!39 fix CVE-2025-30472

From: @fundawang 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git

Fix-building-of-rust-for-release.patch

@@ -0,0 +1,33 @@
+From 2fcda76b96b43ff2a0a8d7c175750ce2ecb0dca8 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 27 Nov 2023 11:17:18 +0100
+Subject: [PATCH] configure: Fix building of rust for release
+
+Set rustver correctly for both release version string
+(for example 3.1.7) and git one (3.1.7.1-982f).
+
+corosyncrustver must be escaped by '[]' because sed is using these two
+characters and m4 would remove them.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 7a9e4200..dfa9267f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -46,7 +46,7 @@ AC_ARG_ENABLE([rust-bindings],
+ 	[AS_HELP_STRING([--enable-rust-bindings],[rust bindings support])],,
+ 	[ enable_rust_bindings="no" ])
+ AM_CONDITIONAL([BUILD_RUST_BINDINGS], [test x$enable_rust_bindings = xyes])
+-corosyncrustver="`echo ${VERSION} | sed 's/\(.*\)\./\1-/'`"
++corosyncrustver=["`echo ${VERSION} | sed 's/\.\([^-\.]*-\)/-\1/'`"]
+ AC_SUBST([corosyncrustver])
+ 
+ dnl Fix default variables - "prefix" variable if not specified
+-- 
+2.25.1
+

