ubus: backport fixes for UAF and other issues

Backporting following fixes:

 a72457b61df0 libubus: increase stack depth for processing obj msgs
 ef038488edc3 libubus: process pending messages in data handler if stack depth is 0
 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg

where at least commit 2099bb3ad997 ("libubus: use
list_empty/list_first_entry in ubus_process_pending_msg") fixes UAF
issue I've introduced in commit c5f2053dfcfd ("workaround possibly false
positive uses of memory after it is freed") while fixing another false
positive UAF reported[1] by clang's static analyzer.

Those fixes are being used in master/21.02 for about 6 months, so should
be tested enough and considered for backporting. I've runtested those
fixes on mvebu/turris-omnia and ipq40xx/glinet-b1300 devices.

1. https://openwrt.gitlab.io/-/project/ubus/-/jobs/2096090992/artifacts/build/scan/2022-02-15-150310-70-1/index.html

Signed-off-by: Petr Štetiar <ynezz@true.cz>

diff --git a/package/system/ubus/Makefile b/package/system/ubus/Makefile
index 2c116ae6f85244d5f04727eb711162eba5841964..015d52678f9f8f47f49804b21dc63507cba173df 100644 (file)
--- a/package/system/ubus/Makefile
+++ b/package/system/ubus/Makefile
@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubus.git
-PKG_SOURCE_DATE:=2021-07-01
-PKG_SOURCE_VERSION:=38c7fdd8991366cd2f9ccbc47625f9b51b1d318a
-PKG_MIRROR_HASH:=5ff9baa2ba3c7b2b53a477ed2a0f3dd8828051389f3d759cf5a694fbccc4c05b
+PKG_SOURCE_DATE:=2022-02-21
+PKG_SOURCE_VERSION:=b32a0e17b37847e8357b53a358d1311bfc3ad5d2
+PKG_MIRROR_HASH:=fddf17b1faeb2ab09a3bed2e301a9cc83cb6ceb69af57cd58dc2132b58276f8b
 PKG_ABI_VERSION:=20210603
 CMAKE_INSTALL:=1