diff --git a/Remove-const-warning.patch b/Remove-const-warning.patch deleted file mode 100644 index 80be2931c5192f4fb39b3ecbb0de049f9356c628..0000000000000000000000000000000000000000 --- a/Remove-const-warning.patch +++ /dev/null @@ -1,33 +0,0 @@ -From b448d6b97aefdce92d92c574e71a40111d9957aa Mon Sep 17 00:00:00 2001 -From: bizhiyuan -Date: Tue, 20 Feb 2024 15:52:19 +0800 -Subject: [PATCH] Remove const warning - ---- - src/pacemaker.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/pacemaker.c b/src/pacemaker.c -index 4d8f2b5..5c4c1de 100644 ---- a/src/pacemaker.c -+++ b/src/pacemaker.c -@@ -434,7 +434,6 @@ static int parse_ticket_state(struct ticket_config *tk, FILE *p) - GString *input = NULL; - char line[CHUNK_SIZE]; - xmlDocPtr doc = NULL; -- xmlErrorPtr errptr; - int opts = XML_PARSE_COMPACT | XML_PARSE_NONET; - - /* skip first two lines of output */ -@@ -459,7 +458,7 @@ static int parse_ticket_state(struct ticket_config *tk, FILE *p) - - doc = xmlReadDoc((const xmlChar *) input->str, NULL, NULL, opts); - if (doc == NULL) { -- errptr = xmlGetLastError(); -+ const xmlError *errptr = xmlGetLastError(); - if (errptr) { - tk_log_error("crm_ticket xml parse failed (domain=%d, level=%d, code=%d): %s", - errptr->domain, errptr->level, --- -2.25.1 - diff --git a/backport-Add-support-for-GnuTLS.patch b/backport-Add-support-for-GnuTLS.patch deleted file mode 100644 index d135e07fd5795e2691e99f3fe8847b8843d9cba3..0000000000000000000000000000000000000000 --- a/backport-Add-support-for-GnuTLS.patch +++ /dev/null @@ -1,370 +0,0 @@ -From 2958d1835f5bc75caad863916a259cfc700cd988 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Wed, 14 Feb 2024 17:20:32 +0100 -Subject: [PATCH 1/3] configure: Add option to select HMAC library - -Signed-off-by: Jan Friesse ---- - configure.ac | 40 +++++++++++++++++++++++++++------------- - 1 file changed, 27 insertions(+), 13 deletions(-) - -diff --git a/configure.ac b/configure.ac -index eff027e..c36e9c3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -73,19 +73,6 @@ AM_CONDITIONAL(IS_ASCIIDOC, test x"${ASCIIDOC}" != x"") - AM_CONDITIONAL(IS_A2X, test x"${A2X}" != x"") - AM_CONDITIONAL(BUILD_ASCIIDOC, test x"${A2X}" != x"" || test x"${ASCIIDOCTOR}" != x"") - --# libgcrypt or mhash for hmac --libgcrypt_installed="yes" --AC_CHECK_HEADERS(gcrypt.h, , [libgcrypt_installed="no"],) --AC_CHECK_LIB(gcrypt, gcry_md_open, , [libgcrypt_installed="no"]) --AM_CONDITIONAL(BUILD_AUTH_C, test "x${libgcrypt_installed}" = "xyes") -- --if test "x$libgcrypt_installed" = "xno"; then -- mhash_installed="yes" -- AC_CHECK_HEADERS(mhash.h, , [mhash_installed="no"],) -- AC_CHECK_LIB(mhash, mhash_init, , [mhash_installed="no"]) -- AM_CONDITIONAL(BUILD_AUTH_C, test "x${mhash_installed}" = "xyes") --fi -- - AC_CHECK_LIB([xml2], xmlReadDoc) - PKG_CHECK_MODULES(XML, [libxml-2.0]) - PKG_CHECK_MODULES(GLIB, [glib-2.0]) -@@ -247,6 +234,33 @@ AC_ARG_WITH([ocfdir], - - AC_SUBST([ocfdir]) - -+AC_ARG_WITH([hmac_library], -+ [ --with-hmac-library=LIBRARY : Select HMAC library to use (default: autodetect one of gcrypt or mhash).]) -+ -+# libgcrypt or mhash for hmac -+hmac_library_installed="no" -+if test "x$with_hmac_library" == "x" && test "x$hmac_library_installed" == "xno" || \ -+ test "x$with_hmac_library" == "xgcrypt"; then -+ libgcrypt_installed="yes" -+ AC_CHECK_HEADERS(gcrypt.h, , [libgcrypt_installed="no"],) -+ AC_CHECK_LIB(gcrypt, gcry_md_open, , [libgcrypt_installed="no"]) -+ hmac_library_installed="${libgcrypt_installed}" -+fi -+ -+if test "x$with_hmac_library" == "x" && test "x$hmac_library_installed" == "xno" || \ -+ test "x$with_hmac_library" == "xmhash"; then -+ mhash_installed="yes" -+ AC_CHECK_HEADERS(mhash.h, , [mhash_installed="no"],) -+ AC_CHECK_LIB(mhash, mhash_init, , [mhash_installed="no"]) -+ hmac_library_installed="${mhash_installed}" -+fi -+ -+if test "x$with_hmac_library" != "x" && test "x$hmac_library_installed" == "xno";then -+ AC_MSG_ERROR([required HMAC library not detected]) -+fi -+ -+AM_CONDITIONAL(BUILD_AUTH_C, test "x${hmac_library_installed}" = "xyes") -+ - # figure out logging provider - logging_provider="" - if test "x$logging_provider" = "x" && test "x$with_glue" = "xyes"; then --- -2.25.1 - -From a0aa2de8814fd32ae6b1193df54db6872dc324fa Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 15 Feb 2024 17:02:23 +0100 -Subject: [PATCH 2/3] Add support for GnuTLS - -Signed-off-by: Jan Friesse ---- - booth.spec.in | 2 +- - configure.ac | 18 +++++++++--- - src/auth.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ - src/auth.h | 19 ++++++++++++ - src/config.c | 2 +- - src/main.c | 13 +++++++++ - src/transport.c | 6 ++-- - 7 files changed, 129 insertions(+), 9 deletions(-) - -diff --git a/booth.spec.in b/booth.spec.in -index 9f67fff..4961763 100644 ---- a/booth.spec.in -+++ b/booth.spec.in -@@ -72,7 +72,7 @@ BuildRequires: firewall-macros - %else - BuildRequires: pkgconfig(glib-2.0) - %endif --BuildRequires: libgcrypt-devel -+BuildRequires: gnutls-devel - %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} - BuildRequires: pacemaker-libs-devel - %else -diff --git a/configure.ac b/configure.ac -index c36e9c3..4c4a0af 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -235,10 +235,20 @@ AC_ARG_WITH([ocfdir], - AC_SUBST([ocfdir]) - - AC_ARG_WITH([hmac_library], -- [ --with-hmac-library=LIBRARY : Select HMAC library to use (default: autodetect one of gcrypt or mhash).]) -+ [ --with-hmac-library=LIBRARY : Select HMAC library to use (default: autodetect one of gnutls, gcrypt or mhash).]) - --# libgcrypt or mhash for hmac -+# GnuTLS, libgcrypt or mhash for hmac - hmac_library_installed="no" -+if test "x$with_hmac_library" == "x" && test "x$hmac_library_installed" == "xno" || \ -+ test "x$with_hmac_library" == "xgnutls"; then -+ libgnutls_installed="yes" -+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.10.0], [ -+ AC_DEFINE([HAVE_LIBGNUTLS], [1], [Have gnutls library]) -+ libgnutls_installed="yes" -+ ], [libgnutls_installed="no"]) -+ hmac_library_installed="${libgnutls_installed}" -+fi -+ - if test "x$with_hmac_library" == "x" && test "x$hmac_library_installed" == "xno" || \ - test "x$with_hmac_library" == "xgcrypt"; then - libgcrypt_installed="yes" -@@ -457,10 +467,10 @@ fi - - # final build of *FLAGS - CFLAGS="$ENV_CFLAGS $OPT_CFLAGS $GDB_FLAGS $OS_CFLAGS \ -- $COVERAGE_CFLAGS $EXTRA_WARNINGS $WERROR_CFLAGS $NSS_CFLAGS" -+ $COVERAGE_CFLAGS $EXTRA_WARNINGS $WERROR_CFLAGS $LIBGNUTLS_CFLAGS" - CPPFLAGS="$ENV_CPPFLAGS $ANSI_CPPFLAGS $OS_CPPFLAGS $GLIB_CFLAGS $RESMON_CFLAGS $XML_CFLAGS" - LDFLAGS="$ENV_LDFLAGS $COVERAGE_LDFLAGS $OS_LDFLAGS" --LIBS="$LIBS $XML_LIBS" -+LIBS="$LIBS $XML_LIBS $LIBGNUTLS_LIBS" - - # substitute what we need: - AC_SUBST([INITDDIR]) -diff --git a/src/auth.c b/src/auth.c -index a3b3d20..26a220e 100644 ---- a/src/auth.c -+++ b/src/auth.c -@@ -18,6 +18,84 @@ - - #include "auth.h" - -+#if