Accepting request 1326283 from network:ha-clustering:Factory

- Update corosync.spec:
  * Drop /var/lib/corosync and /var/log/cluster for compatibility with immutable mode (jsc#PED-14799)
  * Add tmpfiles.d/corosync.conf to create /var/log/cluster and /var/lib/corosync (jsc#PED-14799)
  * Drop %config(noreplace) for fillup templates to ensure correct updates.
  * Drop %config(noreplace) for config examples in /usr/share/doc.
  * Add the missing %service_del_postun script.
  * Remove legacy dir /usr/lib/corosync
  * Remove legacy SLE 12 compatibility conditionals and macros.
  * Migrate D-Bus configuration files from /etc to /usr/share.

OBS-URL: https://build.opensuse.org/request/show/1326283
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/corosync?expand=0&rev=83

779.patch

@@ -1,63 +0,0 @@
-From ea7d0a01337dd3849bee9a2719d4ccf54adf5c29 Mon Sep 17 00:00:00 2001
-From: Jan Friesse <jfriesse@redhat.com>
-Date: Mon, 24 Mar 2025 12:05:08 +0100
-Subject: [PATCH] totemsrp: Check size of orf_token msg
-
-orf_token message is stored into preallocated array on endian convert
-so carefully crafted malicious message can lead to crash of corosync.
-
-Solution is to check message size beforehand.
-
-Signed-off-by: Jan Friesse <jfriesse@redhat.com>
----
- exec/totemsrp.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/exec/totemsrp.c b/exec/totemsrp.c
-index 962d0e2a7..364528ce1 100644
---- a/exec/totemsrp.c
-+++ b/exec/totemsrp.c
-@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity(
- 	const struct totemsrp_instance *instance,
- 	const void *msg,
- 	size_t msg_len,
-+	size_t max_msg_len,
- 	int endian_conversion_needed)
- {
- 	int rtr_entries;
- 	const struct orf_token *token = (const struct orf_token *)msg;
- 	size_t required_len;
- 
-+	if (msg_len > max_msg_len) {
-+		log_printf (instance->totemsrp_log_level_security,
-+		    "Received orf_token message is too long...  ignoring.");
-+
-+		return (-1);
-+	}
-+
- 	if (msg_len < sizeof(struct orf_token)) {
- 		log_printf (instance->totemsrp_log_level_security,
- 		    "Received orf_token message is too short...  ignoring.");
-@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity(
- 		rtr_entries = token->rtr_list_entries;
- 	}
- 
-+	if (rtr_entries > RETRANSMIT_ENTRIES_MAX) {
-+		log_printf (instance->totemsrp_log_level_security,
-+		    "Received orf_token message rtr_entries is corrupted...  ignoring.");
-+
-+		return (-1);
-+	}
-+
- 	required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item);
- 	if (msg_len < required_len) {
- 		log_printf (instance->totemsrp_log_level_security,
-@@ -3868,7 +3883,8 @@ static int message_handler_orf_token (
- 	    "Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC);
- #endif
- 
--	if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) {
-+	if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage),
-+	    endian_conversion_needed) == -1) {
- 		return (0);
- 	}

_service

@@ -3,8 +3,8 @@
     <param name="url">https://github.com/corosync/corosync.git</param>
     <param name="scm">git</param>
     <param name="filename">corosync</param>
-    <param name="versionformat">3.1.9</param>
-    <param name="revision">v3.1.9</param>
+    <param name="versionformat">3.1.10</param>
+    <param name="revision">v3.1.10</param>
     <param name="changesgenerate">enable</param>
   </service>
 

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/corosync/corosync.git</param>
-              <param name="changesrevision">4e683699b97740562db11f60c744b0f7f61916dd</param></service></servicedata>
+              <param name="changesrevision">ff20c2b123cd05e51c752630c0e9d20471118225</param></service></servicedata>

corosync-3.1.10.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cfb3334bbd1848789f27a4ecb6b3f9c21190c4a02549a43b507c5d74e48ca4a8
+size 505393

