Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2013-07-25 14:34:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2013-07-21 08:10:59.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes 2013-07-25 14:34:57.000000000 +0200 @@ -1,0 +2,11 @@ +Mon Jul 22 10:39:01 MDT 2013 - [email protected] + +- CVE-2013-4153: Fix double free of returned JSON array in + qemuAgentGetVCPUs() + dfc69235-CVE-2013-4153.patch +- CVE-2013-4154: Prevent crash of libvirtd without guest agent + configuration + 96518d43-CVE-2013-4154.patch + bnc#830498 + +------------------------------------------------------------------- New: ---- 96518d43-CVE-2013-4154.patch dfc69235-CVE-2013-4153.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.rHI9Ui/_old 2013-07-25 14:34:58.000000000 +0200 +++ /var/tmp/diff_new_pack.rHI9Ui/_new 2013-07-25 14:34:58.000000000 +0200 @@ -406,6 +406,8 @@ # Upstream patches Patch0: f38c8185-CVE-2013-2230.patch Patch1: fd2e3c4c-xen-sysctl-domctl.patch +Patch2: dfc69235-CVE-2013-4153.patch +Patch3: 96518d43-CVE-2013-4154.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -453,6 +455,7 @@ copy of the libvirt.org website documentation. %if %{with_libvirtd} + %package daemon Summary: Server side daemon and supporting files for libvirt library Group: Development/Libraries/C and C++ @@ -541,6 +544,7 @@ for specific drivers. %if %{with_nwfilter} + %package daemon-config-nwfilter Summary: Network filter configuration files for the libvirtd Group: Development/Libraries/C and C++ @@ -554,6 +558,7 @@ %if %{with_driver_modules} %if %{with_network} + %package daemon-driver-network Summary: Network driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -566,6 +571,7 @@ %endif %if %{with_nwfilter} + %package daemon-driver-nwfilter Summary: A nwfilter driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -578,6 +584,7 @@ %endif %if %{with_nodedev} + %package daemon-driver-nodedev Summary: Nodedev driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -590,6 +597,7 @@ %endif %if %{with_interface} + %package daemon-driver-interface Summary: Interface driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -611,6 +619,7 @@ an implementation of the secret key APIs. %if %{with_storage} + %package daemon-driver-storage Summary: Storage driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -623,6 +632,7 @@ %endif %if %{with_qemu} + %package daemon-driver-qemu Summary: Qemu driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -636,6 +646,7 @@ %endif %if %{with_lxc} + %package daemon-driver-lxc Summary: LXC driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -650,6 +661,7 @@ %endif %if %{with_uml} + %package daemon-driver-uml Summary: Uml driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -662,6 +674,7 @@ %endif %if %{with_xen} + %package daemon-driver-xen Summary: Xen driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -673,6 +686,7 @@ %endif %if %{with_vbox} + %package daemon-driver-vbox Summary: VirtualBox driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -685,6 +699,7 @@ %endif %if %{with_libxl} + %package daemon-driver-libxl Summary: Libxl driver plugin for the libvirtd daemon Group: Development/Libraries/C and C++ @@ -697,6 +712,7 @@ %endif # with_driver_modules %if %{with_qemu} + %package daemon-qemu Summary: Server side daemon & driver required to run QEMU guests Group: Development/Libraries/C and C++ @@ -721,6 +737,7 @@ %endif %if %{with_lxc} + %package daemon-lxc Summary: Server side daemon & driver required to run LXC guests Group: Development/Libraries/C and C++ @@ -744,6 +761,7 @@ %endif %if %{with_uml} + %package daemon-uml Summary: Server side daemon & driver required to run UML guests Group: Development/Libraries/C and C++ @@ -767,6 +785,7 @@ %endif %if %{with_xen} || %{with_libxl} + %package daemon-xen Summary: Server side daemon & driver required to run XEN guests Group: Development/Libraries/C and C++ @@ -796,6 +815,7 @@ %endif %if %{with_vbox} + %package daemon-vbox Summary: Server side daemon & driver required to run VirtualBox guests Group: Development/Libraries/C and C++ @@ -856,6 +876,7 @@ %if %{with_sanlock} + %package lock-sanlock Summary: Sanlock lock manager plugin for QEMU driver Group: Development/Libraries/C and C++ @@ -870,6 +891,7 @@ %endif %if %{with_python} + %package python Summary: Python bindings for the libvirt library Group: Development/Libraries/C and C++ @@ -887,6 +909,8 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %patch100 -p1 %patch101 %patch102 -p1 @@ -1236,6 +1260,7 @@ rm -rf $RPM_BUILD_ROOT %if %{with_libvirtd} + %pre daemon %if %{with_systemd} %service_add_pre libvirtd.service @@ -1314,6 +1339,7 @@ %doc %{_docdir}/%{name}/libvirt.README %if %{with_libvirtd} + %files daemon %defattr(-, root, root) %{_sbindir}/libvirtd @@ -1418,12 +1444,14 @@ %if %{with_driver_modules} %if %{with_nwfilter} + %files daemon-config-nwfilter %defattr(-, root, root) %{_sysconfdir}/libvirt/nwfilter/*.xml %endif %if %{with_interface} + %files daemon-driver-interface %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1431,6 +1459,7 @@ %endif %if %{with_network} + %files daemon-driver-network %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1438,6 +1467,7 @@ %endif %if %{with_nodedev} + %files daemon-driver-nodedev %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1445,6 +1475,7 @@ %endif %if %{with_nwfilter} + %files daemon-driver-nwfilter %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1457,6 +1488,7 @@ %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so %if %{with_storage} + %files daemon-driver-storage %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1464,6 +1496,7 @@ %endif %if %{with_qemu} + %files daemon-driver-qemu %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1471,6 +1504,7 @@ %endif %if %{with_lxc} + %files daemon-driver-lxc %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1478,6 +1512,7 @@ %endif %if %{with_uml} + %files daemon-driver-uml %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1485,6 +1520,7 @@ %endif %if %{with_xen} + %files daemon-driver-xen %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1492,6 +1528,7 @@ %endif %if %{with_libxl} + %files daemon-driver-libxl %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver @@ -1499,6 +1536,7 @@ %endif %if %{with_vbox} + %files daemon-driver-vbox %defattr(-, root, root) %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so @@ -1506,30 +1544,35 @@ %endif # with_driver_modules %if %{with_qemu} + %files daemon-qemu %defattr(-, root, root) %doc %{_docdir}/%{name}/libvirt-daemon-qemu.README %endif %if %{with_lxc} + %files daemon-lxc %defattr(-, root, root) %doc %{_docdir}/%{name}/libvirt-daemon-lxc.README %endif %if %{with_uml} + %files daemon-uml %defattr(-, root, root) %doc %{_docdir}/%{name}/libvirt-daemon-uml.README %endif %if %{with_xen} || %{with_libxl} + %files daemon-xen %defattr(-, root, root) %doc %{_docdir}/%{name}/libvirt-daemon-xen.README %endif %if %{with_vbox} + %files daemon-vbox %defattr(-, root, root) %doc %{_docdir}/%{name}/libvirt-daemon-vbox.README @@ -1608,6 +1651,7 @@ %doc %{_datadir}/gtk-doc/html/libvirt/* %if %{with_sanlock} + %files lock-sanlock %defattr(-, root, root) %doc %{_mandir}/man8/virt-sanlock-cleanup.8* @@ -1627,6 +1671,7 @@ %endif %if %{with_python} + %files python %defattr(-, root, root) %{py_sitedir}/libvirt.py* ++++++ 96518d43-CVE-2013-4154.patch ++++++ commit 96518d4316b711c72205117f8d5c967d5127bbb6 Author: Alex Jia <[email protected]> Date: Tue Jul 16 17:30:20 2013 +0800 qemu: Prevent crash of libvirtd without guest agent configuration If users haven't configured guest agent then qemuAgentCommand() will dereference a NULL 'mon' pointer, which causes crash of libvirtd when using agent based cpu (un)plug. With the patch, when the qemu-ga service isn't running in the guest, a expected error "error: Guest agent is not responding: Guest agent not available for now" will be raised, and the error "error: argument unsupported: QEMU guest agent is not configured" is raised when the guest hasn't configured guest agent. GDB backtrace: (gdb) bt #0 virNetServerFatalSignal (sig=11, siginfo=<value optimized out>, context=<value optimized out>) at rpc/virnetserver.c:326 #1 <signal handler called> #2 qemuAgentCommand (mon=0x0, cmd=0x7f39300017b0, reply=0x7f394b090910, seconds=-2) at qemu/qemu_agent.c:975 #3 0x00007f39429507f6 in qemuAgentGetVCPUs (mon=0x0, info=0x7f394b0909b8) at qemu/qemu_agent.c:1475 #4 0x00007f39429d9857 in qemuDomainGetVcpusFlags (dom=<value optimized out>, flags=9) at qemu/qemu_driver.c:4849 #5 0x00007f3957dffd8d in virDomainGetVcpusFlags (domain=0x7f39300009c0, flags=8) at libvirt.c:9843 How to reproduce? # To start a guest without guest agent configuration # then run the following cmdline # virsh vcpucount foobar --guest error: End of file while reading data: Input/output error error: One or more references were leaked after disconnect from the hypervisor error: Failed to reconnect to the hypervisor RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=984821 Signed-off-by: Alex Jia <[email protected]> Signed-off-by: Peter Krempa <[email protected]> Index: libvirt-1.1.0/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.0.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.0/src/qemu/qemu_driver.c @@ -3963,6 +3963,19 @@ qemuDomainSetVcpusFlags(virDomainPtr dom goto endjob; } + if (priv->agentError) { + virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s", + _("QEMU guest agent is not " + "available due to an error")); + goto endjob; + } + + if (!priv->agent) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("QEMU guest agent is not configured")); + goto endjob; + } + qemuDomainObjEnterAgent(vm); ncpuinfo = qemuAgentGetVCPUs(priv->agent, &cpuinfo); qemuDomainObjExitAgent(vm); @@ -4685,6 +4698,19 @@ qemuDomainGetVcpusFlags(virDomainPtr dom if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) goto cleanup; + if (priv->agentError) { + virReportError(VIR_ERR_AGENT_UNRESPONSIVE, "%s", + _("QEMU guest agent is not " + "available due to an error")); + goto endjob; + } + + if (!priv->agent) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("QEMU guest agent is not configured")); + goto endjob; + } + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); ++++++ dfc69235-CVE-2013-4153.patch ++++++ commit dfc692350a04a70b4ca65667c30869b3bfdaf034 Author: Peter Krempa <[email protected]> Date: Tue Jul 16 15:39:06 2013 +0200 qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs() A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval. # virsh vcpucount dom --guest Introduced in v1.0.6-48-gc6afcb0 Index: libvirt-1.1.0/src/qemu/qemu_agent.c =================================================================== --- libvirt-1.1.0.orig/src/qemu/qemu_agent.c +++ libvirt-1.1.0/src/qemu/qemu_agent.c @@ -1538,7 +1538,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon, cleanup: virJSONValueFree(cmd); virJSONValueFree(reply); - virJSONValueFree(data); return ret; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
