import keepalived-2.1.5-8.el8

2022-05-10 03:13:23 -04:00 · 2022-05-10 03:13:23 -04:00 · 9235a6d0d8
commit 9235a6d0d8
parent 3b4d62c8f5
4 changed files with 275 additions and 1 deletions
--- a/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
+++ b/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
@ -0,0 +1,55 @@
+From ff476e860e91c1a814ac038ee16790a2a5b950af Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Mon, 18 Jan 2021 14:38:15 +0000
+Subject: [PATCH 1/2] Revert "Explicitly set LOG_USER log facility when
+ syslogging"
+
+This reverts commit db3bcf7b891881e8e70954424f0fe88ec7d37ce0.
+
+This commit was just plain wrong. The facility should default to
+LOG_DAEMON (see keepalived(8) man page), but if --log-facility is
+specified, that is the facility to which log entries should be logged.
+---
+ lib/logger.c | 5 +----
+ lib/logger.h | 2 +-
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/lib/logger.c b/lib/logger.c
+index a0cc2048..34c83f32 100644
+--- a/lib/logger.c
+++ b/lib/logger.c
+@@ -133,7 +133,7 @@ block_signals(sigset_t *cur_set)
+ #endif
+ 
+ void
+-vlog_message(int facility, const char* format, va_list args)
+vlog_message(const int facility, const char* format, va_list args)
+ {
+ #ifndef HAVE_SIGNALFD
+ 	sigset_t cur_set;
+@@ -213,9 +213,6 @@ vlog_message(int facility, const char* format, va_list args)
+ 			restore_signals = true;
+ #endif
+ 
+-		if (!(facility & LOG_FACMASK))
+-			facility |= LOG_USER;
+-
+ #if HAVE_VSYSLOG
+ 		vsyslog(facility, format, args);
+ #else
+diff --git a/lib/logger.h b/lib/logger.h
+index 7536536a..20b2a7e4 100644
+--- a/lib/logger.h
+++ b/lib/logger.h
+@@ -44,7 +44,7 @@ extern void open_log_file(const char *, const char *, const char *, const char *
+ extern void flush_log_file(void);
+ extern void update_log_file_perms(mode_t);
+ #endif
+-extern void vlog_message(int facility, const char* format, va_list args)
+extern void vlog_message(const int facility, const char* format, va_list args)
+ 	__attribute__ ((format (printf, 2, 0)));
+ extern void log_message(int priority, const char* format, ...)
+ 	__attribute__ ((format (printf, 2, 3)));
+-- 
+2.31.1
+
--- a/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
+++ b/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
@ -0,0 +1,165 @@
+From 75ea1d31c17f4bb3a73590167658310bc9f67149 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Mon, 18 Jan 2021 14:57:30 +0000
+Subject: [PATCH 2/2] all: log to LOG_DAEMON facility by default
+
+keepalived(8) man page states that the default log facility is LOG_DAEMON.
+Commit db3bcf7 - "Explicitly set LOG_USER log facility when syslogging"
+incorrectly set the facility to LOG_USER, and that has now been reverted.
+However, with that reverted, by default the VRRP process logs to LOG_LOCAL1
+and the checker and BFD processes log to LOG_LOCAL2, contrary to the
+documentation.
+
+Since no-one has commented that logs were not going to LOG_LOCAL1/2 since
+commit db3bcf7 (April 28 2020), it is safe to assume that no-one was relying
+on that. This commit therefore reverts to the documentation and by default
+logs everything to the LOG_DAEMON facility.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/bfd/bfd_daemon.c     |  3 +--
+ keepalived/check/check_daemon.c |  3 +--
+ keepalived/core/main.c          |  7 +++----
+ keepalived/include/main.h       |  1 -
+ keepalived/vrrp/vrrp_daemon.c   |  3 +--
+ lib/logger.c                    |  2 ++
+ lib/logger.h                    | 10 ++++++++++
+ 7 files changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/keepalived/bfd/bfd_daemon.c b/keepalived/bfd/bfd_daemon.c
+index cf74eee3..47d87892 100644
+--- a/keepalived/bfd/bfd_daemon.c
