packages/ceph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f3869737bb4c7d97037ed2bb02f4ef646c96f592
Branches Tags
packages:main
..
compare: packages:053189bc65a57e6d4775624988f419ecb0304e06
Branches Tags
packages:main

No commits in common. "f3869737bb4c7d97037ed2bb02f4ef646c96f592" and "053189bc65a57e6d4775624988f419ecb0304e06" have entirely different histories.
f3869737bb ... 053189bc65

4 changed files with 3 additions and 147 deletions
Show Stats Expand all files Collapse all files

47
0014-fix-CVE-2022-3854.patch
View File

@ -1,47 +0,0 @@
From ed7c2d0a58fb87201777fb4097d5a2b650593b31 Mon Sep 17 00:00:00 2001
From: wangzengliang1 <wangzengliang1@huawei.com>
Date: Mon, 30 Jan 2023 09:32:19 +0800
Subject: [PATCH] fix CVE-2022-3854
---
src/rgw/rgw_common.cc | 5 +++++
src/rgw/rgw_sal.h | 6 +++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index b44d4bf..ce7b94c 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -1279,6 +1279,11 @@ bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct re
bool verify_bucket_permission(const DoutPrefixProvider* dpp, struct req_state * const s, const uint64_t op)
{
+ if (rgw::sal::RGWBucket::empty(s->bucket)) {
+ // request is missing a bucket name
+ return false;
+ }
+
perm_state_from_req_state ps(s);
return verify_bucket_permission(dpp,
diff --git a/src/rgw/rgw_sal.h b/src/rgw/rgw_sal.h
index 41da8bc..197f975 100644
--- a/src/rgw/rgw_sal.h
+++ b/src/rgw/rgw_sal.h
@@ -279,8 +279,12 @@ class RGWBucket {
void convert(cls_user_bucket_entry *b) const {
ent.convert(b);
}
+
+ /** Check if a Bucket pointer is empty */
+ static bool empty(const RGWBucket* b) { return (!b || b->empty()); }
+ /** Check if a Bucket unique pointer is empty */
+ static bool empty(const std::unique_ptr<RGWBucket>& b) { return (!b || b->empty()); }
- static bool empty(RGWBucket* b) { return (!b || b->empty()); }
virtual std::unique_ptr<RGWBucket> clone() = 0;
/* dang - This is temporary, until the API is completed */
--
2.13.0.windows.1

28
0015-ceph-volume-add-judgment-for-ceph-volume-lvm-activat.patch
View File

@ -1,28 +0,0 @@
From 835de4cfbf8b656c03852a198d5546b11575bceb Mon Sep 17 00:00:00 2001
From: yangxiaoliang <yangxiaoliang07@163.com>
Date: Wed, 7 Sep 2022 07:47:00 +0000
Subject: [PATCH] ceph-volume: add judgment for ceph-volume lvm activate If
only osd_fsid is given, needed `ceph-volume lvm activate "" {osd_fsid}` now
we just need ceph-volume lvm activate {osd_fsid} Signed-off-by: Xiaoliang
Yang <yangxiaoliang07@163.com>
---
src/ceph-volume/ceph_volume/devices/lvm/activate.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ceph-volume/ceph_volume/devices/lvm/activate.py b/src/ceph-volume/ceph_volume/devices/lvm/activate.py
index 70fceeab645..3539e297d57 100644
--- a/src/ceph-volume/ceph_volume/devices/lvm/activate.py
+++ b/src/ceph-volume/ceph_volume/devices/lvm/activate.py
@@ -364,6 +364,8 @@ class Activate(object):
if len(self.argv) == 0:
print(sub_command_help)
return
+ if not self.argv[0].isdigit() and self.argv[0]:
+ self.argv.insert(0, "")
args = parser.parse_args(self.argv)
# Default to bluestore here since defaulting it in add_argument may
# cause both to be True
--
2.33.0

