1 |
marineam 09/01/09 04:31:31 |
2 |
|
3 |
Added: libvirt-0.5.1-libgnu-reposition.patch |
4 |
libvirt-0.4.6-add-missing-permission-checks.patch |
5 |
libvirt-0.5.1-add-missing-permission-checks.patch |
6 |
Log: |
7 |
Bump libvirt to 0.5.1 and fix CVE-2008-5086 |
8 |
(Portage version: 2.1.6.4/cvs/Linux 2.6.28-00001-g607f448 x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-libgnu-reposition.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: libvirt-0.5.1-libgnu-reposition.patch |
17 |
=================================================================== |
18 |
--- libvirt-0.5.1/qemud/Makefile.am.orig 2009-01-08 22:47:27.000000000 -0500 |
19 |
+++ libvirt-0.5.1/qemud/Makefile.am 2009-01-08 22:55:17.000000000 -0500 |
20 |
@@ -87,8 +87,7 @@ |
21 |
$(COVERAGE_LDFLAGS) \ |
22 |
$(POLKIT_LIBS) |
23 |
|
24 |
-libvirtd_LDADD = \ |
25 |
- ../gnulib/lib/libgnu.la |
26 |
+libvirtd_LDADD = |
27 |
|
28 |
if ! WITH_DRIVER_MODULES |
29 |
if WITH_QEMU |
30 |
@@ -223,6 +222,8 @@ |
31 |
|
32 |
endif # DBUS_INIT_SCRIPTS_RED_HAT |
33 |
|
34 |
+libvirtd_LDADD += ../gnulib/lib/libgnu.la |
35 |
+ |
36 |
endif # WITH_LIBVIRTD |
37 |
|
38 |
CLEANFILES = libvirtd.init |
39 |
|
40 |
|
41 |
|
42 |
1.1 app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch |
43 |
|
44 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.4.6-add-missing-permission-checks.patch?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: libvirt-0.4.6-add-missing-permission-checks.patch |
48 |
=================================================================== |
49 |
--- libvirt-0.4.6/src/libvirt.c.orig 2008-09-22 09:12:12.000000000 -0400 |
50 |
+++ libvirt-0.4.6/src/libvirt.c 2009-01-08 23:11:35.000000000 -0500 |
51 |
@@ -2180,6 +2180,16 @@ |
52 |
return NULL; |
53 |
} |
54 |
|
55 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
56 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
57 |
+ return NULL; |
58 |
+ } |
59 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
60 |
+ /* NB, delibrately report error against source object, not dest here */ |
61 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
62 |
+ return NULL; |
63 |
+ } |
64 |
+ |
65 |
/* Check that migration is supported by both drivers. */ |
66 |
if (!VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn, |
67 |
VIR_DRV_FEATURE_MIGRATION_V1) || |
68 |
@@ -2257,6 +2267,11 @@ |
69 |
return -1; |
70 |
} |
71 |
|
72 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
73 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
74 |
+ return -1; |
75 |
+ } |
76 |
+ |
77 |
if (dconn->driver->domainMigratePrepare) |
78 |
return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen, |
79 |
uri_in, uri_out, |
80 |
@@ -2287,6 +2302,11 @@ |
81 |
} |
82 |
conn = domain->conn; |
83 |
|
84 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
85 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
86 |
+ return -1; |
87 |
+ } |
88 |
+ |
89 |
if (conn->driver->domainMigratePerform) |
90 |
return conn->driver->domainMigratePerform (domain, cookie, cookielen, |
91 |
uri, |
92 |
@@ -2314,6 +2334,11 @@ |
93 |
return NULL; |
94 |
} |
95 |
|
96 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
97 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
98 |
+ return NULL; |
99 |
+ } |
100 |
+ |
101 |
if (dconn->driver->domainMigrateFinish) |
102 |
return dconn->driver->domainMigrateFinish (dconn, dname, |
103 |
cookie, cookielen, |
104 |
@@ -2671,6 +2696,11 @@ |
105 |
} |
106 |
conn = dom->conn; |
107 |
|
108 |
+ if (dom->conn->flags & VIR_CONNECT_RO) { |
109 |
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
110 |
+ return (-1); |
111 |
+ } |
112 |
+ |
113 |
if (!path) { |
114 |
virLibDomainError (dom, VIR_ERR_INVALID_ARG, |
115 |
_("path is NULL")); |
116 |
@@ -2746,6 +2776,11 @@ |
117 |
} |
118 |
conn = dom->conn; |
119 |
|
120 |
+ if (dom->conn->flags & VIR_CONNECT_RO) { |
121 |
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