+++ b/keepalived/bfd/bfd_daemon.c
+@@ -396,8 +396,7 @@ start_bfd_child(void)
+ 
+ 	/* Opening local BFD syslog channel */
+ 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
+-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
+-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
+		open_syslog(syslog_ident);
+ 
+ #ifdef ENABLE_LOG_TO_FILE
+ 	if (log_file_name)
+diff --git a/keepalived/check/check_daemon.c b/keepalived/check/check_daemon.c
+index 5e03cc4c..63bdf07b 100644
+--- a/keepalived/check/check_daemon.c
+++ b/keepalived/check/check_daemon.c
+@@ -689,8 +689,7 @@ start_check_child(void)
+ 
+ 	/* Opening local CHECK syslog channel */
+ 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
+-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
+-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
+		open_syslog(syslog_ident);
+ 
+ #ifdef ENABLE_LOG_TO_FILE
+ 	if (log_file_name)
+diff --git a/keepalived/core/main.c b/keepalived/core/main.c
+index be4488ea..756b2f12 100644
+--- a/keepalived/core/main.c
+++ b/keepalived/core/main.c
+@@ -149,7 +149,6 @@ static const struct child_term children_term[] = {
+ /* global var */
+ const char *version_string = VERSION_STRING;		/* keepalived version */
+ const char *conf_file = KEEPALIVED_CONFIG_FILE;		/* Configuration file */
+-int log_facility = LOG_DAEMON;				/* Optional logging facilities */
+ bool reload;						/* Set during a reload */
+ const char *main_pidfile;				/* overrule default pidfile */
+ static bool free_main_pidfile;
+@@ -2087,7 +2086,7 @@ keepalived_main(int argc, char **argv)
+ 	umask(umask_val);
+ 
+ 	/* Open log with default settings so we can log initially */
+-	openlog(PACKAGE_NAME, LOG_PID, log_facility);
+	open_syslog(PACKAGE_NAME);
+ 
+ #ifdef _MEM_CHECK_
+ 	mem_log_init(PACKAGE_NAME, "Parent process");
+@@ -2128,7 +2127,7 @@ keepalived_main(int argc, char **argv)
+ 	if (parse_cmdline(argc, argv)) {
+ 		closelog();
+ 		if (!__test_bit(NO_SYSLOG_BIT, &debug))
+-			openlog(PACKAGE_NAME, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0) , log_facility);
+			open_syslog(PACKAGE_NAME);
+ 	}
+ 
+ 	if (__test_bit(LOG_CONSOLE_BIT, &debug))
+@@ -2212,7 +2211,7 @@ keepalived_main(int argc, char **argv)
+ 		if ((syslog_ident = make_syslog_ident(PACKAGE_NAME))) {
+ 			log_message(LOG_INFO, "Changing syslog ident to %s", syslog_ident);
+ 			closelog();
+-			openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
+			open_syslog(syslog_ident);
+ 		}
+ 		else
+ 			log_message(LOG_INFO, "Unable to change syslog ident");
+diff --git a/keepalived/include/main.h b/keepalived/include/main.h
+index 3e013bb6..6a34797b 100644
+--- a/keepalived/include/main.h
+++ b/keepalived/include/main.h
+@@ -51,7 +51,6 @@ enum daemon_bits {
+ extern const char *version_string;	/* keepalived version */
+ extern unsigned long daemon_mode;	/* Which child processes are run */
+ extern const char *conf_file;		/* Configuration file */
+-extern int log_facility;		/* Optional logging facilities */
+ #ifdef _WITH_VRRP_
+ extern pid_t vrrp_child;		/* VRRP child process ID */
+ extern const char *vrrp_pidfile;	/* overrule default pidfile */
+diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
+index baa5f5f2..e22f8a81 100644
+--- a/keepalived/vrrp/vrrp_daemon.c
+++ b/keepalived/vrrp/vrrp_daemon.c
+@@ -974,8 +974,7 @@ start_vrrp_child(void)
+ 		syslog_ident = PROG_VRRP;
+ 
+ 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
+-		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
+-				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL1 : log_facility);
+		open_syslog(syslog_ident);
+ 
+ #ifdef ENABLE_LOG_TO_FILE
+ 	if (log_file_name)
+diff --git a/lib/logger.c b/lib/logger.c
