!61 [sync] PR-60: fix CVE-2022-48340

From: @openeuler-sync-bot 
Reviewed-by: @swf504 
Signed-off-by: @swf504

0001-SC2081-can-t-match-globs-Use-or-grep.patch

@@ -0,0 +1,34 @@
+From 396f52a60bbe5eba0075b1658d84e46cbf7461ab Mon Sep 17 00:00:00 2001
+From: zhanchengbin <zhanchengbin1@huawei.com>
+Date: Thu, 13 Oct 2022 10:34:52 +0800
+Subject: [PATCH] SC2081: [ .. ] can't match globs. Use [[ .. ]] or grep.
+
+Shellcheck check out a problem.
+
+Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
+---
+ .../add-brick/post/disabled-quota-root-xattr-heal.sh          | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/extras/hook-scripts/add-brick/post/disabled-quota-root-xattr-heal.sh b/extras/hook-scripts/add-brick/post/disabled-quota-root-xattr-heal.sh
+index ca17a90..969d6fc 100755
+--- a/extras/hook-scripts/add-brick/post/disabled-quota-root-xattr-heal.sh
++++ b/extras/hook-scripts/add-brick/post/disabled-quota-root-xattr-heal.sh
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ 
+ ##---------------------------------------------------------------------------
+ ## This script updates the 'limit-set' xattr on the newly added node. Please
+@@ -106,7 +106,7 @@ ENABLED_STATE_1="${GLUSTERD_WORKDIR}/hooks/${VERSION}/${VOLUME_OP}/"
+ ENABLED_STATE_2="post/${ENABLED_NAME_PREFIX}${VOL_NAME}-${ENABLED_NAME}"
+ ENABLED_STATE="${ENABLED_STATE_1}${ENABLED_STATE_2}"
+ 
+-if [ "${THIS_SCRIPT}" != *"${VOL_NAME}"* ]; then
++if [[ "${THIS_SCRIPT}" != *"${VOL_NAME}"* ]]; then
+   exit 0
+ fi
+ 
+-- 
+2.37.3
+

0002-fuse-Resolve-asan-bug-in-during-receive-event-notifi.patch

@@ -0,0 +1,65 @@
+From 5f26bfb979af9051e07f35a01d749ba4977f4b1e Mon Sep 17 00:00:00 2001
+From: mohit84 <moagrawa@redhat.com>
+Date: Thu, 2 Mar 2023 02:58:57 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4019)
+
+The fuse xlator notify function tries to assign data object
+to graph object without checking an event. In case of upcall
+event data object represents upcall object so during access
+of graph object the process is crashed for asan build.
+
+Solution: Access the graph->id only while event is associated
+          specific to fuse xlator
+
+Fixes: #3954
+Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
+index bd61421263..2dc9b4f429 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6502,6 +6502,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+     int32_t ret = 0;
+     fuse_private_t *private = NULL;
+     gf_boolean_t start_thread = _gf_false;
++    gf_boolean_t event_graph = _gf_true;
+     glusterfs_graph_t *graph = NULL;
+     struct pollfd pfd = {0};
+ 
+@@ -6509,9 +6510,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ 
+     graph = data;
+ 
+-    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+-           ((graph) ? graph->id : 0));
+-
+     switch (event) {
+         case GF_EVENT_GRAPH_NEW:
+             break;
+@@ -6597,9 +6595,18 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+         }
+ 
+         default:
++            /* Set the event_graph to false so that event
++               debug msg would not try to access invalid graph->id
++               while data object is not matched to graph object
++               for ex in case of upcall event data object represents
++               gf_upcall object
++            */
++            event_graph = _gf_false;
+             break;
+     }
+ 
++    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++           ((graph && event_graph) ? graph->id : -1));
+     return ret;
+ }
+ 
+-- 
+2.33.0
+

