

package/netatalk/netatalk.mk

@@ -4,11 +4,9 @@
 #
 ################################################################################
 
-NETATALK_VERSION = 3.1.13
-NETATALK_SITE = http://downloads.sourceforge.net/project/netatalk/netatalk/$(NETATALK_VERSION)
-NETATALK_SOURCE = netatalk-$(NETATALK_VERSION).tar.bz2
-# For 0001-Fix-setting-of-LD_LIBRARY_FLAGS-shlibpath_var.patch
-NETATALK_AUTORECONF = YES
+NETATALK_VERSION = 3.1.17
+NETATALK_SITE = http://downloads.sourceforge.net/project/netatalk/netatalk-$(subst .,-,$(NETATALK_VERSION))
+NETATALK_SOURCE = netatalk-$(NETATALK_VERSION).tar.xz
 NETATALK_CONFIG_SCRIPTS = netatalk-config
 NETATALK_DEPENDENCIES = host-pkgconf openssl berkeleydb libgcrypt libgpg-error \
 	libevent