Compare commits

...

6 Commits

Author SHA1 Message Date
eabdullin d3d18a0d25 Import from AlmaLinux 9 2024-06-11 12:42:12 +03:00
eabdullin 1a9d12c92e Import from AlmaLinux stable repository 2024-05-31 17:29:53 +00:00
CentOS Sources 7f6e0257ff import booth-1.0-283.1.9d4029a.git.el8 2023-05-16 06:06:10 +00:00
CentOS Sources 191e7b2dd2 import booth-1.0-199.2.ac1d34c.git.el8 2022-11-08 10:40:16 +00:00
CentOS Sources 1c65463771 import booth-1.0-199.1.ac1d34c.git.el8_6.1 2022-09-13 07:38:25 +00:00
CentOS Sources cffb1725c9 import booth-1.0-199.1.ac1d34c.git.el8 2021-09-09 15:07:16 +00:00
7 changed files with 279 additions and 68 deletions

View File

@ -1 +0,0 @@
4813ede4a6bb517564a3b9f6fe523164a7362c5b SOURCES/booth-ac1d34c.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/booth-ac1d34c.tar.gz
SOURCES/booth-1.1.tar.gz

View File

@ -1,33 +0,0 @@
From 2f944ea46b1b39113a34ca586cd8e3cd8f0d1d70 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 3 Jun 2020 15:04:56 +0200
Subject: [PATCH] build: Do not link with pcmk libraries
Patch 4205de05fe337d1b1127fae302e6e6c2f0613ccf introduced better way to
check for pacemaker headers but also usage of PCMK_LIBS when linking
boothd.
This is not needed, because boothd uses just crm/services.h header file
for inclusion of OCF return codes, so patch removes the use of PCMK_LIBS.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 8598725..4023791 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -23,7 +23,7 @@ boothd_SOURCES += auth.c
endif
boothd_LDFLAGS = $(OS_DYFLAGS) -L./
-boothd_LDADD = -lm $(GLIB_LIBS) $(ZLIB_LIBS) $(PCMK_LIBS)
+boothd_LDADD = -lm $(GLIB_LIBS) $(ZLIB_LIBS)
boothd_CFLAGS = $(GLIB_CFLAGS) $(PCMK_CFLAGS)
if !LOGGING_LIBQB
--
2.18.2

View File

@ -0,0 +1,37 @@
From 4bdd96d767fc38239c4fac9e95404da99f61ac65 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 21 Feb 2024 17:40:11 +0100
Subject: [PATCH 1/4] attr: Fix reading of server_reply
read_server_reply first reads boothc header and then rest of packet
which contains hmac info. This should go in memory right after
boothc_header and not after full length of packet, because full length
of packet already contains hmac info.
Solution is to simply use length of header and not length of packet.
Longer term and better solution would be to drop read_server_reply
completely and use recv_auth which is used for everything else but attr
set and delete.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/attr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/attr.c b/src/attr.c
index 44061e3..bc154f0 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -142,7 +142,7 @@ static int read_server_reply(
return -2;
}
len = ntohl(header->length);
- rv = tpt->recv(site, msg+len, len-sizeof(*header));
+ rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header));
if (rv < 0) {
return -1;
}
--
2.44.0

View File

@ -0,0 +1,65 @@
From 91fcfb5708f829ecff7d098ed4c0fc8f2da6d599 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Wed, 21 Feb 2024 18:12:28 +0100
Subject: [PATCH 2/4] auth: Check result of gcrypt gcry_md_get_algo_dlen
When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This
value is then used for memcmp so wrong hmac might be accepted as
correct.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/auth.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/auth.c b/src/auth.c
index 8f86b9a..a3b3d20 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen,
{
static gcry_md_hd_t digest;
gcry_error_t err;
+ int hlen;
+
+ hlen = gcry_md_get_algo_dlen(hid);
+ if (!hlen)
+ return -1;
if (!digest) {
err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC);
@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen,
}
}
gcry_md_write(digest, data, datalen);
- memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid));
+ memcpy(result, gcry_md_read(digest, 0), hlen);
gcry_md_reset(digest);
return 0;
}
@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen,
{
unsigned char *our_hmac;
int rc;
+ int hlen;
+
+ hlen = gcry_md_get_algo_dlen(hid);
+ if (!hlen)
+ return -1;
- our_hmac = malloc(gcry_md_get_algo_dlen(hid));
+ our_hmac = malloc(hlen);
if (!our_hmac)
return -1;
rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen);
if (rc)
goto out_free;
- rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid));
+ rc = memcmp(our_hmac, hmac, hlen);
out_free:
if (our_hmac)
--
2.44.0

