From 1cfa741fdf8a665537a588191f3ce5511f11ec8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferm=C3=ADn=20Gal=C3=A1n=20M=C3=A1rquez?= Date: Thu, 7 Nov 2024 10:33:03 +0100 Subject: [PATCH] FIX upgrade dependencies --- CHANGES_NEXT_RELEASE | 3 +++ CMakeLists.txt | 4 ++-- ci/deb/build-dep.sh | 18 ++++++++--------- doc/manuals.jp/admin/build_source.md | 26 ++++++++++++------------ doc/manuals/admin/build_source.md | 26 ++++++++++++------------ docker/Dockerfile | 30 ++++++++++++++-------------- docker/Dockerfile.alpine | 30 ++++++++++++++-------------- 7 files changed, 70 insertions(+), 67 deletions(-) diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE index dc287a0328..6178729c57 100644 --- a/CHANGES_NEXT_RELEASE +++ b/CHANGES_NEXT_RELEASE @@ -1,2 +1,5 @@ - Fix: improve attribute and metadata invalid format dates for DateTime types in logs (#4616) +- Hardening: upgrade microhttpd dependency from 0.9.76 to 1.0.1 +- Hardening: upgrade libmosquitto dependency from 2.0.15 to 2.0.20 +- Hardening: upgrade libmongoc dependency from 1.24.3 to 1.29.0 - Upgrade Debian version from 12.6 to 12.7 in Dockerfile diff --git a/CMakeLists.txt b/CMakeLists.txt index 9c922231cf..3863e95076 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -231,8 +231,8 @@ SET (BOOST_MT # See http://mongoc.org/libmongoc/current/tutorial.html#cmake # This find_package() command provides the mongo::mongoc_static used in -# SET for common static libs. We use 1.24.3 as reference version. -find_package (mongoc-1.0 1.24.3 EXACT) +# SET for common static libs. We use 1.29.0 as reference version. +find_package (mongoc-1.0 1.29.0 EXACT) # Is cjexl lib available? find_library (HAVE_CJEXL cjexl PATHS /usr/lib /usr/lib64 /usr/local/lib64 /usr/local/lib) diff --git a/ci/deb/build-dep.sh b/ci/deb/build-dep.sh index ea8531172a..da2e06a9ab 100755 --- a/ci/deb/build-dep.sh +++ b/ci/deb/build-dep.sh @@ -68,8 +68,8 @@ echo "INSTALL: python special dependencies" \ # Recommended setting for DENABLE_AUTOMATIC_INIT_AND_CLEANUP, to be removed in 2.0.0 # see http://mongoc.org/libmongoc/current/init-cleanup.html#deprecated-feature-automatic-initialization-and-cleanup echo "INSTALL: mongodb c driver" \ -&& curl -L https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz | tar xzC /opt/ \ -&& cd /opt/mongo-c-driver-1.24.3 \ +&& curl -L https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz | tar xzC /opt/ \ +&& cd /opt/mongo-c-driver-1.29.0 \ && mkdir cmake-build \ && cd cmake-build \ && cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF .. \ @@ -81,8 +81,8 @@ echo "INSTALL: rapidjson" \ && mv /opt/rapidjson-1.1.0/include/rapidjson/ /usr/local/include echo "INSTALL: libmicrohttpd" \ -&& curl -L https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz | tar xzC /opt/ \ -&& cd /opt/libmicrohttpd-0.9.76 \ +&& curl -L https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz | tar xzC /opt/ \ +&& cd /opt/libmicrohttpd-1.0.1 \ && ./configure --disable-messages --disable-postprocessor --disable-dauth \ && make \ && make install @@ -96,8 +96,8 @@ echo "INSTALL: gmock" \ && make install echo "INSTALL: mosquitto" \ -&& curl -kL https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz | tar xzC /opt/ \ -&& cd /opt/mosquitto-2.0.15 \ +&& curl -kL https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz | tar xzC /opt/ \ +&& cd /opt/mosquitto-2.0.20 \ && sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk \ && sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk \ && sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk \ @@ -107,8 +107,8 @@ echo "INSTALL: mosquitto" \ ldconfig apt-get -y clean \ -&& rm -Rf /opt/mongo-c-driver-1.24.3 \ +&& rm -Rf /opt/mongo-c-driver-1.29.0 \ && rm -Rf /opt/rapidjson-1.1.0 \ -&& rm -Rf /opt/libmicrohttpd-0.9.76 \ -&& rm -Rf /opt/mosquitto-2.0.15 \ +&& rm -Rf /opt/libmicrohttpd-1.0.1 \ +&& rm -Rf /opt/mosquitto-2.0.20 \ && rm -Rf /opt/gmock-1.5.0 diff --git a/doc/manuals.jp/admin/build_source.md b/doc/manuals.jp/admin/build_source.md index 5943b978e9..6d50b64ccd 100644 --- a/doc/manuals.jp/admin/build_source.md +++ b/doc/manuals.jp/admin/build_source.md @@ -11,12 +11,12 @@ Orion Context Broker のリファレンス配布は Debian 12 です。これは Orion Context Broker は、以下のライブラリをビルドの依存関係として使用します : * boost: 1.74 -* libmicrohttpd: 0.9.76 (ソースから) +* libmicrohttpd: 1.0.1 (ソースから) * libcurl: 7.88.1 * openssl: 3.0.14 * libuuid: 2.38.1 -* libmosquitto: 2.0.15 (ソースから) -* Mongo C driver: 1.24.3 (ソースから) +* libmosquitto: 2.0.20 (ソースから) +* Mongo C driver: 1.29.0 (ソースから) * rapidjson: 1.1.0 (ソースから) * gtest (`make unit_test` ビルディング・ターゲットのみ) : 1.5 (ソースから) * gmock (`make unit_test` ビルディング・ターゲットのみ) : 1.5 (ソースから) @@ -33,9 +33,9 @@ Orion Context Broker は、以下のライブラリをビルドの依存関係 * ソースから Mongo Driver をインストールします - wget https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz - tar xfvz mongo-c-driver-1.24.3.tar.gz - cd mongo-c-driver-1.24.3 + wget https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz + tar xfvz mongo-c-driver-1.29.0.tar.gz + cd mongo-c-driver-1.29.0 mkdir cmake-build cd cmake-build cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF .. @@ -50,19 +50,19 @@ Orion Context Broker は、以下のライブラリをビルドの依存関係 * ソースから libmicrohttpd をインストールします (`./configure` 下のコマンドはライブラリの最小限のフットプリントを得るための推奨ビルド設定を示していますが、上級ユーザの方は好きなように設定できます) - wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz - tar xvf libmicrohttpd-0.9.76.tar.gz - cd libmicrohttpd-0.9.76 + wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz + tar xvf libmicrohttpd-1.0.1.tar.gz + cd libmicrohttpd-1.0.1 ./configure --disable-messages --disable-postprocessor --disable-dauth make sudo make install # installation puts .h files in /usr/local/include and library in /usr/local/lib sudo ldconfig # just in case... it doesn't hurt :) -* ソースから mosquitto をインストールします (WITH_CJSON, WITH_STATIC_LIBRARIES, WITH_SHARED_LIBRARIES の設定を変更することで、mosquitto-2.0.15/ の下の config.mk ファイルを変更してビルドを微調整できます) +* ソースから mosquitto をインストールします (WITH_CJSON, WITH_STATIC_LIBRARIES, WITH_SHARED_LIBRARIES の設定を変更することで、mosquitto-2.0.20/ の下の config.mk ファイルを変更してビルドを微調整できます) - wget https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz - tar xvf mosquitto-2.0.15.tar.gz - cd mosquitto-2.0.15 + wget https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz + tar xvf mosquitto-2.0.20.tar.gz + cd mosquitto-2.0.20 sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk diff --git a/doc/manuals/admin/build_source.md b/doc/manuals/admin/build_source.md index 1ccba4365c..8d675098ca 100644 --- a/doc/manuals/admin/build_source.md +++ b/doc/manuals/admin/build_source.md @@ -11,12 +11,12 @@ You can also have a look to [3.1 Building in not official distributions](../../. The Orion Context Broker uses the following libraries as build dependencies: * boost: 1.74 -* libmicrohttpd: 0.9.76 (from source) +* libmicrohttpd: 1.0.1 (from source) * libcurl: 7.88.1 * openssl: 3.0.14 * libuuid: 2.38.1 -* libmosquitto: 2.0.15 (from source) -* Mongo C driver: 1.24.3 (from source) +* libmosquitto: 2.0.20 (from source) +* Mongo C driver: 1.29.0 (from source) * rapidjson: 1.1.0 (from source) * gtest (only for `make unit_test` building target): 1.5 (from sources) * gmock (only for `make unit_test` building target): 1.5 (from