From d473ce2a5966c27b0b69ffc7d2a5da819eb2940c9c62e1ff94a3bf948697e229 Mon Sep 17 00:00:00 2001
From: Peter Varkoly <varkoly@suse.com>
Date: Wed, 7 Apr 2021 12:16:45 +0000
Subject: [PATCH] - Update to 2.0+git.1600444747.83b3644:   * VUL-1:
 CVE-2019-15522: csync2: daemon fails to enforce TLS     (bsc#1147137)   * use
 standard %lld instead of non-standard %Ld format specifier   * try to avoid
 (temporary) -rw------- root:root files on receiving side   * fix diff mode
 truncation to first 512 byte   * disable xinetd template by default as
 preparation for systemd socket unit   * add systemd csync2.socket and
 csync2@.service templates   * escape peername in SQL statements - Remove
 patches contained by update:   * 0003-Set-AC_PROG_CPP-in-configure.ac.patch  
 * 0002-Patch-sonames.patch   * 0001-Add-COPYING-as-docfile.patch

OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/csync2?expand=0&rev=55
---
 0001-Add-COPYING-as-docfile.patch          | 25 ------
 0002-Patch-sonames.patch                   | 93 ----------------------
 0003-Set-AC_PROG_CPP-in-configure.ac.patch | 24 ------
 csync2-2.0+git.1542296533.b974921.tar.bz2  |  3 -
 csync2-2.0+git.1600444747.83b3644.tar.bz2  |  3 +
 csync2.changes                             | 17 ++++
 csync2.socket                              |  6 --
 csync2.spec                                | 20 +----
 csync2@.service                            |  9 ---
 9 files changed, 24 insertions(+), 176 deletions(-)
 delete mode 100644 0001-Add-COPYING-as-docfile.patch
 delete mode 100644 0002-Patch-sonames.patch
 delete mode 100644 0003-Set-AC_PROG_CPP-in-configure.ac.patch
 delete mode 100644 csync2-2.0+git.1542296533.b974921.tar.bz2
 create mode 100644 csync2-2.0+git.1600444747.83b3644.tar.bz2
 delete mode 100644 csync2.socket
 delete mode 100644 csync2@.service

