Commit dedb9cf4 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import corosync-3.1.0-3.el8_4.1

parent 3eb10e86
dea662d9ae9a624196e3f116a29cece2eb979616 SOURCES/corosync-3.0.3.tar.gz
87cb5c01333298d106fc0022f5ac855205da0ae6 SOURCES/spausedd-20190807.tar.gz
761fe353b2cbead7a8572bfb6b84fe5d2fc8d9d6 SOURCES/corosync-3.1.0.tar.gz
63e882d0bebed3f75436da0606fe7acbeabf1b25 SOURCES/spausedd-20201112.tar.gz
SOURCES/corosync-3.0.3.tar.gz
SOURCES/spausedd-20190807.tar.gz
SOURCES/corosync-3.1.0.tar.gz
SOURCES/spausedd-20201112.tar.gz
From 4a2f48b17b06638d3d3adcae683aff1639351434 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Tue, 10 Nov 2020 18:10:17 +0100
Subject: [PATCH] totemknet: Check both cipher and hash for crypto
Previously only crypto cipher was used as a way to find out if crypto is
enabled or disabled.
This usually works ok until cipher is set to none and hash to some other
value (like sha1). Such config is perfectly valid and it was not
supported correctly.
As a solution, check both cipher and hash.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
---
exec/totemknet.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/exec/totemknet.c b/exec/totemknet.c
index c6a1649d..0834e8e4 100644
--- a/exec/totemknet.c
+++ b/exec/totemknet.c
@@ -905,6 +905,14 @@ static void totemknet_add_config_notifications(struct totemknet_instance *instan
LEAVE();
}
+static int totemknet_is_crypto_enabled(const struct totemknet_instance *instance)
+{
+
+ return (!(strcmp(instance->totem_config->crypto_cipher_type, "none") == 0 &&
+ strcmp(instance->totem_config->crypto_hash_type, "none") == 0));
+
+}
+
static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
{
struct knet_handle_crypto_cfg crypto_cfg;
@@ -927,7 +935,7 @@ static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
);
/* If crypto is being disabled we need to explicitly allow cleartext traffic in knet */
- if (strcmp(instance->totem_config->crypto_cipher_type, "none") == 0) {
+ if (!totemknet_is_crypto_enabled(instance)) {
res = knet_handle_crypto_rx_clear_traffic(instance->knet_handle, KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC);
if (res) {
knet_log_printf(LOGSYS_LEVEL_ERROR, "knet_handle_crypto_rx_clear_traffic(ALLOW) failed %s", strerror(errno));
@@ -1108,7 +1116,7 @@ int totemknet_initialize (
/* Enable crypto if requested */
#ifdef HAVE_KNET_CRYPTO_RECONF
- if (strcmp(instance->totem_config->crypto_cipher_type, "none") != 0) {
+ if (totemknet_is_crypto_enabled(instance)) {
res = totemknet_set_knet_crypto(instance);
if (res == 0) {
res = knet_handle_crypto_use_config(instance->knet_handle, totem_config->crypto_index);
@@ -1134,7 +1142,7 @@ int totemknet_initialize (
}
}
#else
- if (strcmp(instance->totem_config->crypto_cipher_type, "none") != 0) {
+ if (totemknet_is_crypto_enabled(instance)) {
res = totemknet_set_knet_crypto(instance);
if (res) {
knet_log_printf(LOG_DEBUG, "Failed to set up knet crypto");
@@ -1616,7 +1624,7 @@ int totemknet_crypto_reconfigure_phase (
switch (phase) {
case CRYPTO_RECONFIG_PHASE_ACTIVATE:
config_to_use = totem_config->crypto_index;
- if (strcmp(instance->totem_config->crypto_cipher_type, "none") == 0) {
+ if (!totemknet_is_crypto_enabled(instance)) {
config_to_use = 0; /* we are clearing it */
}
@@ -1647,7 +1655,7 @@ int totemknet_crypto_reconfigure_phase (
}
/* If crypto is enabled then disable all cleartext reception */
- if (strcmp(instance->totem_config->crypto_cipher_type, "none") != 0) {
+ if (totemknet_is_crypto_enabled(instance)) {
res = knet_handle_crypto_rx_clear_traffic(instance->knet_handle, KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC);
if (res) {
knet_log_printf(LOGSYS_LEVEL_ERROR, "knet_handle_crypto_rx_clear_traffic(DISALLOW) failed %s", strerror(errno));
--
2.18.2
commit aa326fb8f87fa0e2db6901db2ccb93cd582dd44f
Author: Fabio M. Di Nitto <fdinitto@redhat.com>
Date: Tue Apr 6 13:06:05 2021 +0200
knet: pass correct handle to knet_handle_compress
totemknet_configure_compression was using knet_context
just to gather the knet handle / instance.
