import booth-1.0-199.1.ac1d34c.git.el8_6.1
This commit is contained in:
parent
cffb1725c9
commit
1c65463771
@ -0,0 +1,30 @@
|
|||||||
|
From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Friesse <jfriesse@redhat.com>
|
||||||
|
Date: Mon, 4 Jul 2022 09:39:47 +0200
|
||||||
|
Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
|
||||||
|
|
||||||
|
This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
|
||||||
|
|
||||||
|
authfile != authkey
|
||||||
|
|
||||||
|
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
|
||||||
|
---
|
||||||
|
src/main.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/main.c b/src/main.c
|
||||||
|
index b50a883..b4a174f 100644
|
||||||
|
--- a/src/main.c
|
||||||
|
+++ b/src/main.c
|
||||||
|
@@ -364,7 +364,7 @@ static int setup_config(int type)
|
||||||
|
if (rv < 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- if (is_auth_req()) {
|
||||||
|
+ if (booth_conf->authfile[0] != '\0') {
|
||||||
|
rv = read_authkey();
|
||||||
|
if (rv < 0)
|
||||||
|
goto out;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
106
SOURCES/bz2113967-2-config-Add-enable-authfile-option.patch
Normal file
106
SOURCES/bz2113967-2-config-Add-enable-authfile-option.patch
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Friesse <jfriesse@redhat.com>
|
||||||
|
Date: Tue, 26 Jul 2022 18:39:38 +0200
|
||||||
|
Subject: [PATCH] config: Add enable-authfile option
|
||||||
|
|
||||||
|
This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
|
||||||
|
Default is 'no'.
|
||||||
|
|
||||||
|
Booth usage of authfile was broken for long time (since commit
|
||||||
|
da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
|
||||||
|
|
||||||
|
Pcs was adding authfile by default, but it was not used. Once booth bug
|
||||||
|
was fixed problem appears because mixed clusters (with fixed version and
|
||||||
|
without fixed one) stops working.
|
||||||
|
|
||||||
|
This non-upstream option is added and used to allow use of
|
||||||
|
authfile without breaking compatibility for clusters
|
||||||
|
consisting of mixed versions (usually happens before all nodes are
|
||||||
|
updated) of booth (user have to explicitly
|
||||||
|
enable usage of authfile).
|
||||||
|
|
||||||
|
This patch is transitional and will be removed in future major version of
|
||||||
|
distribution.
|
||||||
|
|
||||||
|
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
|
||||||
|
---
|
||||||
|
docs/boothd.8.txt | 7 +++++++
|
||||||
|
src/config.c | 17 +++++++++++++++++
|
||||||
|
src/config.h | 1 +
|
||||||
|
src/main.c | 2 +-
|
||||||
|
4 files changed, 26 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
|
||||||
|
index f58f27e..12f66f9 100644
|
||||||
|
--- a/docs/boothd.8.txt
|
||||||
|
+++ b/docs/boothd.8.txt
|
||||||
|
@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
|
||||||
|
parameter to a higher value. The time skew test is performed
|
||||||
|
only in concert with authentication.
|
||||||
|
|
||||||
|
+*'enable-authfile'*::
|
||||||
|
+ Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
|
||||||
|
+ Default is 'no'.
|
||||||
|
+ This is non-upstream option used to allow use of authfile without
|
||||||
|
+ breaking compatibility for clusters consisting of mixed
|
||||||
|
+ versions of booth.
|
||||||
|
+
|
||||||
|
*'site'*::
|
||||||
|
Defines a site Raft member with the given IP. Sites can
|
||||||
|
acquire tickets. The sites' IP should be managed by the cluster.
