[Debian-ha-commits] [pcs] 01/10: New upstream version 0.9.164
Valentin Vidic
vvidic-guest at moszumanska.debian.org
Fri Apr 13 08:29:58 UTC 2018
This is an automated email from the git hooks/post-receive script.
vvidic-guest pushed a commit to branch master
in repository pcs.
commit 83ebab29fe8453e8c6be4f4f1ad9b57556cd3af8
Author: Valentin Vidic <Valentin.Vidic at CARNet.hr>
Date: Tue Apr 10 11:25:52 2018 +0200
New upstream version 0.9.164
---
CHANGELOG.md | 15 ++++++++++++++
pcs/cluster.py | 2 +-
pcs/lib/booth/env.py | 5 ++++-
.../test/cluster/{verify.py => test_verify.py} | 0
pcs/lib/commands/test/remote_node/fixtures_add.py | 1 +
pcs/lib/commands/test/sbd/test_enable_sbd.py | 10 +++++++++-
pcs/lib/commands/test/test_booth.py | 4 ++--
pcs/lib/pacemaker/env.py | 1 +
pcs/pcs.8 | 4 ++--
pcs/settings_default.py | 4 ++--
pcs/snmp/pcs_snmp_agent.8 | 2 +-
pcs/test/tools/assertions.py | 2 +-
pcs/usage.py | 3 ++-
pcsd/Gemfile | 7 +------
pcsd/Gemfile.lock | 5 +----
pcsd/Makefile | 23 ++++++++++------------
pcsd/bootstrap.rb | 2 +-
pcsd/config.rb | 11 +++++------
pcsd/pcsd-cli.rb | 3 +--
pcsd/pcsd.8 | 2 +-
pcsd/pcsd.rb | 15 +++++++++-----
pcsd/pcsd_file.rb | 5 +++++
pcsd/permissions.rb | 4 +---
setup.py | 2 +-
24 files changed, 78 insertions(+), 54 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f550f42..7f47100 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,20 @@
# Change Log
+## [0.9.164] - 2018-04-09
+
+### Security
+- CVE-2018-1086: Debug parameter removal bypass, allowing information disclosure
+ ([rhbz#1557366])
+- CVE-2018-1079: Privilege escalation via authorized user malicious REST call
+ ([rhbz#1550243])
+- CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
+ ([rhbz#1534027])
+
+[rhbz#1534027]: https://bugzilla.redhat.com/show_bug.cgi?id=1534027
+[rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243
+[rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366
+
+
## [0.9.163] - 2018-02-20
### Added
diff --git a/pcs/cluster.py b/pcs/cluster.py
index 50f05f7..d7158b1 100644
--- a/pcs/cluster.py
+++ b/pcs/cluster.py
@@ -1834,7 +1834,7 @@ def node_add(lib_env, node0, node1, modifiers):
com_cmd = DistributeFiles(
lib_env.report_processor,
node_communication_format.corosync_authkey_file(
- open(settings.corosync_authkey_file).read()
+ open(settings.corosync_authkey_file, "rb").read()
),
# added force, it was missing before
# but it doesn't make sence here
diff --git a/pcs/lib/booth/env.py b/pcs/lib/booth/env.py
index c5a69b7..fd31b99 100644
--- a/pcs/lib/booth/env.py
+++ b/pcs/lib/booth/env.py
@@ -61,7 +61,10 @@ def set_keyfile_access(file_path):
except EnvironmentError as e:
raise report_keyfile_io_error(file_path, "chown", e)
try:
- os.chmod(file_path, settings.pacemaker_authkey_file_mode)
+ # According to booth documentation, user and group of booth authfile
+ # should be set to hacluster/haclient (created and used by pacemaker)
+ # but mode of file doesn't need to be same as pacemaker authfile.
