Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:8:CentOS
logstash
cve-2018-3817.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cve-2018-3817.patch of Package logstash
commit a0aa92980e74ec9ea00a058fccf648d60c9482fa Author: Andrew Cholakian <andrew@andrewvc.com> Date: Fri Dec 1 15:06:12 2017 -0600 Validate deprecated/obsolete options after sanitization The old order made no sense since Password / SafeURI objects were not wrapped in their to_s suppressing containers. Only remove the obsolete params after they've been detected Fixes #8785 Index: logstash-2.4.1/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.1-java/lib/logstash/config/mixin.rb =================================================================== --- logstash-2.4.1.orig/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.1-java/lib/logstash/config/mixin.rb +++ logstash-2.4.1/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.1-java/lib/logstash/config/mixin.rb @@ -68,29 +68,6 @@ module LogStash::Config::Mixin # store the plugin type, turns LogStash::Inputs::Base into 'input' @plugin_type = self.class.ancestors.find { |a| a.name =~ /::Base$/ }.config_name - # warn about deprecated variable use - params.each do |name, value| - opts = self.class.get_config[name] - if opts && opts[:deprecated] - extra = opts[:deprecated].is_a?(String) ? opts[:deprecated] : "" - extra.gsub!("%PLUGIN%", self.class.config_name) - @logger.warn("You are using a deprecated config setting " + - "#{name.inspect} set in #{self.class.config_name}. " + - "Deprecated settings will continue to work, " + - "but are scheduled for removal from logstash " + - "in the future. #{extra} If you have any questions " + - "about this, please visit the #logstash channel " + - "on freenode irc.", :name => name, :plugin => self) - end - if opts && opts[:obsolete] - extra = opts[:obsolete].is_a?(String) ? opts[:obsolete] : "" - extra.gsub!("%PLUGIN%", self.class.config_name) - raise LogStash::ConfigurationError, - I18n.t("logstash.agent.configuration.obsolete", :name => name, - :plugin => self.class.config_name, :extra => extra) - end - end - # Set defaults from 'config :foo, :default => somevalue' self.class.get_config.each do |name, opts| next if params.include?(name.to_s) @@ -130,17 +107,46 @@ module LogStash::Config::Mixin end end - if !self.class.validate(params) raise LogStash::ConfigurationError, I18n.t("logstash.agent.configuration.invalid_plugin_settings") end + # now that we know the parameters are valid, we can obfuscate the original copy + # of the parameters before storing them as an instance variable + self.class.secure_params!(original_params) + @original_params = original_params + + # warn about deprecated variable use + original_params.each do |name, value| + opts = self.class.get_config[name] + if opts && opts[:deprecated] + extra = opts[:deprecated].is_a?(String) ? opts[:deprecated] : "" + extra.gsub!("%PLUGIN%", self.class.config_name) + self.logger.warn("You are using a deprecated config setting " + + "#{name.inspect} set in #{self.class.config_name}. " + + "Deprecated settings will continue to work, " + + "but are scheduled for removal from logstash " + + "in the future. #{extra} If you have any questions " + + "about this, please visit the #logstash channel " + + "on freenode irc.", :name => name, :plugin => self) + + end + + if opts && opts[:obsolete] + extra = opts[:obsolete].is_a?(String) ? opts[:obsolete] : "" + extra.gsub!("%PLUGIN%", self.class.config_name) + raise LogStash::ConfigurationError, + I18n.t("logstash.runner.configuration.obsolete", :name => name, + :plugin => self.class.config_name, :extra => extra) + end + end + # We remove any config options marked as obsolete, # no code should be associated to them and their values should not bleed # to the plugin context. # - # This need to be done after fetching the options from the parents classed + # This need to be done after fetching the options from the parents class params.reject! do |name, value| opts = self.class.get_config[name] opts.include?(:obsolete) @@ -155,11 +161,6 @@ module LogStash::Config::Mixin instance_variable_set("@#{key}", value) end - # now that we know the parameters are valid, we can obfuscate the original copy - # of the parameters before storing them as an instance variable - self.class.secure_params!(original_params) - @original_params = original_params - @config = params end # def config_init
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor