From a837241f2413b11528fa84f2ba3527605ea5bc05 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Mon, 11 Dec 2023 16:32:39 +0300 Subject: [PATCH] import libstoragemgmt-1.9.1-7.el8 --- .../RHEL-397_part1_remove_openssl_usage.patch | 120 ++++++++++++++++++ ...t2_cmdtest_correct_hashlib.md5_usage.patch | 16 +++ ...-397_part3_correction_fips_error_lib.patch | 37 ++++++ .../RHEL-397_part4_require_subparsers.patch | 12 ++ SPECS/libstoragemgmt.spec | 25 +++- 5 files changed, 204 insertions(+), 6 deletions(-) create mode 100644 SOURCES/RHEL-397_part1_remove_openssl_usage.patch create mode 100644 SOURCES/RHEL-397_part2_cmdtest_correct_hashlib.md5_usage.patch create mode 100644 SOURCES/RHEL-397_part3_correction_fips_error_lib.patch create mode 100644 SOURCES/RHEL-397_part4_require_subparsers.patch diff --git a/SOURCES/RHEL-397_part1_remove_openssl_usage.patch b/SOURCES/RHEL-397_part1_remove_openssl_usage.patch new file mode 100644 index 0000000..3143729 --- /dev/null +++ b/SOURCES/RHEL-397_part1_remove_openssl_usage.patch @@ -0,0 +1,120 @@ +diff --git a/configure.ac b/configure.ac +index 02ecc4c..0a2316a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -106,9 +106,6 @@ fi + dnl Availability of various common headers (non-fatal if missing). + AC_CHECK_HEADERS([dlfcn.h]) + +-#Check for openssl development libs, we are using in simc_lsmplugin +-AC_CHECK_LIB([crypto], [MD5_Final], [SSL_LIBS=-lcrypto], AC_MSG_ERROR([Missing openssl-devel libraries])) +-AC_SUBST([SSL_LIBS]) + #Check for sqlite development libs for simc_lsmplugin + PKG_CHECK_MODULES([SQLITE3], [sqlite3]) + +diff --git a/packaging/libstoragemgmt.spec.in b/packaging/libstoragemgmt.spec.in +index 4c19606..6148cb5 100644 +--- a/packaging/libstoragemgmt.spec.in ++++ b/packaging/libstoragemgmt.spec.in +@@ -27,7 +27,6 @@ Obsoletes: %{name}-nfs-plugin-clibs < %{version}-%{release} + + BuildRequires: gcc gcc-c++ + BuildRequires: autoconf automake libtool libxml2-devel check-devel perl-interpreter +-BuildRequires: openssl-devel + BuildRequires: glib2-devel + BuildRequires: systemd + BuildRequires: bash-completion +diff --git a/plugin/sim_plugin/simarray.py b/plugin/sim_plugin/simarray.py +index c39f5f0..c5471bb 100644 +--- a/plugin/sim_plugin/simarray.py ++++ b/plugin/sim_plugin/simarray.py +@@ -130,7 +130,7 @@ def data_disk_count(raid_type, disk_count): + + class BackStore(object): + VERSION = "4.1" +- VERSION_SIGNATURE = 'LSM_SIMULATOR_DATA_%s_%s' % (VERSION, md5(VERSION)) ++ VERSION_SIGNATURE = 'LSM_SIMULATOR_DATA_%s' % (VERSION) + JOB_DEFAULT_DURATION = 1 + JOB_DATA_TYPE_VOL = 1 + JOB_DATA_TYPE_FS = 2 +diff --git a/plugin/simc/db.c b/plugin/simc/db.c +index 8f8e1e9..fd5b797 100644 +--- a/plugin/simc/db.c ++++ b/plugin/simc/db.c +@@ -354,13 +354,8 @@ out: + } + + static const char *_sys_version(void) { +- char version_md5[_MD5_HASH_STR_LEN]; +- +- _md5(_DB_VERSION, version_md5); +- +- snprintf(_SYS_VERSION, _BUFF_SIZE, "%s_%s_%s", _DB_VERSION_STR_PREFIX, +- _DB_VERSION, version_md5); +- ++ snprintf(_SYS_VERSION, _BUFF_SIZE, "%s_%s", _DB_VERSION_STR_PREFIX, ++ _DB_VERSION); + return _SYS_VERSION; + } + +diff --git a/plugin/simc/simc_lsmplugin.c b/plugin/simc/simc_lsmplugin.c +index 5eea918..13e0166 