rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity
376a708d02
libvirt/2a07c990-api-CVE-2019-3886.patch

28 lines
1.0 KiB
Diff
Raw Normal View History

Accepting request 693774 from home:jfehlig:branches:Virtualization Properly fix failing tests. - Fix and re-enable snapshot tests f66f70ac-snapshot-fix-use-after-free.patch 2a07c990-api-CVE-2019-3886.patch, ae076bb4-remote-CVE-2019-3886.patch - spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch ebe9c6ea-qemu-firmware-dirent.patch OBS-URL: https://build.opensuse.org/request/show/693774 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=746
2019-04-12 17:52:39 +02:00
commit 2a07c990bd9143d7a0fe8d1b6b7c763c52185240
Accepting request 692393 from home:jfehlig:branches:Virtualization - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 - spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch touches remote_protocol.x - Update to libvirt 5.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 4ec3cf9a-apparmor-rules.patch, f38ef0fa-no-RDMA-check.patch, 411cdaf8-apparmor-check-profile-name.patch, 696239ba-qemu-fix-query-cpus-fast.patch, 09eb1ae0-conf-add-xenbus-controller.patch, fb059757-libxl-add-xenbus-controller.patch, ec5a1191-libxl-support-max-grant-frames.patch, 5a64c202-xenconfig-support-max-grant-frames.patch - Added patches: ff376c62-tests-fix-mocking-stat-lstat.patch, mprivozn-test-fix-proposal.patch OBS-URL: https://build.opensuse.org/request/show/692393 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
2019-04-09 00:27:41 +02:00
Author: Daniel P. Berrangé <berrange@redhat.com>
Accepting request 693774 from home:jfehlig:branches:Virtualization Properly fix failing tests. - Fix and re-enable snapshot tests f66f70ac-snapshot-fix-use-after-free.patch 2a07c990-api-CVE-2019-3886.patch, ae076bb4-remote-CVE-2019-3886.patch - spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch ebe9c6ea-qemu-firmware-dirent.patch OBS-URL: https://build.opensuse.org/request/show/693774 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=746
2019-04-12 17:52:39 +02:00
Date: Wed Mar 27 10:59:58 2019 +0000
Accepting request 692393 from home:jfehlig:branches:Virtualization - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 - spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch touches remote_protocol.x - Update to libvirt 5.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 4ec3cf9a-apparmor-rules.patch, f38ef0fa-no-RDMA-check.patch, 411cdaf8-apparmor-check-profile-name.patch, 696239ba-qemu-fix-query-cpus-fast.patch, 09eb1ae0-conf-add-xenbus-controller.patch, fb059757-libxl-add-xenbus-controller.patch, ec5a1191-libxl-support-max-grant-frames.patch, 5a64c202-xenconfig-support-max-grant-frames.patch - Added patches: ff376c62-tests-fix-mocking-stat-lstat.patch, mprivozn-test-fix-proposal.patch OBS-URL: https://build.opensuse.org/request/show/692393 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
2019-04-09 00:27:41 +02:00
api: disallow virDomainGetHostname for read-only connections
The virDomainGetHostname API is fetching guest information and this may
involve use of an untrusted guest agent. As such its use must be
forbidden on a read-only connection to libvirt.
Fixes CVE-2019-3886
Accepting request 693774 from home:jfehlig:branches:Virtualization Properly fix failing tests. - Fix and re-enable snapshot tests f66f70ac-snapshot-fix-use-after-free.patch 2a07c990-api-CVE-2019-3886.patch, ae076bb4-remote-CVE-2019-3886.patch - spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch ebe9c6ea-qemu-firmware-dirent.patch OBS-URL: https://build.opensuse.org/request/show/693774 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=746
2019-04-12 17:52:39 +02:00
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Accepting request 692393 from home:jfehlig:branches:Virtualization - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 - spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch touches remote_protocol.x - Update to libvirt 5.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 4ec3cf9a-apparmor-rules.patch, f38ef0fa-no-RDMA-check.patch, 411cdaf8-apparmor-check-profile-name.patch, 696239ba-qemu-fix-query-cpus-fast.patch, 09eb1ae0-conf-add-xenbus-controller.patch, fb059757-libxl-add-xenbus-controller.patch, ec5a1191-libxl-support-max-grant-frames.patch, 5a64c202-xenconfig-support-max-grant-frames.patch - Added patches: ff376c62-tests-fix-mocking-stat-lstat.patch, mprivozn-test-fix-proposal.patch OBS-URL: https://build.opensuse.org/request/show/692393 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
2019-04-09 00:27:41 +02:00
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.2.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.2.0.orig/src/libvirt-domain.c
+++ libvirt-5.2.0/src/libvirt-domain.c
@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain
virCheckDomainReturn(domain, NULL);
conn = domain->conn;
+ virCheckReadOnlyGoto(domain->conn->flags, error);
+
if (conn->driver->domainGetHostname) {
char *ret;
ret = conn->driver->domainGetHostname(domain, flags);
Copy Permalink