diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-08-01 14:34:09 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-08-02 11:43:37 +0000 |
commit | 0b2c0b7464ec1f08d031a6736dfd33bcb4dba7a1 (patch) | |
tree | b0eaf65099cfe16891028e221e01594a8ca643d1 | |
parent | 45b50551b412535424ba22a25a31ad09f47919b0 (diff) | |
download | aports-0b2c0b7464ec1f08d031a6736dfd33bcb4dba7a1.tar.bz2 aports-0b2c0b7464ec1f08d031a6736dfd33bcb4dba7a1.tar.xz |
main/libvirt: security fix (CVE-2016-5008). Fixes #5878
(cherry picked from commit fe21e87ffd9382eed66543f8c2d0f740878849d7)
-rw-r--r-- | main/libvirt/APKBUILD | 12 | ||||
-rw-r--r-- | main/libvirt/CVE-2016-5008.patch | 72 |
2 files changed, 80 insertions, 4 deletions
diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD index 03af77aeb1..7e3f1966f1 100644 --- a/main/libvirt/APKBUILD +++ b/main/libvirt/APKBUILD @@ -2,7 +2,7 @@ pkgname=libvirt pkgver=1.2.11 _ver="${pkgver/_rc/-rc}" -pkgrel=0 +pkgrel=2 pkgdesc="A virtualization API for several hypervisor and container systems" url="http://libvirt.org/" arch="all" @@ -26,6 +26,7 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz libvirt.confd libvirt.initd musl-fix-includes.patch + CVE-2016-5008.patch " if [ "$CARCH" = "x86_64" ]; then @@ -169,12 +170,15 @@ _common_drivers() { md5sums="616ad039f212c02f7e055c5cf28c0a76 libvirt-1.2.11.tar.gz 1c84a7baeafe0a7f4e9d7ae5180311b7 libvirt.confd d897df38c7e7fa1a297aa551108633c9 libvirt.initd -9da7723b114b2d87558e92828366fbcb musl-fix-includes.patch" +9da7723b114b2d87558e92828366fbcb musl-fix-includes.patch +989f7e79636e863e3db5203ec8bac39b CVE-2016-5008.patch" sha256sums="1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc libvirt-1.2.11.tar.gz 851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1 libvirt.confd e9fad203434ffaa6afe524e42a9fb6594edad61cb02b1ca60a68d1a7fe0c31ab libvirt.initd -8dfa9dbe71ee21dc53e44bd7cc0127adde1bf3371d6b393657b386bb83f8139b musl-fix-includes.patch" +8dfa9dbe71ee21dc53e44bd7cc0127adde1bf3371d6b393657b386bb83f8139b musl-fix-includes.patch +dd3753a52e6ad3b6e46e9460242b7ad076ace6a054b683f96504342ca526b260 CVE-2016-5008.patch" sha512sums="4aaeb2eeb563f0a9105a1586054d69c24dada12ddf9b71edd3742ad602eb8c892d9f615ee1a2159051bec52699897c6707d9d0204b8f0fe61bae15885ee986f2 libvirt-1.2.11.tar.gz 9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc libvirt.confd f48c97f93ef4509a86eda6200b3aae5b2c0c6263403bde933b770fd62240dca27bc439bd29b440ea6a47c8337f8b4511230ed915cb5ff54d9a1cf311863f6fa1 libvirt.initd -b6142256bf2700b9e5335c60fe5628e4095a24689c31d54afcab46f46a06b9c0ae676f87f77a487377eafbec11fb7afa9b994aef48a10a39e82f47c45df008ba musl-fix-includes.patch" +b6142256bf2700b9e5335c60fe5628e4095a24689c31d54afcab46f46a06b9c0ae676f87f77a487377eafbec11fb7afa9b994aef48a10a39e82f47c45df008ba musl-fix-includes.patch +37ebc14aa1616964c89bcac17df14abd7f3fdd95f49eb3c121c89c94fe1321b1f996133763cddbabdccfe8f139edd60a7588bc81b6f14a35c78e8353050b0493 CVE-2016-5008.patch" diff --git a/main/libvirt/CVE-2016-5008.patch b/main/libvirt/CVE-2016-5008.patch new file mode 100644 index 0000000000..6fb07ac3ec --- /dev/null +++ b/main/libvirt/CVE-2016-5008.patch @@ -0,0 +1,72 @@ +From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <jdenemar@redhat.com> +Date: Tue, 28 Jun 2016 14:39:58 +0200 +Subject: [PATCH] qemu: Let empty default VNC password work as documented + +CVE-2016-5008 + +Setting an empty graphics password is documented as a way to disable +VNC/SPICE access, but QEMU does not always behaves like that. VNC would +happily accept the empty password. Let's enforce the behavior by setting +password expiration to "now". + +https://bugzilla.redhat.com/show_bug.cgi?id=1180092 + +Signed-off-by: Jiri Denemark <jdenemar@redhat.com> +--- + src/qemu/qemu_hotplug.c | 14 +++++++------- + 1 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c +index e0b8230..bf6430d 100644 +--- a/src/qemu/qemu_hotplug.c ++++ b/src/qemu/qemu_hotplug.c +@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, + time_t now = time(NULL); + char expire_time [64]; + const char *connected = NULL; ++ const char *password; + int ret = -1; + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); + +@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, + ret = 0; + goto cleanup; + } ++ password = auth->passwd ? auth->passwd : defaultPasswd; + + if (auth->connected) + connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); + + if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) + goto cleanup; +- ret = qemuMonitorSetPassword(priv->mon, +- type, +- auth->passwd ? auth->passwd : defaultPasswd, +- connected); ++ ret = qemuMonitorSetPassword(priv->mon, type, password, connected); + + if (ret == -2) { + if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { +@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, + _("Graphics password only supported for VNC")); + ret = -1; + } else { +- ret = qemuMonitorSetVNCPassword(priv->mon, +- auth->passwd ? auth->passwd : defaultPasswd); ++ ret = qemuMonitorSetVNCPassword(priv->mon, password); + } + } + if (ret != 0) + goto end_job; + +- if (auth->expires) { ++ if (password[0] == '\0') { ++ snprintf(expire_time, sizeof(expire_time), "now"); ++ } else if (auth->expires) { + time_t lifetime = auth->validTo - now; + if (lifetime <= 0) + snprintf(expire_time, sizeof(expire_time), "now"); +-- +1.7.1 + |