diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-08 07:58:45 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-05 12:18:12 +0000 |
commit | a882568554dd0e1848d1891e7756d5d036ab516a (patch) | |
tree | 694567452d81ea9224ec1632a10b543fb67a2079 | |
parent | 30e6eb8fa7fd4faaf222021010b41379f502a70d (diff) | |
download | aports-a882568554dd0e1848d1891e7756d5d036ab516a.tar.bz2 aports-a882568554dd0e1848d1891e7756d5d036ab516a.tar.xz |
main/qemu: security fix for CVE-2015-4037
fixes #4326
-rw-r--r-- | main/qemu/APKBUILD | 6 | ||||
-rw-r--r-- | main/qemu/CVE-2015-4037.patch | 50 |
2 files changed, 55 insertions, 1 deletions
diff --git a/main/qemu/APKBUILD b/main/qemu/APKBUILD index c6a53d1176..28806bda51 100644 --- a/main/qemu/APKBUILD +++ b/main/qemu/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=qemu pkgver=2.1.3 -pkgrel=0 +pkgrel=1 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="http://qemu.org/" arch="all" @@ -80,6 +80,7 @@ source="http://wiki.qemu-project.org/download/qemu-$pkgver.tar.bz2 CVE-2014-9718.patch CVE-2015-1779.patch CVE-2015-3456.patch + CVE-2015-4037.patch qemu-guest-agent.confd qemu-guest-agent.initd @@ -244,6 +245,7 @@ bc5f2e41ed3b6d6d30b672adab82e3e1 musl-F_SHLCK-and-F_EXLCK.patch 822717a977a9d82d63da00512713f50e CVE-2014-9718.patch 59314f55d3f1d7fd25b1d42ca8ab950a CVE-2015-1779.patch 5e8a68940c4e0267e795a6ddd144e00e CVE-2015-3456.patch +97045abdf8d0543691e52f9fdf0c8d52 CVE-2015-4037.patch 1663bc6977f6886a58394155b1bf3676 qemu-guest-agent.confd 2035cd781ea810e94bda250c609d8d90 qemu-guest-agent.initd 66660f143235201249dc0648b39b86ee 80-kvm.rules" @@ -255,6 +257,7 @@ de64781b2ef71e53c94f3f411bc26ad39e2b6cb581217dbb2739c251e253996f CVE-2014-8106. 87165dd0fa774b8a61bd9d10c1929d43ddf7213790644e57433cf74c1fb66664 CVE-2014-9718.patch bcebf2169983511edde1a884cdbf11115ed5422cd971d815d60a0754c253c8a5 CVE-2015-1779.patch de69a47daf292fd0cc01c925a23c9fadbac0fb60c322bf89260cccceb47ca204 CVE-2015-3456.patch +6bb3f4bb71716bdde8ff417b76ceb4cee336ae93a65b2ae1db15406f382c0299 CVE-2015-4037.patch d84e53a94584f37f3bd1b21f44077b5de0d07094c6729f26ae20ab1f7b9cc298 qemu-guest-agent.confd 982fa8ba67c728405305e4cf5a36a41a780b3d1f388ebd6377e7964c271a1c92 qemu-guest-agent.initd 37f666f1cdb7d8a62171de69b531681dcb0fba74236729dac8b6c019232eba84 80-kvm.rules" @@ -266,6 +269,7 @@ afa6643a1a474a609f2c7446c3cf13cd89ecc3a6a0192ba967503a569512ad043f6e6fbaef1e5cc6 4b0e6e3e335d1fc0b43740946cba423f663b5ac5076f03d65b0d2f19ef9fef2b1b6fadfd085a6828eb77f86d97161e2f8db32d001166fb0d55a8b5d141a13513 CVE-2014-9718.patch 7b6c7ec5db298655ceb02ab977eec681e41c925e5f2e79d600197cbf6ec7a6088980f843c5b1d2488026ca921f7e6f8dd7f1b56b512d6d0cef0ac26dda3f3129 CVE-2015-1779.patch 81485e26e30314b075a154cbce841fa3b803b70d8539a5ce00e57ec2020ab801d88c35631805811d003505dfd1909a5b70307fdbd8a192986f53143669465bd8 CVE-2015-3456.patch +8dc68c2f511a28b0c1896b89922fab8e31dea4eefe18a69e6c068dd799cfc5a5a8b2ed8c3f5d17584932ddb9a2bf72d72fdaaf19c2129babf9a8e8f4ce150659 CVE-2015-4037.patch d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 761b4e2397569dae45ae3bb9e46e28746275297f629af9e9065525497fd26a48b65d8abcf4282727afd35309e338967acf6a1b14c3169577bdc16c1f42e618b3 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules" diff --git a/main/qemu/CVE-2015-4037.patch b/main/qemu/CVE-2015-4037.patch new file mode 100644 index 0000000000..fb36234531 --- /dev/null +++ b/main/qemu/CVE-2015-4037.patch @@ -0,0 +1,50 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Thu, 28 May 2015 14:12:26 +0300 +Subject: [PATCH] slirp: use less predictable directory name in /tmp for smb + config (CVE-2015-4037) + +In this version I used mkdtemp(3) which is: + + _BSD_SOURCE + || /* Since glibc 2.10: */ + (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700) + +(POSIX.1-2008), so should be available on systems we care about. + +While at it, reset the resulting directory name within smb structure +on error so cleanup function wont try to remove directory which we +failed to create. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> +Reviewed-by: Markus Armbruster <armbru@redhat.com> +(cherry picked from commit 8b8f1c7e9ddb2e88a144638f6527bf70e32343e3) +--- + net/slirp.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/net/slirp.c b/net/slirp.c +index 9bbed74..3090c10 100644 +--- a/net/slirp.c ++++ b/net/slirp.c +@@ -481,7 +481,6 @@ static void slirp_smb_cleanup(SlirpState *s) + static int slirp_smb(SlirpState* s, const char *exported_dir, + struct in_addr vserver_addr) + { +- static int instance; + char smb_conf[128]; + char smb_cmdline[128]; + struct passwd *passwd; +@@ -505,10 +504,10 @@ static int slirp_smb(SlirpState* s, const char *exported_dir, + return -1; + } + +- snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d", +- (long)getpid(), instance++); +- if (mkdir(s->smb_dir, 0700) < 0) { ++ snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.XXXXXX"); ++ if (!mkdtemp(s->smb_dir)) { + error_report("could not create samba server dir '%s'", s->smb_dir); ++ s->smb_dir[0] = 0; + return -1; + } + snprintf(smb_conf, sizeof(smb_conf), "%s/%s", s->smb_dir, "smb.conf"); |