Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package pacemaker Dear Release Team, It turned out that the original upstream security fixes for #927714 (already contained in pacemaker 2.0.1-4 in testing) introduced some bugs, which were fixed in three followup upstream patches. These are all lumped together in the proposed 1.1.16-1+deb9u1 security upload (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927714#29). The following debdiff brings the above fixes of the fixes into buster as well: diff -Nru pacemaker-2.0.1/debian/changelog pacemaker-2.0.1/debian/changelog --- pacemaker-2.0.1/debian/changelog 2019-05-12 14:23:41.000000000 +0200 +++ pacemaker-2.0.1/debian/changelog 2019-06-02 14:01:06.000000000 +0200 @@ -1,3 +1,12 @@ +pacemaker (2.0.1-5) unstable; urgency=medium + + * [17ae230] Backport three more patches from upstream fixing memory safety + bugs. + Clearing up fallout from the preceding security fixes. + Thanks to Ken Gaillot <kgail...@redhat.com> + + -- Ferenc Wágner <wf...@debian.org> Sun, 02 Jun 2019 14:01:06 +0200 + pacemaker (2.0.1-4) unstable; urgency=high * [54ace53] Fix check for already present statoverride. diff -Nru pacemaker-2.0.1/debian/patches/from-upstream/Fix-libcrmcommon-avoid-use-of-NULL-when-checking-whether-.patch pacemaker-2.0.1/debian/patches/from-upstream/Fix-libcrmcommon-avoid-use-of-NULL-when-checking-whether-.patch --- pacemaker-2.0.1/debian/patches/from-upstream/Fix-libcrmcommon-avoid-use-of-NULL-when-checking-whether-.patch 1970-01-01 01:00:00.000000000 +0100 +++ pacemaker-2.0.1/debian/patches/from-upstream/Fix-libcrmcommon-avoid-use-of-NULL-when-checking-whether-.patch 2019-06-02 13:49:43.000000000 +0200 @@ -0,0 +1,22 @@ +From: Ken Gaillot <kgail...@redhat.com> +Date: Wed, 24 Apr 2019 16:25:46 -0500 +Subject: Fix: libcrmcommon: avoid use-of-NULL when checking whether process + is active + +--- + lib/common/pid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common/pid.c b/lib/common/pid.c +index 2439680..4fbf2dd 100644 +--- a/lib/common/pid.c ++++ b/lib/common/pid.c +@@ -57,7 +57,7 @@ crm_pid_active(long pid, const char *daemon) + } else if (rc == 0 && (daemon == NULL || have_proc_pid == -1)) { + return 1; /* kill as the only indicator, cannot double check */ + +- } else { ++ } else if (daemon != NULL) { + /* make sure PID hasn't been reused by another process + XXX: might still be just a zombie, which could confuse decisions */ + bool checked_through_kill = (rc == 0); diff -Nru pacemaker-2.0.1/debian/patches/from-upstream/Log-libcrmcluster-improve-CPG-membership-messages.patch pacemaker-2.0.1/debian/patches/from-upstream/Log-libcrmcluster-improve-CPG-membership-messages.patch --- pacemaker-2.0.1/debian/patches/from-upstream/Log-libcrmcluster-improve-CPG-membership-messages.patch 1970-01-01 01:00:00.000000000 +0100 +++ pacemaker-2.0.1/debian/patches/from-upstream/Log-libcrmcluster-improve-CPG-membership-messages.patch 2019-06-02 13:49:43.000000000 +0200 @@ -0,0 +1,182 @@ +From: Ken Gaillot <kgail...@redhat.com> +Date: Fri, 12 Apr 2019 09:46:51 -0500 +Subject: Log: libcrmcluster: improve CPG membership messages + +Show CPG event reason when provided by corosync, make messages more readable, +upgrade duplicate pid messages to warnings (and log only one message in those +cases). +--- + lib/cluster/cpg.c | 91 ++++++++++++++++++++++++++++++++++--------------------- + 1 file changed, 56 insertions(+), 35 deletions(-) + +diff --git a/lib/cluster/cpg.c b/lib/cluster/cpg.c +index 2898c51..ef6fa36 100644 +--- a/lib/cluster/cpg.c ++++ b/lib/cluster/cpg.c +@@ -360,8 +360,6 @@ pcmk_message_common_cs(cpg_handle_t handle, uint32_t nodeid, uint32_t pid, void + return NULL; + } + +-#define PEER_NAME(peer) ((peer)? ((peer)->uname? (peer)->uname : "<unknown>") : "<none>") +- + static int cmp_member_list_nodeid(const void *first, + const void *second) + { +@@ -376,6 +374,32 @@ static int cmp_member_list_nodeid(const void *first, + return 0; + } + ++static const char * ++cpgreason2str(cpg_reason_t reason) ++{ ++ switch (reason) { ++ case CPG_REASON_JOIN: return " via cpg_join"; ++ case CPG_REASON_LEAVE: return " via cpg_leave"; ++ case CPG_REASON_NODEDOWN: return " via cluster exit"; ++ case CPG_REASON_NODEUP: return " via cluster join"; ++ case CPG_REASON_PROCDOWN: return " for unknown reason"; ++ default: break; ++ } ++ return ""; ++} ++ ++static inline const char * ++peer_name(crm_node_t *peer) ++{ ++ if (peer == NULL) { ++ return "unknown node"; ++ } else if (peer->uname == NULL) { ++ return "peer node"; ++ } else { ++ return peer->uname; ++ } ++} ++ + void + pcmk_cpg_membership(cpg_handle_t handle, + const struct cpg_name *groupName, +@@ -387,7 +411,7 @@ pcmk_cpg_membership(cpg_handle_t handle, + gboolean found = FALSE; + static int counter = 0; + uint32_t local_nodeid = get_local_nodeid(handle); +- const struct cpg_address *key, **rival, **sorted; ++ const struct cpg_address *key, **sorted; + + sorted = malloc(member_list_entries * sizeof(const struct cpg_address *)); + CRM_ASSERT(sorted != NULL); +@@ -401,10 +425,7 @@ pcmk_cpg_membership(cpg_handle_t handle, + + for (i = 0; i < left_list_entries; i++) { + crm_node_t *peer = crm_find_peer(left_list[i].nodeid, NULL); +- +- crm_info("Group event %s.%d: node %u (%s) left: %llu", +- groupName->value, counter, left_list[i].nodeid, +- PEER_NAME(peer), (unsigned long long) left_list[i].pid); ++ const struct cpg_address **rival = NULL; + + /* in CPG world, NODE:PROCESS-IN-MEMBERSHIP-OF-G is an 1:N relation + and not playing by this rule may go wild in case of multiple +@@ -418,7 +439,7 @@ pcmk_cpg_membership(cpg_handle_t handle, + also API end-point carriers, and that's what matters locally + (who's the winner); + remotely, we will just compare leave_list and member_list and if +- the left process has it's node retained in member_list (under some ++ the left process has its node retained in member_list (under some + other PID, anyway) we will just ignore it as well + XXX: long-term fix is to establish in-out PID-aware tracking? */ + if (peer) { +@@ -426,50 +447,51 @@ pcmk_cpg_membership(cpg_handle_t handle, + rival = bsearch(&key, sorted, member_list_entries, + sizeof(const struct cpg_address *), + cmp_member_list_nodeid); +- if (rival == NULL) { ++ } ++ ++ if (rival == NULL) { ++ crm_info("Group %s event %d: %s (node %u pid %u) left%s", ++ groupName->value, counter, peer_name(peer), ++ left_list[i].nodeid, left_list[i].pid, ++ cpgreason2str(left_list[i].reason)); ++ if (peer) { + crm_update_peer_proc(__FUNCTION__, peer, crm_proc_cpg, + OFFLINESTATUS); +- } else if (left_list[i].nodeid == local_nodeid) { +- crm_info("Ignoring the above event %s.%d, comes from a local" +- " rival process (presumably not us): %llu", +- groupName->value, counter, +- (unsigned long long) left_list[i].pid); +- } else { +- crm_info("Ignoring the above event %s.%d, comes from" +- " a rival-rich node: %llu (e.g. %llu process" +- " carries on)", +- groupName->value, counter, +- (unsigned long long) left_list[i].pid, +- (unsigned long long) (*rival)->pid); + } ++ } else if (left_list[i].nodeid == local_nodeid) { ++ crm_warn("Group %s event %d: duplicate local pid %u left%s", ++ groupName->value, counter, ++ left_list[i].pid, cpgreason2str(left_list[i].reason)); ++ } else { ++ crm_warn("Group %s event %d: " ++ "%s (node %u) duplicate pid %u left%s (%u remains)", ++ groupName->value, counter, peer_name(peer), ++ left_list[i].nodeid, left_list[i].pid, ++ cpgreason2str(left_list[i].reason), (*rival)->pid); + } + } + free(sorted); + sorted = NULL; + + for (i = 0; i < joined_list_entries; i++) { +- crm_info("Group event %s.%d: node %u joined: %llu" +- " (unchecked for rivals)", ++ crm_info("Group %s event %d: node %u pid %u joined%s", + groupName->value, counter, joined_list[i].nodeid, +- (unsigned long long) joined_list[i].pid); ++ joined_list[i].pid, cpgreason2str(joined_list[i].reason)); + } + + for (i = 0; i < member_list_entries; i++) { + crm_node_t *peer = crm_get_peer(member_list[i].nodeid, NULL); + +- crm_info("Group event %s.