Fix-up-the-library-versions-files.patch

@@ -0,0 +1,185 @@
+From 8d46eb012778534d8beb5d1742e20ff9e2c300c2 Mon Sep 17 00:00:00 2001
+From: Christine Caulfield <ccaulfie@redhat.com>
+Date: Mon, 18 Dec 2023 09:25:56 +0000
+Subject: [PATCH] Fix up the library .versions files
+
+I've only added missing symbols and removed old ones. The actual
+library version numbers might need assessing too.
+
+Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
+Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+---
+ lib/libcfg.versions        | 12 +++++++-----
+ lib/libcmap.versions       | 38 ++++++++++++++++++++++++++++++++++++++
+ lib/libcpg.versions        |  8 ++++++++
+ lib/libquorum.versions     |  8 ++++++--
+ lib/libsam.versions        |  7 ++++++-
+ lib/libvotequorum.versions |  4 ++++
+ 6 files changed, 69 insertions(+), 8 deletions(-)
+
+diff --git a/lib/libcfg.versions b/lib/libcfg.versions
+index 18d18f70..7f89f239 100644
+--- a/lib/libcfg.versions
++++ b/lib/libcfg.versions
+@@ -6,13 +6,15 @@ COROSYNC_CFG_0.82 {
+ 		corosync_cfg_fd_get;
+ 		corosync_cfg_dispatch;
+ 		corosync_cfg_finalize;
+-		corosync_cfg_administrative_state_get;
+-		corosync_cfg_administrative_state_set;
+-		corosync_cfg_track;
+-		corosync_cfg_track_stop;
+ 		corosync_cfg_ring_status_get;
+ 		corosync_cfg_node_status_get;
+-		corosync_cfg_ring_reenable;
++		corosync_cfg_kill_node;
++		corosync_cfg_try_shutdown;
++		corosync_cfg_replyto_shutdown;
++		corosync_cfg_get_node_addrs;
++		corosync_cfg_local_get;
++		corosync_cfg_reload_config;
++		corosync_cfg_reopen_log_files;
+ 		corosync_cfg_trackstart;
+ 		corosync_cfg_trackstop;
+ };
+diff --git a/lib/libcmap.versions b/lib/libcmap.versions
+index 59c8778c..7460dd30 100644
+--- a/lib/libcmap.versions
++++ b/lib/libcmap.versions
+@@ -3,4 +3,42 @@
+ COROSYNC_CMAP_1.0 {
+ 	global:
+ 		cmap_initialize;
++		cmap_initialize_map;
++		cmap_finalize;
++		cmap_fd_get;
++		cmap_dispatch;
++		cmap_context_get;
++		cmap_context_set;
++		cmap_set;
++		cmap_set_int8;
++		cmap_set_uint8;
++		cmap_set_int16;
++		cmap_set_uint16;
++		cmap_set_int32;
++		cmap_set_uint32;
++		cmap_set_int64;
++		cmap_set_uint64;
++		cmap_set_float;
++		cmap_set_double;
++		cmap_set_string;
++		cmap_delete;
++		cmap_get;
++		cmap_get_int8;
++		cmap_get_uint8;
++		cmap_get_int16;
++		cmap_get_uint16;
++		cmap_get_int32;
++		cmap_get_uint32;
++		cmap_get_int64;
++		cmap_get_uint64;
++		cmap_get_float;
++		cmap_get_double;
++		cmap_get_string;
++		cmap_inc;
++		cmap_dec;
++		cmap_iter_init;
++		cmap_iter_next;
++		cmap_iter_finalize;
++		cmap_track_add;
++		cmap_track_delete;
+ };
+diff --git a/lib/libcpg.versions b/lib/libcpg.versions
+index 93eeb529..ba4d16d6 100644
+--- a/lib/libcpg.versions
++++ b/lib/libcpg.versions
+@@ -3,15 +3,23 @@
+ COROSYNC_CPG_1.0 {
+ 	global:
+ 		cpg_initialize;
++		cpg_model_initialize;
+ 		cpg_finalize;
+ 		cpg_fd_get;
++		cpg_max_atomic_msgsize_get;
+ 		cpg_dispatch;
+ 		cpg_join;
+ 		cpg_leave;
+ 		cpg_mcast_joined;
+ 		cpg_membership_get;
++		cpg_local_get;
++		cpg_flow_control_state_get;
+ 		cpg_context_get;
+ 		cpg_context_set;
+ 		cpg_zcb_alloc;
+ 		cpg_zcb_free;
++		cpg_zcb_mcast_joined;
++		cpg_iteration_initialize;
++		cpg_iteration_next;
++		cpg_iteration_finalize;
+ };
+diff --git a/lib/libquorum.versions b/lib/libquorum.versions
+index b1f0a883..b4fc21cd 100644
+--- a/lib/libquorum.versions
++++ b/lib/libquorum.versions
+@@ -3,9 +3,13 @@
+ COROSYNC_QUORUM_1.0 {
+ 	global:
+ 		quorum_initialize;
++		quorum_model_initialize;
+ 		quorum_finalize;
++		quorum_fd_get;
+ 		quorum_getquorate;
+-		quorum_initialize;
+-		quorum_finalize;
+ 		quorum_dispatch;
++		quorum_trackstart;
++		quorum_trackstop;
++		quorum_context_get;
++		quorum_context_set;
+ };
+diff --git a/lib/libsam.versions b/lib/libsam.versions
+index 48fba2cc..3881bb72 100644
+--- a/lib/libsam.versions
++++ b/lib/libsam.versions
+@@ -2,11 +2,16 @@
+ 
+ COROSYNC_SAM_1.0 {
+ 	global:
+-		sam_initialized;
++		sam_initialize;
+ 		sam_finalize;
+ 		sam_start;
+ 		sam_stop;
+ 		sam_register;
+ 		sam_hc_send;
+ 		sam_hc_callback_register;
++		sam_warn_signal_set;
++		sam_data_getsize;
++		sam_data_restore;
++		sam_data_store;
++		sam_mark_failed;
+ };
+diff --git a/lib/libvotequorum.versions b/lib/libvotequorum.versions
+index 7a37030c..00783fc0 100644
+--- a/lib/libvotequorum.versions
++++ b/lib/libvotequorum.versions
+@@ -4,12 +4,16 @@ COROSYNC_VOTEQUORUM_1.0 {
+ 	global:
+ 		votequorum_initialize;
+ 		votequorum_finalize;
++		votequorum_dispatch;
++		votequorum_fd_get;
+ 		votequorum_getinfo;
+ 		votequorum_setexpected;
+ 		votequorum_setvotes;
+ 		votequorum_qdevice_register;
+ 		votequorum_qdevice_unregister;
+ 		votequorum_qdevice_poll;
++		votequorum_qdevice_update;
++		votequorum_qdevice_master_wins;
+ 		votequorum_trackstart;
+ 		votequorum_trackstop;
+ 		votequorum_context_get;
+-- 
+2.25.1
+