+index 34c83f32..7fad8ac6 100644
+--- a/lib/logger.c
+++ b/lib/logger.c
+@@ -40,6 +40,8 @@
+ /* Boolean flag - send messages to console as well as syslog */
+ static bool log_console = false;
+ 
+int log_facility = LOG_DAEMON;				/* Optional logging facilities */
+
+ #ifdef ENABLE_LOG_TO_FILE
+ /* File to write log messages to */
+ const char *log_file_name;
+diff --git a/lib/logger.h b/lib/logger.h
+index 20b2a7e4..c6f29138 100644
+--- a/lib/logger.h
+++ b/lib/logger.h
+@@ -30,8 +30,13 @@
+ #include <sys/stat.h>
+ #endif
+ 
+#include "bitops.h"
+#include "utils.h"
+
+ #define	MAX_LOG_MSG	255
+ 
+extern int log_facility;		/* Optional logging facilities */
+
+ #ifdef ENABLE_LOG_TO_FILE
+ extern const char *log_file_name;
+ #endif
+@@ -51,4 +56,9 @@ extern void log_message(int priority, const char* format, ...)
+ extern void conf_write(FILE *fp, const char *format, ...)
+ 	__attribute__ ((format (printf, 2, 3)));
+ 
+static inline void
+open_syslog(const char *ident)
+{
+	openlog(ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
+}
+ #endif
+-- 
+2.31.1
+
--- a/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
+++ b/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
@ -0,0 +1,41 @@
+From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.ch>
+Date: Tue, 23 Nov 2021 06:50:59 +0100
+Subject: [PATCH] dbus: fix policy to not be overly broad
+
+The DBus policy did not restrict the message destination, allowing any
+user to inspect and manipulate any property.
+
+Signed-off-by: Vincent Bernat <vincent@bernat.ch>
+---
+ keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
+index 2b78a575..b5ced608 100644
+--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
+@@ -3,12 +3,15 @@
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ 	<policy user="root">
+-		<allow own="org.keepalived.Vrrp1"/>
+-		<allow send_destination="org.keepalived.Vrrp1"/>
+		<allow own="org.keepalived.Vrrp1" />
+		<allow send_destination="org.keepalived.Vrrp1" />
+ 	</policy>
+ 	<policy context="default">
+-		<allow send_interface="org.freedesktop.DBus.Introspectable" />
+-		<allow send_interface="org.freedesktop.DBus.Peer" />
+-		<allow send_interface="org.freedesktop.DBus.Properties" />
+		<allow send_destination="org.keepalived.Vrrp1"
+		       send_interface="org.freedesktop.DBus.Introspectable" />
+		<allow send_destination="org.keepalived.Vrrp1"
+		       send_interface="org.freedesktop.DBus.Peer" />
+		<allow send_destination="org.keepalived.Vrrp1"
+		       send_interface="org.freedesktop.DBus.Properties" />
+ 	</policy>
+ </busconfig>
+-- 
+2.33.1
+
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@ -10,7 +10,7 @@
 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
 Version: 2.1.5
-Release: 6%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/
 Group: System Environment/Daemons
@ -18,6 +18,10 @@ Group: System Environment/Daemons
 Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: keepalived.service

+Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
+Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
+Patch3: bz2028350-fix-dbus-policy-restrictions.patch
+
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@ -52,6 +56,9 @@ infrastructures.

 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1

 %build
 %configure \
@ -102,6 +109,12 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*

 %changelog
+* Tue Jan 18 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-8
+- Fix DBus policy restrictions (#2028350, CVE-2021-44225)
+
+* Fri Oct 29 2021 Ryan O'Hara <rohara@redhat.com> - 2.1.5-7
+- Fix log-facility option (#197716)
+
 * Tue Dec 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-6
 - Fix changelog