diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/0001-attr-Fix-reading-of-server_reply.patch b/0001-attr-Fix-reading-of-server_reply.patch deleted file mode 100644 index cb8c9d3..0000000 --- a/0001-attr-Fix-reading-of-server_reply.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 43eaf0e82b1475a6a5322881cbd8260b6c3f5ef8 Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Wed, 21 Feb 2024 17:40:11 +0100 -Subject: attr: Fix reading of server_reply - -read_server_reply first reads boothc header and then rest of packet -which contains hmac info. This should go in memory right after -boothc_header and not after full length of packet, because full length -of packet already contains hmac info. - -Solution is to simply use length of header and not length of packet. - -Longer term and better solution would be to drop read_server_reply -completely and use recv_auth which is used for everything else but attr -set and delete. - -Signed-off-by: Jan Friesse ---- - src/attr.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/attr.c b/src/attr.c -index 44061e3..bc154f0 100644 ---- a/src/attr.c -+++ b/src/attr.c -@@ -142,7 +142,7 @@ static int read_server_reply( - return -2; - } - len = ntohl(header->length); -- rv = tpt->recv(site, msg+len, len-sizeof(*header)); -+ rv = tpt->recv(site, msg+sizeof(*header), len-sizeof(*header)); - if (rv < 0) { - return -1; - } --- -2.41.0 - diff --git a/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch b/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch deleted file mode 100644 index 5e8fa09..0000000 --- a/0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 98b4284d1701f2efec278b51f151314148bfe70e Mon Sep 17 00:00:00 2001 -From: Jan Friesse -Date: Wed, 21 Feb 2024 18:12:28 +0100 -Subject: auth: Check result of gcrypt gcry_md_get_algo_dlen - -When unknown hash is passed to gcry_md_get_algo_dlen 0 is returned. This -value is then used for memcmp so wrong hmac might be accepted as -correct. - -Signed-off-by: Jan Friesse ---- - src/auth.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/src/auth.c b/src/auth.c -index 8f86b9a..a3b3d20 100644 ---- a/src/auth.c -+++ b/src/auth.c -@@ -28,6 +28,11 @@ int calc_hmac(const void *data, size_t datalen, - { - static gcry_md_hd_t digest; - gcry_error_t err; -+ int hlen; -+ -+ hlen = gcry_md_get_algo_dlen(hid); -+ if (!hlen) -+ return -1; - - if (!digest) { - err = gcry_md_open(&digest, hid, GCRY_MD_FLAG_HMAC); -@@ -42,7 +47,7 @@ int calc_hmac(const void *data, size_t datalen, - } - } - gcry_md_write(digest, data, datalen); -- memcpy(result, gcry_md_read(digest, 0), gcry_md_get_algo_dlen(hid)); -+ memcpy(result, gcry_md_read(digest, 0), hlen); - gcry_md_reset(digest); - return 0; - } -@@ -54,15 +59,20 @@ int verify_hmac(const void *data, size_t datalen, - { - unsigned char *our_hmac; - int rc; -+ int hlen; -+ -+ hlen = gcry_md_get_algo_dlen(hid); -+ if (!hlen) -+ return -1; - -- our_hmac = malloc(gcry_md_get_algo_dlen(hid)); -+ our_hmac = malloc(hlen); - if (!our_hmac) - return -1; - - rc = calc_hmac(data, datalen, hid, our_hmac, key, keylen); - if (rc) - goto out_free; -- rc = memcmp(our_hmac, hmac, gcry_md_get_algo_dlen(hid)); -+ rc = memcmp(our_hmac, hmac, hlen); - - out_free: - if (our_hmac) --- -2.41.0 - diff --git a/booth.spec b/booth.spec index 5d7a8c5..8a7166e 100644 --- a/booth.spec +++ b/booth.spec @@ -22,23 +22,6 @@ %bcond_with html_man %bcond_with glue %bcond_with run_build_tests -%bcond_with include_unit_test - -# set following to the result of `git describe --abbrev=128 $commit` -# This will be used to fill booth_ver, booth_numcomm and booth_sha1. -# It is important to keep abbrev to get full length sha1! When updating source use -# `spectool -g booth.spec` to download source. -%global git_describe_str v1.0-283-g9d4029aa14323a7f3b496215d25e40bd14f33632 - -# Set this to 1 when rebasing (changing git_describe_str) and increase otherwise -%global release 5 - -# Run shell script to parse git_describe str into version, numcomm and sha1 hash -%global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1}) -%global booth_numcomm %(s=%{git_describe_str}; t=${s#*-}; echo ${t%%%%-*}) -%global booth_sha1 %(s=%{git_describe_str}; t=${s##*-}; echo ${t:1}) -%global booth_short_sha1 %(s=%{booth_sha1}; echo ${s:0:7}) -%global booth_archive_name %{name}-%{booth_ver}-%{booth_numcomm}-%{booth_short_sha1} ## User and group to use for nonprivileged services (should be in sync with