51
0016-fix-CVE-2023-46159.patch
View File

@ -1,51 +0,0 @@
From 64803e1ced57d64b758927c3977bb4a4d1769180 Mon Sep 17 00:00:00 2001
From: Joshua Baergen <jbaergen@digitalocean.com>
Date: Tue, 12 Sep 2023 14:05:01 -0400
Subject: [PATCH] rgw: Add missing empty checks to the split string in
is_string_in_set().
In certain cases, where a user misconfigures a CORS rule, the entirety
of the string can be token characters (or, at least, the string before
and after a given token is all token characters), but != "*". If the
misconfigured string includes "*" we'll try to split the string and we
assume that we can pop the list of string elements when "*" isn't
first/last, but get_str_list() won't return anything for token-only
substrings and thus 'ssplit' will have fewer elements than would be
expected for a correct rule. In the case of an empty list, front() has
undefined behaviour; in our experience, it often results in a huge
allocation attempt because the code tries to copy the string into a
local variable 'sl'.
An example of this misconfiguration (and thus a reproduction case) is
configuring an origin of " *".
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---
src/rgw/rgw_cors.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/rgw/rgw_cors.cc b/src/rgw/rgw_cors.cc
index e41abf8ccb..bb80e2b58d 100644
--- a/src/rgw/rgw_cors.cc
+++ b/src/rgw/rgw_cors.cc
@@ -95,6 +95,8 @@ static bool is_string_in_set(set<string>& s, string h) {
get_str_list((*it), "* \t", ssplit);
if (off != 0) {
+ if (ssplit.empty())
+ continue;
string sl = ssplit.front();
flen = sl.length();
dout(10) << "Finding " << sl << ", in " << h << ", at offset 0" << dendl;
@@ -103,6 +105,8 @@ static bool is_string_in_set(set<string>& s, string h) {
ssplit.pop_front();
}
if (off != ((*it).length() - 1)) {
+ if (ssplit.empty())
+ continue;
string sl = ssplit.front();
dout(10) << "Finding " << sl << ", in " << h
<< ", at offset not less than " << flen << dendl;
--
2.15.0

24
ceph.spec
View File

@ -125,7 +125,7 @@
################################################################################# #################################################################################
Name: ceph Name: ceph
Version: 16.2.7 Version: 16.2.7
Release: 20 Release: 14
%if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler} %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
Epoch: 2 Epoch: 2
%endif %endif
@ -156,9 +156,6 @@ Patch10: 0010-fix-CVE-2022-3650.patch
Patch11: 0011-fix-no-module-named-v1_event-for-mgr-k8sevent.patch Patch11: 0011-fix-no-module-named-v1_event-for-mgr-k8sevent.patch
Patch12: 0012-add-missing-includes-when-compiling-with-boost-1.75.patch Patch12: 0012-add-missing-includes-when-compiling-with-boost-1.75.patch
Patch13: 0013-add-atomic-library-for-loongarch64.patch Patch13: 0013-add-atomic-library-for-loongarch64.patch
Patch14: 0014-fix-CVE-2022-3854.patch
Patch15: 0015-ceph-volume-add-judgment-for-ceph-volume-lvm-activat.patch
Patch16: 0016-fix-CVE-2023-46159.patch
%if 0%{?suse_version} %if 0%{?suse_version}
# _insert_obs_source_lines_here # _insert_obs_source_lines_here
ExclusiveArch: x86_64 aarch64 ppc64le s390x ExclusiveArch: x86_64 aarch64 ppc64le s390x
@ -1560,7 +1557,8 @@ exit 0
%if ! 0%{?suse_version} %if ! 0%{?suse_version}
%postun -n cephadm %postun -n cephadm
[ $1 -ne 0 ] || userdel cephadm || : userdel -r cephadm || true
exit 0
%endif %endif
%files -n cephadm %files -n cephadm
@ -2503,22 +2501,6 @@ exit 0
%config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
%changelog %changelog
* Fri Mar 22 2024 lizhipeng <qiuxinyidian@gmail.com> - 2:16.2.7-20
- fix CVE-2023-46159
* Mon Aug 28 2023 liuqinfei <lucas.liuqinfei@huawei.com> - 2:16.2.7-19
- add judgment for ceph-volume lvm activate
- sync from #PR 187
* Thu Jun 1 2023 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-17
- fix error for uninstall cephadm
* Mon Feb 20 2023 wangzengliang<wangzengliang2@huawei.com> - 2:16.2.7-16
- fix CVE-2022-3854
* Tue Feb 14 2023 wangzengliang<wangzengliang2@huawei.com> - 2:16.2.7-15
- fix error for uninstall cephadm
* Thu Jan 12 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 2:16.2.7-14 * Thu Jan 12 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 2:16.2.7-14
- add loongarch support for ceph - add loongarch support for ceph