%d: node %u (%s) is member: %llu" +- " (at least once)", +- groupName->value, counter, member_list[i].nodeid, +- PEER_NAME(peer), member_list[i].pid); +- + if (member_list[i].nodeid == local_nodeid + && member_list[i].pid != getpid()) { + /* see the note above */ +- crm_info("Ignoring the above event %s.%d, comes from a local rival" +- " process: %llu", groupName->value, counter, +- (unsigned long long) member_list[i].pid); ++ crm_warn("Group %s event %d: detected duplicate local pid %u", ++ groupName->value, counter, member_list[i].pid); + continue; + } ++ crm_info("Group %s event %d: %s (node %u pid %u) is member", ++ groupName->value, counter, peer_name(peer), ++ member_list[i].nodeid, member_list[i].pid); + + /* If the caller left auto-reaping enabled, this will also update the + * state to member. +@@ -492,8 +514,7 @@ pcmk_cpg_membership(cpg_handle_t handle, + + } else if (now > (peer->when_lost + 60)) { + // If it persists for more than a minute, update the state +- crm_warn("Node %u member of group %s but believed offline" +- " (unchecked for rivals)", ++ crm_warn("Node %u is member of group %s but was believed offline", + member_list[i].nodeid, groupName->value); + crm_update_peer_state(__FUNCTION__, peer, CRM_NODE_MEMBER, 0); + } +@@ -505,7 +526,7 @@ pcmk_cpg_membership(cpg_handle_t handle, + } + + if (!found) { +- crm_err("We're not part of CPG group '%s' anymore!", groupName->value); ++ crm_err("Local node was evicted from group %s", groupName->value); + cpg_evicted = TRUE; + } + diff -Nru pacemaker-2.0.1/debian/patches/from-upstream/Low-libcrmcommon-return-proper-code-if-testing-pid-is-den.patch pacemaker-2.0.1/debian/patches/from-upstream/Low-libcrmcommon-return-proper-code-if-testing-pid-is-den.patch --- pacemaker-2.0.1/debian/patches/from-upstream/Low-libcrmcommon-return-proper-code-if-testing-pid-is-den.patch 1970-01-01 01:00:00.000000000 +0100 +++ pacemaker-2.0.1/debian/patches/from-upstream/Low-libcrmcommon-return-proper-code-if-testing-pid-is-den.patch 2019-06-02 13:49:43.000000000 +0200 @@ -0,0 +1,23 @@ +From: Ken Gaillot <kgail...@redhat.com> +Date: Mon, 29 Apr 2019 14:34:32 -0500 +Subject: Low: libcrmcommon: return proper code if testing pid is denied + +7dda20d avoided a use-of-NULL in an unlikely corner case, but returned the +wrong code in that case. +--- + lib/common/pid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common/pid.c b/lib/common/pid.c +index 4fbf2dd..ccee03f 100644 +--- a/lib/common/pid.c ++++ b/lib/common/pid.c +@@ -47,7 +47,7 @@ crm_pid_active(long pid, const char *daemon) + } else if ((rc = kill(pid, 0)) < 0 && errno == ESRCH) { + return 0; /* no such PID detected */ + +- } else if (rc < 0 && have_proc_pid == -1) { ++ } else if (rc < 0 && (daemon == NULL || have_proc_pid == -1)) { + if (last_asked_pid != pid) { + crm_info("Cannot examine PID %ld: %s", pid, strerror(errno)); + last_asked_pid = pid; diff -Nru pacemaker-2.0.1/debian/patches/series pacemaker-2.0.1/debian/patches/series --- pacemaker-2.0.1/debian/patches/series 2019-05-07 17:17:57.000000000 +0200 +++ pacemaker-2.0.1/debian/patches/series 2019-06-02 13:49:43.000000000 +0200 @@ -11,3 +11,6 @@ PR1749/High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentici-3.patch PR1749/High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentici-4.patch PR1749/Med-controld-fix-possible-NULL-pointer-dereference.patch +from-upstream/Log-libcrmcluster-improve-CPG-membership-messages.patch +from-upstream/Fix-libcrmcommon-avoid-use-of-NULL-when-checking-whether-.patch +from-upstream/Low-libcrmcommon-return-proper-code-if-testing-pid-is-den.patch This would get us through the full list in https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html, so please unblock pacemaker/2.0.1-5 -- Thanks, Feri.
