Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pacemaker for openSUSE:Factory checked in at 2026-06-23 17:38:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pacemaker (Old) and /work/SRC/openSUSE:Factory/.pacemaker.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pacemaker" Tue Jun 23 17:38:39 2026 rev:173 rq:1361167 version:3.0.2+20260616.4544f351 Changes: -------- --- /work/SRC/openSUSE:Factory/pacemaker/pacemaker.changes 2026-06-13 18:45:48.253609859 +0200 +++ /work/SRC/openSUSE:Factory/.pacemaker.new.1956/pacemaker.changes 2026-06-23 17:40:40.937895973 +0200 @@ -1,0 +2,11 @@ +Mon Jun 19 09:30:14 UTC 2026 - Yan Gao <[email protected]> + +- Update to version 3.0.2+20260616.4544f351: +- agents: Move pid file management into ClusterMon.in. +- libcib: Remove an unnecessary coverity suppression. (CVE-2026-10649, bsc#1268381, rh#2462817, gh#ClusterLabs/pacemaker#4129) +- libcrmcommon: Fix an integer overflow in pcmk__remote_send_xml. (CVE-2026-10649, bsc#1268381, rh#2462817, gh#ClusterLabs/pacemaker#4129) +- libcrmcommon: Limit the max size of a remote message. (CVE-2026-10649, bsc#1268381, rh#2462817, gh#ClusterLabs/pacemaker#4129) +- libcrmcommon: Fix integer overflow in remote message code. (CVE-2026-10649, bsc#1268381, rh#2462817, gh#ClusterLabs/pacemaker#4129) +- libcrmcommon: Fix checks in localized_remote_header. (CVE-2026-10649, bsc#1268381, rh#2462817, gh#ClusterLabs/pacemaker#4129) + +------------------------------------------------------------------- Old: ---- pacemaker-3.0.2+20260608.b9d7133a.tar.xz New: ---- pacemaker-3.0.2+20260616.4544f351.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pacemaker.spec ++++++ --- /var/tmp/diff_new_pack.EJuCoZ/_old 2026-06-23 17:40:42.121937262 +0200 +++ /var/tmp/diff_new_pack.EJuCoZ/_new 2026-06-23 17:40:42.125937401 +0200 @@ -128,7 +128,7 @@ %define with_regression_tests 0 Name: pacemaker -Version: 3.0.2+20260608.b9d7133a +Version: 3.0.2+20260616.4544f351 Release: 0 Summary: Scalable High-Availability cluster resource manager # AGPL-3.0 licensed extra/clustermon.sh is not present in the binary ++++++ _service ++++++ --- /var/tmp/diff_new_pack.EJuCoZ/_old 2026-06-23 17:40:42.181939354 +0200 +++ /var/tmp/diff_new_pack.EJuCoZ/_new 2026-06-23 17:40:42.185939493 +0200 @@ -11,7 +11,7 @@ <param name="version">3.0.2</param> --> <param name="versionformat">3.0.2+%cd.%h</param> - <param name="revision">b9d7133a0aab41f09b9bbb38e1b183ab7a9a2df3</param> + <param name="revision">4544f351cd</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.EJuCoZ/_old 2026-06-23 17:40:42.213940470 +0200 +++ /var/tmp/diff_new_pack.EJuCoZ/_new 2026-06-23 17:40:42.217940610 +0200 @@ -5,6 +5,6 @@ </service> <service name="tar_scm"> <param name="url">https://github.com/ClusterLabs/pacemaker.git</param> - <param name="changesrevision">b9d7133a0aab41f09b9bbb38e1b183ab7a9a2df3</param></service></servicedata> + <param name="changesrevision">4544f351cd8d8e1efa48b8fc662722de03b0028e</param></service></servicedata> (No newline at EOF) ++++++ pacemaker-3.0.2+20260608.b9d7133a.tar.xz -> pacemaker-3.0.2+20260616.4544f351.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pacemaker-3.0.2+20260608.b9d7133a/agents/ocf/ClusterMon.in new/pacemaker-3.0.2+20260616.4544f351/agents/ocf/ClusterMon.in --- old/pacemaker-3.0.2+20260608.b9d7133a/agents/ocf/ClusterMon.in 2026-06-08 22:18:01.000000000 +0200 +++ new/pacemaker-3.0.2+20260616.4544f351/agents/ocf/ClusterMon.in 2026-06-17 03:52:40.000000000 +0200 @@ -3,7 +3,7 @@ # ocf:pacemaker:ClusterMon resource agent # # Original copyright 2004 SUSE LINUX AG, Lars Marowsky-Br<E9>e -# Later changes copyright 2008-2023 the Pacemaker project contributors +# Later changes copyright 2008-2026 the Pacemaker project contributors # # The version control history for this file may have further details. # @@ -121,6 +121,10 @@ else eval $CMON_CMD fi + + pid=$(ps -eo pid,args | grep "crm_mon.