merged to thud. Bruce
On Sat, Jun 1, 2019 at 1:15 AM Armin Kuster <[email protected]> wrote: > > From: Armin Kuster <[email protected]> > > Source: https://libvirt.org > MR: 97512 > Type: Security Fix > Disposition: Backport from > https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377 > ChangeID: 6c662c67dd3cf6e0eba493b7b619db35f2e07d93 > Description: > > Fixes CVE-2019-3840 > > Signed-off-by: Armin Kuster <[email protected]> > --- > .../libvirt/libvirt/CVE-2019-3840.patch | 39 > ++++++++++++++++++++++ > recipes-extended/libvirt/libvirt_4.7.0.bb | 1 + > 2 files changed, 40 insertions(+) > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-3840.patch > > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch > new file mode 100644 > index 0000000..8cca821 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch > @@ -0,0 +1,39 @@ > +From 9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377 Mon Sep 17 00:00:00 2001 > +From: John Ferlan <[email protected]> > +Date: Fri, 7 Sep 2018 16:01:27 -0400 > +Subject: [PATCH] qemu: Remove duplicated qemuAgentCheckError > + > +Commit 5b3492fadb moved qemuAgentCheckError calls into > +qemuAgentCommand for various reasons; however, subsequent > +commit 0977b8aa0 adding a new command made call again > +So let's just remove the duplicitous call from > +qemuAgentGetInterfaces. > + > +Signed-off-by: John Ferlan <[email protected]> > +ACKed-by: Michal Privoznik <[email protected]> > + > +Upstream-Status: Backport > +CVE: CVE-2019-3840 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/qemu/qemu_agent.c | 5 ++--- > + 1 file changed, 2 insertions(+), 3 deletions(-) > + > +Index: libvirt-4.7.0/src/qemu/qemu_agent.c > +=================================================================== > +--- libvirt-4.7.0.orig/src/qemu/qemu_agent.c > ++++ libvirt-4.7.0/src/qemu/qemu_agent.c > +@@ -1987,10 +1987,9 @@ qemuAgentGetInterfaces(qemuAgentPtr mon, > + if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL))) > + goto cleanup; > + > +- if (qemuAgentCommand(mon, cmd, &reply, false, > VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 || > +- qemuAgentCheckError(cmd, reply) < 0) { > ++ if (qemuAgentCommand(mon, cmd, &reply, false, > ++ VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0) > + goto cleanup; > +- } > + > + if (!(ret_array = virJSONValueObjectGet(reply, "return"))) { > + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", > diff --git a/recipes-extended/libvirt/libvirt_4.7.0.bb > b/recipes-extended/libvirt/libvirt_4.7.0.bb > index 5136798..270dc72 100644 > --- a/recipes-extended/libvirt/libvirt_4.7.0.bb > +++ b/recipes-extended/libvirt/libvirt_4.7.0.bb > @@ -36,6 +36,7 @@ SRC_URI = > "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > > file://0001-ptest-Remove-Windows-1252-check-from-esxutilstest.patch \ > file://configure.ac-search-for-rpc-rpc.h-in-the-sysroot.patch \ > file://lxc_monitor-Avoid-AB-BA-lock-race.patch \ > + file://CVE-2019-3840.patch \ > " > > SRC_URI[libvirt.md5sum] = "38da6c33250dcbc0a6d68de5c758262b" > -- > 2.7.4 > > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
