[PR PATCH] csync2: add CVE-2019-15522 fix

[PR PATCH] csync2: add CVE-2019-15522 fix

[ndowens]

[-- Attachment #1: Type: text/plain, Size: 384 bytes --]

There is a new pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages csync2
https://github.com/void-linux/void-packages/pull/26308

csync2: add CVE-2019-15522 fix
Seems source doesn't exist anymore from homepage, so use github source

A patch file from https://github.com/void-linux/void-packages/pull/26308.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-csync2-26308.patch --]
[-- Type: text/x-diff, Size: 2309 bytes --]

From 3ea82d1e405cbbcc327b893cfeea332c515ec22f Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens@artixlinux.org>
Date: Wed, 11 Nov 2020 18:23:47 -0600
Subject: [PATCH] csync2: add CVE-2019-15522 fix

---
 srcpkgs/csync2/patches/CVE-2019-15522.patch | 21 +++++++++++++++++++++
 srcpkgs/csync2/template                     | 16 ++++++++++------
 2 files changed, 31 insertions(+), 6 deletions(-)
 create mode 100644 srcpkgs/csync2/patches/CVE-2019-15522.patch

diff --git a/srcpkgs/csync2/patches/CVE-2019-15522.patch b/srcpkgs/csync2/patches/CVE-2019-15522.patch
new file mode 100644
index 00000000000..3042473d046
--- /dev/null
+++ b/srcpkgs/csync2/patches/CVE-2019-15522.patch
@@ -0,0 +1,21 @@
+From 416f1de878ef97e27e27508914f7ba8599a0be22 Mon Sep 17 00:00:00 2001
+From: Malte Kraus <malte.kraus@suse.com>
+Date: Tue, 13 Aug 2019 11:25:57 +0200
+Subject: [PATCH] fail HELLO command when SSL is required
+
+---
+ daemon.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git daemon.c daemon.c
+index 2d8407d..2a1a8af 100644
+--- daemon.c
++++ daemon.c
+@@ -747,6 +747,7 @@ void csync_daemon_session()
+ 						goto conn_without_ssl_ok;
+ 				}
+ 				cmd_error = conn_response(CR_ERR_SSL_EXPECTED);
++				peer = NULL;
+ 			}
+ conn_without_ssl_ok:;
+ #endif
diff --git a/srcpkgs/csync2/template b/srcpkgs/csync2/template
index 546901fec8f..f8738551c27 100644
--- a/srcpkgs/csync2/template
+++ b/srcpkgs/csync2/template
@@ -1,15 +1,19 @@
 # Template file for 'csync2'
 pkgname=csync2
 version=2.0
-revision=3
+revision=4
+wrksrc="$pkgname-$pkgname-$version"
 build_style=gnu-configure
 conf_files="/etc/csync2.cfg"
-hostmakedepends="pkg-config"
+hostmakedepends="automake bison flex pkg-config"
 makedepends="librsync-devel sqlite-devel gnutls-devel"
-short_desc="A cluster synchronization tool"
+short_desc="Cluster synchronization tool"
 maintainer="Diogo Leal <diogo@diogoleal.com>"
-license="GPL-3"
+license="GPL-2.0-or-later"
 homepage="http://oss.linbit.com/csync2/"
-distfiles="http://oss.linbit.com/csync2/csync2-${version}.tar.gz"
-checksum=11cb37380fb185bce0c22b804fec9b01c385d9d83cc528cfd48d748453834fa2
+distfiles="https://github.com/LINBIT/csync2/archive/csync2-$version.tar.gz"
+checksum=a1c6b0364eb9f19986a92fccd369bae29aa5aa55300e0664dadaf80d80de23ff
 
+pre_configure() {
+	autoreconf -fi
+}

Re: [PR PATCH] [Closed]: csync2: add CVE-2019-15522 fix

[Piraty]

[-- Attachment #1: Type: text/plain, Size: 234 bytes --]

There's a closed pull request on the void-packages repository

csync2: add CVE-2019-15522 fix
https://github.com/void-linux/void-packages/pull/26308

Description:
Seems source doesn't exist anymore from homepage, so use github source