- Update to 2.0+git.1600444747.83b3644:

* VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS (bsc#1147137) * use standard %lld instead of non-standard %Ld format specifier * try to avoid (temporary) -rw------- root:root files on receiving side * fix diff mode truncation to first 512 byte * disable xinetd template by default as preparation for systemd socket unit * add systemd csync2.socket and csync2@.service templates * escape peername in SQL statements - Remove patches contained by update: * 0003-Set-AC_PROG_CPP-in-configure.ac.patch * 0002-Patch-sonames.patch * 0001-Add-COPYING-as-docfile.patch OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/csync2?expand=0&rev=55
2021-04-07 12:16:45 +00:00 · 2021-04-07 12:16:45 +00:00 · d473ce2a59
commit d473ce2a59
parent 0c9cf12eda
9 changed files with 24 additions and 176 deletions
--- a/0001-Add-COPYING-as-docfile.patch
+++ b/0001-Add-COPYING-as-docfile.patch
@ -1,25 +0,0 @@
-From 2488638523147ff0a4fc0643736153d1cb015334 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:09:16 +0200
-Subject: [PATCH 1/3] Add COPYING as docfile
-
---
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index a938da6..e25d1d4 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -40,7 +40,7 @@ CLEANFILES = cfgfile_parser.c cfgfile_parser.h cfgfile_scanner.c	\
- 
- DISTCLEANFILES = config.status config.h .deps/*.Po stamp-h1 Makefile Makefile.in configure
- 
-docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc
-+docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc COPYING
- 
- doc_DATA = $(docfiles)
- dist_doc_DATA = $(docfiles)
-- 
-2.21.0
-
--- a/0002-Patch-sonames.patch
+++ b/0002-Patch-sonames.patch
@ -1,93 +0,0 @@
-From 61fc9b93569fd17399404eebe68f8b45b07e1d86 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:10:23 +0200
-Subject: [PATCH 2/3] Patch sonames
-
---
- db_mysql.c    |  8 ++++----
- db_postgres.c |  8 ++++----
- db_sqlite2.c  | 11 ++++-------
- 3 files changed, 12 insertions(+), 15 deletions(-)
-
-diff --git a/db_mysql.c b/db_mysql.c
-index 9570fd0..21e5887 100644
--- a/db_mysql.c
-+++ b/db_mysql.c
-@@ -53,16 +53,16 @@ static void *dl_handle;
- 
- static void db_mysql_dlopen(void)
- {
-	csync_debug(2, "Opening shared library libmysqlclient.so\n");
-	dl_handle = dlopen("libmysqlclient.so", RTLD_LAZY);
-+	csync_debug(2, "Opening shared library libmysqlclient.so.18\n");
-+	dl_handle = dlopen("libmysqlclient.so.18", RTLD_LAZY);
- 	if (dl_handle == NULL) {
- 		csync_fatal
-		    ("Could not open libmysqlclient.so: %s\n"
-+		    ("Could not open libmysqlclient.so.18: %s\n"
- 		     "Please install Mysql client library (libmysqlclient) or use other database (sqlite, postgres)\n",
- 		     dlerror());
- 	}
- 
-	csync_debug(2, "Reading symbols from shared library libmysqlclient.so\n");
-+	csync_debug(2, "Reading symbols from shared library libmysqlclient.so.18\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, mysql_init);
- 	LOOKUP_SYMBOL(dl_handle, mysql_real_connect);
-diff --git a/db_postgres.c b/db_postgres.c
-index 5aa3355..beea8ae 100644
--- a/db_postgres.c
-+++ b/db_postgres.c
-@@ -58,16 +58,16 @@ static void *dl_handle;
- 
- static void db_postgres_dlopen(void)
- {
-	csync_debug(2, "Opening shared library libpq.so\n");
-+	csync_debug(2, "Opening shared library libpq.so.5\n");
- 
-	dl_handle = dlopen("libpq.so", RTLD_LAZY);
-+	dl_handle = dlopen("libpq.so.5", RTLD_LAZY);
- 	if (dl_handle == NULL) {
- 		csync_fatal
-		    ("Could not open libpq.so: %s\n"
-+		    ("Could not open libpq.so.5: %s\n"
- 		     "Please install postgres client library (libpg) or use other database (sqlite, mysql)\n",
- 		     dlerror());
- 	}
-	csync_debug(2, "Reading symbols from shared library libpq.so\n");
-+	csync_debug(2, "Reading symbols from shared library libpq.so.5\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, PQconnectdb);
- 	LOOKUP_SYMBOL(dl_handle, PQstatus);
-diff --git a/db_sqlite2.c b/db_sqlite2.c
-index 577cbcb..485b065 100644
--- a/db_sqlite2.c
-+++ b/db_sqlite2.c
-@@ -54,20 +54,17 @@ static void *dl_handle;
- 
- static void db_sqlite_dlopen(void)
- {
-	csync_debug(2, "Opening shared library libsqlite.so\n");
-+	csync_debug(2, "Opening shared library libsqlite.so.0\n");
- 
-	dl_handle = dlopen("libsqlite.so", RTLD_LAZY);
-+	dl_handle = dlopen("libsqlite.so.0", RTLD_LAZY);
- 	if (dl_handle == NULL) {
-		csync_debug(1, "Libsqlite.so not found, trying libsqlite.so.0\n");
-		dl_handle = dlopen("libsqlite.so.0", RTLD_LAZY);
-		if (dl_handle == NULL) {
- 			csync_fatal
-			    ("Could not open libsqlite.so: %s\n"
-+			    ("Could not open libsqlite.so.0: %s\n"
- 			     "Please install sqlite client library (libsqlite) or use other database (postgres, mysql)\n",
- 			     dlerror());
- 		}
- 	}
-	csync_debug(2, "Opening shared library libsqlite.so\n");
-+	csync_debug(2, "Opening shared library libsqlite.so.0\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, sqlite_open);
- 	LOOKUP_SYMBOL(dl_handle, sqlite_close);
-- 
-2.21.0
-
--- a/0003-Set-AC_PROG_CPP-in-configure.ac.patch
+++ b/0003-Set-AC_PROG_CPP-in-configure.ac.patch
@ -1,24 +0,0 @@
-From a1b5fdcd3b641717cdb0bfa2342d265831dc86e1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:11:21 +0200
-Subject: [PATCH 3/3] Set AC_PROG_CPP in configure.ac
-
---
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index 3d2c27d..169e302 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -29,6 +29,7 @@ AM_CONFIG_HEADER(config.h)
- 
- # Checks for programs.
- AC_PROG_CC
-+AC_PROG_CPP
- AC_PROG_INSTALL
- AC_PROG_YACC
- AM_PROG_LEX
-- 
-2.21.0
-
--- a/csync2-2.0+git.1542296533.b974921.tar.bz2
+++ b/csync2-2.0+git.1542296533.b974921.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a5b0dfcc0aa2c9231e88b489e9d2cdcd5d1a08b62fe7cd513566a160fdeb485
-size 91448
--- a/csync2-2.0+git.1600444747.83b3644.tar.bz2
+++ b/csync2-2.0+git.1600444747.83b3644.tar.bz2
--- a/csync2.changes
+++ b/csync2.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Apr  7 09:58:51 UTC 2021 - Peter Varkoly <varkoly@suse.com>
+
+- Update to 2.0+git.1600444747.83b3644:
+  * VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
+    (bsc#1147137)
+  * use standard %lld instead of non-standard %Ld format specifier
+  * try to avoid (temporary) -rw------- root:root files on receiving side
+  * fix diff mode truncation to first 512 byte
+  * disable xinetd template by default as preparation for systemd socket unit
+  * add systemd csync2.socket and csync2@.service templates
+  * escape peername in SQL statements
+- Remove patches contained by update:
+  * 0003-Set-AC_PROG_CPP-in-configure.ac.patch
+  * 0002-Patch-sonames.patch
+  * 0001-Add-COPYING-as-docfile.patch
+
 -------------------------------------------------------------------
 Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>

