Accepting request 1256370 from network:ha-clustering:Factory

OBS-URL: https://build.opensuse.org/request/show/1256370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/corosync?expand=0&rev=81

0001-harden-services-with-systemd-sandboxing.patch

@@ -0,0 +1,53 @@
+From 6d977c3f286a39b7e35c46ad3642a34617bdd833 Mon Sep 17 00:00:00 2001
+From: nicholasyang <nicholas.yang@suse.com>
+Date: Wed, 13 Nov 2024 14:28:53 +0800
+Subject: [PATCH] harden services with systemd sandboxing
+
+---
+ init/corosync-notifyd.service.in | 10 ++++++++++
+ init/corosync.service.in         | 10 ++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/init/corosync-notifyd.service.in b/init/corosync-notifyd.service.in
+index 410a6837..604a2a47 100644
+--- a/init/corosync-notifyd.service.in
++++ b/init/corosync-notifyd.service.in
+@@ -10,5 +10,15 @@ ExecStart=@SBINDIR@/corosync-notifyd -f $OPTIONS
+ Type=notify
+ Restart=on-failure
+ 
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/init/corosync.service.in b/init/corosync.service.in
+index bd2a48a9..63381f47 100644
+--- a/init/corosync.service.in
++++ b/init/corosync.service.in
+@@ -30,5 +30,15 @@ StandardError=null
+ #  rewrite according to environment.
+ #ExecStartPre=/sbin/modprobe softdog
+ 
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++PrivateDevices=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++
+ [Install]
+ WantedBy=multi-user.target
+-- 
+2.47.0
+

779.patch

@@ -0,0 +1,63 @@
+From ea7d0a01337dd3849bee9a2719d4ccf54adf5c29 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 24 Mar 2025 12:05:08 +0100
+Subject: [PATCH] totemsrp: Check size of orf_token msg
+
+orf_token message is stored into preallocated array on endian convert
+so carefully crafted malicious message can lead to crash of corosync.
+
+Solution is to check message size beforehand.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ exec/totemsrp.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/exec/totemsrp.c b/exec/totemsrp.c
+index 962d0e2a7..364528ce1 100644
+--- a/exec/totemsrp.c
++++ b/exec/totemsrp.c
+@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity(
+ 	const struct totemsrp_instance *instance,
+ 	const void *msg,
+ 	size_t msg_len,
++	size_t max_msg_len,
+ 	int endian_conversion_needed)
+ {
+ 	int rtr_entries;
+ 	const struct orf_token *token = (const struct orf_token *)msg;
+ 	size_t required_len;
+ 
++	if (msg_len > max_msg_len) {
++		log_printf (instance->totemsrp_log_level_security,
++		    "Received orf_token message is too long...  ignoring.");
++
++		return (-1);
++	}
++
+ 	if (msg_len < sizeof(struct orf_token)) {
+ 		log_printf (instance->totemsrp_log_level_security,
+ 		    "Received orf_token message is too short...  ignoring.");
+@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity(
+ 		rtr_entries = token->rtr_list_entries;
+ 	}
+ 
++	if (rtr_entries > RETRANSMIT_ENTRIES_MAX) {
++		log_printf (instance->totemsrp_log_level_security,
++		    "Received orf_token message rtr_entries is corrupted...  ignoring.");
++
++		return (-1);
++	}
++
+ 	required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item);
+ 	if (msg_len < required_len) {
+ 		log_printf (instance->totemsrp_log_level_security,
+@@ -3868,7 +3883,8 @@ static int message_handler_orf_token (
+ 	    "Time since last token %0.4f ms", tv_diff / (float)QB_TIME_NS_IN_MSEC);
+ #endif
+ 
+-	if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) {
++	if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage),
++	    endian_conversion_needed) == -1) {
+ 		return (0);
+ 	}

_service

@@ -1,19 +1,19 @@
 <services>
-  <service name="tar_scm" mode="disabled">
+  <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/corosync/corosync.git</param>
     <param name="scm">git</param>
     <param name="filename">corosync</param>
-    <param name="versionformat">3.1.8+%cd.%h</param>
-    <param name="revision">40e08b21</param>
+    <param name="versionformat">3.1.9</param>
+    <param name="revision">v3.1.9</param>
     <param name="changesgenerate">enable</param>
   </service>
 
-  <service name="recompress" mode="disabled">
+  <service name="recompress" mode="manual">
     <param name="file">corosync*.tar</param>
     <param name="compression">gz</param>
   </service>
 
