!6 [sync] PR-4: openEuler-22.03-LTS-Next Packages upgrade

From: @openeuler-sync-bot Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-04-19 08:26:02 +00:00 · 2022-04-19 08:26:02 +00:00 · 0db2f33e95
commit 0db2f33e95
parent 2759485f76 f2f8e35f81
6 changed files with 293 additions and 4 deletions
--- a/0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch
+++ b/0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch
@ -0,0 +1,67 @@
+From f7333277c2709b147e2f2a3ab357ec3a195fb1f5 Mon Sep 17 00:00:00 2001
+From: Chris Dunlap <cdunlap@llnl.gov>
+Date: Fri, 4 Dec 2020 21:31:34 -0800
+Subject: [PATCH 2/4] Sharness: Fix dup of failing check when run by root
+
+When the test suite is run by root, the following two failures occur in
+"0103-munged-security-logfile.t":
+
+  10 - logfile not writable by user failure
+  31 - logfile failure writes single message to stderr
+
+This second test, "logfile failure writes single message to stderr",
+checks for a regression of a duplicate error message being written to
+stderr by forcing an expected failure -- namely, setting the logfile
+perms to 0400 and expecting an error when opening the logfile because
+the user does not have write-permissions.  This expected failure is
+the check being performed in the first test, "logfile not writable
+by user failure".
+
+Fix the test for "logfile failure writes single message to stderr"
+by forcing a different error that is not affected by root privileges.
+In particular, set the logfile perms to 0602 which will fail because
+the logfile is now writable by other; this will fail regardless of
+whether or not the user is root.
+
+Tested:
+- Arch Linux
+- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10
+- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0
+- Fedora 33, 32, 31
+- FreeBSD 12.2, 11.4
+- NetBSD 9.1, 9.0, 8.1
+- OpenBSD 6.8, 6.7, 6.6
+- openSUSE 15.2, 15.1
+- Raspberry Pi OS (Raspbian 10) [armv7l]
+- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS
+---
+ t/0103-munged-security-logfile.t | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/t/0103-munged-security-logfile.t b/t/0103-munged-security-logfile.t
+index fafd973..40b59a6 100755
+--- a/t/0103-munged-security-logfile.t
+++ b/t/0103-munged-security-logfile.t
+@@ -343,14 +343,16 @@ test_expect_success 'logfile dir writable by other with sticky bit' '
+     chmod 0755 "${MUNGE_LOGDIR}"
+ '
+ 
+-# Check for a regression of a duplicate error message being written to stderr
+-#   for a failure to open the logfile.
+# Check for a regression of a duplicate error message being written to stderr.
+# To generate an error, test for the logfile being writable by other since this
+#   will not be affected by root privileges.
+#
+ ##
+ test_expect_success 'logfile failure writes single message to stderr' '
+     local ERR NUM &&
+     rm -f "${MUNGE_LOGFILE}" &&
+     touch "${MUNGE_LOGFILE}" &&
+-    chmod 0400 "${MUNGE_LOGFILE}" &&
+    chmod 0602 "${MUNGE_LOGFILE}" &&
+     test_must_fail munged_start_daemon t-keep-logfile 2>err.$$ &&
+     cat err.$$ &&
+     ERR=$(sed -n -e "s/.*Error: //p" err.$$ | sort | uniq -c | sort -n -r) &&
+-- 
+2.30.0
+
--- a/0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch
+++ b/0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch
@ -0,0 +1,67 @@
+From 014cff3c0ba16fc645eeceeb16eb6be8132c59fd Mon Sep 17 00:00:00 2001
+From: Chris Dunlap <cdunlap@llnl.gov>
+Date: Fri, 4 Dec 2020 23:50:39 -0800
+Subject: [PATCH 3/4] Sharness: Fix EACCES failure succeeding for root
+
+When the test suite is run by root, the following failure occurs in
+"0103-munged-security-logfile.t":
+
+  10 - logfile not writable by user failure
+
+This sets the logfile perms to 0400 to check for an error when the
+logfile is not writable by the user.  However, root will not get a
+"permission denied" error here.  Consequently, the expected failure
+erroneously succeeds.
+
+Add a check for whether the test is being run by the root user, and
+set the ROOT prerequisite when this is true.  Furthermore, add the
+!ROOT prereq to the above test so it will be skipped when run by root.
+
+Tested:
+- Arch Linux
+- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10
+- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0
+- Fedora 33, 32, 31
+- FreeBSD 12.2, 11.4
+- NetBSD 9.1, 9.0, 8.1
+- OpenBSD 6.8, 6.7, 6.6
+- openSUSE 15.2, 15.1
+- Raspberry Pi OS (Raspbian 10) [armv7l]
+- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS
+---
+ t/0103-munged-security-logfile.t | 4 +++-
+ t/sharness.d/10-root.sh          | 6 ++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+ create mode 100644 t/sharness.d/10-root.sh
+
+diff --git a/t/0103-munged-security-logfile.t b/t/0103-munged-security-logfile.t
+index 40b59a6..9e951b9 100755
+--- a/t/0103-munged-security-logfile.t
+++ b/t/0103-munged-security-logfile.t
+@@ -118,8 +118,10 @@ test_expect_success 'logfile non-regular-file override failure' '
+ '
+ 
+ # Check for an error when the logfile is not writable by user.
+# Skip this test if running as root since the root user will not get the
+#   expected EACCESS failure.
+ ##
+-test_expect_success 'logfile not writable by user failure' '
+test_expect_success !ROOT 'logfile not writable by user failure' '
+     rm -f "${MUNGE_LOGFILE}" &&
+     touch "${MUNGE_LOGFILE}" &&
+     chmod 0400 "${MUNGE_LOGFILE}" &&
+diff --git a/t/sharness.d/10-root.sh b/t/sharness.d/10-root.sh
+new file mode 100644
+index 0000000..5a2fd28
+--- /dev/null
+++ b/t/sharness.d/10-root.sh
+@@ -0,0 +1,6 @@
+##
+# Is the test being run by the root user?
+##
+if test "$(id -u)" = 0; then
+    test_set_prereq ROOT
+fi
+-- 
+2.30.0
+
--- a/0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch
+++ b/0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch
@ -0,0 +1,146 @@
+From 2ad81007d2371f536af9e231490357c928eca53a Mon Sep 17 00:00:00 2001
+From: Chris Dunlap <cdunlap@llnl.gov>
+Date: Wed, 2 Dec 2020 09:50:27 -0800
