1 files changed, 43 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch
new file mode 100644
index 0000000..dcbb435
--- /dev/null
+++ b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch
@@ -0,0 +1,43 @@
+From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001
+From: Mohit Agrawal <moagrawa@redhat.com>
+Date: Wed, 20 Jun 2018 16:13:00 +0530
+Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host
+ command
+Problem: In SSL environment the user is able to access volume
+         via remote-host command without adding node in a trusted pool
+Solution: Change the list of rpc program in glusterd.c at the
+          time of initialization while SSL is enabled
+BUG: 1593232
+Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
+fixes: bz#1593232
+Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
+Upstream-Status: Backport
+Fix CVE-2018-10841
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ xlators/mgmt/glusterd/src/glusterd.c | 5 -----
+ 1 file changed, 5 deletions(-)
+diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
+index ef20689..5e0ed8d 100644
+--- a/xlators/mgmt/glusterd/src/glusterd.c
+++ b/xlators/mgmt/glusterd/src/glusterd.c
+@@ -1646,11 +1646,6 @@ init (xlator_t *this)
+                         goto out;
+                 }
+                 /*
+-                 * With strong authentication, we can afford to allow
+-                 * privileged operations over TCP.
+-                 */
+-                gd_inet_programs[1] = &gd_svc_cli_prog;
+-                /*
+                  * This is the only place where we want secure_srvr to reflect
+                  * the management-plane setting.
+                  */
+-- 
+2.7.4

diff --git a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch new file mode 100644 index 0000000..dcbb435 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch
@@ -0,0 +1,43 @@
	1	From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001
	2	From: Mohit Agrawal <moagrawa@redhat.com>
	3	Date: Wed, 20 Jun 2018 16:13:00 +0530
	4	Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host
	5	command
	6
	7	Problem: In SSL environment the user is able to access volume
	8	via remote-host command without adding node in a trusted pool
	9
	10	Solution: Change the list of rpc program in glusterd.c at the
	11	time of initialization while SSL is enabled
	12
	13	BUG: 1593232
	14	Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
	15	fixes: bz#1593232
	16	Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
	17
	18	Upstream-Status: Backport
	19	Fix CVE-2018-10841
	20	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
	21	---
	22	xlators/mgmt/glusterd/src/glusterd.c \| 5 -----
	23	1 file changed, 5 deletions(-)
	24
	25	diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
	26	index ef20689..5e0ed8d 100644
	27	--- a/xlators/mgmt/glusterd/src/glusterd.c
	28	+++ b/xlators/mgmt/glusterd/src/glusterd.c
	29	@@ -1646,11 +1646,6 @@ init (xlator_t *this)
	30	goto out;
	31	}
	32	/*
	33	- * With strong authentication, we can afford to allow
	34	- * privileged operations over TCP.
	35	- */
	36	- gd_inet_programs[1] = &gd_svc_cli_prog;
	37	- /*
	38	* This is the only place where we want secure_srvr to reflect
	39	* the management-plane setting.
	40	*/
	41	--
	42	2.7.4
	43