packages/cloud-init
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-8631 CVE-2020-8632

Browse Source
This commit is contained in:
yang_zhuang_zhuang 2020-12-09 10:17:30 +08:00
parent 75fcea07f3
commit bc87085215
3 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-CVE-2020-8631-utils-use-SystemRandom-when-generating-random-passwo.patch Normal file
View File

@ -0,0 +1,31 @@
From 3e2f7356effc9e9cccc5ae945846279804eedc46 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Tue, 18 Feb 2020 17:03:24 +0000
Subject: [PATCH] utils: use SystemRandom when generating random
password. (#204)
As noticed by Seth Arnold, non-deterministic SystemRandom should be
used when creating security sensitive random strings.
---
cloudinit/util.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/cloudinit/util.py b/cloudinit/util.py
index d99e82f..c02b3d9 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -397,9 +397,10 @@ def translate_bool(val, addons=None):
def rand_str(strlen=32, select_from=None):
+ r = random.SystemRandom()
if not select_from:
select_from = string.ascii_letters + string.digits
- return "".join([random.choice(select_from) for _x in range(0, strlen)])
+ return "".join([r.choice(select_from) for _x in range(0, strlen)])
def rand_dict_key(dictionary, postfix=None):
--
1.8.3.1

29
backport-CVE-2020-8632-cc_set_password-increase-random-pwlength-from-9-to-2.patch Normal file
View File

@ -0,0 +1,29 @@
From 42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 Mon Sep 17 00:00:00 2001
From: Ryan Harper <ryan.harper@canonical.com>
Date: Fri, 24 Jan 2020 21:33:12 +0200
Subject: [PATCH] cc_set_password: increase random pwlength from 9 to
20 (#189)
Increasing the bits of security from 52 to 115.
LP: #1860795
---
cloudinit/config/cc_set_passwords.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index e3b39d8..4943d54 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args):
raise errors[-1]
-def rand_user_password(pwlen=9):
+def rand_user_password(pwlen=20):
return util.rand_str(pwlen, select_from=PW_SET)
--
1.8.3.1

10
cloud-init.spec
View File

@ -1,6 +1,6 @@
Name: cloud-init
Version: 19.4
Release: 1
Release: 2
Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
License: ASL 2.0 or GPLv3
URL: http://launchpad.net/cloud-init
@ -13,6 +13,8 @@ Patch2: cloud-init-19.4-no-override-default-network.patch
Patch3: bugfix-cloud-init-add-openEuler-os.patch
Patch4: bugfix-sort-requirements.patch
Patch5: add-variable-to-forbid-tmp-dir.patch
Patch6: backport-CVE-2020-8631-utils-use-SystemRandom-when-generating-random-passwo.patch
Patch7: backport-CVE-2020-8632-cc_set_password-increase-random-pwlength-from-9-to-2.patch
BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd
BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2
@ -119,6 +121,12 @@ fi
%exclude /usr/share/doc/*
%changelog
* Wed Dec 9 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 19.4-2
- Type:bugfix
- ID:CVE-2020-8631 CVE-2020-8632
- SUG:NA
- DESC:fix CVE-2020-8631 CVE-2020-8632
* Mon Aug 3 2020 chengquan <chengquan3@huawei.com> - 19.4-1
- Update software to v19.4