From 6a342dd65d6dfc43bf6556f5a79a2162a2d6e8a1 Mon Sep 17 00:00:00 2001 From: huangtianhua Date: Tue, 24 May 2022 20:02:09 +0800 Subject: [PATCH] Fix CVE-2020-10755 --- ...edentials-from-connection_properties.patch | 52 +++++++++++++++++++ openstack-cinder.spec | 7 ++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Remove-VxFlex-OS-credentials-from-connection_properties.patch diff --git a/Remove-VxFlex-OS-credentials-from-connection_properties.patch b/Remove-VxFlex-OS-credentials-from-connection_properties.patch new file mode 100644 index 0000000..de197c8 --- /dev/null +++ b/Remove-VxFlex-OS-credentials-from-connection_properties.patch @@ -0,0 +1,52 @@ +diff --git a/cinder/volume/drivers/dell_emc/scaleio/driver.py b/cinder/volume/drivers/dell_emc/scaleio/driver.py +index 12c92b2..7a67f79 100644 +--- a/cinder/volume/drivers/dell_emc/scaleio/driver.py ++++ b/cinder/volume/drivers/dell_emc/scaleio/driver.py +@@ -221,8 +221,7 @@ class ScaleIODriver(driver.VolumeDriver): + 'serverIP': self.server_ip, + 'serverPort': self.server_port, + 'serverUsername': self.server_username, +- 'serverPassword': self.server_password, +- 'serverToken': self.server_token, ++ 'config_group': self.configuration.config_group, + 'iopsLimit': None, + 'bandwidthLimit': None, + } +diff --git a/doc/source/configuration/block-storage/drivers/dell-emc-scaleio-driver.rst b/doc/source/configuration/block-storage/drivers/dell-emc-scaleio-driver.rst +index e8da780..efc82e5 100644 +--- a/doc/source/configuration/block-storage/drivers/dell-emc-scaleio-driver.rst ++++ b/doc/source/configuration/block-storage/drivers/dell-emc-scaleio-driver.rst +@@ -202,6 +202,33 @@ parameters as follows: + san_password = SIO_PASSWD + san_thin_provision = false + ++Connector configuration ++~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Before using attach/detach volume operations VxFlex OS connector must be ++properly configured. On each node where VxFlex OS SDC is installed do the ++following: ++ ++#. Create ``/opt/emc/scaleio/openstack/connector.conf`` if it does not ++ exist. ++ ++ .. code-block:: console ++ ++ $ mkdir -p /opt/emc/scaleio/openstack ++ $ touch /opt/emc/scaleio/openstack/connector.conf ++ ++#. For each VxFlex OS section in the ``cinder.conf`` create the same section in ++ the ``/opt/emc/scaleio/openstack/connector.conf`` and populate it with ++ passwords. Example: ++ ++ .. code-block:: ini ++ ++ [vxflexos] ++ san_password = SIO_PASSWD ++ ++ [vxflexos-new] ++ san_password = SIO2_PASSWD ++ + Configuration options + ~~~~~~~~~~~~~~~~~~~~~ + diff --git a/openstack-cinder.spec b/openstack-cinder.spec index 033dd4c..63a514c 100644 --- a/openstack-cinder.spec +++ b/openstack-cinder.spec @@ -8,7 +8,7 @@ access block storage volumes for use by Virtual Machine instances. Name: openstack-%{service} Version: 12.0.10 -Release: 5 +Release: 6 Summary: OpenStack Volume service License: ASL 2.0 URL: http://www.openstack.org/software/openstack-storage/ @@ -26,6 +26,8 @@ Source21: %{service}.logrotate Source22: %{service}-dist.conf Source23: os-brick.filters +Patch1: Remove-VxFlex-OS-credentials-from-connection_properties.patch + BuildRequires: python2-pbr BuildRequires: python2-reno BuildRequires: python2-devel @@ -425,6 +427,9 @@ exit 0 %endif %changelog +* Mon May 23 2022 huangtianhua - 12.0.10-6 +- Fix CVE-2020-10755 + * Tue Jun 15 2021 OpenStack_SIG - Unify the permissions of some files * Tue Jun 15 2021 OpenStack_SIG -- Gitee