diff --git a/libvirt-0.8.8-Requires-gettext-for-client-package.patch b/libvirt-0.8.8-Requires-gettext-for-client-package.patch new file mode 100644 index 0000000..a7ea772 --- /dev/null +++ b/libvirt-0.8.8-Requires-gettext-for-client-package.patch @@ -0,0 +1,40 @@ +From e03899ff772cb753f02ecc99c81776a95c8e3d59 Mon Sep 17 00:00:00 2001 +From: Osier Yang +Date: Fri, 18 Feb 2011 13:45:13 +0800 +Subject: [PATCH 2/6] Requires gettext for client package + +https://bugzilla.redhat.com/show_bug.cgi?id=680270 +libvirt-client is missing some dependencies + +libvirt-guests invokes functions in gettext.sh, so we need to +require gettext package in spec file. + +Demo with the fix: +% rpm -q gettext +package gettext is not installed + +% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm +error: Failed dependencies: + gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64 + +* libvirt.spec.in +--- + libvirt.spec.in | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/libvirt.spec.in b/libvirt.spec.in +index d4208e8..c08b186 100644 +--- a/libvirt.spec.in ++++ b/libvirt.spec.in +@@ -415,6 +415,8 @@ Requires: ncurses + # So remote clients can access libvirt over SSH tunnel + # (client invokes 'nc' against the UNIX socket on the server) + Requires: nc ++# Needed by libvirt-guests init script. ++Requires: gettext + %if %{with_sasl} + Requires: cyrus-sasl + # Not technically required, but makes 'out-of-box' config +-- +1.7.3.4 + diff --git a/libvirt-0.8.8-build-add-dependency-on-gnutls-utils.patch b/libvirt-0.8.8-build-add-dependency-on-gnutls-utils.patch new file mode 100644 index 0000000..e5239cb --- /dev/null +++ b/libvirt-0.8.8-build-add-dependency-on-gnutls-utils.patch @@ -0,0 +1,30 @@ +From 29680e00f67bad9145387022ea0d3c307465d3dc Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Mon, 21 Feb 2011 10:43:29 -0700 +Subject: [PATCH 4/6] build: add dependency on gnutls-utils + +https://bugzilla.redhat.com/show_bug.cgi?id=680270 +libvirt-client is missing some dependencies + +* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate. +Suggested by Daniel P. Berrange. +--- + libvirt.spec.in | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/libvirt.spec.in b/libvirt.spec.in +index c08b186..23f4525 100644 +--- a/libvirt.spec.in ++++ b/libvirt.spec.in +@@ -417,6 +417,8 @@ Requires: ncurses + Requires: nc + # Needed by libvirt-guests init script. + Requires: gettext ++# Needed by virt-pki-validate script. ++Requires: gnutls-utils + %if %{with_sasl} + Requires: cyrus-sasl + # Not technically required, but makes 'out-of-box' config +-- +1.7.3.4 + diff --git a/libvirt-0.8.8-remote-protect-against-integer-overflow.patch b/libvirt-0.8.8-remote-protect-against-integer-overflow.patch new file mode 100644 index 0000000..931c9a5 --- /dev/null +++ b/libvirt-0.8.8-remote-protect-against-integer-overflow.patch @@ -0,0 +1,115 @@ +From 9388aeabcbb06ec93845b6d066148ad4cfe1dd9e Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Fri, 24 Jun 2011 12:16:05 -0600 +Subject: [PATCH 6/6] remote: protect against integer overflow + +https://bugzilla.redhat.com/show_bug.cgi?id=717204 +CVE-2011-2511 - integer overflow in VirDomainGetVcpus + +Integer overflow and remote code are never a nice mix. + +This has existed since commit 56cd414. + +* src/libvirt.c (virDomainGetVcpus): Reject overflow up front. +* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow + on sending rpc. +* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on + receiving rpc. + +(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6) + +Conflicts: + + daemon/remote.c + src/remote/remote_driver.c + +Change to internal.h required to avoid backporting 89d994ad. +--- + daemon/remote.c | 3 ++- + src/internal.h | 17 +++++++++++++++++ + src/libvirt.c | 5 +++-- + src/remote/remote_driver.c | 3 ++- + 4 files changed, 24 insertions(+), 4 deletions(-) + +diff --git a/daemon/remote.c b/daemon/remote.c +index 159430e..b707326 100644 +--- a/daemon/remote.c ++++ b/daemon/remote.c +@@ -1722,7 +1722,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED, + return -1; + } + +- if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { ++ if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) || ++ args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) { + virDomainFree(dom); + remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX")); + return -1; +diff --git a/src/internal.h b/src/internal.h +index e263684..f47b842 100644 +--- a/src/internal.h ++++ b/src/internal.h +@@ -232,6 +232,23 @@ + } \ + } while (0) + ++/* branch-specific: we don't want to update gnulib on the branch, so this ++ * backports just one required macro from newer gnulib's intprops.h. ++ * This version requires that both a and b are 'int', rather than ++ * the fully type-generic version from gnulib. */ ++# define INT_MULTIPLY_OVERFLOW(a, b) \ ++ ((b) < 0 \ ++ ? ((a) < 0 \ ++ ? (a) < INT_MAX / (b) \ ++ : (b) == -1 \ ++ ? 0 \ ++ : INT_MIN / (b) < (a)) \ ++ : (b) == 0 \ ++ ? 0 \ ++ : ((a) < 0 \ ++ ? (a) < INT_MIN / (b) \ ++ : INT_MAX / (b) < (a))) ++ + /* divide value by size, rounding up */ + # define VIR_DIV_UP(value, size) (((value) + (size) - 1) / (size)) + +diff --git a/src/libvirt.c b/src/libvirt.c +index 8c70a1f..d8ab8f8 100644 +--- a/src/libvirt.c ++++ b/src/libvirt.c +@@ -40,6 +40,7 @@ + #include "util.h" + #include "memory.h" + #include "configmake.h" ++#include "intprops.h" + + #ifndef WITH_DRIVER_MODULES + # ifdef WITH_TEST +@@ -5363,8 +5364,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo, + + /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not + try to memcpy anything into a NULL pointer. */ +- if ((cpumaps == NULL && maplen != 0) +- || (cpumaps && maplen <= 0)) { ++ if (!cpumaps ? maplen != 0 ++ : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) { + virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); + goto error; + } +diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c +index 4ca0d3b..c73452e 100644 +--- a/src/remote/remote_driver.c ++++ b/src/remote/remote_driver.c +@@ -2850,7 +2850,8 @@ remoteDomainGetVcpus (virDomainPtr domain, + maxinfo, REMOTE_VCPUINFO_MAX); + goto done; + } +- if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) { ++ if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) || ++ maxinfo * maplen > REMOTE_CPUMAPS_MAX) { + remoteError(VIR_ERR_RPC, + _("vCPU map buffer length exceeds maximum: %d > %d"), + maxinfo * maplen, REMOTE_CPUMAPS_MAX); +-- +1.7.3.4 + diff --git a/libvirt-0.8.8-rpm-add-missing-dependencies.patch b/libvirt-0.8.8-rpm-add-missing-dependencies.patch new file mode 100644 index 0000000..0f0ad76 --- /dev/null +++ b/libvirt-0.8.8-rpm-add-missing-dependencies.patch @@ -0,0 +1,99 @@ +From 775581ead9c0b6435e8a0dad2a6838909638e7b6 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Wed, 23 Mar 2011 10:30:49 -0600 +Subject: [PATCH 5/6] rpm: add missing dependencies + +manually adapted from upstream 206fc979b1656722b254e683d89b3e9fc4480c63 + +Among others, the missing radvd dependency showed up as: + +error: Failed to start network ipv6net +error: Cannot find radvd - Possibly the package isn't installed: No such file +or directory + +even when radvd was installed, because the RADVD preprocessor +symbol was missing at configure time. + +* libvirt.spec.in (with_network): Add Build and BuildRequires for radvd + (BuildRequires): Add libxslt and augeas for docs and test. + (with_libvirtd): Add module-init-tools for modprobe. + (with_nwfilter): Add BuildRequires for ebtables. +--- + libvirt.spec.in | 26 ++++++++++++++++++++++++-- + 1 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/libvirt.spec.in b/libvirt.spec.in +index 23f4525..8ffb757 100644 +--- a/libvirt.spec.in ++++ b/libvirt.spec.in +@@ -219,15 +219,21 @@ Requires: %{name}-client = %{version}-%{release} + # daemon is present + %if %{with_libvirtd} + Requires: bridge-utils ++# for modprobe of pci devices ++Requires: module-init-tools ++# for /sbin/ip ++Requires: iproute + %endif + %if %{with_network} + Requires: dnsmasq >= 2.41 ++Requires: radvd ++%endif ++%if %{with_network} || %{with_nwfilter} + Requires: iptables ++Requires: iptables-ipv6 + %endif + %if %{with_nwfilter} + Requires: ebtables +-Requires: iptables +-Requires: iptables-ipv6 + %endif + # needed for device enumeration + %if %{with_hal} +@@ -295,10 +301,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0 + %endif + BuildRequires: libxml2-devel + BuildRequires: xhtml1-dtds ++BuildRequires: libxslt + BuildRequires: readline-devel + BuildRequires: ncurses-devel + BuildRequires: gettext + BuildRequires: gnutls-devel ++%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 ++# for augparse, optionally used in testing ++BuildRequires: augeas ++%endif + %if %{with_hal} + BuildRequires: hal-devel + %endif +@@ -323,8 +334,15 @@ BuildRequires: libselinux-devel + %endif + %if %{with_network} + BuildRequires: dnsmasq >= 2.41 ++BuildRequires: iptables ++BuildRequires: iptables-ipv6 ++BuildRequires: radvd ++%endif ++%if %{with_nwfilter} ++BuildRequires: ebtables + %endif + BuildRequires: bridge-utils ++BuildRequires: module-init-tools + %if %{with_sasl} + BuildRequires: cyrus-sasl-devel + %endif +@@ -388,7 +406,11 @@ BuildRequires: libssh2-devel + BuildRequires: netcf-devel >= 0.1.4 + %endif + %if %{with_esx} ++%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6 + BuildRequires: libcurl-devel ++%else ++BuildRequires: curl-devel ++%endif + %endif + %if %{with_audit} + BuildRequires: audit-libs-devel +-- +1.7.3.4 + diff --git a/libvirt-0.8.8-security-plug-regression-introduced-in-disk-probe-lo.patch b/libvirt-0.8.8-security-plug-regression-introduced-in-disk-probe-lo.patch new file mode 100644 index 0000000..e45c1e0 --- /dev/null +++ b/libvirt-0.8.8-security-plug-regression-introduced-in-disk-probe-lo.patch @@ -0,0 +1,40 @@ +From c2d77ade37ee917ca258cb24ffb130fc07bb95b4 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Thu, 26 May 2011 08:18:46 -0600 +Subject: [PATCH 1/6] security: plug regression introduced in disk probe logic + +This patch resolves: + + https://bugzilla.redhat.com/show_bug.cgi?id=709775 + CVE-2011-2178 - regression introduced in disk probe logic + +Regression introduced in commit d6623003 (v0.8.8) - using the +wrong sizeof operand meant that security manager private data +was overlaying the allowDiskFormatProbing member of struct +_virSecurityManager. This reopens disk probing, which was +supposed to be prevented by the solution to CVE-2010-2238. + +* src/security/security_manager.c +(virSecurityManagerGetPrivateData): Use correct offset. +--- + src/security/security_manager.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/security/security_manager.c b/src/security/security_manager.c +index 0246dd8..6f0becd 100644 +--- a/src/security/security_manager.c ++++ b/src/security/security_manager.c +@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name, + + void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr) + { +- return ((char*)mgr) + sizeof(mgr); ++ /* This accesses the memory just beyond mgr, which was allocated ++ * via VIR_ALLOC_VAR earlier. */ ++ return mgr + 1; + } + + +-- +1.7.3.4 + diff --git a/libvirt-0.8.8-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch b/libvirt-0.8.8-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch new file mode 100644 index 0000000..c4bc36a --- /dev/null +++ b/libvirt-0.8.8-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch @@ -0,0 +1,27 @@ +From 9679cde15cabf95c7538c3b6929893ec68552d23 Mon Sep 17 00:00:00 2001 +From: Dan Kenigsberg +Date: Sun, 20 Feb 2011 22:29:25 +0200 +Subject: [PATCH 3/6] virt-pki-validate: behave when CERTTOOL is missing + +https://bugzilla.redhat.com/show_bug.cgi?id=680270 +libvirt-client is missing some dependencies +--- + tools/virt-pki-validate.in | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in +index 207fa76..96659cf 100755 +--- a/tools/virt-pki-validate.in ++++ b/tools/virt-pki-validate.in +@@ -14,7 +14,7 @@ PORT=16514 + # First get certtool + # + CERTOOL=`which certtool 2>/dev/null` +-if [ ! -x $CERTOOL ] ++if [ ! -x "$CERTOOL" ] + then + echo "Could not locate the certtool program" + echo "make sure the gnutls-utils (or gnutls-bin) package is installed" +-- +1.7.3.4 + diff --git a/libvirt.spec b/libvirt.spec index 63eb265..6173ff0 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -204,7 +204,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 0.8.8 -Release: 4%{?dist}%{?extra_release} +Release: 5%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz @@ -213,6 +213,12 @@ Patch2: %{name}-%{version}-read-only-checks.patch # Patches 5, 6 CVE-2011-1486 Patch3: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch Patch4: %{name}-%{version}-avoid-resetting-errors.patch +Patch5: %{name}-%{version}-security-plug-regression-introduced-in-disk-probe-lo.patch +Patch6: %{name}-%{version}-Requires-gettext-for-client-package.patch +Patch7: %{name}-%{version}-virt-pki-validate-behave-when-CERTTOOL-is-missing.patch +Patch8: %{name}-%{version}-build-add-dependency-on-gnutls-utils.patch +Patch9: %{name}-%{version}-rpm-add-missing-dependencies.patch +Patch10: %{name}-%{version}-remote-protect-against-integer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root URL: http://libvirt.org/ BuildRequires: python-devel @@ -224,15 +230,21 @@ Requires: %{name}-client = %{version}-%{release} # daemon is present %if %{with_libvirtd} Requires: bridge-utils +# for modprobe of pci devices +Requires: module-init-tools +# for /sbin/ip +Requires: iproute %endif %if %{with_network} Requires: dnsmasq >= 2.41 +Requires: radvd +%endif +%if %{with_network} || %{with_nwfilter} Requires: iptables +Requires: iptables-ipv6 %endif %if %{with_nwfilter} Requires: ebtables -Requires: iptables -Requires: iptables-ipv6 %endif # needed for device enumeration %if %{with_hal} @@ -300,10 +312,15 @@ BuildRequires: xmlrpc-c-devel >= 1.14.0 %endif BuildRequires: libxml2-devel BuildRequires: xhtml1-dtds +BuildRequires: libxslt BuildRequires: readline-devel BuildRequires: ncurses-devel BuildRequires: gettext BuildRequires: gnutls-devel +%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +# for augparse, optionally used in testing +BuildRequires: augeas +%endif %if %{with_hal} BuildRequires: hal-devel %endif @@ -328,8 +345,15 @@ BuildRequires: libselinux-devel %endif %if %{with_network} BuildRequires: dnsmasq >= 2.41 +BuildRequires: iptables +BuildRequires: iptables-ipv6 +BuildRequires: radvd +%endif +%if %{with_nwfilter} +BuildRequires: ebtables %endif BuildRequires: bridge-utils +BuildRequires: module-init-tools %if %{with_sasl} BuildRequires: cyrus-sasl-devel %endif @@ -393,7 +417,11 @@ BuildRequires: libssh2-devel BuildRequires: netcf-devel >= 0.1.4 %endif %if %{with_esx} +%if 0%{?fedora} >= 9 || 0%{?rhel} >= 6 BuildRequires: libcurl-devel +%else +BuildRequires: curl-devel +%endif %endif %if %{with_audit} BuildRequires: audit-libs-devel @@ -420,6 +448,10 @@ Requires: ncurses # So remote clients can access libvirt over SSH tunnel # (client invokes 'nc' against the UNIX socket on the server) Requires: nc +# Needed by libvirt-guests init script. +Requires: gettext +# Needed by virt-pki-validate script. +Requires: gnutls-utils %if %{with_sasl} Requires: cyrus-sasl # Not technically required, but makes 'out-of-box' config @@ -463,6 +495,12 @@ of recent versions of Linux (and other OSes). %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build %if ! %{with_xen} @@ -982,6 +1020,14 @@ fi %endif %changelog +* Tue Jul 5 2011 Laine Stump 0.8.8-5 +- Fix for CVE-2011-2178, regression introduced in disk probe logic, + Bug 709775 +- Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus, + Bug 717204 +- Add several build and runtime dependencies to specfile + Bug 680270 + * Tue Apr 5 2011 Laine Stump 0.8.8-4 - Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe, bug 693457