!247 fix CVE-2023-46159

From: @qiuxinyidian 
Reviewed-by: @rosinL, @liuqinfei 
Signed-off-by: @rosinL

0025-fix-rgw-ldap-safe_read_file-can-return-0.patch

@@ -0,0 +1,31 @@
+From 65cd8accc127c6765f083a389455ce73b7517e11 Mon Sep 17 00:00:00 2001
+From: Matt Benjamin <mbenjamin@redhat.com>
+Date: Fri, 4 Jan 2019 15:31:56 -0500
+Subject: [PATCH] rgw ldap: safe_read_file can return < 0
+
+Avoid invalid string access when LDAP auth is enabled, but LDAP
+secret is not set.  This is Casey's fix for the problem.
+
+Fixes: https://tracker.ceph.com/issues/24228
+
+Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
+---
+ src/rgw/rgw_ldap.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
+index a39afa6c..d1681641 100644
+--- a/src/rgw/rgw_ldap.cc
++++ b/src/rgw/rgw_ldap.cc
+@@ -27,7 +27,7 @@ std::string parse_rgw_ldap_bindpw(CephContext* ctx)
+       memset(bindpw, 0, 1024);
+       int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(),
+ 				 bindpw, 1023);
+-    if (pwlen) {
++    if (pwlen > 0) {
+       ldap_bindpw = bindpw;
+       boost::algorithm::trim(ldap_bindpw);
+       if (ldap_bindpw.back() == '\n')
+-- 
+2.30.0
+

0027-fix-CVE-2023-43040.patch

@@ -0,0 +1,41 @@
+From 62010cd68bb68207d51c2e373ff9a4a18a2b005c Mon Sep 17 00:00:00 2001
+From: wangzengliang <wangzengliang2@huawei.com>
+Date: Wed, 18 Oct 2023 11:18:56 +0800
+Subject: [PATCH] fix CVE-2023-43040
+
+Fixes: https://tracker.ceph.com/issues/63004
+copied-by: https://github.com/ceph/ceph/pull/53758
+signed-off-by: Joshua Baergen <jbaergen@gigitalocean.com>
+---
+ src/rgw/rgw_rest_s3.cc | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index 3b07327f..4b039430 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -1547,10 +1547,6 @@ int RGWPostObj_ObjStore_S3::get_params()
+     return op_ret;
+   }
+ 
+-  ldout(s->cct, 20) << "adding bucket to policy env: " << s->bucket.name
+-		    << dendl;
+-  env.add_var("bucket", s->bucket.name);
+-
+   bool done;
+   do {
+     struct post_form_part part;
+@@ -1601,6 +1597,10 @@ int RGWPostObj_ObjStore_S3::get_params()
+     env.add_var(part.name, part_str);
+   } while (!done);
+ 
++  ldout(s->cct, 20) << "adding bucket to policy env: " << s->bucket.name
++		    << dendl;
++  env.add_var("bucket", s->bucket.name);
++
+   string object_str;
+   if (!part_str(parts, "key", &object_str)) {
+     err_msg = "Key not specified";
+-- 
+2.27.0
+

0028-fix-CVE-2023-46159.patch

@@ -0,0 +1,51 @@
+From 64803e1ced57d64b758927c3977bb4a4d1769180 Mon Sep 17 00:00:00 2001
+From: Joshua Baergen <jbaergen@digitalocean.com>
+Date: Tue, 12 Sep 2023 14:05:01 -0400
+Subject: [PATCH] rgw: Add missing empty checks to the split string in
+ is_string_in_set().
+
+In certain cases, where a user misconfigures a CORS rule, the entirety
+of the string can be token characters (or, at least, the string before
+and after a given token is all token characters), but != "*". If the
+misconfigured string includes "*" we'll try to split the string and we
+assume that we can pop the list of string elements when "*" isn't
+first/last, but get_str_list() won't return anything for token-only
+substrings and thus 'ssplit' will have fewer elements than would be
+expected for a correct rule. In the case of an empty list, front() has
+undefined behaviour; in our experience, it often results in a huge
+allocation attempt because the code tries to copy the string into a
+local variable 'sl'.
+
+An example of this misconfiguration (and thus a reproduction case) is
+configuring an origin of " *".
+
+Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
+---
+ src/rgw/rgw_cors.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/rgw/rgw_cors.cc b/src/rgw/rgw_cors.cc
+index e41abf8ccb..bb80e2b58d 100644
+--- a/src/rgw/rgw_cors.cc
++++ b/src/rgw/rgw_cors.cc
+@@ -94,6 +94,8 @@ static bool is_string_in_set(set<string>& s, string h) {
+       
+       get_str_list((*it), "* \t", ssplit);
+       if (off != 0) {
++        if (ssplit.empty())
++          continue;
+         string sl = ssplit.front();
+         flen = sl.length();
+         dout(10) << "Finding " << sl << ", in " << h << ", at offset 0" << dendl;
+@@ -102,6 +104,8 @@ static bool is_string_in_set(set<string>& s, string h) {
+         ssplit.pop_front();
+       }
+       if (off != ((*it).length() - 1)) {
++        if (ssplit.empty())
++          continue;
+         string sl = ssplit.front();
+         dout(10) << "Finding " << sl << ", in " << h 
+           << ", at offset not less than " << flen << dendl;
+-- 
+2.15.0
+

