import booth-1.0-251.3.bfb2f92.git.el9_0.1
This commit is contained in:
		
							parent
							
								
									280ce65cea
								
							
						
					
					
						commit
						568760e9bb
					
				| @ -0,0 +1,30 @@ | |||||||
|  | From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Jan Friesse <jfriesse@redhat.com> | ||||||
|  | Date: Mon, 4 Jul 2022 09:39:47 +0200 | ||||||
|  | Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro" | ||||||
|  | 
 | ||||||
|  | This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c. | ||||||
|  | 
 | ||||||
|  | authfile != authkey | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Jan Friesse <jfriesse@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  src/main.c | 2 +- | ||||||
|  |  1 file changed, 1 insertion(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/src/main.c b/src/main.c
 | ||||||
|  | index b50a883..b4a174f 100644
 | ||||||
|  | --- a/src/main.c
 | ||||||
|  | +++ b/src/main.c
 | ||||||
|  | @@ -364,7 +364,7 @@ static int setup_config(int type)
 | ||||||
|  |  	if (rv < 0) | ||||||
|  |  		goto out; | ||||||
|  |   | ||||||
|  | -	if (is_auth_req()) {
 | ||||||
|  | +	if (booth_conf->authfile[0] != '\0') {
 | ||||||
|  |  		rv = read_authkey(); | ||||||
|  |  		if (rv < 0) | ||||||
|  |  			goto out; | ||||||
|  | -- 
 | ||||||
|  | 2.37.1 | ||||||
|  | 
 | ||||||
							
								
								
									
										106
									
								
								SOURCES/bz2113970-2-config-Add-enable-authfile-option.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										106
									
