From: Dmitry Teselkin <dteselkin@mirantis.com>
Date: Mon, 28 Aug 2017 14:51:37 +0000 (+0300)
Subject: CVE-2016-7031
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F33%2F36333%2F1;p=packages%2Ftrusty%2Fceph.git

CVE-2016-7031

Change-Id: I5ff432f40a1437b4bd8f3c4337398c5d48893643
Related-Bug: 1710582
Related-Prod: PROD-14245
---

diff --git a/debian/changelog b/debian/changelog
index 86cff232..47d4c141 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ceph (0.94.9-1~u14.04+mos3) mos9.0; urgency=medium
+
+  * CVE-2016-7031
+    https://nvd.nist.gov/vuln/detail/CVE-2016-7031
+
+ -- Dmitry Teselkin <mos-linux@mirantis.com>  Mon, 28 Aug 2017 17:50:37 +0300
+
 ceph (0.94.9-1~u14.04+mos2) mos9.0; urgency=medium
 
   * debian/rules: Remove systemd from list of debian helpers
diff --git a/debian/patches/mirantis/CVE-2016-7031.patch b/debian/patches/mirantis/CVE-2016-7031.patch
new file mode 100644
index 00000000..35d24bcd
--- /dev/null
+++ b/debian/patches/mirantis/CVE-2016-7031.patch
@@ -0,0 +1,52 @@
+From 99ba6610a8f437604cadf68cbe9969def893e870 Mon Sep 17 00:00:00 2001
+From: root <rahul.1aggarwal@gmail.com>
+Date: Thu, 24 Sep 2015 00:21:13 +0530
+Subject: [PATCH] 13207: Rados Gateway: Anonymous user is able to read bucket
+ with authenticated read ACL
+
+Signed-off-by: root <rahul.1aggarwal@gmail.com>
+---
+ src/rgw/rgw_acl_s3.cc | 2 +-
+ src/rgw/rgw_op.cc     | 9 ++++++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc
+index f0ed08118dfa..490bf98221aa 100644
+--- a/src/rgw/rgw_acl_s3.cc
++++ b/src/rgw/rgw_acl_s3.cc
+@@ -568,7 +568,7 @@ bool RGWAccessControlPolicy_S3::compare_group_name(string& id, ACLGroupTypeEnum
+ {
+   switch (group) {
+   case ACL_GROUP_ALL_USERS:
+-    return (id.compare(rgw_uri_all_users) == 0);
++    return (id.compare(RGW_USER_ANON_ID) == 0);
+   case ACL_GROUP_AUTHENTICATED_USERS:
+     return (id.compare(rgw_uri_auth_users) == 0);
+   default:
+diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
+index ff84aba0b064..91f5229c6cbe 100644
+--- a/src/rgw/rgw_op.cc
++++ b/src/rgw/rgw_op.cc
+@@ -17,6 +17,7 @@
+ #include "rgw_rest.h"
+ #include "rgw_acl.h"
+ #include "rgw_acl_s3.h"
++#include "rgw_acl_swift.h"
+ #include "rgw_user.h"
+ #include "rgw_bucket.h"
+ #include "rgw_log.h"
+@@ -356,7 +357,13 @@ static int rgw_build_policies(RGWRados *store, struct req_state *s, bool only_bu
+     }
+   }
+ 
+-  s->bucket_acl = new RGWAccessControlPolicy(s->cct);
++  if(s->dialect.compare("s3") == 0) {
++    s->bucket_acl = new RGWAccessControlPolicy_S3(s->cct);
++  } else if(s->dialect.compare("swift")  == 0) {
++    s->bucket_acl = new RGWAccessControlPolicy_SWIFT(s->cct);
++  } else {
++    s->bucket_acl = new RGWAccessControlPolicy(s->cct);
++  }
+ 
+   if (s->copy_source) { /* check if copy source is within the current domain */
+     const char *src = s->copy_source;
diff --git a/debian/patches/series b/debian/patches/series
index 27b43707..a80a4f76 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,3 +23,5 @@ vivid-does-systemd.patch
 ceph-disk-fix-symlinks-handling.patch
 ObjectCacher-fix-bh_read_finish-offset-logic.patch
 Remove-HITSET_GMT-related-code-so-0.94.-6-9-OSDs-mon.patch
+
+mirantis/CVE-2016-7031.patch