ceph.spec

@@ -68,7 +68,7 @@
 #################################################################################
 Name:		ceph
 Version:	12.2.8
-Release:	20
+Release:	25
 Epoch:		2
 
 # define _epoch_prefix macro which will expand to the empty string if epoch is
@@ -108,6 +108,10 @@ Patch21: 0021-common-mempool-Add-test-for-mempool-shards.patch
 Patch22: 0022-common-mempool-Modify-shard-selection-function.patch
 Patch23: 0023-common-mempool-only-fail-tests-if-sharding-is-very-b.patch
 Patch24: 0024-CVE-2021-3979.patch
+Patch25: 0025-fix-rgw-ldap-safe_read_file-can-return-0.patch
+Patch26: 0026-CVE-2021-20288.patch
+Patch27: 0027-fix-CVE-2023-43040.patch
+Patch28: 0028-fix-CVE-2023-46159.patch
 
 Requires:	glibc >= 2.28-66
 
@@ -1086,7 +1090,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-disk@\*.service ceph.target
+%systemd_post ceph-disk@\x2a.service ceph.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph.target >/dev/null 2>&1 || :
@@ -1097,7 +1101,7 @@ fi
 %service_del_preun ceph-disk@\*.service ceph.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-disk@\*.service ceph.target
+%systemd_preun ceph-disk@\x2a.service ceph.target
 %endif
 
 %postun base
@@ -1108,7 +1112,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-disk@\*.service ceph.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-disk@\*.service ceph.target
+%systemd_postun ceph-disk@\x2a.service ceph.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1235,7 +1239,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-mds@\*.service ceph-mds.target
+%systemd_post ceph-mds@\x2a.service ceph-mds.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-mds.target >/dev/null 2>&1 || :
@@ -1246,7 +1250,7 @@ fi
 %service_del_preun ceph-mds@\*.service ceph-mds.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-mds@\*.service ceph-mds.target
+%systemd_preun ceph-mds@\x2a.service ceph-mds.target
 %endif
 
 %postun mds
@@ -1256,7 +1260,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-mds@\*.service ceph-mds.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-mds@\*.service ceph-mds.target
+%systemd_postun ceph-mds@\x2a.service ceph-mds.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1284,7 +1288,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-mgr@\*.service ceph-mgr.target
+%systemd_post ceph-mgr@\x2a.service ceph-mgr.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-mgr.target >/dev/null 2>&1 || :
@@ -1295,7 +1299,7 @@ fi
 %service_del_preun ceph-mgr@\*.service ceph-mgr.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-mgr@\*.service ceph-mgr.target
+%systemd_preun ceph-mgr@\x2a.service ceph-mgr.target
 %endif
 
 %postun mgr
@@ -1305,7 +1309,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-mgr@\*.service ceph-mgr.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-mgr@\*.service ceph-mgr.target
+%systemd_postun ceph-mgr@\x2a.service ceph-mgr.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1337,7 +1341,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-mon@\*.service ceph-mon.target
+%systemd_post ceph-mon@\x2a.service ceph-mon.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-mon.target >/dev/null 2>&1 || :
@@ -1348,7 +1352,7 @@ fi
 %service_del_preun ceph-mon@\*.service ceph-mon.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-mon@\*.service ceph-mon.target
+%systemd_preun ceph-mon@\x2a.service ceph-mon.target
 %endif
 