-  <service name="set_version" mode="disabled">
+  <service name="set_version" mode="manual">
     <param name="basename">corosync</param>
   </service>
 </services>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/corosync/corosync.git</param>
-              <param name="changesrevision">40e08b219de94f3850f8f39291d89a5713e32f06</param></service></servicedata>
+              <param name="changesrevision">4e683699b97740562db11f60c744b0f7f61916dd</param></service></servicedata>

corosync.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Wed Mar 26 09:20:06 UTC 2025 - Nicholas Yang <nicholas.yang@suse.com>
+
+- Add a patch to fix CVE-2025-30472 (bsc#1239987)
+  * 779.patch
+
+-------------------------------------------------------------------
+Mon Nov 18 03:51:09 UTC 2024 - nicholas.yang@suse.com
+
+- Update to version 3.1.9:
+  * rust: Update to latest standards
+  * totemsrp: Fix orf_token stats
+  * totem: Use uint64_t type and QB_TIME_NS_IN_MSEC
+  * totem: Use proper timestamp type for token warning
+  * stats: Store token rx and tx timestamps as 64-bit
+  * rust: fix clippy warning in rust 1.81
+  * coroparse: Free kv_item key and value on failure
+  * icmap: Free memory if qb_map_notify_add fails
+  * cfg: Free new_config interfaces on failure
+  * main: support lock pid file arg
+  * man: fix a typo in cpg_model_initialize
+  * man: Improve quorum provider formatting
+  * rust: tests return errors and don't hang
+  * rust: Improve Rust bindings
+  * Move corosync-notifyd policy file into $(datadir)/dbus-1/system.d
+  * man: corosync.conf: Multi improvements
+  * totem: Fix reference links
+  * Report crypto errors back to cfg reload
+  * Fix up the library .versions files
+  * configure: Fix building of rust for release
+  * License: Fix year (mainly to fix rust building)
+
+-------------------------------------------------------------------
+Wed Nov 13 06:48:08 UTC 2024 - Nicholas Yang <nicholas.yang@suse.com>
+
+- Add a patch to harden services with systemd sandboxing:
+  * 0001-harden-services-with-systemd-sandboxing.patch
+
 -------------------------------------------------------------------
 Wed May 15 12:18:23 UTC 2024 - Emil Penchev <emil.penchev@suse.com>
 

corosync.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package corosync
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -51,10 +51,12 @@ Name:           corosync
 Summary:        The Corosync Cluster Engine and Application Programming Interfaces
 License:        BSD-3-Clause
 Group:          Productivity/Clustering/HA
-Version:        3.1.8
-Release:        3
-Url:            http://corosync.github.io/corosync/
-Source0:        https://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
+Version:        3.1.9
+Release:        0
+URL:            http://corosync.github.io/corosync/
+Source0:        %{name}-%{version}.tar.gz
+Patch0:         0001-harden-services-with-systemd-sandboxing.patch
+Patch1:         779.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 # provide openais on purpose, the package has been deleted.
@@ -64,16 +66,16 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-libs = %{version}-%{release}
 
 # Support crypto reload
-Requires: libknet1 >= 1.28
+Requires:       libknet1 >= 1.28
 # NSS crypto plugin should be always installed
-Requires: libknet1-crypto-nss-plugin >= 1.28
+Requires:       libknet1-crypto-nss-plugin >= 1.28
 
 # Build bits
 BuildRequires:  gcc
 
 BuildRequires:  groff-full
-BuildRequires:  libqb-devel
 BuildRequires:  libknet-devel >= 1.28
+BuildRequires:  libqb-devel
 BuildRequires:  zlib-devel
 %if %{with runautogen}
 BuildRequires:  autoconf
@@ -90,11 +92,11 @@ BuildRequires:  net-snmp-devel
 BuildRequires:  dbus-1-devel
 %endif
 %if %{with nozzle}
-BuildRequires: libnozzle-devel
+BuildRequires:  libnozzle-devel
 %endif
 %if %{with systemd}
+BuildRequires:  systemd-devel
 BuildRequires:  pkgconfig(systemd)
-BuildRequires:	systemd-devel
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -103,21 +105,21 @@ Requires(postun): systemd
 Requires:       libxslt
 %endif
 %if %{with vqsim}
-BuildRequires: readline-devel
+BuildRequires:  readline-devel
 %endif
-Obsoletes: libcfg6
-Obsoletes: libcmap4
-Obsoletes: libcorosync_common4
-Obsoletes: libcpg4
-Obsoletes: libquorum5
-Obsoletes: libsam4
-Obsoletes: libtotem_pg5
-Obsoletes: libvotequorum8
+Obsoletes:      libcfg6
+Obsoletes:      libcmap4
+Obsoletes:      libcorosync_common4
+Obsoletes:      libcpg4
+Obsoletes:      libquorum5
+Obsoletes:      libsam4
+Obsoletes:      libtotem_pg5
+Obsoletes:      libvotequorum8
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %prep
-%setup -q -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
 
 rm -f .git*
 echo %{version} > .tarball-version
@@ -282,7 +284,7 @@ fi
 #library
 #
 %package libs
-Summary: The corosync Cluster Engine Libraries
+Summary:        The corosync Cluster Engine Libraries
 
 %description libs
 This package contains corosync libraries.
@@ -340,9 +342,9 @@ The Corosync Cluster Engine APIs.
 
 %if %{with vqsim}
 %package vqsim
-Summary: The Corosync Cluster Engine - Votequorum Simulator
-Requires: %{name}-libs = %{version}-%{release}
-Requires: pkgconfig
+Summary:        The Corosync Cluster Engine - Votequorum Simulator
+Requires:       %{name}-libs = %{version}-%{release}
+Requires:       pkgconfig
 
 %description vqsim
 A command-line simulator for the corosync votequorum subsystem.