aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2020-08-18 07:04:15 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2020-08-18 07:28:15 +0000
commit1530c9fe1388bdf6ce628c4adcc38aadaaec7315 (patch)
tree5e8d9a038b1db4e3358fa396a51bc9135b72538e
parentb7f68e33234e91b452567d2fe0004e7cd959caa4 (diff)
downloadaports-1530c9fe1388bdf6ce628c4adcc38aadaaec7315.tar.gz
aports-1530c9fe1388bdf6ce628c4adcc38aadaaec7315.tar.bz2
aports-1530c9fe1388bdf6ce628c4adcc38aadaaec7315.tar.xz
main/libvirt: security fix for CVE-2019-20485
Fixes #11857
-rw-r--r--main/libvirt/APKBUILD8
-rw-r--r--main/libvirt/CVE-2019-20485.patch171
2 files changed, 177 insertions, 2 deletions
diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD
index b5bdb46f1a..f35f8db514 100644
--- a/main/libvirt/APKBUILD
+++ b/main/libvirt/APKBUILD
@@ -2,7 +2,7 @@
pkgname=libvirt
pkgver=5.5.0
_ver="${pkgver/_rc/-rc}"
-pkgrel=1
+pkgrel=2
pkgdesc="A virtualization API for several hypervisor and container systems"
url="https://libvirt.org/"
arch="all"
@@ -32,6 +32,7 @@ source="https://libvirt.org/sources/$pkgname-$pkgver.tar.xz
musl-fix-includes.patch
stderr-fix.patch
CVE-2020-12430.patch
+ CVE-2019-20485.patch
"
if [ "$CARCH" = "x86_64" ]; then
subpackages="$subpackages $pkgname-xen"
@@ -40,6 +41,8 @@ fi
subpackages="$subpackages $pkgname-common-drivers:_common_drivers"
# secfixes:
+# 5.5.0-r2:
+# - CVE-2019-20485
# 5.5.0-r1:
# - CVE-2020-12430
# 5.5.0-r0:
@@ -189,4 +192,5 @@ sha512sums="47923aaca605fb43a53238ac535abc1f88f73435336b8f3e88cb01df277ed205d99c
a4c4d26e4111931acbe7594451bf963a36c8db33c64b1bc447ab4758bb92803510bebee0511d6bc16ba80c289ab6f87e74377d47bf560412f9adb9c161a206d9 virtlockd.initd
dfe042c596028125bf8548115de2922683829c4716f6b0efb8efc38518670e3e848481661b9714bb0664c1022b87e8f3c0773611fe10187b0bc588e2336ada0c musl-fix-includes.patch
d32551d56eae2c33bab7571964f76421336967918c293cd1d18fc66626a7ead3551b5672a9e3fc3d8b7bca82cc0abb17e428ee8271d04d73bc06fd16309918b3 stderr-fix.patch
-9f395a8be5c401b3e63f2a95154b2459ba4f9e5dffd0c9e0d96822f9e5b6b36c4b0b6e8e5de11fc280505d001ede0a196b477e60af95c6035daa7b29ca054d69 CVE-2020-12430.patch"
+9f395a8be5c401b3e63f2a95154b2459ba4f9e5dffd0c9e0d96822f9e5b6b36c4b0b6e8e5de11fc280505d001ede0a196b477e60af95c6035daa7b29ca054d69 CVE-2020-12430.patch
+f38df9102e6ae0c05428990043aefee379f0e40b4f1d253a90f5897a41e6fdde7b60d013c776afc7be2f006c1d930228b369f54fe71b137e981da1af464f3ea0 CVE-2019-20485.patch"
diff --git a/main/libvirt/CVE-2019-20485.patch b/main/libvirt/CVE-2019-20485.patch
new file mode 100644
index 0000000000..69e1a28573
--- /dev/null
+++ b/main/libvirt/CVE-2019-20485.patch
@@ -0,0 +1,171 @@
+From a663a860819287e041c3de672aad1d8543098ecc Mon Sep 17 00:00:00 2001
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Thu, 5 Dec 2019 10:08:52 -0600
+Subject: [PATCH] qemu: don't hold both jobs for suspend
+
+We have to assume that the guest agent may be malicious so we don't want
+to allow any agent queries to block any other libvirt API. By holding a
+monitor job while we're querying the agent, we open ourselves up to a
+DoS.
