From 6c47ebe897e78592f876056873557dad7a7a7267 Mon Sep 17 00:00:00 2001 From: Kevin Lockwood Date: Mon, 27 Jan 2025 16:45:11 -0800 Subject: [PATCH 1/2] Patch ceph to fix CVE-2020-22217 [Medium] --- SPECS/ceph/0001-CVE-2020-22217.patch | 27 +++++++++++++++++++++++++++ SPECS/ceph/ceph.spec | 10 +++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 SPECS/ceph/0001-CVE-2020-22217.patch diff --git a/SPECS/ceph/0001-CVE-2020-22217.patch b/SPECS/ceph/0001-CVE-2020-22217.patch new file mode 100644 index 00000000000..62898d5dd23 --- /dev/null +++ b/SPECS/ceph/0001-CVE-2020-22217.patch @@ -0,0 +1,27 @@ +From 97568ddb836a9680c93335a3f8ca0f2c0616ccdc Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Mon, 27 Jan 2025 16:19:53 -0800 +Subject: [PATCH] Fix CVE-2020-22217 in c-ares + +Link: https://github.com/c-ares/c-ares/pull/332 +--- + src/c-ares/ares_parse_soa_reply.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/c-ares/ares_parse_soa_reply.c b/src/c-ares/ares_parse_soa_reply.c +index 35af0a75c..5924bbca9 100644 +--- a/src/c-ares/ares_parse_soa_reply.c ++++ b/src/c-ares/ares_parse_soa_reply.c +@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, + status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); + if (status != ARES_SUCCESS) + goto failed_stat; ++ ++ if (alen <= len + HFIXEDSZ + 1) ++ goto failed; + aptr += len; + + /* skip qtype & qclass */ +-- +2.34.1 + diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec index 06d7c026466..1af341a6fb0 100644 --- a/SPECS/ceph/ceph.spec +++ b/SPECS/ceph/ceph.spec @@ -1,11 +1,11 @@ #disable debuginfo because ceph-debuginfo rpm is too large %define debug_package %{nil} %define _unpackaged_files_terminate_build 0 - + Summary: User space components of the Ceph file system Name: ceph Version: 18.2.2 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0 URL: https://ceph.io/ Vendor: Microsoft Corporation @@ -14,6 +14,7 @@ Source0: https://download.ceph.com/tarballs/%{name}-%{version}.tar.gz Patch0: 0034-src-pybind-rbd-rbd.pyx.patch Patch1: 0032-cmake-modules-BuildBoost.cmake.patch Patch2: CVE-2024-52338.patch +Patch3: 0001-CVE-2020-22217.patch # # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file # at the top-level directory of this distribution and at @@ -895,7 +896,7 @@ This package provides a Ceph hardware monitoring agent. # common ################################################################################# %prep -%autosetup -p1 +%autosetup -p1 %build # LTO can be enabled as soon as the following GCC bug is fixed: @@ -2000,6 +2001,9 @@ exit 0 %changelog +* Mon Jan 27 2025 Kevin Lockwood - 18.2.2-3 +- Fix for CVE-2020-22217 + * Wed Dec 4 2024 Bhagyashri Pathak - 18.2.2-2 - Fix for CVE-2024-52338 From cd69ba585a2290221a30c476ec0bf51fe69d3858 Mon Sep 17 00:00:00 2001 From: Kevin Lockwood Date: Tue, 28 Jan 2025 14:24:46 -0800 Subject: [PATCH 2/2] Exclude unnecessary patch number prefex --- SPECS/ceph/{0001-CVE-2020-22217.patch => CVE-2020-22217.patch} | 0 SPECS/ceph/ceph.spec | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename SPECS/ceph/{0001-CVE-2020-22217.patch => CVE-2020-22217.patch} (100%) diff --git a/SPECS/ceph/0001-CVE-2020-22217.patch b/SPECS/ceph/CVE-2020-22217.patch similarity index 100% rename from SPECS/ceph/0001-CVE-2020-22217.patch rename to SPECS/ceph/CVE-2020-22217.patch diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec index 1af341a6fb0..c11823f5456 100644 --- a/SPECS/ceph/ceph.spec +++ b/SPECS/ceph/ceph.spec @@ -14,7 +14,7 @@ Source0: https://download.ceph.com/tarballs/%{name}-%{version}.tar.gz Patch0: 0034-src-pybind-rbd-rbd.pyx.patch Patch1: 0032-cmake-modules-BuildBoost.cmake.patch Patch2: CVE-2024-52338.patch -Patch3: 0001-CVE-2020-22217.patch +Patch3: CVE-2020-22217.patch # # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file # at the top-level directory of this distribution and at