0003-dht-fix-asan-use-after-free-bug-4248.patch

@@ -0,0 +1,89 @@
+From 9c580285c32d1e8f684c51cdc3a023319f05b1f8 Mon Sep 17 00:00:00 2001
+From: mohit84 <moagrawa@redhat.com>
+Date: Wed, 25 Oct 2023 11:48:51 +0530
+Subject: [PATCH] dht: fix asan use-after-free bug (#4248)
+
+The client is throwing below stacktrace while asan is enabled. The client is facing
+an issue while application is trying to call removexattr in 2x1 subvol and non-mds
+subvol is down. As we can see in below stacktrace dht_setxattr_mds_cbk is calling
+dht_setxattr_non_mds_cbk and dht_setxattr_non_mds_cbk is trying to wipe local because
+call_cnt is 0 but dht_setxattr_mds_cbk is trying to access frame->local that;s why
+it is crashed.
+
+x621000051c34 is located 1844 bytes inside of 4164-byte region [0x621000051500,0x621000052544) freed by thread T7 here:
+
+Solution: Use switch instead of using if statement to wind a operation, in case of switch
+          the code will not try to access local after wind a operation for last dht subvol.
+
+> Fixes: #3732
+> Change-Id: I031bc814d6df98058430ef4de7040e3370d1c677
+> (Cherry picke from commit 11ff6f56a1e7ad740ffe46e39a5911c9e7367eb6)
+> (Reviwed on upstream link https://github.com/gluster/glusterfs/pull/4242)
+
+Fixes: #3732
+Change-Id: I031bc814d6df98058430ef4de7040e3370d1c677
+
+Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
+---
+ xlators/cluster/dht/src/dht-common.c | 45 ++++++++++++++--------------
+ 1 file changed, 23 insertions(+), 22 deletions(-)
+
+diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c
+index b31b88296b..c5c83c20aa 100644
+--- a/xlators/cluster/dht/src/dht-common.c
++++ b/xlators/cluster/dht/src/dht-common.c
+@@ -3965,28 +3965,29 @@ dht_setxattr_mds_cbk(call_frame_t *frame, void *cookie, xlator_t *this,
+     for (i = 0; i < conf->subvolume_cnt; i++) {
+         if (mds_subvol && (mds_subvol == conf->subvolumes[i]))
+             continue;
+-        if (local->fop == GF_FOP_SETXATTR) {
+-            STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
+-                       conf->subvolumes[i]->fops->setxattr, &local->loc,
+-                       local->xattr, local->flags, local->xattr_req);
+-        }
+-
+-        if (local->fop == GF_FOP_FSETXATTR) {
+-            STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
+-                       conf->subvolumes[i]->fops->fsetxattr, local->fd,
+-                       local->xattr, local->flags, local->xattr_req);
+-        }
+-
+-        if (local->fop == GF_FOP_REMOVEXATTR) {
+-            STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
+-                       conf->subvolumes[i]->fops->removexattr, &local->loc,
+-                       local->key, local->xattr_req);
+-        }
+-
+-        if (local->fop == GF_FOP_FREMOVEXATTR) {
+-            STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
+-                       conf->subvolumes[i]->fops->fremovexattr, local->fd,
+-                       local->key, local->xattr_req);
++        switch (local->fop) {
++            case GF_FOP_SETXATTR:
++                STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
++                           conf->subvolumes[i]->fops->setxattr, &local->loc,
++                           local->xattr, local->flags, local->xattr_req);
++                break;
++            case GF_FOP_FSETXATTR:
++                STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
++                           conf->subvolumes[i]->fops->fsetxattr, local->fd,
++                           local->xattr, local->flags, local->xattr_req);
++                break;
++            case GF_FOP_REMOVEXATTR:
++                STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
++                           conf->subvolumes[i]->fops->removexattr, &local->loc,
++                           local->key, local->xattr_req);
++                break;
++            case GF_FOP_FREMOVEXATTR:
++                STACK_WIND(frame, dht_setxattr_non_mds_cbk, conf->subvolumes[i],
++                           conf->subvolumes[i]->fops->fremovexattr, local->fd,
++                           local->key, local->xattr_req);
++                break;
++            default:
++                break;
+         }
+     }
+ 
+-- 
+2.33.0
+

glusterfs.spec

@@ -224,8 +224,8 @@
 Summary:          Distributed File System
 Name:             glusterfs
 Version:          10.0
-Release:          4
-License:          GPLv2 or LGPLv3+
+Release:          9
+License:          GPLv3 or GPLv2+ or LGPLv3+
 URL:              http://docs.gluster.org/
 %if ( 0%{_for_fedora_koji_builds} )
 Source0:          http://bits.gluster.org/pub/gluster/glusterfs/src/glusterfs-%{version}%{?prereltag}.tar.gz
@@ -236,6 +236,10 @@ Source8:          glusterfsd.init
 %else
 Source0:          https://download.gluster.org/pub/gluster/glusterfs/10/10.0/glusterfs-10.0.tar.gz
 %endif
+ 
+Patch1:         0001-SC2081-can-t-match-globs-Use-or-grep.patch
+Patch2:         0002-fuse-Resolve-asan-bug-in-during-receive-event-notifi.patch
+Patch3:         0003-dht-fix-asan-use-after-free-bug-4248.patch
 
 BuildRoot:        %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildRequires:    rpcgen gperftools-devel libunwind-devel
@@ -763,8 +767,15 @@ GlusterFS Events
 
 %endif
 
+%package help
+Summary: Including man files for glusterfs.
+Requires: man
+
+%description help
+This contains man files for the using of glusterfs.
+
 %prep
-%setup -q -n %{name}-%{version}%{?prereltag}
+%autosetup -n %{name}-%{version}%{?prereltag} -p1
 %if ( ! %{_usepython3} )
 echo "fixing python shebangs..."
 for f in api events extras geo-replication libglusterfs tools xlators; do
@@ -1110,10 +1121,6 @@ exit 0
 ##
 %files
 %doc ChangeLog COPYING-GPLV2 COPYING-LGPLV3 INSTALL README.md THANKS COMMITMENT
-%{_mandir}/man8/*gluster*.8*
-%if ( 0%{!?_without_server:1} )
-%exclude %{_mandir}/man8/gluster.8*
-%endif
 %dir %{_localstatedir}/log/glusterfs
 %if 0%{?!_without_server:1}
 %dir %{_datadir}/glusterfs
@@ -1181,7 +1188,6 @@ exit 0
 
 %files cli
 %{_sbindir}/gluster
-%{_mandir}/man8/gluster.8*
 %{_sysconfdir}/bash_completion.d/gluster
 
 %files cloudsync-plugins
@@ -1378,9 +1384,6 @@ exit 0
 # symlink. The binary itself (and symlink) are part of the glusterfs-fuse
 # package, because glusterfs-server depends on that anyway.
 
-# Manpages
-%{_mandir}/man8/gluster-setgfid2path.8*
-
 # xlators
 %dir %{_libdir}/glusterfs/%{version}%{?prereltag}/xlator
 %dir %{_libdir}/glusterfs/%{version}%{?prereltag}/xlator/features
@@ -1515,7 +1518,25 @@ exit 0
 %endif
 %endif
 
+%files help
+%{_mandir}/man8/*gluster*.8*
+
 %changelog
+* Tue Mar 12 2024 wuguanghao <wuguanghao3@huawei.com> - 10.0-9
+- fix CVE-2022-48340
+
+* Thu Mar 9 2023 wuguanghao <wuguanghao3@huawei.com> - 10.0-8
+- fix CVE-2023-26253
+
+* Tue Feb 7 2023 lihaoxiang <lihaoxiang9@huawei.com> - 10.0-7
+- fix upgrade error that %{_mandir}/man8/*gluster*.8* belong to package glusterfs currently conflict with that belong to package help in the lower version.
+
+* Tue Oct 18 2022 zhanchengbin <zhanchengbin1@huawei.com> - 10.0-6
+- license: fix license error.
+
+* Wed Sep 7 2022 zhanchengbin <zhanchengbin1@huawei.com> - 10.0-5
+- SC2081: [ .. ] can't match globs. Use [[ .. ]] or grep.
+
 * Fri Jan 28 2022 imxcc <xingchaochao@huawei.com> - 10.0-4
 - tcmalloc issues