Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Micheal Marineau (marineam)" <marineam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-emulation/libvirt/files: libvirt-0.5.1-libgnu-reposition.patch libvirt-0.4.6-add-missing-permission-checks.patch libvirt-0.5.1-add-missing-permission-checks.patch
Date: Fri, 09 Jan 2009 04:31:41
Message-Id: E1LL91v-0001Oi-Et@stork.gentoo.org
1 marineam 09/01/09 04:31:31
2
3 Added: libvirt-0.5.1-libgnu-reposition.patch
4 libvirt-0.4.6-add-missing-permission-checks.patch
5 libvirt-0.5.1-add-missing-permission-checks.patch
6 Log:
7 Bump libvirt to 0.5.1 and fix CVE-2008-5086
8 (Portage version: 2.1.6.4/cvs/Linux 2.6.28-00001-g607f448 x86_64)
9
10 Revision Changes Path
11 1.1 app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch
12
13 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch?rev=1.1&content-type=text/plain
15
16 Index: libvirt-0.5.1-libgnu-reposition.patch
17 ===================================================================
18 --- libvirt-0.5.1/qemud/Makefile.am.orig 2009-01-08 22:47:27.000000000 -0500
19 +++ libvirt-0.5.1/qemud/Makefile.am 2009-01-08 22:55:17.000000000 -0500
20 @@ -87,8 +87,7 @@
21 $(COVERAGE_LDFLAGS) \
22 $(POLKIT_LIBS)
23
24 -libvirtd_LDADD = \
25 - ../gnulib/lib/libgnu.la
26 +libvirtd_LDADD =
27
28 if ! WITH_DRIVER_MODULES
29 if WITH_QEMU
30 @@ -223,6 +222,8 @@
31
32 endif # DBUS_INIT_SCRIPTS_RED_HAT
33
34 +libvirtd_LDADD += ../gnulib/lib/libgnu.la
35 +
36 endif # WITH_LIBVIRTD
37
38 CLEANFILES = libvirtd.init
39
40
41
42 1.1 app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch
43
44 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch?rev=1.1&view=markup
45 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch?rev=1.1&content-type=text/plain
46
47 Index: libvirt-0.4.6-add-missing-permission-checks.patch
48 ===================================================================
49 --- libvirt-0.4.6/src/libvirt.c.orig 2008-09-22 09:12:12.000000000 -0400
50 +++ libvirt-0.4.6/src/libvirt.c 2009-01-08 23:11:35.000000000 -0500
51 @@ -2180,6 +2180,16 @@
52 return NULL;
53 }
54
55 + if (domain->conn->flags & VIR_CONNECT_RO) {
56 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
57 + return NULL;
58 + }
59 + if (dconn->flags & VIR_CONNECT_RO) {
60 + /* NB, delibrately report error against source object, not dest here */
61 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
62 + return NULL;
63 + }
64 +
65 /* Check that migration is supported by both drivers. */
66 if (!VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn,
67 VIR_DRV_FEATURE_MIGRATION_V1) ||
68 @@ -2257,6 +2267,11 @@
69 return -1;
70 }
71
72 + if (dconn->flags & VIR_CONNECT_RO) {
73 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
74 + return -1;
75 + }
76 +
77 if (dconn->driver->domainMigratePrepare)
78 return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
79 uri_in, uri_out,
80 @@ -2287,6 +2302,11 @@
81 }
82 conn = domain->conn;
83
84 + if (domain->conn->flags & VIR_CONNECT_RO) {
85 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
86 + return -1;
87 + }
88 +
89 if (conn->driver->domainMigratePerform)
90 return conn->driver->domainMigratePerform (domain, cookie, cookielen,
91 uri,
92 @@ -2314,6 +2334,11 @@
93 return NULL;
94 }
95
96 + if (dconn->flags & VIR_CONNECT_RO) {
97 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
98 + return NULL;
99 + }
100 +
101 if (dconn->driver->domainMigrateFinish)
102 return dconn->driver->domainMigrateFinish (dconn, dname,
103 cookie, cookielen,
104 @@ -2671,6 +2696,11 @@
105 }
106 conn = dom->conn;
107
108 + if (dom->conn->flags & VIR_CONNECT_RO) {
109 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
110 + return (-1);
111 + }
112 +
113 if (!path) {
114 virLibDomainError (dom, VIR_ERR_INVALID_ARG,
115 _("path is NULL"));
116 @@ -2746,6 +2776,11 @@
117 }
118 conn = dom->conn;
119
120 + if (dom->conn->flags & VIR_CONNECT_RO) {
121 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
122 + return (-1);
123 + }
124 +
125 /* Flags must be VIR_MEMORY_VIRTUAL at the moment.
