[meta-virtualization][dunfell][PATCH 1/3] libvirt: Security fix for CVE-2020-10701

Thu, 16 Sep 2021 14:23:13 -0700 

From: Armin Kuster <[email protected]>

Source:  https://libvirt.org/git/libvirt.git
MR: 110898
Type: Security Fix
Disposition: Backport from 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913
ChangeID: 73bff4861d76b0674547ead4d4b251b60705bb8c
Description:

Affect libvirt < 6.2.0

Signed-off-by: Armin Kuster <[email protected]>
---
 .../libvirt/libvirt/CVE-2020-10701.patch      | 39 +++++++++++++++++++
 recipes-extended/libvirt/libvirt_6.1.0.bb     |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 recipes-extended/libvirt/libvirt/CVE-2020-10701.patch

diff --git a/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch 
b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
new file mode 100644
index 0000000..453b02b
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
@@ -0,0 +1,39 @@
+From 4cc90c2e62df653e909ad31fd810224bf8bcf913 Mon Sep 17 00:00:00 2001
+From: Jonathon Jongsma <[email protected]>
+Date: Fri, 20 Mar 2020 09:43:13 -0500
+Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only
+ connections
+
+This function changes the amount of time that libvirt waits for a
+response from the guest agent for all guest agent commands. Since this
+is a configuration change, it should not be allowed on read-only
+connections.
+
+Signed-off-by: Jonathon Jongsma <[email protected]>
+Reviewed-by: Daniel Henrique Barboza <[email protected]>
+Reviewed-by: Michal Privoznik <[email protected]>
+
+Upstream-Status: Backport
+CVE: CVE-2020-10701 
+Signed-off-by: Armin Kuster <[email protected]>
+
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 65813b68cc..a12809c2d5 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -12576,6 +12576,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
+     virCheckDomainReturn(domain, -1);
+     conn = domain->conn;
+ 
++    virCheckReadOnlyGoto(conn->flags, error);
++
+     if (conn->driver->domainAgentSetResponseTimeout) {
+         if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, 
flags) < 0)
+             goto error;
+-- 
+2.25.1
+
diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb 
b/recipes-extended/libvirt/libvirt_6.1.0.bb
index f301a0e..0146c6c 100644
--- a/recipes-extended/libvirt/libvirt_6.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -40,6 +40,7 @@ SRC_URI = 
"http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
            file://0001-build-drop-unnecessary-libgnu.la-reference.patch \
            file://hook_support.py \
            file://gnutls-helper.py \
+           file://CVE-2020-10701.patch \
           "
 
 SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6780): 
https://lists.yoctoproject.org/g/meta-virtualization/message/6780
Mute This Topic: https://lists.yoctoproject.org/mt/85662543/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to