								
								SOURCES/bz2113970-2-config-Add-enable-authfile-option.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,106 @@ | |||||||
|  | From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Jan Friesse <jfriesse@redhat.com> | ||||||
|  | Date: Tue, 26 Jul 2022 18:39:38 +0200 | ||||||
|  | Subject: [PATCH] config: Add enable-authfile option | ||||||
|  | 
 | ||||||
|  | This option enables (or disables) usage of authfile. Can be 'yes' or 'no'. | ||||||
|  | Default is 'no'. | ||||||
|  | 
 | ||||||
|  | Booth usage of authfile was broken for long time (since commit | ||||||
|  | da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c). | ||||||
|  | 
 | ||||||
|  | Pcs was adding authfile by default, but it was not used. Once booth bug | ||||||
|  | was fixed problem appears because mixed clusters (with fixed version and | ||||||
|  | without fixed one) stops working. | ||||||
|  | 
 | ||||||
|  | This non-upstream option is added and used to allow use of | ||||||
|  | authfile without breaking compatibility for clusters | ||||||
|  | consisting of mixed versions (usually happens before all nodes are | ||||||
|  | updated) of booth (user have to explicitly | ||||||
|  | enable usage of authfile). | ||||||
|  | 
 | ||||||
|  | This patch is transitional and will be removed in future major version of | ||||||
|  | distribution. | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Jan Friesse <jfriesse@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  docs/boothd.8.txt |  7 +++++++ | ||||||
|  |  src/config.c      | 17 +++++++++++++++++ | ||||||
|  |  src/config.h      |  1 + | ||||||
|  |  src/main.c        |  2 +- | ||||||
|  |  4 files changed, 26 insertions(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
 | ||||||
|  | index f58f27e..12f66f9 100644
 | ||||||
|  | --- a/docs/boothd.8.txt
 | ||||||
|  | +++ b/docs/boothd.8.txt
 | ||||||
|  | @@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
 | ||||||
|  |  	parameter to a higher value. The time skew test is performed | ||||||
|  |  	only in concert with authentication. | ||||||
|  |   | ||||||
|  | +*'enable-authfile'*::
 | ||||||
|  | +	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
 | ||||||
|  | +	Default is 'no'.
 | ||||||
|  | +	This is non-upstream option used to allow use of authfile without
 | ||||||
|  | +	breaking compatibility for clusters consisting of mixed
 | ||||||
|  | +	versions of booth.
 | ||||||
|  | +
 | ||||||
|  |  *'site'*:: | ||||||
|  |  	Defines a site Raft member with the given IP. Sites can | ||||||
|  |  	acquire tickets. The sites' IP should be managed by the cluster. | ||||||
|  | diff --git a/src/config.c b/src/config.c
 | ||||||
|  | index 8e41553..b9df3e3 100644
 | ||||||
|  | --- a/src/config.c
 | ||||||
|  | +++ b/src/config.c
 | ||||||
|  | @@ -729,6 +729,23 @@ no_value:
 | ||||||
|  |  			booth_conf->maxtimeskew = atoi(val); | ||||||
|  |  			continue; | ||||||
|  |  		} | ||||||
|  | +
 | ||||||
|  | +		if (strcmp(key, "enable-authfile") == 0) {
 | ||||||
|  | +			if (strcasecmp(val, "yes") == 0 ||
 | ||||||
|  | +			    strcasecmp(val, "on") == 0 ||
 | ||||||
|  | +			    strcasecmp(val, "1") == 0) {
 | ||||||
|  | +				booth_conf->enable_authfile = 1;
 | ||||||
|  | +			} else if (strcasecmp(val, "no") == 0 ||
 | ||||||
|  | +			    strcasecmp(val, "off") == 0 ||
 | ||||||
|  | +			    strcasecmp(val, "0") == 0) {
 | ||||||
|  | +				booth_conf->enable_authfile = 0;
 | ||||||
|  | +			} else {
 | ||||||
|  | +				error = "Expected yes/no value for enable-authfile";
 | ||||||
|  | +				goto err;
 | ||||||
|  | +			}
 | ||||||
|  | +
 | ||||||
|  | +			continue;
 | ||||||
|  | +		}
 | ||||||
|  |  #endif | ||||||
|  |   | ||||||
|  |  		if (strcmp(key, "site") == 0) { | ||||||
|  | diff --git a/src/config.h b/src/config.h
 | ||||||
|  | index bca73bc..da1e917 100644
 | ||||||
|  | --- a/src/config.h
 | ||||||
|  | +++ b/src/config.h
 | ||||||
|  | @@ -297,6 +297,7 @@ struct booth_config {
 | ||||||
|  |  	struct stat authstat; | ||||||
|  |  	char authkey[BOOTH_MAX_KEY_LEN]; | ||||||
|  |  	int authkey_len; | ||||||
|  | +	int enable_authfile;
 | ||||||
|  |      /** Maximum time skew between peers allowed */ | ||||||
|  |  	int maxtimeskew; | ||||||
|  |   | ||||||
|  | diff --git a/src/main.c b/src/main.c
 | ||||||
|  | index b4a174f..0fdb295 100644
 | ||||||
|  | --- a/src/main.c
 | ||||||
|  | +++ b/src/main.c
 | ||||||
|  | @@ -364,7 +364,7 @@ static int setup_config(int type)
 | ||||||
|  |  	if (rv < 0) | ||||||
|  |  		goto out; | ||||||
|  |   | ||||||
|  | -	if (booth_conf->authfile[0] != '\0') {
 | ||||||
|  | +	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
 | ||||||
|  |  		rv = read_authkey(); | ||||||
|  |  		if (rv < 0) | ||||||
|  |  			goto out; | ||||||
|  | -- 
 | ||||||
|  | 2.37.1 | ||||||
|  | 
 | ||||||
| @ -31,7 +31,7 @@ | |||||||
| %global git_describe_str v1.0-251-gbfb2f924c07db823f5c934d1aafbc5181bb25148 | %global git_describe_str v1.0-251-gbfb2f924c07db823f5c934d1aafbc5181bb25148 | ||||||
| 
 | 
 | ||||||
| # Set this to 1 when rebasing (changing git_describe_str) and increase otherwise | # Set this to 1 when rebasing (changing git_describe_str) and increase otherwise | ||||||
| %global release 2 | %global release 3 | ||||||
| 
 | 
 | ||||||
| # Run shell script to parse git_describe str into version, numcomm and sha1 hash | # Run shell script to parse git_describe str into version, numcomm and sha1 hash | ||||||
| %global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1}) | %global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1}) | ||||||
| @ -57,11 +57,13 @@ | |||||||
| 
 | 
 | ||||||
| Name:           booth | Name:           booth | ||||||
| Version:        %{booth_ver} | Version:        %{booth_ver} | ||||||
| Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist} | Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}.1 | ||||||
| Summary:        Ticket Manager for Multi-site Clusters | Summary:        Ticket Manager for Multi-site Clusters | ||||||
| License:        GPLv2+ | License:        GPLv2+ | ||||||
| Url:            https://github.com/%{github_owner}/%{name} | Url:            https://github.com/%{github_owner}/%{name} | ||||||
| Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz | Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz | ||||||
|  | Patch0:         bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch | ||||||
|  | Patch1:         bz2113970-2-config-Add-enable-authfile-option.patch | ||||||
| 
 | 
 | ||||||
| # direct build process dependencies | # direct build process dependencies | ||||||
| BuildRequires:  autoconf | BuildRequires:  autoconf | ||||||
| @ -144,13 +146,13 @@ Support for running Booth, ticket manager for multi-site clusters, | |||||||
| as an arbitrator. | as an arbitrator. | ||||||
| 
 | 
 | ||||||
| %post arbitrator | %post arbitrator | ||||||
| %systemd_post booth@.service booth-arbitrator.service | %systemd_post booth-arbitrator.service | ||||||
| 
 | 
 | ||||||
| %preun arbitrator | %preun arbitrator | ||||||
| %systemd_preun booth@.service booth-arbitrator.service | %systemd_preun booth-arbitrator.service | ||||||
| 
 | 
 | ||||||
| %postun arbitrator | %postun arbitrator | ||||||
| %systemd_postun_with_restart booth@.service booth-arbitrator.service | %systemd_postun_with_restart booth-arbitrator.service | ||||||
| 
 | 
 | ||||||
| %package        site | %package        site | ||||||
| Summary:        Booth support for running as a full-fledged site | Summary:        Booth support for running as a full-fledged site | ||||||
| @ -310,6 +312,18 @@ VERBOSE=1 make check | |||||||
| %{_usr}/lib/ocf/resource.d/booth/sharedrsc | %{_usr}/lib/ocf/resource.d/booth/sharedrsc | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git.1 | ||||||
|  | - Related: rhbz#2113970 | ||||||
|  | 
 | ||||||
|  | - Remove template unit from systemd_(post|preun|postun_with_restart) macro | ||||||
|  | 
 | ||||||
|  | * Thu Aug 04 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.2.bfb2f92.git.1 | ||||||
|  | - Resolves: rhbz#2113970 | ||||||
|  | 
 | ||||||
|  | - Fix authfile directive handling in booth config file | ||||||
|  |   (fixes CVE-2022-2553) | ||||||
|  | - Add enable-authfile option | ||||||
|  | 
 | ||||||
| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-251.2.bfb2f92.git | * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-251.2.bfb2f92.git | ||||||
| - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | ||||||
|   Related: rhbz#1991688 |   Related: rhbz#1991688 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user