sources) @@ -34,9 +34,9 @@ commands that require root privilege): * Install the Mongo Driver from source. - wget https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz - tar xfvz mongo-c-driver-1.24.3.tar.gz - cd mongo-c-driver-1.24.3 + wget https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz + tar xfvz mongo-c-driver-1.29.0.tar.gz + cd mongo-c-driver-1.29.0 mkdir cmake-build cd cmake-build cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF .. @@ -51,19 +51,19 @@ commands that require root privilege): * Install libmicrohttpd from sources (the `./configure` command below shows the recommended build configuration to get minimum library footprint, but if you are an advanced user, you can configure as you prefer) - wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz - tar xvf libmicrohttpd-0.9.76.tar.gz - cd libmicrohttpd-0.9.76 + wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz + tar xvf libmicrohttpd-1.0.1.tar.gz + cd libmicrohttpd-1.0.1 ./configure --disable-messages --disable-postprocessor --disable-dauth make sudo make install # installation puts .h files in /usr/local/include and library in /usr/local/lib sudo ldconfig # just in case... it doesn't hurt :) -* Install mosquitto from sources (appart from changing WITH_CJSON, WITH_STATIC_LIBRARIES and WITH_SHARED_LIBRARIES settings, config.mk file under mosquitto-2.0.15/ can be modified to fine tune the build) +* Install mosquitto from sources (appart from changing WITH_CJSON, WITH_STATIC_LIBRARIES and WITH_SHARED_LIBRARIES settings, config.mk file under mosquitto-2.0.20/ can be modified to fine tune the build) - wget https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz - tar xvf mosquitto-2.0.15.tar.gz - cd mosquitto-2.0.15 + wget https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz + tar xvf mosquitto-2.0.20.tar.gz + cd mosquitto-2.0.20 sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk diff --git a/docker/Dockerfile b/docker/Dockerfile index 63ea06b81b..35a7399d24 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -61,18 +61,18 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ libgcrypt-dev && \ # Install libmicrohttpd from source cd /opt && \ - curl -kOL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz && \ - tar xvf libmicrohttpd-0.9.76.tar.gz && \ - cd libmicrohttpd-0.9.76 && \ + curl -kOL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz && \ + tar xvf libmicrohttpd-1.0.1.tar.gz && \ + cd libmicrohttpd-1.0.1 && \ ./configure --disable-messages --disable-postprocessor --disable-dauth && \ make && \ make install && \ ldconfig && \ # Install mosquitto from source cd /opt && \ - curl -kOL https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz && \ - tar xvf mosquitto-2.0.15.tar.gz && \ - cd mosquitto-2.0.15 && \ + curl -kOL https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz && \ + tar xvf mosquitto-2.0.20.tar.gz && \ + cd mosquitto-2.0.20 && \ sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk && \ sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk && \ sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk && \ @@ -81,9 +81,9 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ ldconfig && \ # Install mongodb driver from source cd /opt && \ - curl -kOL https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz && \ - tar xfvz mongo-c-driver-1.24.3.tar.gz && \ - cd mongo-c-driver-1.24.3 && \ + curl -kOL https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz && \ + tar xfvz mongo-c-driver-1.29.0.tar.gz && \ + cd mongo-c-driver-1.29.0 && \ mkdir cmake-build && \ cd cmake-build && \ # Different from ci/deb/build-dep.sh and build from source documentation, we add here also @@ -116,14 +116,14 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ # cleanup sources, dev tools and locales to reduce the final image size # FIXME: this could need more tunning. Have a look to old CentOS Docerkile and try to # reproduce the same steps - rm -rf /opt/libmicrohttpd-0.9.76.tar.gz \ + rm -rf /opt/libmicrohttpd-1.0.1.tar.gz \ /usr/local/include/microhttpd.h \ /usr/local/lib/libmicrohttpd.