import python-rtslib-2.1.73-2.el8

2020-11-03 06:46:58 -05:00 · 2020-11-03 06:46:58 -05:00 · 7c08947809
commit 7c08947809
parent a2567b87ec
6 changed files with 109 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/rtslib-fb-2.1.71.tar.gz
+SOURCES/rtslib-fb-2.1.73.tar.gz
--- a/.python-rtslib.metadata
+++ b/.python-rtslib.metadata
@ -1 +1 @@
-9b8cf949711c104d5bf324847c37e386a4ea8ee1 SOURCES/rtslib-fb-2.1.71.tar.gz
+e9ed6768e70e1da748972b6e350f620db53a53ec SOURCES/rtslib-fb-2.1.73.tar.gz
--- a/SOURCES/0001-Turn-off-unsupported-fabrics.patch
+++ b/SOURCES/0001-Turn-off-unsupported-fabrics.patch
@ -1,15 +1,16 @@
 diff --git a/rtslib/fabric.py b/rtslib/fabric.py
-index b529f14..8264c37 100644
+index 02e156c..ff7387f 100644
 --- a/rtslib/fabric.py
 +++ b/rtslib/fabric.py
-@@ -465,12 +465,12 @@ fabric_modules = {
+@@ -464,13 +464,13 @@ fabric_modules = {
+     "srpt": SRPTFabricModule,
     "iscsi": ISCSIFabricModule,
     "loopback": LoopbackFabricModule,
 -    "qla2xxx": Qla2xxxFabricModule,
-+#    "qla2xxx": Qla2xxxFabricModule,
 -    "sbp": SBPFabricModule,
-+#    "sbp": SBPFabricModule,
 -    "tcm_fc": FCoEFabricModule,
+#    "qla2xxx": Qla2xxxFabricModule,
+#    "sbp": SBPFabricModule,
 +#    "tcm_fc": FCoEFabricModule,
 #    "usb_gadget": USBGadgetFabricModule, # very rare, don't show
 -    "vhost": VhostFabricModule,
--- a/SOURCES/0002-default_dbroot.patch
+++ b/SOURCES/0002-default_dbroot.patch
@ -1,13 +1,22 @@
 diff --git a/rtslib/root.py b/rtslib/root.py
-index b83d7ee..49c4dfc 100644
+index 2c5cf43..34bc57d 100644
 --- a/rtslib/root.py
 +++ b/rtslib/root.py
-@@ -166,13 +166,13 @@ class RTSRoot(CFSNode):
+@@ -166,21 +166,21 @@ class RTSRoot(CFSNode):
             self._dbroot = self._default_dbroot
             return
         self._dbroot = fread(dbroot_path)
 -        if self._dbroot != self._preferred_dbroot:
 +        if self._dbroot != self._default_dbroot:
+             if len(FabricModule.list_registered_drivers()) != 0:
+                 # Writing to dbroot_path after drivers have been registered will make the kernel emit this error:
+                 # db_root: cannot be changed: target drivers registered
+                 from warnings import warn
+                 warn("Cannot set dbroot to {}. Target drivers have already been registered."
+-                     .format(self._preferred_dbroot))
+                     .format(self._default_dbroot))
+                 return
+ 
             try:
 -                fwrite(dbroot_path, self._preferred_dbroot+"\n")
 +                fwrite(dbroot_path, self._default_dbroot+"\n")
--- a/SOURCES/0003-rtslib-safely-call-shutil.copy.patch
+++ b/SOURCES/0003-rtslib-safely-call-shutil.copy.patch
@ -0,0 +1,76 @@
+From 75e73778dce1cb7a2816a936240ef75adfbd6ed9 Mon Sep 17 00:00:00 2001
+From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
+Date: Thu, 16 Jul 2020 17:21:28 +0530
+Subject: [PATCH] rtslib: safely call shutil.copy()
+
+Previously we had to replace shutil.copyfile() with shutil.copy(),
+because we want to copy the file permissions to the destination file
+along with the data.
+
+It appears that shutil.copy() is opening the destination file with
+wide access (0666) first, and then it starts copying the data and
+at the end it is copying the permissions from source file to destination.
+
+If we closely notice there appears a window between destination file
+is opened vs permissions are set on the destination file, which could
+allow a user to get the contents of the file when opening it at the
+right time.