+ os.chmod(file_path, settings.booth_authkey_file_mode)
except EnvironmentError as e:
raise report_keyfile_io_error(file_path, "chmod", e)
diff --git a/pcs/lib/commands/test/cluster/verify.py b/pcs/lib/commands/test/cluster/test_verify.py
similarity index 100%
rename from pcs/lib/commands/test/cluster/verify.py
rename to pcs/lib/commands/test/cluster/test_verify.py
diff --git a/pcs/lib/commands/test/remote_node/fixtures_add.py b/pcs/lib/commands/test/remote_node/fixtures_add.py
index 2b674b8..a4c2092 100644
--- a/pcs/lib/commands/test/remote_node/fixtures_add.py
+++ b/pcs/lib/commands/test/remote_node/fixtures_add.py
@@ -82,6 +82,7 @@ class EnvConfigMixin(object):
self.config.fs.open(
self.PCMK_AUTHKEY_PATH,
+ mode="rb",
**kwargs
)
diff --git a/pcs/lib/commands/test/sbd/test_enable_sbd.py b/pcs/lib/commands/test/sbd/test_enable_sbd.py
index d0be0f4..32fd401 100644
--- a/pcs/lib/commands/test/sbd/test_enable_sbd.py
+++ b/pcs/lib/commands/test/sbd/test_enable_sbd.py
@@ -11,7 +11,7 @@ from pcs.common import report_codes
from pcs.lib.commands.sbd import enable_sbd, ALLOWED_SBD_OPTION_LIST
from pcs.test.tools import fixture
from pcs.test.tools.command_env import get_env_tools
-from pcs.test.tools.pcs_unittest import TestCase
+from pcs.test.tools.pcs_unittest import TestCase, mock
from pcs.test.tools.misc import get_test_resource, outdent
from pcs.lib.corosync.config_parser import parse_string
@@ -367,6 +367,7 @@ class EvenNumOfNodes(TestCase):
_sbd_enable_successful_report_list_fixture(self.node_list)
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_no_device(self):
config_generator = lambda node: self.sbd_config_template.format(
node_name=node, devices="",
@@ -563,6 +564,7 @@ class OfflineNodes(TestCase):
_sbd_enable_successful_report_list_fixture(self.online_node_list)
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_ignore_offline_nodes_atb_needed(self):
self.config.http.sbd.check_sbd(
communication_list=[
@@ -1132,6 +1134,7 @@ class FailureHandling(TestCase):
for name in self.config.calls.names[-n:]:
self.config.calls.remove(name)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_enable_failed(self):
self.config.http.sbd.enable_sbd(
communication_list=self.communication_list_failure
@@ -1166,6 +1169,7 @@ class FailureHandling(TestCase):
]
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_enable_not_connected(self):
self.config.http.sbd.enable_sbd(
communication_list=self.communication_list_not_connected
@@ -1200,6 +1204,7 @@ class FailureHandling(TestCase):
]
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_removing_stonith_wd_timeout_failure(self):
self._remove_calls(2)
self.config.http.pcmk.remove_stonith_watchdog_timeout(
@@ -1230,6 +1235,7 @@ class FailureHandling(TestCase):
]
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_removing_stonith_wd_timeout_not_connected(self):
self._remove_calls(2)
self.config.http.pcmk.remove_stonith_watchdog_timeout(
@@ -1260,6 +1266,7 @@ class FailureHandling(TestCase):
]
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_removing_stonith_wd_timeout_complete_failure(self):
self._remove_calls(2)