HAVE_LIBGNUTLS -+/* calculate the HMAC of the message in data and store it in result -+ * it is up to the caller to make sure that there's enough space -+ * at result for the MAC -+ */ -+int calc_hmac(const void *data, size_t datalen, -+ int hid, unsigned char *result, char *key, unsigned int keylen) -+{ -+ int rc; -+ -+ /* -+ * Only SHA1 is supported so we can hardcode GNUTLS_MAC_SHA1 -+ */ -+ if (hid != BOOTH_COMPAT_MHASH_SHA1) { -+ log_error("calc_hmac unsupported HMAC algorithm %u", hid); -+ return -1; -+ } -+ -+ /* -+ * This shouldn't happen but gnutls_hmac_fast segfault if key or -+ * data are NULL so it is better to check beforehand. -+ */ -+ if (data == NULL || key == NULL) { -+ log_error("calc_hmac data or key is NULL"); -+ return -1; -+ } -+ -+ rc = gnutls_hmac_fast(GNUTLS_MAC_SHA1, key, keylen, data, datalen, result); -+ if (rc) { -+ log_error("gnutls_hmac_fast: %s", gnutls_strerror(rc)); -+ return -1; -+ } -+ -+ return rc; -+} -+ -+/* test HMAC -+ */ -+int verify_hmac(const void *data, size_t datalen, -+ int hid, unsigned char *hmac, char *key, int keylen) -+{ -+ unsigned char *our_hmac; -+ int rc; -+ unsigned int hlen; -+ -+ /* -+ * Only SHA1 is supported so we can hardcode GNUTLS_MAC_SHA1 -+ */ -+ if (hid != BOOTH_COMPAT_MHASH_SHA1) { -+ log_error("verify_hmac unsupported HMAC algorithm %u", hid); -+ return -1; -+ } -+ -+ if (data == NULL || key == NULL) { -+ log_error("verify_hmac data or key is NULL"); -+ return -1; -+ } -+ -+ hlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA1); -+ if (!hlen) -+ return -1; -+ -+ our_hmac = calloc(hlen, 1); -+ if (!our_hmac) -+ return -1; -+ -+ rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen); -+ if (rc) -+ goto out_free; -+ rc = memcmp(our_hmac, hmac, hlen); -+ -+out_free: -+ if (our_hmac) -+ free(our_hmac); -+ return rc; -+} -+#endif -+ - #if HAVE_LIBGCRYPT - /* calculate the HMAC of the message in data and store it in result - * it is up to the caller to make sure that there's enough space -diff --git a/src/auth.h b/src/auth.h -index 98f0286..be1fc9e 100644 ---- a/src/auth.h -+++ b/src/auth.h -@@ -20,6 +20,25 @@ - #include "log.h" - #include - -+#if HAVE_LIBGNUTLS -+ -+#include -+#include -+ -+/* -+ * We need to stay backwards compatible. Both gcrypt and mhash defines -+ * SHA1 algorithm as 2. but GNUTLS_MAC_SHA1 is defined as 3, so hardcode -+ * 2 here and use correct value in auth.c -+ */ -+#define BOOTH_COMPAT_MHASH_SHA1 2 -+#define BOOTH_HASH BOOTH_COMPAT_MHASH_SHA1 -+ -+int calc_hmac(const void *data, size_t datalen, -+ int hid, unsigned char *result, char *key, unsigned int keylen); -+int verify_hmac(const void *data, size_t datalen, -+ int hid, unsigned char *hmac, char *key, int keylen); -+#endif -+ - #if HAVE_LIBGCRYPT - - #include -diff --git a/src/config.c b/src/config.c -index f0ca4aa..a533da3 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -720,7 +720,7 @@ no_value: - continue; - } - --#if HAVE_LIBGCRYPT || HAVE_LIBMHASH -+#if HAVE_LIBGNUTLS || HAVE_LIBGCRYPT || HAVE_LIBMHASH - if (strcmp(key, "authfile") == 0) { - safe_copy(booth_conf->authfile, - val, BOOTH_PATH_LEN, -diff --git a/src/main.c b/src/main.c -index 12085f4..71932fa 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -46,6 +46,9 @@ - - #include - -+#if HAVE_LIBGNUTLS -+#include -+#endif - #if HAVE_LIBGCRYPT - #include - #endif -@@ -376,6 +379,13 @@ static int setup_config(int type) - } - gcry_control(GCRYCTL_DISABLE_SECMEM, 0); - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -+#endif -+#if HAVE_LIBGNUTLS -+ if (gnutls_global_init() != 0) { -+ log_error("Cannot initialize GnuTLS"); -+ rv = -EINVAL; -+ goto out; -+ }; - #endif - } - -@@ -1671,6 +1681,9 @@ int main(int argc, char *argv[], char *envp[]) - } - - out: -+#if HAVE_LIBGNUTLS -+ gnutls_global_deinit(); -+#endif - #ifdef LOGGING_LIBQB - qb_log_fini(); - #endif -diff --git a/src/transport.c b/src/transport.c -index 817a4dc..8267c96 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -977,7 +977,7 @@ const struct booth_transport booth_transport[TRANSPORT_ENTRIES] = { - int add_hmac(void *data, int len) - { - int rv = 0; --#if HAVE_LIBGCRYPT || HAVE_LIBMHASH -+#if HAVE_LIBGNUTLS || HAVE_LIBGCRYPT || HAVE_LIBMHASH - int payload_len; - struct hmac *hp; - -@@ -997,7 +997,7 @@ int add_hmac(void *data, int len) - return rv; - } - --#if HAVE_LIBGCRYPT || HAVE_LIBMHASH -+#if HAVE_LIBGNUTLS || HAVE_LIBGCRYPT || HAVE_LIBMHASH - - /* TODO: we need some client identification for logging */ - #define peer_string(p) (p ? site_string(p) : "client") -@@ -1051,7 +1051,7 @@ accept: - int check_auth(struct booth_site *from, void *buf, int len) - { - int rv = 0; --#if HAVE_LIBGCRYPT || HAVE_LIBMHASH -+#if HAVE_LIBGNUTLS || HAVE_LIBGCRYPT || HAVE_LIBMHASH - int payload_len; - struct hmac *hp; - --- -2.25.1 - -From 322fea0ef083e85ac161415b1c66f46d079932c9 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Fri, 7 Jun 2024 08:02:38 +0200 -Subject: [PATCH 3/3] build: Prepare version 1.2 release - -Signed-off-by: Jan Friesse ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 4c4a0af..6b86bbe 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -5,7 +5,7 @@ - AC_PREREQ([2.69]) - - AC_INIT([booth], -- [m4_esyscmd([build-aux/git-version-gen --fallback 1.1 .tarball-version .gitarchivever])], -+ [m4_esyscmd([build-aux/git-version-gen --fallback 1.2 .tarball-version .gitarchivever])], - [users@clusterlabs.org]) - - AC_USE_SYSTEM_EXTENSIONS --- -2.25.1 - diff --git a/backport-CVE-2024-3049.patch b/backport-CVE-2024-3049.patch deleted file mode 100644 index 2b0a185061509528adeaa831f413b3f3fdb6f06c..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-3049.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 98b4284d1701f2efec278b51f151314148bfe70e Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Wed, 21 Feb 2024 18:12:28 +0100 -Subject: [PATCH] auth: Check result of gcrypt gcry_md_get_algo_dlen - -When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This -value is then used for memcmp so wrong hmac might be accepted as -correct. - -Signed-off-by: Jan Friesse - ---- - src/attr.c | 2 +- - src/auth.c | 16 +++++++++++++--- - 2 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/src/attr.c b/src/attr.c -index 44061e3..bc154f0 100644 ---- a/src/attr.c -+++ b/src/attr.c -@@ -142,7 +142,7 @@ static int read_server_reply( - return -2; - } - len = ntohl(header->length); -- rv = tpt->recv(site, msg+len, len-sizeof(*header)); -+ rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header)); - if (rv < 0) { - return -1; - } -diff --git a/src/auth.c b/src/auth.c -index 8f86b9a..a3b3d20 100644 ---- a/src/auth.c -+++ b/src/auth.c -@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen, - { - static gcry_md_hd_t digest; - gcry_error_t err; -+ int hlen; -+ -+ hlen = gcry_md_get_algo_dlen(hid); -+ if (!hlen) -+ return -1; - - if (!digest) { - err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC); -@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen, - } - } - gcry_md_write(digest, data, datalen); -- memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid)); -+ memcpy(result, gcry_md_read(digest, 0), hlen); - gcry_md_reset(digest); - return 0; - } -@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen, - { - unsigned char *our_hmac; - int rc; -+ int hlen; -+ -+ hlen = gcry_md_get_algo_dlen(hid); -+ if (!hlen) -+ return -1; - -- our_hmac = malloc(gcry_md_get_algo_dlen(hid)); -+ our_hmac = malloc(hlen); - if (!our_hmac) - return -1; - - rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen); - if (rc) - goto out_free; -- rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid)); -+ rc = memcmp(our_hmac, hmac, hlen); - - out_free: - if (our_hmac) --- -2.23.0 - diff --git a/backport-pacemaker-Store-booth-cfg-name-attribute.patch b/backport-pacemaker-Store-booth-cfg-name-attribute.patch deleted file mode 100644 index 3f7526a3fda10210ed4055ba583aefc9de0d7a86..0000000000000000000000000000000000000000 --- a/backport-pacemaker-Store-booth-cfg-name-attribute.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 27bb52addacda19bb028aecfca7ff52a56c209c5 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 30 May 2024 17:09:02 +0200 -Subject: [PATCH 14/20] pacemaker: Store booth-cfg-name attribute - -This can be useful to find out if ticket is managed by booth and what -specific booth instance. So cluster configuration tools can delete CIB -ticket when removing ticket from booth configuration. - -Fixes #135 - -Signed-off-by: Jan Friesse ---- -src/pacemaker.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/pacemaker.c b/src/pacemaker.c -index 80aa1a3..9239fdf 100644 ---- a/src/pacemaker.c -+++ b/src/pacemaker.c -@@ -133,14 +133,16 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant) - "%s --force " - "-S owner --attr-value=%" PRIi32 " " - "-S expires --attr-value=%" PRIi64 " " -- "-S term --attr-value=%" PRIi64, -+ "-S term --attr-value=%" PRIi64 " " -+ "-S booth-cfg-name --attr-value=%s", - tk->name, - (grant > 0 ? "-g" : - grant < 0 ? "-r" : - ""), - (int32_t)get_node_id(tk->leader), - (int64_t)wall_ts(&tk->term_expires), -- (int64_t)tk->current_term); -+ (int64_t)tk->current_term, -+ booth_conf->name); - - if (rv < 0 || rv >= COMMAND_MAX) { - log_error("pcmk_write_ticket_atomic: cannot format crm_ticket cmdline (probably too long)"); -@@ -359,6 +361,7 @@ struct attr_tab attr_handlers[] = { - { "owner", save_owner}, - { "id", ignore_attr}, - { "last-granted", ignore_attr}, -+ { "booth-cfg-name", ignore_attr}, - { NULL, 0}, - }; - --- -2.33.0 - diff --git a/backport-transport-Fix-_find_myself-for-kernel-6.9.patch b/backport-transport-Fix-_find_myself-for-kernel-6.9.patch deleted file mode 100644 index 798a0201c45c39645768ec4728b665107559561c..0000000000000000000000000000000000000000 --- a/backport-transport-Fix-_find_myself-for-kernel-6.9.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7d93365197f3df144ea007a0ce27cff3b59af8d3 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 23 Apr 2024 18:01:02 +0200 -Subject: [PATCH 13/20] transport: Fix _find_myself for kernel 6.9 - -Kernel 6.9 seems to have changed AF_NETLINK behavior slightly making -booth unable to start. - -Previously it was expected only first item in -the message can be NLMSG_DONE or NLMSG_ERROR type. And it looks this was -true for Kernel < 6.9. - -With kernel 6.9 this is no longer true, so any item can be type -NLMSG_DONE or NLMSG_ERROR. - -Result was loop was never terminated and booth was waiting for more -messages from kernel which never arrived. - -Solution is to change loop a bit so NLMSG_DONE, NLMSG_ERROR and -RTM_NEWADDR are handled correctly. - -Signed-off-by: Jan Friesse ---- - src/transport.