122 |
+ return (-1); |
123 |
+ } |
124 |
+ |
125 |
/* Flags must be VIR_MEMORY_VIRTUAL at the moment. |
126 |
* |
127 |
* Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is |
128 |
@@ -3013,6 +3048,11 @@ |
129 |
|
130 |
conn = domain->conn; |
131 |
|
132 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
133 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
134 |
+ return (-1); |
135 |
+ } |
136 |
+ |
137 |
if (conn->driver->domainSetAutostart) |
138 |
return conn->driver->domainSetAutostart (domain, autostart); |
139 |
|
140 |
@@ -3963,6 +4003,11 @@ |
141 |
return (-1); |
142 |
} |
143 |
|
144 |
+ if (network->conn->flags & VIR_CONNECT_RO) { |
145 |
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
146 |
+ return (-1); |
147 |
+ } |
148 |
+ |
149 |
conn = network->conn; |
150 |
|
151 |
if (conn->networkDriver && conn->networkDriver->networkSetAutostart) |
152 |
@@ -4161,6 +4206,11 @@ |
153 |
return NULL; |
154 |
} |
155 |
|
156 |
+ if (conn->flags & VIR_CONNECT_RO) { |
157 |
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
158 |
+ return NULL; |
159 |
+ } |
160 |
+ |
161 |
if (conn->storageDriver && conn->storageDriver->findPoolSources) |
162 |
return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags); |
163 |
|
164 |
@@ -4834,6 +4884,11 @@ |
165 |
return (-1); |
166 |
} |
167 |
|
168 |
+ if (pool->conn->flags & VIR_CONNECT_RO) { |
169 |
+ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
170 |
+ return (-1); |
171 |
+ } |
172 |
+ |
173 |
conn = pool->conn; |
174 |
|
175 |
if (conn->storageDriver && conn->storageDriver->poolSetAutostart) |
176 |
|
177 |
|
178 |
|
179 |
1.1 app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch |
180 |
|
181 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch?rev=1.1&view=markup |
182 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/libvirt/files/libvirt-0.5.1-add-missing-permission-checks.patch?rev=1.1&content-type=text/plain |
183 |
|
184 |
Index: libvirt-0.5.1-add-missing-permission-checks.patch |
185 |
=================================================================== |
186 |
From: Daniel P. Berrange <berrange@××××××.com> |
187 |
Date: Wed, 17 Dec 2008 16:45:22 +0000 (+0000) |
188 |
Subject: Add missing checks for read-only connection flag (CVE-2008-5086) |
189 |
X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=e87a5440dff8020d7247656368023e1b2d57415c |
190 |
|
191 |
Add missing checks for read-only connection flag (CVE-2008-5086) |
192 |
--- |
193 |
|
194 |
diff --git a/src/libvirt.c b/src/libvirt.c |
195 |
index a4a0df5..7efe1d0 100644 |
196 |
--- a/src/libvirt.c |
197 |
+++ b/src/libvirt.c |
198 |
@@ -2299,6 +2299,16 @@ virDomainMigrate (virDomainPtr domain, |
199 |
return NULL; |
200 |
} |
201 |
|
202 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
203 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
204 |
+ return NULL; |
205 |
+ } |
206 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
207 |
+ /* NB, delibrately report error against source object, not dest here */ |
208 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
209 |
+ return NULL; |
210 |
+ } |
211 |
+ |
212 |
/* Check that migration is supported by both drivers. */ |
213 |
if (VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn, |
214 |
VIR_DRV_FEATURE_MIGRATION_V1) && |
215 |
@@ -2426,6 +2436,11 @@ virDomainMigratePrepare (virConnectPtr dconn, |
216 |
return -1; |
217 |
} |
218 |
|
219 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
220 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
221 |
+ return -1; |
222 |
+ } |
223 |
+ |
224 |
if (dconn->driver->domainMigratePrepare) |
225 |
return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen, |
226 |
uri_in, uri_out, |
227 |
@@ -2457,6 +2472,11 @@ virDomainMigratePerform (virDomainPtr domain, |
228 |
} |
229 |
conn = domain->conn; |
230 |
|
231 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
