From f986dc741f9fa091dc6362763e1a34009fad21ffed262292fbd8621029e56833 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 10 Apr 2008 20:28:26 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=12 --- auth-callback.patch | 124 ++++++++++++++++++++++++++++++++++++++++++++ libvirt.changes | 6 +++ libvirt.spec | 55 ++++++++++++-------- 3 files changed, 162 insertions(+), 23 deletions(-) create mode 100644 auth-callback.patch diff --git a/auth-callback.patch b/auth-callback.patch new file mode 100644 index 0000000..574d860 --- /dev/null +++ b/auth-callback.patch @@ -0,0 +1,124 @@ +diff -ru a/src/remote_internal.c b/src/remote_internal.c +--- a/src/remote_internal.c 2007-12-17 14:51:09.000000000 -0700 ++++ b/src/remote_internal.c 2008-04-09 15:56:59.000000000 -0600 +@@ -3054,8 +3054,12 @@ + if ((remoteAddr = addrToString(&sa, salen)) == NULL) + goto cleanup; + +- if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) == NULL) +- goto cleanup; ++ if (auth) { ++ if ((saslcb = remoteAuthMakeCallbacks(auth->credtype, auth->ncredtype)) == NULL) ++ goto cleanup; ++ } else { ++ saslcb = NULL; ++ } + + /* Setup a handle for being a client */ + err = sasl_client_new("libvirt", +@@ -3168,15 +3172,21 @@ + goto cleanup; + } + /* Run the authentication callback */ +- if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) { ++ if (auth && auth->cb) { ++ if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) { ++ __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, ++ VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, ++ "Failed to collect auth credentials"); ++ goto cleanup; ++ } ++ remoteAuthFillInteract(cred, interact); ++ goto restart; ++ } else { + __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, + VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, +- "Failed to collect auth credentials"); ++ "No authentication callback available"); + goto cleanup; +- return -1; + } +- remoteAuthFillInteract(cred, interact); +- goto restart; + } + free(iret.mechlist); + +@@ -3240,15 +3250,22 @@ + return -1; + } + /* Run the authentication callback */ +- if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) { ++ if (auth && auth->cb) { ++ if ((*(auth->cb))(cred, ncred, auth->cbdata) < 0) { ++ __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, ++ VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, ++ "Failed to collect auth credentials"); ++ goto cleanup; ++ return -1; ++ } ++ remoteAuthFillInteract(cred, interact); ++ goto restep; ++ } else { + __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, + VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, +- "Failed to collect auth credentials"); ++ "No authentication callback available"); + goto cleanup; +- return -1; + } +- remoteAuthFillInteract(cred, interact); +- goto restep; + } + + if (serverin) { +@@ -3319,7 +3336,8 @@ + if (remoteAddr) free(remoteAddr); + if (serverin) free(serverin); + +- free(saslcb); ++ if (saslcb) ++ free(saslcb); + remoteAuthFreeCredentials(cred, ncred); + if (ret != 0 && saslconn) + sasl_dispose(&saslconn); +@@ -3347,24 +3365,26 @@ + }; + remoteDebug(priv, "Client initialize PolicyKit authentication"); + +- for (i = 0 ; i < auth->ncredtype ; i++) { +- if (auth->credtype[i] == VIR_CRED_EXTERNAL) +- allowcb = 1; +- } ++ if (auth && auth->cb) { ++ /* Check if the neccessary credential type for PolicyKit is supported */ ++ for (i = 0 ; i < auth->ncredtype ; i++) { ++ if (auth->credtype[i] == VIR_CRED_EXTERNAL) ++ allowcb = 1; ++ } + +- /* Run the authentication callback */ +- if (allowcb) { +- if (auth && auth->cb && +- (*(auth->cb))(&cred, 1, auth->cbdata) < 0) { +- __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, +- VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, +- "Failed to collect auth credentials"); +- return -1; ++ if (allowcb) { ++ /* Run the authentication callback */ ++ if ((*(auth->cb))(&cred, 1, auth->cbdata) < 0) { ++ __virRaiseError (in_open ? NULL : conn, NULL, NULL, VIR_FROM_REMOTE, ++ VIR_ERR_AUTH_FAILED, VIR_ERR_ERROR, NULL, NULL, NULL, 0, 0, ++ "Failed to collect auth credentials"); ++ return -1; ++ } + } else { +- remoteDebug(priv, "No auth callback provided for PolicyKit"); ++ remoteDebug(priv, "Client auth callback does not support PolicyKit"); + } + } else { +- remoteDebug(priv, "Client auth callback does not support PolicyKit"); ++ remoteDebug(priv, "No auth callback provided"); + } + + memset (&ret, 0, sizeof ret); diff --git a/libvirt.changes b/libvirt.changes index 35ce02e..48dc8cf 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 10 11:43:14 MDT 2008 - jfehlig@novell.com + +- Fix NULL pointer dereference in auth callback. bnc#373180, + bnc#354995 + ------------------------------------------------------------------- Wed Jan 9 15:45:34 MST 2008 - jfehlig@novell.com diff --git a/libvirt.spec b/libvirt.spec index f4ca0a0..856eeb1 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -10,6 +10,7 @@ # norootforbuild + Name: libvirt BuildRequires: PolicyKit-devel avahi-devel bridge-utils cyrus-sasl-devel fdupes gettext gnutls-devel libxml2-devel ncurses-devel pkg-config python-devel readline-devel xen-devel xhtml-dtd # Only for directory ownership: @@ -19,7 +20,7 @@ License: LGPL v2.1 or later Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.4.0 -Release: 3 +Release: 38 Summary: A C toolkit to interract with the virtualization capabilities of Linux Requires: dnsmasq Requires: bridge-utils @@ -31,6 +32,7 @@ Recommends: cyrus-sasl-digestmd5 Requires: PolicyKit >= 0.6 Source0: %{name}-%{version}.tar.bz2 Source1: libvirtd.init +Patch0: auth-callback.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %ix86 x86_64 %define _libexecdir %{_prefix}/lib/%{name} @@ -52,6 +54,7 @@ Authors: Karel Zak %package devel +License: LGPL v2.1 or later Summary: A C toolkit to interract with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name} = %{version} libxml2-devel xen-devel @@ -73,6 +76,7 @@ Authors: Karel Zak %package doc +License: LGPL v2.1 or later Summary: A C toolkit to interract with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -94,6 +98,7 @@ Authors: Karel Zak %package python +License: LGPL v2.1 or later Summary: A C toolkit to interract with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -117,6 +122,7 @@ Authors: %prep %setup -q +%patch0 -p1 rm po/no.* %build @@ -225,36 +231,39 @@ rm -rf $RPM_BUILD_ROOT %{py_sitedir}/libvirtmod* %changelog -* Wed Jan 09 2008 - jfehlig@novell.com +* Thu Apr 10 2008 jfehlig@novell.com +- Fix NULL pointer dereference in auth callback. bnc#373180, + bnc#354995 +* Wed Jan 09 2008 jfehlig@novell.com - Remove Requires of nc package. netcat is the equivalent but it does not support unix domain sockets so no need to require it either. -* Tue Jan 08 2008 - coolo@suse.de +* Tue Jan 08 2008 coolo@suse.de - do not require a non existant package, but change it to a recommend to digestmd5 -* Fri Jan 04 2008 - jfehlig@novell.com +* Fri Jan 04 2008 jfehlig@novell.com - Updated to libvirt-0.4.0 - SASL based authentication for libvirt remote support - PolicyKit authentication - Documentation: example files for QEMU and libvirtd configuations, authentication documentation updates - Bug fixes, improvements and code cleanup -* Tue Oct 09 2007 - jfehlig@novell.com +* Tue Oct 09 2007 jfehlig@novell.com - Updated to libvirt 0.3.3 - Avahi mDNS daemon export - NUMA support - Bug fixes - Cleanup rpmlint warnings -* Mon Oct 08 2007 - jfehlig@novell.com +* Mon Oct 08 2007 jfehlig@novell.com - Removed 'jobs' option from make invocation in spec file. Appears to be a subtle dependency issue in one of the makefiles which is causing problems with generation of python bindings when jobs > 1. Bug #329032. -* Mon Aug 20 2007 - jfehlig@novell.com +* Mon Aug 20 2007 jfehlig@novell.com - Added init script for libvirtd. libvirtd is needed to support management of qemu/kvm guests. Some Xen networking is handled through libvirt as well - bug #298021. -* Mon Jul 23 2007 - jfehlig@novell.com +* Mon Jul 23 2007 jfehlig@novell.com - Update to libvirt-0.3.0 - Secure Remote support - Documentation: remote support, description of the URI connection @@ -282,27 +291,27 @@ rm -rf $RPM_BUILD_ROOT make init script LSB compliant, error handling on