pacemaker) %global uname hacluster @@ -56,14 +39,12 @@ %global test_path %{_datadir}/booth/tests Name: booth -Version: %{booth_ver} -Release: %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist} +Version: 1.2 +Release: 6%{?dist} Summary: Ticket Manager for Multi-site Clusters License: GPL-2.0-or-later Url: https://github.com/%{github_owner}/%{name} -Source0: https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz -Patch0: 0001-attr-Fix-reading-of-server_reply.patch -Patch1: 0002-auth-Check-result-of-gcrypt-gcry_md_get_algo_dlen.patch +Source0: https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz # direct build process dependencies BuildRequires: autoconf @@ -77,7 +58,7 @@ BuildRequires: asciidoctor BuildRequires: gcc BuildRequires: pkgconfig # linking dependencies -BuildRequires: libgcrypt-devel +BuildRequires: gnutls-devel BuildRequires: libxml2-devel ## just for include BuildRequires: pacemaker-libs-devel @@ -182,9 +163,6 @@ Requires: %{name}-arbitrator = %{version}-%{release} Requires: %{name}-site = %{version}-%{release} Requires: gdb Requires: %{__python3} -%if 0%{?with_include_unit_test} -Requires: python3-pexpect -%endif # runtests.py suite (for perl and ss) Requires: perl-interpreter iproute @@ -194,7 +172,7 @@ Automated tests for running Booth, ticket manager for multi-site clusters. # BUILD # %prep -%autosetup -n %{name}-%{booth_sha1} -S git_am +%autosetup -n %{name}-%{version} -S git_am %build ./autogen.sh @@ -226,10 +204,6 @@ mkdir -p %{buildroot}/%{test_path} # Copy tests from tarball cp -a -t %{buildroot}/%{test_path} \ -- conf test -%if 0%{?with_include_unit_test} -cp -a -t %{buildroot}/%{test_path} \ - -- unit-tests script/unit-test.py -%endif chmod +x %{buildroot}/%{test_path}/test/booth_path chmod +x %{buildroot}/%{test_path}/test/live_test.sh mkdir -p %{buildroot}/%{test_path}/src @@ -312,10 +286,37 @@ VERBOSE=1 make check %{_usr}/lib/ocf/resource.d/booth/sharedrsc %changelog -* Fri Jun 07 2024 Jan Friesse - 1.0-283.5.9d4029a.git -- attr: Fix reading of server_reply -- auth: Check result of gcrypt gcry_md_get_algo_dlen - (fixes CVE-2024-3049) +* Fri Sep 19 2025 Python Maint - 1.2-6 +- Rebuilt for Python 3.14.0rc3 bytecode + +* Thu Aug 21 2025 Cristian Le +- Convert STI tests to TMT (rhbz#2382867) + +* Fri Aug 15 2025 Python Maint - 1.2-5 +- Rebuilt for Python 3.14.0rc2 bytecode + +* Wed Jul 23 2025 Fedora Release Engineering - 1.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jan 16 2025 Fedora Release Engineering - 1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Jul 17 2024 Fedora Release Engineering - 1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jun 07 2024 Jan Friesse - 1.2-1 +- New upstream release + +* Tue Jan 23 2024 Fedora Release Engineering - 1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Oct 18 2023 Jan Friesse - 1.1-1 +- New upstream release +- Upstream releases should now be released regularly, so convert spec + to use them instead of git snapshots * Wed Jul 19 2023 Fedora Release Engineering - 1.0-283.4.9d4029a.git - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/plans.fmf b/plans.fmf new file mode 100644 index 0000000..eb36cda --- /dev/null +++ b/plans.fmf @@ -0,0 +1,13 @@ +summary: Run all tests +discover: + how: fmf +prepare: + - name: Disable installing everything from srpm + how: install + exclude: ".*" + - name: Install the main test package + how: install + package: + - booth-test +execute: + how: tmt diff --git a/sources b/sources index 7e9c107..67b588e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (booth-1.0-283-9d4029a.tar.gz) = 628a3e1e128d0fdcd4600d8d4b46220363575bda83c85cd43bfe940a2a29a9176490342261354138f8d4c593b611cf0282653c1e4b3d4b4841d99ef31ba45ada +SHA512 (booth-1.2.tar.gz) = b63217e561fd5e8ede1ba432ec6b4ef6efb73dc16a501814cf07b82f87a23c3f734ebf09c56a5d521668ee57ed02be48d257aabb1d2e3c4840f1219ef13d3fde diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..6e8835d --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,3 @@ +/upstream: + summary: Run upstream tests + test: ./upstream/runtest.sh diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 8ee75ea..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,9 +0,0 @@ -- hosts: localhost - roles: - - role: standard-test-basic - tags: - - classic - tests: - - upstream - required_packages: - - booth-test diff --git a/tests/upstream/runtest.sh b/tests/upstream/runtest.sh old mode 100644 new mode 100755