diff --git a/0014-fix-CVE-2022-3854.patch b/0014-fix-CVE-2022-3854.patch new file mode 100644 index 0000000000000000000000000000000000000000..7d3fde93f1682c29f5b3aeadbdd1a11af1c72618 --- /dev/null +++ b/0014-fix-CVE-2022-3854.patch @@ -0,0 +1,54 @@ +From ed7c2d0a58fb87201777fb4097d5a2b650593b31 Mon Sep 17 00:00:00 2001 +From: Adam C. Emerson +Misplaced colons can result in radosgw thinking is has a bucket URL +but with no bucket name, leading to a crash later on. + +Change-Id: 9746e8011ff1de6de7dba9c0041e28a16c8f6828 +Change-Id: 95c6c2d209a877b934e05e727a181de8c68accd3 +Fixes: https://tracker.ceph.com/issues/55765 +Signed-off-by: Adam C. Emerson +(cherry picked from commit 3ee9a3b) +Fixes: https://tracker.ceph.com/issues/56586 +Signed-off-by: Adam C. Emerson +--- + src/rgw/rgw_common.cc | 5 +++++ + src/rgw/rgw_sal.h | 6 +++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc +index b44d4bf..ce7b94c 100644 +--- a/src/rgw/rgw_common.cc ++++ b/src/rgw/rgw_common.cc +@@ -1279,6 +1279,11 @@ bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct re + + bool verify_bucket_permission(const DoutPrefixProvider* dpp, struct req_state * const s, const uint64_t op) + { ++ if (rgw::sal::RGWBucket::empty(s->bucket)) { ++ // request is missing a bucket name ++ return false; ++ } ++ + perm_state_from_req_state ps(s); + + return verify_bucket_permission(dpp, +diff --git a/src/rgw/rgw_sal.h b/src/rgw/rgw_sal.h +index 41da8bc..197f975 100644 +--- a/src/rgw/rgw_sal.h ++++ b/src/rgw/rgw_sal.h +@@ -279,8 +279,12 @@ class RGWBucket { + void convert(cls_user_bucket_entry *b) const { + ent.convert(b); + } ++ ++ /** Check if a Bucket pointer is empty */ ++ static bool empty(const RGWBucket* b) { return (!b || b->empty()); } ++ /** Check if a Bucket unique pointer is empty */ ++ static bool empty(const std::unique_ptr& b) { return (!b || b->empty()); } + +- static bool empty(RGWBucket* b) { return (!b || b->empty()); } + virtual std::unique_ptr clone() = 0; + + /* dang - This is temporary, until the API is completed */ +-- +2.13.0.windows.1 + diff --git a/ceph.spec b/ceph.spec index 2171a7505d27cc808ff79b6b584272234a362c1b..24bb0e28c7bdb5e43fecc2d49d69c9f8e0a4ca19 100644 --- a/ceph.spec +++ b/ceph.spec @@ -125,7 +125,7 @@ ################################################################################# Name: ceph Version: 16.2.7 -Release: 15 +Release: 17 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler} Epoch: 2 %endif @@ -156,6 +156,7 @@ Patch10: 0010-fix-CVE-2022-3650.patch Patch11: 0011-fix-no-module-named-v1_event-for-mgr-k8sevent.patch Patch12: 0012-add-missing-includes-when-compiling-with-boost-1.75.patch Patch13: 0013-add-atomic-library-for-loongarch64.patch +Patch14: 0014-fix-CVE-2022-3854.patch %if 0%{?suse_version} # _insert_obs_source_lines_here ExclusiveArch: x86_64 aarch64 ppc64le s390x @@ -1558,8 +1559,7 @@ exit 0 %if ! 0%{?suse_version} %postun -n cephadm -userdel -r cephadm || true -exit 0 +[$1 -ne 0] || userdel cephadm || : %endif %files -n cephadm @@ -2504,6 +2504,12 @@ exit 0 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml %changelog +* Wed Mar 1 2023 wangzengliang - 2:16.2.7-17 +- fix error for uninstall cephadm + +* Fri Feb 10 2023 wangzengliang - 2:16.2.7-16 +- fix CVE-2022-3854 + * Mon Feb 6 2023 liuqinfei - 2:16.2.7-15 - fix no python symbol for python3