Patch booth to address CVE-2022-2553 (#6107)

2023-09-19 07:40:23 -07:00 · 2023-09-19 07:40:23 -07:00 · cd6949a8d0
parent 7ec9054c34
commit cd6949a8d0
2 changed files with 32 additions and 1 deletions
--- a/SPECS-EXTENDED/booth/CVE-2022-2553.patch
+++ b/SPECS-EXTENDED/booth/CVE-2022-2553.patch
@ -0,0 +1,27 @@
+From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 4 Jul 2022 09:39:47 +0200
+Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
+
+This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
+
+authfile != authkey
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/main.c b/src/main.c
+index b50a883..b4a174f 100644
+--- a/src/main.c
+++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (is_auth_req()) {
+	if (booth_conf->authfile[0] != '\0') {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
--- a/SPECS-EXTENDED/booth/booth.spec
+++ b/SPECS-EXTENDED/booth/booth.spec
@ -32,12 +32,13 @@
 Summary:        Ticket Manager for Multi-site Clusters
 Name:           booth
 Version:        1.0
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://github.com/ClusterLabs/%{name}
 Source0:        https://github.com/ClusterLabs/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:    CVE-2022-2553.patch
 # direct build process dependencies
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -237,6 +238,9 @@ VERBOSE=1 make check
 %{_libdir}/ocf/resource.d/booth/sharedrsc

 %changelog
+* Wed Aug 30 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.0-8
+- Add patch for CVE-2022-2553
+
 * Wed Mar 08 2023 Sumedh Sharma <sumsharma@microsoft.com> - 1.0-7
 - license verified