1 |
commit: 376e22508ab65ce5ebe3e1f1b977d013a860f84e |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jun 30 17:59:59 2016 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jun 30 18:02:30 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=376e2250 |
7 |
|
8 |
app-emulation/libvirt: Apply upstream patch for CVE-2016-5008, bug #587570 |
9 |
|
10 |
Package-Manager: portage-2.2.28 |
11 |
|
12 |
.../files/libvirt-1.3.5-CVE-2016-5008.patch | 72 ++++++++++++++++++++++ |
13 |
...ibvirt-1.3.5.ebuild => libvirt-1.3.5-r1.ebuild} | 3 +- |
14 |
2 files changed, 74 insertions(+), 1 deletion(-) |
15 |
|
16 |
diff --git a/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch b/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch |
17 |
new file mode 100644 |
18 |
index 0000000..a47b408 |
19 |
--- /dev/null |
20 |
+++ b/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch |
21 |
@@ -0,0 +1,72 @@ |
22 |
+From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001 |
23 |
+From: Jiri Denemark <jdenemar@××××××.com> |
24 |
+Date: Tue, 28 Jun 2016 14:39:58 +0200 |
25 |
+Subject: [PATCH] qemu: Let empty default VNC password work as documented |
26 |
+ |
27 |
+CVE-2016-5008 |
28 |
+ |
29 |
+Setting an empty graphics password is documented as a way to disable |
30 |
+VNC/SPICE access, but QEMU does not always behaves like that. VNC would |
31 |
+happily accept the empty password. Let's enforce the behavior by setting |
32 |
+password expiration to "now". |
33 |
+ |
34 |
+https://bugzilla.redhat.com/show_bug.cgi?id=1180092 |
35 |
+ |
36 |
+Signed-off-by: Jiri Denemark <jdenemar@××××××.com> |
37 |
+--- |
38 |
+ src/qemu/qemu_hotplug.c | 14 +++++++------- |
39 |
+ 1 file changed, 7 insertions(+), 7 deletions(-) |
40 |
+ |
41 |
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c |
42 |
+index e0b8230..bf6430d 100644 |
43 |
+--- a/src/qemu/qemu_hotplug.c |
44 |
++++ b/src/qemu/qemu_hotplug.c |
45 |
+@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
46 |
+ time_t now = time(NULL); |
47 |
+ char expire_time [64]; |
48 |
+ const char *connected = NULL; |
49 |
++ const char *password; |
50 |
+ int ret = -1; |
51 |
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); |
52 |
+ |
53 |
+@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
54 |
+ ret = 0; |
55 |
+ goto cleanup; |
56 |
+ } |
57 |
++ password = auth->passwd ? auth->passwd : defaultPasswd; |
58 |
+ |
59 |
+ if (auth->connected) |
60 |
+ connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); |
61 |
+ |
62 |
+ if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) |
63 |
+ goto cleanup; |
64 |
+- ret = qemuMonitorSetPassword(priv->mon, |
65 |
+- type, |
66 |
+- auth->passwd ? auth->passwd : defaultPasswd, |
67 |
+- connected); |
68 |
++ ret = qemuMonitorSetPassword(priv->mon, type, password, connected); |
69 |
+ |
70 |
+ if (ret == -2) { |
71 |
+ if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { |
72 |
+@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, |
73 |
+ _("Graphics password only supported for VNC")); |
74 |
+ ret = -1; |
75 |
+ } else { |
76 |
+- ret = qemuMonitorSetVNCPassword(priv->mon, |
77 |
+- auth->passwd ? auth->passwd : defaultPasswd); |
78 |
++ ret = qemuMonitorSetVNCPassword(priv->mon, password); |
79 |
+ } |
80 |
+ } |
81 |
+ if (ret != 0) |
82 |
+ goto end_job; |
83 |
+ |
84 |
+- if (auth->expires) { |
85 |
++ if (password[0] == '\0') { |
86 |
++ snprintf(expire_time, sizeof(expire_time), "now"); |
87 |
++ } else if (auth->expires) { |
88 |
+ time_t lifetime = auth->validTo - now; |
89 |
+ if (lifetime <= 0) |
90 |
+ snprintf(expire_time, sizeof(expire_time), "now"); |
91 |
+-- |
92 |
+2.7.3 |
93 |
+ |
94 |
|
95 |
diff --git a/app-emulation/libvirt/libvirt-1.3.5.ebuild b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild |
96 |
similarity index 99% |
97 |
rename from app-emulation/libvirt/libvirt-1.3.5.ebuild |
98 |
rename to app-emulation/libvirt/libvirt-1.3.5-r1.ebuild |
99 |
index dc601a4..dcff0fd 100644 |
100 |
--- a/app-emulation/libvirt/libvirt-1.3.5.ebuild |
101 |
+++ b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild |
102 |
@@ -222,7 +222,8 @@ src_prepare() { |
103 |
"${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ |
104 |
"${FILESDIR}"/${PN}-1.3.1-fix_paths_for_apparmor.patch \ |
105 |
"${FILESDIR}"/${PN}-1.2.21-avoid_deprecated_pc_file.patch \ |
106 |
- "${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch |
107 |
+ "${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch \ |
108 |
+ "${FILESDIR}"/${P}-CVE-2016-5008.patch |
109 |
|
110 |
[[ -n ${BACKPORTS} ]] && |
111 |
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ |