From 2c8186a74555a3a7bdc08c44addeac558170ea03 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 11 2014 11:51:29 +0000 Subject: import corosync-2.3.3-2.el7_0.1 --- diff --git a/SOURCES/bz1157702-1-crypto-fix-crypto-block-rounding-padding-calculation.patch b/SOURCES/bz1157702-1-crypto-fix-crypto-block-rounding-padding-calculation.patch new file mode 100644 index 0000000..4607846 --- /dev/null +++ b/SOURCES/bz1157702-1-crypto-fix-crypto-block-rounding-padding-calculation.patch @@ -0,0 +1,69 @@ +From 239e2397820f9fa7ef430ebef0947ec1246eb50f Mon Sep 17 00:00:00 2001 +From: Fabio M. Di Nitto +Date: Tue, 2 Sep 2014 13:03:43 +0200 +Subject: [PATCH] [crypto] fix crypto block rounding/padding calculation + +libnss is "weird" in this respect as some block sizes are hardcoded, +others need to be determined dynamically. + +For AES we need to use the values we know since GetBlockSize would +return errors, for 3des (that hopefully nobody is using) the value +returned by GetBlockSize is 8, but let's use the call into libnss +to avoid possible conflicts with distro patching or older versions. + +Now, given the correct block size, the old calculation simply added +block size to the hdr_size. This is not sufficient. + +We use _PAD encryption methods and we need to take that into account. + +_PAD is calculated given the current input buf len and rounded up +to block size boundary, then block_size is added. + +Ideally we would do that on a per packet base but current transport +infrastructure doesn't allow it yet. + +So round up the hdr_size to double the block_size reported by the +cipher. + +Signed-off-by: Fabio M. Di Nitto +Reviewed-by: Christine Caulfield +--- + exec/totemcrypto.c | 15 ++++++++++++++- + 1 files changed, 14 insertions(+), 1 deletions(-) + +diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c +index 69818b8..a97ba62 100644 +--- a/exec/totemcrypto.c ++++ b/exec/totemcrypto.c +@@ -666,6 +666,7 @@ size_t crypto_sec_header_size( + int crypto_cipher = string_to_crypto_cipher_type(crypto_cipher_type); + int crypto_hash = string_to_crypto_hash_type(crypto_hash_type); + size_t hdr_size = 0; ++ int block_size = 0; + + hdr_size = sizeof(struct crypto_config_header); + +@@ -675,7 +676,19 @@ size_t crypto_sec_header_size( + + if (crypto_cipher) { + hdr_size += SALT_SIZE; +- hdr_size += cypher_block_len[crypto_cipher]; ++ if (cypher_block_len[crypto_cipher]) { ++ block_size = cypher_block_len[crypto_cipher]; ++ } else { ++ block_size = PK11_GetBlockSize(crypto_cipher, NULL); ++ if (block_size < 0) { ++ /* ++ * failsafe. we can potentially lose up to 63 ++ * byte per packet, but better than fragmenting ++ */ ++ block_size = 64; ++ } ++ } ++ hdr_size += (block_size * 2); + } + + return hdr_size; +-- +1.7.1 + diff --git a/SOURCES/bz1157702-2-Adjust-MTU-for-IPv6-correctly.patch b/SOURCES/bz1157702-2-Adjust-MTU-for-IPv6-correctly.patch new file mode 100644 index 0000000..167aca4 --- /dev/null +++ b/SOURCES/bz1157702-2-Adjust-MTU-for-IPv6-correctly.patch @@ -0,0 +1,103 @@ +From 03f95ddaa1d223e1e93788a307dc1b36d86b22b5 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Tue, 30 Sep 2014 17:06:36 +0200 +Subject: [PATCH] Adjust MTU for IPv6 correctly + +MTU for IPv6 is 20 bytes larger then IPv4. This fact was not taken into +account so IPv6 packets were larger then MTU resulting in fragmentation. + +Solution is to substract correct IP header size. + +Signed-off-by: Jan Friesse +Reviewed-by: Christine Caulfield +--- + exec/totemip.c | 22 ++++++++++++++++++++++ + exec/totemudp.c | 6 ++++-- + exec/totemudpu.c | 6 ++++-- + include/corosync/totem/totemip.h | 2 ++ + 4 files changed, 32 insertions(+), 4 deletions(-) + +diff --git a/exec/totemip.c b/exec/totemip.c +index 7ba746e..28a8836 100644 +--- a/exec/totemip.c ++++ b/exec/totemip.c +@@ -488,3 +488,25 @@ finished: + totemip_freeifaddrs(&addrs); + return (res); + } ++ ++#define TOTEMIP_UDP_HEADER_SIZE 8 ++#define TOTEMIP_IPV4_HEADER_SIZE 20 ++#define TOTEMIP_IPV6_HEADER_SIZE 40 ++ ++size_t totemip_udpip_header_size(int family) ++{ ++ size_t header_size; ++ ++ header_size = 0; ++ ++ switch (family) { ++ case AF_INET: ++ header_size = TOTEMIP_UDP_HEADER_SIZE + TOTEMIP_IPV4_HEADER_SIZE; ++ break; ++ case AF_INET6: ++ header_size = TOTEMIP_UDP_HEADER_SIZE + TOTEMIP_IPV6_HEADER_SIZE; ++ break; ++ } ++ ++ return (header_size); ++} +diff --git a/exec/totemudp.c b/exec/totemudp.c +index 4577107..86059af 100644 +--- a/exec/totemudp.c ++++ b/exec/totemudp.c +@@ -1316,10 +1316,12 @@ extern int totemudp_iface_check (void *udp_context) + + extern void totemudp_net_mtu_adjust (void *udp_context, struct totem_config *totem_config) + { +-#define UDPIP_HEADER_SIZE (20 + 8) /* 20 bytes for ip 8 bytes for udp */ ++ ++ assert(totem_config->interface_count > 0); ++ + totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_cipher_type, + totem_config->crypto_hash_type) + +- UDPIP_HEADER_SIZE; ++ totemip_udpip_header_size(totem_config->interfaces[0].bindnet.family); + } + + const char *totemudp_iface_print (void *udp_context) { +diff --git a/exec/totemudpu.c b/exec/totemudpu.c +index 69837c7..037f82b 100644 +--- a/exec/totemudpu.c ++++ b/exec/totemudpu.c +@@ -952,10 +952,12 @@ extern int totemudpu_iface_check (void *udpu_context) + + extern void totemudpu_net_mtu_adjust (void *udpu_context, struct totem_config *totem_config) + { +-#define UDPIP_HEADER_SIZE (20 + 8) /* 20 bytes for ip 8 bytes for udp */ ++ ++ assert(totem_config->interface_count > 0); ++ + totem_config->net_mtu -= crypto_sec_header_size(totem_config->crypto_cipher_type, + totem_config->crypto_hash_type) + +- UDPIP_HEADER_SIZE; ++ totemip_udpip_header_size(totem_config->interfaces[0].bindnet.family); + } + + const char *totemudpu_iface_print (void *udpu_context) { +diff --git a/include/corosync/totem/totemip.h b/include/corosync/totem/totemip.h +index 533735a..0168e66 100644 +--- a/include/corosync/totem/totemip.h ++++ b/include/corosync/totem/totemip.h +@@ -114,6 +114,8 @@ static inline int totemip_zero_check(const struct totem_ip_address *addr) + return (addr->family == 0); + } + ++extern size_t totemip_udpip_header_size(int family); ++ + #ifdef __cplusplus + } + #endif +-- +1.7.1 + diff --git a/SPECS/corosync.spec b/SPECS/corosync.spec index 356b98f..cb21264 100644 --- a/SPECS/corosync.spec +++ b/SPECS/corosync.spec @@ -21,7 +21,7 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces Version: 2.3.3 -Release: 2%{?gitver}%{?dist} +Release: 2%{?gitver}%{?dist}.1 License: BSD Group: System Environment/Base URL: http://www.corosync.org/ @@ -30,6 +30,8 @@ Source0: http://corosync.org/download/%{name}-%{version}%{?gittarver}.tar.gz Patch0: bz1067028-1-cpg-Refactor-mh_req_exec_cpg_procleave.patch Patch1: bz1067028-2-cpg-Make-sure-nodid-is-always-logged-as-hex-num.patch Patch2: bz1067028-3-cpg-Make-sure-left-nodes-are-really-removed.patch +Patch3: bz1157702-1-crypto-fix-crypto-block-rounding-padding-calculation.patch +Patch4: bz1157702-2-Adjust-MTU-for-IPv6-correctly.patch %if 0%{?rhel} ExclusiveArch: i686 x86_64 @@ -80,6 +82,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %patch0 -p1 -b .bz1067028-1 %patch1 -p1 -b .bz1067028-2 %patch2 -p1 -b .bz1067028-3 +%patch3 -p1 -b .bz1157702-1 +%patch4 -p1 -b .bz1157702-2 %build %if %{with runautogen} @@ -338,6 +342,14 @@ The Corosync Cluster Engine APIs. %{_mandir}/man8/quorum_overview.8* %changelog +* Mon Nov 03 2014 Jan Friesse 2.3.3-2.1 +- Resolves: rhbz#1157702 + +- [crypto] fix crypto block rounding/padding calculation (rhbz#1157702) +- merge upstream commit 239e2397820f9fa7ef430ebef0947ec1246eb50f (rhbz#1157702) +- Adjust MTU for IPv6 correctly (rhbz#1157702) +- merge upstream commit 03f95ddaa1d223e1e93788a307dc1b36d86b22b5 (rhbz#1157702) + * Thu Feb 20 2014 Jan Friesse 2.3.3-2 - Resolves: rhbz#1067028