diff --git a/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch b/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch deleted file mode 100644 index ffc9d63..0000000 --- a/0001-network-prevent-dnsmasq-from-listening-on-localhost.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 9eb2b573253626c8c9329140d4ce2043863e417b Mon Sep 17 00:00:00 2001 -Message-Id: <9eb2b573253626c8c9329140d4ce2043863e417b.1355686333.git.crobinso@redhat.com> -From: Laine Stump -Date: Thu, 13 Dec 2012 01:46:40 -0500 -Subject: [PATCH] network: prevent dnsmasq from listening on localhost - -This patch resolves the problem reported in: - - https://bugzilla.redhat.com/show_bug.cgi?id=886663 - -The source of the problem was the fix for CVE 2011-3411: - - https://bugzilla.redhat.com/show_bug.cgi?id=833033 - -which was originally committed upstream in commit -753ff83a50263d6975f88d6605d4b5ddfcc97560. That commit improperly -removed the "--except-interface lo" from dnsmasq commandlines when ---bind-dynamic was used (based on comments in the latter bug). - -It turns out that the problem reported in the CVE could be eliminated -without removing "--except-interface lo", and removing it actually -caused each instance of dnsmasq to listen on localhost on port 53, -which created a new problem: - -If another instance of dnsmasq using "bind-interfaces" (instead of -"bind-dynamic") had already been started (or if another instance -started later used "bind-dynamic"), this wouldn't have any immediately -visible ill effects, but if you tried to start another dnsmasq -instance using "bind-interfaces" *after* starting any libvirt -networks, the new dnsmasq would fail to start, because there was -already another process listening on port 53. - -This patch changes the network driver to *always* add -"except-interface=lo" to dnsmasq conf files, regardless of whether we use -bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances -are listening on localhost (and the CVE is still fixed). - -The actual code change is miniscule, but must be propogated through all -of the test files as well. - -(This is *not* a cherry-pick of the upstream commit that fixes the bug -(commit d66eb7866757dd371560c288dc6201fb9348792a), because subsequent -to the CVE fix, another patch changed the network driver to put -dnsmasq options in a conf file rather than directly on the dnsmasq -commandline preserving the same options), so a cherry-pick is just one -very large conflict.) - -diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c -index 8010797..6053770 100644 ---- a/src/network/bridge_driver.c -+++ b/src/network/bridge_driver.c -@@ -510,6 +510,9 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, - /* *no* conf file */ - virCommandAddArg(cmd, "--conf-file="); - -+ /* dnsmasq will *always* listen on localhost unless told otherwise */ -+ virCommandAddArgList(cmd, "--except-interface", "lo", NULL); -+ - if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC)) { - /* using --bind-dynamic with only --interface (no - * --listen-address) prevents dnsmasq from responding to dns -@@ -523,10 +526,7 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, - "--interface", network->def->bridge, - NULL); - } else { -- virCommandAddArgList(cmd, -- "--bind-interfaces", -- "--except-interface", "lo", -- NULL); -+ virCommandAddArg(cmd, "--bind-interfaces"); - /* - * --interface does not actually work with dnsmasq < 2.47, - * due to DAD for ipv6 addresses on the interface. -diff --git a/tests/networkxml2argvdata/isolated-network.argv b/tests/networkxml2argvdata/isolated-network.argv -index d629192..d91c730 100644 ---- a/tests/networkxml2argvdata/isolated-network.argv -+++ b/tests/networkxml2argvdata/isolated-network.argv -@@ -1,6 +1,6 @@ - @DNSMASQ@ --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-interfaces --except-interface lo \ -+--except-interface lo --bind-interfaces \ - --listen-address 192.168.152.1 \ - --dhcp-option=3 --no-resolv \ - --dhcp-range 192.168.152.2,192.168.152.254 \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv b/tests/networkxml2argvdata/nat-network-dns-hosts.argv -index e5143ac..431e987 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --domain=example.com \ - --local=/example.com/ --domain-needed \ - --conf-file= \ ----bind-dynamic --interface virbr0 \ -+--except-interface lo --bind-dynamic --interface virbr0 \ - --expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\ -diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -index c38b954..9c26f32 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -@@ -1,7 +1,7 @@ - @DNSMASQ@ \ - --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-interfaces --except-interface lo \ -+--except-interface lo --bind-interfaces \ - --listen-address 192.168.122.1 \ - --listen-address 192.168.123.1 \ - --listen-address fc00:db8:ac10:fe01::1 \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -index 311b0d7..ff9c223 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -@@ -1,7 +1,7 @@ - @DNSMASQ@ \ - --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-dynamic --interface virbr0 \ -+--except-interface lo --bind-dynamic --interface virbr0 \ - --srv-host=name.tcp.test-domain-name,.,1024,10,10 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -index cbdf50d..2b133ff 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -@@ -1,6 +1,6 @@ - @DNSMASQ@ --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-dynamic --interface virbr0 \ -+--except-interface lo --bind-dynamic --interface virbr0 \ - --txt-record=example,example value \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ -diff --git a/tests/networkxml2argvdata/nat-network.argv b/tests/networkxml2argvdata/nat-network.argv -index 967ca94..1a771d0 100644 ---- a/tests/networkxml2argvdata/nat-network.argv -+++ b/tests/networkxml2argvdata/nat-network.argv -@@ -1,6 +1,6 @@ - @DNSMASQ@ --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-dynamic --interface virbr0 \ -+--except-interface lo --bind-dynamic --interface virbr0 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ - --dhcp-lease-max=253 --dhcp-no-override \ -diff --git a/tests/networkxml2argvdata/netboot-network.argv b/tests/networkxml2argvdata/netboot-network.argv -index bcd6fad..9f8d114 100644 ---- a/tests/networkxml2argvdata/netboot-network.argv -+++ b/tests/networkxml2argvdata/netboot-network.argv -@@ -1,6 +1,6 @@ - @DNSMASQ@ --strict-order --domain=example.com \ - --local=/example.com/ --domain-needed --conf-file= \ ----bind-interfaces --except-interface lo --listen-address 192.168.122.1 \ -+--except-interface lo --bind-interfaces --listen-address 192.168.122.1 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ - --dhcp-lease-max=253 --dhcp-no-override --expand-hosts --enable-tftp \ -diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv b/tests/networkxml2argvdata/netboot-proxy-network.argv -index 8c5ef9b..90a31e2 100644 ---- a/tests/networkxml2argvdata/netboot-proxy-network.argv -+++ b/tests/networkxml2argvdata/netboot-proxy-network.argv -@@ -1,6 +1,6 @@ - @DNSMASQ@ --strict-order --domain=example.com \ - --local=/example.com/ --domain-needed --conf-file= \ ----bind-interfaces --except-interface lo \ -+--except-interface lo --bind-interfaces \ - --listen-address 192.168.122.1 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ -diff --git a/tests/networkxml2argvdata/routed-network.argv b/tests/networkxml2argvdata/routed-network.argv -index eacdf2d..862013e 100644 ---- a/tests/networkxml2argvdata/routed-network.argv -+++ b/tests/networkxml2argvdata/routed-network.argv -@@ -1,3 +1,3 @@ - @DNSMASQ@ --strict-order \ - --local=// --domain-needed --conf-file= \ ----bind-dynamic --interface virbr1\ -+--except-interface lo --bind-dynamic --interface virbr1\ --- -1.8.0.2 - diff --git a/libvirt.spec b/libvirt.spec index 4d529fa..32788fe 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -273,8 +273,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 0.9.11.8 -Release: 2%{?dist}%{?extra_release} +Version: 0.9.11.9 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries @@ -297,8 +297,6 @@ Patch4: libvirt-sanlock-readonly-option.patch # Fix LXC domain startup with selinux=disabled (bz 858104) # keep: non upstream fix that doesn't apply to git head Patch5: libvirt-lxc-selinux-context-error.patch -# Fix conflict with NM launched dnsmasq (bz 886663) -Patch6: 0001-network-prevent-dnsmasq-from-listening-on-localhost.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -771,7 +769,6 @@ of recent versions of Linux (and other OSes). %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 %build %if ! %{with_xen} @@ -1503,6 +1500,11 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd %endif %changelog +* Mon Jan 28 2013 Cole Robinson - 0.9.11.9-1 +- Rebased to version 0.9.11.9 +- CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz + #905173) + * Sun Dec 16 2012 Cole Robinson - 0.9.11.8-2 - Fix conflict with NM launched dnsmasq (bz #886663) diff --git a/sources b/sources index dbe98ad..8bf6ea5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -46d9ac88d4113acd061d77d71b863f1e libvirt-0.9.11.8.tar.gz +620b442e58655894b8f74467c6fa885a libvirt-0.9.11.9.tar.gz