Report-crypto-errors-back-to-cfg-reload.patch

@@ -0,0 +1,246 @@
+From ce03c68394517ea8782a03968e2507a1096e9efe Mon Sep 17 00:00:00 2001
+From: Christine Caulfield <ccaulfie@redhat.com>
+Date: Wed, 31 Jan 2024 10:29:05 +0000
+Subject: [PATCH] Report crypto errors back to cfg reload
+
+Because crypto changing happens in the 'commit' phase
+of the reload and we can't get sure that knet will
+allow the new parameters, the result gets ignored.
+This can happen in FIPS mode if a non-FIPS cipher
+is requested.
+
+This patch reports the errors back in a cmap key
+so that the command-line can spot those errors
+and report them back to the user.
+
+It also restores the internal values for crypto
+so that subsequent attempts to change things have
+predictable results. Otherwise further attempts can
+do nothing but not report any errors back.
+
+I've also added some error reporting back for the
+knet ping counters using this mechanism.
+
+The alternative to all of this would be to check for FIPS
+in totemconfig.c and then exclude certain options, but this
+would be duplicating code that could easily get out of sync.
+
+This system could also be a useful mechanism for reporting
+back other 'impossible' errors.
+
+Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+---
+ exec/cfg.c               |  3 +++
+ exec/totemconfig.c       |  8 ++++++-
+ exec/totemknet.c         | 48 +++++++++++++++++++++++++++++++++++-----
+ tools/corosync-cfgtool.c | 31 ++++++++++++++++++++++++++
+ 4 files changed, 83 insertions(+), 7 deletions(-)
+
+diff --git a/exec/cfg.c b/exec/cfg.c
+index fe5f551d..4a3834b0 100644
+--- a/exec/cfg.c
++++ b/exec/cfg.c
+@@ -722,6 +722,9 @@ static void message_handler_req_exec_cfg_reload_config (
+ 
+ 	log_printf(LOGSYS_LEVEL_NOTICE, "Config reload requested by node " CS_PRI_NODE_ID, nodeid);
+ 
++	// Clear this out in case it all goes well
++	icmap_delete("config.reload_error_message");
++
+ 	icmap_set_uint8("config.totemconfig_reload_in_progress", 1);
+ 
+ 	/* Make sure there is no rubbish in this that might be checked, even on error */
+diff --git a/exec/totemconfig.c b/exec/totemconfig.c
+index a6394a2f..505424e3 100644
+--- a/exec/totemconfig.c
++++ b/exec/totemconfig.c
+@@ -2439,7 +2439,13 @@ int totemconfig_commit_new_params(
+ 	totempg_reconfigure();
+ 
+ 	free(new_interfaces);
+-	return res; /* On a reload this is ignored */
++
++	/*
++	 * On a reload this return is ignored because it's too late to do anything about it,
++	 * but errors are reported back via cmap.
++	 */
++	return res;
++
+ }
+ 
+ static void add_totem_config_notification(struct totem_config *totem_config)
+diff --git a/exec/totemknet.c b/exec/totemknet.c
+index f280a094..916f4f8b 100644
+--- a/exec/totemknet.c
++++ b/exec/totemknet.c
+@@ -93,6 +93,8 @@ static int setup_nozzle(void *knet_context);
+ struct totemknet_instance {
+ 	struct crypto_instance *crypto_inst;
+ 
++	struct knet_handle_crypto_cfg last_good_crypto_cfg;
++
+ 	qb_loop_t *poll_handle;
+ 
+         knet_handle_t knet_handle;
+@@ -995,6 +997,7 @@ static void totemknet_refresh_config(
+ 	}
+ 
+ 	for (i=0; i<num_nodes; i++) {
++		int linkerr = 0;
+ 		for (link_no = 0; link_no < INTERFACE_MAX; link_no++) {
+ 			if (host_ids[i] == instance->our_nodeid || !instance->totem_config->interfaces[link_no].configured) {
+ 				continue;
+@@ -1006,19 +1009,25 @@ static void totemknet_refresh_config(
+ 							instance->totem_config->interfaces[link_no].knet_ping_precision);
+ 			if (err) {
+ 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_ping_timers for node " CS_PRI_NODE_ID " link %d failed", host_ids[i], link_no);
++				linkerr = err;
+ 			}
+ 			err = knet_link_set_pong_count(instance->knet_handle, host_ids[i], link_no,
+ 						       instance->totem_config->interfaces[link_no].knet_pong_count);
+ 			if (err) {
+ 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_pong_count for node " CS_PRI_NODE_ID " link %d failed",host_ids[i], link_no);
++				linkerr = err;
+ 			}
+ 			err = knet_link_set_priority(instance->knet_handle, host_ids[i], link_no,
+ 						     instance->totem_config->interfaces[link_no].knet_link_priority);
+ 			if (err) {
+ 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_priority for node " CS_PRI_NODE_ID " link %d failed", host_ids[i], link_no);
++				linkerr = err;
+ 			}
+ 
+ 		}
++		if (linkerr) {
++			icmap_set_string("config.reload_error_message", "Failed to set knet ping timers(2)");
++		}
+ 	}
+ 
+ 	/* Log levels get reconfigured from logconfig.c as that happens last in the reload */
