diff --git a/0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch b/0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch deleted file mode 100644 index c47079e..0000000 --- a/0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch +++ /dev/null @@ -1,67 +0,0 @@ -From f7333277c2709b147e2f2a3ab357ec3a195fb1f5 Mon Sep 17 00:00:00 2001 -From: Chris Dunlap -Date: Fri, 4 Dec 2020 21:31:34 -0800 -Subject: [PATCH 2/4] Sharness: Fix dup of failing check when run by root - -When the test suite is run by root, the following two failures occur in -"0103-munged-security-logfile.t": - - 10 - logfile not writable by user failure - 31 - logfile failure writes single message to stderr - -This second test, "logfile failure writes single message to stderr", -checks for a regression of a duplicate error message being written to -stderr by forcing an expected failure -- namely, setting the logfile -perms to 0400 and expecting an error when opening the logfile because -the user does not have write-permissions. This expected failure is -the check being performed in the first test, "logfile not writable -by user failure". - -Fix the test for "logfile failure writes single message to stderr" -by forcing a different error that is not affected by root privileges. -In particular, set the logfile perms to 0602 which will fail because -the logfile is now writable by other; this will fail regardless of -whether or not the user is root. - -Tested: -- Arch Linux -- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10 -- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0 -- Fedora 33, 32, 31 -- FreeBSD 12.2, 11.4 -- NetBSD 9.1, 9.0, 8.1 -- OpenBSD 6.8, 6.7, 6.6 -- openSUSE 15.2, 15.1 -- Raspberry Pi OS (Raspbian 10) [armv7l] -- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS ---- - t/0103-munged-security-logfile.t | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/t/0103-munged-security-logfile.t b/t/0103-munged-security-logfile.t -index fafd973..40b59a6 100755 ---- a/t/0103-munged-security-logfile.t -+++ b/t/0103-munged-security-logfile.t -@@ -343,14 +343,16 @@ test_expect_success 'logfile dir writable by other with sticky bit' ' - chmod 0755 "${MUNGE_LOGDIR}" - ' - --# Check for a regression of a duplicate error message being written to stderr --# for a failure to open the logfile. -+# Check for a regression of a duplicate error message being written to stderr. -+# To generate an error, test for the logfile being writable by other since this -+# will not be affected by root privileges. -+# - ## - test_expect_success 'logfile failure writes single message to stderr' ' - local ERR NUM && - rm -f "${MUNGE_LOGFILE}" && - touch "${MUNGE_LOGFILE}" && -- chmod 0400 "${MUNGE_LOGFILE}" && -+ chmod 0602 "${MUNGE_LOGFILE}" && - test_must_fail munged_start_daemon t-keep-logfile 2>err.$$ && - cat err.$$ && - ERR=$(sed -n -e "s/.*Error: //p" err.$$ | sort | uniq -c | sort -n -r) && --- -2.30.0 - diff --git a/0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch b/0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch deleted file mode 100644 index a6bc3f8..0000000 --- a/0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 014cff3c0ba16fc645eeceeb16eb6be8132c59fd Mon Sep 17 00:00:00 2001 -From: Chris Dunlap -Date: Fri, 4 Dec 2020 23:50:39 -0800 -Subject: [PATCH 3/4] Sharness: Fix EACCES failure succeeding for root - -When the test suite is run by root, the following failure occurs in -"0103-munged-security-logfile.t": - - 10 - logfile not writable by user failure - -This sets the logfile perms to 0400 to check for an error when the -logfile is not writable by the user. However, root will not get a -"permission denied" error here. Consequently, the expected failure -erroneously succeeds. - -Add a check for whether the test is being run by the root user, and -set the ROOT prerequisite when this is true. Furthermore, add the -!ROOT prereq to the above test so it will be skipped when run by root. - -Tested: -- Arch Linux -- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10 -- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0 -- Fedora 33, 32, 31 -- FreeBSD 12.2, 11.4 -- NetBSD 9.1, 9.0, 8.1 -- OpenBSD 6.8, 6.7, 6.6 -- openSUSE 15.2, 15.1 -- Raspberry Pi OS (Raspbian 10) [armv7l] -- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS ---- - t/0103-munged-security-logfile.t | 4 +++- - t/sharness.d/10-root.sh | 6 ++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - create mode 100644 t/sharness.d/10-root.sh - -diff --git a/t/0103-munged-security-logfile.t b/t/0103-munged-security-logfile.t -index 40b59a6..9e951b9 100755 ---- a/t/0103-munged-security-logfile.t -+++ b/t/0103-munged-security-logfile.t -@@ -118,8 +118,10 @@ test_expect_success 'logfile non-regular-file override failure' ' - ' - - # Check for an error when the logfile is not writable by user. -+# Skip this test if running as root since the root user will not get the -+# expected EACCESS failure. - ## --test_expect_success 'logfile not writable by user failure' ' -+test_expect_success !ROOT 'logfile not writable by user failure' ' - rm -f "${MUNGE_LOGFILE}" && - touch "${MUNGE_LOGFILE}" && - chmod 0400 "${MUNGE_LOGFILE}" && -diff --git a/t/sharness.d/10-root.sh b/t/sharness.d/10-root.sh -new file mode 100644 -index 0000000..5a2fd28 ---- /dev/null -+++ b/t/sharness.d/10-root.sh -@@ -0,0 +1,6 @@ -+## -+# Is the test being run by the root user? -+## -+if test "$(id -u)" = 0; then -+ test_set_prereq ROOT -+fi --- -2.30.0 - diff --git a/0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch b/0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch deleted file mode 100644 index 8a56ab2..0000000 --- a/0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 2ad81007d2371f536af9e231490357c928eca53a Mon Sep 17 00:00:00 2001 -From: Chris Dunlap -Date: Wed, 2 Dec 2020 09:50:27 -0800 -Subject: [PATCH 4/4] HKDF: Fix big-endian bug caused by size_t ptr cast - -When Fedora updated to 0.5.14 and added the new test suite to their -rpm spec's %check, munge successfully built but its test suite failed -on s390x for hkdf_test: - -> FAIL: hkdf_test -> =============== -> Failed to finalize HKDF MAC ctx for extraction - -This is caused by the cast of prklenp from a size_t * to an int * -in _hkdf_extract(). - -On s390x, memory ordering is big-endian and size_t is an alias for -unsigned long. Thus, a ptr to an 8-byte size_t was being cast to a -ptr to a 4-byte int. - -This worked on little-endian systems (of which all my test systems -had been) since the least-significant byte is stored at the smallest -memory address (the little end), and the stored value always fit -within 4 bytes. But on big-endian systems, the least-significant -byte is stored at the largest memory address (the big end) which -differs for 4-byte and 8-byte values. - -Remove the cast by using an int variable as an intermediary. - -Reference: -- https://fedoraproject.org/wiki/Architectures/s390x#Notes_for_application_developers_and_package_maintainers -- https://bugzilla.redhat.com/show_bug.cgi?id=1923337 -- https://bugs.launchpad.net/bugs/1915457 -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982564 - -Tested: -- Arch Linux -- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10 -- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0 -- Fedora 33 [s390x, x86_64], 32, 31 -- FreeBSD 12.2, 11.4 -- NetBSD 9.1, 9.0, 8.1 -- OpenBSD 6.8, 6.7, 6.6 -- openSUSE 15.2, 15.1 -- Raspberry Pi OS (Raspbian 10) [armv7l] -- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS - -Closes #91 ---- - src/common/hkdf.c | 30 ++++++++++++++++++++++++++---- - 1 file changed, 26 insertions(+), 4 deletions(-) - -diff --git a/src/common/hkdf.c b/src/common/hkdf.c -index ac7ab6f..364f3e0 100644 ---- a/src/common/hkdf.c -+++ b/src/common/hkdf.c -@@ -32,6 +32,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -316,6 +317,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp) - { - mac_ctx mac_ctx; - int mac_ctx_is_initialized = 0; -+ int prklen; - int rv = 0; - - assert (ctxp != NULL); -@@ -325,6 +327,14 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp) - assert (prklenp != NULL); - assert (*prklenp > 0); - -+ /* Convert prklen size_t to int for the call to mac_final() since the parm -+ * is being passed as a ptr, and size of size_t and int may differ. -+ * *prklenp must be representable as an int because it was assigned -+ * (via ctxp->mdlen) by mac_size() which returns an int. -+ */ -+ assert (*prklenp <= INT_MAX); -+ prklen = (int) *prklenp; -+ - /* Compute the pseudorandom key. - * prk = HMAC (salt, ikm) - */ -@@ -340,7 +350,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp) - log_msg (LOG_ERR, "Failed to update HKDF MAC ctx for extraction"); - goto err; - } -- rv = mac_final (&mac_ctx, prk, (int *) prklenp); -+ rv = mac_final (&mac_ctx, prk, &prklen); - if (rv == -1) { - log_msg (LOG_ERR, "Failed to finalize HKDF MAC ctx for extraction"); - goto err; -@@ -352,6 +362,12 @@ err: - return -1; - } - } -+ /* Update [prklenp] on success. -+ */ -+ if (rv >= 0) { -+ assert (prklen >= 0); -+ *prklenp = (size_t) prklen; -+ } - return rv; - } - -@@ -371,7 +387,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen, - unsigned char *dstptr; - size_t dstlen; - unsigned char *okm = NULL; -- size_t okmlen; -+ int okmlen; - int num_rounds; - const int max_rounds = 255; - unsigned char round; -@@ -390,8 +406,14 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen, - - /* Allocate buffer for output keying material. - * The buffer size is equal to the size of the hash function output. -+ * Note that okmlen must be an int (and not size_t) for the call to -+ * mac_final() since the parm is being passed as a ptr, and size of -+ * size_t and int may differ. -+ * ctxp->mdlen must be representable as an int because it was assigned -+ * by mac_size() which returns an int. - */ -- okmlen = ctxp->mdlen; -+ assert (ctxp->mdlen <= INT_MAX); -+ okmlen = (int) ctxp->mdlen; - okm = calloc (1, okmlen); - if (okm == NULL) { - rv = -1; -@@ -448,7 +470,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen, - "for expansion round #%u", round); - goto err; - } -- rv = mac_final (&mac_ctx, okm, (int *) &okmlen); -+ rv = mac_final (&mac_ctx, okm, &okmlen); - if (rv == -1) { - log_msg (LOG_ERR, - "Failed to finalize HKDF MAC ctx " --- -2.30.0 - diff --git a/munge-0.5.14.tar.xz b/munge-0.5.14.tar.xz deleted file mode 100644 index cacf24b..0000000 Binary files a/munge-0.5.14.tar.xz and /dev/null differ diff --git a/munge-0.5.15.tar.xz b/munge-0.5.15.tar.xz new file mode 100644 index 0000000..07ec203 Binary files /dev/null and b/munge-0.5.15.tar.xz differ diff --git a/munge.spec b/munge.spec index 8d6003a..8feffc1 100644 --- a/munge.spec +++ b/munge.spec @@ -1,5 +1,5 @@ Name: munge -Version: 0.5.14 +Version: 0.5.15 Release: 1 Summary: Enables uid & gid authentication across a host cluster License: GPLv3+ and LGPLv3+ @@ -7,9 +7,6 @@ URL: https://dun.github.io/munge/ Source0: https://github.com/dun/munge/releases/download/munge-%{version}/munge-%{version}.tar.xz Source1: create-munge-key Source2: munge.logrotate -Patch1: 0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch -Patch2: 0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch -Patch3: 0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch BuildRequires: gcc systemd-units zlib-devel bzip2-devel libgcrypt-devel Requires: munge-libs = %{version}-%{release} Requires(pre): shadow-utils @@ -39,10 +36,7 @@ Summary: Runtime libs for uid * gid authentication across a host clu Runtime libraries for using MUNGE. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%autosetup -p1 cp -p %{SOURCE1} create-munge-key cp -p %{SOURCE2} munge.logrotate @@ -61,6 +55,7 @@ rm %{buildroot}/%{_sysconfdir}/sysconfig/munge rm %{buildroot}/%{_libdir}/libmunge.la chmod 700 %{buildroot}%{_var}/lib/munge %{buildroot}%{_var}/log/munge chmod 700 %{buildroot}%{_sysconfdir}/munge +mkdir -p %{buildroot}%{_var}/run/munge touch %{buildroot}%{_var}/run/munge/munged.pid %postun @@ -130,6 +125,9 @@ exit 0 %{_mandir}/man3/munge_strerror.3.gz %changelog +* Mon May 8 2023 panxiaohe - 0.5.15-1 +- Upgrade to version 0.5.15 + * Tue Jan 18 2022 SimpleUpdate Robot - 0.5.14-1 - Upgrade to version 0.5.14