diff --git a/CVE-2020-7923.patch b/CVE-2020-7923.patch new file mode 100644 index 0000000000000000000000000000000000000000..55fbdaa9922999019e2146b934ff339e5ca102d5 --- /dev/null +++ b/CVE-2020-7923.patch @@ -0,0 +1,104 @@ +From c8ced6df8f620daaa2e539f192f2eef356c63e9c Mon Sep 17 00:00:00 2001 +From: Drew Paroski +Date: Tue, 28 Apr 2020 18:36:49 -0400 +Subject: [PATCH] SERVER-47773 Error consistently when tailable cursors and + $near are used together + +--- + ...kports_required_for_multiversion_tests.yml | 6 +++++ + jstests/core/geo_near_tailable.js | 25 +++++++++++++++++++ + src/mongo/db/query/canonical_query.cpp | 6 +++++ + src/mongo/db/query/query_planner.cpp | 4 --- + 4 files changed, 37 insertions(+), 4 deletions(-) + create mode 100644 jstests/core/geo_near_tailable.js + +diff --git a/etc/backports_required_for_multiversion_tests.yml b/etc/backports_required_for_multiversion_tests.yml +index 43f5d7f88978..8e79b3c4a660 100644 +--- a/etc/backports_required_for_multiversion_tests.yml ++++ b/etc/backports_required_for_multiversion_tests.yml +@@ -35,6 +35,8 @@ replica_sets_jscore_multiversion_passthrough: + test_file: jstests/core/txns/new_transaction_waits_for_previous_txn_table_updates.js + - ticket: SERVER-46196 + test_file: jstests/core/create_collection_fail_cleanup.js ++- ticket: SERVER-47773 ++ test_file: jstests/core/geo_near_tailable.js + + replica_sets_multiversion: + - ticket: SERVER-42825 +@@ -69,9 +71,13 @@ sharding_multiversion: + sharding_jscore_multiversion_passthrough: + - ticket: SERVER-46196 + test_file: jstests/core/create_collection_fail_cleanup.js ++- ticket: SERVER-47773 ++ test_file: jstests/core/geo_near_tailable.js + + sharded_collections_jscore_multiversion_passthrough: + - ticket: SERVER-35921 + test_file: jstests/core/min_max_key.js + - ticket: SERVER-46196 + test_file: jstests/core/create_collection_fail_cleanup.js ++- ticket: SERVER-47773 ++ test_file: jstests/core/geo_near_tailable.js +diff --git a/jstests/core/geo_near_tailable.js b/jstests/core/geo_near_tailable.js +new file mode 100644 +index 000000000000..405e236707c1 +--- /dev/null ++++ b/jstests/core/geo_near_tailable.js +@@ -0,0 +1,25 @@ ++// @tags: [requires_capped] ++// ++// Tests that combine $geoNear and tailable cursors. ++// ++(function() { ++"use strict"; ++ ++let cmdRes; ++const collName = 'geo_near_tailable'; ++const cappedCollName = 'geo_near_tailable_capped'; ++ ++// Avoid using the drop() shell helper here in order to avoid "implicit collection recreation" ++// which can happen when this test runs in certain passthroughs. For details, see ++// "jstests/libs/override_methods/implicitly_shard_accessed_collections.js". ++db.runCommand({drop: collName}); ++db.runCommand({drop: cappedCollName}); ++assert.commandWorked(db.createCollection(collName)); ++assert.commandWorked(db.createCollection(cappedCollName, {capped: true, size: 10000})); ++ ++// Error when tailable option is used with NEAR. ++cmdRes = db.runCommand({find: collName, filter: {a: {$geoNear: [1, 2]}}, tailable: true}); ++assert.commandFailedWithCode(cmdRes, ErrorCodes.BadValue); ++cmdRes = db.runCommand({find: cappedCollName, filter: {a: {$geoNear: [1, 2]}}, tailable: true}); ++assert.commandFailedWithCode(cmdRes, ErrorCodes.BadValue); ++})(); +diff --git a/src/mongo/db/query/canonical_query.cpp b/src/mongo/db/query/canonical_query.cpp +index c44d95e344d0..d8b34b3b9e19 100644 +--- a/src/mongo/db/query/canonical_query.cpp ++++ b/src/mongo/db/query/canonical_query.cpp +@@ -467,6 +467,12 @@ StatusWith CanonicalQuery::isValid(MatchExpression* root, + return Status(ErrorCodes::BadValue, "text and tailable cursor not allowed in same query"); + } + ++ // NEAR and tailable are incompatible. ++ if (numGeoNear > 0 && request.isTailable()) { ++ return Status(ErrorCodes::BadValue, ++ "Tailable cursors and geo $near cannot be used together"); ++ } ++ + // $natural sort order must agree with hint. + if (sortNaturalElt) { + if (!hintObj.isEmpty() && !hintNaturalElt) { +diff --git a/src/mongo/db/query/query_planner.cpp b/src/mongo/db/query/query_planner.cpp +index 5c8337ee25b0..29413613cc65 100644 +--- a/src/mongo/db/query/query_planner.cpp ++++ b/src/mongo/db/query/query_planner.cpp +@@ -569,10 +569,6 @@ StatusWith>> QueryPlanner::plan( + "Running with 'notablescan', so tailable cursors (which always do a table " + "scan) are not allowed"); + } +- if (QueryPlannerCommon::hasNode(query.root(), MatchExpression::GEO_NEAR)) { +- return Status(ErrorCodes::NoQueryExecutionPlans, +- "Tailable cursors and geo $near cannot be used together"); +- } + auto soln = buildCollscanSoln(query, isTailable, params); + if (!soln) { + return Status(ErrorCodes::NoQueryExecutionPlans, diff --git a/mongodb.spec b/mongodb.spec index ddbba4572b8097a5c5ed78b55646faba439e96fb..d05a2da0ab181dbf049c484fc7d800692851e8da 100644 --- a/mongodb.spec +++ b/mongodb.spec @@ -2,13 +2,14 @@ Name: mongodb Version: 4.5.0 -Release: 2 +Release: 3 Summary: The global cloud database service for modern applications License: SSPL URL: http://www.mongodb.org Source0: https://github.com/mongodb/mongo/archive/r%{version}.tar.gz Source1: mongod.conf Source2: mongod.service +Patch0000: CVE-2020-7923.patch BuildRequires: gcc-c++ >= 5.3.0 boost-devel >= 1.56 gperftools-devel libpcap-devel libstemmer-devel BuildRequires: openssl-devel pcre-devel python3-scons snappy-devel yaml-cpp-devel zlib-devel systemd BuildRequires: valgrind-devel libcurl-devel python3-devel python3-yaml python3-requests python3-cheetah @@ -137,6 +138,9 @@ fi %{_mandir}/man1/{mongo.1*,mongod.1*,mongos.1*} %changelog +* Tue Mar 23 2021 wangxiao - 4.5.0-3 +- Fix CVE-2020-7923 + * Fri Jun 23 2020 Captain Wei - 4.5.0-2 - add dependency package