libvirt-5.5.0-1.fc31
Rebased to version 5.5.0
This commit is contained in:
parent
a2479f539e
commit
d964be0097
@ -1,81 +0,0 @@
|
|||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Fri, 14 Jun 2019 08:47:42 +0200
|
|
||||||
Subject: [PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only
|
|
||||||
connections
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
|
|
||||||
which can point to any path on the system. This file will then be
|
|
||||||
read and parsed by libvirtd running with root privileges.
|
|
||||||
|
|
||||||
Forbid it on read-only connections.
|
|
||||||
|
|
||||||
Fixes: CVE-2019-10161
|
|
||||||
Reported-by: Matthias Gerstner <mgerstner@suse.de>
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
|
|
||||||
---
|
|
||||||
src/libvirt-domain.c | 11 ++---------
|
|
||||||
src/qemu/qemu_driver.c | 2 +-
|
|
||||||
src/remote/remote_protocol.x | 3 +--
|
|
||||||
3 files changed, 4 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
|
|
||||||
index df7e405b3e..1cc8537c04 100644
|
|
||||||
--- a/src/libvirt-domain.c
|
|
||||||
+++ b/src/libvirt-domain.c
|
|
||||||
@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
|
|
||||||
* previously by virDomainSave() or virDomainSaveFlags().
|
|
||||||
*
|
|
||||||
* No security-sensitive data will be included unless @flags contains
|
|
||||||
- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
|
|
||||||
- * connections.
|
|
||||||
+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
|
|
||||||
*
|
|
||||||
* Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
|
|
||||||
* error. The caller must free() the returned value.
|
|
||||||
@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
|
|
||||||
|
|
||||||
virCheckConnectReturn(conn, NULL);
|
|
||||||
virCheckNonNullArgGoto(file, error);
|
|
||||||
-
|
|
||||||
- if ((conn->flags & VIR_CONNECT_RO) &&
|
|
||||||
- (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
|
|
||||||
- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
||||||
- _("virDomainSaveImageGetXMLDesc with secure flag"));
|
|
||||||
- goto error;
|
|
||||||
- }
|
|
||||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
|
||||||
|
|
||||||
if (conn->driver->domainSaveImageGetXMLDesc) {
|
|
||||||
char *ret;
|
|
||||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
||||||
index 42b1ce2521..ea9a3d33a3 100644
|
|
||||||
--- a/src/qemu/qemu_driver.c
|
|
||||||
+++ b/src/qemu/qemu_driver.c
|
|
||||||
@@ -7038,7 +7038,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
|
|
||||||
if (fd < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
|
|
||||||
+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
ret = qemuDomainDefFormatXML(driver, def, flags);
|
|
||||||
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
|
|
||||||
index 11f44ee267..737d67c47b 100644
|
|
||||||
--- a/src/remote/remote_protocol.x
|
|
||||||
+++ b/src/remote/remote_protocol.x
|
|
||||||
@@ -5242,8 +5242,7 @@ enum remote_procedure {
|
|
||||||
/**
|
|
||||||
* @generate: both
|
|
||||||
* @priority: high
|
|
||||||
- * @acl: domain:read
|
|
||||||
- * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
|
|
||||||
+ * @acl: domain:write
|
|
||||||
*/
|
|
||||||
REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Fri, 14 Jun 2019 09:14:53 +0200
|
|
||||||
Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only
|
|
||||||
connections
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The virDomainManagedSaveDefineXML can be used to alter the domain's
|
|
||||||
config used for managedsave or even execute arbitrary emulator binaries.
|
|
||||||
Forbid it on read-only connections.
|
|
||||||
|
|
||||||
Fixes: CVE-2019-10166
|
|
||||||
Reported-by: Matthias Gerstner <mgerstner@suse.de>
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
|
|
||||||
---
|
|
||||||
src/libvirt-domain.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
|
|
||||||
index 1cc8537c04..f77fc23a3f 100644
|
|
||||||
--- a/src/libvirt-domain.c
|
|
||||||
+++ b/src/libvirt-domain.c
|
|
||||||
@@ -9563,6 +9563,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
|
|
||||||
|
|
||||||
virCheckDomainReturn(domain, -1);
|
|
||||||
conn = domain->conn;
|
|
||||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
|
||||||
|
|
||||||
if (conn->driver->domainManagedSaveDefineXML) {
|
|
||||||
int ret;
|
|
@ -1,31 +0,0 @@
|
|||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Fri, 14 Jun 2019 09:16:14 +0200
|
|
||||||
Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only
|
|
||||||
connections
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
This API can be used to execute arbitrary emulators.
|
|
||||||
Forbid it on read-only connections.