corosync.changes

@@ -1,3 +1,90 @@
+-------------------------------------------------------------------
+Fri Dec 26 08:56:37 UTC 2025 - Nicholas Yang <nicholas.yang@suse.com>
+
+- Update corosync.spec:
+  * Drop /var/lib/corosync and /var/log/cluster for compatibility with immutable mode (jsc#PED-14799)
+  * Add tmpfiles.d/corosync.conf to create /var/log/cluster and /var/lib/corosync (jsc#PED-14799)
+  * Drop %config(noreplace) for fillup templates to ensure correct updates.
+  * Drop %config(noreplace) for config examples in /usr/share/doc.
+  * Add the missing %service_del_postun script.
+  * Remove legacy dir /usr/lib/corosync
+  * Remove legacy SLE 12 compatibility conditionals and macros.
+  * Migrate D-Bus configuration files from /etc to /usr/share.
+
+-------------------------------------------------------------------
+Fri Dec 12 05:54:36 UTC 2025 - Nicholas Yang <nicholas.yang@suse.com>
+
+- Update to version 3.1.10:
+  * Unit tests for fd_get() calls
+  * rust: fix fd_get() pointer dereference
+  * configure.ac: Remove MSGHDR fields detection
+  * totemudp: Remove MSGHDR conditionals
+  * totemudp: Rework truncated packet detection
+  * totemudpu: Remove MSGHDR conditionals
+  * totemudpu: Fix weird indentation
+  * totemudpu: Rework truncated packet detection
+  * totemknet: Remove MSGHDR conditionals
+  * totemknet: Rework truncated packet detection
+  * clang: Add missing void to function declarations
+  * configure: Remove unsupported -Wunsigned-char
+  * Handle knet's removal of SCTP gracefully
+  * SCTP in knet is deprecated
+  * allow to use dscp for traffic prioritization
+  * totemknet: Remove usage of struct ether_header
+  * sam: Do not lock sam_register
+  * cmapctl: Check return code of cmap_set_uint32
+  * sam: Refactor locking
+  * testsam: Add sam_finalize deadlock test
+  * testsam: Refactor test
+  * testsam: Make test work with votequorum
+  * testsam: Try to turn off coredump
+  * cfg: Fix cfg_get_node_addrs incorrect retype
+  * totemknet: Fix msg_msg_hdr typo
+  * totemknet: Handle trncated packets and msg_flags
+  * totemknet: Include ethernet.h only for nozzle
+  * totempg: Retype iovec iov_base
+  * main: Retype iovec iov_base
+  * pload: Retype iovec iov_base
+  * cmap: Retype iovec iov_base
+  * vsf_quorum: Include alloca header file
+  * logsys: Remove config mutex
+  * coroparse: Suppress coverity toctou error
+  * cpg: Add comment about potential resource leak
+  * totempg: Suppress coverity sleep error
+  * totemconfig: Suppress coverity unused_value errors
+  * totemconfig: Suppress coverity no_effect error
+  * coverity: Suppress weak_crypto errors
+  * keygen: Enhance read random loop
+  * cpg: Don't call cpg_deliver_fn if unset
+  * totempg: Fix signedness for result of mcast_msg
+  * logsys: Fix signedness of get_unblocked
+  * cpg: Fix signedness of munmap result
+  * man: Clarify processor scaling
+  * init: Use LogsDirectory in systemd unit file
+  * exec: Add support for env STATE_DIRECTORY
+  * config: Cleanup dropped options
+  * totemconfig: Store mcastport in icmap
+  * man: Enhance description of mcastport
+  * coroparse: Implement handler for str_to_ull error
+  * coroparse: Remove kv_items from list
+  * coroparse: Initialize logger_subsys_items_head
+  * coroparse: Fix memory leaks
+  * coroparse: Store key with prefix for nodelist.node
+  * coroparse: Don't allow sections within member
+  * coroparse: Don't allow sections within uidgid
+  * coroparse: Store subsections of logging_daemon
+  * coroparse: Store subsections of logger_subsys
+  * coroparse: Handle end of special sections
+  * coroparse: Remove unused code
+  * coroparse: Mark path in parse_section as const
+  * coroparse: Check emptiness of key name
+  * Fix stack buffer overflow in remove_whitespace()
+  * totemsrp: Check size of orf_token msg
+  * totemknet: Handle new knet2 datafd API
+  * spec: Use GitHub source URL
+- Remove a patch as it is included in 3.1.10
+  * 779.patch
+
 -------------------------------------------------------------------
 Wed Mar 26 09:20:06 UTC 2025 - Nicholas Yang <nicholas.yang@suse.com>
 