+
+So split the function up a bit to only hold the monitor job while
+querying qemu for whether the domain supports suspend. Then acquire only
+an agent job while issuing the agent suspend command.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 94 ++++++++++++++++++++++++++++++------------------
+ 1 files changed, 59 insertions(+), 35 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 2891faf..52cf27f 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -19759,6 +19759,59 @@ qemuDomainProbeQMPCurrentMachine(virQEMUDriverPtr driver,
+ }
+
+
++/* returns -1 on error, or if query is not supported, 0 if query was successful */
++static int
++qemuDomainQueryWakeupSuspendSupport(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ bool *wakeupSupported)
++{
++ qemuDomainObjPrivatePtr priv = vm->privateData;
++ int ret = -1;
++
++ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE))
++ return -1;
++
++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
++ return -1;
++
++ if ((ret = virDomainObjCheckActive(vm)) < 0)
++ goto endjob;
++
++ ret = qemuDomainProbeQMPCurrentMachine(driver, vm, wakeupSupported);
++
++ endjob:
++ qemuDomainObjEndJob(driver, vm);
++ return ret;
++}
++
++
++static int
++qemuDomainPMSuspendAgent(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ unsigned int target)
++{
++ qemuAgentPtr agent;
++ int ret = -1;
++
++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0)
++ return -1;
++
++ if ((ret = virDomainObjCheckActive(vm)) < 0)
++ goto endjob;
++
++ if (!qemuDomainAgentAvailable(vm, true))
++ goto endjob;
++
++ agent = qemuDomainObjEnterAgent(vm);
++ ret = qemuAgentSuspend(agent, target);
++ qemuDomainObjExitAgent(vm, agent);
++
++ endjob:
++ qemuDomainObjEndAgentJob(vm);
++ return ret;
++}
++
++
+ static int
+ qemuDomainPMSuspendForDuration(virDomainPtr dom,
+ unsigned int target,
+@@ -19766,11 +19819,9 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
+ unsigned int flags)
+ {
+ virQEMUDriverPtr driver = dom->conn->privateData;
+- qemuDomainObjPrivatePtr priv;
+ virDomainObjPtr vm;
+- qemuAgentPtr agent;
+- qemuDomainJob job = QEMU_JOB_NONE;
+ int ret = -1;
++ bool wakeupSupported;
+
+ virCheckFlags(0, -1);
+
+@@ -19795,17 +19846,6 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
+ if (virDomainPMSuspendForDurationEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+- priv = vm->privateData;
+-
+- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE))
+- job = QEMU_JOB_MODIFY;
+-
+- if (qemuDomainObjBeginJobWithAgent(driver, vm, job, QEMU_AGENT_JOB_MODIFY) < 0)
+- goto cleanup;
+-
+- if (virDomainObjCheckActive(vm) < 0)
+- goto endjob;
+-
+ /*
+ * The case we want to handle here is when QEMU has the API (i.e.
+ * QEMU_CAPS_QUERY_CURRENT_MACHINE is set). Otherwise, do not interfere
+@@ -19813,16 +19853,11 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
+ * that don't know about this cap, will keep their old behavior of
+ * suspending 'in the dark'.
+ */
+- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE)) {
+- bool wakeupSupported;
+-
+- if (qemuDomainProbeQMPCurrentMachine(driver, vm, &wakeupSupported) < 0)
+- goto endjob;
+-
++ if (qemuDomainQueryWakeupSuspendSupport(driver, vm, &wakeupSupported) == 0) {
+ if (!wakeupSupported) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("Domain does not have suspend support"));
+- goto endjob;
++ goto cleanup;
+ }
+ }
+
+@@ -19832,29 +19867,18 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
+ target == VIR_NODE_SUSPEND_TARGET_HYBRID)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("S3 state is disabled for this domain"));
+- goto endjob;
++ goto cleanup;
+ }
+
+ if (vm->def->pm.s4 == VIR_TRISTATE_BOOL_NO &&
+ target == VIR_NODE_SUSPEND_TARGET_DISK) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("S4 state is disabled for this domain"));
+- goto endjob;
++ goto cleanup;
+ }
+ }
+
+- if (!qemuDomainAgentAvailable(vm, true))
+- goto endjob;
+-
+- agent = qemuDomainObjEnterAgent(vm);
+- ret = qemuAgentSuspend(agent, target);
+- qemuDomainObjExitAgent(vm, agent);
+-
+- endjob:
+- if (job)
+- qemuDomainObjEndJobWithAgent(driver, vm);
+- else
+- qemuDomainObjEndAgentJob(vm);
++ ret = qemuDomainPMSuspendAgent(driver, vm, target);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+--
+1.7.1
+