*$OCF_RESKEY_htmlfile" | grep -v grep | awk '{print $1}') + echo $pid > "$OCF_RESKEY_pidfile" + ClusterMon_exit $? } @@ -151,7 +155,7 @@ header=$(echo $CMON_CMD | tr 'crmon, \t' 'xxxxxxxx') ps $USERARG -o "args=${header}" -p $pid 2>/dev/null | \ - grep -qE "[c]rm_mon.*${OCF_RESKEY_pidfile}" + grep -qE "[c]rm_mon.*${OCF_RESKEY_htmlfile}" case $? in 0) exit $OCF_SUCCESS;; @@ -249,7 +253,7 @@ OCF_RESKEY_update=$(( $OCF_RESKEY_update / 1000 )) fi -CMON_CMD="${HA_SBIN_DIR}/crm_mon -p \"$OCF_RESKEY_pidfile\" -d -i $OCF_RESKEY_update $OCF_RESKEY_extra_options --output-as=html --output-to=\"$OCF_RESKEY_htmlfile\"" +CMON_CMD="${HA_SBIN_DIR}/crm_mon -d -i $OCF_RESKEY_update $OCF_RESKEY_extra_options --output-as=html --output-to=\"$OCF_RESKEY_htmlfile\"" case "$__OCF_ACTION" in meta-data) meta_data diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pacemaker-3.0.2+20260608.b9d7133a/include/crm/common/remote_internal.h new/pacemaker-3.0.2+20260616.4544f351/include/crm/common/remote_internal.h --- old/pacemaker-3.0.2+20260608.b9d7133a/include/crm/common/remote_internal.h 2026-06-08 22:18:01.000000000 +0200 +++ new/pacemaker-3.0.2+20260616.4544f351/include/crm/common/remote_internal.h 2026-06-17 03:52:40.000000000 +0200 @@ -29,6 +29,9 @@ extern "C" { #endif +// The maximum payload size for a remote message (in bytes) +#define PCMK__REMOTE_MSG_MAX_SIZE (20 * 1024 * 1024) + // internal functions from remote.c typedef struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pacemaker-3.0.2+20260608.b9d7133a/lib/cib/cib_remote.c new/pacemaker-3.0.2+20260616.4544f351/lib/cib/cib_remote.c --- old/pacemaker-3.0.2+20260608.b9d7133a/lib/cib/cib_remote.c 2026-06-08 22:18:01.000000000 +0200 +++ new/pacemaker-3.0.2+20260616.4544f351/lib/cib/cib_remote.c 2026-06-17 03:52:40.000000000 +0200 @@ -260,7 +260,6 @@ return -1; } - // coverity[tainted_data] This can't easily be changed right now msg = pcmk__remote_message_xml(&private->callback); if (msg == NULL) { private->start_time = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pacemaker-3.0.2+20260608.b9d7133a/lib/common/remote.c new/pacemaker-3.0.2+20260616.4544f351/lib/common/remote.c --- old/pacemaker-3.0.2+20260608.b9d7133a/lib/common/remote.c 2026-06-08 22:18:01.000000000 +0200 +++ new/pacemaker-3.0.2+20260616.4544f351/lib/common/remote.c 2026-06-17 03:52:40.000000000 +0200 @@ -24,7 +24,7 @@ #include <netdb.h> #include <stdlib.h> #include <errno.h> -#include <inttypes.h> // PRIx32 +#include <inttypes.h> // PRIu32, PRIx32 #include <glib.h> #include <bzlib.h> @@ -66,6 +66,7 @@ localized_remote_header(pcmk__remote_t *remote) { struct remote_header_v0 *header = NULL; + size_t expected_size = 0; if ((remote == NULL) || (remote->buffer == NULL) || (remote->buffer_offset < sizeof(struct remote_header_v0))) { @@ -100,11 +101,36 @@ // Sanity checks if (header->payload_offset != sizeof(struct remote_header_v0)) { + pcmk__err("Header payload offset %" PRIu32 " does not have expected " + "size %zu", header->payload_offset, + sizeof(struct remote_header_v0)); return NULL; } - if ((header->payload_offset - + header->payload_compressed - + header->payload_uncompressed) != header->size_total) { + + if (header->payload_compressed != 0) { + if (header->payload_compressed > (SIZE_MAX - header->payload_offset)) { + pcmk__err("Header compressed size %" PRIu32 " is too large", + header->payload_compressed); + return NULL; + } + + expected_size = (size_t) header->payload_offset + + header->payload_compressed; + + } else { + if (header->payload_uncompressed > (SIZE_MAX - header->payload_offset)) { + pcmk__err("Header uncompressed size %" PRIu32 " is too large", + header->payload_uncompressed); + return NULL; + } + + expected_size = (size_t) header->payload_offset + + header->payload_uncompressed; + } + + if (expected_size != header->size_total) { + pcmk__err("Header total size %" PRIu32 " does not match calculated " + "size %zu", header->size_total, expected_size); return NULL; } @@ -254,6 +280,13 @@ header->version = REMOTE_MSG_VERSION; header->payload_offset = iov[0].iov_len; header->payload_uncompressed = iov[1].iov_len; + + if ((UINT32_MAX - iov[0].iov_len) < iov[1].iov_len) { + pcmk__err("Remote message size %zu + %zu exceeds maximum of %" PRIu32, + iov[0].iov_len, iov[1].iov_len, UINT32_MAX); + goto done; + } + header->size_total = iov[0].iov_len + iov[1].iov_len; rc = remote_send_iovs(remote, iov, 2); @@ -262,6 +295,7 @@ pcmk_rc_str(rc), rc); } +done: free(iov[0].iov_base); g_free((gchar *) iov[1].iov_base); return rc; @@ -289,16 +323,58 @@ } /* Support compression on the receiving end now, in case we ever want to add it later */ - if (header->payload_compressed) { + if (header->payload_compressed != 0) { int rc = 0; - unsigned int size_u = 1 + header->payload_uncompressed; - char *uncompressed = - pcmk__assert_alloc(header->payload_offset + size_u, sizeof(char)); + unsigned int size_u = 0; + char *uncompressed = NULL; + size_t buffer_size = 0; + +#if (UINT32_MAX < UINT_MAX) + if (header->payload_uncompressed >= UINT_MAX) { + pcmk__err("Couldn't decompress message because uncompressed " + "payload size (%" PRIu32 ") is greater than UINT_MAX " + "(%u)", header->payload_uncompressed, UINT_MAX); + return NULL; + } +#endif - pcmk__trace("Decompressing message data %d bytes into %d bytes", - header->payload_compressed, size_u); + /* @TODO Is the extra byte for the null terminator? + * pcmk__remote_send_xml() also adds one byte to the iov length. + * (However, we do need to account for the possibility of receiving a + * message from an untrusted sender.) + */ + size_u = 1 + header->payload_uncompressed; + + /* Header and uncompressed payload must fit in the destination buffer. + * We do not need to separately check the header size here since + * localized_remote_header will return NULL if it's incorrect. + */ +#if (UINT_MAX >= SIZE_MAX) + if ((size_u >= SIZE_MAX) + || (header->payload_offset > (SIZE_MAX - size_u))) { +#else + if (header->payload_offset > (SIZE_MAX - size_u)) { +#endif + pcmk__err("Couldn't decompress message because the required buffer " + "size (%" PRIu32 " + %u) is greater than SIZE_MAX (%zu)", + header->payload_offset, size_u, SIZE_MAX); + return NULL; + } - rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, &size_u, + buffer_size = (size_t) header->payload_offset + size_u; + if (buffer_size > PCMK__REMOTE_MSG_MAX_SIZE) { + pcmk__err("Message size %zu is larger than max allowed %u bytes", + buffer_size, PCMK__REMOTE_MSG_MAX_SIZE); + return NULL; + } + + pcmk__trace("Decompressing message data %" PRIu32 " bytes into %u " + "bytes", header->payload_compressed, size_u); + + uncompressed = pcmk__assert_alloc(buffer_size, sizeof(char)); + + rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, + &size_u, remote->buffer + header->payload_offset, header->payload_compressed, 1, 0); rc = pcmk__bzlib2rc(rc); @@ -449,6 +525,12 @@ read_len = header->size_total; } + if (read_len > PCMK__REMOTE_MSG_MAX_SIZE) { + pcmk__err("Message size %zu is larger than max allowed %u bytes", + read_len, PCMK__REMOTE_MSG_MAX_SIZE); + return EINVAL; + } + /* automatically grow the buffer when needed */ if(remote->buffer_size < read_len) { remote->buffer_size = 2 * read_len;
