From e6a1a4afa185ce2c98c6e491cccdfde17046d595 Mon Sep 17 00:00:00 2001 From: liksh Date: Mon, 23 May 2022 20:09:56 +0800 Subject: [PATCH] fix Fix CVE-2020-10755 Signed-off-by: liksh --- 0001-VxFlex-OS-password.patch | 71 +++++++++++++++++++++++++++++++++++ openstack-cinder.spec | 7 +++- 2 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 0001-VxFlex-OS-password.patch diff --git a/0001-VxFlex-OS-password.patch b/0001-VxFlex-OS-password.patch new file mode 100644 index 0000000..c68719c --- /dev/null +++ b/0001-VxFlex-OS-password.patch @@ -0,0 +1,71 @@ +From 1662c1992cb756592cc08c6aa9d6318784887ed4 Mon Sep 17 00:00:00 2001 +From: Ivan Pchelintsev +Date: Fri, 29 May 2020 12:44:33 +0300 +Subject: [PATCH] Remove VxFlex OS credentials from connection_properties + +VxFlex OS password is not stored in block_device_mapping table. Instead of this +passwords are stored in separate file and are retrieved during each attach/detach +operation. + +Change-Id: Id3c32644d6d044c321883600c467bdef23c934f0 +--- + .../volume/drivers/dell_emc/scaleio/driver.py | 3 +-- + .../drivers/dell-emc-vxflex-driver.rst | 27 +++++++++++++++++++ + 2 files changed, 28 insertions(+), 2 deletions(-) + +diff --git a/cinder/volume/drivers/dell_emc/scaleio/driver.py b/cinder/volume/drivers/dell_emc/scaleio/driver.py +index 281f6e1d4..8a4d3270e 100644 +--- a/cinder/volume/drivers/dell_emc/scaleio/driver.py ++++ b/cinder/volume/drivers/dell_emc/scaleio/driver.py +@@ -226,8 +226,7 @@ class ScaleIODriver(driver.VolumeDriver): + 'serverIP': self.server_ip, + 'serverPort': self.server_port, + 'serverUsername': self.server_username, +- 'serverPassword': self.server_password, +- 'serverToken': self.server_token, ++ 'config_group': self.configuration.config_group, + 'iopsLimit': None, + 'bandwidthLimit': None, + } +diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst +index 7f354533f..29aa81cbd 100644 +--- a/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst ++++ b/doc/source/configuration/block-storage/drivers/dell-emc-vxflex-driver.rst +@@ -211,6 +211,33 @@ parameters as follows: + san_password = SIO_PASSWD + san_thin_provision = false + ++Connector configuration ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Before using attach/detach volume operations VxFlex OS connector must be ++properly configured. On each node where VxFlex OS SDC is installed do the ++following: ++ ++#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not ++ exist. ++ ++ .. code-block:: console ++ ++ $ mkdir -p /opt/emc/scaleio/openstack ++ $ touch /opt/emc/scaleio/openstack/connector.conf ++ ++#. For each VxFlexOS section in the ``cinder.conf`` create the same section in ++ the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with ++ passwords. Example: ++ ++ .. code-block:: ini ++ ++ [vxflexos] ++ san_password = SIO_PASSWD ++ ++ [vxflexos-new] ++ san_password = SIO2_PASSWD ++ + .. _cg_configuration_options_emc: + + Configuration options +-- +2.17.1 + + diff --git a/openstack-cinder.spec b/openstack-cinder.spec index 655c798..280e188 100644 --- a/openstack-cinder.spec +++ b/openstack-cinder.spec @@ -8,7 +8,7 @@ access block storage volumes for use by Virtual Machine instances. Name: openstack-%{service} Version: 13.0.9 -Release: 5 +Release: 6 Summary: OpenStack Volume service License: ASL 2.0 URL: http://www.openstack.org/software/openstack-storage/ @@ -26,6 +26,8 @@ Source21: %{service}.logrotate Source22: %{service}-dist.conf Source23: os-brick.filters +Patch1: 0001-VxFlex-OS-password.patch + BuildRequires: python2-pbr BuildRequires: python2-reno BuildRequires: python2-devel @@ -425,6 +427,9 @@ exit 0 %endif %changelog +* Mon May 23 2022 liksh - 13.0.9-6 +- Fix CVE-2020-10755 + * Tue Jun 15 2021 OpenStack_SIG - Unify the permissions of some files * Tue Jun 15 2021 OpenStack_SIG -- Gitee