diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2018-09-13 18:15:37 +0800 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2018-09-18 03:07:53 -0400 |
commit | 4a1ffcdc9939cf3280fd803901f5175502a5ef8f (patch) | |
tree | ba18c25a3328cbf93076f9d82318323f81f339d2 | |
parent | bf98d2e27d31804f559bfc9f7cb0582f3c258ac6 (diff) | |
download | meta-cloud-services-4a1ffcdc9939cf3280fd803901f5175502a5ef8f.tar.gz |
glusterfs: fix CVE-2018-10841
Backport patch to fix the following CVE.
CVE: CVE-2018-10841
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
-rw-r--r-- | recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch | 43 | ||||
-rw-r--r-- | recipes-extended/glusterfs/glusterfs.inc | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch new file mode 100644 index 0000000..dcbb435 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mohit Agrawal <moagrawa@redhat.com> | ||
3 | Date: Wed, 20 Jun 2018 16:13:00 +0530 | ||
4 | Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host | ||
5 | command | ||
6 | |||
7 | Problem: In SSL environment the user is able to access volume | ||
8 | via remote-host command without adding node in a trusted pool | ||
9 | |||
10 | Solution: Change the list of rpc program in glusterd.c at the | ||
11 | time of initialization while SSL is enabled | ||
12 | |||
13 | BUG: 1593232 | ||
14 | Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 | ||
15 | fixes: bz#1593232 | ||
16 | Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | Fix CVE-2018-10841 | ||
20 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
21 | --- | ||
22 | xlators/mgmt/glusterd/src/glusterd.c | 5 ----- | ||
23 | 1 file changed, 5 deletions(-) | ||
24 | |||
25 | diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c | ||
26 | index ef20689..5e0ed8d 100644 | ||
27 | --- a/xlators/mgmt/glusterd/src/glusterd.c | ||
28 | +++ b/xlators/mgmt/glusterd/src/glusterd.c | ||
29 | @@ -1646,11 +1646,6 @@ init (xlator_t *this) | ||
30 | goto out; | ||
31 | } | ||
32 | /* | ||
33 | - * With strong authentication, we can afford to allow | ||
34 | - * privileged operations over TCP. | ||
35 | - */ | ||
36 | - gd_inet_programs[1] = &gd_svc_cli_prog; | ||
37 | - /* | ||
38 | * This is the only place where we want secure_srvr to reflect | ||
39 | * the management-plane setting. | ||
40 | */ | ||
41 | -- | ||
42 | 2.7.4 | ||
43 | |||
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index 8bf5653..ab63a9a 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc | |||
@@ -22,6 +22,7 @@ SRC_URI += "file://glusterd.init \ | |||
22 | file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \ | 22 | file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \ |
23 | file://0001-shared-storage-Prevent-mounting-shared-storage-from-.patch \ | 23 | file://0001-shared-storage-Prevent-mounting-shared-storage-from-.patch \ |
24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ | 24 | file://0002-server-auth-add-option-for-strict-authentication.patch \ |
25 | file://0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" | 28 | LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0" |