microsoft
diff --git a/‎SPECS/ceph/CVE-2012-2677.patch
Lines changed: 105 additions & 0 deletions b/‎SPECS/ceph/CVE-2012-2677.patch
Lines changed: 105 additions & 0 deletions
diff --git a/‎SPECS/ceph/CVE-2020-10722.patch
Lines changed: 31 additions & 0 deletions b/‎SPECS/ceph/CVE-2020-10722.patch
Lines changed: 31 additions & 0 deletions
diff --git a/‎SPECS/ceph/CVE-2020-10723.patch
Lines changed: 26 additions & 0 deletions b/‎SPECS/ceph/CVE-2020-10723.patch
Lines changed: 26 additions & 0 deletions
diff --git a/‎SPECS/ceph/CVE-2020-10724.patch
Lines changed: 55 additions & 0 deletions b/‎SPECS/ceph/CVE-2020-10724.patch
Lines changed: 55 additions & 0 deletions
diff --git a/‎SPECS/ceph/CVE-2021-24032.patch
Lines changed: 82 additions & 0 deletions b/‎SPECS/ceph/CVE-2021-24032.patch
Lines changed: 82 additions & 0 deletions
@@ -0,0 +1,105 @@
+Edited filepath to reflect the file tree within ceph
+
+Link: https://620468.bugs.gentoo.org/attachment.cgi?id=475060&action=diff&format=raw&headers=1
+--- a/src/boost/boost/pool/pool.hpp	
++++ a/src/boost/boost/pool/pool.hpp	
+@@ -26,6 +26,8 @@ 
+ 
+ #include <boost/pool/poolfwd.hpp>
+ 
++// std::numeric_limits
++#include <boost/limits.hpp>
+ // boost::integer::static_lcm
+ #include <boost/integer/common_factor_ct.hpp>
+ // boost::simple_segregated_storage
+@@ -355,6 +357,15 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+       return s;
+     }
+ 
++    size_type max_chunks() const
++    { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool.
++      size_type partition_size = alloc_size();
++      size_type POD_size = integer::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type);
++      size_type max_chunks = (std::numeric_limits<size_type>::max() - POD_size) / alloc_size();
++
++      return max_chunks;
++    }
++
+     static void * & nextof(void * const ptr)
+     { //! \returns Pointer dereferenced.
+       //! (Provided and used for the sake of code readability :)
+@@ -375,6 +386,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+       //!   the first time that object needs to allocate system memory.
+       //!   The default is 32. This parameter may not be 0.
+       //! \param nmax_size is the maximum number of chunks to allocate in one block.
++      set_next_size(nnext_size);
++      set_max_size(nmax_size);
+     }
+ 
+     ~pool()
+@@ -398,8 +411,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+     }
+     void set_next_size(const size_type nnext_size)
+     { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
+-      //! \returns nnext_size.
+-      next_size = start_size = nnext_size;
++      BOOST_USING_STD_MIN();
++      next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks());
+     }
+     size_type get_max_size() const
+     { //! \returns max_size.
+@@ -407,7 +420,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+     }
+     void set_max_size(const size_type nmax_size)
+     { //! Set max_size.
+-      max_size = nmax_size;
++      BOOST_USING_STD_MIN();
++      max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks());
+     }
+     size_type get_requested_size() const
+     { //!   \returns the requested size passed into the constructor.
+@@ -708,9 +722,9 @@ void * pool<UserAllocator>::malloc_need_resize()
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  initialize it,
+   store().add_block(node.begin(), node.element_size(), partition_size);
+@@ -748,9 +762,9 @@ void * pool<UserAllocator>::ordered_malloc_need_resize()
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  initialize it,
+   //  (we can use "add_block" here because we know that
+@@ -792,6 +806,8 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+ { //! Gets address of a chunk n, allocating new memory if not already available.
+   //! \returns Address of chunk n if allocated ok.
+   //! \returns 0 if not enough memory for n chunks.