self.config.http.pcmk.remove_stonith_watchdog_timeout(
@@ -1305,6 +1312,7 @@ class FailureHandling(TestCase):
]
)
+ @mock.patch("pcs.lib.external.is_systemctl", lambda: True)
def test_set_sbd_config_failure(self):
self._remove_calls(4)
self.config.http.sbd.set_sbd_config(
diff --git a/pcs/lib/commands/test/test_booth.py b/pcs/lib/commands/test/test_booth.py
index c9af6ff..7805af0 100644
--- a/pcs/lib/commands/test/test_booth.py
+++ b/pcs/lib/commands/test/test_booth.py
@@ -935,7 +935,7 @@ class PullConfigWithAuthfileSuccess(PullConfigWithAuthfile):
name="fs.open.authfile.write"
)
.fs.chown(self.authfile_path, self.pcmk_uid, self.pcmk_gid)
- .fs.chmod(self.authfile_path, settings.pacemaker_authkey_file_mode)
+ .fs.chmod(self.authfile_path, settings.booth_authkey_file_mode)
)
self.addCleanup(
@@ -1150,7 +1150,7 @@ class PullConfigWithAuthfileFailure(PullConfigWithAuthfile):
self.authfile_path, self.pcmk_uid, self.pcmk_gid,
)
.fs.chmod(
- self.authfile_path, settings.pacemaker_authkey_file_mode,
+ self.authfile_path, settings.booth_authkey_file_mode,
side_effect=EnvironmentError(1, self.reason, self.authfile_path)
)
)
diff --git a/pcs/lib/pacemaker/env.py b/pcs/lib/pacemaker/env.py
index 43f3b07..933bac1 100644
--- a/pcs/lib/pacemaker/env.py
+++ b/pcs/lib/pacemaker/env.py
@@ -17,6 +17,7 @@ class PacemakerEnv(object):
self.__authkey = RealFile(
file_role=env_file_role_codes.PACEMAKER_AUTHKEY,
file_path=settings.pacemaker_authkey_file,
+ is_binary=True,
)
@property
diff --git a/pcs/pcs.8 b/pcs/pcs.8
index fc85164..54dbb34 100644
--- a/pcs/pcs.8
+++ b/pcs/pcs.8
@@ -1,4 +1,4 @@
-.TH PCS "8" "February 2018" "pcs 0.9.163" "System Administration Utilities"
+.TH PCS "8" "April 2018" "pcs 0.9.164" "System Administration Utilities"
.SH NAME
pcs \- pacemaker/corosync configuration system
.SH SYNOPSIS
@@ -213,7 +213,7 @@ Configure corosync and sync configuration out to listed nodes. \fB\-\-local\fR w
\fB\-\-ipv6\fR will configure corosync to use ipv6 (instead of ipv4). This option is not supported on CMAN clusters.
-\fB\-\-token\fR <timeout> sets time in milliseconds until a token loss is declared after not receiving a token (default 1000 ms)
+\fB\-\-token\fR <timeout> sets time in milliseconds until a token loss is declared after not receiving a token (default 1000 ms; 10000 ms for CMAN clusters)
\fB\-\-token_coefficient\fR <timeout> sets time in milliseconds used for clusters with at least 3 nodes as a coefficient for real token timeout calculation (token + (number_of_nodes - 2) * token_coefficient) (default 650 ms) This option is not supported on CMAN clusters.
diff --git a/pcs/settings_default.py b/pcs/settings_default.py
index 0f28a72..a002788 100644
--- a/pcs/settings_default.py
+++ b/pcs/settings_default.py
@@ -21,14 +21,14 @@ corosync_qdevice_net_client_certs_dir = os.path.join(
corosync_qdevice_net_client_ca_file_name = "qnetd-cacert.crt"
corosync_authkey_file = os.path.join(corosync_conf_dir, "authkey")
pacemaker_authkey_file = "/etc/pacemaker/authkey"
-pacemaker_authkey_file_mode = 0o600
+booth_authkey_file_mode = 0o600
cluster_conf_file = "/etc/cluster/cluster.conf"
fence_agent_binaries = "/usr/sbin/"