 %postun mon
@@ -1358,7 +1362,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-mon@\*.service ceph-mon.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-mon@\*.service ceph-mon.target
+%systemd_postun ceph-mon@\x2a.service ceph-mon.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1396,7 +1400,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-rbd-mirror@\*.service ceph-rbd-mirror.target
+%systemd_post ceph-rbd-mirror@\x2a.service ceph-rbd-mirror.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-rbd-mirror.target >/dev/null 2>&1 || :
@@ -1407,7 +1411,7 @@ fi
 %service_del_preun ceph-rbd-mirror@\*.service ceph-rbd-mirror.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-rbd-mirror@\*.service ceph-rbd-mirror.target
+%systemd_preun ceph-rbd-mirror@\x2a.service ceph-rbd-mirror.target
 %endif
 
 %postun -n rbd-mirror
@@ -1417,7 +1421,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-rbd-mirror@\*.service ceph-rbd-mirror.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-rbd-mirror@\*.service ceph-rbd-mirror.target
+%systemd_postun ceph-rbd-mirror@\x2a.service ceph-rbd-mirror.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1452,7 +1456,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-radosgw@\*.service ceph-radosgw.target
+%systemd_post ceph-radosgw@\x2a.service ceph-radosgw.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-radosgw.target >/dev/null 2>&1 || :
@@ -1463,7 +1467,7 @@ fi
 %service_del_preun ceph-radosgw@\*.service ceph-radosgw.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-radosgw@\*.service ceph-radosgw.target
+%systemd_preun ceph-radosgw@\x2a.service ceph-radosgw.target
 %endif
 
 %postun radosgw
@@ -1473,7 +1477,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-radosgw@\*.service ceph-radosgw.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-radosgw@\*.service ceph-radosgw.target
+%systemd_postun ceph-radosgw@\x2a.service ceph-radosgw.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1520,7 +1524,7 @@ if [ $1 -eq 1 ] ; then
 fi
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_post ceph-osd@\*.service ceph-volume@\*.service ceph-osd.target
+%systemd_post ceph-osd@\x2a.service ceph-volume@\x2a.service ceph-osd.target
 %endif
 if [ $1 -eq 1 ] ; then
 /usr/bin/systemctl start ceph-osd.target >/dev/null 2>&1 || :
@@ -1538,7 +1542,7 @@ chown -f -h ceph:ceph /var/lib/ceph/osd/*/block* 2>&1 > /dev/null || :
 %service_del_preun ceph-osd@\*.service ceph-volume@\*.service ceph-osd.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_preun ceph-osd@\*.service ceph-volume@\*.service ceph-osd.target
+%systemd_preun ceph-osd@\x2a.service ceph-volume@\x2a.service ceph-osd.target
 %endif
 
 %postun osd
@@ -1548,7 +1552,7 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %service_del_postun ceph-osd@\*.service ceph-volume@\*.service ceph-osd.target
 %endif
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
-%systemd_postun ceph-osd@\*.service ceph-volume@\*.service ceph-osd.target
+%systemd_postun ceph-osd@\x2a.service ceph-volume@\x2a.service ceph-osd.target
 %endif
 if [ $FIRST_ARG -ge 1 ] ; then
   # Restart on upgrade, but only if "CEPH_AUTO_RESTART_ON_UPGRADE" is set to
@@ -1856,6 +1860,22 @@ exit 0
 
 
 %changelog
+* Fri Mar 22 2024 lizhipeng <qiuxinyidian@gmail.com> - 2:12.2.8-25
+- fix CVE-2023-46159
+
+* Sat Nov 25 2023 wangzengliang <wangzengliang2@huawei.com> - 2:12.2.8-24
+- fix * recognition error when install
+
+* Wed Oct 18 2023 wangzengliang <wangzengliang2@huawei.com> - 2:12.2.8-23
+- fix CVE-2023-43040
+- sync PR #207
+
+* Mon May 23 2022 wangzengliang <wangzengliang1@huawei.com> - 2:12.2.8-22
+- 0026-CVE-2021-20288.patch
+
+* Mon May 23 2022 wangzengliang <wangzengliang1@huawei.com> - 2:12.2.8-21
+- fix rgw ldap:safe_read_file can return 0
+
 * Sun Jan 29 2022 luo rixin <luorixin@huawei.com> - 1:12.2.8-20
 - fix CVE-2021-3979