+@@ -1086,6 +1095,10 @@ static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
+ 
+ 	/* use_config will be called later when all nodes are synced */
+ 	res = knet_handle_crypto_set_config(instance->knet_handle, &crypto_cfg, instance->totem_config->crypto_index);
++	if (res == 0) {
++		/* Keep a copy in case it fails in future */
++		memcpy(&instance->last_good_crypto_cfg, &crypto_cfg, sizeof(crypto_cfg));
++	}
+ 	if (res == -1) {
+ 		knet_log_printf(LOGSYS_LEVEL_ERROR, "knet_handle_crypto_set_config (index %d) failed: %s", instance->totem_config->crypto_index, strerror(errno));
+ 		goto exit_error;
+@@ -1112,8 +1125,24 @@ static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
+ 	}
+ #endif
+ 
+-
+ exit_error:
++#ifdef HAVE_KNET_CRYPTO_RECONF
++	if (res) {
++		icmap_set_string("config.reload_error_message", "Failed to set crypto parameters");
++
++		/* Restore the old values in cmap & totem_config */
++		icmap_set_string("totem.crypto_cipher", instance->last_good_crypto_cfg.crypto_cipher_type);
++		icmap_set_string("totem.crypto_hash",  instance->last_good_crypto_cfg.crypto_hash_type);
++		icmap_set_string("totem.crypto_model",  instance->last_good_crypto_cfg.crypto_model);
++
++		memcpy(instance->totem_config->crypto_hash_type, instance->last_good_crypto_cfg.crypto_hash_type,
++		       sizeof(instance->last_good_crypto_cfg.crypto_hash_type));
++		memcpy(instance->totem_config->crypto_cipher_type, instance->last_good_crypto_cfg.crypto_cipher_type,
++		       sizeof(instance->last_good_crypto_cfg.crypto_cipher_type));
++		memcpy(instance->totem_config->crypto_model, instance->last_good_crypto_cfg.crypto_model,
++		       sizeof(instance->last_good_crypto_cfg.crypto_model));
++	}
++#endif
+ 	return res;
+ }
+ 
+@@ -1656,6 +1685,9 @@ int totemknet_member_add (
+ 			log_flush_messages(instance);
+ 			errno = saved_errno;
+ 			KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_ping_timers for nodeid " CS_PRI_NODE_ID ", link %d failed", member->nodeid, link_no);
++
++			icmap_set_string("config.reload_error_message", "Failed to set knet ping timers");
++
+ 			return -1;
+ 		}
+ 		err = knet_link_set_pong_count(instance->knet_handle, member->nodeid, link_no,
+@@ -1666,6 +1698,7 @@ int totemknet_member_add (
+ 			log_flush_messages(instance);
+ 			errno = saved_errno;
+ 			KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_pong_count for nodeid " CS_PRI_NODE_ID ", link %d failed", member->nodeid, link_no);
++			icmap_set_string("config.reload_error_message", "Failed to set knet pong count");
+ 			return -1;
+ 		}
+ 	}
+@@ -1774,11 +1807,14 @@ int totemknet_reconfigure (
+ 		/* Flip crypto_index */
+ 		totem_config->crypto_index = 3-totem_config->crypto_index;
+ 		res = totemknet_set_knet_crypto(instance);
+-
+-		knet_log_printf(LOG_INFO, "kronosnet crypto reconfigured on index %d: %s/%s/%s", totem_config->crypto_index,
+-				totem_config->crypto_model,
+-				totem_config->crypto_cipher_type,
+-				totem_config->crypto_hash_type);
++		if (res == 0) {
++			knet_log_printf(LOG_INFO, "kronosnet crypto reconfigured on index %d: %s/%s/%s", totem_config->crypto_index,
++					totem_config->crypto_model,
++					totem_config->crypto_cipher_type,
++					totem_config->crypto_hash_type);
++		} else {
++			icmap_set_string("config.reload_error_message", "Failed to set knet crypto");
++		}
+ 	}
+ 	return (res);
+ }
+diff --git a/tools/corosync-cfgtool.c b/tools/corosync-cfgtool.c
+index d04d5bea..d35f6d90 100644
+--- a/tools/corosync-cfgtool.c
++++ b/tools/corosync-cfgtool.c
+@@ -332,6 +332,33 @@ nodestatusget_do (enum user_action action, int brief)
+ 	return rc;
+ }
+ 
++
++static int check_for_reload_errors(void)
++{
++	cmap_handle_t cmap_handle;
++	cs_error_t result;
++	char *str;
++	int res;
++
++	result = cmap_initialize (&cmap_handle);
++	if (result != CS_OK) {
++		fprintf (stderr, "Could not initialize corosync cmap API error %d\n", result);
++		exit (EXIT_FAILURE);
++	}
++
++	result = cmap_get_string(cmap_handle, "config.reload_error_message", &str);
++	if (result == CS_OK) {
++		printf("ERROR from reload: %s - see syslog for more information\n", str);
++		free(str);
++		res = 1;
++	}
++	else {
++		res = 0;
++	}
++	cmap_finalize(cmap_handle);
++	return res;
++}
++
+ static int reload_config_do (void)
+ {
+ 	cs_error_t result;
+@@ -358,6 +385,10 @@ static int reload_config_do (void)
+ 
+ 	(void)corosync_cfg_finalize (handle);
+ 
++	if ((rc = check_for_reload_errors())) {
++		fprintf(stderr, "Errors in appying config, corosync.conf might not match the running system\n");
++	}
++
+ 	return (rc);
+ }
+ 
+-- 
+2.25.1
+

