starlingx
/
integ
Code Issues Proposed changes

Deleting unused directories inside support/ 

Clean up of lvm2, libxslt, postgresql package patches
which are no longer used in build

Change-Id: I4cc4210bb86de599c93dd9b61eed9a2e4ce5c8df
This commit is contained in:
Jack Ding 2018-06-13 22:03:10 -04:00 committed by jmckenna
parent 0075606840
commit 66b9547716
8 changed files with 0 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
support/libxslt/libxslt/CVE-2015-7995.patch
View File

@ -1,26 +0,0 @@
Fix for type confusion in preprocessing attributes
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
Upstream-Status: Backport
https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: libxslt-1.1.28/libxslt/preproc.c
===================================================================
--- libxslt-1.1.28.orig/libxslt/preproc.c
+++ libxslt-1.1.28/libxslt/preproc.c
@@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr st
} else if (IS_XSLT_NAME(inst, "attribute")) {
xmlNodePtr parent = inst->parent;
- if ((parent == NULL) || (parent->ns == NULL) ||
+ if ((parent == NULL) ||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
((parent->ns != inst->ns) &&
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {

44
support/lvm2/lvm2/Fix-regression-in-for_each_sub_lv.patch
View File

@ -1,44 +0,0 @@
From d05dd3f20fed08159875b9d4a78ab27ec02cfab6 Mon Sep 17 00:00:00 2001
From: Zdenek Kabelac <zkabelac@redhat.com>
Date: Wed, 9 May 2012 12:12:21 +0000
Subject: [PATCH 2/3] Fix regression in for_each_sub_lv
pool_lv is not a sub lv in terms for this function.
It has caused problem with renaming thin_volume, where it has tried to
rename pool LV as well.
(cherry picked from commit 98f2e3d974bcceaf6dbac9f80f42a0eaf6512059)
Conflicts:
WHATS_NEW
---
WHATS_NEW | 4 ++++
lib/metadata/lv_manip.c | 7 -------
2 files changed, 4 insertions(+), 7 deletions(-)
--- a/WHATS_NEW
+++ b/WHATS_NEW
@@ -1,3 +1,7 @@
+Version 2.02.95-wrs
+================================
+ Fix lvrename for thin volumes (regression in for_each_sub_lv() 2.02.89).
+
Version 2.02.95 - 6th March 2012
================================
If unspecified, adjust thin pool metadata and chunk size to fit into 128MB.
--- a/lib/metadata/lv_manip.c
+++ b/lib/metadata/lv_manip.c
@@ -2814,13 +2814,6 @@ int for_each_sub_lv(struct cmd_context *
return_0;
}
- if (seg->pool_lv) {
- if (!fn(cmd, seg->pool_lv, data))
- return_0;
- if (!for_each_sub_lv(cmd, seg->pool_lv, fn, data))
- return_0;
- }
-
if (seg->metadata_lv) {
if (!fn(cmd, seg->metadata_lv, data))
return_0;

48
support/lvm2/lvm2/Sync-filesystem-for-thin-snapshots.patch
View File

@ -1,48 +0,0 @@
From db5a5e67f7715e4087ae2a9685fdf4ff0c4fca17 Mon Sep 17 00:00:00 2001
From: Zdenek Kabelac <zkabelac@redhat.com>
Date: Tue, 5 Jun 2012 11:26:54 +0200
Subject: [PATCH 3/3] Sync filesystem for thin snapshots
Add missing lockfs option when suspend origin, before thin volume
snapshot is created
(cherry picked from commit 2f99e5e35a9918c337e66b74aa6126cca9328c64)
Conflicts:
WHATS_NEW
---
WHATS_NEW | 1 +
lib/activate/activate.c | 5 ++++-
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/WHATS_NEW
+++ b/WHATS_NEW
@@ -1,6 +1,7 @@
Version 2.02.95-wrs
================================
Fix lvrename for thin volumes (regression in for_each_sub_lv() 2.02.89).
+ Fix missing sync of filesystem when creating thin volume snapshot.
Version 2.02.95 - 6th March 2012
================================
--- a/lib/activate/activate.c
+++ b/lib/activate/activate.c
@@ -1488,6 +1488,9 @@ static int _lv_suspend(struct cmd_contex
(lv_is_origin(lv_pre) || lv_is_cow(lv_pre)))
lockfs = 1;
+ if (laopts->origin_only && lv_is_thin_volume(lv) && lv_is_thin_volume(lv_pre))
+ lockfs = 1;
+
/*
* Suspending an LV directly above a PVMOVE LV also
* suspends other LVs using that same PVMOVE LV.
@@ -1567,7 +1570,7 @@ static int _lv_resume(struct cmd_context
if (lv_is_thin_pool(lv) && laopts->origin_only)
messages_only = 1;
- if (!lv_is_origin(lv))
+ if (!lv_is_origin(lv) && !lv_is_thin_volume(lv))
laopts->origin_only = 0;
if (test_mode()) {

