Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2019-06-26 16:02:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Wed Jun 26 16:02:02 2019 rev:286 rq:711170 version:5.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-06-07 12:17:47.376801453 +0200 +++ /work/SRC/openSUSE:Factory/.libvirt.new.4615/libvirt.changes 2019-06-26 16:02:05.019466385 +0200 @@ -1,0 +2,17 @@ +Thu Jun 20 14:55:04 UTC 2019 - Jim Fehlig <[email protected]> + +- api: disallow virConnect*HypervisorCPU, + virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, + and virDomainSaveImageGetXMLDesc on read-only connections + aed6a032-CVE-2019-10161.patch, db0b7845-CVE-2019-10166.patch, + 8afa68ba-CVE-2019-10167.patch, bf6c2830-CVE-2019-10168.patch + CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 + bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 + +------------------------------------------------------------------- +Wed Jun 12 15:03:47 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Drop systemd BuildRequires: there is already pkgconfig(systemd) + present, which is the same package. + +------------------------------------------------------------------- New: ---- 8afa68ba-CVE-2019-10167.patch aed6a032-CVE-2019-10161.patch bf6c2830-CVE-2019-10168.patch db0b7845-CVE-2019-10166.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.87FfPF/_old 2019-06-26 16:02:06.043467802 +0200 +++ /var/tmp/diff_new_pack.87FfPF/_new 2019-06-26 16:02:06.047467807 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -221,7 +221,6 @@ BuildRequires: libtool # Needed for virkmodtest in 'make check' BuildRequires: modutils -BuildRequires: systemd BuildRequires: pkgconfig(systemd) %if %{with_libxl} BuildRequires: xen-devel @@ -337,6 +336,10 @@ Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches +Patch0: aed6a032-CVE-2019-10161.patch +Patch1: db0b7845-CVE-2019-10166.patch +Patch2: 8afa68ba-CVE-2019-10167.patch +Patch3: bf6c2830-CVE-2019-10168.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -869,6 +872,10 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 ++++++ 8afa68ba-CVE-2019-10167.patch ++++++ commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26 Author: Ján Tomko <[email protected]> Date: Fri Jun 14 09:16:14 2019 +0200 api: disallow virConnectGetDomainCapabilities on read-only connections This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: Ján Tomko <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Index: libvirt-5.4.0/src/libvirt-domain.c =================================================================== --- libvirt-5.4.0.orig/src/libvirt-domain.c +++ libvirt-5.4.0/src/libvirt-domain.c @@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConne virResetLastError(); virCheckConnectReturn(conn, NULL); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectGetDomainCapabilities) { char *ret; ++++++ aed6a032-CVE-2019-10161.patch ++++++ commit aed6a032cead4386472afb24b16196579e239580 Author: Ján Tomko <[email protected]> Date: Fri Jun 14 08:47:42 2019 +0200 api: disallow virDomainSaveImageGetXMLDesc on read-only connections The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: Matthias Gerstner <[email protected]> Signed-off-by: Ján Tomko <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Index: libvirt-5.4.0/src/libvirt-domain.c =================================================================== --- libvirt-5.4.0.orig/src/libvirt-domain.c +++ libvirt-5.4.0/src/libvirt-domain.c @@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn * previously by virDomainSave() or virDomainSaveFlags(). * * No security-sensitive data will be included unless @flags contains - * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only - * connections. + * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE. * * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of * error. The caller must free() the returned value. @@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP virCheckConnectReturn(conn, NULL); virCheckNonNullArgGoto(file, error); - - if ((conn->flags & VIR_CONNECT_RO) && - (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) { - virReportError(VIR_ERR_OPERATION_DENIED, "%s", - _("virDomainSaveImageGetXMLDesc with secure flag")); - goto error; - } + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->domainSaveImageGetXMLDesc) { char *ret; Index: libvirt-5.4.0/src/qemu/qemu_driver.c =================================================================== --- libvirt-5.4.0.orig/src/qemu/qemu_driver.c +++ libvirt-5.4.0/src/qemu/qemu_driver.c @@ -7038,7 +7038,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect if (fd < 0) goto cleanup; - if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) + if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) goto cleanup; ret = qemuDomainDefFormatXML(driver, def, flags); Index: libvirt-5.4.0/src/remote/remote_protocol.x =================================================================== --- libvirt-5.4.0.orig/src/remote/remote_protocol.x +++ libvirt-5.4.0/src/remote/remote_protocol.x @@ -5242,8 +5242,7 @@ enum remote_procedure { /** * @generate: both * @priority: high - * @acl: domain:read - * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE + * @acl: domain:write */ REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, ++++++ bf6c2830-CVE-2019-10168.patch ++++++ commit bf6c2830b6c338b1f5699b095df36f374777b291 Author: Ján Tomko <[email protected]> Date: Fri Jun 14 09:17:39 2019 +0200 api: disallow virConnect*HypervisorCPU on read-only connections These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: Ján Tomko <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Index: libvirt-5.4.0/src/libvirt-host.c =================================================================== --- libvirt-5.4.0.orig/src/libvirt-host.c +++ libvirt-5.4.0/src/libvirt-host.c @@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR); virCheckNonNullArgGoto(xmlCPU, error); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectCompareHypervisorCPU) { int ret; @@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne virCheckConnectReturn(conn, NULL); virCheckNonNullArgGoto(xmlCPUs, error); + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->connectBaselineHypervisorCPU) { char *cpu; ++++++ db0b7845-CVE-2019-10166.patch ++++++ commit db0b78457f183e4c7ac45bc94de86044a1e2056a Author: Ján Tomko <[email protected]> Date: Fri Jun 14 09:14:53 2019 +0200 api: disallow virDomainManagedSaveDefineXML on read-only connections The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: Matthias Gerstner <[email protected]> Signed-off-by: Ján Tomko <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Index: libvirt-5.4.0/src/libvirt-domain.c =================================================================== --- libvirt-5.4.0.orig/src/libvirt-domain.c +++ libvirt-5.4.0/src/libvirt-domain.c @@ -9563,6 +9563,7 @@ virDomainManagedSaveDefineXML(virDomainP virCheckDomainReturn(domain, -1); conn = domain->conn; + virCheckReadOnlyGoto(conn->flags, error); if (conn->driver->domainManagedSaveDefineXML) { int ret;
