import booth-1.0-199.1.ac1d34c.git.el8_6.1

2022-09-13 03:37:57 -04:00 · 2022-09-13 03:37:57 -04:00 · 1c65463771
parent cffb1725c9
commit 1c65463771
3 changed files with 146 additions and 1 deletions
--- a/SOURCES/bz2113967-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
+++ b/SOURCES/bz2113967-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
@ -0,0 +1,30 @@
+From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 4 Jul 2022 09:39:47 +0200
+Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
+
+This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
+
+authfile != authkey
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/main.c b/src/main.c
+index b50a883..b4a174f 100644
+--- a/src/main.c
+++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (is_auth_req()) {
+	if (booth_conf->authfile[0] != '\0') {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+
--- a/SOURCES/bz2113967-2-config-Add-enable-authfile-option.patch
+++ b/SOURCES/bz2113967-2-config-Add-enable-authfile-option.patch
@ -0,0 +1,106 @@
+From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 26 Jul 2022 18:39:38 +0200
+Subject: [PATCH] config: Add enable-authfile option
+
+This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+Default is 'no'.
+
+Booth usage of authfile was broken for long time (since commit
+da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
+
+Pcs was adding authfile by default, but it was not used. Once booth bug
+was fixed problem appears because mixed clusters (with fixed version and
+without fixed one) stops working.
+
+This non-upstream option is added and used to allow use of
+authfile without breaking compatibility for clusters
+consisting of mixed versions (usually happens before all nodes are
+updated) of booth (user have to explicitly
+enable usage of authfile).
+
+This patch is transitional and will be removed in future major version of
+distribution.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ docs/boothd.8.txt |  7 +++++++
+ src/config.c      | 17 +++++++++++++++++
+ src/config.h      |  1 +
+ src/main.c        |  2 +-
+ 4 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
+index f58f27e..12f66f9 100644
+--- a/docs/boothd.8.txt
+++ b/docs/boothd.8.txt
+@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
+ 	parameter to a higher value. The time skew test is performed
+ 	only in concert with authentication.
+ 
+*'enable-authfile'*::
+	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+	Default is 'no'.
+	This is non-upstream option used to allow use of authfile without
+	breaking compatibility for clusters consisting of mixed
+	versions of booth.
+
+ *'site'*::
+ 	Defines a site Raft member with the given IP. Sites can
+ 	acquire tickets. The sites' IP should be managed by the cluster.
+diff --git a/src/config.c b/src/config.c
+index 8e41553..b9df3e3 100644
+--- a/src/config.c
+++ b/src/config.c
+@@ -729,6 +729,23 @@ no_value:
+ 			booth_conf->maxtimeskew = atoi(val);
+ 			continue;
+ 		}
+
+		if (strcmp(key, "enable-authfile") == 0) {
+			if (strcasecmp(val, "yes") == 0 ||
+			    strcasecmp(val, "on") == 0 ||
+			    strcasecmp(val, "1") == 0) {
+				booth_conf->enable_authfile = 1;
+			} else if (strcasecmp(val, "no") == 0 ||
+			    strcasecmp(val, "off") == 0 ||
+			    strcasecmp(val, "0") == 0) {
+				booth_conf->enable_authfile = 0;
+			} else {
+				error = "Expected yes/no value for enable-authfile";
+				goto err;
+			}
+
+			continue;
+		}
+ #endif
+ 
+ 		if (strcmp(key, "site") == 0) {
+diff --git a/src/config.h b/src/config.h
+index bca73bc..da1e917 100644
+--- a/src/config.h
+++ b/src/config.h
+@@ -297,6 +297,7 @@ struct booth_config {
+ 	struct stat authstat;
+ 	char authkey[BOOTH_MAX_KEY_LEN];
+ 	int authkey_len;
+	int enable_authfile;
+     /** Maximum time skew between peers allowed */
+ 	int maxtimeskew;
+ 
+diff --git a/src/main.c b/src/main.c
+index b4a174f..0fdb295 100644
+--- a/src/main.c
+++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (booth_conf->authfile[0] != '\0') {
+	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+
--- a/SPECS/booth.spec
+++ b/SPECS/booth.spec
@ -56,13 +56,15 @@

 Name:           booth
 Version:        %{booth_ver}
-Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}
+Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}.1
 Summary:        Ticket Manager for Multi-site Clusters
 License:        GPLv2+
 Url:            https://github.com/%{github_owner}/%{name}
 Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
 Patch0:         0001-build-Do-not-link-with-pcmk-libraries.patch
 Patch1:         0002-pacemaker-Handle-updated-exit-code-of-crm_ticket.patch
+Patch2:         bz2113967-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
+Patch3:         bz2113967-2-config-Add-enable-authfile-option.patch

 # direct build process dependencies
 BuildRequires:  autoconf
@ -303,6 +305,13 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc

 %changelog
+* Thu Aug 04 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git.1
+- Resolves: rhbz#2113967
+
+- Fix authfile directive handling in booth config file
+  (fixes CVE-2022-2553)
+- Add enable-authfile option
+
 * Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git
 - Resolves: rhbz#1873948
 - Resolves: rhbz#1768172