* [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18
@ 2022-01-25 17:34 Fabrice Fontaine
2022-01-26 22:33 ` Thomas Petazzoni
2022-01-28 21:17 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-01-25 17:34 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
replicated collection can run the applyOps command with specially
malformed oplog entries, resulting in a potential denial of service on
secondaries. This issue affects MongoDB Server v4.0 versions prior to
4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
v4.4 versions prior to 4.4.6.
Drop third patch (already in version)
https://docs.mongodb.com/master/release-notes/4.2/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...-MINSIGSTKSZ-is-no-longer-a-constant.patch | 49 -------------------
package/mongodb/mongodb.hash | 2 +-
package/mongodb/mongodb.mk | 2 +-
3 files changed, 2 insertions(+), 51 deletions(-)
delete mode 100644 package/mongodb/0003-SERVER-59459-With-glibc-2-34-MINSIGSTKSZ-is-no-longer-a-constant.patch
diff --git a/package/mongodb/0003-SERVER-59459-With-glibc-2-34-MINSIGSTKSZ-is-no-longer-a-constant.patch b/package/mongodb/0003-SERVER-59459-With-glibc-2-34-MINSIGSTKSZ-is-no-longer-a-constant.patch
deleted file mode 100644
index 02b35c6e4f..0000000000
--- a/package/mongodb/0003-SERVER-59459-With-glibc-2-34-MINSIGSTKSZ-is-no-longer-a-constant.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From ef08d0dbc99db8c4620512e92bfb3154282eb5d3 Mon Sep 17 00:00:00 2001
-From: Andrew Morrow <acm@mongodb.com>
-Date: Wed, 15 Sep 2021 15:23:42 -0400
-Subject: [PATCH] SERVER-59459 With glibc-2.34, MINSIGSTKSZ is no longer a
- constant
-
-[Retrieved (and backported) from:
-https://github.com/mongodb/mongo/commit/ef08d0dbc99db8c4620512e92bfb3154282eb5d3]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- src/mongo/stdx/thread.h | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/mongo/stdx/thread.h b/src/mongo/stdx/thread.h
-index 7b15bb561bd9..6f1e16cdeb36 100644
---- a/src/mongo/stdx/thread.h
-+++ b/src/mongo/stdx/thread.h
-@@ -76,11 +76,19 @@ class SigAltStackController {
- }
-
- private:
-+ static size_t _getStackSize() {
-+ // It would be nice for this to be a constexpr, but
-+ // MINSIGSTKSZ became a macro that invoked `sysconf` in glibc
-+ // 2.34.
-+ static const std::size_t kMinSigStkSz = MINSIGSTKSZ;
-+ return std::max(kMongoMinSignalStackSize, kMinSigStkSz);
-+ }
-+
- void _install() const {
- stack_t ss;
- ss.ss_sp = _stackStorage.get();
- ss.ss_flags = 0;
-- ss.ss_size = kStackSize;
-+ ss.ss_size = _getStackSize();
- if (sigaltstack(&ss, nullptr)) {
- abort();
- }
-@@ -107,9 +115,7 @@ class SigAltStackController {
- // ( https://jira.mongodb.org/secure/attachment/233569/233569_stacktrace-writeup.txt )
- static constexpr std::size_t kMongoMinSignalStackSize = std::size_t{64} << 10;
-
-- static constexpr std::size_t kStackSize =
-- std::max(kMongoMinSignalStackSize, std::size_t{MINSIGSTKSZ});
-- std::unique_ptr<std::byte[]> _stackStorage = std::make_unique<std::byte[]>(kStackSize);
-+ std::unique_ptr<std::byte[]> _stackStorage = std::make_unique<std::byte[]>(_getStackSize());
-
- #else // !MONGO_HAS_SIGALTSTACK
- auto makeInstallGuard() const {
diff --git a/package/mongodb/mongodb.hash b/package/mongodb/mongodb.hash
index 3b2580cc43..02da8ad452 100644
--- a/package/mongodb/mongodb.hash
+++ b/package/mongodb/mongodb.hash
@@ -1,4 +1,4 @@
# Locally computed:
-sha256 ab5a8b6e967614a8ad67c0ca87124c4f380d4a476508973a7995d54ed902b02e mongodb-src-r4.2.11.tar.gz
+sha256 5bbb9567cc1f358ac7d9f37d9fe749862728bdf9f742d1dfc5e35a8b6c2985ba mongodb-src-r4.2.18.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 APACHE-2.0.txt
sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27 LICENSE-Community.txt
diff --git a/package/mongodb/mongodb.mk b/package/mongodb/mongodb.mk
index c33c3c2eb7..f666e83a03 100644
--- a/package/mongodb/mongodb.mk
+++ b/package/mongodb/mongodb.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MONGODB_VERSION = 4.2.11
+MONGODB_VERSION = 4.2.18
MONGODB_SITE = https://fastdl.mongodb.org/src
MONGODB_SOURCE = mongodb-src-r$(MONGODB_VERSION).tar.gz
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18
2022-01-25 17:34 [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18 Fabrice Fontaine
@ 2022-01-26 22:33 ` Thomas Petazzoni
2022-01-28 21:17 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2022-01-26 22:33 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Tue, 25 Jan 2022 18:34:22 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
> replicated collection can run the applyOps command with specially
> malformed oplog entries, resulting in a potential denial of service on
> secondaries. This issue affects MongoDB Server v4.0 versions prior to
> 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
> v4.4 versions prior to 4.4.6.
>
> Drop third patch (already in version)
>
> https://docs.mongodb.com/master/release-notes/4.2/
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...-MINSIGSTKSZ-is-no-longer-a-constant.patch | 49 -------------------
> package/mongodb/mongodb.hash | 2 +-
> package/mongodb/mongodb.mk | 2 +-
> 3 files changed, 2 insertions(+), 51 deletions(-)
> delete mode 100644 package/mongodb/0003-SERVER-59459-With-glibc-2-34-MINSIGSTKSZ-is-no-longer-a-constant.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18
2022-01-25 17:34 [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18 Fabrice Fontaine
2022-01-26 22:33 ` Thomas Petazzoni
@ 2022-01-28 21:17 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-01-28 21:17 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
> replicated collection can run the applyOps command with specially
> malformed oplog entries, resulting in a potential denial of service on
> secondaries. This issue affects MongoDB Server v4.0 versions prior to
> 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
> v4.4 versions prior to 4.4.6.
> Drop third patch (already in version)
> https://docs.mongodb.com/master/release-notes/4.2/
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-28 21:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-25 17:34 [Buildroot] [PATCH 1/1] package/mongodb: security bump to version 4.2.18 Fabrice Fontaine
2022-01-26 22:33 ` Thomas Petazzoni
2022-01-28 21:17 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.