126 *
127 * Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
128 @@ -3013,6 +3048,11 @@
129
130 conn = domain->conn;
131
132 + if (domain->conn->flags & VIR_CONNECT_RO) {
133 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
134 + return (-1);
135 + }
136 +
137 if (conn->driver->domainSetAutostart)
138 return conn->driver->domainSetAutostart (domain, autostart);
139
140 @@ -3963,6 +4003,11 @@
141 return (-1);
142 }
143
144 + if (network->conn->flags & VIR_CONNECT_RO) {
145 + virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
146 + return (-1);
147 + }
148 +
149 conn = network->conn;
150
151 if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
152 @@ -4161,6 +4206,11 @@
153 return NULL;
154 }
155
156 + if (conn->flags & VIR_CONNECT_RO) {
157 + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
158 + return NULL;
159 + }
160 +
161 if (conn->storageDriver && conn->storageDriver->findPoolSources)
162 return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
163
164 @@ -4834,6 +4884,11 @@
165 return (-1);
166 }
167
168 + if (pool->conn->flags & VIR_CONNECT_RO) {
169 + virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
170 + return (-1);
171 + }
172 +
173 conn = pool->conn;
174
175 if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
176
177
178
179 1.1 app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch
180
181 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch?rev=1.1&view=markup
182 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch?rev=1.1&content-type=text/plain
183
184 Index: libvirt-0.5.1-add-missing-permission-checks.patch
185 ===================================================================
186 From: Daniel P. Berrange <berrange@××××××.com>
187 Date: Wed, 17 Dec 2008 16:45:22 +0000 (+0000)
188 Subject: Add missing checks for read-only connection flag (CVE-2008-5086)
189 X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=e87a5440dff8020d7247656368023e1b2d57415c
190
191 Add missing checks for read-only connection flag (CVE-2008-5086)
192 ---
193
194 diff --git a/src/libvirt.c b/src/libvirt.c
195 index a4a0df5..7efe1d0 100644
196 --- a/src/libvirt.c
197 +++ b/src/libvirt.c
198 @@ -2299,6 +2299,16 @@ virDomainMigrate (virDomainPtr domain,
199 return NULL;
200 }
201
202 + if (domain->conn->flags & VIR_CONNECT_RO) {
203 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
204 + return NULL;
205 + }
206 + if (dconn->flags & VIR_CONNECT_RO) {
207 + /* NB, delibrately report error against source object, not dest here */
208 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
209 + return NULL;
210 + }
211 +
212 /* Check that migration is supported by both drivers. */
213 if (VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn,
214 VIR_DRV_FEATURE_MIGRATION_V1) &&
215 @@ -2426,6 +2436,11 @@ virDomainMigratePrepare (virConnectPtr dconn,
216 return -1;
217 }
218
219 + if (dconn->flags & VIR_CONNECT_RO) {
220 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
221 + return -1;
222 + }
223 +
224 if (dconn->driver->domainMigratePrepare)
225 return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
226 uri_in, uri_out,
227 @@ -2457,6 +2472,11 @@ virDomainMigratePerform (virDomainPtr domain,
228 }
229 conn = domain->conn;
230
231 + if (domain->conn->flags & VIR_CONNECT_RO) {
232 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
233 + return -1;
234 + }
235 +
236 if (conn->driver->domainMigratePerform)
237 return conn->driver->domainMigratePerform (domain, cookie, cookielen,
238 uri,
239 @@ -2485,6 +2505,11 @@ virDomainMigrateFinish (virConnectPtr dconn,
240 return NULL;
241 }
242
243 + if (dconn->flags & VIR_CONNECT_RO) {
244 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
245 + return NULL;
246 + }
247 +
248 if (dconn->driver->domainMigrateFinish)
249 return dconn->driver->domainMigrateFinish (dconn, dname,
250 cookie, cookielen,
251 @@ -2517,6 +2542,11 @@ virDomainMigratePrepare2 (virConnectPtr dconn,
252 return -1;
253 }
254
255 + if (dconn->flags & VIR_CONNECT_RO) {
256 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
257 + return -1;
258 + }
259 +
260 if (dconn->driver->domainMigratePrepare2)
261 return dconn->driver->domainMigratePrepare2 (dconn, cookie, cookielen,
262 uri_in, uri_out,
263 @@ -2547,6 +2577,11 @@ virDomainMigrateFinish2 (virConnectPtr dconn,
264 return NULL;
265 }
266
267 + if (dconn->flags & VIR_CONNECT_RO) {
268 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
269 + return NULL;
270 + }
271 +
272 if (dconn->driver->domainMigrateFinish2)
273 return dconn->driver->domainMigrateFinish2 (dconn, dname,
274 cookie, cookielen,
275 @@ -2905,6 +2940,11 @@ virDomainBlockPeek (virDomainPtr dom,
276 }
277 conn = dom->conn;
278
279 + if (dom->conn->flags & VIR_CONNECT_RO) {
280 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
281 + return (-1);
282 + }
283 +
284 if (!path) {
285 virLibDomainError (dom, VIR_ERR_INVALID_ARG,
286 _("path is NULL"));
287 @@ -2980,6 +3020,11 @@ virDomainMemoryPeek (virDomainPtr dom,
288 }
289 conn = dom->conn;
290
291 + if (dom->conn->flags & VIR_CONNECT_RO) {
292 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
293 + return (-1);
294 + }
295 +
296 /* Flags must be VIR_MEMORY_VIRTUAL at the moment.
297 *
298 * Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
299 @@ -3247,6 +3292,11 @@ virDomainSetAutostart(virDomainPtr domain,
300
301 conn = domain->conn;
302
303 + if (domain->conn->flags & VIR_CONNECT_RO) {
304 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
305 + return (-1);
306 + }
307 +
308 if (conn->driver->domainSetAutostart)
309 return conn->driver->domainSetAutostart (domain, autostart);
310
311 @@ -4197,6 +4247,11 @@ virNetworkSetAutostart(virNetworkPtr network,
312 return (-1);
313 }
314
315 + if (network->conn->flags & VIR_CONNECT_RO) {
316 + virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
317 + return (-1);
318 + }
319 +
320 conn = network->conn;
321
322 if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
323 @@ -4395,6 +4450,11 @@ virConnectFindStoragePoolSources(virConnectPtr conn,
324 return NULL;
325 }
326
327 + if (conn->flags & VIR_CONNECT_RO) {
328 + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
329 + return NULL;
330 + }
331 +
332 if (conn->storageDriver && conn->storageDriver->findPoolSources)
333 return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
334
335 @@ -5068,6 +5128,11 @@ virStoragePoolSetAutostart(virStoragePoolPtr pool,
336 return (-1);
337 }
338
339 + if (pool->conn->flags & VIR_CONNECT_RO) {
340 + virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
341 + return (-1);
342 + }
343 +
344 conn = pool->conn;
345
346 if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
Report Message
Find on MARC Find on Google Groups