Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at Thu Mar 24 17:24:07 CET 2011.
-------- --- libvirt/libvirt.changes 2011-02-25 20:42:14.000000000 +0100 +++ /mounts/work_src_done/STABLE/libvirt/libvirt.changes 2011-03-24 11:33:36.000000000 +0100 @@ -1,0 +2,21 @@ +Thu Mar 24 10:23:30 UTC 2011 - [email protected] + +- use %first_lang before changing symlinks, find_lang removes + unsupported languages + +------------------------------------------------------------------- +Tue Mar 15 09:37:20 MDT 2011 - [email protected] + +- VUL-0: libvirt: several API calls do not honour read-only + connection + 71753cb7-CVE-2011-1146.patch + bnc#678406 + +------------------------------------------------------------------- +Mon Mar 7 11:47:17 MST 2011 - [email protected] + +- Add baselibs.conf file to build xxbit packages + for multilib support + bnc#676921 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- 71753cb7-CVE-2011-1146.patch baselibs.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.I1YzDd/_old 2011-03-24 17:23:38.000000000 +0100 +++ /var/tmp/diff_new_pack.I1YzDd/_new 2011-03-24 17:23:38.000000000 +0100 @@ -145,7 +145,7 @@ Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.8.8 -Release: 2 +Release: 3 Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage Requires: %{name}-client = %{version}-%{release} @@ -170,6 +170,7 @@ Source1: libvirtd.init # Upstream patches Patch0: efc2594b-boot-param.patch +Patch1: 71753cb7-CVE-2011-1146.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch102: clone.patch @@ -285,6 +286,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch100 -p1 %patch102 %patch103 -p1 @@ -409,6 +411,8 @@ %if ! %{with_uml} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml %endif +%find_lang %{name} + ln_dupes() { target="" @@ -430,7 +434,6 @@ install %SOURCE1 $RPM_BUILD_ROOT/etc/init.d/libvirtd ln -s /etc/init.d/libvirtd $RPM_BUILD_ROOT/usr/sbin/rclibvirtd ln -s /etc/init.d/libvirt-guests $RPM_BUILD_ROOT/usr/sbin/rclibvirt-guests -%find_lang %{name} %clean rm -rf $RPM_BUILD_ROOT ++++++ 71753cb7-CVE-2011-1146.patch ++++++ commit 71753cb7f7a16ff800381c0b5ee4e99eea92fed3 Author: Guido Günther <[email protected]> Date: Mon Mar 14 10:56:28 2011 +0800 Add missing checks for read only connections As pointed on CVE-2011-1146, some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete * src/libvirt.c: fix the above set of entry points to error on read-only connections Index: libvirt-0.8.8/src/libvirt.c =================================================================== --- libvirt-0.8.8.orig/src/libvirt.c +++ libvirt-0.8.8/src/libvirt.c @@ -3152,6 +3152,10 @@ char *virConnectDomainXMLToNative(virCon virDispatchError(NULL); return NULL; } + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (nativeFormat == NULL || domainXml == NULL) { virLibConnError(VIR_ERR_INVALID_ARG, __FUNCTION__); @@ -9579,6 +9583,11 @@ virNodeDeviceDettach(virNodeDevicePtr de return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceDettach) { int ret; ret = dev->conn->driver->nodeDeviceDettach (dev); @@ -9622,6 +9631,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReAttach) { int ret; ret = dev->conn->driver->nodeDeviceReAttach (dev); @@ -9667,6 +9681,11 @@ virNodeDeviceReset(virNodeDevicePtr dev) return -1; } + if (dev->conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + if (dev->conn->driver->nodeDeviceReset) { int ret; ret = dev->conn->driver->nodeDeviceReset (dev); @@ -12962,6 +12981,10 @@ virDomainRevertToSnapshot(virDomainSnaps } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainRevertToSnapshot) { int ret = conn->driver->domainRevertToSnapshot(snapshot, flags); @@ -13008,6 +13031,10 @@ virDomainSnapshotDelete(virDomainSnapsho } conn = snapshot->domain->conn; + if (conn->flags & VIR_CONNECT_RO) { + virLibConnError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } if (conn->driver->domainSnapshotDelete) { int ret = conn->driver->domainSnapshotDelete(snapshot, flags); ++++++ baselibs.conf ++++++ libvirt-client libvirt-devel ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