37
support/lvm2/lvm2/fix_thin_provision_device_name.patch
View File

@ -1,37 +0,0 @@
---
lib/activate/dev_manager.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/lib/activate/dev_manager.c
+++ b/lib/activate/dev_manager.c
@@ -1210,17 +1210,18 @@ static int _thin_pool_callback(struct dm
"global/thin_check_executable",
DEFAULT_THIN_CHECK_EXECUTABLE);
const struct logical_volume *mlv = first_seg(data->pool_lv)->metadata_lv;
- size_t len = strlen(dmdir) + strlen(mlv->vg->name) + strlen(mlv->name) + 3;
+ size_t len = strlen(dmdir) + 2 * strlen(mlv->vg->name) + strlen(mlv->name) + 3;
char meta_path[len];
int args;
char *argv[19]; /* Max supported 15 args */
- char *split;
+ char *split, *dm_name;
if (!thin_check[0])
return 1; /* Checking disabled */
- if (dm_snprintf(meta_path, len, "%s/%s-%s", dmdir,
- mlv->vg->name, mlv->name) < 0) {
+ if (!(dm_name = dm_build_dm_name(data->dm->mem, mlv->vg->name,
+ mlv->name, NULL)) ||
+ (dm_snprintf(meta_path, len, "%s/%s", dmdir, dm_name) < 0)) {
log_error("Failed to build thin metadata path.");
return 0;
}
@@ -1263,6 +1264,7 @@ static int _thin_pool_callback(struct dm
}
dm_pool_free(data->dm->mem, split);
+ dm_pool_free(data->dm->mem, dm_name);
return ret;
}

36
support/lvm2/lvm2/lvm2.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2013-2014 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
### BEGIN INIT INFO
# Provides: lvm2
# Required-Start:
# Required-Stop:
# Default-Start: S
# Default-Stop:
# Short-Description: Activate volume groups
### END INIT INFO
. /etc/init.d/functions
case "$1" in
start)
/usr/sbin/vgscan --ignorelockingfailure > /dev/null 2> /dev/null && /usr/sbin/vgchange --ignorelockingfailure -a y > /dev/null 2> /dev/null
;;
stop)
;;
restart)
/usr/sbin/vgscan ; /usr/sbin/vgchange -a y
;;
status)
/usr/sbin/vgdisplay
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
esac
exit 0

40
support/lvm2/lvm2/move-thin_check_executable-var.patch
View File

@ -1,40 +0,0 @@
---
doc/example.conf.in | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -463,6 +463,16 @@ global {
# proper udev rules, all changes in block device configuration will be
# *ignored* until a manual 'vgscan' is performed.
use_lvmetad = 0
+
+ # Full path of the utility called to check that a thin metadata device
+ # is in a state that allows it to be used.
+ # Each time a thin pool needs to be activated, this utility is executed.
+ # The activation will only proceed if the utility has an exit status of 0.
+ # Set to "" to skip this check. (Not recommended.)
+ # The thin tools are available as part of the device-mapper-persistent-data
+ # package from https://github.com/jthornber/thin-provisioning-tools.
+ #
+ thin_check_executable = "/sbin/thin_check -q"
}
activation {
@@ -650,16 +660,6 @@ activation {
thin_pool_autoextend_threshold = 100
thin_pool_autoextend_percent = 20
- # Full path of the utility called to check that a thin metadata device
- # is in a state that allows it to be used.
- # Each time a thin pool needs to be activated, this utility is executed.
- # The activation will only proceed if the utility has an exit status of 0.
- # Set to "" to skip this check. (Not recommended.)
- # The thin tools are available as part of the device-mapper-persistent-data
- # package from https://github.com/jthornber/thin-provisioning-tools.
- #
- thin_check_executable = "/sbin/thin_check -q"
-
# While activating devices, I/O to devices being (re)configured is
# suspended, and as a precaution against deadlocks, LVM2 needs to pin
# any memory it is using so it is not paged out. Groups of pages that

