diff --git a/CVE-2024-38479.patch b/CVE-2024-38479.patch new file mode 100644 index 0000000000000000000000000000000000000000..0786d778dd56ff9fe29668680589839571d907dd --- /dev/null +++ b/CVE-2024-38479.patch @@ -0,0 +1,129 @@ +From b8861231702ac5df7d5de401e82440c1cf20b633 Mon Sep 17 00:00:00 2001 +From: Bryan Call +Date: Tue, 12 Nov 2024 09:51:49 -0800 +Subject: [PATCH] Add matrix params to the cachekey in the cachekey plugin + (#11856) + +Origin: https://github.com/apache/trafficserver/commit/b8861231702ac5df7d5de401e82440c1cf20b633 + +--- + plugins/cachekey/cachekey.cc | 21 +++++++++++++++++++++ + plugins/cachekey/cachekey.h | 1 + + plugins/cachekey/configs.cc | 14 ++++++++++++++ + plugins/cachekey/configs.h | 11 +++++++++++ + plugins/cachekey/plugin.cc | 4 ++++ + 5 files changed, 51 insertions(+) + +diff --git a/plugins/cachekey/cachekey.cc b/plugins/cachekey/cachekey.cc +index babc78cc999..38286e7eb28 100644 +--- a/plugins/cachekey/cachekey.cc ++++ b/plugins/cachekey/cachekey.cc +@@ -673,6 +673,27 @@ CacheKey::appendQuery(const ConfigQuery &config) + } + } + ++void ++CacheKey::appendMatrix(const ConfigMatrix &config) ++{ ++ if (config.toBeRemoved()) { ++ return; ++ } ++ ++ const char *matrix; ++ int length; ++ ++ matrix = TSUrlHttpParamsGet(_buf, _url, &length); ++ if (matrix == nullptr || length == 0) { ++ return; ++ } ++ ++ if (matrix && length) { ++ _key.append(";"); ++ _key.append(matrix, length); ++ } ++} ++ + /** + * @brief Append User-Agent header captures specified in the Pattern configuration object. + * +diff --git a/plugins/cachekey/cachekey.h b/plugins/cachekey/cachekey.h +index 0b47e85984d..dc208f93bb4 100644 +--- a/plugins/cachekey/cachekey.h ++++ b/plugins/cachekey/cachekey.h +@@ -63,6 +63,7 @@ class CacheKey + void appendPath(Pattern &pathCapture, Pattern &pathCaptureUri); + void appendHeaders(const ConfigHeaders &config); + void appendQuery(const ConfigQuery &config); ++ void appendMatrix(const ConfigMatrix &config); + void appendCookies(const ConfigCookies &config); + void appendUaCaptures(Pattern &config); + bool appendUaClass(Classifier &classifier); +diff --git a/plugins/cachekey/configs.cc b/plugins/cachekey/configs.cc +index b2bc42d5e70..d6ef13aea68 100644 +--- a/plugins/cachekey/configs.cc ++++ b/plugins/cachekey/configs.cc +@@ -208,6 +208,20 @@ ConfigQuery::name() const + return _NAME; + } + ++bool ++ConfigMatrix::finalize() ++{ ++ _remove = noIncludeExcludeRules(); ++ return true; ++} ++ ++const String ConfigMatrix::_NAME = "matrix parameter"; ++inline const String & ++ConfigMatrix::name() const ++{ ++ return _NAME; ++} ++ + /** + * @briefs finalizes the headers related configuration. + * +diff --git a/plugins/cachekey/configs.h b/plugins/cachekey/configs.h +index e98b69afd48..f5d24bdbe3c 100644 +--- a/plugins/cachekey/configs.h ++++ b/plugins/cachekey/configs.h +@@ -112,6 +112,16 @@ class ConfigQuery : public ConfigElements + static const String _NAME; + }; + ++class ConfigMatrix : public ConfigElements ++{ ++public: ++ bool finalize() override; ++ ++private: ++ const String &name() const override; ++ static const String _NAME; ++}; ++ + /** + * @brief Headers configuration class. + */ +@@ -210,6 +220,7 @@ class Configs + /* Make the following members public