Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock X-Debbugs-Cc: [email protected] Control: affects -1 + src:libvirt
Please unblock package libvirt [ Reason ] Fix CVE-2023-2700. [ Impact ] Fix CVE-2023-2700. [ Tests ] I haven't found tests covering this specific functionality. However, the change is part of libvirt 9.3.0, which is already in Debian experimental as well as other distributions such as Fedora, and to the best of my knowledge no issues with it have been reported. [ Risks ] The change has already been reviewed and accepted upstream. The function being patched hasn't changed between 9.0.0 and 9.3.0, so the backport was a clean one. I have reviewed the changes again in the context of the Debian package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] N/A unblock libvirt/9.0.0-4
diff -Nru libvirt-9.0.0/debian/changelog libvirt-9.0.0/debian/changelog --- libvirt-9.0.0/debian/changelog 2023-04-15 18:27:51.000000000 +0200 +++ libvirt-9.0.0/debian/changelog 2023-05-21 11:31:31.000000000 +0200 @@ -1,3 +1,11 @@ +libvirt (9.0.0-4) unstable; urgency=medium + + * [79f6669] patches: Add backports + - backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch + - Fixes CVE-2023-2700 (Closes: #1036297) + + -- Andrea Bolognani <[email protected]> Sun, 21 May 2023 11:31:31 +0200 + libvirt (9.0.0-3) unstable; urgency=medium * [56bee71] patches: Add backports diff -Nru libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch --- libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch 2023-05-21 11:31:31.000000000 +0200 @@ -0,0 +1,53 @@ +From: Tim Shearer <[email protected]> +Date: Mon, 1 May 2023 13:15:48 +0000 +Subject: virpci: Resolve leak in virPCIVirtualFunctionList cleanup +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Repeatedly querying an SR-IOV PCI device's capabilities exposes a +memory leak caused by a failure to free the virPCIVirtualFunction +array within the parent struct's g_autoptr cleanup. + +Valgrind output after getting a single interface's XML description +1000 times: + +==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635 +==325982== at 0x4C3C096: realloc (vg_replace_malloc.c:1437) +==325982== by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4) +==325982== by 0x4EE1F52: virReallocN (viralloc.c:52) +==325982== by 0x4EE1FB7: virExpandN (viralloc.c:78) +==325982== by 0x4EE219A: virInsertElementInternal (viralloc.c:183) +==325982== by 0x4EE23B2: virAppendElement (viralloc.c:288) +==325982== by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389) +==325982== by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256) +==325982== by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969) +==325982== by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099) +==325982== by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677) +==325982== by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355) + +Signed-off-by: Tim Shearer <[email protected]> +Reviewed-by: Ján Tomko <[email protected]> +(cherry picked from commit 6425a311b8ad19d6f9c0b315bf1d722551ea3585) + +https://bugs.debian.org/1036297 +https://security-tracker.debian.org/tracker/CVE-2023-2700 + +Forwarded: not-needed +Origin: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 +--- + src/util/virpci.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/util/virpci.c b/src/util/virpci.c +index 7800966..a44f70f 100644 +--- a/src/util/virpci.c ++++ b/src/util/virpci.c +@@ -2253,6 +2253,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list) + g_free(list->functions[i].ifname); + } + ++ g_free(list->functions); + g_free(list); + } + diff -Nru libvirt-9.0.0/debian/patches/series libvirt-9.0.0/debian/patches/series --- libvirt-9.0.0/debian/patches/series 2023-04-15 18:27:51.000000000 +0200 +++ libvirt-9.0.0/debian/patches/series 2023-05-21 11:31:31.000000000 +0200 @@ -9,6 +9,7 @@ backport/rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch backport/conf-Fix-migration-in-some-firmware-autoselection-scenari.patch +backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch forward/Skip-vircgrouptest.patch forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch forward/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