pengine_binary = "/usr/libexec/pacemaker/pengine"
crmd_binary = "/usr/libexec/pacemaker/crmd"
cib_binary = "/usr/libexec/pacemaker/cib"
stonithd_binary = "/usr/libexec/pacemaker/stonithd"
-pcs_version = "0.9.163"
+pcs_version = "0.9.164"
crm_report = pacemaker_binaries + "crm_report"
crm_verify = pacemaker_binaries + "crm_verify"
crm_mon_schema = '/usr/share/pacemaker/crm_mon.rng'
diff --git a/pcs/snmp/pcs_snmp_agent.8 b/pcs/snmp/pcs_snmp_agent.8
index 99164a5..b2659af 100644
--- a/pcs/snmp/pcs_snmp_agent.8
+++ b/pcs/snmp/pcs_snmp_agent.8
@@ -1,4 +1,4 @@
-.TH PCS_SNMP_AGENT "8" "February 2018" "pcs-snmp 0.9.163" "System Administration Utilities"
+.TH PCS_SNMP_AGENT "8" "April 2018" "pcs-snmp 0.9.164" "System Administration Utilities"
.SH NAME
pcs_snmp_agent \- a SNMP agent providing data about a corosync/pacemaker cluster
diff --git a/pcs/test/tools/assertions.py b/pcs/test/tools/assertions.py
index d9193e4..17825a1 100644
--- a/pcs/test/tools/assertions.py
+++ b/pcs/test/tools/assertions.py
@@ -265,7 +265,7 @@ def _expected_report_item_format(report_item_expectation):
),
report_item_expectation[1],
_format_report_item_info(report_item_expectation[2]),
- report_item_expectation[3]
+ report_item_expectation[3] if len(report_item_expectation) > 3 else None
)
def _format_report_item(report_item):
diff --git a/pcs/usage.py b/pcs/usage.py
index ffd2259..c414e51 100644
--- a/pcs/usage.py
+++ b/pcs/usage.py
@@ -614,7 +614,8 @@ Commands:
--ipv6 will configure corosync to use ipv6 (instead of ipv4). This
option is not supported on CMAN clusters.
--token <timeout> sets time in milliseconds until a token loss is
- declared after not receiving a token (default 1000 ms)
+ declared after not receiving a token (default 1000 ms;
+ 10000 ms for CMAN clusters)
--token_coefficient <timeout> sets time in milliseconds used for
clusters with at least 3 nodes as a coefficient for real token
timeout calculation
diff --git a/pcsd/Gemfile b/pcsd/Gemfile
index e01b31c..6418fd4 100644
--- a/pcsd/Gemfile
+++ b/pcsd/Gemfile
@@ -1,9 +1,5 @@
source 'https://rubygems.org'
-source 'https://tojeline.fedorapeople.org/rubygems/' do
- gem 'rpam-ruby19-feist', :platform => :ruby_18
-end
-
gem 'sinatra'
gem 'sinatra-contrib'
gem 'rack'
@@ -11,10 +7,9 @@ gem 'rack-protection'
gem 'tilt'
gem 'rack-test'
gem 'backports'
-gem 'rpam-ruby19', :platform => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
+gem 'rpam-ruby19'
gem 'json'
gem 'multi_json'
gem 'open4'
-gem 'orderedhash'
gem 'ffi'
gem 'ethon'
diff --git a/pcsd/Gemfile.lock b/pcsd/Gemfile.lock
index dcb0d05..8892aa9 100644
--- a/pcsd/Gemfile.lock
+++ b/pcsd/Gemfile.lock
@@ -1,6 +1,5 @@
GEM
remote: https://rubygems.org/
- remote: https://tojeline.fedorapeople.org/rubygems/
specs:
backports (3.9.1)
ethon (0.10.1)
@@ -8,9 +7,8 @@ GEM
json (2.1.0)
multi_json (1.12.2)
open4 (1.3.4)
- orderedhash (0.0.6)
rack (1.6.4)
- rack-protection (1.5.3)
+ rack-protection (1.5.5)
rack
rack-test (0.7.0)
rack (>= 1.0)
@@ -38,7 +36,6 @@ DEPENDENCIES
json
multi_json
open4
- orderedhash
rack
rack-protection
rack-test
diff --git a/pcsd/Makefile b/pcsd/Makefile
index d452ac0..d7d98f6 100644
--- a/pcsd/Makefile