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/src/transport.c b/src/transport.c -index 0d17f18..817a4dc 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -208,17 +208,16 @@ int _find_myself(int family, struct booth_site **mep, int fuzzy_allowed) - return 0; - } - -- h = (struct nlmsghdr *)rcvbuf; -- if (h->nlmsg_type == NLMSG_DONE) -- break; -- -- if (h->nlmsg_type == NLMSG_ERROR) { -- close(fd); -- log_error("netlink socket recvmsg error"); -- return 0; -- } -+ for (h = (struct nlmsghdr *)rcvbuf; NLMSG_OK(h, status); h = NLMSG_NEXT(h, status)) { -+ if (h->nlmsg_type == NLMSG_DONE) -+ goto out; -+ -+ if (h->nlmsg_type == NLMSG_ERROR) { -+ close(fd); -+ log_error("netlink socket recvmsg error"); -+ return 0; -+ } - -- while (NLMSG_OK(h, status)) { - if (h->nlmsg_type == RTM_NEWADDR) { - struct ifaddrmsg *ifa = NLMSG_DATA(h); - struct rtattr *tb[IFA_MAX+1]; -@@ -271,10 +270,10 @@ int _find_myself(int family, struct booth_site **mep, int fuzzy_allowed) - } - } - } -- h = NLMSG_NEXT(h, status); - } - } - -+out: - close(fd); - - if (!me) --- -2.25.1 - diff --git a/booth-1.1.tar.gz b/booth-1.1.tar.gz deleted file mode 100644 index 86f416b8aa7fb1b538c6c5c2a9b83a8e784374a2..0000000000000000000000000000000000000000 Binary files a/booth-1.1.tar.gz and /dev/null differ diff --git a/booth-1.2.tar.gz b/booth-1.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7d5304acaf22687d3be3ef2352398c60ac476d10 Binary files /dev/null and b/booth-1.2.tar.gz differ diff --git a/booth.spec b/booth.spec index 7512c4bc92005b3c7ee880d8773ddaa99c2c108d..eaa6729e1e881983ba1f4bfe500b9cc092a7802e 100644 --- a/booth.spec +++ b/booth.spec @@ -24,7 +24,7 @@ %bcond_with run_build_tests %bcond_with include_unit_test -%global release 8 +%global release 1 ## User and group to use for nonprivileged services (should be in sync with pacemaker) %global uname hacluster @@ -42,20 +42,12 @@ %global test_path %{_datadir}/booth/tests Name: booth -Version: 1.1 +Version: 1.2 Release: %{release} Summary: Ticket Manager for Multi-site Clusters License: GPL-2.0-or-later Url: https://github.com/%{github_owner}/%{name} Source0: https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz -Patch0: Remove-const-warning.patch -Patch1: pacemaker-Don-t-add-explicit-error-prefix-in-log.patch -Patch2: pacemaker-Use-long-format-for-crm_ticket-v.patch -Patch3: pacemaker-Check-snprintf-return-values.patch -Patch0004: backport-CVE-2024-3049.patch -Patch0005: backport-Add-support-for-GnuTLS.patch -Patch0006: backport-transport-Fix-_find_myself-for-kernel-6.9.patch -Patch0007: backport-pacemaker-Store-booth-cfg-name-attribute.patch # direct build process dependencies BuildRequires: autoconf @@ -304,6 +296,9 @@ VERBOSE=1 make check %{_usr}/lib/ocf/resource.d/booth/sharedrsc %changelog +* Wed Jun 19 2024 bizhiyuan -1.2-1 +- Update version to 1.2 + * Thu Jun 13 2024 bizhiyuan -1.1-8 - pacemaker store booth cfg name attribute - transport fix find_myself for kernel 6.9 diff --git a/pacemaker-Check-snprintf-return-values.patch b/pacemaker-Check-snprintf-return-values.patch deleted file mode 100644 index 312a010a37ca606997e096a1e55b5447c631eef5..0000000000000000000000000000000000000000 --- a/pacemaker-Check-snprintf-return-values.