From 8548a6138df3e9fcc9fd04eb11cc114cabf3a60a Mon Sep 17 00:00:00 2001 From: markeryang Date: Wed, 30 Dec 2020 11:37:40 +0800 Subject: [PATCH] fix CVE-2020-12059 --- ...8-16889.patch => 0001-CVE-2018-16889.patch | 0 ...846-1.patch => 0002-CVE-2018-16846-1.patch | 0 ...846-2.patch => 0003-CVE-2018-16846-2.patch | 0 ...8-14662.patch => 0004-CVE-2018-14662.patch | 0 0005-CVE-2020-12059.patch | 30 +++++++++++++++++++ ceph.spec | 14 +++++---- 6 files changed, 39 insertions(+), 5 deletions(-) rename 6000-CVE-2018-16889.patch => 0001-CVE-2018-16889.patch (100%) rename 6001-CVE-2018-16846-1.patch => 0002-CVE-2018-16846-1.patch (100%) rename 6002-CVE-2018-16846-2.patch => 0003-CVE-2018-16846-2.patch (100%) rename 6003-CVE-2018-14662.patch => 0004-CVE-2018-14662.patch (100%) create mode 100644 0005-CVE-2020-12059.patch diff --git a/6000-CVE-2018-16889.patch b/0001-CVE-2018-16889.patch similarity index 100% rename from 6000-CVE-2018-16889.patch rename to 0001-CVE-2018-16889.patch diff --git a/6001-CVE-2018-16846-1.patch b/0002-CVE-2018-16846-1.patch similarity index 100% rename from 6001-CVE-2018-16846-1.patch rename to 0002-CVE-2018-16846-1.patch diff --git a/6002-CVE-2018-16846-2.patch b/0003-CVE-2018-16846-2.patch similarity index 100% rename from 6002-CVE-2018-16846-2.patch rename to 0003-CVE-2018-16846-2.patch diff --git a/6003-CVE-2018-14662.patch b/0004-CVE-2018-14662.patch similarity index 100% rename from 6003-CVE-2018-14662.patch rename to 0004-CVE-2018-14662.patch diff --git a/0005-CVE-2020-12059.patch b/0005-CVE-2020-12059.patch new file mode 100644 index 0000000..4096aa4 --- /dev/null +++ b/0005-CVE-2020-12059.patch @@ -0,0 +1,30 @@ +From 375d926a4f2720a29b079c216bafb884eef985c3 Mon Sep 17 00:00:00 2001 +From: Abhishek Lekshmanan +Date: Wed, 22 Apr 2020 11:24:34 +0200 +Subject: [PATCH] rgw: check for tagging element in POST Obj requests + +Check for null element when reading the tagging field from POST obj XML + +Fixes: https://tracker.ceph.com/issues/44967 +Signed-off-by: Abhishek Lekshmanan +--- + src/rgw/rgw_rest_s3.cc | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc +index bfda4232..ac2a0272 100644 +--- a/src/rgw/rgw_rest_s3.cc ++++ b/src/rgw/rgw_rest_s3.cc +@@ -420,6 +420,9 @@ int RGWPutObjTags_ObjStore_S3::get_params() + RGWObjTagging_S3 *tagging; + + tagging = static_cast(parser.find_first("Tagging")); ++ if (!tagging) { ++ return -ERR_MALFORMED_XML; ++ } + obj_tags_s3 = static_cast(tagging->find_first("TagSet")); + if(!obj_tags_s3){ + return -ERR_MALFORMED_XML; +-- +2.27.0 + diff --git a/ceph.spec b/ceph.spec index dddcffc..d5d2a9e 100644 --- a/ceph.spec +++ b/ceph.spec @@ -68,7 +68,7 @@ ################################################################################# Name: ceph Version: 12.2.8 -Release: 8 +Release: 9 Epoch: 2 # define _epoch_prefix macro which will expand to the empty string if epoch is @@ -84,10 +84,11 @@ URL: http://ceph.com/ Source0: http://ceph.com/download/ceph-12.2.8.tar.gz # backport for cves -Patch6000: 6000-CVE-2018-16889.patch -Patch6001: 6001-CVE-2018-16846-1.patch -Patch6002: 6002-CVE-2018-16846-2.patch -Patch6003: 6003-CVE-2018-14662.patch +Patch1: 0001-CVE-2018-16889.patch +Patch2: 0002-CVE-2018-16846-1.patch +Patch3: 0003-CVE-2018-16846-2.patch +Patch4: 0004-CVE-2018-14662.patch +Patch5: 0005-CVE-2020-12059.patch %if 0%{?suse_version} %if 0%{?is_opensuse} @@ -1796,6 +1797,9 @@ exit 0 %changelog +* Wed Dec 30 2020 yanglongkang - 1:12.2.8-9 +- fix CVE-2020-12059 + * Fri Sep 25 2020 wuguanghao - 1:12.2.8-8 - remove the python-virtualenv package from BuildRequires to solve the compilation problem -- Gitee