+++ b/pcsd/Makefile
@@ -12,25 +12,22 @@ build_gems: get_gems
fi; \
done;
-# RHEL6 needs special rpam-ruby19 gem to work with 1.8.7
-# also bundler is not available on RHEL6 in rpm
-build_gems_rhel6:
+build_gems_without_bundler:
mkdir -p vendor/bundle/ruby
- gem install --verbose --no-rdoc --no-ri -l -i vendor/bundle/ruby \
- vendor/cache/backports-3.6.8.gem \
- vendor/cache/ethon-0.9.1.gem \
+ gem install --verbose --no-rdoc --no-ri -l --ignore-dependencies -i vendor/bundle/ruby \
+ vendor/cache/backports-3.9.1.gem \
+ vendor/cache/ethon-0.10.1.gem \
vendor/cache/ffi-${FFI_VERSION}.gem \
- vendor/cache/json-2.0.3.gem \
- vendor/cache/multi_json-1.12.1.gem \
+ vendor/cache/json-2.1.0.gem \
+ vendor/cache/multi_json-1.12.2.gem \
vendor/cache/open4-1.3.4.gem \
- vendor/cache/orderedhash-0.0.6.gem \
vendor/cache/rack-1.6.4.gem \
- vendor/cache/rack-protection-1.5.3.gem \
- vendor/cache/rack-test-0.6.3.gem \
- vendor/cache/rpam-ruby19-feist-1.2.1.1.gem \
+ vendor/cache/rack-protection-1.5.5.gem \
+ vendor/cache/rack-test-0.7.0.gem \
+ vendor/cache/rpam-ruby19-1.2.1.gem \
vendor/cache/sinatra-1.4.8.gem \
vendor/cache/sinatra-contrib-1.4.7.gem \
- vendor/cache/tilt-2.0.6.gem \
+ vendor/cache/tilt-2.0.8.gem \
-- '--with-ldflags="-Wl,-z,now -Wl,-z,relro"'
get_gems:
diff --git a/pcsd/bootstrap.rb b/pcsd/bootstrap.rb
index e2f219c..d62e585 100644
--- a/pcsd/bootstrap.rb
+++ b/pcsd/bootstrap.rb
@@ -49,7 +49,7 @@ def get_pcs_path()
end
end
-PCS_VERSION = '0.9.163'
+PCS_VERSION = '0.9.164'
# unique instance signature, allows detection of dameon restarts
DAEMON_INSTANCE_SIGNATURE = Digest::SHA2.hexdigest("#{Time.now} #{rand()}")
COROSYNC = COROSYNC_BINARIES + "corosync"
diff --git a/pcsd/config.rb b/pcsd/config.rb
index 23738a3..acd08f8 100644
--- a/pcsd/config.rb
+++ b/pcsd/config.rb
@@ -1,5 +1,4 @@
require 'json'
-require 'orderedhash'
require 'cluster.rb'
require 'permissions.rb'
@@ -124,15 +123,15 @@ class PCSConfig
end
def text()
- out_hash = OrderedHash.new
+ out_hash = Hash.new
out_hash['format_version'] = CURRENT_FORMAT
out_hash['data_version'] = @data_version
out_hash['clusters'] = []
- out_hash['permissions'] = OrderedHash.new
+ out_hash['permissions'] = Hash.new
out_hash['permissions']['local_cluster'] = []
@clusters.each { |c|
- c_hash = OrderedHash.new
+ c_hash = Hash.new
c_hash['name'] = c.name
c_hash['nodes'] = c.nodes.uniq.sort
out_hash['clusters'] << c_hash
@@ -182,7 +181,7 @@ class PCSConfig
end
def hash_to_ordered_hash(hash)
- new_hash = OrderedHash.new
+ new_hash = Hash.new
hash.keys.sort.each { |key| new_hash[key] = hash[key] }
return new_hash
end
@@ -235,7 +234,7 @@ class PCSTokens
end
def text()
- out_hash = OrderedHash.new
+ out_hash = Hash.new
out_hash['format_version'] = CURRENT_FORMAT
out_hash['data_version'] = @data_version
out_hash['tokens'] = hash_to_ordered_hash(@tokens)
diff --git a/pcsd/pcsd-cli.rb b/pcsd/pcsd-cli.rb
index 3c1d078..08a09ca 100755
--- a/pcsd/pcsd-cli.rb
+++ b/pcsd/pcsd-cli.rb
@@ -4,7 +4,6 @@ require 'rubygems'
require 'etc'
require 'json'
require 'stringio'
-require 'orderedhash'
require 'bootstrap.rb'
require 'pcs.rb'
@@ -12,7 +11,7 @@ require 'auth.rb'