259
support/postgresql/files/0001-pgcrypto-Detect-and-report-too-short-crypt-salts.patch
View File

@ -1,259 +0,0 @@
From 56232f9879768e961485d8ba218da18c38768413 Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Mon, 5 Oct 2015 10:06:29 -0400
Subject: [PATCH 1/2] pgcrypto: Detect and report too-short crypt() salts.
Certain short salts crashed the backend or disclosed a few bytes of
backend memory. For existing salt-induced error conditions, emit a
message saying as much. Back-patch to 9.0 (all supported versions).
Josh Kupershmidt
Security: CVE-2015-5288
---
contrib/pgcrypto/crypt-blowfish.c | 19 +++++++++++++++++--
contrib/pgcrypto/crypt-des.c | 22 +++++++++++++++++++---
contrib/pgcrypto/expected/crypt-blowfish.out | 9 +++++++++
contrib/pgcrypto/expected/crypt-des.out | 4 ++++
contrib/pgcrypto/expected/crypt-xdes.out | 24 ++++++++++++++++++++++++
contrib/pgcrypto/px-crypt.c | 2 +-
contrib/pgcrypto/sql/crypt-blowfish.sql | 9 +++++++++
contrib/pgcrypto/sql/crypt-des.sql | 4 ++++
contrib/pgcrypto/sql/crypt-xdes.sql | 16 ++++++++++++++++
9 files changed, 103 insertions(+), 6 deletions(-)
diff --git a/contrib/pgcrypto/crypt-blowfish.c b/contrib/pgcrypto/crypt-blowfish.c
index fbaa3d7..4054e6a 100644
--- a/contrib/pgcrypto/crypt-blowfish.c
+++ b/contrib/pgcrypto/crypt-blowfish.c
@@ -601,6 +601,17 @@ _crypt_blowfish_rn(const char *key, const char *setting,
if (size < 7 + 22 + 31 + 1)
return NULL;
+ /*
+ * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
+ * two digit cost parameter, "$", and 22 digits from the alphabet
+ * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
+ * more restrictions on the count in the salt as well.
+ */
+ if (strlen(setting) < 29)
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid salt")));
+
if (setting[0] != '$' ||
setting[1] != '2' ||
(setting[2] != 'a' && setting[2] != 'x') ||
@@ -610,14 +621,18 @@ _crypt_blowfish_rn(const char *key, const char *setting,
(setting[4] == '3' && setting[5] > '1') ||
setting[6] != '$')
{
- return NULL;
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid salt")));
}
count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
{
memset(data.binary.salt, 0, sizeof(data.binary.salt));
- return NULL;
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid salt")));
}
BF_swap(data.binary.salt, 4);
diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c
index 4ed44be..2108be8 100644
--- a/contrib/pgcrypto/crypt-des.c
+++ b/contrib/pgcrypto/crypt-des.c
@@ -681,9 +681,19 @@ px_crypt_des(const char *key, const char *setting)
if (*setting == _PASSWORD_EFMT1)
{
/*
- * "new"-style: setting - underscore, 4 bytes of count, 4 bytes of
- * salt key - unlimited characters
+ * "new"-style: setting must be a 9-character (underscore, then 4
+ * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
+ * the "Extended crypt" heading for further details.
+ *
+ * Unlimited characters of the input key are used. This is known as
+ * the "Extended crypt" DES method.
+ *
*/
+ if (strlen(setting) < 9)
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid salt")));
+
for (i = 1, count = 0L; i < 5; i++)
count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
@@ -723,10 +733,16 @@ px_crypt_des(const char *key, const char *setting)
#endif /* !DISABLE_XDES */
{
/*
- * "old"-style: setting - 2 bytes of salt key - up to 8 characters
+ * "old"-style: setting - 2 bytes of salt key - only up to the first 8
+ * characters of the input key are used.
*/
count = 25;
+ if (strlen(setting) < 2)
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid salt")));
+
salt = (ascii_to_bin(setting[1]) << 6)
| ascii_to_bin(setting[0]);
diff --git a/contrib/pgcrypto/expected/crypt-blowfish.out b/contrib/pgcrypto/expected/crypt-blowfish.out
index 329d78f..d79b0c0 100644
--- a/contrib/pgcrypto/expected/crypt-blowfish.out
+++ b/contrib/pgcrypto/expected/crypt-blowfish.out
@@ -13,6 +13,15 @@ SELECT crypt('foox', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O');
$2a$06$RQiOJ.3ELirrXwxIZY8q0OR3CVJrAfda1z26CCHPnB6mmVZD8p0/C
(1 row)
+-- error, salt too short:
+SELECT crypt('foox', '$2a$');
+ERROR: invalid salt
+-- error, first digit of count in salt invalid
+SELECT crypt('foox', '$2a$40$RQiOJ.3ELirrXwxIZY8q0O');
+ERROR: invalid salt
+-- error, count in salt too small