+
+The behavior is a bit unsteady here, it is noticed that, when
+saveconfig.json file exists, then on shutil.copy(), destination file is
+opened and a mask 0600 is applied on the file, in case shutil.copy() had
+to open a new destination saveconfig.json file, then mask 0644 is applied.
+
+Thanks and Credits to 'Stefan Cornelius <scorneli@redhat.com>' for
+reporting this, here is the strace he shared from RHEL-7/python-2.7.5
+env:
+
+Case 1: When /etc/target/saveconfig.json doesn't exist:
+
+open("/etc/target/saveconfig.json.temp", O_RDONLY) = 3
+open("/etc/target/saveconfig.json", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
+fstat(3, {st_mode=S_IFREG|0600, st_size=71, ...}) = 0
+fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
+[...]
+chmod("/etc/target/saveconfig.json", 0600) = 0}")")}")
+
+Case 2: When /etc/target/saveconfig.json already exist:
+
+open("/etc/target/saveconfig.json.temp", O_RDONLY) = 3
+open("/etc/target/saveconfig.json", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
+fstat(3, {st_mode=S_IFREG|0600, st_size=71, ...}) = 0
+fstat(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
+[...]
+chmod("/etc/target/saveconfig.json", 0600) = 0}")")}")
+
+Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
+---
+ rtslib/root.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/rtslib/root.py b/rtslib/root.py
+index 2c5cf43..4ecc03c 100644
+--- a/rtslib/root.py
+++ b/rtslib/root.py
+@@ -476,8 +476,8 @@ class RTSRoot(CFSNode):
+         # prevent the file from being created if it exists due to a race
+         try:
+             fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, mode)
+-        finally:
+-            os.umask(umask_original)
+        except OSError:
+            raise ExecutionError("Could not open %s" % tmp_file)
+ 
+         with os.fdopen(fdesc, 'w') as f:
+             f.write(json.dumps(saveconf, sort_keys=True, indent=2))
+@@ -488,6 +488,7 @@ class RTSRoot(CFSNode):
+ 
+         # copy along with permissions
+         shutil.copy(tmp_file, save_file)
+        os.umask(umask_original)
+         os.remove(tmp_file)
+ 
+     def restore_from_file(self, restore_file=None, clear_existing=True,
+-- 
+2.26.2
+
--- a/SPECS/python-rtslib.spec
+++ b/SPECS/python-rtslib.spec
@ -21,13 +21,14 @@ Name:             python-rtslib
 License:          ASL 2.0
 Group:            System Environment/Libraries
 Summary:          API for Linux kernel LIO SCSI target
-Version:          2.1.71
-Release:          4%{?dist}
-URL:              https://fedorahosted.org/targetcli-fb/
-Source:           https://fedorahosted.org/released/targetcli-fb/%{oname}-%{version}.tar.gz
+Version:          2.1.73
+Release:          2%{?dist}
+URL:              https://github.com/open-iscsi/%{oname}
+Source:           %{url}/archive/v%{version}/%{oname}-%{version}.tar.gz
 Source1:          target.service
 Patch0:           0001-Turn-off-unsupported-fabrics.patch
 Patch1:           0002-default_dbroot.patch
+Patch2:           0003-rtslib-safely-call-shutil.copy.patch
 BuildArch:        noarch
 BuildRequires:    systemd-units
 Requires(post):   systemd
@ -102,6 +103,7 @@ on system restart.
 %setup -q -n %{oname}-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %if %{with python3}
 rm -rf %{py3dir}
@ -191,6 +193,15 @@ install -m 644 doc/saveconfig.json.5.gz %{buildroot}%{_mandir}/man5/
 %endif # with python2

 %changelog
+* Tue Jul 21 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.73-2
+- Merge a fix to prevent a potential data leak when saving the config file
+
+* Thu Jun 25 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.73-1
+- Update to new upstream version
+
+* Mon May 11 2020 Maurizio Lombardi <mlombard@redhat.com> - 2.1.72-1
+- Update to new upstream version
+
 * Thu Dec 12 2019 Maurizio Lombardi <mlombard@redhat.com> - 2.1.71-4
 - LIO should use /var/target for its runtime files