!209 fix CVE-2023-43040

From: @wangzengliang1 Reviewed-by: @liuqinfei Signed-off-by: @liuqinfei
2023-10-18 01:32:48 +00:00 · 2023-10-18 01:32:48 +00:00 · fbce188f9c
commit fbce188f9c
parent 9901670669 55becf4a50
2 changed files with 46 additions and 1 deletions
--- a/0023-Fix-CVE-2023-43040.patch
+++ b/0023-Fix-CVE-2023-43040.patch
@ -0,0 +1,41 @@
 From ed97f95b6608fb11703b18d38b6690ee8b3dbcd6 Mon Sep 17 00:00:00 2001
 From: wangzengliang <wangzengliang2@huawei.com>
 Date: Mon, 9 Oct 2023 10:50:45 +0800
 Subject: [PATCH] fix CVE-2023-43040
 Fixes: https://tracker.ceph.com/issues/63004
 copied-by: https://github.com/ceph/ceph/pull/53758
 signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
 ---
 src/rgw/rgw_rest_s3.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
 index 2247c20dd..d06feddd0 100644
 --- a/src/rgw/rgw_rest_s3.cc
 +++ b/src/rgw/rgw_rest_s3.cc
@@ -2660,10 +2660,6 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
   map_qs_metadata(s);
 -  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
 -		    << dendl;
 -  env.add_var("bucket", s->bucket->get_name());
 -
   bool done;
   do {
     struct post_form_part part;
@@ -2714,6 +2710,10 @@ int RGWPostObj_ObjStore_S3::get_params(optional_yield y)
     env.add_var(part.name, part_str);
   } while (!done);
 +  ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
 +		    << dendl;
 +  env.add_var("bucket", s->bucket->get_name());
 +
   string object_str;
   if (!part_str(parts, "key", &object_str)) {
     err_msg = "Key not specified";
 -- 
 2.27.0
--- a/ceph.spec
+++ b/ceph.spec
@ -129,7 +129,7 @@
 #################################################################################
 Name:		ceph
 Version:	16.2.7
-Release:	23
+Release:	24
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
 Epoch:		2
 %endif
@ -169,6 +169,7 @@ Patch19: 0019-include-memory.patch
 Patch20: 0020-compiled-with-gcc12.patch
 Patch21: 0021-boost-enable-sw64-architecture.patch
 Patch22: 0022-add-atomic-library-for-riscv64.patch
 Patch23: 0023-Fix-CVE-2023-43040.patch
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@ -2534,6 +2535,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml
 %changelog
 * Mon Oct 9 2023 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-24
 - fix CVE-2023-43040
 * Wed Aug 23 2023 laokz <zhangkai@iscas.ac.cn> - 2:16.2.7-23
 - fix riscv64 16-byte atomic build error