.booth.metadata

@@ -0,0 +1 @@
+7d9cbffc7e0392a7857af08d6f466d9d97631f72 SOURCES/booth-1.1.tar.gz

SOURCES/RHEL-32613-1-attr-Fix-reading-of-server_reply.patch

@@ -1,37 +0,0 @@
-From 4bdd96d767fc38239c4fac9e95404da99f61ac65 Mon Sep 17 00:00:00 2001
-From: Jan Friesse <jfriesse@redhat.com>
-Date: Wed, 21 Feb 2024 17:40:11 +0100
-Subject: [PATCH 1/4] attr: Fix reading of server_reply
-
-read_server_reply first reads boothc header and then rest of packet
-which contains hmac info. This should go in memory right after
-boothc_header and not after full length of packet, because full length
-of packet already contains hmac info.
-
-Solution is to simply use length of header and not length of packet.
-
-Longer term and better solution would be to drop read_server_reply
-completely and use recv_auth which is used for everything else but attr
-set and delete.
-
-Signed-off-by: Jan Friesse <jfriesse@redhat.com>
----
- src/attr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/attr.c b/src/attr.c
-index 44061e3..bc154f0 100644
---- a/src/attr.c
-+++ b/src/attr.c
-@@ -142,7 +142,7 @@ static int read_server_reply(
- 		return -2;
- 	}
- 	len = ntohl(header->length);
--	rv = tpt->recv(site, msg+len, len-sizeof(*header));
-+	rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header));
- 	if (rv < 0) {
- 		return -1;
- 	}
--- 
-2.44.0
-

SOURCES/RHEL-32613-2-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch

@@ -1,65 +0,0 @@
-From 91fcfb5708f829ecff7d098ed4c0fc8f2da6d599 Mon Sep 17 00:00:00 2001
-From: Jan Friesse <jfriesse@redhat.com>
-Date: Wed, 21 Feb 2024 18:12:28 +0100
-Subject: [PATCH 2/4] auth: Check result of gcrypt gcry_md_get_algo_dlen
-
-When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This
-value is then used for memcmp so wrong hmac might be accepted as
-correct.
-
-Signed-off-by: Jan Friesse <jfriesse@redhat.com>
----
- src/auth.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/src/auth.c b/src/auth.c
-index 8f86b9a..a3b3d20 100644
---- a/src/auth.c
-+++ b/src/auth.c
-@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen,
- {
- 	static gcry_md_hd_t digest;
- 	gcry_error_t err;
-+	int hlen;
-+
-+	hlen = gcry_md_get_algo_dlen(hid);
-+	if (!hlen)
-+		return -1;
- 
- 	if (!digest) {
- 		err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC);
-@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen,
- 		}
- 	}
- 	gcry_md_write(digest, data, datalen);
--	memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid));
-+	memcpy(result, gcry_md_read(digest, 0), hlen);
- 	gcry_md_reset(digest);
- 	return 0;
- }
-@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen,
- {
- 	unsigned char *our_hmac;
- 	int rc;
-+	int hlen;
-+
-+	hlen = gcry_md_get_algo_dlen(hid);
-+	if (!hlen)
-+		return -1;
- 
--	our_hmac = malloc(gcry_md_get_algo_dlen(hid));
-+	our_hmac = malloc(hlen);
- 	if (!our_hmac)
- 		return -1;
- 
- 	rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen);
- 	if (rc)
- 		goto out_free;
--	rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid));
-+	rc = memcmp(our_hmac, hmac, hlen);
- 
- out_free:
- 	if (our_hmac)
--- 
-2.44.0
-

SPECS/booth.spec

@@ -41,14 +41,12 @@
 
 Name:           booth
 Version:        1.1
-Release:        1%{?dist}.1
+Release:        1%{?dist}
 Summary:        Ticket Manager for Multi-site Clusters
 License:        GPLv2+
 Url:            https://github.com/%{github_owner}/%{name}
 Source0:        https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Patch0:         rhel-specific-0001-config-Add-enable-authfile-option.patch
-Patch1:         RHEL-32613-1-attr-Fix-reading-of-server_reply.patch
-Patch2:         RHEL-32613-2-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch
 
 # direct build process dependencies
 BuildRequires:  autoconf
@@ -297,12 +295,6 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc
 
 %changelog
-* Tue Apr 30 2024 Jan Friesse <jfriesse@redhat.com> - 1.1-1.1
-- Resolves: RHEL-32613
-
-- attr: Fix reading of server_reply
-- auth: Check result of gcrypt gcry_md_get_algo_dlen (fixes CVE-2024-3049)
-
 * Thu Nov 23 2023 Jan Friesse <jfriesse@redhat.com> - 1.1-1
 - Resolves: RHEL-15265