backport-CVE-2025-30472.patch

@@ -0,0 +1,65 @@
+From 7839990f9cdf34e55435ed90109e82709032466a Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 24 Mar 2025 12:05:08 +0100
+Subject: [PATCH] totemsrp: Check size of orf_token msg
+
+orf_token message is stored into preallocated array on endian convert
+so carefully crafted malicious message can lead to crash of corosync.
+
+Solution is to check message size beforehand.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
+---
+ exec/totemsrp.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/exec/totemsrp.c b/exec/totemsrp.c
+index 962d0e2a..364528ce 100644
+--- a/exec/totemsrp.c
++++ b/exec/totemsrp.c
+@@ -3679,12 +3679,20 @@ static int check_orf_token_sanity(
+ 	const struct totemsrp_instance *instance,
+ 	const void *msg,
+ 	size_t msg_len,
++	size_t max_msg_len,
+ 	int endian_conversion_needed)
+ {
+ 	int rtr_entries;
+ 	const struct orf_token *token = (const struct orf_token *)msg;
+ 	size_t required_len;
+ 
++	if (msg_len > max_msg_len) {
++		log_printf (instance->totemsrp_log_level_security,
++		    "Received orf_token message is too long...  ignoring.");
++
++		return (-1);
++	}
++
+ 	if (msg_len < sizeof(struct orf_token)) {
+ 		log_printf (instance->totemsrp_log_level_security,
+ 		    "Received orf_token message is too short...  ignoring.");
+@@ -3698,6 +3706,13 @@ static int check_orf_token_sanity(
+ 		rtr_entries = token->rtr_list_entries;
+ 	}
+ 
++	if (rtr_entries > RETRANSMIT_ENTRIES_MAX) {
++		log_printf (instance->totemsrp_log_level_security,
++		    "Received orf_token message rtr_entries is corrupted...  ignoring.");
++
++		return (-1);
++	}
++
+ 	required_len = sizeof(struct orf_token) + rtr_entries * sizeof(struct rtr_item);
+ 	if (msg_len < required_len) {
+ 		log_printf (instance->totemsrp_log_level_security,
+@@ -3866,7 +3881,8 @@ static int message_handler_orf_token (
+ 	"Time since last token %0.4f ms", ((float)tv_diff) / 1000000.0);
+ #endif
+ 
+-	if (check_orf_token_sanity(instance, msg, msg_len, endian_conversion_needed) == -1) {
++	if (check_orf_token_sanity(instance, msg, msg_len, sizeof(token_storage),
++            endian_conversion_needed) == -1) {
+ 		return (0);
+ 	}
+ 