diff --git a/0001-Add-COPYING-as-docfile.patch b/0001-Add-COPYING-as-docfile.patch
deleted file mode 100644
index b61374d..0000000
--- a/0001-Add-COPYING-as-docfile.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 2488638523147ff0a4fc0643736153d1cb015334 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:09:16 +0200
-Subject: [PATCH 1/3] Add COPYING as docfile
-
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index a938da6..e25d1d4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -40,7 +40,7 @@ CLEANFILES = cfgfile_parser.c cfgfile_parser.h cfgfile_scanner.c	\
- 
- DISTCLEANFILES = config.status config.h .deps/*.Po stamp-h1 Makefile Makefile.in configure
- 
--docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc
-+docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc COPYING
- 
- doc_DATA = $(docfiles)
- dist_doc_DATA = $(docfiles)
--- 
-2.21.0
-
diff --git a/0002-Patch-sonames.patch b/0002-Patch-sonames.patch
deleted file mode 100644
index e5f4d46..0000000
--- a/0002-Patch-sonames.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 61fc9b93569fd17399404eebe68f8b45b07e1d86 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:10:23 +0200
-Subject: [PATCH 2/3] Patch sonames
-
----
- db_mysql.c    |  8 ++++----
- db_postgres.c |  8 ++++----
- db_sqlite2.c  | 11 ++++-------
- 3 files changed, 12 insertions(+), 15 deletions(-)
-
-diff --git a/db_mysql.c b/db_mysql.c
-index 9570fd0..21e5887 100644
---- a/db_mysql.c
-+++ b/db_mysql.c
-@@ -53,16 +53,16 @@ static void *dl_handle;
- 
- static void db_mysql_dlopen(void)
- {
--	csync_debug(2, "Opening shared library libmysqlclient.so\n");
--	dl_handle = dlopen("libmysqlclient.so", RTLD_LAZY);
-+	csync_debug(2, "Opening shared library libmysqlclient.so.18\n");
-+	dl_handle = dlopen("libmysqlclient.so.18", RTLD_LAZY);
- 	if (dl_handle == NULL) {
- 		csync_fatal
--		    ("Could not open libmysqlclient.so: %s\n"
-+		    ("Could not open libmysqlclient.so.18: %s\n"
- 		     "Please install Mysql client library (libmysqlclient) or use other database (sqlite, postgres)\n",
- 		     dlerror());
- 	}
- 
--	csync_debug(2, "Reading symbols from shared library libmysqlclient.so\n");
-+	csync_debug(2, "Reading symbols from shared library libmysqlclient.so.18\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, mysql_init);
- 	LOOKUP_SYMBOL(dl_handle, mysql_real_connect);
-diff --git a/db_postgres.c b/db_postgres.c
-index 5aa3355..beea8ae 100644
---- a/db_postgres.c
-+++ b/db_postgres.c
-@@ -58,16 +58,16 @@ static void *dl_handle;
- 
- static void db_postgres_dlopen(void)
- {
--	csync_debug(2, "Opening shared library libpq.so\n");
-+	csync_debug(2, "Opening shared library libpq.so.5\n");
- 
--	dl_handle = dlopen("libpq.so", RTLD_LAZY);
-+	dl_handle = dlopen("libpq.so.5", RTLD_LAZY);
- 	if (dl_handle == NULL) {
- 		csync_fatal
--		    ("Could not open libpq.so: %s\n"
-+		    ("Could not open libpq.so.5: %s\n"
- 		     "Please install postgres client library (libpg) or use other database (sqlite, mysql)\n",
- 		     dlerror());
- 	}
--	csync_debug(2, "Reading symbols from shared library libpq.so\n");
-+	csync_debug(2, "Reading symbols from shared library libpq.so.5\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, PQconnectdb);
- 	LOOKUP_SYMBOL(dl_handle, PQstatus);
-diff --git a/db_sqlite2.c b/db_sqlite2.c
-index 577cbcb..485b065 100644
---- a/db_sqlite2.c
-+++ b/db_sqlite2.c
-@@ -54,20 +54,17 @@ static void *dl_handle;
- 
- static void db_sqlite_dlopen(void)
- {
--	csync_debug(2, "Opening shared library libsqlite.so\n");
-+	csync_debug(2, "Opening shared library libsqlite.so.0\n");
- 
--	dl_handle = dlopen("libsqlite.so", RTLD_LAZY);
-+	dl_handle = dlopen("libsqlite.so.0", RTLD_LAZY);
- 	if (dl_handle == NULL) {
--		csync_debug(1, "Libsqlite.so not found, trying libsqlite.so.0\n");
--		dl_handle = dlopen("libsqlite.so.0", RTLD_LAZY);
--		if (dl_handle == NULL) {
- 			csync_fatal
--			    ("Could not open libsqlite.so: %s\n"
-+			    ("Could not open libsqlite.so.0: %s\n"
- 			     "Please install sqlite client library (libsqlite) or use other database (postgres, mysql)\n",
- 			     dlerror());
- 		}
- 	}
--	csync_debug(2, "Opening shared library libsqlite.so\n");
-+	csync_debug(2, "Opening shared library libsqlite.so.0\n");
- 
- 	LOOKUP_SYMBOL(dl_handle, sqlite_open);
- 	LOOKUP_SYMBOL(dl_handle, sqlite_close);
--- 
-2.21.0
-
diff --git a/0003-Set-AC_PROG_CPP-in-configure.ac.patch b/0003-Set-AC_PROG_CPP-in-configure.ac.patch
deleted file mode 100644
index d6ddab6..0000000
--- a/0003-Set-AC_PROG_CPP-in-configure.ac.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From a1b5fdcd3b641717cdb0bfa2342d265831dc86e1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
-Date: Mon, 27 May 2019 07:11:21 +0200
-Subject: [PATCH 3/3] Set AC_PROG_CPP in configure.ac
-
----
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index 3d2c27d..169e302 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -29,6 +29,7 @@ AM_CONFIG_HEADER(config.h)
- 
- # Checks for programs.
- AC_PROG_CC
-+AC_PROG_CPP
- AC_PROG_INSTALL
- AC_PROG_YACC
- AM_PROG_LEX
--- 
-2.21.0
-
diff --git a/csync2-2.0+git.1542296533.b974921.tar.bz2 b/csync2-2.0+git.1542296533.b974921.tar.bz2
deleted file mode 100644
index 0987db4..0000000
--- a/csync2-2.0+git.1542296533.b974921.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a5b0dfcc0aa2c9231e88b489e9d2cdcd5d1a08b62fe7cd513566a160fdeb485
-size 91448
diff --git a/csync2-2.0+git.1600444747.83b3644.tar.bz2 b/csync2-2.0+git.1600444747.83b3644.tar.bz2
new file mode 100644
index 0000000..88df0af
--- /dev/null
+++ b/csync2-2.0+git.1600444747.83b3644.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:25601c3922604cc5494c1bb0c8798689a28e33d39207a0521e6e2f04759a4c00
+size 93711
diff --git a/csync2.changes b/csync2.changes
index 700a351..a9cc0ea 100644
--- a/csync2.changes
+++ b/csync2.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Apr  7 09:58:51 UTC 2021 - Peter Varkoly <varkoly@suse.com>
+
+- Update to 2.0+git.1600444747.83b3644:
+  * VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
+    (bsc#1147137)
+  * use standard %lld instead of non-standard %Ld format specifier
+  * try to avoid (temporary) -rw------- root:root files on receiving side
+  * fix diff mode truncation to first 512 byte
+  * disable xinetd template by default as preparation for systemd socket unit
+  * add systemd csync2.socket and csync2@.service templates
+  * escape peername in SQL statements
+- Remove patches contained by update:
+  * 0003-Set-AC_PROG_CPP-in-configure.ac.patch
+  * 0002-Patch-sonames.patch
+  * 0001-Add-COPYING-as-docfile.patch
+
 -------------------------------------------------------------------
 Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>
 
