From 7c8e057defc9d41e0056937c600501178b81a5b32be5f324117d819caa50d94f Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Tue, 10 Apr 2018 02:57:50 +0000 Subject: [PATCH 1/3] Accepting request 595018 from home:BinLiu:branches:network:ha-clustering:Factory - UNKNOWN version in corosync pkg-config(bsc#1088619) Added: 0017-bsc#1088619-add-version.patch OBS-URL: https://build.opensuse.org/request/show/595018 OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=139 --- 0017-bsc#1088619-add-version.patch | 4 ++++ corosync.changes | 6 ++++++ corosync.spec | 2 ++ 3 files changed, 12 insertions(+) create mode 100644 0017-bsc#1088619-add-version.patch diff --git a/0017-bsc#1088619-add-version.patch b/0017-bsc#1088619-add-version.patch new file mode 100644 index 0000000..8d6543f --- /dev/null +++ b/0017-bsc#1088619-add-version.patch @@ -0,0 +1,4 @@ +--- /dev/null 2018-04-10 08:30:37.121221591 +0800 ++++ corosync-2.4.3/.tarball-version 2018-04-10 18:30:37.907779088 +0800 +@@ -0,0 +1 @@ ++2.4.3 diff --git a/corosync.changes b/corosync.changes index 466e018..9105261 100644 --- a/corosync.changes +++ b/corosync.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Apr 10 02:46:08 UTC 2018 - bliu@suse.com + +- UNKNOWN version in corosync pkg-config(bsc#1088619) + Added: 0017-bsc#1088619-add-version.patch + ------------------------------------------------------------------- Thu Mar 8 06:19:09 UTC 2018 - bliu@suse.com diff --git a/corosync.spec b/corosync.spec index fb1ce6a..e1dfe97 100644 --- a/corosync.spec +++ b/corosync.spec @@ -78,6 +78,7 @@ Patch20: 0013-logging-Make-blackbox-configurable.patch Patch21: 0014-logging-Close-before-and-open-blackbox-after-fork.patch Patch22: 0015-coverity-fixes.patch Patch23: 0016-bsc#1083561-upgrade-from-1-x-y.patch +Patch24: 0017-bsc#1088619-add-version.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # openais is indeed gone and should be uninstalled. Yes, we do not @@ -166,6 +167,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 %build %if %{with runautogen} From 948754c2b09c801a27cade1609f90161434368ab1f5414d1a27e4b24edf1d24a Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Fri, 13 Apr 2018 05:15:44 +0000 Subject: [PATCH 2/3] Accepting request 596060 from home:BinLiu:branches:network:ha-clustering:Factory OBS-URL: https://build.opensuse.org/request/show/596060 OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=140 --- ...sync-Integer-overflow-in-totemcrypto.patch | 26 +++++++++++++++++++ corosync.spec | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch diff --git a/0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch b/0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch new file mode 100644 index 0000000..062725e --- /dev/null +++ b/0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch @@ -0,0 +1,26 @@ +--- corosync-2.4.3.orig/exec/totemcrypto.c 2017-10-20 20:40:19.000000000 +0800 ++++ corosync-2.4.3/exec/totemcrypto.c 2018-04-13 13:01:02.864922963 +0800 +@@ -736,6 +736,11 @@ + unsigned char tmp_hash[hash_len[instance->crypto_hash_type]]; + int datalen = *buf_len - hash_len[instance->crypto_hash_type]; + ++ if (*buf_len <= hash_len[instance->crypto_hash_type]) { ++ log_printf(instance->log_level_security, "Received message is too short... ignoring"); ++ return -1; ++ } ++ + if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) { + return -1; + } +@@ -845,6 +850,11 @@ + { + struct crypto_config_header *cch = (struct crypto_config_header *)buf; + ++ if (*buf_len <= sizeof(struct crypto_config_header)) { ++ log_printf(instance->log_level_security, "Received message is too short... ignoring"); ++ return (-1); ++ } ++ + if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) { + log_printf(instance->log_level_security, + "Incoming packet has different crypto type. Rejecting"); diff --git a/corosync.spec b/corosync.spec index e1dfe97..49f0fb2 100644 --- a/corosync.spec +++ b/corosync.spec @@ -79,6 +79,7 @@ Patch21: 0014-logging-Close-before-and-open-blackbox-after-fork.patch Patch22: 0015-coverity-fixes.patch Patch23: 0016-bsc#1083561-upgrade-from-1-x-y.patch Patch24: 0017-bsc#1088619-add-version.patch +Patch25: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # openais is indeed gone and should be uninstalled. Yes, we do not @@ -168,6 +169,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 %build %if %{with runautogen} From 1687aa60d70b67cf07969f77bcbd8308ef164f52ef88a539f0fd01652f7fed60 Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Fri, 13 Apr 2018 05:19:40 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=141 --- corosync.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/corosync.changes b/corosync.changes index 9105261..0c7cbf4 100644 --- a/corosync.changes +++ b/corosync.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 13 05:17:10 UTC 2018 - bliu@suse.com + +- (CVE-2018-1084) VUL-0: CVE-2018-1084: corosync: Integer overflow in totemcrypto(bsc#1089346) + Added: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch + ------------------------------------------------------------------- Tue Apr 10 02:46:08 UTC 2018 - bliu@suse.com