Fix CVE-2022-2735
This commit is contained in:
jxy_git
parent
638ed39d10
commit
b0c7d79390
46
0003-CVE-2022-2735.patch
Normal file
46
0003-CVE-2022-2735.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From 8a948565932a0ef93aedda6b2b3f4b9bab5e161f Mon Sep 17 00:00:00 2001
|
||||
From: jxy_git <jiangxinyu@kylinos.cn>
|
||||
Date: Wed, 7 Sep 2022 14:34:47 +0800
|
||||
Subject: [PATCH] CVE-2022-2735
|
||||
|
||||
---
|
||||
pcsd/rserver.rb | 23 +++++++++++++++++++++++
|
||||
1 file changed, 23 insertions(+)
|
||||
|
||||
diff --git a/pcsd/rserver.rb b/pcsd/rserver.rb
|
||||
index c37f9df..a54509f 100644
|
||||
--- a/pcsd/rserver.rb
|
||||
+++ b/pcsd/rserver.rb
|
||||
@@ -7,6 +7,29 @@ require 'thin'
|
||||
|
||||
require 'settings.rb'
|
||||
|
||||
+# Replace Thin::Backends::UnixServer:connect
|
||||
+# The only change is 'File.umask(0o777)' instead of 'File.umask(0)' to properly
|
||||
+# set python-ruby socket permissions
|
||||
+module Thin
|
||||
+ module Backends
|
||||
+ class UnixServer < Base
|
||||
+ def connect
|
||||
+ at_exit { remove_socket_file } # In case it crashes
|
||||
+ old_umask = File.umask(0o077)
|
||||
+ begin
|
||||
+ EventMachine.start_unix_domain_server(@socket, UnixConnection, &method(:initialize_connection))
|
||||
+ # HACK EventMachine.start_unix_domain_server doesn't return the connection signature
|
||||
+ # so we have to go in the internal stuff to find it.
|
||||
+ @signature = EventMachine.instance_eval{@acceptors.keys.first}
|
||||
+ ensure
|
||||
+ File.umask(old_umask)
|
||||
+ end
|
||||
+ end
|
||||
+ end
|
||||
+ end
|
||||
+end
|
||||
+
|
||||
+
|
||||
def pack_response(response)
|
||||
return [200, {}, [response.to_json.to_str]]
|
||||
end
|
||||
--
|
||||
2.33.0
|
||||
|
||||
10
pcs.spec
10
pcs.spec
@ -1,6 +1,6 @@
|
||||
Name: pcs
|
||||
Version: 0.10.8
|
||||
Release: 3
|
||||
Release: 4
|
||||
License: GPLv2 and BSD-2-Clause and ASL 2.0 and MIT
|
||||
URL: https://github.com/ClusterLabs/pcs
|
||||
Summary: Pacemaker Configuration System
|
||||
@ -43,6 +43,8 @@ Source4: https://github.com/idevat/pcs-web-ui/releases/download/%{ui_commit}/pcs
|
||||
|
||||
Patch0: 0001-Resolve-the-failure-of-field-matching-in-test-cases.patch
|
||||
Patch1: 0002-FIX-CVE-2022-1049.patch
|
||||
Patch2: 0003-CVE-2022-2735.patch
|
||||
|
||||
# git for patches
|
||||
BuildRequires: make
|
||||
#printf from coreutils is used in makefile
|
||||
@ -386,6 +388,12 @@ remove_all_tests
|
||||
%license pyagentx_LICENSE.txt
|
||||
|
||||
%changelog
|
||||
* Wed Sep 07 2022 jiangxinyu <jiangxinyu@kylinos.cn> - 0.10.8-4
|
||||
- Type:cves
|
||||
- ID:CVE-2022-2735
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-2735
|
||||
|
||||
* Wed Jul 20 2022 wangqiang <wangqiang1@kylinos.cn> - 0.10.8-3
|
||||
- Type:Feature
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user