View File

@ -0,0 +1,106 @@
From 87c8545816cca03d19c2f3ef54031940f7e19d50 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Fri, 18 Nov 2022 11:57:46 +0100
Subject: [PATCH] config: Add enable-authfile option
This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
Default is 'no'.
Booth usage of authfile was broken for long time (since commit
da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
Pcs was adding authfile by default, but it was not used. Once booth bug
was fixed problem appears because mixed clusters (with fixed version and
without fixed one) stops working.
This non-upstream option is added and used to allow use of
authfile without breaking compatibility for clusters
consisting of mixed versions (usually happens before all nodes are
updated) of booth (user have to explicitly
enable usage of authfile).
This patch is transitional and will be removed in future major version of
distribution.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
docs/boothd.8.txt | 7 +++++++
src/config.c | 17 +++++++++++++++++
src/config.h | 1 +
src/main.c | 2 +-
4 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
index 0f3d2c1..c7a8413 100644
--- a/docs/boothd.8.txt
+++ b/docs/boothd.8.txt
@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
parameter to a higher value. The time skew test is performed
only in concert with authentication.
+'enable-authfile'::
+ Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+ Default is 'no'.
+ This is non-upstream option used to allow use of authfile without
+ breaking compatibility for clusters consisting of mixed
+ versions of booth.
+
'debug'::
Specifies the debug output level. Alternative to
command line argument. Effective only for 'daemon'
diff --git a/src/config.c b/src/config.c
index f0ca4aa..e1f25f0 100644
--- a/src/config.c
+++ b/src/config.c
@@ -732,6 +732,23 @@ no_value:
booth_conf->maxtimeskew = atoi(val);
continue;
}
+
+ if (strcmp(key, "enable-authfile") == 0) {
+ if (strcasecmp(val, "yes") == 0 ||
+ strcasecmp(val, "on") == 0 ||
+ strcasecmp(val, "1") == 0) {
+ booth_conf->enable_authfile = 1;
+ } else if (strcasecmp(val, "no") == 0 ||
+ strcasecmp(val, "off") == 0 ||
+ strcasecmp(val, "0") == 0) {
+ booth_conf->enable_authfile = 0;
+ } else {
+ error = "Expected yes/no value for enable-authfile";
+ goto err;
+ }
+
+ continue;
+ }
#endif
if (strcmp(key, "site") == 0) {
diff --git a/src/config.h b/src/config.h
index bca73bc..da1e917 100644
--- a/src/config.h
+++ b/src/config.h
@@ -297,6 +297,7 @@ struct booth_config {
struct stat authstat;
char authkey[BOOTH_MAX_KEY_LEN];
int authkey_len;
+ int enable_authfile;
/** Maximum time skew between peers allowed */
int maxtimeskew;
diff --git a/src/main.c b/src/main.c
index b4a174f..0fdb295 100644
--- a/src/main.c
+++ b/src/main.c
@@ -364,7 +364,7 @@ static int setup_config(int type)
if (rv < 0)
goto out;
- if (booth_conf->authfile[0] != '\0') {
+ if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
rv = read_authkey();
if (rv < 0)
goto out;
--
2.27.0

