!109 backport fix cve-2022-34038 for openEuler-20.03-LTS-SP4

From: @running-tortoise Reviewed-by: @yangzhao_kl Signed-off-by: @yangzhao_kl
2025-02-17 06:19:06 +00:00 · 2025-02-17 06:19:06 +00:00 · 7598b43eb1
commit 7598b43eb1
parent 42cdcec95a 1f43bba19a
2 changed files with 51 additions and 1 deletions
--- a/0006-backport-fix-CVE-2022-34038.patch
+++ b/0006-backport-fix-CVE-2022-34038.patch
@ -0,0 +1,42 @@
+From 3d941cd2d0897d204a2f36fe70eb6011892461d9 Mon Sep 17 00:00:00 2001
+From: lvxiangcong <lvxiangcong@kylinos.cn>
+Date: Mon, 17 Feb 2025 10:19:48 +0800
+Subject: [PATCH] backport-fix-cve-2022-34038
+
+---
+ pkg/ioutil/pagewriter.go | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/pkg/ioutil/pagewriter.go b/pkg/ioutil/pagewriter.go
+index cf9a8dc..10d921d 100644
+--- a/pkg/ioutil/pagewriter.go
+++ b/pkg/ioutil/pagewriter.go
+@@ -16,6 +16,7 @@ package ioutil
+ 
+ import (
+ 	"io"
+	"fmt"
+ )
+ 
+ var defaultBufferBytes = 128 * 1024
+@@ -38,9 +39,17 @@ type PageWriter struct {
+ 	bufWatermarkBytes int
+ }
+ 
+// Assert will panic with a given formatted message if the given condition is false.
+func Assert(condition bool, msg string, v int) {
+       if !condition {
+               panic(fmt.Sprintf("assertion failed:" +msg, v))
+       }
+}
+
+ // NewPageWriter creates a new PageWriter. pageBytes is the number of bytes
+ // to write per page. pageOffset is the starting offset of io.Writer.
+ func NewPageWriter(w io.Writer, pageBytes, pageOffset int) *PageWriter {
+	Assert(pageBytes > 0, "pageBytes %d is an invalid value, it must be greater than 0", pageBytes)
+ 	return &PageWriter{
+ 		w:                 w,
+ 		pageOffset:        pageOffset,
+-- 
+2.46.0
+
--- a/etcd.spec
+++ b/etcd.spec
@ -31,7 +31,7 @@ system.}
 %global gosupfiles      integration/fixtures/* etcdserver/api/v2http/testdata/*

 Name:           etcd
-Release:        7
+Release:        8
 Summary:        Distributed reliable key-value store for the most critical data of a distributed system

 # Upstream license specification: Apache-2.0
@ -49,6 +49,7 @@ Patch2:		0002-Etcd-on-unsupported-platform-without-ETCD_UNSUPPORTED_ARCH=arm64-s
 Patch3:         0003-backport-Suppress-noisy-basic-auth-token-deletion-log.patch
 Patch4:         0004-backport-fix-CVE-2022-3064.patch
 Patch5:         0005-backport-fix-CVE-2022-41723.patch
+Patch6:         0006-backport-fix-CVE-2022-34038.patch


 BuildRequires:  golang
@ -70,6 +71,7 @@ Requires(pre):  shadow-utils
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 # For compatibility
 cp -aR etcdserver/api/snap snap
 cp -aR etcdserver/api/membership etcdserver/membership
@ -155,6 +157,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/
 %endif

 %changelog
+* Mon Feb 17 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-8
+- Type:CVE
+- CVE:CVE-2022-34038
+- SUG:NA
+- DESC: backport fix CVE-2022-34038
+
 * Fri Feb 14 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-7
 - Type:CVE
 - CVE:CVE-2022-41723