lookup functions, remove internal virGetDomainByID, revamp of xen subdrivers interfaces - Localization updates -* Tue Jun 12 2007 - ccoffing@novell.com +* Tue Jun 12 2007 ccoffing@novell.com - Update to libvirt-0.2.3. - Fix duplicate files found by rpmlint. -* Wed May 23 2007 - ccoffing@novell.com +* Wed May 23 2007 ccoffing@novell.com - Fix rpmlint errors. -* Fri Apr 27 2007 - ccoffing@novell.com +* Fri Apr 27 2007 ccoffing@novell.com - Update to libvirt-0.2.2. -* Wed Mar 07 2007 - sbrabec@suse.cz +* Wed Mar 07 2007 sbrabec@suse.cz - Created -doc subpackage (#248813). - Do not remove valid locales. - Fixed docdir destination. - Build with CFLAGS. - Spec file cleanup. -* Tue Feb 20 2007 - jfehlig@novell.com +* Tue Feb 20 2007 jfehlig@novell.com - Removed usr/lib/libvirt_proxy setuid binary from package. Fixes bug #246610. -* Fri Feb 16 2007 - jfehlig@novell.com +* Fri Feb 16 2007 jfehlig@novell.com - Updated to latest release. Many of the issues seen in virt-manager have been caused by bugs / missing functionality in libvirt. This upate provides a better basis for virt-manager. -* Wed Jan 10 2007 - jfehlig@novell.com +* Wed Jan 10 2007 jfehlig@novell.com - Updated to latest release, version 0.1.10. Submitting to SLES10 SP1 to provide base functionality for FATE feature 301181. - more localizations @@ -314,7 +323,7 @@ rm -rf $RPM_BUILD_ROOT - support graphic framebuffer for Xen paravirt (Daniel Berrange) - VNC listen IP range support (Daniel Berrange) - support for default Xen config files and inactive domains of 3.0.4 (Daniel Berrange) -* Fri Dec 08 2006 - jfehlig@novell.com +* Fri Dec 08 2006 jfehlig@novell.com - Updated to latest release, version 0.1.9. - python bindings: release interpeter lock when calling C (Daniel Berrange) - don't raise HTTP error when looking informations for a domain @@ -337,7 +346,7 @@ rm -rf $RPM_BUILD_ROOT - add API to dump core of domains (but requires a patched xend) - pygrub bootloader informations take over informations - updated the localization strings -* Fri Oct 20 2006 - jfehlig@novell.com +* Fri Oct 20 2006 jfehlig@novell.com - Updated to latest release, version 0.1.8. - Bug for system with page size != 4k - vcpu number initialization (Philippe Berthault) @@ -352,13 +361,13 @@ rm -rf $RPM_BUILD_ROOT - fix a memory bug on getting vcpu informations from xend (Daniel Berrange) - fix another problem in the hypercalls change in Xen changeset 86d26e6ec89b when getting domain informations (Daniel Berrange) -* Tue Sep 26 2006 - jfehlig@novell.com +* Tue Sep 26 2006 jfehlig@novell.com - Updated to latest release, version 0.1.6. This release includes fix in hypercall driver so local patch has been removed. -* Wed Sep 13 2006 - jfehlig@novell.com +* Wed Sep 13 2006 jfehlig@novell.com - Fixed bug in hypercall driver introduced in version 0.1.5. Patch sumbmitted upstream and included locally until next release. -* Mon Sep 11 2006 - jfehlig@novell.com +* Mon Sep 11 2006 jfehlig@novell.com - Updated to latest release, version 0.1.5 - Support for new hypercalls change in Xen changeset 86d26e6ec89b - bug fixes: virParseUUID() was wrong, netwoking for paravirt guestsi @@ -372,7 +381,7 @@ rm -rf $RPM_BUILD_ROOT (Jeremy Katz), parsing of simple Xen config files (with Daniel Berrange), early work on defined (not running) domains (Daniel Berrange), virsh output improvement (Daniel Berrange -* Mon Aug 28 2006 - jfehlig@novell.com +* Mon Aug 28 2006 jfehlig@novell.com - Updated to latest release, version 0.1.4 - bug fixes: spec file fix (Mark McLoughlin), error report problem (with Hugh Brock), long integer in Python bindings (with Daniel Berrange), XML @@ -389,7 +398,7 @@ rm -rf $RPM_BUILD_ROOT operations when using read-only connection, large improvements to test driver (Daniel Berrange) - documentation: spelling (Daniel Berrange), test driver examples. -* Wed Aug 16 2006 - jfehlig@novell.com +* Wed Aug 16 2006 jfehlig@novell.com - Added ExclusiveArch tag so as to only build on x86 and x86_64 -* Mon Jul 31 2006 - jfehlig@novell.com +* Mon Jul 31 2006 jfehlig@novell.com - initial submission of libvirt package, version 0.1.3