|
||||||
|
diff --git a/src/config.c b/src/config.c
|
||||||
|
index 8e41553..b9df3e3 100644
|
||||||
|
--- a/src/config.c
|
||||||
|
+++ b/src/config.c
|
||||||
|
@@ -729,6 +729,23 @@ no_value:
|
||||||
|
booth_conf->maxtimeskew = atoi(val);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ if (strcmp(key, "enable-authfile") == 0) {
|
||||||
|
+ if (strcasecmp(val, "yes") == 0 ||
|
||||||
|
+ strcasecmp(val, "on") == 0 ||
|
||||||
|
+ strcasecmp(val, "1") == 0) {
|
||||||
|
+ booth_conf->enable_authfile = 1;
|
||||||
|
+ } else if (strcasecmp(val, "no") == 0 ||
|
||||||
|
+ strcasecmp(val, "off") == 0 ||
|
||||||
|
+ strcasecmp(val, "0") == 0) {
|
||||||
|
+ booth_conf->enable_authfile = 0;
|
||||||
|
+ } else {
|
||||||
|
+ error = "Expected yes/no value for enable-authfile";
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (strcmp(key, "site") == 0) {
|
||||||
|
diff --git a/src/config.h b/src/config.h
|
||||||
|
index bca73bc..da1e917 100644
|
||||||
|
--- a/src/config.h
|
||||||
|
+++ b/src/config.h
|
||||||
|
@@ -297,6 +297,7 @@ struct booth_config {
|
||||||
|
struct stat authstat;
|
||||||
|
char authkey[BOOTH_MAX_KEY_LEN];
|
||||||
|
int authkey_len;
|
||||||
|
+ int enable_authfile;
|
||||||
|
/** Maximum time skew between peers allowed */
|
||||||
|
int maxtimeskew;
|
||||||
|
|
||||||
|
diff --git a/src/main.c b/src/main.c
|
||||||
|
index b4a174f..0fdb295 100644
|
||||||
|
--- a/src/main.c
|
||||||
|
+++ b/src/main.c
|
||||||
|
@@ -364,7 +364,7 @@ static int setup_config(int type)
|
||||||
|
if (rv < 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- if (booth_conf->authfile[0] != '\0') {
|
||||||
|
+ if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
|
||||||
|
rv = read_authkey();
|
||||||
|
if (rv < 0)
|
||||||
|
goto out;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -56,13 +56,15 @@
|
|||||||
|
|
||||||
Name: booth
|
Name: booth
|
||||||
Version: %{booth_ver}
|
Version: %{booth_ver}
|
||||||
Release: %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}
|
Release: %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}.1
|
||||||
Summary: Ticket Manager for Multi-site Clusters
|
Summary: Ticket Manager for Multi-site Clusters
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: https://github.com/%{github_owner}/%{name}
|
Url: https://github.com/%{github_owner}/%{name}
|
||||||
Source0: https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
|
Source0: https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
|
||||||
Patch0: 0001-build-Do-not-link-with-pcmk-libraries.patch
|
Patch0: 0001-build-Do-not-link-with-pcmk-libraries.patch
|
||||||
Patch1: 0002-pacemaker-Handle-updated-exit-code-of-crm_ticket.patch
|
Patch1: 0002-pacemaker-Handle-updated-exit-code-of-crm_ticket.patch
|
||||||
|
Patch2: bz2113967-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
|
||||||
|
Patch3: bz2113967-2-config-Add-enable-authfile-option.patch
|
||||||
|
|
||||||
# direct build process dependencies
|
# direct build process dependencies
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
@ -303,6 +305,13 @@ VERBOSE=1 make check
|
|||||||
%{_usr}/lib/ocf/resource.d/booth/sharedrsc
|
%{_usr}/lib/ocf/resource.d/booth/sharedrsc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 04 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git.1
|
||||||
|
- Resolves: rhbz#2113967
|
||||||
|
|
||||||
|
- Fix authfile directive handling in booth config file
|
||||||
|
(fixes CVE-2022-2553)
|
||||||
|
- Add enable-authfile option
|
||||||
|
|
||||||
* Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git
|
* Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git
|
||||||
- Resolves: rhbz#1873948
|
- Resolves: rhbz#1873948
|
||||||
- Resolves: rhbz#1768172
|
- Resolves: rhbz#1768172
|
||||||
|
Loading…
Reference in New Issue
Block a user