From 818f358ccfc4f9cf12438f8c26b33a31736ad41a Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 7 Oct 2012 19:38:30 -0400 Subject: [PATCH] Rebased to version 0.9.11.6 CVE-2012-4423 Fix null dereference (bz #857135, bz #857133) dnsmasq: avoid forwarding queries without a domain (bz #849787) --- libvirt-lxc-selinux-context-error.patch | 22 ++++++++++++++++++++++ libvirt.spec | 22 ++++++++++++++++------ sources | 2 +- 3 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 libvirt-lxc-selinux-context-error.patch diff --git a/libvirt-lxc-selinux-context-error.patch b/libvirt-lxc-selinux-context-error.patch new file mode 100644 index 0000000..1ecb0ff --- /dev/null +++ b/libvirt-lxc-selinux-context-error.patch @@ -0,0 +1,22 @@ +--- libvirt-0.9.11.5.orig/src/lxc/lxc_container.c 2012-08-12 18:03:58.000000000 -0500 ++++ libvirt-0.9.11.5.orig/src/lxc/lxc_container.c 2012-09-21 07:38:19.000000000 -0500 +@@ -506,7 +506,7 @@ + if (pivotRoot) { + #if HAVE_SELINUX + if (getfilecon("/", &con) < 0 && +- errno != ENOTSUP) { ++ errno != ENOTSUP && errno != ENODATA) { + virReportSystemError(errno, "%s", + _("Failed to query file context on /")); + goto cleanup; +--- libvirt-0.9.11.5.orig/src/lxc/lxc_controller.c 2012-08-12 18:03:58.000000000 -0500 ++++ libvirt-0.9.11.5.orig/src/lxc/lxc_controller.c 2012-09-21 07:20:41.000000000 -0500 +@@ -1480,7 +1480,7 @@ + + #if HAVE_SELINUX + if (getfilecon(root->src, &con) < 0 && +- errno != ENOTSUP) { ++ errno != ENOTSUP && errno != ENODATA) { + virReportSystemError(errno, + _("Failed to query file context on %s"), + root->src); diff --git a/libvirt.spec b/libvirt.spec index 56f9c9e..41e2c2e 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -273,8 +273,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 0.9.11.5 -Release: 3%{?dist}%{?extra_release} +Version: 0.9.11.6 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries @@ -284,16 +284,19 @@ Group: Development/Libraries Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz # Replace fedora-13->pc-0.14 to prep for qemu removal (bz 754772) # keep: keeping this for the lifetime of F17, gone for newer releases -Patch1: %{name}-qemu-replace-deprecated-fedora-13-machine.patch +Patch1: libvirt-qemu-replace-deprecated-fedora-13-machine.patch # Add usbredir spice channel (bz 821469) # keep: fedora feature backport that won't hit 0.9.11 maint -Patch2: %{name}-add-usbredir-spice-channel.patch +Patch2: libvirt-add-usbredir-spice-channel.patch # Add default spice channel (bz 821474) # keep: fedora feature backport that won't hit 0.9.11 maint -Patch3: %{name}-add-default-spice-channel.patch +Patch3: libvirt-add-default-spice-channel.patch # sanlock: Add param to ignore readonly/shared disks (bz 828633) # keep: 0.9.12 feature backport for vdsm, won't hit -maint -Patch4: %{name}-sanlock-readonly-option.patch +Patch4: libvirt-sanlock-readonly-option.patch +# Fix LXC domain startup with selinux=disabled (bz 858104) +# keep: non upstream fix that doesn't apply to git head +Patch5: libvirt-lxc-selinux-context-error.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -765,6 +768,7 @@ of recent versions of Linux (and other OSes). %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %if ! %{with_xen} @@ -1489,6 +1493,12 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd %endif %changelog +* Sun Oct 07 2012 Cole Robinson - 0.9.11.6-1 +- Rebased to version 0.9.11.6 +- Fix LXC domain startup with selinux=disabled (bz #858104) +- CVE-2012-4423 Fix null dereference (bz #857135, bz #857133) +- dnsmasq: avoid forwarding queries without a domain (bz #849787) + * Wed Aug 22 2012 Cole Robinson - 0.9.11.5-3 - Drop bogus daemon dep additions (bz 849159) diff --git a/sources b/sources index e4bac6e..fef1ed7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2df71ddf3090674caacf44efb75131f2 libvirt-0.9.11.5.tar.gz +2b704cb6b82ea9718a5a9c46e9c31629 libvirt-0.9.11.6.tar.gz