--- a/csync2.socket
+++ b/csync2.socket
@ -1,6 +0,0 @@
-[Socket]
-ListenStream=30865
-Accept=yes
-
-[Install]
-WantedBy=sockets.target
--- a/csync2.spec
+++ b/csync2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package csync2
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,24 +17,16 @@


 Name:           csync2
-Version:        2.0+git.1542296533.b974921
+Version:        2.0+git.1600444747.83b3644
 Release:        0
 Summary:        Cluster synchronization tool
 License:        GPL-2.0-or-later
 Group:          Productivity/Clustering/HA
-Url:            http://oss.linbit.com/csync2/
+URL:            http://oss.linbit.com/csync2/
 #Source0:       http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        csync2-README.quickstart
 Source2:        csync2-rm-ssl-cert
-Source3:        csync2.socket
-Source4:        csync2@.service
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- fix ugly ./configure warnings about missing headers
-Patch10:        0003-Set-AC_PROG_CPP-in-configure.ac.patch
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- use properly versioned sonames in dlopen()
-Patch12:        0002-Patch-sonames.patch
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- ensure COPYING is present in docfiles and thus %doc
-Patch13:        0001-Add-COPYING-as-docfile.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@ -59,14 +51,12 @@ It is expedient for HA-clusters, HPC-clusters, COWs and server farms.

 %prep
 %setup -q
-%patch10 -p1
-%patch12 -p1
-%patch13 -p1

 %build
 autoreconf -fvi
 %configure \
    --enable-sqlite3 \
+    --enable-systemd \
    --sysconfdir=%{_sysconfdir}/csync2 \
    --docdir=%{_docdir}/%{name}
 make %{?_smp_mflags}
@ -77,8 +67,6 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/csync2
 install -p -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/README.quickstart
 install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert
 mkdir -p %{buildroot}%{_unitdir}
-install -p -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/
-install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/
 # We need these empty files to be able to %%ghost them
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
--- a/csync2@.service
+++ b/csync2@.service
@ -1,9 +0,0 @@
-[Unit]
-Description=csync2 connection handler
-After=syslog.target
-
-[Service]
-ExecStart=-/usr/sbin/csync2 -i -v
-StandardInput=socket
-StandardOutput=socket
-