devel/libqb: update 2.0.6 → 2.0.8, fix CVE-2023-39976, take maintainership

log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. https://nvd.nist.gov/vuln/detail/CVE-2023-39976 Changelogs: https://github.com/ClusterLabs/libqb/releases/tag/v2.0.7 https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8 Improve port: remove GNU_CONFIGURE_MANPREFIX, update pkg-descr, fix warnings from portclippy. PR: 282536 MFH: 2024Q4

devel/libqb: update 2.0.6 → 2.0.8, fix CVE-2023-39976, take maintainership
c08f528c · Älven · Vladimir Druzenko · 41b83c53 · c08f528c · c08f528c
Commit c08f528c authored 5 months ago by Älven Committed by Vladimir Druzenko 5 months ago
--- a/devel/libqb/Makefile
+++ b/devel/libqb/Makefile
 PORTNAME=		libqb
-DISTVERSION=		2.0.6
-PORTREVISION=		1
+DISTVERSION=		2.0.8
 CATEGORIES=		devel
 MASTER_SITES=		https://github.com/ClusterLabs/${PORTNAME}/releases/download/v${DISTVERSION}/

-MAINTAINER=		ports@FreeBSD.org
+MAINTAINER=		alster@vinterdalen.se
 COMMENT=		High performance logging, tracing, ipc, and polling library
 WWW=			https://github.com/ClusterLabs/libqb/wiki

@@ -13,32 +12,33 @@ LICENSE_FILE=		${WRKSRC}/COPYING

 TEST_DEPENDS=		checkmk:devel/check

-GROUPS=			haclient
-
-QB_SOCKET_DIR?=		/var/run/qb
-PLIST_SUB+=		QB_SOCKET_DIR=${QB_SOCKET_DIR}
-
 USES=			cpe gmake gnome libtool pkgconfig python tar:xz
 CPE_VENDOR=		clusterlabs
-GNU_CONFIGURE=		yes
-GNU_CONFIGURE_MANPREFIX=       ${PREFIX}/share
 USE_GNOME=		libxml2
 USE_LDCONFIG=		yes

+GNU_CONFIGURE=		yes
 CONFIGURE_ARGS=		--with-socket-dir=${QB_SOCKET_DIR} \
 			PACKAGE_STRING="${PORTNAME} ${DISTVERSION}" \
 			PACKAGE_VERSION=${DISTVERSION}
-LDFLAGS=		-B${LOCALBASE}/bin

 INSTALL_TARGET=		install-strip
 TEST_TARGET=		check

+LDFLAGS+=		-B${LOCALBASE}/bin
+
+GROUPS=			haclient
+
+PLIST_SUB+=		QB_SOCKET_DIR=${QB_SOCKET_DIR}
+
 OPTIONS_DEFINE=		DOCS DOXYGEN
 OPTIONS_SUB=		yes

 DOXYGEN_IMPLIES=	DOCS
 DOXYGEN_BUILD_DEPENDS=	doxygen:devel/doxygen

+QB_SOCKET_DIR?=		/var/run/qb
+
 post-configure:
 	${REINPLACE_CMD} -e 's/install: install-am/install:/g' ${WRKSRC}/doxygen2man/Makefile


--- a/devel/libqb/distinfo
+++ b/devel/libqb/distinfo
-TIMESTAMP = 1678190523
-SHA256 (libqb-2.0.6.tar.xz) = f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c
-SIZE (libqb-2.0.6.tar.xz) = 507400
+TIMESTAMP = 1730659822
+SHA256 (libqb-2.0.8.tar.xz) = b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6
+SIZE (libqb-2.0.8.tar.xz) = 521600
--- a/devel/libqb/files/patch-configure
+++ b/devel/libqb/files/patch-configure
--- configure.orig	2022-01-19 20:58:44 UTC
-+++ configure
-@@ -21201,7 +21201,7 @@ done
- 
- CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
- LIBS="$LIBS $PTHREAD_LIBS"
-for ac_func in pthread_spin_lock pthread_setschedparam \
-+for ac_func in pthread_setschedparam \
- 		pthread_mutexattr_setpshared \
- 		pthread_condattr_setpshared \
- 		sem_timedwait semtimedop
--- a/devel/libqb/pkg-descr
+++ b/devel/libqb/pkg-descr
-libqb is a library with the primary purpose of providing high performance
-client server reusable features. It provides high performance logging, tracing,
-ipc, and poll.
+libqb is a library with the primary purpose of providing high-performance,
+reusable features for client-server architecture, such as logging, tracing,
+inter-process communication (IPC), and polling.
+
+libqb is not intended to be an all-encompassing library, but instead provide
+focused APIs that are highly tuned for maximum performance for client-server
+applications.
--- a/devel/libqb/pkg-plist
+++ b/devel/libqb/pkg-plist
@@ -15,7 +15,7 @@ include/qb/qbutil.h
 lib/libqb.a
 lib/libqb.so
 lib/libqb.so.100
-lib/libqb.so.100.3.0
+lib/libqb.so.100.3.2
 libdata/pkgconfig/libqb.pc
 sbin/qb-blackbox
 %%PORTDOCS%%%%DOCSDIR%%/COPYING