to avoid unnecessary accessors */ + ConfigQuery _query; /**< @brief query parameter related configuration */ + ConfigHeaders _headers; /**< @brief headers related configuration */ ++ ConfigMatrix _matrix; /**< @brief matrix parameter related configuration */ + ConfigCookies _cookies; /**< @brief cookies related configuration */ + Pattern _uaCapture; /**< @brief the capture groups and the replacement string used for the User-Agent header capture */ + String _prefix; /**< @brief cache key prefix string */ +diff --git a/plugins/cachekey/plugin.cc b/plugins/cachekey/plugin.cc +index d92c079271a..b863b94a0d5 100644 +--- a/plugins/cachekey/plugin.cc ++++ b/plugins/cachekey/plugin.cc +@@ -64,6 +64,10 @@ setCacheKey(TSHttpTxn txn, Configs *config, TSRemapRequestInfo *rri = nullptr) + if (!config->pathToBeRemoved()) { + cachekey.appendPath(config->_pathCapture, config->_pathCaptureUri); + } ++ ++ /* Append the matrix parameters to the cache key. */ ++ cachekey.appendMatrix(config->_matrix); ++ + /* Append query parameters to the cache key. */ + cachekey.appendQuery(config->_query); + diff --git a/CVE-2024-50305.patch b/CVE-2024-50305.patch new file mode 100644 index 0000000000000000000000000000000000000000..fb54716988ae76193e5eb23b18289e944e4ee464 --- /dev/null +++ b/CVE-2024-50305.patch @@ -0,0 +1,72 @@ +From 5e39658f7c0bc91613468c9513ba22ede1739d7e Mon Sep 17 00:00:00 2001 +From: "Alan M. Carroll" +Date: Tue, 2 Nov 2021 11:47:09 -0500 +Subject: [PATCH] Tweak MimeHdr::get_host_port_values to not run over the end + of the TextView. (#8468) + +Origin: https://github.com/apache/trafficserver/commit/5e39658f7c0bc91613468c9513ba22ede1739d7e + +Fix for #8461 + +(cherry picked from commit 055ca11c2842a64bf7df8d547515670e1a04afc1) +--- + proxy/hdrs/MIME.cc | 11 +++-------- + src/tscpp/util/unit_tests/test_TextView.cc | 11 +++-------- + 2 files changed, 6 insertions(+), 16 deletions(-) + +diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc +index 45c16c386dd..0a55dd06b4d 100644 +--- a/proxy/hdrs/MIME.cc ++++ b/proxy/hdrs/MIME.cc +@@ -2284,20 +2284,15 @@ MIMEHdr::get_host_port_values(const char **host_ptr, ///< Pointer to host. + if (b) { + if ('[' == *b) { + auto idx = b.find(']'); +- if (idx <= b.size() && b[idx + 1] == ':') { ++ if (idx < b.size() - 1 && b[idx + 1] == ':') { + host = b.take_prefix_at(idx + 1); + port = b; + } else { + host = b; + } + } else { +- auto x = b.split_prefix_at(':'); +- if (x) { +- host = x; +- port = b; +- } else { +- host = b; +- } ++ host = b.take_prefix_at(':'); ++ port = b; + } + + if (host) { +diff --git a/src/tscpp/util/unit_tests/test_TextView.cc b/src/tscpp/util/unit_tests/test_TextView.cc +index 8f71e0aa39d..7f365369082 100644 +--- a/src/tscpp/util/unit_tests/test_TextView.cc ++++ b/src/tscpp/util/unit_tests/test_TextView.cc +@@ -275,20 +275,15 @@ TEST_CASE("TextView Affixes", "[libts][TextView]") + auto f_host = [](TextView b, TextView &host, TextView &port) -> void { + if ('[' == *b) { + auto idx = b.find(']'); +- if (idx <= b.size() && b[idx + 1] == ':') { ++ if (idx < b.size() - 1 && b[idx + 1] == ':') { + host = b.take_prefix_at(idx + 1); + port = b; + } else { + host = b; + } + } else { +- auto x = b.split_prefix_at(':'); +- if (x) { +- host = x; +- port = b; +- } else { +- host = b; +- } ++ host = b.take_prefix_at(':'); ++ port = b; + } + }; + diff --git a/CVE-2024-50306.patch b/CVE-2024-50306.patch new file mode 100644 index 0000000000000000000000000000000000000000..a97a93347d10947ae3412058ff1ff9e40d3dd4d4 --- /dev/null +++ b/CVE-2024-50306.patch @@ -0,0 +1,37 @@ +From 27f504883547502b1f5e4e389edd7f26e3ab246f Mon Sep 17 00:00:00 2001 +From: Masakazu Kitajo +Date: Tue, 12 Nov 2024 11:13:59 -0700 +Subject: [PATCH] Fix unchecked return value of initgroups() (#11855) + +Origin: https://github.com/apache/trafficserver/commit/27f504883547502b1f5e4e389edd7f26e3ab246f + +* Fix unchecked return value of initgroups() + +Signed-off-by: Jeffrey Bencteux + +* clang-format + +--------- + +Signed-off-by: Jeffrey Bencteux +Co-authored-by: Jeffrey Bencteux +(cherry picked from commit ae638096e259121d92d46a9f57026a5ff5bc328b) +--- + src/tscore/ink_cap.cc | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc +index b4f0ecace5d..8a95d4b1329 100644 +--- a/src/tscore/ink_cap.cc ++++ b/src/tscore/ink_cap.cc +@@ -160,7 +160,9 @@ impersonate(const struct passwd *pwd, ImpersonationLevel level) + #endif + + // Always repopulate the supplementary group list for the new user. +- initgroups(pwd->pw_name, pwd->pw_gid); ++ if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) { ++ Fatal("switching to user %s, failed to initialize supplementary groups ID %ld", pwd->pw_name, (long)pwd->pw_gid); ++ } + + switch (level) { + case IMPERSONATE_PERMANENT: diff --git a/trafficserver.spec b/trafficserver.spec index 0a234a01f783a34dc499cba27e86b5ab5af21d10..38ab6dc0dedff12fa7ab0ef0da214fab127a755b 100644 --- a/trafficserver.spec +++ b/trafficserver.spec @@ -1,7 +1,8 @@ %define _hardened_build 1 +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} Name: trafficserver Version: 9.2.5 -Release: 1 +Release: 2 Summary: Apache Traffic Server, a reverse, forward and transparent HTTP proxy cache License: Apache-2.0 URL: https://trafficserver.apache.org/ @@ -13,6 +14,9 @@ Patch0003: config-layout-openEuler.patch Patch0004: Modify-storage.config-for-traffic_cache_tool.patch Patch0005: add-riscv-support.patch Patch0006: add-loong64-support.patch +Patch0007: CVE-2024-38479.patch +Patch0008: CVE-2024-50305.patch +Patch0009: CVE-2024-50306.patch BuildRequires: expat-devel hwloc-devel openssl-devel pcre-devel zlib-devel xz-devel BuildRequires: libcurl-devel ncurses-devel gcc gcc-c++ perl-ExtUtils-MakeMaker BuildRequires: libcap-devel cmake libunwind-devel automake chrpath @@ -41,7 +45,7 @@ This package contains some Perl APIs for talking to the ATS management port. %build autoreconf ./configure \ - --enable-layout=openEuler \ + --enable-layout=%{vendor} \ --libdir=%{_libdir}/trafficserver \ --libexecdir=%{_libdir}/trafficserver/plugins \ --enable-experimental-plugins \ @@ -133,6 +137,10 @@ getent passwd ats >/dev/null || useradd -r -u 176 -g ats -d / -s /sbin/nologin - %{_datadir}/pkgconfig/trafficserver.pc %changelog +* Fri Nov 15 2024 wangkai <13474090681@163.com> - 9.2.5-2 +- Fix CVE-2024-38479, CVE-2024-50306, CVE-2024-50305 +- Replace openEuler with vendor + * Mon Jul 29 2024 wangkai <13474090681@163.com> - 9.2.5-1 - Update to 9.2.5 for fix CVE-2023-38522, CVE-2024-35161, CVE-2024-35296