|
|
||||||
|
|
||||||
Fixes: CVE-2019-10167
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
|
|
||||||
---
|
|
||||||
src/libvirt-domain.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
|
|
||||||
index f77fc23a3f..c500d6be36 100644
|
|
||||||
--- a/src/libvirt-domain.c
|
|
||||||
+++ b/src/libvirt-domain.c
|
|
||||||
@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
|
|
||||||
virResetLastError();
|
|
||||||
|
|
||||||
virCheckConnectReturn(conn, NULL);
|
|
||||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
|
||||||
|
|
||||||
if (conn->driver->connectGetDomainCapabilities) {
|
|
||||||
char *ret;
|
|
@ -1,39 +0,0 @@
|
|||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Fri, 14 Jun 2019 09:17:39 +0200
|
|
||||||
Subject: [PATCH] api: disallow virConnect*HypervisorCPU on read-only
|
|
||||||
connections
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
These APIs can be used to execute arbitrary emulators.
|
|
||||||
Forbid them on read-only connections.
|
|
||||||
|
|
||||||
Fixes: CVE-2019-10168
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
|
|
||||||
---
|
|
||||||
src/libvirt-host.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
|
|
||||||
index e20d6ee250..2978825d22 100644
|
|
||||||
--- a/src/libvirt-host.c
|
|
||||||
+++ b/src/libvirt-host.c
|
|
||||||
@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
|
|
||||||
|
|
||||||
virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
|
|
||||||
virCheckNonNullArgGoto(xmlCPU, error);
|
|
||||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
|
||||||
|
|
||||||
if (conn->driver->connectCompareHypervisorCPU) {
|
|
||||||
int ret;
|
|
||||||
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
|
|
||||||
|
|
||||||
virCheckConnectReturn(conn, NULL);
|
|
||||||
virCheckNonNullArgGoto(xmlCPUs, error);
|
|
||||||
+ virCheckReadOnlyGoto(conn->flags, error);
|
|
||||||
|
|
||||||
if (conn->driver->connectBaselineHypervisorCPU) {
|
|
||||||
char *cpu;
|
|
31
libvirt.spec
31
libvirt.spec
@ -4,7 +4,7 @@
|
|||||||
# that's still supported by the vendor. It may work on other distros
|
# that's still supported by the vendor. It may work on other distros
|
||||||
# or versions, but no effort will be made to ensure that going forward.
|
# or versions, but no effort will be made to ensure that going forward.
|
||||||
%define min_rhel 7
|
%define min_rhel 7
|
||||||
%define min_fedora 28
|
%define min_fedora 29
|
||||||
|
|
||||||
%if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
|
%if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
|
||||||
%define supported_platform 1
|
%define supported_platform 1
|
||||||
@ -215,8 +215,8 @@
|
|||||||
|
|
||||||
Summary: Library providing a simple virtualization API
|
Summary: Library providing a simple virtualization API
|
||||||
Name: libvirt
|
Name: libvirt
|
||||||
Version: 5.4.0
|
Version: 5.5.0
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://libvirt.org/
|
URL: https://libvirt.org/
|
||||||
|
|
||||||
@ -225,20 +225,6 @@ URL: https://libvirt.org/
|
|||||||
%endif
|
%endif
|
||||||
Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
|
Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
|
||||||
|
|
||||||
# CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
|
|
||||||
# API (bz #1722463, bz #1720115)
|
|
||||||
Patch0001: 0001-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch
|
|
||||||
# CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly
|
|
||||||
# clients (bz #1722462, bz #1720114)
|
|
||||||
Patch0002: 0002-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch
|
|
||||||
# CVE-2019-10167: arbitrary command execution via
|
|
||||||
# virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
|
|
||||||
Patch0003: 0003-api-disallow-virConnectGetDomainCapabilities-on-read.patch
|
|
||||||
# CVE-2019-10168: arbitrary command execution via
|
|
||||||
# virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz
|
|
||||||
# #1722466, bz #1720118)
|
|
||||||
