upgrade maestro to fix CVE-2021-33194

PelionIoT · Mar 18, 2022 · 3c96045 · 3c96045
1 parent ddc665f
commit 3c96045
Show file tree

Hide file tree

Showing 9 changed files with 16 additions and 78 deletions.
diff --git a/maestro/deb/build.sh b/maestro/deb/build.sh
@@ -4,10 +4,8 @@
 PELION_PACKAGE_NAME="maestro"
 PELION_PACKAGE_DIR=$(cd "`dirname \"$0\"`" && pwd)
 
-PELION_PACKAGE_PRE_BUILD_CALLBACK='select_python 2'
-
 declare -A PELION_PACKAGE_COMPONENTS=(
-    ["https://github.com/armPelionEdge/maestro.git"]="20caa5d032424a11146b7923eaaed74e80de96da")
+    ["https://github.com/armPelionEdge/maestro.git"]="718a61ce09dabc60075322e1c255c345aa7927e6")
 
 source "$PELION_PACKAGE_DIR"/../../build-env/inc/build-common.sh
 

diff --git a/maestro/deb/debian/auto_build b/maestro/deb/debian/auto_build
@@ -10,45 +10,18 @@ export CONFIG_OPTIONS="--host=${DEB_HOST_GNU_TYPE}"
 
 export CGO_ENABLED=1
 export GOPATH="`pwd`/go-workspace"
+# fix go's weird habit of checking out code read-only
+export GOFLAGS="${GOFLAGS} -modcacherw"
 
 eval `debian/goflags.guess ${DEB_HOST_ARCH}`
 
-PACKAGE=github.com/armPelionEdge/maestro
+PACKAGE=github.com/PelionIoT/maestro
 MAESTRODIR="$GOPATH"/src/"$PACKAGE"
-GREASEGODIR="$MAESTRODIR"/vendor/github.com/armPelionEdge/greasego
-GREASELIBDIR="$GREASEGODIR"/deps/src/greaseLib
 
 rm -rf "$GOPATH"
 set -- *
 mkdir -p "$MAESTRODIR"
 cp -r "$@" "$MAESTRODIR"/
 
-mkdir "$GREASEGODIR"/deps/bin
-mkdir "$GREASEGODIR"/deps/lib
-
-cd "$GREASELIBDIR"/deps
-./install-deps.sh
-
-cd "$GREASELIBDIR"
-make libgrease.a-server
-make libgrease.so.1
-make grease_echo
-make standalone_test_logsink
-
-# migrate all of the greaselib dependencies up to the folder Go will use
-cp -r deps/build/lib/* "$GREASEGODIR"/deps/lib
-cp -r deps/build/include/* "$GREASEGODIR"/deps/include
-cp deps/libuv-v1.10.1/include/uv* "$GREASEGODIR"/deps/include
-cp libgrease.so.1 "$GREASEGODIR"/deps/lib
-cp *.h "$GREASEGODIR"/deps/include
-
-cd "$GREASEGODIR"/deps/lib
-ln -sf libgrease.so.1 libgrease.so
-
-cd "$GREASEGODIR"
-DEBUG=1 ./build.sh preprocess_only
-rm -rf src
-make bindings.a
-
 cd "$MAESTRODIR"/maestro
-GO111MODULE=auto go build -buildmode=pie --tags debug "$PACKAGE"/maestro
+GO111MODULE=auto go build -buildmode=pie "$PACKAGE"/maestro
diff --git a/maestro/deb/debian/changelog b/maestro/deb/debian/changelog
@@ -1,8 +1,15 @@
+maestro (3.0.0-1) unstable; urgency=medium
+
+  * Removes support for devicedb
+  * Fixes several CVEs
+
+ -- Nic Costa <[email protected]>  Mon, 14 Mar 2022 02:51:27 +0000
+
 maestro (2.10.0+1607688609+20caa5d-1) unstable; urgency=medium
 
   * Disable maestro control of mDNS
 
- -- Michael Ray <[email protected]> Thu, 19 Aug 2021 17:15:00 -0500
+ -- Michael Ray <[email protected]>  Thu, 19 Aug 2021 17:15:00 -0500
 
 maestro (2.10.0+1607688609+20caa5d-1) unstable; urgency=medium
 

diff --git a/maestro/deb/debian/control b/maestro/deb/debian/control
@@ -2,16 +2,14 @@ Source: maestro
 Section: utils
 Priority: optional
 Maintainer: Vasily Smirnov <[email protected]>
-Build-Depends: debhelper (>=9), pe-golang:native, python:native (>=2.7),
- autoconf (>=2.69), automake (>=1:1.15), libtool (>=2.4.6),
- libc6, libstdc++6, libunwind-dev
+Build-Depends: debhelper (>=9), pe-golang:native, libuv1-dev
 Standards-Version: 3.9.6
 Homepage: https://www.pelion.com
 
 Package: maestro
 Architecture: any
 Multi-Arch: foreign
-Depends: ${misc:Depends}, ${shlibs:Depends}, libnss-myhostname, pe-utils, edge-proxy
+Depends: libnss-myhostname, pe-utils, edge-proxy, ${shlibs:Depends}
 Recommends: resolvconf
 Description: system manager (logging, dhcp, cloud connector)
  Maestro is a replacement for a number of typical system utilities and

diff --git a/maestro/deb/debian/install b/maestro/deb/debian/install
@@ -1,8 +1,4 @@
 debian/pelion-base-config.yaml etc/pelion
 debian/template                etc/pelion
 
-go-workspace/src/github.com/armPelionEdge/maestro/maestro/maestro usr/bin
-
-go-workspace/src/github.com/armPelionEdge/maestro/vendor/github.com/armPelionEdge/greasego/deps/lib/libgrease.so.1               usr/lib/pelion
-go-workspace/src/github.com/armPelionEdge/maestro/vendor/github.com/armPelionEdge/greasego/deps/lib/libtcmalloc_minimal.so.4     usr/lib/pelion
-go-workspace/src/github.com/armPelionEdge/maestro/vendor/github.com/armPelionEdge/greasego/deps/lib/libtcmalloc_minimal.so.4.2.6 usr/lib/pelion
+go-workspace/src/github.com/PelionIoT/maestro/maestro/maestro usr/bin
diff --git a/maestro/deb/debian/patches/gperftools-enable-unwind.diff b/maestro/deb/debian/patches/gperftools-enable-unwind.diff
diff --git a/maestro/deb/debian/patches/greaselib-autoreconf.diff b/maestro/deb/debian/patches/greaselib-autoreconf.diff
diff --git a/maestro/deb/debian/patches/series b/maestro/deb/debian/patches/series
diff --git a/maestro/deb/debian/rules b/maestro/deb/debian/rules
@@ -12,9 +12,6 @@ override_dh_auto_build:
 override_dh_auto_clean:
 	-rm -rf go-workspace
 
-override_dh_makeshlibs:
-	dh_makeshlibs --no-scripts
-
 override_dh_installinit:
 	dh_installinit --no-scripts
 
@@ -23,6 +20,3 @@ override_dh_installlogrotate:
 
 override_dh_systemd_enable:
 	dh_systemd_enable --name=maestro maestro.service
-
-override_dh_shlibdeps:
-	dh_shlibdeps -l/usr/lib/pelion