diff --git a/0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch b/0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch similarity index 100% rename from 0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch rename to 0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch diff --git a/0027-use-openssl-for-random-data-generation.patch b/0027-use-openssl-for-random-data-generation.patch deleted file mode 100644 index 1f65f01..0000000 --- a/0027-use-openssl-for-random-data-generation.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 9457552a6543fe739a1f090bb657e634a70ffafe Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 22 Jul 2020 15:45:47 +0200 -Subject: [PATCH 1/8] use openssl for random data generation - -48a4e5b475836bcb952fb53a8bde45bdf68fe38f added an openssl dependency, so -use it for obtaining random buffers via RAND_bytes(). - -Suggested-by: Marcus Meissner -Signed-off-by: David Disseldorp ---- - usr/auth.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/usr/auth.c b/usr/auth.c -index a222c53..a1d99e9 100644 ---- a/usr/auth.c -+++ b/usr/auth.c -@@ -43,6 +43,7 @@ static const char acl_authmethod_set_chap_alg_list[] = "CHAP"; - static const char acl_reject_option_name[] = "Reject"; - - #include -+#include - static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); - static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); - static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); -@@ -1008,6 +1009,7 @@ acl_rmt_auth(struct iscsi_acl *client) - enum auth_dbg_status dbg_status; - const char *chap_rsp_key_val; - const char *chap_username_key_val; -+ int ssl_ret = 0; - - switch (client->rmt_state) { - case AUTH_RMT_STATE_SEND_ALG: -@@ -1023,7 +1025,13 @@ acl_rmt_auth(struct iscsi_acl *client) - client->rmt_state = AUTH_RMT_STATE_DONE; - break; - } -- get_random_bytes(id_data, 1); -+ -+ ssl_ret = RAND_bytes(id_data, sizeof(id_data)); -+ if (ssl_ret != 1) { -+ client->rmt_state = AUTH_RMT_STATE_ERROR; -+ client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL; -+ break; -+ } - client->send_chap_identifier = id_data[0]; - snprintf(client->scratch_key_value, AUTH_STR_MAX_LEN, "%lu", - (unsigned long)client->send_chap_identifier); -@@ -1032,8 +1040,13 @@ acl_rmt_auth(struct iscsi_acl *client) - client->scratch_key_value); - - client->send_chap_challenge.length = client->chap_challenge_len; -- get_random_bytes(client->send_chap_challenge.large_binary, -- client->send_chap_challenge.length); -+ ssl_ret = RAND_bytes(client->send_chap_challenge.large_binary, -+ client->send_chap_challenge.length); -+ if (ssl_ret != 1) { -+ client->rmt_state = AUTH_RMT_STATE_ERROR; -+ client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL; -+ break; -+ } - acl_set_key_value(&client->send_key_block, - AUTH_KEY_TYPE_CHAP_CHALLENGE, ""); - --- -1.8.3.1 - diff --git a/0028-drop-unused-get_random_bytes.patch b/0028-drop-unused-get_random_bytes.patch deleted file mode 100644 index 1d84bc1..0000000 --- a/0028-drop-unused-get_random_bytes.patch +++ /dev/null @@ -1,71 +0,0 @@ -From cc51cace064c4a3c459f3c9085006dfb62747525 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 22 Jul 2020 15:58:19 +0200 -Subject: [PATCH 2/8] drop unused get_random_bytes() - -openssl's RAND_bytes() is now used instead, so this can be dropped. - -Suggested-by: Marcus Meissner -Signed-off-by: David Disseldorp ---- - usr/auth.c | 37 ------------------------------------- - 1 file changed, 37 deletions(-) - -diff --git a/usr/auth.c b/usr/auth.c -index a1d99e9..2f7506f 100644 ---- a/usr/auth.c -+++ b/usr/auth.c -@@ -48,7 +48,6 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); - static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); - static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); - --void get_random_bytes(unsigned char *data, unsigned int length); - size_t strlcpy(char *, const char *, size_t); - size_t strlcat(char *, const char *, size_t); - -@@ -218,42 +217,6 @@ static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) { - return md_len; - } - --void --get_random_bytes(unsigned char *data, unsigned int length) --{ -- -- long r; -- unsigned n; -- int fd, r_size = sizeof(r); -- -- fd = open("/dev/urandom", O_RDONLY); -- while (length > 0) { -- -- if (fd == -1 || read(fd, &r, r_size) != r_size) -- r = rand(); -- r = r ^ (r >> 8); -- r = r ^ (r >> 4); -- n = r & 0x7; -- -- if (fd == -1 || read(fd, &r, r_size) != r_size) -- r = rand(); -- r = r ^ (r >> 8); -- r = r ^ (r >> 5); -- n = (n << 3) | (r & 