++  if (n > max_chunks())
++    return 0;
+ 
+   const size_type partition_size = alloc_size();
+   const size_type total_req_size = n * requested_size;
+@@ -840,9 +856,9 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+ 
+   BOOST_USING_STD_MIN();
+   if(!max_size)
+-    next_size <<= 1;
++    set_next_size(next_size << 1);
+   else if( next_size*partition_size/requested_size < max_size)
+-    next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++    set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+ 
+   //  insert it into the list,
+   //   handle border case.
@@ -0,0 +1,31 @@
+From 73e1e5635f27e444abd0bf3ce2144c7378e29401 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Tue, 4 Feb 2025 15:04:56 -0800
+Subject: [PATCH] [Medium] Patch ceph to fix CVE-2020-10722
+
+Link: https://git.dpdk.org/dpdk/patch/?id=3ae4beb079ce242240c34376a066bbccd0c0b23e
+---
+ src/seastar/dpdk/lib/librte_vhost/vhost_user.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
+index c9e29ece8..91fb802ba 100644
+--- a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
+@@ -1434,10 +1434,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg,
+ 	size = msg->payload.log.mmap_size;
+ 	off  = msg->payload.log.mmap_offset;
+ 
+-	/* Don't allow mmap_offset to point outside the mmap region */
+-	if (off > size) {
+++	/* Check for mmap size and offset overflow. */
+++	if (off >= -size) {
+ 		RTE_LOG(ERR, VHOST_CONFIG,
+-			"log offset %#"PRIx64" exceeds log size %#"PRIx64"\n",
+++			"log offset %#"PRIx64" and log size %#"PRIx64" overflow\n",
+ 			off, size);
+ 		return RTE_VHOST_MSG_RESULT_ERR;
+ 	}
+-- 
+2.34.1
+
@@ -0,0 +1,26 @@
+From 8558fe7d316167be9c0e1b25aabd4f96a5079250 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Mon, 3 Feb 2025 16:23:59 -0800
+Subject: [PATCH] [Medium] Patch ceph for CVE-2020-10723
+
+Link: https://git.dpdk.org/dpdk/patch/?id=c78d94189dced04def987a17f16097fcb197a186
+---
+ src/seastar/dpdk/lib/librte_vhost/vhost_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
+index c9e29ece8..1f84fc212 100644
+--- a/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_user.c
+@@ -1841,7 +1841,7 @@ static int
+ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev,
+ 			struct VhostUserMsg *msg)
+ {
+-	uint16_t vring_idx;
++	uint32_t vring_idx;
+ 
+ 	switch (msg->request.master) {
+ 	case VHOST_USER_SET_VRING_KICK:
+-- 
+2.34.1
+
@@ -0,0 +1,55 @@
+From 57c19156f1c7075d2b27f48d62cedc3992811c2b Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Wed, 5 Feb 2025 12:55:00 -0800
+Subject: [PATCH] [Medium] Patch ceph for CVE-2020-10724
+
+Link: https://git.dpdk.org/dpdk/patch/?id=acd4c92fa693bbea695f2bb42bb93fb8567c3ca5
+---
+ .../dpdk/lib/librte_vhost/vhost_crypto.c        | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+index 0edf12d52..9d569fcc5 100644
+--- a/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
++++ b/src/seastar/dpdk/lib/librte_vhost/vhost_crypto.c
+@@ -246,6 +246,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform,
+ 	if (unlikely(ret < 0))
+ 		return ret;
+ 
++	if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid cipher key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ 	xform->cipher.algo = (enum rte_crypto_cipher_algorithm)ret;
+ 	xform->cipher.key.length = param->cipher_key_len;
+@@ -296,6 +301,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms,
+ 	ret = cipher_algo_transform(param->cipher_algo);
+ 	if (unlikely(ret < 0))
+ 		return ret;
++
++	if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid cipher key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ 	xform_cipher->cipher.algo = (enum rte_crypto_cipher_algorithm)ret;
