From 5d60ff11dfac0cf948087d58da5c3a357bb52485 Mon Sep 17 00:00:00 2001 From: Jan Friesse Date: Tue, 18 Nov 2025 09:38:20 +0100 Subject: [PATCH] - Resolves: RHEL-122945 Signed-off-by: Jan Friesse --- .gitignore | 1 + ...totemsrp-Check-size-of-orf_token-msg.patch | 68 ----------- ...-Add-support-for-env-STATE_DIRECTORY.patch | 113 ------------------ ...e-LogsDirectory-in-systemd-unit-file.patch | 50 -------- corosync.spec | 15 +-- sources | 2 +- 6 files changed, 10 insertions(+), 239 deletions(-) delete mode 100644 RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch delete mode 100644 RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch delete mode 100644 RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch diff --git a/.gitignore b/.gitignore index 836dba5..be468d1 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,4 @@ corosync-1.2.7.tar.gz /corosync-3.1.7.tar.gz /corosync-3.1.8.tar.gz /corosync-3.1.9.tar.gz +/corosync-3.1.10.tar.gz diff --git a/RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch b/RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch deleted file mode 100644 index 17b4c3e..0000000 --- a/RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 7839990f9cdf34e55435ed90109e82709032466a Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Mon, 24 Mar 2025 12:05:08 +0100 -Subject: [PATCH] totemsrp: Check size of orf_token msg - -orf_token message is stored into preallocated array on endian convert -so carefully crafted malicious message can lead to crash of corosync. - -Solution is to check message size beforehand. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - exec/totemsrp.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/exec/totemsrp.c b/exec/totemsrp.c -index 962d0e2a..364528ce 100644 ---- a/exec/totemsrp.c -+++ b/exec/totemsrp.c -@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity( - const struct totemsrp_instance *instance, - const void *msg, - size_t msg_len, -+ size_t max_msg_len, - int endian_conversion_needed) - { - int rtr_entries; - const struct orf_token *token = (const struct orf_token *)msg; - size_t required_len; - -+ if (msg_len > max_msg_len) { -+ log_printf (instance->totemsrp_log_level_security, -+ "Received orf_token message is too long... ignoring."); -+ -+ return (-1); -+ } -+ - if (msg_len < sizeof(struct orf_token)) { - log_printf (instance->totemsrp_log_level_security, - "Received orf_token message is too short... ignoring."); -@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity( - rtr_entries = token->rtr_list_entries; - } - -+ if (rtr_entries > RETRANSMIT_ENTRIES_MAX) { -+ log_printf (instance->totemsrp_log_level_security, -+ "Received orf_token message rtr_entries is corrupted... ignoring."); -+ -+ return (-1); -+ } -+ - required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item); - if (msg_len < required_len) { - log_printf (instance->totemsrp_log_level_security, -@@ -3868,7 +3883,8 @@ static int message_handler_orf_token ( - "Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC); - #endif - -- if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) { -+ if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage), -+ endian_conversion_needed) == -1) { - return (0); - } - --- -2.47.0 - diff --git a/RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch b/RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch deleted file mode 100644 index 429b41c..0000000 --- a/RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch +++ /dev/null @@ -1,113 +0,0 @@ -From: Jan Friesse -Date: Wed, 11 Jun 2025 17:26:41 +0200 -Subject: [PATCH 1/2] exec: Add support for env STATE_DIRECTORY - -Image mode recommendation is to not ship /var/lib subdirectories if -possible and bootc lint produces warning if not. This was the case -also for Corosync. - -Simplest possible solution seems to implement support for systemd -unit StateDirectory functionality and not ship /var/lib/corosync -in rpm. - -So patch: -1. Adds support for reading the environment variable STATE_DIRECTORY - which is set by systemd and use it as a default value for - system.state_dir configuration option. This is generally useful - feature even for non-systemd builds. -2. Set StateDirectory in service file -3. Drop /var/lib/corosync directory from RPM for systemd builds - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - corosync.spec.in | 2 ++ - exec/util.c | 19 +++++++++++++++---- - init/corosync.service.in | 1 + - man/corosync.conf.5 | 4 ++-- - 4 files changed, 20 insertions(+), 6 deletions(-) - -diff --git a/corosync.spec.in b/corosync.spec.in -index 80040a46..049c585a 100644 ---- a/corosync.spec.in -+++ b/corosync.spec.in -@@ -207,7 +207,9 @@ fi - %{_initrddir}/corosync - %{_initrddir}/corosync-notifyd - %endif -+%if %{without systemd} - %dir %{_localstatedir}/lib/corosync -+%endif - %dir %{_localstatedir}/log/cluster - %{_mandir}/man7/corosync_overview.7* - %{_mandir}/man8/corosync.8* -diff --git a/exec/util.c b/exec/util.c -index 8988ab29..795ea5c5 100644 ---- a/exec/util.c -+++ b/exec/util.c -@@ -174,13 +174,24 @@ int cs_name_tisEqual (cs_name_t *str1, char *str2) { - const char *get_state_dir(void) - { - static char path[PATH_MAX] = {'\0'}; -- char *cmap_state_dir; -+ char *state_dir; - int res; - - if (path[0] == '\0') { -- if (icmap_get_string("system.state_dir", &cmap_state_dir) == CS_OK) { -- res = snprintf(path, PATH_MAX, "%s", cmap_state_dir); -- free(cmap_state_dir); -+ if (icmap_get_string("system.state_dir", &state_dir) == CS_OK) { -+ res = snprintf(path, PATH_MAX, "%s", state_dir); -+ free(state_dir); -+ } else if ((state_dir = getenv("STATE_DIRECTORY")) != NULL) { -+ /* -+ * systemd allows multiple directory names that are -+ * passed to env variable separated by colon. Support for this feature -+ * is deliberately not implemented because corosync always -+ * uses just one state directory and it is unclear what behavior should -+ * be taken for multiple ones. If reasonable need for -+ * supporting multiple directories appear, it must be implemented also -+ * for cmap. -+ */ -+ res = snprintf(path, PATH_MAX, "%s", state_dir); - } else { - res = snprintf(path, PATH_MAX, "%s/%s", LOCALSTATEDIR, "lib/corosync"); - } -diff --git a/init/corosync.service.in b/init/corosync.service.in -index bd2a48a9..3e3efef8 100644 ---- a/init/corosync.service.in -+++ b/init/corosync.service.in -@@ -9,6 +9,7 @@ After=network-online.target - EnvironmentFile=-@INITCONFIGDIR@/corosync - ExecStart=@SBINDIR@/corosync -f $COROSYNC_OPTIONS - ExecStop=@SBINDIR@/corosync-cfgtool -H --force -+StateDirectory=corosync - Type=notify - - # In typical systemd deployments, both standard outputs are forwarded to -diff --git a/man/corosync.conf.5 b/man/corosync.conf.5 -index 3510ab6b..3bcda7c7 100644 ---- a/man/corosync.conf.5 -+++ b/man/corosync.conf.5 -@@ -32,7 +32,7 @@ - .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - .\" * THE POSSIBILITY OF SUCH DAMAGE. - .\" */ --.TH COROSYNC_CONF 5 2024-07-22 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual" -+.TH COROSYNC_CONF 5 2025-06-12 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual" - .SH NAME - corosync.conf - corosync executive configuration file - -@@ -900,7 +900,7 @@ state_dir - Existing directory where corosync should chdir into. Corosync stores - important state files and blackboxes there. - --The default is /var/lib/corosync. -+The default is the value of the environment variable STATE_DIRECTORY or /var/lib/corosync. - - .PP - Within the --- -2.43.5 - diff --git a/RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch b/RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch deleted file mode 100644 index 240bee1..0000000 --- a/RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 050933cf334ef4ac6a6b4a3988508ca181da34b0 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Thu, 12 Jun 2025 09:40:45 +0200 -Subject: [PATCH 2/2] init: Use LogsDirectory in systemd unit file - -Similarly as StateDirectory, this is mainly for image mode. -/var/log/cluster shouldn't be included in rpm package, so -use LogsDirectory to make systemd create /var/log/cluster during -corosync startup. - -No code change is needed, because logging to log file is fully -configured by user in config file so there is no default to read from -environment variable. - -Signed-off-by: Jan Friesse -Reviewed-by: Christine Caulfield ---- - corosync.spec.in | 2 +- - init/corosync.service.in | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/corosync.spec.in b/corosync.spec.in -index 049c585a..7cb70114 100644 ---- a/corosync.spec.in -+++ b/corosync.spec.in -@@ -209,8 +209,8 @@ fi - %endif - %if %{without systemd} - %dir %{_localstatedir}/lib/corosync --%endif - %dir %{_localstatedir}/log/cluster -+%endif - %{_mandir}/man7/corosync_overview.7* - %{_mandir}/man8/corosync.8* - %{_mandir}/man8/corosync-blackbox.8* -diff --git a/init/corosync.service.in b/init/corosync.service.in -index 3e3efef8..89d67b5e 100644 ---- a/init/corosync.service.in -+++ b/init/corosync.service.in -@@ -10,6 +10,7 @@ EnvironmentFile=-@INITCONFIGDIR@/corosync - ExecStart=@SBINDIR@/corosync -f $COROSYNC_OPTIONS - ExecStop=@SBINDIR@/corosync-cfgtool -H --force - StateDirectory=corosync -+LogsDirectory=cluster - Type=notify - - # In typical systemd deployments, both standard outputs are forwarded to --- -2.43.5 - diff --git a/corosync.spec b/corosync.spec index 278d988..0fe45c9 100644 --- a/corosync.spec +++ b/corosync.spec @@ -14,15 +14,11 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces -Version: 3.1.9 -Release: 2%{?dist} +Version: 3.1.10 +Release: 1%{?dist} License: BSD-3-Clause URL: http://corosync.github.io/corosync/ -Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}.tar.gz - -Patch0: RHEL-84612-totemsrp-Check-size-of-orf_token-msg.patch -Patch1: RHEL-96073-1-exec-Add-support-for-env-STATE_DIRECTORY.patch -Patch2: RHEL-96073-2-init-Use-LogsDirectory-in-systemd-unit-file.patch +Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}%{?gittarver}.tar.gz # Runtime bits # The automatic dependency overridden in favor of explicit version lock @@ -293,6 +289,11 @@ network splits) %endif %changelog +* Tue Nov 18 2025 Jan Friesse - 3.1.10-1 +- Resolves: RHEL-122945 + +- New upstream release (RHEL-122945) + * Mon Jun 16 2025 Jan Friesse - 3.1.9-2 - Resolves: RHEL-96073 diff --git a/sources b/sources index d3e0db1..9c626fd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (corosync-3.1.9.tar.gz) = d5332c65535dd40e3bee48912ebf2e71c55380b3dba93c36ff8b74090edf3ec44b69685cd11fda3732e4b0dab0b2954f08be94d772fcff6aaf9a4a846ef2e4cc +SHA512 (corosync-3.1.10.tar.gz) = cf2014d15fdbd3495cfe64629255f7855a79651a595938dac7bc7ec67338d843079ae40cf1c15de23b50d85cb39b2c2e3e3448a9cc33759ad8988b8c85ce59d3