[gentoo-commits] gentoo-x86 commit in app-emulation/libvirt/files: libvirt-1.0.6-virinterface-udev-backend-ro.patch libvirt-1.0.6-CVE-2013-2218.patch - gentoo-commits

From:	"Doug Goldstein (cardoe)" <cardoe@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-emulation/libvirt/files: libvirt-1.0.6-virinterface-udev-backend-ro.patch libvirt-1.0.6-CVE-2013-2218.patch
Date:	Mon, 01 Jul 2013 14:07:48
Message-Id:	`20130701140741.599072171C@flycatcher.gentoo.org`

1

cardoe      13/07/01 14:07:41

2

3

  Added:                libvirt-1.0.6-virinterface-udev-backend-ro.patch

4

                        libvirt-1.0.6-CVE-2013-2218.patch

5

  Log:

6

  Fix for CVE-2013-2218 and virInterface should work read-only when using udev backend.

7

8

  (Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!)

9

10

Revision  Changes    Path

11

1.1                  app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch?rev=1.1&content-type=text/plain

15

16

Index: libvirt-1.0.6-virinterface-udev-backend-ro.patch

17

===================================================================

18

commit 027a7707bea5ba455212715278e3ae486f97eacb

19

Author: Doug Goldstein <cardoe@××××××.com>

20

Date:   Thu Jun 27 20:43:00 2013 -0500

21

22

    Allow RO connections to interface udev backend

23

24

    The udev based interface backend did not allow querying data over a

25

    read-only connection which is different than how the netcf backend

26

    operates. This brings the behavior inline with the default, netcf

27

    backend.

28

29

diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c

30

index 68e1e2f..95034bf 100644

31

--- a/src/interface/interface_backend_udev.c

32

+++ b/src/interface/interface_backend_udev.c

33

@@ -139,7 +139,7 @@ udevInterfaceOpen(virConnectPtr conn,

34

{

35

     struct udev_iface_driver *driverState = NULL;

36

37

-    virCheckFlags(0, VIR_DRV_OPEN_ERROR);

38

+    virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);

39

40

     if (VIR_ALLOC(driverState) < 0) {

41

         virReportOOMError();

1.1                  app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch

46

47

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch?rev=1.1&view=markup

48

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch?rev=1.1&content-type=text/plain

49

50

Index: libvirt-1.0.6-CVE-2013-2218.patch

51

===================================================================

52

From: "Daniel P. Berrange" <berrange@××××××.com>

53

Date: Fri, 28 Jun 2013 10:48:37 +0100

54

Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with

55

 filters

56

57

The virConnectListAllInterfaces method has a double-free of the

58

'struct netcf_if' object when any of the filtering flags cause

59

an interface to be skipped over. For example when running the

60

command 'virsh iface-list --inactive'

61

62

This is a regression introduced in release 1.0.6 by

63

64

  commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f

65

  Author: Guannan Ren <gren@××××××.com>

66

  Date:   Tue May 21 21:29:38 2013 +0800

67

68

    interface: list all interfaces with flags == 0

69

70

Signed-off-by: Daniel P. Berrange <berrange@××××××.com>

71

---

72

 src/interface/interface_backend_netcf.c | 1 +

73

 1 file changed, 1 insertion(+)

74

75

diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c

76

index a995816..9aa673d 100644

77

--- a/src/interface/interface_backend_netcf.c

78

+++ b/src/interface/interface_backend_netcf.c

79

@@ -412,6 +412,7 @@ netcfConnectListAllInterfaces(virConnectPtr conn,

80

               (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&

81

                (status & NETCF_IFACE_INACTIVE)))) {

82

             ncf_if_free(iface);

83

+            iface = NULL;

84

             continue;

85

}

86

87

--

88

1.8.2.1

1	cardoe 13/07/01 14:07:41
2
3	Added: libvirt-1.0.6-virinterface-udev-backend-ro.patch
4	libvirt-1.0.6-CVE-2013-2218.patch
5	Log:
6	Fix for CVE-2013-2218 and virInterface should work read-only when using udev backend.
7
8	(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!)
9
10	Revision Changes Path
11	1.1 app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-virinterface-udev-backend-ro.patch?rev=1.1&content-type=text/plain
15
16	Index: libvirt-1.0.6-virinterface-udev-backend-ro.patch
17	===================================================================
18	commit 027a7707bea5ba455212715278e3ae486f97eacb
19	Author: Doug Goldstein <cardoe@××××××.com>
20	Date: Thu Jun 27 20:43:00 2013 -0500
21
22	Allow RO connections to interface udev backend
23
24	The udev based interface backend did not allow querying data over a
25	read-only connection which is different than how the netcf backend
26	operates. This brings the behavior inline with the default, netcf
27	backend.
28
29	diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
30	index 68e1e2f..95034bf 100644
31	--- a/src/interface/interface_backend_udev.c
32	+++ b/src/interface/interface_backend_udev.c
33	@@ -139,7 +139,7 @@ udevInterfaceOpen(virConnectPtr conn,
34	{
35	struct udev_iface_driver *driverState = NULL;
36
37	- virCheckFlags(0, VIR_DRV_OPEN_ERROR);
38	+ virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
39
40	if (VIR_ALLOC(driverState) < 0) {
41	virReportOOMError();
42
43
44
45	1.1 app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch
46
47	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch?rev=1.1&view=markup
48	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/libvirt/files/libvirt-1.0.6-CVE-2013-2218.patch?rev=1.1&content-type=text/plain
49
50	Index: libvirt-1.0.6-CVE-2013-2218.patch
51	===================================================================
52	From: "Daniel P. Berrange" <berrange@××××××.com>
53	Date: Fri, 28 Jun 2013 10:48:37 +0100
54	Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
55	filters
56
57	The virConnectListAllInterfaces method has a double-free of the
58	'struct netcf_if' object when any of the filtering flags cause
59	an interface to be skipped over. For example when running the
60	command 'virsh iface-list --inactive'
61
62	This is a regression introduced in release 1.0.6 by
63
64	commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f
65	Author: Guannan Ren <gren@××××××.com>
66	Date: Tue May 21 21:29:38 2013 +0800
67
68	interface: list all interfaces with flags == 0
69
70	Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
71	---
72	src/interface/interface_backend_netcf.c \| 1 +
73	1 file changed, 1 insertion(+)
74
75	diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c
76	index a995816..9aa673d 100644
77	--- a/src/interface/interface_backend_netcf.c
78	+++ b/src/interface/interface_backend_netcf.c
79	@@ -412,6 +412,7 @@ netcfConnectListAllInterfaces(virConnectPtr conn,
80	(MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&
81	(status & NETCF_IFACE_INACTIVE)))) {
82	ncf_if_free(iface);
83	+ iface = NULL;
84	continue;
85	}
86
87	--
88	1.8.2.1

Gentoo Archives: gentoo-commits