8000 Merge branch 'fasttrack/2.0' into ndubchak/CVE-2024-9287 · microsoft/azurelinux@163d56a · GitHub
[go: up one dir, main page]
Skip to content

Commit 163d56a

Browse files
ndubchakndubchak
authored
Merge branch 'fasttrack/2.0' into ndubchak/CVE-2024-9287 
2 parents 9d7e8e0 + a0d1849 commit 163d56a

21 files changed

+1253
-30
lines changed

SPECS/curl/CVE-2024-9681.patch

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
diff --git a/lib/hsts.c b/lib/hsts.c
2+
index a5e7676..69841a2 100644
3+
--- a/lib/hsts.c
4+
+++ b/lib/hsts.c
5+
@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
6+
struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
7+
bool subdomain)
8+
{
9+
+ struct stsentry *bestsub = NULL;
10+
if(h) {
11+
char buffer[MAX_HSTS_HOSTLEN + 1];
12+
time_t now = time(NULL);
13+
size_t hlen = strlen(hostname);
14+
struct Curl_llist_element *e;
15+
struct Curl_llist_element *n;
16+
+ size_t blen = 0;
17+
18+
if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
19+
return NULL;
20+
@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
21+
if(ntail < hlen) {
22+
size_t offs = hlen - ntail;
23+
if((hostname[offs-1] == '.') &&
24+
- strncasecompare(&hostname[offs], sts->host, ntail))
25+
- return sts;
26+
+ strncasecompare(&hostname[offs], sts->host, ntail) &&
27+
+ (ntail > blen)) {
28+
+ /* save the tail match with the longest tail */
29+
+ bestsub = sts;
30+
+ blen = ntail;
31+
+ }
32+
}
33+
}
34+
if(strcasecompare(hostname, sts->host))
35+
return sts;
36+
}
37+
}
38+
- return NULL; /* no match */
39+
+ return bestsub; /* no match */
40+
}
41+
42+
/*
43+
@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
44+
e = Curl_hsts(h, p, subdomain);
45+
if(!e)
46+
result = hsts_create(h, p, subdomain, expires);
47+
- else {
48+
+ else if(strcasecompare(p, e->host)){
49+
/* the same host name, use the largest expire time */
50+
if(expires > e->expires)
51+
e->expires = expires;
52+
diff --git a/tests/data/test1660 b/tests/data/test1660
53+
index f86126d..4b6f961 100644
54+
--- a/tests/data/test1660
55+
+++ b/tests/data/test1660
56+
@@ -52,7 +52,7 @@ this.example [this.example]: 1548400797
57+
Input 12: error 43
58+
Input 13: error 43
59+
Input 14: error 43
60+
-3.example.com [example.com]: 1569905261 includeSubDomains
61+
+3.example.com [3.example.com]: 1569905261 includeSubDomains
62+
3.example.com [example.com]: 1569905261 includeSubDomains
63+
foo.example.com [example.com]: 1569905261 includeSubDomains
64+
'foo.xample.com' is not HSTS

SPECS/curl/curl.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: An URL retrieval utility and library
22
Name: curl
33
Version: 8.8.0
4-
Release: 4%{?dist}
4+
Release: 5%{?dist}
55
License: curl
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -11,6 +11,7 @@ Source0: https://curl.haxx.se/download/%{name}-%{version}.tar.gz
1111
Patch0: CVE-2024-6197.patch
1212
Patch1: CVE-2024-8096.patch
1313
Patch2: CVE-2024-11053.patch
14+
Patch3: CVE-2024-9681.patch
1415
BuildRequires: krb5-devel
1516
BuildRequires: libssh2-devel
1617
BuildRequires: nghttp2-devel
@@ -88,6 +89,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
8889
%{_libdir}/libcurl.so.*
8990

9091
%changelog
92+
* Wed Feb 26 2025 Bhagyashri Pathak <bhapathak@microsoft.com> - 8.8.0-5
93+
- Patch CVE-2024-9681
94+
9195
* Wed Feb 12 2025 Mitch Zhu <mitchzhu@microsoft.com> - 8.8.0-4
9296
- Patch CVE-2024-11053
9397

SPECS/fluent-bit/CVE-2024-50608.patch

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
From 76a68e4c23cbc0c0d8f4fd41577ae217d20aeee2 Mon Sep 17 00:00:00 2001
2+
From: Eduardo Silva <eduardo@chronosphere.io>
3+
Date: Sun, 23 Feb 2025 21:25:00 -0600
4+
Subject: [PATCH 1/2] in_prometheus_remote_write: fix handling of
5+
content-length (CVE-2024-50608)
6+
7+
Upstream Patch Reference:
8+
https://github.com/fluent/fluent-bit/pull/9993
9+
10+
Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
11+
---
12+
.../in_prometheus_remote_write/prom_rw_prot.c | 18 +++++++++++++++++-
13+
1 file changed, 17 insertions(+), 1 deletion(-)
14+
15+
diff --git a/plugins/in_prometheus_remote_write/prom_rw_prot.c b/plugins/in_prometheus_remote_write/prom_rw_prot.c
16+
index d041c8f..8460c7f 100644
17+
--- a/plugins/in_prometheus_remote_write/prom_rw_prot.c
18+
+++ b/plugins/in_prometheus_remote_write/prom_rw_prot.c
19+
@@ -345,6 +345,13 @@ int prom_rw_prot_handle(struct flb_prom_remote_write *ctx,
20+
return -1;
21+
}
22+
23+
+ if (request->data.data == NULL || request->data.len <= 0) {
24+
+ flb_sds_destroy(tag);
25+
+ mk_mem_free(uri);
26+
+ send_response(ctx->ins, conn, 400, "error: no payload found\n");
27+
+ return -1;
28+
+ }
29+
+
30+
original_data = request->data.data;
31+
original_data_size = request->data.len;
32+
33+
@@ -466,13 +473,22 @@ int prom_rw_prot_handle_ng(struct flb_http_request *request,
34+
/* HTTP/1.1 needs Host header */
35+
if (request->protocol_version == HTTP_PROTOCOL_HTTP1 &&
36+
request->host == NULL) {
37+
-
38+
return -1;
39+
}
40+
41+
if (request->method != HTTP_METHOD_POST) {
42+
send_response_ng(response, 400, "error: invalid HTTP method\n");
43+
+ return -1;
44+
+ }
45+
+
46+
+ /* check content-length */
47+
+ if (request->content_length <= 0) {
48+
+ send_response_ng(response, 400, "error: invalid content-length\n");
49+
+ return -1;
50+
+ }
51+
52+
+ if (request->body == NULL) {
53+
+ send_response_ng(response, 400, "error: invalid payload\n");
54+
return -1;
55+
}
56+
57+
--
58+
2.48.1.431.g5a526e5e18
59+

SPECS/fluent-bit/CVE-2024-50609.patch

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
From ce99c23a61cea708c2d5093031bdade0a620595a Mon Sep 17 00:00:00 2001
2+
From: Eduardo Silva <eduardo@chronosphere.io>
3+
Date: Sun, 23 Feb 2025 21:24:10 -0600
4+
Subject: [PATCH 2/2] in_opentelemetry: fix handling of content-length
5+
(CVE-2024-50609)
6+
7+
Upstream Patch Reference:
8+
https://github.com/fluent/fluent-bit/pull/9993
9+
10+
Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
11+
---
12+
plugins/in_opentelemetry/opentelemetry_prot.c | 19 +++++++++++++++++++
13+
1 file changed, 19 insertions(+)
14+
15+
diff --git a/plugins/in_opentelemetry/opentelemetry_prot.c b/plugins/in_opentelemetry/opentelemetry_prot.c
16+
index c1a45c4..2b40e09 100644
17+
--- a/plugins/in_opentelemetry/opentelemetry_prot.c
18+
+++ b/plugins/in_opentelemetry/opentelemetry_prot.c
19+
@@ -1893,6 +1893,13 @@ int opentelemetry_prot_handle(struct flb_opentelemetry *ctx, struct http_conn *c
20+
original_data = request->data.data;
21+
original_data_size = request->data.len;
22+
23+
+ if (request->data.len <= 0) {
24+
+ flb_sds_destroy(tag);
25+
+ mk_mem_free(uri);
26+
+ send_response(conn, 400, "error: no payload found\n");
27+
+ return -1;
28+
+ }
29+
+
30+
ret = opentelemetry_prot_uncompress(session, request,
31+
&uncompressed_data,
32+
&uncompressed_data_size);
33+
@@ -2462,6 +2469,18 @@ int opentelemetry_prot_handle_ng(struct flb_http_request *request,
34+
return -1;
35+
}
36+
37+
+ /* check content-length */
38+
+ if (request->content_length <= 0) {
39+
+ send_response_ng(response, 400, "error: invalid content-length\n");
40+
+ return -1;
41+
+ }
42+
+
43+
+ if (request->body == NULL) {
44+
+ send_response_ng(response, 400, "error: invalid payload\n");
45+
+ return -1;
46+
+ }
47+
+
48+
+
49+
if (strcmp(request->path, "/v1/metrics") == 0 ||
50+
strcmp(request->path, "/opentelemetry.proto.collector.metric.v1.MetricService/Export") == 0 ||
51+
strcmp(request->path, "/opentelemetry.proto.collector.metrics.v1.MetricsService/Export") == 0) {
52+
--
53+
2.48.1.431.g5a526e5e18
54+

SPECS/fluent-bit/fluent-bit.spec

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
22
Name: fluent-bit
33
Version: 3.0.6
4-
Release: 1%{?dist}
4+
Release: 2%{?dist}
55
License: Apache-2.0
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -12,6 +12,8 @@ Patch1: CVE-2024-25629.patch
1212
Patch2: CVE-2024-28182.patch
1313
Patch3: CVE-2024-25431.patch
1414
Patch4: CVE-2024-27532.patch
15+
Patch5: CVE-2024-50608.patch
16+
Patch6: CVE-2024-50609.patch
1517
BuildRequires: bison
1618
BuildRequires: cmake
1719
BuildRequires: cyrus-sasl-devel
@@ -86,6 +88,9 @@ Development files for %{name}
8688
%{_libdir}/fluent-bit/*.so
8789

8890
%changelog
91+
* Thu Feb 27 2025 Kshitiz Godara <kgodara@microsoft.com> - 3.0.6-2
92+
- Address CVE-2024-50608 and CVE-2024-50609
93+
8994
* Fri Jan 17 2025 Sudipta Pandit <sudpandit@microsoft.com> - 3.0.6-1
9095
- Bump version to 3.0.6
9196
- Add patches for multiple CVEs for the current version

0 commit comments

Comments
 (0)
0