View File

@ -21,6 +21,8 @@
%bcond_with html_man
%bcond_with glue
%bcond_with run_build_tests
%bcond_without include_unit_test
## User and group to use for nonprivileged services (should be in sync with pacemaker)
%global uname hacluster
@ -29,30 +31,8 @@
# Disable automatic compilation of Python files in extra directories
%global _python_bytecompile_extra 0
%global specver 6
%global boothver 1.0
# set following to the actual commit or, for final release, concatenate
# "boothver" macro to "v" (will yield a tag per the convention)
%global commit ac1d34ce172678a8f5ba415e976cf2366d45e15e
%global lparen (
%global rparen )
%global shortcommit %(c=%{commit}; case ${c} in
v*%{rparen} echo ${c:1};;
*%{rparen} echo ${c:0:7};; esac)
%global pre_release %(s=%{shortcommit}; [ ${s: -3:2} != rc ]; echo $?)
%global post_release %([ %{commit} = v%{shortcommit} ]; echo $?)
%global github_owner ClusterLabs
%if 0%{pre_release}
%global boothrel 0.%{specver}.%(s=%{shortcommit}; echo ${s: -3})
%else
%if 0%{post_release}
%global boothrel %{specver}.%{shortcommit}.git
%else
%global boothrel %{specver}
%endif
%endif
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
# https://fedoraproject.org/wiki/EPEL:Packaging?rd=Packaging:EPEL#The_.25license_tag
%{!?_licensedir:%global license %doc}
@ -60,13 +40,15 @@
%global test_path %{_datadir}/booth/tests
Name: booth
Version: %{boothver}
Release: %{boothrel}%{?dist}.2
Version: 1.1
Release: 1%{?dist}.1
Summary: Ticket Manager for Multi-site Clusters
License: GPLv2+
Url: https://github.com/%{github_owner}/%{name}
Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Patch0: 0001-build-Do-not-link-with-pcmk-libraries.patch
Source0: https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Patch0: rhel-specific-0001-config-Add-enable-authfile-option.patch
Patch1: RHEL-32613-1-attr-Fix-reading-of-server_reply.patch
Patch2: RHEL-32613-2-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch
# direct build process dependencies
BuildRequires: autoconf
@ -102,8 +84,10 @@ BuildRequires: sed
BuildRequires: systemd
## for autosetup
BuildRequires: git
%if 0%{?with_run_build_tests}
# check scriptlet (for perl and netstat)
BuildRequires: perl-interpreter net-tools
%endif
# this is for a composite-requiring-its-components arranged
# as an empty package (empty files section) requiring subpackages
@ -111,7 +95,9 @@ BuildRequires: perl-interpreter net-tools
Requires: %{name}-core%{?_isa}
Requires: %{name}-site
%files
# intentionally empty
%license COPYING
%dir %{_datadir}/pkgconfig
%{_datadir}/pkgconfig/booth.pc
%description
Booth manages tickets which authorize cluster sites located
@ -145,13 +131,13 @@ Support for running Booth, ticket manager for multi-site clusters,
as an arbitrator.
%post arbitrator
%systemd_post booth@.service booth-arbitrator.service
%systemd_post booth-arbitrator.service
%preun arbitrator
%systemd_preun booth@.service booth-arbitrator.service
%systemd_preun booth-arbitrator.service
%postun arbitrator
%systemd_postun_with_restart booth@.service booth-arbitrator.service
%systemd_postun_with_restart booth-arbitrator.service
%package site
Summary: Booth support for running as a full-fledged site
@ -181,7 +167,9 @@ Requires: %{name}-arbitrator = %{version}-%{release}
Requires: %{name}-site = %{version}-%{release}
Requires: gdb
Requires: %{__python3}
%if 0%{?with_include_unit_test}
Requires: python3-pexpect
%endif
# runtests.py suite (for perl and netstat)
Requires: perl-interpreter net-tools
@ -191,7 +179,7 @@ Automated tests for running Booth, ticket manager for multi-site clusters.
# BUILD #
%prep
%autosetup -n %{name}-%{commit} -S git_am
%autosetup -n %{name}-%{version} -S git_am
%build
./autogen.sh
@ -199,7 +187,7 @@ Automated tests for running Booth, ticket manager for multi-site clusters.
--with-initddir=%{_initrddir} \
--docdir=%{_pkgdocdir} \
--enable-user-flags \
%{!?with_html_man:--without-html_man} \
%{?with_html_man:--with-html_man} \
%{!?with_glue:--without-glue} \
PYTHON=%{__python3}
%{make_build}
@ -222,7 +210,11 @@ rm -rf %{buildroot}/%{_pkgdocdir}/COPYING
mkdir -p %{buildroot}/%{test_path}
# Copy tests from tarball
cp -a -t %{buildroot}/%{test_path} \
-- conf test unit-tests script/unit-test.py
-- conf test
%if 0%{?with_include_unit_test}
cp -a -t %{buildroot}/%{test_path} \
-- unit-tests script/unit-test.py
%endif
chmod +x %{buildroot}/%{test_path}/test/booth_path
chmod +x %{buildroot}/%{test_path}/test/live_test.sh
mkdir -p %{buildroot}/%{test_path}/src
@ -246,7 +238,9 @@ sed -e 's#PYTHON_SHEBANG#%{__python3} -Es#g' \
%check
# alternatively: test/runtests.py
%if 0%{?with_run_build_tests}
VERBOSE=1 make check
%endif
%files core
%license COPYING
@ -264,6 +258,12 @@ VERBOSE=1 make check
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/booth/
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/booth/cores
# Generated html docs
%if 0%{?with_html_man}
%{_pkgdocdir}/booth-keygen.8.html
%{_pkgdocdir}/boothd.8.html
%endif
%files arbitrator
%{_unitdir}/booth@.service
%{_unitdir}/booth-arbitrator.service
@ -284,6 +284,11 @@ VERBOSE=1 make check
%dir %{_datadir}/booth
%{_datadir}/booth/service-runnable
# Generated html docs
%if 0%{?with_html_man}
%{_pkgdocdir}/geostore.8.html
%endif
%files test
%doc %{_pkgdocdir}/README-testing
# /usr/share/booth provided by -site
@ -292,6 +297,38 @@ VERBOSE=1 make check
%{_usr}/lib/ocf/resource.d/booth/sharedrsc
%changelog
* Tue Apr 30 2024 Jan Friesse <jfriesse@redhat.com> - 1.1-1.1
- Resolves: RHEL-32613
- attr: Fix reading of server_reply
- auth: Check result of gcrypt gcry_md_get_algo_dlen (fixes CVE-2024-3049)
* Thu Nov 23 2023 Jan Friesse <jfriesse@redhat.com> - 1.1-1
- Resolves: RHEL-15265
- New upstream release (RHEL-15265)
- Upstream releases should now be released regularly, so convert spec
to use them instead of git snapshots (RHEL-15265)
* Mon Nov 21 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-283.1.9d4029a.git
- Resolves: rhbz#2135865
- Update to current snapshot (commit 9d4029a) (rhbz#2135865)
* Wed Aug 03 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-199.2.ac1d34c.git
- Resolves: rhbz#2111668
- Fix authfile directive handling in booth config file
(fixes CVE-2022-2553)
- Add enable-authfile option
* Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-199.1.ac1d34c.git
- Resolves: rhbz#1873948
- Resolves: rhbz#1768172
- Fix versioning scheme to handle updates better
- Handle updated exit code of crm_ticket
* Wed Jun 3 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-6.ac1d34c.git.2
- Related: rhbz#1835831