+ 	xform_cipher->cipher.key.length = param->cipher_key_len;
+@@ -311,6 +322,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms,
+ 	ret = auth_algo_transform(param->hash_algo);
+ 	if (unlikely(ret < 0))
+ 		return ret;
++
++	if (param->auth_key_len > VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH) {
++		VC_LOG_DBG("Invalid auth key length\n");
++		return -VIRTIO_CRYPTO_BADMSG;
++	}
++
+ 	xform_auth->auth.algo = (enum rte_crypto_auth_algorithm)ret;
+ 	xform_auth->auth.digest_length = param->digest_len;
+ 	xform_auth->auth.key.length = param->auth_key_len;
+-- 
+2.34.1
+
@@ -0,0 +1,82 @@
+From 9eb423834eec8a61773b2bd02b694d132459ade7 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Wed, 5 Feb 2025 11:57:38 -0800
+Subject: [PATCH] [Medium] Patch ceph for CVE-2021-24032
+
+Link: https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e.patch
+---
+ src/zstd/programs/fileio.c | 9 +++------
+ src/zstd/programs/util.c   | 9 +++++++++
+ src/zstd/programs/util.h   | 7 ++++++-
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/src/zstd/programs/fileio.c b/src/zstd/programs/fileio.c
+index d72879d64..f4529840a 100644
+--- a/src/zstd/programs/fileio.c
++++ b/src/zstd/programs/fileio.c
+@@ -611,14 +611,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs,
+             FIO_remove(dstFileName);
+     }   }
+ 
+-    {   FILE* const f = fopen( dstFileName, "wb" );
++    {   const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
++        FILE* const f = fopen( dstFileName, "wb" );
++        UTIL_umask(old_umask);
+         if (f == NULL) {
+             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+-        } else if (srcFileName != NULL
+-               && strcmp (srcFileName, stdinmark)
+-               && strcmp(dstFileName, nulmark) ) {
+-            /* reduce rights on newly created dst file while compression is ongoing */
+-            UTIL_chmod(dstFileName, 00600);
+         }
+         return f;
+     }
+diff --git a/src/zstd/programs/util.c b/src/zstd/programs/util.c
+index ab1abd3b1..950697252 100644
+--- a/src/zstd/programs/util.c
++++ b/src/zstd/programs/util.c
+@@ -137,6 +137,15 @@ int UTIL_chmod(char const* filename, mode_t permissions)
+     return chmod(filename, permissions);
+ }
+ 
++int UTIL_umask(int mode) {
++#if PLATFORM_POSIX_VERSION > 0
++    return umask(mode);
++#else
++    /* do nothing, fake return value */
++    return mode;
++#endif
++}
++
+ int UTIL_setFileStat(const char *filename, stat_t *statbuf)
+ {
+     int res = 0;
+diff --git a/src/zstd/programs/util.h b/src/zstd/programs/util.h
+index 8e187e4f2..8b1f80bb1 100644
+--- a/src/zstd/programs/util.h
++++ b/src/zstd/programs/util.h
+@@ -22,7 +22,7 @@ extern "C" {
+ #include "platform.h"     /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */
+ #include <stddef.h>       /* size_t, ptrdiff_t */
+ #include <sys/types.h>    /* stat, utime */
+-#include <sys/stat.h>     /* stat, chmod */
++#include <sys/stat.h>     /* stat, chmod, umask */
+ #include "../lib/common/mem.h"          /* U64 */
+ 
+ 
+@@ -119,6 +119,11 @@ U64 UTIL_getTotalFileSize(const char* const * fileNamesTable, unsigned nbFiles);
+ int UTIL_getFileStat(const char* infilename, stat_t* statbuf);
+ int UTIL_setFileStat(const char* filename, stat_t* statbuf);
+ int UTIL_chmod(char const* filename, mode_t permissions);   /*< like chmod, but avoid changing permission of /dev/null */
++/**
++ * Wraps umask(). Does nothing when the platform doesn't have that concept.
++ */
++int UTIL_umask(int mode);
++
+ int UTIL_compareStr(const void *p1, const void *p2);
+ const char* UTIL_getFileExtension(const char* infilename);
+ 
+-- 
+2.34.1
+