+SELECT crypt('foox', '$2a$00$RQiOJ.3ELirrXwxIZY8q0O');
+ERROR: invalid salt
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
UPDATE ctest SET salt = gen_salt('bf', 8);
diff --git a/contrib/pgcrypto/expected/crypt-des.out b/contrib/pgcrypto/expected/crypt-des.out
index b8b6050..a462dcd 100644
--- a/contrib/pgcrypto/expected/crypt-des.out
+++ b/contrib/pgcrypto/expected/crypt-des.out
@@ -13,6 +13,10 @@ SELECT crypt('foox', 'NB');
NB53EGGqrrb5E
(1 row)
+-- We are supposed to pass in a 2-character salt.
+-- error since salt is too short:
+SELECT crypt('password', 'a');
+ERROR: invalid salt
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
UPDATE ctest SET salt = gen_salt('des');
diff --git a/contrib/pgcrypto/expected/crypt-xdes.out b/contrib/pgcrypto/expected/crypt-xdes.out
index cdcdefb..8cf9075 100644
--- a/contrib/pgcrypto/expected/crypt-xdes.out
+++ b/contrib/pgcrypto/expected/crypt-xdes.out
@@ -13,6 +13,30 @@ SELECT crypt('foox', '_J9..j2zz');
_J9..j2zzAYKMvO2BYRY
(1 row)
+-- check XDES handling of keys longer than 8 chars
+SELECT crypt('longlongpassword', '_J9..j2zz');
+ crypt
+----------------------
+ _J9..j2zz4BeseiQNwUg
+(1 row)
+
+-- error, salt too short
+SELECT crypt('foox', '_J9..BWH');
+ERROR: invalid salt
+-- error, count specified in the second argument is 0
+SELECT crypt('password', '_........');
+ERROR: crypt(3) returned NULL
+-- error, count will wind up still being 0 due to invalid encoding
+-- of the count: only chars ``./0-9A-Za-z' are valid
+SELECT crypt('password', '_..!!!!!!');
+ERROR: crypt(3) returned NULL
+-- count should be non-zero here, will work
+SELECT crypt('password', '_/!!!!!!!');
+ crypt
+----------------------
+ _/!!!!!!!zqM49hRzxko
+(1 row)
+
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
UPDATE ctest SET salt = gen_salt('xdes', 1001);
diff --git a/contrib/pgcrypto/px-crypt.c b/contrib/pgcrypto/px-crypt.c
index 7b003a7..e3246fc 100644
--- a/contrib/pgcrypto/px-crypt.c
+++ b/contrib/pgcrypto/px-crypt.c
@@ -42,7 +42,7 @@ run_crypt_des(const char *psw, const char *salt,
char *res;
res = px_crypt_des(psw, salt);
- if (strlen(res) > len - 1)
+ if (res == NULL || strlen(res) > len - 1)
return NULL;
strcpy(buf, res);
return buf;
diff --git a/contrib/pgcrypto/sql/crypt-blowfish.sql b/contrib/pgcrypto/sql/crypt-blowfish.sql
index 60c1140..3b5a681 100644
--- a/contrib/pgcrypto/sql/crypt-blowfish.sql
+++ b/contrib/pgcrypto/sql/crypt-blowfish.sql
@@ -6,6 +6,15 @@ SELECT crypt('', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O');
SELECT crypt('foox', '$2a$06$RQiOJ.3ELirrXwxIZY8q0O');
+-- error, salt too short:
+SELECT crypt('foox', '$2a$');
+
+-- error, first digit of count in salt invalid
+SELECT crypt('foox', '$2a$40$RQiOJ.3ELirrXwxIZY8q0O');
+
+-- error, count in salt too small
+SELECT crypt('foox', '$2a$00$RQiOJ.3ELirrXwxIZY8q0O');
+
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
diff --git a/contrib/pgcrypto/sql/crypt-des.sql b/contrib/pgcrypto/sql/crypt-des.sql
index fabdc65..a85ec1e 100644
--- a/contrib/pgcrypto/sql/crypt-des.sql
+++ b/contrib/pgcrypto/sql/crypt-des.sql
@@ -6,6 +6,10 @@ SELECT crypt('', 'NB');
SELECT crypt('foox', 'NB');
+-- We are supposed to pass in a 2-character salt.
+-- error since salt is too short:
+SELECT crypt('password', 'a');
+
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
diff --git a/contrib/pgcrypto/sql/crypt-xdes.sql b/contrib/pgcrypto/sql/crypt-xdes.sql
index d4a74f7..8171cd8 100644
--- a/contrib/pgcrypto/sql/crypt-xdes.sql
+++ b/contrib/pgcrypto/sql/crypt-xdes.sql
@@ -6,6 +6,22 @@ SELECT crypt('', '_J9..j2zz');
SELECT crypt('foox', '_J9..j2zz');
+-- check XDES handling of keys longer than 8 chars
+SELECT crypt('longlongpassword', '_J9..j2zz');
+
+-- error, salt too short
+SELECT crypt('foox', '_J9..BWH');
+
+-- error, count specified in the second argument is 0
+SELECT crypt('password', '_........');
+
+-- error, count will wind up still being 0 due to invalid encoding
+-- of the count: only chars ``./0-9A-Za-z' are valid
+SELECT crypt('password', '_..!!!!!!');
+
+-- count should be non-zero here, will work
+SELECT crypt('password', '_/!!!!!!!');
+
CREATE TABLE ctest (data text, res text, salt text);
INSERT INTO ctest VALUES ('password', '', '');
--
1.7.9.5

