diff --git a/SPECS/ceph/CVE-2012-2677.patch b/SPECS/ceph/CVE-2012-2677.patch new file mode 100644 index 00000000000..12d11816da7 --- /dev/null +++ b/SPECS/ceph/CVE-2012-2677.patch @@ -0,0 +1,105 @@ +Edited filepath to reflect the file tree within ceph + +Link: https://620468.bugs.gentoo.org/attachment.cgi?id=475060&action=diff&format=raw&headers=1 +--- a/src/boost/boost/pool/pool.hpp ++++ a/src/boost/boost/pool/pool.hpp +@@ -26,6 +26,8 @@ + + #include + ++// std::numeric_limits ++#include + // boost::integer::static_lcm + #include + // boost::simple_segregated_storage +@@ -355,6 +357,15 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + return s; + } + ++ size_type max_chunks() const ++ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool. ++ size_type partition_size = alloc_size(); ++ size_type POD_size = integer::static_lcm::value + sizeof(size_type); ++ size_type max_chunks = (std::numeric_limits::max() - POD_size) / alloc_size(); ++ ++ return max_chunks; ++ } ++ + static void * & nextof(void * const ptr) + { //! \returns Pointer dereferenced. + //! (Provided and used for the sake of code readability :) +@@ -375,6 +386,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + //! the first time that object needs to allocate system memory. + //! The default is 32. This parameter may not be 0. + //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ set_next_size(nnext_size); ++ set_max_size(nmax_size); + } + + ~pool() +@@ -398,8 +411,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + } + void set_next_size(const size_type nnext_size) + { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. +- //! \returns nnext_size. +- next_size = start_size = nnext_size; ++ BOOST_USING_STD_MIN(); ++ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks()); + } + size_type get_max_size() const + { //! \returns max_size. +@@ -407,7 +420,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + } + void set_max_size(const size_type nmax_size) + { //! Set max_size. +- max_size = nmax_size; ++ BOOST_USING_STD_MIN(); ++ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks()); + } + size_type get_requested_size() const + { //! \returns the requested size passed into the constructor. +@@ -708,9 +722,9 @@ void * pool::malloc_need_resize() + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, + store().add_block(node.begin(), node.element_size(), partition_size); +@@ -748,9 +762,9 @@ void * pool::ordered_malloc_need_resize() + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, + // (we can use "add_block" here because we know that +@@ -792,6 +806,8 @@ void * pool::ordered_malloc(const size_type n) + { //! Gets address of a chunk n, allocating new memory if not already available. + //! \returns Address of chunk n if allocated ok. + //! \returns 0 if not enough memory for n chunks. ++ if (n > max_chunks()) ++ return 0; + + const size_type partition_size = alloc_size(); + const size_type total_req_size = n * requested_size; +@@ -840,9 +856,9 @@ void * pool::ordered_malloc(const size_type n) + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // insert it into the list, + // handle border case. diff --git a/SPECS/ceph/CVE-2020-10722.patch b/SPECS/ceph/CVE-2020-10722.patch new file mode 100644 index 00000000000..944aaa87f87 --- /dev/null +++ b/SPECS/ceph/CVE-2020-10722.patch @@ -0,0 +1,31 @@ +From 73e1e5635f27e444abd0bf3ce2144c7378e29401 Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Tue, 4 Feb 2025 15:04:56 -0800 +Subject: [PATCH] [Medium] Patch ceph to fix CVE-2020-10722 + +Link: https://git.dpdk.org/dpdk/patch/?id=3ae4beb079ce242240c34376a066bbccd0c0b23e +--- + src/seastar/dpdk/lib/librte_vhost/vhost_user.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c +index c9e29ece8..91fb802ba 100644 +--- a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c ++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c +@@ -1434,10 +1434,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg, + size = msg->payload.log.mmap_size; + off = msg->payload.log.mmap_offset; + +- /* Don't allow mmap_offset to point outside the mmap region */ +- if (off > size) { +++ /* Check for mmap size and offset overflow. */ +++ if (off >= -size) { + RTE_LOG(ERR, VHOST_CONFIG, +- "log offset %#"PRIx64" exceeds log size %#"PRIx64"\n", +++ "log offset %#"PRIx64" and log size %#"PRIx64" overflow\n", + off, size); + return RTE_VHOST_MSG_RESULT_ERR; + } +-- +2.34.1 + diff --git a/SPECS/ceph/CVE-2020-10723.patch b/SPECS/ceph/CVE-2020-10723.patch new file mode 100644 index 00000000000..d86405d62fe --- /dev/null +++ b/SPECS/ceph/CVE-2020-10723.patch @@ -0,0 +1,26 @@ +From 8558fe7d316167be9c0e1b25aabd4f96a5079250 Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Mon, 3 Feb 2025 16:23:59 -0800 +Subject: [PATCH] [Medium] Patch ceph for CVE-2020-10723 + +Link: https://git.dpdk.org/dpdk/patch/?id=c78d94189dced04def987a17f16097fcb197a186 +--- + src/seastar/dpdk/lib/librte_vhost/vhost_user.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c +index c9e29ece8..1f84fc212 100644 +--- a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c ++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c +@@ -1841,7 +1841,7 @@ static int + vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, + struct VhostUserMsg *msg) + { +- uint16_t vring_idx; ++ uint32_t vring_idx; + + switch (msg->request.master) { + case VHOST_USER_SET_VRING_KICK: +-- +2.34.1 + diff --git a/SPECS/ceph/CVE-2020-10724.patch b/SPECS/ceph/CVE-2020-10724.patch new file mode 100644 index 00000000000..3c1c16a3685 --- /dev/null +++ b/SPECS/ceph/CVE-2020-10724.patch @@ -0,0 +1,55 @@ +From 57c19156f1c7075d2b27f48d62cedc3992811c2b Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Wed, 5 Feb 2025 12:55:00 -0800 +Subject: [PATCH] [Medium] Patch ceph for CVE-2020-10724 + +Link: https://git.dpdk.org/dpdk/patch/?id=acd4c92fa693bbea695f2bb42bb93fb8567c3ca5 +--- + .../dpdk/lib/librte_vhost/vhost_crypto.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c +index 0edf12d52..9d569fcc5 100644 +--- a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c ++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c +@@ -246,6 +246,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform, + if (unlikely(ret < 0)) + return ret; + ++ if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) { ++ VC_LOG_DBG("Invalid cipher key length\n"); ++ return -VIRTIO_CRYPTO_BADMSG; ++ } ++ + xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; + xform->cipher.algo = (enum rte_crypto_cipher_algorithm)ret; + xform->cipher.key.length = param->cipher_key_len; +@@ -296,6 +301,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, + ret = cipher_algo_transform(param->cipher_algo); + if (unlikely(ret < 0)) + return ret; ++ ++ if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) { ++ VC_LOG_DBG("Invalid cipher key length\n"); ++ return -VIRTIO_CRYPTO_BADMSG; ++ } ++ + xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER; + xform_cipher->cipher.algo = (enum rte_crypto_cipher_algorithm)ret; + xform_cipher->cipher.key.length = param->cipher_key_len; +@@ -311,6 +322,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, + ret = auth_algo_transform(param->hash_algo); + if (unlikely(ret < 0)) + return ret; ++ ++ if (param->auth_key_len > VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH) { ++ VC_LOG_DBG("Invalid auth key length\n"); ++ return -VIRTIO_CRYPTO_BADMSG; ++ } ++ + xform_auth->auth.algo = (enum rte_crypto_auth_algorithm)ret; + xform_auth->auth.digest_length = param->digest_len; + xform_auth->auth.key.length = param->auth_key_len; +-- +2.34.1 + diff --git a/SPECS/ceph/CVE-2021-24032.patch b/SPECS/ceph/CVE-2021-24032.patch new file mode 100644 index 00000000000..c1537a02e34 --- /dev/null +++ b/SPECS/ceph/CVE-2021-24032.patch @@ -0,0 +1,82 @@ +From 9eb423834eec8a61773b2bd02b694d132459ade7 Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Wed, 5 Feb 2025 11:57:38 -0800 +Subject: [PATCH] [Medium] Patch ceph for CVE-2021-24032 + +Link: https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e.patch +--- + src/zstd/programs/fileio.c | 9 +++------ + src/zstd/programs/util.c | 9 +++++++++ + src/zstd/programs/util.h | 7 ++++++- + 3 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/src/zstd/programs/fileio.c b/src/zstd/programs/fileio.c +index d72879d64..f4529840a 100644 +--- a/src/zstd/programs/fileio.c ++++ b/src/zstd/programs/fileio.c +@@ -611,14 +611,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs, + FIO_remove(dstFileName); + } } + +- { FILE* const f = fopen( dstFileName, "wb" ); ++ { const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */ ++ FILE* const f = fopen( dstFileName, "wb" ); ++ UTIL_umask(old_umask); + if (f == NULL) { + DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno)); +- } else if (srcFileName != NULL +- && strcmp (srcFileName, stdinmark) +- && strcmp(dstFileName, nulmark) ) { +- /* reduce rights