Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at Mon Jul 4 09:33:40 CEST 2011.
-------- --- libvirt/libvirt.changes 2011-06-15 23:48:24.000000000 +0200 +++ /mounts/work_src_done/STABLE/libvirt/libvirt.changes 2011-07-02 01:10:36.000000000 +0200 @@ -1,0 +2,19 @@ +Fri Jul 1 10:10:23 MDT 2011 - [email protected] + +- Create qemu user:group if necessary at package installation. + More fallout from bnc#694883 + +------------------------------------------------------------------- +Thu Jun 30 14:48:51 MDT 2011 - [email protected] + +- VUL-0: libvirt: integer overflow in VirDomainGetVcpus + 774b21c1-CVE-2011-2511.patch + bnc#703084 + +------------------------------------------------------------------- +Thu Jun 30 10:44:17 MDT 2011 - [email protected] + +- Enable building libvirt with audit support + bnc#694891 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- 774b21c1-CVE-2011-2511.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.7GCOjd/_old 2011-07-04 09:14:10.000000000 +0200 +++ /var/tmp/diff_new_pack.7GCOjd/_new 2011-07-04 09:14:10.000000000 +0200 @@ -142,6 +142,9 @@ %define with_yajl 0%{!?_without_yajl:%{server_drivers}} %endif +# All supported version of openSUSE/SLE contain audit +%define with_audit 0%{!?_without_audit:1} + # Enable libpcap library %if %{with_qemu} %if 0%{?suse_version} >= 1140 @@ -271,6 +274,9 @@ # For Multipath support BuildRequires: device-mapper-devel %endif +%if %{with_audit} +BuildRequires: audit-devel +%endif Name: libvirt Url: http://libvirt.org/ @@ -278,7 +284,7 @@ Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.9.2 -Release: 1 +Release: 3 Summary: A C toolkit to interract with the virtualization capabilities of Linux # The client side, i.e. shared libs and virsh are in a subpackage @@ -343,6 +349,7 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw # Upstream patches +Patch0: 774b21c1-CVE-2011-2511.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -459,6 +466,7 @@ %prep %setup -q +%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1 @@ -548,6 +556,9 @@ %if ! %{with_polkit} %define _without_polkit --without-polkit %endif +%if ! %{with_audit} +%define _without_audit --without-audit +%endif %if ! %{with_network} %define _without_network --without-network %endif @@ -591,6 +602,7 @@ %{?_without_yajl} \ %{?_without_macvtap} \ %{?_without_polkit} \ + %{?_without_audit} \ %{?_without_network} \ %{?_without_sasl} \ %{?_without_python} \ @@ -694,6 +706,15 @@ > %{_sysconfdir}/libvirt/qemu/networks/default.xml fi %endif +# Create qemu user:group if necessary +if test "%{qemu_user}" = "qemu"; then + %{_bindir}/getent group qemu >/dev/null || \ + %{_sbindir}/groupadd -r qemu 2>/dev/null + %{_bindir}/getent group kvm >/dev/null && group_opts="-G kvm" + %{_bindir}/getent passwd qemu >/dev/null || \ + %{_sbindir}/useradd -r -g qemu $group_opts -d / -s /sbin/nologin \ + -c "qemu user" qemu +fi %if 0%{?sles_version} %{fillup_and_insserv -y libvirtd} %else ++++++ 774b21c1-CVE-2011-2511.patch ++++++ commit 774b21c163845170c9ffa873f5720d318812eaf6 Author: Eric Blake <[email protected]> Date: Fri Jun 24 12:16:05 2011 -0600 remote: protect against integer overflow Integer overflow and remote code are never a nice mix. This has existed since commit 56cd414. * src/libvirt.c (virDomainGetVcpus): Reject overflow up front. * src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow on sending rpc. * daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on receiving rpc. Index: libvirt-0.9.2/daemon/remote.c =================================================================== --- libvirt-0.9.2.orig/daemon/remote.c +++ libvirt-0.9.2/daemon/remote.c @@ -61,6 +61,7 @@ #include "network.h" #include "libvirt/libvirt-qemu.h" #include "command.h" +#include "intprops.h" #define VIR_FROM_THIS VIR_FROM_REMOTE @@ -1074,7 +1075,8 @@ remoteDispatchDomainGetVcpus(struct qemu goto cleanup; } - if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { + if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) || + args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX")); goto cleanup; } Index: libvirt-0.9.2/src/libvirt.c =================================================================== --- libvirt-0.9.2.orig/src/libvirt.c +++ libvirt-0.9.2/src/libvirt.c @@ -39,6 +39,7 @@ #include "util.h" #include "memory.h" #include "configmake.h" +#include "intprops.h" #ifndef WITH_DRIVER_MODULES # ifdef WITH_TEST @@ -6805,8 +6806,8 @@ virDomainGetVcpus(virDomainPtr domain, v /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not try to memcpy anything into a NULL pointer. */ - if ((cpumaps == NULL && maplen != 0) - || (cpumaps && maplen <= 0)) { + if (!cpumaps ? maplen != 0 + : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) { virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); goto error; } Index: libvirt-0.9.2/src/remote/remote_driver.c =================================================================== --- libvirt-0.9.2.orig/src/remote/remote_driver.c +++ libvirt-0.9.2/src/remote/remote_driver.c @@ -84,6 +84,7 @@ #include "ignore-value.h" #include "files.h" #include "command.h" +#include "intprops.h" #define VIR_FROM_THIS VIR_FROM_REMOTE @@ -2032,7 +2033,8 @@ remoteDomainGetVcpus (virDomainPtr domai maxinfo, REMOTE_VCPUINFO_MAX); goto done; } - if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) { + if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) || + maxinfo * maplen > REMOTE_CPUMAPS_MAX) { remoteError(VIR_ERR_RPC, _("vCPU map buffer length exceeds maximum: %d > %d"), maxinfo * maplen, REMOTE_CPUMAPS_MAX); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