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 7e33a45d6898e06119dbe9dfd487f6c4923b48cb Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 14 Nov 2023 17:21:49 +0100 -Subject: [PATCH 2/7] pacemaker: Check snprintf return values - -crm_ticket command string is stored into static buffer and not checked -so it can be truncated without notice. - -Solution would be to use dynamic buffer, but for now at least check -snprintf return value and return error when string was truncated. - -Signed-off-by: Jan Friesse ---- - src/pacemaker.c | 39 ++++++++++++++++++++++++++++++++++----- - 1 file changed, 34 insertions(+), 5 deletions(-) - -diff --git a/src/pacemaker.c b/src/pacemaker.c -index 8ad3c69..80aa1a3 100644 ---- a/src/pacemaker.c -+++ b/src/pacemaker.c -@@ -128,7 +128,7 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant) - - /* The long format (--attr-value=) for attribute value is used instead of "-v", - * so that NO_ONE (which is -1) isn't seen as another option. */ -- snprintf(cmd, COMMAND_MAX, -+ rv = snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' " - "%s --force " - "-S owner --attr-value=%" PRIi32 " " -@@ -142,6 +142,10 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant) - (int64_t)wall_ts(&tk->term_expires), - (int64_t)tk->current_term); - -+ if (rv < 0 || rv >= COMMAND_MAX) { -+ log_error("pcmk_write_ticket_atomic: cannot format crm_ticket cmdline (probably too long)"); -+ return -1; -+ } - rv = system(cmd); - log_debug("command: '%s' was executed", cmd); - if (rv != 0) -@@ -230,20 +234,34 @@ static int crm_ticket_set_int(const struct ticket_config *tk, const char *attr, - static int pcmk_set_attr(struct ticket_config *tk, const char *attr, const char *val) - { - char cmd[COMMAND_MAX]; -+ int rv; - -- snprintf(cmd, COMMAND_MAX, -+ rv = snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' -S '%s' --attr-value='%s'", - tk->name, attr, val); -+ -+ if (rv < 0 || rv >= COMMAND_MAX) { -+ log_error("pcmk_set_attr: cannot format crm_ticket cmdline (probably too long)"); -+ return -1; -+ } -+ - return _run_crm_ticket(cmd); - } - - static int pcmk_del_attr(struct ticket_config *tk, const char *attr) - { - char cmd[COMMAND_MAX]; -+ int rv; - -- snprintf(cmd, COMMAND_MAX, -+ rv = snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' -D '%s'", - tk->name, attr); -+ -+ if (rv < 0 || rv >= COMMAND_MAX) { -+ log_error("pcmk_del_attr: cannot format crm_ticket cmdline (probably too long)"); -+ return -1; -+ } -+ - return _run_crm_ticket(cmd); - } - -@@ -352,13 +370,18 @@ static int pcmk_get_attr(struct ticket_config *tk, const char *attr, const char - char cmd[COMMAND_MAX]; - char line[BOOTH_ATTRVAL_LEN+1]; - int rv = 0, pipe_rv; -+ int res; - FILE *p; - - - *vp = NULL; -- snprintf(cmd, COMMAND_MAX, -+ res = snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' -G '%s' --quiet", - tk->name, attr); -+ if (res < 0 || res >= COMMAND_MAX) { -+ log_error("pcmk_get_attr: cannot format crm_ticket cmdline (probably too long)"); -+ return -1; -+ } - - p = popen(cmd, "r"); - if (p == NULL) { -@@ -483,16 +506,22 @@ static int pcmk_load_ticket(struct ticket_config *tk) - { - char cmd[COMMAND_MAX]; - int rv = 0, pipe_rv; -+ int res; - FILE *p; - - /* This here gets run during startup; testing