@@ -270,7 +357,7 @@ Wed May 15 12:18:23 UTC 2024 - Emil Penchev <emil.penchev@suse.com>
   * totemconfig: Enhance totem.ip_version
   * totemip: Add debug information to totemip_parse
   * totemconfig: Add IPs to family mismatch error
-  * config: Look up hostnames in a defined order
+  * config: Look up hostnames in a defined order
   * Fix corosync.conf.5 manpage typos
   * man: Add some information about address resolution
   * totemconfig: Really use totemip_parse results

corosync.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package corosync
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,50 +16,32 @@
 #
 
 
-#Compat macro for new _fillupdir macro introduced in Nov 2017
-%if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
-%endif
-
-# Conditionals
-# Invoke "rpmbuild --without <feature>" or "rpmbuild --with <feature>"
-# to disable or enable specific features
 %bcond_with watchdog
 %bcond_with monitoring
 %bcond_with snmp
-%bcond_with nozzle
 %bcond_with dbus
+%bcond_without systemd
 %bcond_with xmlconf
+%bcond_with nozzle
 %bcond_with vqsim
 %bcond_without runautogen
-%bcond_without systemd
 %bcond_with userflags
 
 %global gitver %{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}
 %global gittarver %{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}
 
-%if 0%{?sles_version} == 12
-%ifnarch s390 s390x
-%define buildib 1
-%endif
-%endif
-%if 0%{?suse_version}
-%define _libexecdir %{_libdir}
-%endif
-
 Name:           corosync
 Summary:        The Corosync Cluster Engine and Application Programming Interfaces
 License:        BSD-3-Clause
 Group:          Productivity/Clustering/HA
-Version:        3.1.9
+Version:        3.1.10
 Release:        0
 URL:            http://corosync.github.io/corosync/
 Source0:        %{name}-%{version}.tar.gz
+Source1:        %{name}.tmpfiles.d.conf
 Patch0:         0001-harden-services-with-systemd-sandboxing.patch
-Patch1:         779.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-# provide openais on purpose, the package has been deleted.
 
 # Runtime bits
 # The automatic dependency overridden in favor of explicit version lock
@@ -95,11 +77,9 @@ BuildRequires:  dbus-1-devel
 BuildRequires:  libnozzle-devel
 %endif
 %if %{with systemd}
+%{?systemd_requires}
 BuildRequires:  systemd-devel
 BuildRequires:  pkgconfig(systemd)
-Requires(post): systemd
-Requires(preun): systemd
-Requires(postun): systemd
 %endif
 %if %{with xmlconf}
 Requires:       libxslt
@@ -167,10 +147,11 @@ make %{_smp_mflags}
 %make_install
 
 %if %{with dbus}
-mkdir -p -m 0700 %{buildroot}/%{_sysconfdir}/dbus-1/system.d
-install -m 644 %{_builddir}/%{name}-%{version}/conf/corosync-signals.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/corosync-signals.conf
+mkdir -p -m 0700 %{buildroot}/%{_datadir}/dbus-1/system.d
+install -m 644 %{_builddir}/%{name}-%{version}/conf/corosync-signals.conf %{buildroot}/%{_datadir}/dbus-1/system.d/corosync-signals.conf
 %endif
 %if %{with systemd}
+install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rccorosync
 ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rccorosync-notifyd
 %endif
@@ -181,21 +162,21 @@ rm -f %{buildroot}%{_libdir}/*.a
 rm -f %{buildroot}%{_libdir}/*.la
 # drop docs and html docs for now
 rm -rf %{buildroot}%{_docdir}/*
-mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
-mkdir -p  %{buildroot}/usr/share/doc/packages/corosync/
+
+rm -rf %{buildroot}/etc/logrotate.d/
+rm -rf %{buildroot}/etc/corosync/corosync.conf.example*
+rm -rf %{buildroot}%{localstatedir}/run/
+
 mkdir -p  %{buildroot}%{_fillupdir}/
-mkdir -p  %{buildroot}%{_sysconfdir}/init.d/
 # /etc/sysconfig/corosync-notifyd
 install -m 644 tools/corosync-notifyd.sysconfig.example \
    %{buildroot}%{_fillupdir}/sysconfig.corosync-notifyd
-install -m 0644 conf/corosync.conf.example* %{buildroot}/usr/share/doc/packages/corosync/
-mkdir -p %{buildroot}/usr/lib/corosync
-rm -rf %{buildroot}/etc/corosync/corosync.conf.example*
-rm -rf %{buildroot}/etc/logrotate.d/
-mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
+# /etc/sysconfig/corosync
 install -m 644 init/corosync.sysconfig.example \
    %{buildroot}%{_fillupdir}/sysconfig.corosync
-rm -rf %{buildroot}%{localstatedir}/run/
+
+mkdir -p  %{buildroot}/%{_datadir}/doc/packages/corosync/
+install -m 0644 conf/corosync.conf.example* %{buildroot}/%{_datadir}/doc/packages/corosync/
 
