packages/etcd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport fix cve-2022-34038 for openEuler-20.03-LTS-SP4

Browse Source
This commit is contained in:
lvxiangcong 2025-02-17 10:26:40 +08:00
parent 3353bea897
commit 1f43bba19a
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
0006-backport-fix-CVE-2022-34038.patch Normal file
View File

@ -0,0 +1,42 @@
From 3d941cd2d0897d204a2f36fe70eb6011892461d9 Mon Sep 17 00:00:00 2001
From: lvxiangcong <lvxiangcong@kylinos.cn>
Date: Mon, 17 Feb 2025 10:19:48 +0800
Subject: [PATCH] backport-fix-cve-2022-34038
---
pkg/ioutil/pagewriter.go | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/pkg/ioutil/pagewriter.go b/pkg/ioutil/pagewriter.go
index cf9a8dc..10d921d 100644
--- a/pkg/ioutil/pagewriter.go
+++ b/pkg/ioutil/pagewriter.go
@@ -16,6 +16,7 @@ package ioutil
import (
"io"
+ "fmt"
)
var defaultBufferBytes = 128 * 1024
@@ -38,9 +39,17 @@ type PageWriter struct {
bufWatermarkBytes int
}
+// Assert will panic with a given formatted message if the given condition is false.
+func Assert(condition bool, msg string, v int) {
+ if !condition {
+ panic(fmt.Sprintf("assertion failed:" +msg, v))
+ }
+}
+
// NewPageWriter creates a new PageWriter. pageBytes is the number of bytes
// to write per page. pageOffset is the starting offset of io.Writer.
func NewPageWriter(w io.Writer, pageBytes, pageOffset int) *PageWriter {
+ Assert(pageBytes > 0, "pageBytes %d is an invalid value, it must be greater than 0", pageBytes)
return &PageWriter{
w: w,
pageOffset: pageOffset,
--
2.46.0

10
etcd.spec
View File

@ -31,7 +31,7 @@ system.}
%global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/* %global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/*
Name: etcd Name: etcd
Release: 7 Release: 8
Summary: Distributed reliable key-value store for the most critical data of a distributed system Summary: Distributed reliable key-value store for the most critical data of a distributed system
# Upstream license specification: Apache-2.0 # Upstream license specification: Apache-2.0
@ -49,6 +49,7 @@ Patch2: 0002-Etcd-on-unsupported-platform-without-ETCD_UNSUPPORTED_ARCH=arm64-s
Patch3: 0003-backport-Suppress-noisy-basic-auth-token-deletion-log.patch Patch3: 0003-backport-Suppress-noisy-basic-auth-token-deletion-log.patch
Patch4: 0004-backport-fix-CVE-2022-3064.patch Patch4: 0004-backport-fix-CVE-2022-3064.patch
Patch5: 0005-backport-fix-CVE-2022-41723.patch Patch5: 0005-backport-fix-CVE-2022-41723.patch
Patch6: 0006-backport-fix-CVE-2022-34038.patch
BuildRequires: golang BuildRequires: golang
@ -70,6 +71,7 @@ Requires(pre): shadow-utils
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
# For compatibility # For compatibility
cp -aR etcdserver/api/snap snap cp -aR etcdserver/api/snap snap
cp -aR etcdserver/api/membership etcdserver/membership cp -aR etcdserver/api/membership etcdserver/membership
@ -155,6 +157,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/
%endif %endif
%changelog %changelog
* Mon Feb 17 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-8
- Type:CVE
- CVE:CVE-2022-34038
- SUG:NA
- DESC: backport fix CVE-2022-34038
* Fri Feb 14 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-7 * Fri Feb 14 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-7
- Type:CVE - Type:CVE
- CVE:CVE-2022-41723 - CVE:CVE-2022-41723