From 1c53c7bb4832bc0262b147a473768ead184c0da3 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Mon, 18 Jul 2016 19:08:15 -0400 Subject: [PATCH] Rebased to version 1.2.18.4 CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) --- ...vram-paths-of-official-fedora-edk2-b.patch | 62 ------------------- 0002-spec-Fix-error-in-last-backport.patch | 27 -------- libvirt.spec | 13 ++-- sources | 2 +- 4 files changed, 8 insertions(+), 96 deletions(-) delete mode 100644 0001-spec-Advertise-nvram-paths-of-official-fedora-edk2-b.patch delete mode 100644 0002-spec-Fix-error-in-last-backport.patch diff --git a/0001-spec-Advertise-nvram-paths-of-official-fedora-edk2-b.patch b/0001-spec-Advertise-nvram-paths-of-official-fedora-edk2-b.patch deleted file mode 100644 index 2610ea4..0000000 --- a/0001-spec-Advertise-nvram-paths-of-official-fedora-edk2-b.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: Cole Robinson -Date: Fri, 20 May 2016 15:50:16 -0400 -Subject: [PATCH] spec: Advertise nvram paths of official fedora edk2 builds - -Fedora now ships edk2 firmware in its official repos, so adapt -the nvram path list to match. Eventually we can remove the nightly -links as well once some integration kinks have been worked out, -and documentation updated. - -Move the macro building into the %build target, which lets us -build up a shell variable and make things a bit more readable - -https://bugzilla.redhat.com/show_bug.cgi?id=1335395 -(cherry picked from commit e9ef4dfac88806d02bd2f31eeb3f3bbafe505888) ---- - libvirt.spec.in | 26 ++++++++++++-------------- - 1 file changed, 12 insertions(+), 14 deletions(-) - -diff --git a/libvirt.spec.in b/libvirt.spec.in -index a2110bd..c1453a9 100644 ---- a/libvirt.spec.in -+++ b/libvirt.spec.in -@@ -344,20 +344,6 @@ - %endif - - --# Advertise OVMF and AAVMF from nightly firmware repo --%if 0%{?fedora} -- %define with_loader_nvram --with-loader-nvram="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw" --%endif -- -- --# The RHEL-5 Xen package has some feature backports. This --# flag is set to enable use of those special bits on RHEL-5 --%if 0%{?rhel} == 5 -- %define with_rhel5 1 --%else -- %define with_rhel5 0 --%endif -- - %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 - %define with_systemd_macros 1 - %else -@@ -1470,6 +1456,18 @@ rm -rf .git - %endif - %endif - -+%if 0%{?fedora} -+ # Nightly firmware repo x86/OVMF -+ LOADERS="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd" -+ # Nightly firmware repo aarch64/AAVMF -+ LOADERS="$LOADERS:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw" -+ # Fedora official x86/OVMF -+ LOADERS="$LOADERS:/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd" -+ # Fedora official aarch64/AAVMF -+ LOADERS="$LOADERS:/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw" -+ %define with_loader_nvram --with-loader-nvram="$LOADERS" -+%endif -+ - # place macros above and build commands below this comment - - %if 0%{?enable_autotools} diff --git a/0002-spec-Fix-error-in-last-backport.patch b/0002-spec-Fix-error-in-last-backport.patch deleted file mode 100644 index 7b625fe..0000000 --- a/0002-spec-Fix-error-in-last-backport.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Cole Robinson -Date: Thu, 23 Jun 2016 16:23:11 -0400 -Subject: [PATCH] spec: Fix error in last backport - ---- - libvirt.spec.in | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/libvirt.spec.in b/libvirt.spec.in -index c1453a9..3fa5fc4 100644 ---- a/libvirt.spec.in -+++ b/libvirt.spec.in -@@ -344,6 +344,14 @@ - %endif - - -+# The RHEL-5 Xen package has some feature backports. This -+# flag is set to enable use of those special bits on RHEL-5 -+%if 0%{?rhel} == 5 -+ %define with_rhel5 1 -+%else -+ %define with_rhel5 0 -+%endif -+ - %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 - %define with_systemd_macros 1 - %else diff --git a/libvirt.spec b/libvirt.spec index 3662b70..367fabf 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -371,8 +371,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 1.2.18.3 -Release: 2%{?dist}%{?extra_release} +Version: 1.2.18.4 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -383,10 +383,6 @@ URL: http://libvirt.org/ %endif Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz -# Advertise fedora edk2 firmware builds to apps (bz #1335395) -Patch0001: 0001-spec-Advertise-nvram-paths-of-official-fedora-edk2-b.patch -Patch0002: 0002-spec-Fix-error-in-last-backport.patch - %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} %if %{with_network} @@ -2349,6 +2345,11 @@ exit 0 %changelog +* Mon Jul 18 2016 Cole Robinson - 1.2.18.4-1 +- Rebased to version 1.2.18.4 +- CVE-2016-5008: Setting empty VNC password allows access to unauthorized + users (bz #1351516) + * Thu Jun 23 2016 Cole Robinson - 1.2.18.3-2 - Advertise fedora edk2 firmware builds to apps (bz #1335395) diff --git a/sources b/sources index 475b795..7a34a33 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -bcb0738ff66972ddb25cfe0d086c5c37 libvirt-1.2.18.3.tar.gz +8a027dfdde5fb36059e4d7e069708a56 libvirt-1.2.18.4.tar.gz