diff options
author | Patrick McLean <chutzpah@gentoo.org> | 2017-07-31 12:03:31 -0700 |
---|---|---|
committer | Patrick McLean <chutzpah@gentoo.org> | 2017-07-31 12:04:00 -0700 |
commit | 99748ee7bf5dedea9ac0af33f482fe65aea11c96 (patch) | |
tree | 55e318dd335db89991aa87346fa34bc06034fd92 /sys-cluster/ceph/files | |
parent | dev-db/mongodb: patch 3.4.6 for bug 625148 (diff) | |
download | gentoo-99748ee7bf5dedea9ac0af33f482fe65aea11c96.tar.gz gentoo-99748ee7bf5dedea9ac0af33f482fe65aea11c96.tar.bz2 gentoo-99748ee7bf5dedea9ac0af33f482fe65aea11c96.zip |
sys-cluster/ceph: Revision bump, pull in fix for CVE-2017-7519
Also add envd file when tcmalloc USE flags is enabled to set
TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=134217728
This is recommended by upstream. Install file to sysctl.d to update
kernel.pid_max to 257256, and sync conf.d file with init.d.
Package-Manager: Portage-2.3.6, Repoman-2.3.3
Diffstat (limited to 'sys-cluster/ceph/files')
4 files changed, 39 insertions, 1 deletions
diff --git a/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch b/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch new file mode 100644 index 000000000000..eaf18c35783d --- /dev/null +++ b/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch @@ -0,0 +1,35 @@ +diff --git a/src/libradosstriper/RadosStriperImpl.cc b/src/libradosstriper/RadosStriperImpl.cc +index 22352d9125..70dcb7569f 100644 +--- a/src/libradosstriper/RadosStriperImpl.cc ++++ b/src/libradosstriper/RadosStriperImpl.cc +@@ -12,6 +12,8 @@ + * + */ + ++#include <boost/algorithm/string/replace.hpp> ++ + #include "libradosstriper/RadosStriperImpl.h" + + #include <errno.h> +@@ -466,7 +468,9 @@ int libradosstriper::RadosStriperImpl::aio_read(const std::string& soid, + // get list of extents to be read from + vector<ObjectExtent> *extents = new vector<ObjectExtent>(); + if (read_len > 0) { +- std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT; ++ std::string format = soid; ++ boost::replace_all(format, "%", "%%"); ++ format += RADOS_OBJECT_EXTENSION_FORMAT; + file_layout_t l; + l.from_legacy(layout); + Striper::file_to_extents(cct(), format.c_str(), &l, off, read_len, +@@ -776,7 +780,9 @@ libradosstriper::RadosStriperImpl::internal_aio_write(const std::string& soid, + if (len > 0) { + // get list of extents to be written to + vector<ObjectExtent> extents; +- std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT; ++ std::string format = soid; ++ boost::replace_all(format, "%", "%%"); ++ format += RADOS_OBJECT_EXTENSION_FORMAT; + file_layout_t l; + l.from_legacy(layout); + Striper::file_to_extents(cct(), format.c_str(), &l, off, len, 0, extents); diff --git a/sys-cluster/ceph/files/ceph.confd-r3 b/sys-cluster/ceph/files/ceph.confd-r3 index 491b1241ba63..54673c2688f7 100644 --- a/sys-cluster/ceph/files/ceph.confd-r3 +++ b/sys-cluster/ceph/files/ceph.confd-r3 @@ -4,7 +4,7 @@ #ceph_conf="/etc/ceph/ceph.conf" # Set ulimits for Ceph services. -#rc_ulimit="-n 32768" +#rc_ulimit="-n 131072 -u 257256" # the directory under /run to store runtime information in #rundir=/run/ceph diff --git a/sys-cluster/ceph/files/envd-tcmalloc b/sys-cluster/ceph/files/envd-tcmalloc new file mode 100644 index 000000000000..bdb09670c636 --- /dev/null +++ b/sys-cluster/ceph/files/envd-tcmalloc @@ -0,0 +1 @@ +TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=134217728 diff --git a/sys-cluster/ceph/files/sysctld b/sys-cluster/ceph/files/sysctld new file mode 100644 index 000000000000..4d133264f554 --- /dev/null +++ b/sys-cluster/ceph/files/sysctld @@ -0,0 +1,2 @@ +# up the global pid max for ceph +kernel.pid_max = 257256 |