From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Kamel Bouhara <kamel.bouhara@gmail.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/libqb: security bump to version 2.0.8
Date: Fri, 15 Sep 2023 23:39:32 +0200 [thread overview]
Message-ID: <20230915213932.GO2571@scaer> (raw)
In-Reply-To: <20230914220648.357408-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2023-09-15 00:06 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2023-39976: log_blackbox.c in libqb before 2.0.8 allows a
> buffer overflow via long log messages because the header size is not
> considered.
> - Drop patch (already in version) and so autoreconf
>
> https://github.com/ClusterLabs/libqb/compare/v2.0.6...v2.0.8
> https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7
> https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> .checkpackageignore | 1 -
> .../libqb/0001-Add-disable-tests-option.patch | 62 -------------------
> package/libqb/libqb.hash | 4 +-
> package/libqb/libqb.mk | 4 +-
> 4 files changed, 3 insertions(+), 68 deletions(-)
> delete mode 100644 package/libqb/0001-Add-disable-tests-option.patch
>
> diff --git a/.checkpackageignore b/.checkpackageignore
> index fde8eceed2..929b972a43 100644
> --- a/.checkpackageignore
> +++ b/.checkpackageignore
> @@ -746,7 +746,6 @@ package/libpjsip/0002-Merge-pull-request-from-GHSA-cxwq-5g9x-x7fr.patch Upstream
> package/libplatform/0001-cmake-require-c-11-as-the-minimum-standard.patch Upstream
> package/libpng/0001-Disable-pngfix-and-png-fix-itxt.patch Upstream
> package/libpthsem/0001-fix-build-on-linux-3.x-host.patch Upstream
> -package/libqb/0001-Add-disable-tests-option.patch Upstream
> package/libressl/0001-always-expose-SSL_OP_NO_TLSv1_3.patch Upstream
> package/libroxml/0001-src-roxml_mem.h-add-missing-extern.patch Upstream
> package/librsvg/0001-gdk-pixbuf-loader-Makefile.am-set-GDK_PIXBUF_MODULED.patch Upstream
> diff --git a/package/libqb/0001-Add-disable-tests-option.patch b/package/libqb/0001-Add-disable-tests-option.patch
> deleted file mode 100644
> index 1afb05520d..0000000000
> --- a/package/libqb/0001-Add-disable-tests-option.patch
> +++ /dev/null
> @@ -1,62 +0,0 @@
> -From 051d9cfe8f365e30affc6476ed79b9e04a6b15ad Mon Sep 17 00:00:00 2001
> -From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -Date: Fri, 4 Nov 2022 00:27:50 +0100
> -Subject: [PATCH] Add --disable-tests option
> -
> -Add --disable-tests to allow the user to disable tests. As a
> -side-effect, this will avoid the following build failure when check is
> -found:
> -
> -libstat_wrapper.c:11:10: fatal error: gnu/lib-names.h: No such file or directory
> - 11 | #include <gnu/lib-names.h>
> - | ^~~~~~~~~~~~~~~~~
> -
> -This build failure is raised since version 2.0.5 and
> -https://github.com/ClusterLabs/libqb/commit/78df90b180740712d0c90b6d982b78241cc99d72
> -
> -Fixes:
> - - http://autobuild.buildroot.org/results/450cfc36d4fd6dc71c138bec45f05b5a2d92a08d
> -
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -[Upstream status: https://github.com/ClusterLabs/libqb/pull/475]
> ----
> - Makefile.am | 6 +++++-
> - configure.ac | 5 +++++
> - 2 files changed, 10 insertions(+), 1 deletion(-)
> -
> -diff --git a/Makefile.am b/Makefile.am
> -index a08b1d2..6a710a0 100644
> ---- a/Makefile.am
> -+++ b/Makefile.am
> -@@ -39,7 +39,11 @@ ACLOCAL_AMFLAGS = -I m4
> -
> - dist_doc_DATA = COPYING INSTALL README.markdown
> -
> --SUBDIRS = include lib doxygen2man docs tools tests examples
> -+SUBDIRS = include lib doxygen2man docs tools examples
> -+
> -+if ENABLE_TESTS
> -+SUBDIRS += tests
> -+endif
> -
> - dist-clean-local:
> - rm -f .snapshot-version autoconf automake autoheader
> -diff --git a/configure.ac b/configure.ac
> -index ac44b7e..4946008 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -562,6 +562,11 @@ AC_ARG_WITH([force-sockets-config-file],
> - [ FORCESOCKETSFILE="$withval" ],
> - [ FORCESOCKETSFILE="$sysconfdir/libqb/force-filesystem-sockets" ])
> -
> -+AC_ARG_ENABLE([tests],
> -+ [AS_HELP_STRING([--disable-tests],[disable tests])],,
> -+ [ enable_tests="yes" ])
> -+AM_CONDITIONAL([ENABLE_TESTS], [test x$enable_tests = xyes])
> -+
> - AC_ARG_ENABLE([install-tests],
> - [AS_HELP_STRING([--enable-install-tests],[install tests])],,
> - [ enable_install_tests="no" ])
> ---
> -2.35.1
> -
> diff --git a/package/libqb/libqb.hash b/package/libqb/libqb.hash
> index de247c2660..f7006ff10e 100644
> --- a/package/libqb/libqb.hash
> +++ b/package/libqb/libqb.hash
> @@ -1,5 +1,5 @@
> -# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.6/libqb-2.0.6.sha256
> -sha256 f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c libqb-2.0.6.tar.xz
> +# From https://github.com/ClusterLabs/libqb/releases/download/v2.0.8/libqb-2.0.8.sha256
> +sha256 b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6 libqb-2.0.8.tar.xz
>
> # Locally calculated
> sha256 00a89b0d18aacd4114decf79122db87bf35bddaf2bc50e383c9c9f4c263390b2 COPYING
> diff --git a/package/libqb/libqb.mk b/package/libqb/libqb.mk
> index 65d68181ee..11b5788b45 100644
> --- a/package/libqb/libqb.mk
> +++ b/package/libqb/libqb.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBQB_VERSION = 2.0.6
> +LIBQB_VERSION = 2.0.8
> LIBQB_SOURCE = libqb-$(LIBQB_VERSION).tar.xz
> LIBQB_SITE = \
> https://github.com/ClusterLabs/libqb/releases/download/v$(LIBQB_VERSION)
> @@ -12,8 +12,6 @@ LIBQB_LICENSE = LGPL-2.1+
> LIBQB_LICENSE_FILES = COPYING
> LIBQB_CPE_ID_VENDOR = clusterlabs
> LIBQB_INSTALL_STAGING = YES
> -# We're patching configure.ac
> -LIBQB_AUTORECONF = YES
> LIBQB_CONF_OPTS = --disable-tests
> LIBQB_DEPENDENCIES = libxml2
>
> --
> 2.40.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-09-15 21:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-14 22:06 [Buildroot] [PATCH 1/1] package/libqb: security bump to version 2.0.8 Fabrice Fontaine
2023-09-15 21:39 ` Yann E. MORIN [this message]
2023-09-24 19:16 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230915213932.GO2571@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
--cc=kamel.bouhara@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.