+Subject: [PATCH 4/4] HKDF: Fix big-endian bug caused by size_t ptr cast
+
+When Fedora updated to 0.5.14 and added the new test suite to their
+rpm spec's %check, munge successfully built but its test suite failed
+on s390x for hkdf_test:
+
+> FAIL: hkdf_test
+> ===============
+> Failed to finalize HKDF MAC ctx for extraction
+
+This is caused by the cast of prklenp from a size_t * to an int *
+in _hkdf_extract().
+
+On s390x, memory ordering is big-endian and size_t is an alias for
+unsigned long.  Thus, a ptr to an 8-byte size_t was being cast to a
+ptr to a 4-byte int.
+
+This worked on little-endian systems (of which all my test systems
+had been) since the least-significant byte is stored at the smallest
+memory address (the little end), and the stored value always fit
+within 4 bytes.  But on big-endian systems, the least-significant
+byte is stored at the largest memory address (the big end) which
+differs for 4-byte and 8-byte values.
+
+Remove the cast by using an int variable as an intermediary.
+
+Reference:
+- https://fedoraproject.org/wiki/Architectures/s390x#Notes_for_application_developers_and_package_maintainers
+- https://bugzilla.redhat.com/show_bug.cgi?id=1923337
+- https://bugs.launchpad.net/bugs/1915457
+- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982564
+
+Tested:
+- Arch Linux
+- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10
+- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0
+- Fedora 33 [s390x, x86_64], 32, 31
+- FreeBSD 12.2, 11.4
+- NetBSD 9.1, 9.0, 8.1
+- OpenBSD 6.8, 6.7, 6.6
+- openSUSE 15.2, 15.1
+- Raspberry Pi OS (Raspbian 10) [armv7l]
+- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS
+
+Closes #91
+---
+ src/common/hkdf.c | 30 ++++++++++++++++++++++++++----
+ 1 file changed, 26 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/hkdf.c b/src/common/hkdf.c
+index ac7ab6f..364f3e0 100644
+--- a/src/common/hkdf.c
+++ b/src/common/hkdf.c
+@@ -32,6 +32,7 @@
+ 
+ #include <assert.h>
+ #include <errno.h>
+#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -316,6 +317,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
+ {
+     mac_ctx mac_ctx;
+     int     mac_ctx_is_initialized = 0;
+    int     prklen;
+     int     rv = 0;
+ 
+     assert (ctxp != NULL);
+@@ -325,6 +327,14 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
+     assert (prklenp != NULL);
+     assert (*prklenp > 0);
+ 
+    /*  Convert prklen size_t to int for the call to mac_final() since the parm
+     *    is being passed as a ptr, and size of size_t and int may differ.
+     *  *prklenp must be representable as an int because it was assigned
+     *    (via ctxp->mdlen) by mac_size() which returns an int.
+     */
+    assert (*prklenp <= INT_MAX);
+    prklen = (int) *prklenp;
+
+     /*  Compute the pseudorandom key.
+      *    prk = HMAC (salt, ikm)
+      */
+@@ -340,7 +350,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
+         log_msg (LOG_ERR, "Failed to update HKDF MAC ctx for extraction");
+         goto err;
+     }
+-    rv = mac_final (&mac_ctx, prk, (int *) prklenp);
+    rv = mac_final (&mac_ctx, prk, &prklen);
+     if (rv == -1) {
+         log_msg (LOG_ERR, "Failed to finalize HKDF MAC ctx for extraction");
+         goto err;
+@@ -352,6 +362,12 @@ err:
+             return -1;
+         }
+     }
+    /*  Update [prklenp] on success.
+     */
+    if (rv >= 0) {
+        assert (prklen >= 0);
+        *prklenp = (size_t) prklen;
+    }
+     return rv;
+ }
+ 
+@@ -371,7 +387,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
+     unsigned char *dstptr;
+     size_t         dstlen;
+     unsigned char *okm = NULL;
+-    size_t         okmlen;
+    int            okmlen;
+     int            num_rounds;
+     const int      max_rounds = 255;
+     unsigned char  round;
+@@ -390,8 +406,14 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
+ 
+     /*  Allocate buffer for output keying material.
+      *  The buffer size is equal to the size of the hash function output.
+     *  Note that okmlen must be an int (and not size_t) for the call to
+     *    mac_final() since the parm is being passed as a ptr, and size of
+     *    size_t and int may differ.
+     *  ctxp->mdlen must be representable as an int because it was assigned
+     *    by mac_size() which returns an int.
+      */
+-    okmlen = ctxp->mdlen;
+    assert (ctxp->mdlen <= INT_MAX);
+    okmlen = (int) ctxp->mdlen;
+     okm = calloc (1, okmlen);
+     if (okm == NULL) {
+         rv = -1;
+@@ -448,7 +470,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
+                     "for expansion round #%u", round);
+             goto err;
+         }
+-        rv = mac_final (&mac_ctx, okm, (int *) &okmlen);
+        rv = mac_final (&mac_ctx, okm, &okmlen);
+         if (rv == -1) {
+             log_msg (LOG_ERR,
+                     "Failed to finalize HKDF MAC ctx "
+-- 
+2.30.0
+
--- a/munge-0.5.13.tar.xz
+++ b/munge-0.5.13.tar.xz
--- a/munge-0.5.14.tar.xz
+++ b/munge-0.5.14.tar.xz
--- a/munge.spec
+++ b/munge.spec
@ -1,5 +1,5 @@
 Name:                munge
-Version:             0.5.13
+Version:             0.5.14
 Release:             1
 Summary:             Enables uid & gid authentication across a host cluster
 License:             GPLv3+ and LGPLv3+
@ -7,6 +7,9 @@ URL:                 https://dun.github.io/munge/
 Source0:             https://github.com/dun/munge/releases/download/munge-%{version}/munge-%{version}.tar.xz
 Source1:             create-munge-key
 Source2:             munge.logrotate
+Patch1:              0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch
+Patch2:              0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch
+Patch3:              0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch
 BuildRequires:       gcc systemd-units zlib-devel bzip2-devel libgcrypt-devel
 Requires:            munge-libs = %{version}-%{release}
 Requires(pre):       shadow-utils
@ -37,6 +40,9 @@ Runtime libraries for using MUNGE.

