rpms
/
libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe

remotes/origin/f14
Laine Stump 2011-04-05 13:01:30 -04:00
parent 47e1b69fe8
commit 638904efc6
3 changed files with 1179 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
libvirt-0.8.3-avoid-resetting-errors.patch Normal file
View File

@ -0,0 +1,51 @@
From 452bf160e5bbe0789d706fda95f5919551eb2cac Mon Sep 17 00:00:00 2001
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 25 Mar 2011 16:45:45 +0100
Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
https://bugzilla.redhat.com/show_bug.cgi?id=690733
Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
*Free) is called before remoteDispatchConnError() is called on error.
However, the patch missed two instances.
(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
---
daemon/remote.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index a8258ca..7464957 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -4547,12 +4547,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
ret->names.names_len =
virStoragePoolListVolumes (pool,
ret->names.names_val, args->maxnames);
- virStoragePoolFree(pool);
if (ret->names.names_len == -1) {
VIR_FREE(ret->names.names_val);
remoteDispatchConnError(rerr, conn);
+ virStoragePoolFree(pool);
return -1;
}
+ virStoragePoolFree(pool);
return 0;
}
@@ -4576,11 +4577,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
}
ret->num = virStoragePoolNumOfVolumes (pool);
- virStoragePoolFree(pool);
if (ret->num == -1) {
remoteDispatchConnError(rerr, conn);
+ virStoragePoolFree(pool);
return -1;
}
+ virStoragePoolFree(pool);
return 0;
}
--
1.7.3.4

1118
libvirt-0.8.3-threadsafe-libvirtd-error-reporting.patch Normal file
View File

File diff suppressed because it is too large Load Diff

11
libvirt.spec
View File

@ -185,7 +185,7 @@
Summary: Library providing a simple API virtualization Summary: Library providing a simple API virtualization
Name: libvirt Name: libvirt
Version: 0.8.3 Version: 0.8.3
Release: 7%{?dist}%{?extra_release} Release: 8%{?dist}%{?extra_release}
License: LGPLv2+ License: LGPLv2+
Group: Development/Libraries Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
@ -193,6 +193,9 @@ Patch1: %{name}-%{version}-boot-menu.patch
Patch2: %{name}-%{version}-octal-addresses.patch Patch2: %{name}-%{version}-octal-addresses.patch
Patch3: %{name}-%{version}-read-only-checks.patch Patch3: %{name}-%{version}-read-only-checks.patch
Patch4: %{name}-%{version}-fix-var-lib-libvirt-permissions.patch Patch4: %{name}-%{version}-fix-var-lib-libvirt-permissions.patch
# Patches 5, 6 CVE-2011-1486
Patch5: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
Patch6: %{name}-%{version}-avoid-resetting-errors.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/ URL: http://libvirt.org/
@ -433,6 +436,8 @@ of recent versions of Linux (and other OSes).
%patch2 -p1 %patch2 -p1
%patch3 -p0 %patch3 -p0
%patch4 -p1 %patch4 -p1
%patch5 -p1
%patch6 -p1
%build %build
%if ! %{with_xen} %if ! %{with_xen}
@ -923,6 +928,10 @@ fi
%endif %endif
%changelog %changelog
* Tue Apr 5 2011 Laine Stump <laine@redhat.com> 0.8.2-8
- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
bug 693457
* Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.3-7 * Mon Apr 4 2011 Laine Stump <laine@redhat.com> 0.8.3-7
- fix permissions on /var/lib/libvirt - fix permissions on /var/lib/libvirt