44
support/postgresql/files/0002-Prevent-stack-overflow-in-json-related-functions.patch
View File

@ -1,44 +0,0 @@
From 8dacb29ca7c92814d69135f40e16a46f8cf9cbaf Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Mon, 5 Oct 2015 10:06:29 -0400
Subject: [PATCH 2/2] Prevent stack overflow in json-related functions.
Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an
application constructs PostgreSQL json or jsonb values from arbitrary
user input, application users could have exploited this to terminate all
active database connections. That applies to 9.3, where the json parser
adopted recursive descent, and later versions. Only row_to_json() and
array_to_json() were at risk in 9.2, both in a non-security capacity.
Back-patch to 9.2, where the json type was introduced.
Oskari Saarenmaa, reviewed by Michael Paquier.
Security: CVE-2015-5289
---
src/backend/utils/adt/json.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/backend/utils/adt/json.c b/src/backend/utils/adt/json.c
index f0cbb39..fd1d8fb 100644
--- a/src/backend/utils/adt/json.c
+++ b/src/backend/utils/adt/json.c
@@ -18,6 +18,7 @@
#include "lib/stringinfo.h"
#include "libpq/pqformat.h"
#include "mb/pg_wchar.h"
+#include "miscadmin.h"
#include "parser/parse_coerce.h"
#include "utils/array.h"
#include "utils/builtins.h"
@@ -895,6 +896,8 @@ datum_to_json(Datum val, bool is_null, StringInfo result,
bool numeric_error;
JsonLexContext dummy_lex;
+ check_stack_depth();
+
if (is_null)
{
appendStringInfoString(result, "null");
--
1.7.9.5