 %description
 This package contains the Corosync Cluster Engine Executive, several default
@@ -207,15 +188,22 @@ APIs and libraries, default configuration files, and an init script.
 %post
 %{fillup_and_insserv -n corosync}
 %{fillup_and_insserv -n corosync-notifyd}
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 %service_add_post corosync.service corosync-notifyd.service
 
 rm -rf  %{_sysconfdir}/corosync/corosync.conf.example %{_sysconfdir}/corosync/corosync.conf.example.unicast
-ln -s /usr/share/doc/packages/corosync/corosync.conf.example %{_sysconfdir}/corosync/
+ln -s %{_datadir}/doc/packages/corosync/corosync.conf.example %{_sysconfdir}/corosync/
 
 %preun
+%if %{with systemd}
 %service_del_preun corosync.service corosync-notifyd.service
+%endif
 
 %postun
+%if %{with systemd}
+%service_del_postun corosync.service corosync-notifyd.service
+%endif
+
 if [ -f /etc/sysconfig/corosync ]; then
     rm /etc/sysconfig/corosync
 fi
@@ -246,13 +234,12 @@ fi
 %dir %{_sysconfdir}/corosync
 %dir %{_sysconfdir}/corosync/uidgid.d
 %dir %{_datadir}/doc/corosync/
-%dir /usr/lib/corosync/
-%config(noreplace) /usr/share/doc/packages/corosync/corosync.conf.example
-%config(noreplace) %{_fillupdir}/sysconfig.corosync-notifyd
-%config(noreplace) %{_fillupdir}/sysconfig.corosync
+%{_datadir}/doc/packages/corosync/corosync.conf.example
+%{_fillupdir}/sysconfig.corosync-notifyd
+%{_fillupdir}/sysconfig.corosync
 
 %if %{with dbus}
-%{_sysconfdir}/dbus-1/system.d/corosync-signals.conf
+%{_datadir}/dbus-1/system.d/corosync-signals.conf
 %endif
 %if %{with snmp}
 %{_datadir}/snmp/mibs/COROSYNC-MIB.txt
@@ -260,13 +247,14 @@ fi
 %if %{with systemd}
 %{_unitdir}/corosync.service
 %{_unitdir}/corosync-notifyd.service
+%{_tmpfilesdir}/%{name}.conf
 %else
 %dir %{_datadir}/corosync
 %{_datadir}/corosync/corosync
 %{_datadir}/corosync/corosync-notifyd
 %endif
-%dir %{_localstatedir}/lib/corosync
-%dir %{_localstatedir}/log/cluster
+%ghost %{_localstatedir}/lib/corosync
+%ghost %{_localstatedir}/log/cluster
 %{_mandir}/man7/corosync_overview.7*
 %{_mandir}/man8/corosync.8*
 %{_mandir}/man8/corosync-blackbox.8*
@@ -281,7 +269,7 @@ fi
 %{_mandir}/man7/cmap_keys.7*
 %{_datadir}/doc/corosync/*
 
-#library
+# library
 #
 %package libs
 Summary:        The corosync Cluster Engine Libraries
@@ -300,6 +288,7 @@ This package contains corosync libraries.
 %{_libdir}/libcorosync_common.so.*
 
 %post libs -p /sbin/ldconfig
+
 %postun libs -p /sbin/ldconfig
 
 %package devel

corosync.tmpfiles.d.conf

@@ -0,0 +1,2 @@
+d   /var/log/cluster    0755    root    root    -
+d   /var/lib/corosync   0755    root    root    -