on newly created dst file while compression is ongoing */ +- UTIL_chmod(dstFileName, 00600); + } + return f; + } +diff --git a/src/zstd/programs/util.c b/src/zstd/programs/util.c +index ab1abd3b1..950697252 100644 +--- a/src/zstd/programs/util.c ++++ b/src/zstd/programs/util.c +@@ -137,6 +137,15 @@ int UTIL_chmod(char const* filename, mode_t permissions) + return chmod(filename, permissions); + } + ++int UTIL_umask(int mode) { ++#if PLATFORM_POSIX_VERSION > 0 ++ return umask(mode); ++#else ++ /* do nothing, fake return value */ ++ return mode; ++#endif ++} ++ + int UTIL_setFileStat(const char *filename, stat_t *statbuf) + { + int res = 0; +diff --git a/src/zstd/programs/util.h b/src/zstd/programs/util.h +index 8e187e4f2..8b1f80bb1 100644 +--- a/src/zstd/programs/util.h ++++ b/src/zstd/programs/util.h +@@ -22,7 +22,7 @@ extern "C" { + #include "platform.h" /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */ + #include /* size_t, ptrdiff_t */ + #include /* stat, utime */ +-#include /* stat, chmod */ ++#include /* stat, chmod, umask */ + #include "../lib/common/mem.h" /* U64 */ + + +@@ -119,6 +119,11 @@ U64 UTIL_getTotalFileSize(const char* const * fileNamesTable, unsigned nbFiles); + int UTIL_getFileStat(const char* infilename, stat_t* statbuf); + int UTIL_setFileStat(const char* filename, stat_t* statbuf); + int UTIL_chmod(char const* filename, mode_t permissions); /*< like chmod, but avoid changing permission of /dev/null */ ++/** ++ * Wraps umask(). Does nothing when the platform doesn't have that concept. ++ */ ++int UTIL_umask(int mode); ++ + int UTIL_compareStr(const void *p1, const void *p2); + const char* UTIL_getFileExtension(const char* infilename); + +-- +2.34.1 + diff --git a/SPECS/ceph/CVE-2021-3672.patch b/SPECS/ceph/CVE-2021-3672.patch new file mode 100644 index 00000000000..aa8b7676476 --- /dev/null +++ b/SPECS/ceph/CVE-2021-3672.patch @@ -0,0 +1,192 @@ +From 362f91d807d293791008cdb7616d40f7784ece83 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 11:27:45 -0400 +Subject: [PATCH 1/2] ares_expand_name() should escape more characters + +RFC1035 5.1 specifies some reserved characters and escaping sequences +that are allowed to be specified. Expand the list of reserved characters +and also escape non-printable characters using the \DDD format as +specified in the RFC. + +Bug Reported By: philipp.jeitner@sit.fraunhofer.de +Fix By: Brad House (@bradh352) +--- + src/c-ares/ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c +index 407200ef5b..f1c874a97c 100644 +--- a/src/c-ares/ares_expand_name.c ++++ b/src/c-ares/ares_expand_name.c +@@ -32,6 +32,26 @@ + static int name_length(const unsigned char *encoded, const unsigned char *abuf, + int alen); + ++/* Reserved characters for names that need to be escaped */ ++static int is_reservedch(int ch) ++{ ++ switch (ch) { ++ case '"': ++ case '.': ++ case ';': ++ case '\\': ++ case '(': ++ case ')': ++ case '@': ++ case '$': ++ return 1; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ + /* Expand an RFC1035-encoded domain name given by encoded. The + * containing message is given by abuf and alen. The result given by + * *s, which is set to a NUL-terminated allocated buffer. *enclen is +@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + p++; + while (len--) + { +- if (*p == '.' || *p == '\\') ++ if (!isprint(*p)) { ++ /* Output as \DDD for consistency with RFC1035 5.1 */ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } else if (is_reservedch(*p)) { + *q++ = '\\'; +- *q++ = *p; ++ *q++ = *p; ++ } else { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; +@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + encoded++; + while (offset--) + { +- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; ++ if (!isprint(*encoded)) { ++ n += 4; ++ } else if (is_reservedch(*encoded)) { ++ n += 2; ++ } else { ++ n += 1; ++ } + encoded++; + } + n++; + +From 44c009b8e62ea1929de68e3f438181bea469ec14 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 12:39:24 -0400 +Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root + name response + +Fixes issue introduced in prior commit with formatting and handling +of parsing a root name response which should not be escaped. + +Fix By: Brad House +--- + src/c-ares/ares_expand_name.c | 62 ++++++++++++++++++++++++-------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c +index f1c874a97c..eb9268c1ff 100644 +--- a/src/c-ares/ares_expand_name.c ++++ b/src/c-ares/ares_expand_name.c +@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + } + else + { +- len = *p; ++ int name_len = *p; ++ len = name_len; + p++; ++ + while (len--) + { +- if (!isprint(*p)) { +- /* Output as \DDD for consistency with RFC1035 5.1 */ +- *q++ = '\\'; +- *q++ = '0' + *p / 100; +- *q++ = '0' + (*p % 100) / 10; +- *q++ = '0' + (*p % 10); +- } else if (is_reservedch(*p)) { +- *q++ = '\\'; +- *q++ = *p; +- } else { +- *q++ = *p; +- } ++ /* Output as \DDD for consistency with RFC1035 5.1, except ++ * for the special case of a root name response */ ++ if (!isprint(*p) && !