require 'remote.rb'
def cli_format_response(status, text=nil, data=nil)
- response = OrderedHash.new
+ response = Hash.new
response['status'] = status
response['text'] = text if text
response['data'] = data if data
diff --git a/pcsd/pcsd.8 b/pcsd/pcsd.8
index 6b63259..d9bc8a3 100644
--- a/pcsd/pcsd.8
+++ b/pcsd/pcsd.8
@@ -1,4 +1,4 @@
-.TH PCSD "8" "February 2018" "pcs 0.9.163" "System Administration Utilities"
+.TH PCSD "8" "April 2018" "pcs 0.9.164" "System Administration Utilities"
.SH NAME
pcsd \- pacemaker/corosync configuration system daemon
diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
index 01f2f5c..61b2804 100644
--- a/pcsd/pcsd.rb
+++ b/pcsd/pcsd.rb
@@ -242,8 +242,13 @@ post '/run_pcs' do
}
return JSON.pretty_generate(result)
end
- # do not reveal potentialy sensitive information
- command_decoded.delete('--debug')
+ # Do not reveal potentially sensitive information: remove --debug and all its
+ # prefixes since getopt parser in pcs considers them equal to --debug.
+ debug_items = ["--de", "--deb", "--debu", "--debug"]
+ command_sanitized = []
+ command_decoded.each { |item|
+ command_sanitized << item unless debug_items.include?(item)
+ }
allowed_commands = {
['cluster', 'auth', '...'] => {
@@ -344,9 +349,9 @@ post '/run_pcs' do
allowed = false
command_settings = {}
allowed_commands.each { |cmd, cmd_settings|
- if command_decoded == cmd \
+ if command_sanitized == cmd \
or \
- (cmd[-1] == '...' and cmd[0..-2] == command_decoded[0..(cmd.length - 2)])
+ (cmd[-1] == '...' and cmd[0..-2] == command_sanitized[0..(cmd.length - 2)])
then
allowed = true
command_settings = cmd_settings
@@ -375,7 +380,7 @@ post '/run_pcs' do
options = {}
options['stdin'] = std_in if std_in
std_out, std_err, retval = run_cmd_options(
- @auth_user, options, PCS, *command_decoded
+ @auth_user, options, PCS, *command_sanitized
)
result = {
'status' => 'ok',
diff --git a/pcsd/pcsd_file.rb b/pcsd/pcsd_file.rb
index de7d355..4f1604a 100644
--- a/pcsd/pcsd_file.rb
+++ b/pcsd/pcsd_file.rb
@@ -104,6 +104,11 @@ module PcsdFile
if @file[:name].empty?
raise PcsdExchangeFormat::Error.for_item('file', @id, "'name' is empty")
end
+ if @file[:name].include?('/')
+ raise PcsdExchangeFormat::Error.for_item(
+ 'file', @id, "'name' cannot contain '/'"
+ )
+ end
end
def dir()
diff --git a/pcsd/permissions.rb b/pcsd/permissions.rb
index 7601865..a7ff682 100644
--- a/pcsd/permissions.rb
+++ b/pcsd/permissions.rb
@@ -1,5 +1,3 @@
-require 'orderedhash'
-
module Permissions
TYPE_USER = 'user'
@@ -104,7 +102,7 @@ module Permissions
end
def to_hash()
- perm_hash = OrderedHash.new
+ perm_hash = Hash.new
perm_hash['type'] = @type
perm_hash['name'] = @name
perm_hash['allow'] = @allow_list.uniq.sort
diff --git a/setup.py b/setup.py
index 3f8e8e2..ae4ab5b 100644
--- a/setup.py
+++ b/setup.py
@@ -17,7 +17,7 @@ class CleanCommand(Command):
setup(
name='pcs',
- version='0.9.163',
+ version='0.9.164',
description='Pacemaker Configuration System',
author='Chris Feist',
author_email='cfeist at redhat.com',
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-ha/pcs.git
More information about the Debian-HA-Commits
mailing list