aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-08-01 14:34:09 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-08-01 14:34:09 +0000
commitfe21e87ffd9382eed66543f8c2d0f740878849d7 (patch)
tree5e123119dedf2c0ff74642e2eb721b809517260a
parenta414d1483216a531e8a7271cd858b3500aad9625 (diff)
downloadaports-fe21e87ffd9382eed66543f8c2d0f740878849d7.tar.gz
aports-fe21e87ffd9382eed66543f8c2d0f740878849d7.tar.bz2
aports-fe21e87ffd9382eed66543f8c2d0f740878849d7.tar.xz
main/libvirt: security fix (CVE-2016-5008). Fixes #5876
-rw-r--r--main/libvirt/APKBUILD12
-rw-r--r--main/libvirt/CVE-2016-5008.patch72
2 files changed, 80 insertions, 4 deletions
diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD
index 1b9683f477..78d4d35c78 100644
--- a/main/libvirt/APKBUILD
+++ b/main/libvirt/APKBUILD
@@ -2,7 +2,7 @@
pkgname=libvirt
pkgver=1.2.21
_ver="${pkgver/_rc/-rc}"
-pkgrel=0
+pkgrel=1
pkgdesc="A virtualization API for several hypervisor and container systems"
url="http://libvirt.org/"
arch="all"
@@ -28,6 +28,7 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz
libvirt.initd
musl-fix-includes.patch
fix-fortify-virnetlink.patch
+ CVE-2016-5008.patch
"
if [ "$CARCH" = "x86_64" ]; then
@@ -172,14 +173,17 @@ md5sums="76ab39194302b9067332e1f619c8bad9 libvirt-1.2.21.tar.gz
1c84a7baeafe0a7f4e9d7ae5180311b7 libvirt.confd
3e7f800197cad204e36274b54aba2be3 libvirt.initd
9da7723b114b2d87558e92828366fbcb musl-fix-includes.patch
-bc6ed2ce739dcc40542bb4e6bc94c0d3 fix-fortify-virnetlink.patch"
+bc6ed2ce739dcc40542bb4e6bc94c0d3 fix-fortify-virnetlink.patch
+989f7e79636e863e3db5203ec8bac39b CVE-2016-5008.patch"
sha256sums="8d406582f5fe88d739d1d83e0ba7ac7f91f5a8da4be82162ab85631744d8925b libvirt-1.2.21.tar.gz
851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1 libvirt.confd
d07461d86c4db3fb74e4d4af23ff7fb1ee9e7f0ec471d9a5f3fbf0dd9ca148ad libvirt.initd
8dfa9dbe71ee21dc53e44bd7cc0127adde1bf3371d6b393657b386bb83f8139b musl-fix-includes.patch
-84132508aeb5a5946e07426337d6fbb0208b1181d51d3c4927ef9601562ce3d3 fix-fortify-virnetlink.patch"
+84132508aeb5a5946e07426337d6fbb0208b1181d51d3c4927ef9601562ce3d3 fix-fortify-virnetlink.patch
+dd3753a52e6ad3b6e46e9460242b7ad076ace6a054b683f96504342ca526b260 CVE-2016-5008.patch"
sha512sums="5c15d0ba5d75c13f735c6a60dfdbad007426f77e113f95894d520f7fc358fa4361d5cce7bb9a548a436f323b845f13b8940abbad568b8b146418430068bb970e libvirt-1.2.21.tar.gz
9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc libvirt.confd
6dadee33f6696182971d24028d6d4e1a3036f93305d54f9ae4919dcb93e813375d981037244900b6c533f46e5132dc053cf168020d1aa1c2545c28c811469553 libvirt.initd
b6142256bf2700b9e5335c60fe5628e4095a24689c31d54afcab46f46a06b9c0ae676f87f77a487377eafbec11fb7afa9b994aef48a10a39e82f47c45df008ba musl-fix-includes.patch
-0ef74be8c8f0e6c6ae6e3dcf6e83dc76c1371e1eaab123589f634c22f221cc26a8f0b0de6a9f5d36510b270d4a06fae42b51b749311f3e57953e65fbfc241911 fix-fortify-virnetlink.patch"
+0ef74be8c8f0e6c6ae6e3dcf6e83dc76c1371e1eaab123589f634c22f221cc26a8f0b0de6a9f5d36510b270d4a06fae42b51b749311f3e57953e65fbfc241911 fix-fortify-virnetlink.patch
+37ebc14aa1616964c89bcac17df14abd7f3fdd95f49eb3c121c89c94fe1321b1f996133763cddbabdccfe8f139edd60a7588bc81b6f14a35c78e8353050b0493 CVE-2016-5008.patch"
diff --git a/main/libvirt/CVE-2016-5008.patch b/main/libvirt/CVE-2016-5008.patch
new file mode 100644
index 0000000000..6fb07ac3ec
--- /dev/null
+++ b/main/libvirt/CVE-2016-5008.patch
@@ -0,0 +1,72 @@
+From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 28 Jun 2016 14:39:58 +0200
+Subject: [PATCH] qemu: Let empty default VNC password work as documented
+
+CVE-2016-5008
+
+Setting an empty graphics password is documented as a way to disable
+VNC/SPICE access, but QEMU does not always behaves like that. VNC would
+happily accept the empty password. Let's enforce the behavior by setting
+password expiration to "now".
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1180092
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/qemu/qemu_hotplug.c | 14 +++++++-------
+ 1 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index e0b8230..bf6430d 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+ time_t now = time(NULL);
+ char expire_time [64];
+ const char *connected = NULL;
++ const char *password;
+ int ret = -1;
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+
+@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+ ret = 0;
+ goto cleanup;
+ }
++ password = auth->passwd ? auth->passwd : defaultPasswd;
+
+ if (auth->connected)
+ connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
+
+ if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
+ goto cleanup;
+- ret = qemuMonitorSetPassword(priv->mon,
+- type,
+- auth->passwd ? auth->passwd : defaultPasswd,
+- connected);
++ ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
+
+ if (ret == -2) {
+ if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
+@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+ _("Graphics password only supported for VNC"));
+ ret = -1;
+ } else {
+- ret = qemuMonitorSetVNCPassword(priv->mon,
+- auth->passwd ? auth->passwd : defaultPasswd);
++ ret = qemuMonitorSetVNCPassword(priv->mon, password);
+ }
+ }
+ if (ret != 0)
+ goto end_job;
+
+- if (auth->expires) {
++ if (password[0] == '\0') {
++ snprintf(expire_time, sizeof(expire_time), "now");
++ } else if (auth->expires) {
+ time_t lifetime = auth->validTo - now;
+ if (lifetime <= 0)
+ snprintf(expire_time, sizeof(expire_time), "now");
+--
+1.7.1
+