diff --git a/csync2.socket b/csync2.socket
deleted file mode 100644
index 80d7190..0000000
--- a/csync2.socket
+++ /dev/null
@@ -1,6 +0,0 @@
-[Socket]
-ListenStream=30865
-Accept=yes
-
-[Install]
-WantedBy=sockets.target
diff --git a/csync2.spec b/csync2.spec
index 2f4c212..3fa146c 100644
--- a/csync2.spec
+++ b/csync2.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package csync2
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,24 +17,16 @@
 
 
 Name:           csync2
-Version:        2.0+git.1542296533.b974921
+Version:        2.0+git.1600444747.83b3644
 Release:        0
 Summary:        Cluster synchronization tool
 License:        GPL-2.0-or-later
 Group:          Productivity/Clustering/HA
-Url:            http://oss.linbit.com/csync2/
+URL:            http://oss.linbit.com/csync2/
 #Source0:       http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        csync2-README.quickstart
 Source2:        csync2-rm-ssl-cert
-Source3:        csync2.socket
-Source4:        csync2@.service
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- fix ugly ./configure warnings about missing headers
-Patch10:        0003-Set-AC_PROG_CPP-in-configure.ac.patch
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- use properly versioned sonames in dlopen()
-Patch12:        0002-Patch-sonames.patch
-# PATCH-FIX-UPSTREAM -- tserong@suse.com -- ensure COPYING is present in docfiles and thus %doc
-Patch13:        0001-Add-COPYING-as-docfile.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -59,14 +51,12 @@ It is expedient for HA-clusters, HPC-clusters, COWs and server farms.
 
 %prep
 %setup -q
-%patch10 -p1
-%patch12 -p1
-%patch13 -p1
 
 %build
 autoreconf -fvi
 %configure \
     --enable-sqlite3 \
+    --enable-systemd \
     --sysconfdir=%{_sysconfdir}/csync2 \
     --docdir=%{_docdir}/%{name}
 make %{?_smp_mflags}
@@ -77,8 +67,6 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/csync2
 install -p -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/README.quickstart
 install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert
 mkdir -p %{buildroot}%{_unitdir}
-install -p -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/
-install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/
 # We need these empty files to be able to %%ghost them
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
diff --git a/csync2@.service b/csync2@.service
deleted file mode 100644
index 83d9176..0000000
--- a/csync2@.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=csync2 connection handler
-After=syslog.target
-
-[Service]
-ExecStart=-/usr/sbin/csync2 -i -v
-StandardInput=socket
-StandardOutput=socket
-