From 86c9ed76cb0ad9badf6b2f5003be8585c494223c Mon Sep 17 00:00:00 2001
From: wangzengliang1 <wangzengliang2@huawei.com>
Date: Fri, 21 Feb 2025 10:56:15 +0800
Subject: [PATCH] fix-CVE-2024-48916

Signed-off-by: wangzengliang1 <wangzengliang2@huawei.com>
---
 0018-fix-CVE-2024-48916.patch | 33 +++++++++++++++++++++++++++++++++
 ceph.spec                     |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 0018-fix-CVE-2024-48916.patch

diff --git a/0018-fix-CVE-2024-48916.patch b/0018-fix-CVE-2024-48916.patch
new file mode 100644
index 0000000..8f38e35
--- /dev/null
+++ b/0018-fix-CVE-2024-48916.patch
@@ -0,0 +1,33 @@
+From d543770ca4c0ae6a9882cb5796298d9240f42e6f Mon Sep 17 00:00:00 2001
+From: wangzengliang1 <wangzengliang2@huawei.com>
+Date: Mon, 20 Jan 2025 11:05:26 +0800
+Subject: [PATCH] cve-2024-48916
+copyed-by: https://github.com/ceph/ceph/pull/60624
+  while authenticating AssumeRoleWithWebIdentity using JWT obtained
+  from an external IDP.
+
+fixes: https://tracker.ceph.com/issues/68836
+Signed-off-by Pritha Srivastava <prsrivas@redhat.com>
+---
+ src/rgw/rgw_rest_sts.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
+index af1b96c..9c24c68 100644
+--- a/src/rgw/rgw_rest_sts.cc
++++ b/src/rgw/rgw_rest_sts.cc
+@@ -291,7 +291,11 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec
+                               .allow_algorithm(jwt::algorithm::ps512{cert});
+ 
+                 verifier.verify(decoded);
++              } else {
++                ldpp_dout(dpp, 0) << "Unsupported algorithm: " << algorithm << dendl;
++                throw -EINVAL;
+               }
++
+             } catch (std::runtime_error& e) {
+               ldpp_dout(dpp, 0) << "Signature validation failed: " << e.what() << dendl;
+               throw;
+-- 
+1.8.3.1
+
diff --git a/ceph.spec b/ceph.spec
index 1c142e9..59a0b45 100644
--- a/ceph.spec
+++ b/ceph.spec
@@ -125,7 +125,7 @@
 #################################################################################
 Name:		ceph
 Version:	16.2.7
-Release:	21
+Release:	22
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
 Epoch:		2
 %endif
@@ -160,6 +160,7 @@ Patch14: 0014-fix-CVE-2022-3854.patch
 Patch15: 0015-ceph-volume-add-judgment-for-ceph-volume-lvm-activat.patch
 Patch16: 0016-fix-CVE-2023-46159.patch
 Patch17: 0017-fix-osd-activate-error-when-node-reboot.patch
+Patch18: 0018-fix-CVE-2024-48916.patch
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@@ -2504,6 +2505,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 
 %changelog
+* Fri Feb 21 2025 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-22
+- fix-CVE-2024-48916
+
 * Fri Nov 01 2024 yangxiaoliang <yangxiaoliang@uniontech.com> - 2:16.2.7-21
 - fix osd activate error when node reboot
 
-- 
Gitee