From cd7e5abfb9af0fd5b883fe96869936744eceb51b Mon Sep 17 00:00:00 2001 From: markeryang Date: Wed, 30 Dec 2020 14:12:09 +0800 Subject: [PATCH] fix CVE-2020-12059 --- ...8-16889.patch => 0001-CVE-2018-16889.patch | 0 ...846-1.patch => 0002-CVE-2018-16846-1.patch | 0 ...846-2.patch => 0003-CVE-2018-16846-2.patch | 0 ...8-14662.patch => 0004-CVE-2018-14662.patch | 0 0005-CVE-2020-12059.patch | 30 +++++++++++++++++++ ceph.spec | 16 ++++++---- 6 files changed, 40 insertions(+), 6 deletions(-) rename 6000-CVE-2018-16889.patch => 0001-CVE-2018-16889.patch (100%) rename 6001-CVE-2018-16846-1.patch => 0002-CVE-2018-16846-1.patch (100%) rename 6002-CVE-2018-16846-2.patch => 0003-CVE-2018-16846-2.patch (100%) rename 6003-CVE-2018-14662.patch => 0004-CVE-2018-14662.patch (100%) create mode 100644 0005-CVE-2020-12059.patch diff --git a/6000-CVE-2018-16889.patch b/0001-CVE-2018-16889.patch similarity index 100% rename from 6000-CVE-2018-16889.patch rename to 0001-CVE-2018-16889.patch diff --git a/6001-CVE-2018-16846-1.patch b/0002-CVE-2018-16846-1.patch similarity index 100% rename from 6001-CVE-2018-16846-1.patch rename to 0002-CVE-2018-16846-1.patch diff --git a/6002-CVE-2018-16846-2.patch b/0003-CVE-2018-16846-2.patch similarity index 100% rename from 6002-CVE-2018-16846-2.patch rename to 0003-CVE-2018-16846-2.patch diff --git a/6003-CVE-2018-14662.patch b/0004-CVE-2018-14662.patch similarity index 100% rename from 6003-CVE-2018-14662.patch rename to 0004-CVE-2018-14662.patch diff --git a/0005-CVE-2020-12059.patch b/0005-CVE-2020-12059.patch new file mode 100644 index 0000000..4096aa4 --- /dev/null +++ b/0005-CVE-2020-12059.patch @@ -0,0 +1,30 @@ +From 375d926a4f2720a29b079c216bafb884eef985c3 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 22 Apr 2020 11:24:34 +0200 +Subject: [PATCH] rgw: check for tagging element in POST Obj requests + +Check for null element when reading the tagging field from POST obj XML + +Fixes: https://tracker.ceph.com/issues/44967 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_rest_s3.cc | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc +index bfda4232..ac2a0272 100644 +--- a/src/rgw/rgw_rest_s3.cc ++++ b/src/rgw/rgw_rest_s3.cc +@@ -420,6 +420,9 @@ int RGWPutObjTags_ObjStore_S3::get_params() + RGWObjTagging_S3 *tagging; + + tagging = static_cast(parser.find_first("Tagging")); ++ if (!tagging) { ++ return -ERR_MALFORMED_XML; ++ } + obj_tags_s3 = static_cast(tagging->find_first("TagSet")); + if(!obj_tags_s3){ + return -ERR_MALFORMED_XML; +-- +2.27.0 + diff --git a/ceph.spec b/ceph.spec index 50f9112..b178699 100644 --- a/ceph.spec +++ b/ceph.spec @@ -68,7 +68,7 @@ ################################################################################# Name: ceph Version: 12.2.8 -Release: 6 +Release: 7 Epoch: 2 # define _epoch_prefix macro which will expand to the empty string if epoch is @@ -84,10 +84,11 @@ URL: http://ceph.com/ Source0: http://ceph.com/download/ceph-12.2.8.tar.gz # backport for cves -Patch6000: 6000-CVE-2018-16889.patch -Patch6001: 6001-CVE-2018-16846-1.patch -Patch6002: 6002-CVE-2018-16846-2.patch -Patch6003: 6003-CVE-2018-14662.patch +Patch1: 0001-CVE-2018-16889.patch +Patch2: 0002-CVE-2018-16846-1.patch +Patch3: 0003-CVE-2018-16846-2.patch +Patch4: 0004-CVE-2018-14662.patch +Patch5: 0005-CVE-2020-12059.patch %if 0%{?suse_version} %if 0%{?is_opensuse} @@ -154,7 +155,6 @@ BuildRequires: python2-devel BuildRequires: python-nose BuildRequires: python-requests BuildRequires: python-six -BuildRequires: python-virtualenv BuildRequires: snappy-devel BuildRequires: udev BuildRequires: util-linux @@ -1797,6 +1797,10 @@ exit 0 %changelog +* Wed Dec 30 2020 yanglongkang - 1:12.2.8-7 +- fix CVE-2020-12059 + remove the python-virtualenv package from BuildRequires to solve the compilation problem + * Fri Mar 20 2020 hy-euler - 1:12.2.8-6 - Fit openEuler -- Gitee