that here means that - * normal operation won't be interrupted with that test. */ - test_atomicity(); - -- snprintf(cmd, COMMAND_MAX, -+ res = snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' -q", - tk->name); - -+ if (res < 0 || res >= COMMAND_MAX) { -+ log_error("pcmk_load_ticket: cannot format crm_ticket cmdline (probably too long)"); -+ return -1; -+ } -+ - p = popen(cmd, "r"); - if (p == NULL) { - pipe_rv = errno; --- -2.33.0 - diff --git a/pacemaker-Don-t-add-explicit-error-prefix-in-log.patch b/pacemaker-Don-t-add-explicit-error-prefix-in-log.patch deleted file mode 100644 index b407f4e578f0e4db75e40d4dd312eb693f5b66c8..0000000000000000000000000000000000000000 --- a/pacemaker-Don-t-add-explicit-error-prefix-in-log.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 26c9509bb96dbabf6bb4155f403944c7c5308cd4 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Tue, 24 Oct 2023 16:40:54 +0200 -Subject: [PATCH 1/4] pacemaker: Don't add explicit error prefix in log - -Signed-off-by: Jan Friesse ---- - src/pacemaker.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/pacemaker.c b/src/pacemaker.c -index 5c4c1de..cef8c41 100644 ---- a/src/pacemaker.c -+++ b/src/pacemaker.c -@@ -145,7 +145,7 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant) - rv = system(cmd); - log_debug("command: '%s' was executed", cmd); - if (rv != 0) -- log_error("error: \"%s\" failed, %s", cmd, interpret_rv(rv)); -+ log_error("\"%s\" failed, %s", cmd, interpret_rv(rv)); - - return rv; - } --- -2.25.1 - diff --git a/pacemaker-Use-long-format-for-crm_ticket-v.patch b/pacemaker-Use-long-format-for-crm_ticket-v.patch deleted file mode 100644 index a94da7f4331d9f64325020560cb1492fb868f00c..0000000000000000000000000000000000000000 --- a/pacemaker-Use-long-format-for-crm_ticket-v.patch +++ /dev/null @@ -1,54 +0,0 @@ -From d649490dfb30e89dd725d200283f0b9848d24f61 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 29 Feb 2024 16:42:28 +0800 -Subject: [PATCH] pacemaker: Use long format for crm_ticket -v - ---- - src/pacemaker.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/pacemaker.c b/src/pacemaker.c -index cef8c41..8ad3c69 100644 ---- a/src/pacemaker.c -+++ b/src/pacemaker.c -@@ -46,7 +46,7 @@ enum atomic_ticket_supported atomicity = UNKNOWN; - - - --#define COMMAND_MAX 1024 -+#define COMMAND_MAX 2048 - - - /** Determines whether the installed crm_ticket can do atomic ticket grants, -@@ -126,14 +126,14 @@ static int pcmk_write_ticket_atomic(struct ticket_config *tk, int grant) - int rv; - - -- /* The values are appended to "-v", so that NO_ONE -- * (which is -1) isn't seen as another option. */ -+ /* The long format (--attr-value=) for attribute value is used instead of "-v", -+ * so that NO_ONE (which is -1) isn't seen as another option. */ - snprintf(cmd, COMMAND_MAX, - "crm_ticket -t '%s' " - "%s --force " -- "-S owner -v%" PRIi32 " " -- "-S expires -v%" PRIi64 " " -- "-S term -v%" PRIi64, -+ "-S owner --attr-value=%" PRIi32 " " -+ "-S expires --attr-value=%" PRIi64 " " -+ "-S term --attr-value=%" PRIi64, - tk->name, - (grant > 0 ? "-g" : - grant < 0 ? "-r" : -@@ -232,7 +232,7 @@ static int pcmk_set_attr(struct ticket_config *tk, const char *attr, const char - char cmd[COMMAND_MAX]; - - snprintf(cmd, COMMAND_MAX, -- "crm_ticket -t '%s' -S '%s' -v '%s'", -+ "crm_ticket -t '%s' -S '%s' --attr-value='%s'", - tk->name, attr, val); - return _run_crm_ticket(cmd); - } --- -2.25.1 -