corosync.spec

@@ -18,10 +18,15 @@
 Name:           corosync
 Summary:        The Corosync Cluster Engine and Application Programming Interfaces
 Version:        3.1.8
-Release:        1
+Release:        6
 License:        BSD-3-Clause
 URL:            http://corosync.github.io/corosync/
 Source0:        http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
+Patch0:         Fix-up-the-library-versions-files.patch
+Patch1:         Report-crypto-errors-back-to-cfg-reload.patch
+Patch2:         Fix-building-of-rust-for-release.patch
+Patch3:         totem-Fix-reference-links.patch
+Patch4:         backport-CVE-2025-30472.patch
 
 # Runtime bits
 # The automatic dependency overridden in favor of explicit version lock
@@ -70,7 +75,7 @@ BuildRequires:  readline-devel
 BuildRequires:  make
 
 %prep
-%setup -q -n %{name}-%{version}%{?gittarver}
+%autosetup -n %{name}-%{version}%{?gittarver} -p1
 
 %build
 %if %{with runautogen}
@@ -288,6 +293,21 @@ network splits)
 %endif
 
 %changelog
+* Thu Mar 27 2025 Funda Wang <fundawang@yeah.net> - 3.1.8-6
+- fix CVE-2025-30472
+
+* Fri Mar 15 2024 zouzhimin <zouzhimin@kylinos.cn> - 3.1.8-5
+- totem: Fix reference links
+
+* Fri Mar 01 2024 zouzhimin <zouzhimin@kylinos.cn> - 3.1.8-4
+- configure: Fix building of rust for release
+
+* Tue Feb 27 2024 zouzhimin <zouzhimin@kylinos.cn> - 3.1.8-3
+- Report crypto errors back to cfg reload
+
+* Tue Feb 27 2024 zouzhimin <zouzhimin@kylinos.cn> - 3.1.8-2
+- Fix up the library .versions files
+
 * Fri Nov 24 2023 zouzhimin <zouzhimin@kylinos.cn> - 3.1.8-1
 - update package to version 3.1.8
 

totem-Fix-reference-links.patch

@@ -0,0 +1,34 @@
+From c01fd757a0b8056a940c3d8575a00bce43f99fbf Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 12 Mar 2024 16:40:12 +0100
+Subject: [PATCH] totem: Fix reference links
+
+Link Corosync project archived copy of Yair Amir's PhD thesis
+and paper about totem protocol.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+---
+ exec/totemsrp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec/totemsrp.c b/exec/totemsrp.c
+index 63a47c19..63463a53 100644
+--- a/exec/totemsrp.c
++++ b/exec/totemsrp.c
+@@ -35,10 +35,10 @@
+ 
+ /*
+  * The first version of this code was based upon Yair Amir's PhD thesis:
+- *	http://www.cs.jhu.edu/~yairamir/phd.ps) (ch4,5).
++ *	https://corosync.github.io/corosync/doc/Yair_phd.ps.gz (ch4,5).
+  *
+  * The current version of totemsrp implements the Totem protocol specified in:
+- * 	http://citeseer.ist.psu.edu/amir95totem.html
++ * 	https://corosync.github.io/corosync/doc/tocssrp95.ps.gz
+  *
+  * The deviations from the above published protocols are:
+  * - token hold mode where token doesn't rotate on unused ring - reduces cpu
+-- 
+2.25.1
+