(name_len == 1 && *p == 0)) ++ { ++ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } ++ else if (is_reservedch(*p)) ++ { ++ *q++ = '\\'; ++ *q++ = *p; ++ } ++ else ++ { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; + } +- } ++ } ++ + if (!indir) + *enclen = aresx_uztosl(p + 1U - encoded); + +@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + } + else if (top == 0x00) + { +- offset = *encoded; ++ int name_len = *encoded; ++ offset = name_len; + if (encoded + offset + 1 >= abuf + alen) + return -1; + encoded++; ++ + while (offset--) + { +- if (!isprint(*encoded)) { +- n += 4; +- } else if (is_reservedch(*encoded)) { +- n += 2; +- } else { +- n += 1; +- } ++ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) ++ { ++ n += 4; ++ } ++ else if (is_reservedch(*encoded)) ++ { ++ n += 2; ++ } ++ else ++ { ++ n += 1; ++ } + encoded++; + } ++ + n++; + } + else diff --git a/SPECS/ceph/CVE-2024-25629.patch b/SPECS/ceph/CVE-2024-25629.patch new file mode 100644 index 00000000000..8d89491b67d --- /dev/null +++ b/SPECS/ceph/CVE-2024-25629.patch @@ -0,0 +1,32 @@ +From b830dccb0d42c3fcf65d208ce3b71eec98b980c1 Mon Sep 17 00:00:00 2001 +From: Kevin Lockwood +Date: Tue, 4 Feb 2025 15:42:51 -0800 +Subject: [PATCH] [Medium] Patch ceph for CVE-2024-25629 + +Link: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183.patch +--- + src/c-ares/ares__read_line.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/c-ares/ares__read_line.c b/src/c-ares/ares__read_line.c +index c62ad2a2b..d6625a381 100644 +--- a/src/c-ares/ares__read_line.c ++++ b/src/c-ares/ares__read_line.c +@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) + if (!fgets(*buf + offset, bytestoread, fp)) + return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; + len = offset + strlen(*buf + offset); ++ ++ /* Probably means there was an embedded NULL as the first character in ++ * the line, throw away line */ ++ if (len == 0) { ++ offset = 0; ++ continue; ++ } ++ + if ((*buf)[len - 1] == '\n') + { + (*buf)[len - 1] = 0; +-- +2.34.1 + diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec index 21eca3429e8..039280cf7fe 100644 --- a/SPECS/ceph/ceph.spec +++ b/SPECS/ceph/ceph.spec @@ -1,11 +1,11 @@ #disable debuginfo because ceph-debuginfo rpm is too large %define debug_package %{nil} -%define _unpackaged_files_terminate_build 0 +%define _unpackaged_files_terminate_build 0 Summary: User space components of the Ceph file system Name: ceph Version: 18.2.2 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0 URL: https://ceph.io/ Vendor: Microsoft Corporation @@ -18,6 +18,13 @@ Patch3: CVE-2014-5461.patch Patch4: CVE-2020-22217.patch Patch5: CVE-2015-9251.patch Patch6: CVE-2012-6708.patch +Patch7: CVE-2012-2677.patch +Patch8: CVE-2020-10723.patch +Patch9: CVE-2021-3672.patch +Patch10: CVE-2020-10722.patch +Patch11: CVE-2024-25629.patch +Patch12: CVE-2021-24032.patch +Patch13: CVE-2020-10724.patch # # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file # at the top-level directory of this distribution and at @@ -2005,16 +2012,23 @@ exit 0 %attr(0755,root,root) %dir %{_sysconfdir}/prometheus/ceph %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml - - %changelog +* Wed Feb 05 2025 Kevin Lockwood - 18.2.2-5 +- Fix for CVE-2012-2677 +- Fix for CVE-2020-10723 +- Fix for CVE-2021-3672 +- Fix for CVE-2020-10722 +- Fix for CVE-2024-25629 +- Fix for CVE-2021-24032 +- Fix for CVE-2020-10724 + * Tue Jan 28 2025 Kevin Lockwood - 18.2.2-4 - Fix for CVE-2014-5461 - Fix for CVE-2020-22217 - Fix for CVE-2015-9251 - Fix for CVE-2012-6708 -* Tue Jan 01 2025 Sandeep Karambelkar - 18.2.2-3 +* Wed Jan 01 2025 Sandeep Karambelkar - 18.2.2-3 - Based on the package build logs, opentelemetry-cpp submodule is not being built - Removing opentelemetry-cpp to address below CVEs as this submodule is not relevant - CVE-2022-24735