libvirt/bf6c2830-CVE-2019-10168.patch

commit bf6c2830b6c338b1f5699b095df36f374777b291
Author: Ján Tomko <jtomko@redhat.com>
Date:   Fri Jun 14 09:17:39 2019 +0200

    api: disallow virConnect*HypervisorCPU on read-only connections
    
    These APIs can be used to execute arbitrary emulators.
    Forbid them on read-only connections.
    
    Fixes: CVE-2019-10168
    Signed-off-by: Ján Tomko <jtomko@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Index: libvirt-5.4.0/src/libvirt-host.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-host.c
+++ libvirt-5.4.0/src/libvirt-host.c
@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec
 
     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
     virCheckNonNullArgGoto(xmlCPU, error);
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->connectCompareHypervisorCPU) {
         int ret;
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne
 
     virCheckConnectReturn(conn, NULL);
     virCheckNonNullArgGoto(xmlCPUs, error);
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->connectBaselineHypervisorCPU) {
         char *cpu;
Accepting request 711148 from home:jfehlig:branches:Virtualization Fixes for CVE's made public today. - api: disallow virConnect*HypervisorCPU, virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, and virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 OBS-URL: https://build.opensuse.org/request/show/711148 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=765 2019-06-20 17:16:41 +02:00			`commit bf6c2830b6c338b1f5699b095df36f374777b291`
			`Author: Ján Tomko <jtomko@redhat.com>`
			`Date: Fri Jun 14 09:17:39 2019 +0200`

			`api: disallow virConnect*HypervisorCPU on read-only connections`

			`These APIs can be used to execute arbitrary emulators.`
			`Forbid them on read-only connections.`

			`Fixes: CVE-2019-10168`
			`Signed-off-by: Ján Tomko <jtomko@redhat.com>`
			`Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>`

			`Index: libvirt-5.4.0/src/libvirt-host.c`
			`===================================================================`
			`--- libvirt-5.4.0.orig/src/libvirt-host.c`
			`+++ libvirt-5.4.0/src/libvirt-host.c`
			`@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec`

			`virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);`
			`virCheckNonNullArgGoto(xmlCPU, error);`
			`+ virCheckReadOnlyGoto(conn->flags, error);`

			`if (conn->driver->connectCompareHypervisorCPU) {`
			`int ret;`
			`@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne`

			`virCheckConnectReturn(conn, NULL);`
			`virCheckNonNullArgGoto(xmlCPUs, error);`
			`+ virCheckReadOnlyGoto(conn->flags, error);`

			`if (conn->driver->connectBaselineHypervisorCPU) {`
			`char *cpu;`