100644 +--- a/plugin/simc/simc_lsmplugin.c ++++ b/plugin/simc/simc_lsmplugin.c +@@ -20,7 +20,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/plugin/simc/utils.c b/plugin/simc/utils.c +index 99cbef7..616ea75 100644 +--- a/plugin/simc/utils.c ++++ b/plugin/simc/utils.c +@@ -49,19 +49,6 @@ int _get_db_from_plugin_ptr(char *err_msg, lsm_plugin_ptr c, sqlite3 **db) { + return rc; + } + +-void _md5(const char *data, char *out_hash) { +- int i = 0; +- unsigned char digest[MD5_DIGEST_LENGTH]; +- +- assert(data != NULL); +- assert(out_hash != NULL); +- +- MD5((const unsigned char *)data, strlen(data), digest); +- +- for (; i < MD5_DIGEST_LENGTH; ++i) +- sprintf(out_hash + i * 2, "%02x", (unsigned int)digest[i]); +-} +- + /* + * Copy from c_binding/utils.c, will remove if that was exposed out. + */ +diff --git a/plugin/simc/utils.h b/plugin/simc/utils.h +index f018b0a..30c9bb8 100644 +--- a/plugin/simc/utils.h ++++ b/plugin/simc/utils.h +@@ -19,7 +19,6 @@ + #ifndef _SIMC_UTILS_H_ + #define _SIMC_UTILS_H_ + +-#include + #include + #include + #include +@@ -145,12 +144,6 @@ struct _simc_private_data { + } + int _get_db_from_plugin_ptr(char *err_msg, lsm_plugin_ptr c, sqlite3 **db); + +-/* +- * data: Non-NULL pointer to a string. +- * out_hash: Pointer to char[_MD5_HASH_STR_LEN] +- */ +-void _md5(const char *data, char *out_hash); +- + /* + * true if file exists or false. + */ diff --git a/SOURCES/RHEL-397_part2_cmdtest_correct_hashlib.md5_usage.patch b/SOURCES/RHEL-397_part2_cmdtest_correct_hashlib.md5_usage.patch new file mode 100644 index 0000000..8788f48 --- /dev/null +++ b/SOURCES/RHEL-397_part2_cmdtest_correct_hashlib.md5_usage.patch @@ -0,0 +1,16 @@ +diff --git a/test/cmdtest.py.in b/test/cmdtest.py.in +index 0764318..e4f4f77 100755 +--- a/test/cmdtest.py.in ++++ b/test/cmdtest.py.in +@@ -64,7 +64,10 @@ def random_iqn(): + """Logic taken from anaconda library""" + + s = "iqn.1994-05.com.domain:01." +- m = hashlib.md5() ++ try: ++ m = hashlib.md5(usedforsecurity=False) ++ except Exception: ++ m = hashlib.md5() + u = os.uname() + for i in u: + m.update(i.encode('utf-8')) diff --git a/SOURCES/RHEL-397_part3_correction_fips_error_lib.patch b/SOURCES/RHEL-397_part3_correction_fips_error_lib.patch new file mode 100644 index 0000000..4a76539 --- /dev/null +++ b/SOURCES/RHEL-397_part3_correction_fips_error_lib.patch @@ -0,0 +1,37 @@ +diff --git a/plugin/nfs_plugin/nfs.py b/plugin/nfs_plugin/nfs.py +index be1abdb..944d136 100644 +--- a/plugin/nfs_plugin/nfs.py ++++ b/plugin/nfs_plugin/nfs.py +@@ -55,7 +55,13 @@ def _export_id(path, auth_type, anon_uid, anon_gid, options): + if auth_type is None: + auth_type = 'sec' + +- hsh = hashlib.md5() ++ try: ++ # The use of md5 is not used for security, indicate ++ # this to hashlib so that we can run when fips is enabled ++ hsh = hashlib.md5(usedforsecurity=False) ++ except Exception: ++ hsh = hashlib.md5() ++ + hsh.update(path.encode('utf-8')) + hsh.update(auth_type.encode('utf-8')) + if anon_uid is not None and anon_uid != NfsExport.ANON_UID_GID_NA: +diff --git a/python_binding/lsm/_common.py b/python_binding/lsm/_common.py +index 1508972..e09be49 100644 +--- a/python_binding/lsm/_common.py ++++ b/python_binding/lsm/_common.py +@@ -345,7 +345,12 @@ def uri_parameters(uri): + # @param t Item to generate signature on. + # @returns md5 hex digest. + def md5(t): +- h = hashlib.md5() ++ try: ++ # The use of md5 is not used for security, indicate ++ # this to hashlib so that we can run when fips is enabled ++ h = hashlib.md5(usedforsecurity=False) ++ except Exception: ++ h = hashlib.md5() + h.update(t.encode("utf-8")) + return h.hexdigest() + diff --git a/SOURCES/RHEL-397_part4_require_subparsers.patch b/SOURCES/RHEL-397_part4_require_subparsers.patch new file mode 100644 index 0000000..d2875f4 --- /dev/null +++ b/SOURCES/RHEL-397_part4_require_subparsers.patch @@ -0,0 +1,12 @@ +diff --git a/tools/lsmcli/cmdline.py b/tools/lsmcli/cmdline.py +index ae249b8..6698c53 100644 +--- a/tools/lsmcli/cmdline.py ++++ b/tools/lsmcli/cmdline.py +@@ -1228,6 +1228,7 @@ def cli(self): + _add_common_options(parser, is_child=False) + + subparsers = parser.add_subparsers(metavar="command") ++ subparsers.required = True + + # Walk the command list and add all of them to the parser + for cmd in cmds: diff --git a/SPECS/libstoragemgmt.spec b/SPECS/libstoragemgmt.spec index 1fe425b..25d1e18 100644 --- a/SPECS/libstoragemgmt.spec +++ b/SPECS/libstoragemgmt.spec @@ -2,7 +2,7 @@ Name: libstoragemgmt Version: 1.9.1 -Release: 3%{?dist} +Release: 7%{?dist} Summary: Storage array management library Group: System Environment/Libraries License: LGPLv2+ @@ -10,6 +10,10 @@ URL: https://github.com/libstorage/libstoragemgmt Source0: https://github.com/libstorage/libstoragemgmt/releases/download/%{version}/%{name}-%{version}.tar.gz Patch0: BZ_1710776_change_run_dir.patch Patch1: BZ_2018657_correct_raid10_info.patch +Patch2: RHEL-397_part1_remove_openssl_usage.patch +Patch3: RHEL-397_part2_cmdtest_correct_hashlib.md5_usage.patch +Patch4: RHEL-397_part3_correction_fips_error_lib.patch +Patch5: RHEL-397_part4_require_subparsers.patch Requires: python3-%{name}%{_isa} = %{version}-%{release} # Packages that have been removed @@ -20,7 +24,6 @@ Provides: %{name}-nstor-plugin <= 1.9.0-1 BuildRequires: gcc gcc-c++ BuildRequires: autoconf automake libtool libxml2-devel check-devel perl-interpreter -BuildRequires: openssl-devel BuildRequires: glib2-devel BuildRequires: systemd BuildRequires: bash-completion @@ -35,9 +38,6 @@ BuildRequires: python3-devel BuildRequires: systemd systemd-devel BuildRequires: chrpath -%ifarch %{valgrind_arches} -BuildRequires: valgrind -%endif %description The libStorageMgmt library will provide a vendor agnostic open source storage @@ -487,9 +487,22 @@ fi %{_mandir}/man1/local_lsmplugin.1* %changelog -* Wed Jul 26 2023 MSVSphere Packaging Team - 1.9.1-3 +* Wed Jul 26 2023 MSVSphere Packaging Team - 1.9.1-7 - Rebuilt for MSVSphere 8.8 +* Thu Jun 29 2023 Tony Asleson - 1.9.1-7 +- Remove valgrind dependency as not being used and causing + build to fail as it pulls in python3.11 + +* Tue Jun 27 2023 Tony Asleson - 1.9.1-6 +- Fix subparsers + +* Tue Jun 27 2023 Tony Asleson - 1.9.1-5 +- Add missing test yaml configuration file + +* Wed Jun 21 2023 Tony Asleson - 1.9.1-4 +- RHEL-397 fips related corrections + * Fri Nov 12 2021 Tony Asleson - 1.9.1-3 - Correct rpmdiff warnings - RHBZ #2018657