* \ - /opt/libmicrohttpd-0.9.76 \ - /opt/mosquitto-2.0.15.tar.gz \ - /opt/mosquitto-2.0.15 \ - /opt/mongo-c-driver-1.24.3.tar.gz \ - /opt/mongo-c-driver-1.24.3 \ + /opt/libmicrohttpd-1.0.1 \ + /opt/mosquitto-2.0.20.tar.gz \ + /opt/mosquitto-2.0.20 \ + /opt/mongo-c-driver-1.29.0.tar.gz \ + /opt/mongo-c-driver-1.29.0 \ /usr/local/include/mongo \ /usr/local/lib/libmongoclient.a \ /usr/local/lib/libcjexl.a \ diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 884c9cf1ef..7faf1c7f85 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -62,9 +62,9 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ # Install libmicrohttpd from source echo =====================MARK1 && \ cd /opt && \ - curl -kOL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz && \ - tar xvf libmicrohttpd-0.9.76.tar.gz && \ - cd libmicrohttpd-0.9.76 && \ + curl -kOL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz && \ + tar xvf libmicrohttpd-1.0.1.tar.gz && \ + cd libmicrohttpd-1.0.1 && \ ./configure --disable-messages --disable-postprocessor --disable-dauth && \ make && \ echo =====================MARK2 && \ @@ -74,9 +74,9 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ echo =====================MARK3 && \ # Install mosquitto from source cd /opt && \ - curl -kOL https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz && \ - tar xvf mosquitto-2.0.15.tar.gz && \ - cd mosquitto-2.0.15 && \ + curl -kOL https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz && \ + tar xvf mosquitto-2.0.20.tar.gz && \ + cd mosquitto-2.0.20 && \ sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk && \ sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk && \ sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk && \ @@ -86,9 +86,9 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ #ldconfig && \ # Install mongodb driver from source cd /opt && \ - curl -kOL https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz && \ - tar xfvz mongo-c-driver-1.24.3.tar.gz && \ - cd mongo-c-driver-1.24.3 && \ + curl -kOL https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz && \ + tar xfvz mongo-c-driver-1.29.0.tar.gz && \ + cd mongo-c-driver-1.29.0 && \ mkdir cmake-build && \ cd cmake-build && \ # Different from ci/deb/build-dep.sh and build from source documentation, we add here also @@ -124,14 +124,14 @@ RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ # cleanup sources, dev tools and locales to reduce the final image size # FIXME: this could need more tunning. Have a look to old CentOS Docerkile and try to # reproduce the same steps - rm -rf /opt/libmicrohttpd-0.9.76.tar.gz \ + rm -rf /opt/libmicrohttpd-1.0.1.tar.gz \ /usr/local/include/microhttpd.h \ /usr/local/lib/libmicrohttpd.* \ - /opt/libmicrohttpd-0.9.76 \ - /opt/mosquitto-2.0.15.tar.gz \ - /opt/mosquitto-2.0.15 \ - /opt/mongo-c-driver-1.24.3.tar.gz \ - /opt/mongo-c-driver-1.24.3 \ + /opt/libmicrohttpd-1.0.1 \ + /opt/mosquitto-2.0.20.tar.gz \ + /opt/mosquitto-2.0.20 \ + /opt/mongo-c-driver-1.29.0.tar.gz \ + /opt/mongo-c-driver-1.29.0 \ /usr/local/include/mongo \ /usr/local/lib/libmongoclient.a \ /usr/local/lib/libcjexl.a \