diff --git a/fix-potential-overflow-with-long-log-messages.patch b/fix-potential-overflow-with-long-log-messages.patch deleted file mode 100644 index 5c5fd35529a9b54acedb2cc90560e84fd556a8c2..0000000000000000000000000000000000000000 --- a/fix-potential-overflow-with-long-log-messages.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 1bbaa929b77113532785c408dd1b41cd0521ffc8 Mon Sep 17 00:00:00 2001 -From: Chrissie Caulfield -Date: Thu, 20 Jul 2023 07:19:01 +0100 -Subject: [PATCH] log: fix potential overflow with long log messages (#490) - -qb_vsnprintf_serialize was called with 'max_size' as the -limiting number for the length of the formatted log -message. But the buffer also needs to contain the -log header (given by 'actual_size'), so we now pass -'t->max_line_length' as the maximum length of the -formatted log message to limit space to the actual -bytes left - -Also added error checks to the blackbox calls at -the end of the test, as these now provide a proper -test that the BB is functioning. Before they were -masking failures. ---- - lib/log_blackbox.c | 4 ++-- - tests/check_log.c | 6 ++++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/lib/log_blackbox.c b/lib/log_blackbox.c -index 3e30504..8519a48 100644 ---- a/lib/log_blackbox.c -+++ b/lib/log_blackbox.c -@@ -110,8 +110,8 @@ _blackbox_vlogger(int32_t target, - chunk += sizeof(uint32_t); - - /* log message */ -- msg_len = qb_vsnprintf_serialize(chunk, max_size, cs->format, ap); -- if (msg_len >= max_size) { -+ msg_len = qb_vsnprintf_serialize(chunk, t->max_line_length, cs->format, ap); -+ if (msg_len >= t->max_line_length) { - chunk = msg_len_pt + sizeof(uint32_t); /* Reset */ - - /* Leave this at QB_LOG_MAX_LEN so as not to overflow the blackbox */ -diff --git a/tests/check_log.c b/tests/check_log.c -index 039a4bb..e5abf40 100644 ---- a/tests/check_log.c -+++ b/tests/check_log.c -@@ -832,8 +832,10 @@ START_TEST(test_log_long_msg) - qb_log(LOG_INFO, "Message %d %d - %s", lpc, lpc%600, buffer); - } - -- qb_log_blackbox_write_to_file("blackbox.dump"); -- qb_log_blackbox_print_from_file("blackbox.dump"); -+ rc = qb_log_blackbox_write_to_file("blackbox.dump"); -+ ck_assert_int_gt(rc, 0); -+ rc = qb_log_blackbox_print_from_file("blackbox.dump"); -+ ck_assert_int_le(rc, 0); - unlink("blackbox.dump"); - qb_log_fini(); - } --- -2.33.0 - diff --git a/libqb-2.0.7.tar.xz b/libqb-2.0.7.tar.xz deleted file mode 100644 index 6b0b8d49e24854a2e2597e155a4fc524de1a4e26..0000000000000000000000000000000000000000 Binary files a/libqb-2.0.7.tar.xz and /dev/null differ diff --git a/libqb-2.0.8.tar.xz b/libqb-2.0.8.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..2e3af07f5682341de4c80fa005fe4840c5f7a799 Binary files /dev/null and b/libqb-2.0.8.tar.xz differ diff --git a/libqb.spec b/libqb.spec index b355ab5275dd5de7d3741b3f4e1ae76faf5ec475..868881b9bd139e2fb02fc6bac8c3336aeb9c4a0a 100644 --- a/libqb.spec +++ b/libqb.spec @@ -1,11 +1,11 @@ Name: libqb -Version: 2.0.7 -Release: 2 +Version: 2.0.8 +Release: 1 Summary: Library providing high performance logging, tracing, ipc, and poll License: LGPLv2+ URL: https://github.com/ClusterLabs/libqb Source0: https://github.com/ClusterLabs/libqb/releases/download/v%{version}/%{name}-%{version}.tar.xz -Patch0: fix-potential-overflow-with-long-log-messages.patch + BuildRequires: autoconf automake libtool check-devel doxygen gcc procps pkgconfig(glib-2.0) BuildRequires: git-core # For doxygen2man @@ -74,6 +74,9 @@ This package contains a program to create nicely-formatted man pages from Doxyge %{_mandir}/man1/doxygen2man.1.gz %changelog +* Tue Oct 31 2023 haomimi - 2.0.8-1 +- Upgrade to 2.0.8 + * Wed Oct 18 2023 zouzhimin - 2.0.7-2 - Type:cves - ID:CVE-2023-39976