On first time config knet_contex is not initialized till
much later in the code, passing some random garbage pointers
to knet_handle_compress, that would crash later trying
to acquire a mutex lock.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>
diff --git a/exec/totemknet.c b/exec/totemknet.c
index 0834e8e..e895256 100644
--- a/exec/totemknet.c
+++ b/exec/totemknet.c
@@ -197,7 +197,7 @@ int totemknet_member_list_rebind_ip (
static int totemknet_configure_compression (
- void *knet_context,
+ struct totemknet_instance *instance,
struct totem_config *totem_config);
static void totemknet_start_merge_detect_timeout(
@@ -1154,7 +1154,7 @@ int totemknet_initialize (
/* Set up compression */
if (strcmp(totem_config->knet_compression_model, "none") != 0) {
/* Not fatal, but will log */
- (void)totemknet_configure_compression(knet_context, totem_config);
+ (void)totemknet_configure_compression(instance, totem_config);
}
knet_handle_setfwd(instance->knet_handle, 1);
@@ -1557,10 +1557,9 @@ int totemknet_member_list_rebind_ip (
static int totemknet_configure_compression (
- void *knet_context,
+ struct totemknet_instance *instance,
struct totem_config *totem_config)
{
- struct totemknet_instance *instance = (struct totemknet_instance *)knet_context;
struct knet_handle_compress_cfg compress_cfg;
int res = 0;
@@ -1584,7 +1583,7 @@ int totemknet_reconfigure (
struct totemknet_instance *instance = (struct totemknet_instance *)knet_context;
int res = 0;
- (void)totemknet_configure_compression(knet_context, totem_config);
+ (void)totemknet_configure_compression(instance, totem_config);
#ifdef HAVE_LIBNOZZLE
/* Set up nozzle device(s). Return code is ignored, because inability
......@@ -17,26 +17,19 @@
%global gittarver %{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}
%if %{with spausedd}
%global spausedd_version 20190807
%global spausedd_version 20201112
%endif
Name: corosync
Summary: The Corosync Cluster Engine and Application Programming Interfaces
Version: 3.0.3
Release: 4%{?gitver}%{?dist}
Version: 3.1.0
Release: 3%{?gitver}%{?dist}.1
License: BSD
URL: http://corosync.github.io/corosync/
Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
Patch0: bz1780137-1-votequorum-Ignore-the-icmap_get_-return-value.patch
Patch1: bz1791792-1-man-move-cmap_keys-man-page-from-section-8-to-7.patch
Patch2: bz1780137-2-votequorum-Reflect-runtime-change-of-2Node-to-WFA.patch
Patch3: bz1791792-2-stats-Add-stats-for-scheduler-misses.patch
Patch4: bz1791792-3-stats-Use-nanoseconds-from-epoch-for-schedmiss.patch
Patch5: bz1791792-4-main-Add-schedmiss-timestamp-into-message.patch
Patch6: bz1809864-1-votequorum-Change-check-of-expected_votes.patch
Patch7: bz1809864-2-quorumtool-exit-on-invalid-expected-votes.patch
Patch8: bz1816653-1-votequorum-set-wfa-status-only-on-startup.patch
Patch0: bz1896493-1-totemknet-Check-both-cipher-and-hash-for-crypto.patch
Patch1: bz1951049-1-knet-pass-correct-handle-to-knet_handle_compress.patch
%if %{with spausedd}
Source1: https://github.com/jfriesse/spausedd/releases/download/%{spausedd_version}/spausedd-%{spausedd_version}.tar.gz
......@@ -50,14 +43,16 @@ Source1: https://github.com/jfriesse/spausedd/releases/download/%{spausedd_versi
# The automatic dependency overridden in favor of explicit version lock
Requires: corosynclib%{?_isa} = %{version}-%{release}
# Support crypto reload
Requires: libknet1 >= 1.18
# NSS crypto plugin should be always installed
Requires: libknet1-crypto-nss-plugin
Requires: libknet1-crypto-nss-plugin >= 1.18
# Build bits
BuildRequires: gcc
BuildRequires: groff
BuildRequires: libqb-devel
BuildRequires: libknet1-devel
BuildRequires: libknet1-devel >= 1.18
BuildRequires: zlib-devel
%if %{with runautogen}
BuildRequires: autoconf automake libtool
......@@ -99,15 +94,8 @@ BuildRequires: pkgconfig(vmguestlib)
%setup -q -n %{name}-%{version}%{?gittarver}
%endif
%patch0 -p1 -b .bz1780137-1
%patch1 -p1 -b .bz1791792-1
%patch2 -p1 -b .bz1780137-2
%patch3 -p1 -b .bz1791792-2
%patch4 -p1 -b .bz1791792-3
%patch5 -p1 -b .bz1791792-4
%patch6 -p1 -b .bz1809864-1
%patch7 -p1 -b .bz1809864-2
%patch8 -p1 -b .bz1816653-1
%patch0 -p1 -b .bz1896493-1
%patch1 -p1 -b .bz1951049-1
%build
%if %{with runautogen}
......@@ -407,6 +395,34 @@ fi
%endif
%changelog
* Mon Apr 19 2021 Jan Friesse <jfriesse@redhat.com> 3.1.0-3.1
- Resolves: rhbz#1951049
- knet: pass correct handle to knet_handle_compress (rhbz#1951049)
* Thu Nov 12 2020 Jan Friesse <jfriesse@redhat.com> 3.1.0-3
- Resolves: rhbz#1897085
- Resolves: rhbz#1896493
- spausedd: Add ability to move process into root cgroup (rhbz#1897085)
- totemknet: Check both cipher and hash for crypto (rhbz#1896493)
* Tue Nov 10 2020 Jan Friesse <jfriesse@redhat.com> 3.1.0-2
- Resolves: rhbz#1896309
- Fix log_perror (rhbz#1896309)
* Tue Oct 20 2020 Jan Friesse <jfriesse@redhat.com> 3.1.0-1
- Resolves: rhbz#1855293
- Resolves: rhbz#1855303
- Resolves: rhbz#1870449
- Resolves: rhbz#1887400
- New upstream release (rhbz#1855293)
- Support for reload of crypto configuration (rhbz#1855303)
- Increase default token timeout to 3000ms (rhbz#1870449)
- Add support for nodelist callback into quorum service (rhbz#1887400)
* Tue May 26 2020 Jan Friesse <jfriesse@redhat.com> 3.0.3-4
- Resolves: rhbz#1780137
- Resolves: rhbz#1791792
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment