fix CVE-2024-24892
This commit is contained in:
lixin
parent
01d541267b
commit
f5168ec537
84
0001-CVE-2024-24892.patch
Normal file
84
0001-CVE-2024-24892.patch
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
From 05dfcb577a562be97b868e65ff502ea8e61cd893 Mon Sep 17 00:00:00 2001
|
||||||
|
From: lixin <lixinb@uniontech.com>
|
||||||
|
Date: Mon, 11 Mar 2024 17:10:52 +0800
|
||||||
|
Subject: [PATCH] CVE-2024-24892
|
||||||
|
|
||||||
|
---
|
||||||
|
ut-Migration-tools/index.py | 49 +++++++++++++++++++++++--------------
|
||||||
|
1 file changed, 31 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ut-Migration-tools/index.py b/ut-Migration-tools/index.py
|
||||||
|
index 635c5ac..fa9e3fb 100644
|
||||||
|
--- a/ut-Migration-tools/index.py
|
||||||
|
+++ b/ut-Migration-tools/index.py
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import json
|
||||||
|
+import paramiko
|
||||||
|
from func import share
|
||||||
|
from views import migration
|
||||||
|
|
||||||
|
@@ -218,29 +219,41 @@ def MT_export_migration_reports():
|
||||||
|
:return:
|
||||||
|
"""
|
||||||
|
mod = check_methods()
|
||||||
|
- f = open("/usr/lib/migration-tools-server/.passwd.txt","r")
|
||||||
|
- password = f.read()
|
||||||
|
- f.close()
|
||||||
|
if mod:
|
||||||
|
data = request.get_data()
|
||||||
|
json_data = json.loads(data)
|
||||||
|
- mkdir_log_pwd = "/var/uos-migration/"
|
||||||
|
- isExists=os.path.exists(mkdir_log_pwd)
|
||||||
|
- if not isExists:
|
||||||
|
- try:
|
||||||
|
- os.makedirs(mkdir_log_pwd)
|
||||||
|
- print(mkdir_log_pwd)
|
||||||
|
- except:
|
||||||
|
- print("export report mkdir error:%s" % mkdir_log_pwd)
|
||||||
|
-
|
||||||
|
+ user = json_data.get('info').split("|")[0]
|
||||||
|
info = mod.split(',')
|
||||||
|
- scp_log = "sshpass -p '%s'" % password + " scp -r %s" % json_data.get('info').split("|")[0] + "@%s" % info[1] \
|
||||||
|
- + ":/var/tmp/uos-migration/UOS*.tar.gz /var/uos-migration/"
|
||||||
|
+ ip = info[1].strip('"')
|
||||||
|
+ port = 22
|
||||||
|
+ with open("/usr/lib/migration-tools-server/.passwd.txt", "r") as f:
|
||||||
|
+ password = f.read()
|
||||||
|
+
|
||||||
|
+ remote_dir = local_dir = "/var/tmp/uos-migration"
|
||||||
|
+ if not os.path.exists(local_dir):
|
||||||
|
+ os.makedirs(local_dir)
|
||||||
|
+
|
||||||
|
+ client = paramiko.SSHClient()
|
||||||
|
+ client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||||
|
try:
|
||||||
|
- os.system(scp_log)
|
||||||
|
- print(scp_log)
|
||||||
|
- except:
|
||||||
|
- print('export report scp error:%s' % scp_log)
|
||||||
|
+ client.connect(ip, port, user, password)
|
||||||
|
+ sftp = client.open_sftp()
|
||||||
|
+
|
||||||
|
+ remote_files = sftp.listdir(remote_dir)
|
||||||
|
+ # 遍历远程文件列表
|
||||||
|
+ for filename in remote_files:
|
||||||
|
+ if filename.endswith('.tar.gz'):
|
||||||
|
+ remote_file_path = os.path.join(remote_dir, filename)
|
||||||
|
+ local_file_path = os.path.join(local_dir, filename)
|
||||||
|
+ sftp.get(remote_file_path, local_file_path)
|
||||||
|
+
|
||||||
|
+ except Exception as e:
|
||||||
|
+ print(f"Error: {e}")
|
||||||
|
+
|
||||||
|
+ finally:
|
||||||
|
+ # 关闭连接
|
||||||
|
+ if client:
|
||||||
|
+ client.close()
|
||||||
|
return Response(mod, content_type='application/json')
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -1,12 +1,16 @@
|
|||||||
Name: migration-tools
|
Name: migration-tools
|
||||||
Version: 1.0.0
|
Version: 1.0.0
|
||||||
Release: 4
|
Release: 6
|
||||||
Summary: A tool to help users migrate the Centos system to the UOS system and openEuler system
|
Summary: A tool to help users migrate the Centos system to the UOS system and openEuler system
|
||||||
License: MulanPSL-2.0
|
License: MulanPSL-2.0
|
||||||
Source0: ut-Migration-tools.tar.gz
|
Source0: ut-Migration-tools.tar.gz
|
||||||
Patch0: 0001-fix-export-error-and-no-migration-details-issue.patch
|
Patch0: 0001-fix-export-error-and-no-migration-details-issue.patch
|
||||||
Patch1: 0002-fix-uefi-boot-failed.patch
|
Patch1: 0002-fix-uefi-boot-failed.patch
|
||||||
Patch2: 0003-modify-grub-rules-to-match-NIC-name.patch
|
Patch2: 0003-modify-grub-rules-to-match-NIC-name.patch
|
||||||
|
|
||||||
|
# CVE patches: >= 100
|
||||||
|
Patch100: 0001-CVE-2024-24892.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
%description
|
%description
|
||||||
UOS Migration Software
|
UOS Migration Software
|
||||||
@ -27,9 +31,12 @@ Migration software server side
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -c
|
%setup -c
|
||||||
%patch 0 -p1
|
%patch0 -p1
|
||||||
%patch 1 -p1
|
%patch1 -p1
|
||||||
%patch 2 -p1
|
%patch2 -p1
|
||||||
|
|
||||||
|
# cve patches
|
||||||
|
%patch100 -p1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
@ -65,6 +72,14 @@ rm -rf /usr/lib/systemd/system/migration-tools-server.service
|
|||||||
/usr/lib/migration-tools-server
|
/usr/lib/migration-tools-server
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 11 2024 lixin <lixinb@uniontech.com> - 1.0.0-6
|
||||||
|
- fix : CVE-2024-24892
|
||||||
|
- use paramiko instead of sshpass to export migration log
|
||||||
|
- and data
|
||||||
|
|
||||||
|
* Fri Dec 08 2023 lixin <lixinb@uniontech.com> - 1.0.0-5
|
||||||
|
- rebuild: modify patch number to adapt 22.03-lts-sp3
|
||||||
|
|
||||||
* Wed Sep 06 2023 lixin <lixinb@uniontech.com> - 1.0.0-4
|
* Wed Sep 06 2023 lixin <lixinb@uniontech.com> - 1.0.0-4
|
||||||
- fix: fix uefi boot failed
|
- fix: fix uefi boot failed
|
||||||
- fix: modify grub rules to match NIC name after migration
|
- fix: modify grub rules to match NIC name after migration
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user