From 1f43bba19aedc1e458210783b2aa4a8e20525f7f Mon Sep 17 00:00:00 2001 From: lvxiangcong Date: Mon, 17 Feb 2025 10:26:40 +0800 Subject: [PATCH] backport fix cve-2022-34038 for openEuler-20.03-LTS-SP4 --- 0006-backport-fix-CVE-2022-34038.patch | 42 ++++++++++++++++++++++++++ etcd.spec | 10 +++++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 0006-backport-fix-CVE-2022-34038.patch diff --git a/0006-backport-fix-CVE-2022-34038.patch b/0006-backport-fix-CVE-2022-34038.patch new file mode 100644 index 0000000..07915a0 --- /dev/null +++ b/0006-backport-fix-CVE-2022-34038.patch @@ -0,0 +1,42 @@ +From 3d941cd2d0897d204a2f36fe70eb6011892461d9 Mon Sep 17 00:00:00 2001 +From: lvxiangcong +Date: Mon, 17 Feb 2025 10:19:48 +0800 +Subject: [PATCH] backport-fix-cve-2022-34038 + +--- + pkg/ioutil/pagewriter.go | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/pkg/ioutil/pagewriter.go b/pkg/ioutil/pagewriter.go +index cf9a8dc..10d921d 100644 +--- a/pkg/ioutil/pagewriter.go ++++ b/pkg/ioutil/pagewriter.go +@@ -16,6 +16,7 @@ package ioutil + + import ( + "io" ++ "fmt" + ) + + var defaultBufferBytes = 128 * 1024 +@@ -38,9 +39,17 @@ type PageWriter struct { + bufWatermarkBytes int + } + ++// Assert will panic with a given formatted message if the given condition is false. ++func Assert(condition bool, msg string, v int) { ++ if !condition { ++ panic(fmt.Sprintf("assertion failed:" +msg, v)) ++ } ++} ++ + // NewPageWriter creates a new PageWriter. pageBytes is the number of bytes + // to write per page. pageOffset is the starting offset of io.Writer. + func NewPageWriter(w io.Writer, pageBytes, pageOffset int) *PageWriter { ++ Assert(pageBytes > 0, "pageBytes %d is an invalid value, it must be greater than 0", pageBytes) + return &PageWriter{ + w: w, + pageOffset: pageOffset, +-- +2.46.0 + diff --git a/etcd.spec b/etcd.spec index a792da7..f4f8207 100644 --- a/etcd.spec +++ b/etcd.spec @@ -31,7 +31,7 @@ system.} %global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/* Name: etcd -Release: 7 +Release: 8 Summary: Distributed reliable key-value store for the most critical data of a distributed system # Upstream license specification: Apache-2.0 @@ -49,6 +49,7 @@ Patch2: 0002-Etcd-on-unsupported-platform-without-ETCD_UNSUPPORTED_ARCH=arm64-s Patch3: 0003-backport-Suppress-noisy-basic-auth-token-deletion-log.patch Patch4: 0004-backport-fix-CVE-2022-3064.patch Patch5: 0005-backport-fix-CVE-2022-41723.patch +Patch6: 0006-backport-fix-CVE-2022-34038.patch BuildRequires: golang @@ -70,6 +71,7 @@ Requires(pre): shadow-utils %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # For compatibility cp -aR etcdserver/api/snap snap cp -aR etcdserver/api/membership etcdserver/membership @@ -155,6 +157,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/ %endif %changelog +* Mon Feb 17 2025 lvxiangcong - 3.4.14-8 +- Type:CVE +- CVE:CVE-2022-34038 +- SUG:NA +- DESC: backport fix CVE-2022-34038 + * Fri Feb 14 2025 lvxiangcong - 3.4.14-7 - Type:CVE - CVE:CVE-2022-41723 -- Gitee