main/libvirt: security fix (CVE-2016-5008). Fixes #5878

(cherry picked from commit fe21e87ffd9382eed66543f8c2d0f740878849d7)

2 files changed, 80 insertions, 4 deletions

diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD
index 03af77aeb1..7e3f1966f1 100644
--- a/main/libvirt/APKBUILD
+++ b/main/libvirt/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=libvirt
 pkgver=1.2.11
 _ver="${pkgver/_rc/-rc}"
-pkgrel=0
+pkgrel=2
 pkgdesc="A virtualization API for several hypervisor and container systems"
 url="http://libvirt.org/"
 arch="all"
@@ -26,6 +26,7 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz
 	libvirt.confd
 	libvirt.initd
 	musl-fix-includes.patch
+	CVE-2016-5008.patch
 	"
 
 if [ "$CARCH" = "x86_64" ]; then
@@ -169,12 +170,15 @@ _common_drivers() {
 md5sums="616ad039f212c02f7e055c5cf28c0a76  libvirt-1.2.11.tar.gz
 1c84a7baeafe0a7f4e9d7ae5180311b7  libvirt.confd
 d897df38c7e7fa1a297aa551108633c9  libvirt.initd
-9da7723b114b2d87558e92828366fbcb  musl-fix-includes.patch"
+9da7723b114b2d87558e92828366fbcb  musl-fix-includes.patch
+989f7e79636e863e3db5203ec8bac39b  CVE-2016-5008.patch"
 sha256sums="1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc  libvirt-1.2.11.tar.gz
 851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1  libvirt.confd
 e9fad203434ffaa6afe524e42a9fb6594edad61cb02b1ca60a68d1a7fe0c31ab  libvirt.initd
-8dfa9dbe71ee21dc53e44bd7cc0127adde1bf3371d6b393657b386bb83f8139b  musl-fix-includes.patch"
+8dfa9dbe71ee21dc53e44bd7cc0127adde1bf3371d6b393657b386bb83f8139b  musl-fix-includes.patch
+dd3753a52e6ad3b6e46e9460242b7ad076ace6a054b683f96504342ca526b260  CVE-2016-5008.patch"
 sha512sums="4aaeb2eeb563f0a9105a1586054d69c24dada12ddf9b71edd3742ad602eb8c892d9f615ee1a2159051bec52699897c6707d9d0204b8f0fe61bae15885ee986f2  libvirt-1.2.11.tar.gz
 9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc  libvirt.confd
 f48c97f93ef4509a86eda6200b3aae5b2c0c6263403bde933b770fd62240dca27bc439bd29b440ea6a47c8337f8b4511230ed915cb5ff54d9a1cf311863f6fa1  libvirt.initd
-b6142256bf2700b9e5335c60fe5628e4095a24689c31d54afcab46f46a06b9c0ae676f87f77a487377eafbec11fb7afa9b994aef48a10a39e82f47c45df008ba  musl-fix-includes.patch"
+b6142256bf2700b9e5335c60fe5628e4095a24689c31d54afcab46f46a06b9c0ae676f87f77a487377eafbec11fb7afa9b994aef48a10a39e82f47c45df008ba  musl-fix-includes.patch
+37ebc14aa1616964c89bcac17df14abd7f3fdd95f49eb3c121c89c94fe1321b1f996133763cddbabdccfe8f139edd60a7588bc81b6f14a35c78e8353050b0493  CVE-2016-5008.patch"
diff --git a/main/libvirt/CVE-2016-5008.patch b/main/libvirt/CVE-2016-5008.patch
new file mode 100644
index 0000000000..6fb07ac3ec
--- /dev/null
+++ b/main/libvirt/CVE-2016-5008.patch
@@ -0,0 +1,72 @@
+From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 28 Jun 2016 14:39:58 +0200
+Subject: [PATCH] qemu: Let empty default VNC password work as documented
+
+CVE-2016-5008
+
+Setting an empty graphics password is documented as a way to disable
+VNC/SPICE access, but QEMU does not always behaves like that. VNC would
+happily accept the empty password. Let's enforce the behavior by setting
+password expiration to "now".
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1180092
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/qemu/qemu_hotplug.c |   14 +++++++-------
+ 1 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index e0b8230..bf6430d 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+     time_t now = time(NULL);
+     char expire_time [64];
+     const char *connected = NULL;
++    const char *password;
+     int ret = -1;
+     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ 
+@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+         ret = 0;
+         goto cleanup;
+     }
++    password = auth->passwd ? auth->passwd : defaultPasswd;
+ 
+     if (auth->connected)
+         connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
+ 
+     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
+         goto cleanup;
+-    ret = qemuMonitorSetPassword(priv->mon,
+-                                 type,
+-                                 auth->passwd ? auth->passwd : defaultPasswd,
+-                                 connected);
++    ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
+ 
+     if (ret == -2) {
+         if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
+@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+                            _("Graphics password only supported for VNC"));
+             ret = -1;
+         } else {
+-            ret = qemuMonitorSetVNCPassword(priv->mon,
+-                                            auth->passwd ? auth->passwd : defaultPasswd);
++            ret = qemuMonitorSetVNCPassword(priv->mon, password);
+         }
+     }
+     if (ret != 0)
+         goto end_job;
+ 
+-    if (auth->expires) {
++    if (password[0] == '\0') {
++        snprintf(expire_time, sizeof(expire_time), "now");
++    } else if (auth->expires) {
+         time_t lifetime = auth->validTo - now;
+         if (lifetime <= 0)
+             snprintf(expire_time, sizeof(expire_time), "now");
+-- 
+1.7.1
+