0x7); -- -- if (fd == -1 || read(fd, &r, r_size) != r_size) -- r = rand(); -- r = r ^ (r >> 8); -- r = r ^ (r >> 5); -- n = (n << 2) | (r & 0x3); -- -- *data++ = n; -- length--; -- } -- if (fd) -- close(fd); --} -- - static const char acl_none_option_name[] = "None"; - - static int --- -1.8.3.1 - diff --git a/0031-iscsiadm-buffer-overflow-regression-when-discovering.patch b/0028-iscsiadm-buffer-overflow-regression-when-discovering.patch similarity index 100% rename from 0031-iscsiadm-buffer-overflow-regression-when-discovering.patch rename to 0028-iscsiadm-buffer-overflow-regression-when-discovering.patch diff --git a/0029-Preparing-for-version-2.1.2.patch b/0029-Preparing-for-version-2.1.2.patch deleted file mode 100644 index d7d2664..0000000 --- a/0029-Preparing-for-version-2.1.2.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 802688debcd88c48edabe86deb7e7ed47ebadc26 Mon Sep 17 00:00:00 2001 -From: Lee Duncan -Date: Fri, 24 Jul 2020 17:39:50 -0700 -Subject: [PATCH 3/8] Preparing for version 2.1.2 - ---- - Changelog | 43 +++++++++++++++++++++++++++++++++++++++++++ - libopeniscsiusr/version.h | 2 +- - usr/version.h | 2 +- - 3 files changed, 45 insertions(+), 2 deletions(-) - -diff --git a/Changelog b/Changelog -index 9af7bf1..29133ee 100644 ---- a/Changelog -+++ b/Changelog -@@ -1,3 +1,46 @@ -+open-iscsi-2.1.0 - open-iscsi-2.1.2 -+ -+Christian Glombek (1): -+ Add iscsi-init.service -+ -+David Disseldorp (2): -+ use openssl for random data generation -+ drop unused get_random_bytes() -+ -+Lee Duncan (10): -+ Fix iscsi.service so it handles restarts better -+ Fix issue where "iscsi-iname -p" core dumps. -+ Add Wants=remote-fs-pre.target for sequencing. -+ Change include of to -+ Fix type mismatch under musl. -+ More changes for musl. -+ Ignore iface.example in iface match checks -+ Fix issue with zero-length arrays at end of struct -+ Fix a compiler complaint about writing one byte -+ Fix compiler complaint about string copy in iscsiuio -+ -+Luis.wu (1): -+ Update iscsi-iname.c -+ -+Rafael David Tinoco (1): -+ Misspelled socket name might cause confusion to inexperienced user. -+ -+Wu Bo (2): -+ iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix -+ log:modify iSCSI shared memory permissions for logs -+ -+fredvx (1): -+ Fix SIGPIPE loop in signal handler -+ -+gulams (1): -+ Proper disconnect of TCP connection -+ -+wubo009 (3): -+ iscsi: Add break to while loop -+ iscsi: fix fd leak -+ iscsi/libopeniscsiusr:add libopeniscsiuser_node.h to HEADERS -+ -+ - open-iscsi-2.1.0 - open-iscsi-2.1.1 - - # output from "git shortlog --no-merges 2.1.0..HEAD" -diff --git a/libopeniscsiusr/version.h b/libopeniscsiusr/version.h -index 9be3905..97031b0 100644 ---- a/libopeniscsiusr/version.h -+++ b/libopeniscsiusr/version.h -@@ -25,6 +25,6 @@ - * This may not be the same value as the kernel versions because - * some other maintainer could merge a patch without going through us - */ --#define ISCSI_VERSION_STR "2.1.1" -+#define ISCSI_VERSION_STR "2.1.2" - - #endif /* End of __ISCSI_OPEN_USR_VERSION_H__ */ -diff --git a/usr/version.h b/usr/version.h -index 4fa9179..115a11c 100644 ---- a/usr/version.h -+++ b/usr/version.h -@@ -6,7 +6,7 @@ - * This may not be the same value as the kernel versions because - * some other maintainer could merge a patch without going through us - */ --#define ISCSI_VERSION_STR "2.1.1" -+#define ISCSI_VERSION_STR "2.1.2" - #define ISCSI_VERSION_FILE "/sys/module/scsi_transport_iscsi/version" - - #endif --- -1.8.3.1 - diff --git a/open-iscsi.spec b/open-iscsi.spec index 61267f9..f41d02e 100644 --- a/open-iscsi.spec +++ b/open-iscsi.spec @@ -35,11 +35,8 @@ Patch23: 0023-Proper-disconnect-of-TCP-connection.patch Patch24: 0024-Add-iscsi-init.service.patch Patch25: 0025-Fix-issue-with-zero-length-arrays-at-end-of-struct.patch Patch26: 0026-Fix-a-compiler-complaint-about-writing-one-byte.patch -Patch27: 0027-use-openssl-for-random-data-generation.patch -Patch28: 0028-drop-unused-get_random_bytes.patch -Patch29: 0029-Preparing-for-version-2.1.2.patch -Patch30: 0030-iscsid-Check-Invalid-Session-id-for-stop-connection.patch -Patch31: 0031-iscsiadm-buffer-overflow-regression-when-discovering.patch +Patch27: 0027-iscsid-Check-Invalid-Session-id-for-stop-connection.patch +Patch28: 0028-iscsiadm-buffer-overflow-regression-when-discovering.patch BuildRequires: flex bison doxygen kmod-devel systemd-units gcc git isns-utils-devel systemd-devel BuildRequires: autoconf automake libtool libmount-devel openssl-devel pkg-config gdb