232 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
233 |
+ return -1; |
234 |
+ } |
235 |
+ |
236 |
if (conn->driver->domainMigratePerform) |
237 |
return conn->driver->domainMigratePerform (domain, cookie, cookielen, |
238 |
uri, |
239 |
@@ -2485,6 +2505,11 @@ virDomainMigrateFinish (virConnectPtr dconn, |
240 |
return NULL; |
241 |
} |
242 |
|
243 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
244 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
245 |
+ return NULL; |
246 |
+ } |
247 |
+ |
248 |
if (dconn->driver->domainMigrateFinish) |
249 |
return dconn->driver->domainMigrateFinish (dconn, dname, |
250 |
cookie, cookielen, |
251 |
@@ -2517,6 +2542,11 @@ virDomainMigratePrepare2 (virConnectPtr dconn, |
252 |
return -1; |
253 |
} |
254 |
|
255 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
256 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
257 |
+ return -1; |
258 |
+ } |
259 |
+ |
260 |
if (dconn->driver->domainMigratePrepare2) |
261 |
return dconn->driver->domainMigratePrepare2 (dconn, cookie, cookielen, |
262 |
uri_in, uri_out, |
263 |
@@ -2547,6 +2577,11 @@ virDomainMigrateFinish2 (virConnectPtr dconn, |
264 |
return NULL; |
265 |
} |
266 |
|
267 |
+ if (dconn->flags & VIR_CONNECT_RO) { |
268 |
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
269 |
+ return NULL; |
270 |
+ } |
271 |
+ |
272 |
if (dconn->driver->domainMigrateFinish2) |
273 |
return dconn->driver->domainMigrateFinish2 (dconn, dname, |
274 |
cookie, cookielen, |
275 |
@@ -2905,6 +2940,11 @@ virDomainBlockPeek (virDomainPtr dom, |
276 |
} |
277 |
conn = dom->conn; |
278 |
|
279 |
+ if (dom->conn->flags & VIR_CONNECT_RO) { |
280 |
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
281 |
+ return (-1); |
282 |
+ } |
283 |
+ |
284 |
if (!path) { |
285 |
virLibDomainError (dom, VIR_ERR_INVALID_ARG, |
286 |
_("path is NULL")); |
287 |
@@ -2980,6 +3020,11 @@ virDomainMemoryPeek (virDomainPtr dom, |
288 |
} |
289 |
conn = dom->conn; |
290 |
|
291 |
+ if (dom->conn->flags & VIR_CONNECT_RO) { |
292 |
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
293 |
+ return (-1); |
294 |
+ } |
295 |
+ |
296 |
/* Flags must be VIR_MEMORY_VIRTUAL at the moment. |
297 |
* |
298 |
* Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is |
299 |
@@ -3247,6 +3292,11 @@ virDomainSetAutostart(virDomainPtr domain, |
300 |
|
301 |
conn = domain->conn; |
302 |
|
303 |
+ if (domain->conn->flags & VIR_CONNECT_RO) { |
304 |
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
305 |
+ return (-1); |
306 |
+ } |
307 |
+ |
308 |
if (conn->driver->domainSetAutostart) |
309 |
return conn->driver->domainSetAutostart (domain, autostart); |
310 |
|
311 |
@@ -4197,6 +4247,11 @@ virNetworkSetAutostart(virNetworkPtr network, |
312 |
return (-1); |
313 |
} |
314 |
|
315 |
+ if (network->conn->flags & VIR_CONNECT_RO) { |
316 |
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
317 |
+ return (-1); |
318 |
+ } |
319 |
+ |
320 |
conn = network->conn; |
321 |
|
322 |
if (conn->networkDriver && conn->networkDriver->networkSetAutostart) |
323 |
@@ -4395,6 +4450,11 @@ virConnectFindStoragePoolSources(virConnectPtr conn, |
324 |
return NULL; |
325 |
} |
326 |
|
327 |
+ if (conn->flags & VIR_CONNECT_RO) { |
328 |
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
329 |
+ return NULL; |
330 |
+ } |
331 |
+ |
332 |
if (conn->storageDriver && conn->storageDriver->findPoolSources) |
333 |
return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags); |
334 |
|
335 |
@@ -5068,6 +5128,11 @@ virStoragePoolSetAutostart(virStoragePoolPtr pool, |
336 |
return (-1); |
337 |
} |
338 |
|
339 |
+ if (pool->conn->flags & VIR_CONNECT_RO) { |
340 |
+ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__); |
341 |
+ return (-1); |
342 |
+ } |
343 |
+ |
344 |
conn = pool->conn; |
345 |
|
346 |
if (conn->storageDriver && conn->storageDriver->poolSetAutostart) |