Patch0004: 0004-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch
|
|
||||||
|
|
||||||
Requires: libvirt-daemon = %{version}-%{release}
|
Requires: libvirt-daemon = %{version}-%{release}
|
||||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||||
Requires: libvirt-daemon-config-nwfilter = %{version}-%{release}
|
Requires: libvirt-daemon-config-nwfilter = %{version}-%{release}
|
||||||
@ -311,7 +297,6 @@ BuildRequires: sanlock-devel >= 2.4
|
|||||||
%endif
|
%endif
|
||||||
BuildRequires: libpcap-devel
|
BuildRequires: libpcap-devel
|
||||||
BuildRequires: libnl3-devel
|
BuildRequires: libnl3-devel
|
||||||
BuildRequires: avahi-devel
|
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: dnsmasq >= 2.41
|
BuildRequires: dnsmasq >= 2.41
|
||||||
BuildRequires: iptables
|
BuildRequires: iptables
|
||||||
@ -450,7 +435,6 @@ Requires: iproute
|
|||||||
Requires: iproute-tc
|
Requires: iproute-tc
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Requires: avahi-libs
|
|
||||||
Requires: polkit >= 0.112
|
Requires: polkit >= 0.112
|
||||||
%ifarch %{ix86} x86_64 ia64
|
%ifarch %{ix86} x86_64 ia64
|
||||||
# For virConnectGetSysinfo
|
# For virConnectGetSysinfo
|
||||||
@ -1177,7 +1161,6 @@ rm -f po/stamp-po
|
|||||||
%{?arg_vbox} \
|
%{?arg_vbox} \
|
||||||
%{?arg_libxl} \
|
%{?arg_libxl} \
|
||||||
--with-sasl \
|
--with-sasl \
|
||||||
--with-avahi \
|
|
||||||
--with-polkit \
|
--with-polkit \
|
||||||
--with-libvirtd \
|
--with-libvirtd \
|
||||||
%{?arg_phyp} \
|
%{?arg_phyp} \
|
||||||
@ -1582,8 +1565,6 @@ exit 0
|
|||||||
%{_mandir}/man8/virtlockd.8*
|
%{_mandir}/man8/virtlockd.8*
|
||||||
%{_mandir}/man7/virkey*.7*
|
%{_mandir}/man7/virkey*.7*
|
||||||
|
|
||||||
%doc examples/polkit/*.rules
|
|
||||||
|
|
||||||
%files daemon-config-network
|
%files daemon-config-network
|
||||||
%dir %{_datadir}/libvirt/networks/
|
%dir %{_datadir}/libvirt/networks/
|
||||||
%{_datadir}/libvirt/networks/default.xml
|
%{_datadir}/libvirt/networks/default.xml
|
||||||
@ -1804,6 +1785,7 @@ exit 0
|
|||||||
%{_datadir}/libvirt/schemas/interface.rng
|
%{_datadir}/libvirt/schemas/interface.rng
|
||||||
%{_datadir}/libvirt/schemas/network.rng
|
%{_datadir}/libvirt/schemas/network.rng
|
||||||
%{_datadir}/libvirt/schemas/networkcommon.rng
|
%{_datadir}/libvirt/schemas/networkcommon.rng
|
||||||
|
%{_datadir}/libvirt/schemas/networkport.rng
|
||||||
%{_datadir}/libvirt/schemas/nodedev.rng
|
%{_datadir}/libvirt/schemas/nodedev.rng
|
||||||
%{_datadir}/libvirt/schemas/nwfilter.rng
|
%{_datadir}/libvirt/schemas/nwfilter.rng
|
||||||
%{_datadir}/libvirt/schemas/nwfilter_params.rng
|
%{_datadir}/libvirt/schemas/nwfilter_params.rng
|
||||||
@ -1879,11 +1861,12 @@ exit 0
|
|||||||
%{_datadir}/libvirt/api/libvirt-admin-api.xml
|
%{_datadir}/libvirt/api/libvirt-admin-api.xml
|
||||||
%{_datadir}/libvirt/api/libvirt-qemu-api.xml
|
%{_datadir}/libvirt/api/libvirt-qemu-api.xml
|
||||||
%{_datadir}/libvirt/api/libvirt-lxc-api.xml
|
%{_datadir}/libvirt/api/libvirt-lxc-api.xml
|
||||||
# Needed building python bindings
|
|
||||||
%doc docs/libvirt-api.xml
|
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 03 2019 Cole Robinson <crobinso@redhat.com> - 5.5.0-1
|
||||||
|
- Rebased to version 5.5.0
|
||||||
|
|
||||||
* Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 5.4.0-2
|
* Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 5.4.0-2
|
||||||
- CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
|
- CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
|
||||||
API (bz #1722463, bz #1720115)
|
API (bz #1722463, bz #1720115)
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (libvirt-5.4.0.tar.xz) = 03fa932d041d147cab79eab200bb33f8db72579be72ec7cbff3305f4a8d574835a80f1b99936eddf67f83d21cc5567f45c86e555209de6cd702f43f91197cfd0
|
SHA512 (libvirt-5.5.0.tar.xz) = 47923aaca605fb43a53238ac535abc1f88f73435336b8f3e88cb01df277ed205d99c586991e523aa32b50c832a0a7c949ab5f84dc78eb8d18a4951cfc791448d
|
||||||
|
Loading…
Reference in New Issue
Block a user