 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 cp -p %{SOURCE1} create-munge-key
 cp -p %{SOURCE2} munge.logrotate

@ -52,7 +58,6 @@ make install DESTDIR=%{buildroot}
 install -p -m 755 create-munge-key %{buildroot}/%{_sbindir}/create-munge-key
 install -p -D -m 644 munge.logrotate %{buildroot}/%{_sysconfdir}/logrotate.d/munge
 rm %{buildroot}/%{_sysconfdir}/sysconfig/munge
-rm %{buildroot}/%{_initddir}/munge
 rm %{buildroot}/%{_libdir}/libmunge.la
 chmod 700 %{buildroot}%{_var}/lib/munge %{buildroot}%{_var}/log/munge
 chmod 700 %{buildroot}%{_sysconfdir}/munge
@ -80,22 +85,23 @@ exit 0
 %{_bindir}/remunge
 %{_bindir}/unmunge
 %{_sbindir}/munged
+%{_sbindir}/mungekey
 %{_sbindir}/create-munge-key
 %{_mandir}/man1/munge.1.gz
 %{_mandir}/man1/remunge.1.gz
 %{_mandir}/man1/unmunge.1.gz
 %{_mandir}/man7/munge.7.gz
 %{_mandir}/man8/munged.8.gz
+%{_mandir}/man8/mungekey.8.gz
 %{_unitdir}/munge.service
 %attr(0700,munge,munge) %dir  %{_var}/log/munge
 %attr(0700,munge,munge) %dir %{_sysconfdir}/munge
 %attr(0755,munge,munge) %dir  %{_var}/run/munge/
 %attr(0644,munge,munge)    %ghost %{_var}/run/munge/munged.pid
 %attr(0700,munge,munge) %dir  %{_var}/lib/munge
-%config(noreplace) %{_tmpfilesdir}/munge.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/munge
 %doc AUTHORS
-%doc JARGON META NEWS QUICKSTART README
+%doc JARGON NEWS QUICKSTART README
 %doc doc

 %files libs
@ -124,5 +130,8 @@ exit 0
 %{_mandir}/man3/munge_strerror.3.gz

 %changelog
+* Tue Jan 18 2022 SimpleUpdate Robot <tc@openeuler.org> - 0.5.14-1
+- Upgrade to version 0.5.14
+
 * Mon Sep 7 2020 luoshengwei <luoshengwei@huawei.com> - 0.5.13-1
 - package init