diff --git a/cve-2008-5086.patch b/cve-2008-5086.patch new file mode 100644 index 0000000..9cb7255 --- /dev/null +++ b/cve-2008-5086.patch @@ -0,0 +1,129 @@ +Index: libvirt-0.4.6/src/libvirt.c +=================================================================== +--- libvirt-0.4.6.orig/src/libvirt.c ++++ libvirt-0.4.6/src/libvirt.c +@@ -2342,6 +2342,16 @@ virDomainMigrate (virDomainPtr domain, + return NULL; + } + ++ if (domain->conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return NULL; ++ } ++ if (dconn->flags & VIR_CONNECT_RO) { ++ /* NB, delibrately report error against source object, not dest here */ ++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return NULL; ++ } ++ + /* Check that migration is supported by both drivers. */ + if (!VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn, + VIR_DRV_FEATURE_MIGRATION_V1) || +@@ -2419,6 +2429,11 @@ __virDomainMigratePrepare (virConnectPtr + return -1; + } + ++ if (dconn->flags & VIR_CONNECT_RO) { ++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return -1; ++ } ++ + if (dconn->driver->domainMigratePrepare) + return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen, + uri_in, uri_out, +@@ -2449,6 +2464,11 @@ __virDomainMigratePerform (virDomainPtr + } + conn = domain->conn; + ++ if (domain->conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return -1; ++ } ++ + if (conn->driver->domainMigratePerform) + return conn->driver->domainMigratePerform (domain, cookie, cookielen, + uri, +@@ -2476,6 +2496,11 @@ __virDomainMigrateFinish (virConnectPtr + return NULL; + } + ++ if (dconn->flags & VIR_CONNECT_RO) { ++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return NULL; ++ } ++ + if (dconn->driver->domainMigrateFinish) + return dconn->driver->domainMigrateFinish (dconn, dname, + cookie, cookielen, +@@ -2833,6 +2858,11 @@ virDomainBlockPeek (virDomainPtr dom, + } + conn = dom->conn; + ++ if (dom->conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return (-1); ++ } ++ + if (!path) { + virLibDomainError (dom, VIR_ERR_INVALID_ARG, + _("path is NULL")); +@@ -2908,6 +2938,11 @@ virDomainMemoryPeek (virDomainPtr dom, + } + conn = dom->conn; + ++ if (dom->conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return (-1); ++ } ++ + /* Flags must be VIR_MEMORY_VIRTUAL at the moment. + * + * Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is +@@ -3175,6 +3210,11 @@ virDomainSetAutostart(virDomainPtr domai + + conn = domain->conn; + ++ if (domain->conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return (-1); ++ } ++ + if (conn->driver->domainSetAutostart) + return conn->driver->domainSetAutostart (domain, autostart); + +@@ -4125,6 +4165,11 @@ virNetworkSetAutostart(virNetworkPtr net + return (-1); + } + ++ if (network->conn->flags & VIR_CONNECT_RO) { ++ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return (-1); ++ } ++ + conn = network->conn; + + if (conn->networkDriver && conn->networkDriver->networkSetAutostart) +@@ -4323,6 +4368,11 @@ virConnectFindStoragePoolSources(virConn + return NULL; + } + ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return NULL; ++ } ++ + if (conn->storageDriver && conn->storageDriver->findPoolSources) + return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags); + +@@ -4996,6 +5046,11 @@ virStoragePoolSetAutostart(virStoragePoo + return (-1); + } + ++ if (pool->conn->flags & VIR_CONNECT_RO) { ++ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ return (-1); ++ } ++ + conn = pool->conn; + + if (conn->storageDriver && conn->storageDriver->poolSetAutostart) diff --git a/libvirt.changes b/libvirt.changes index 79d6b10..cae3a32 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Dec 15 12:40:41 MST 2008 - jfehlig@novell.com + +- Patch for CVE-2008-5086 + bnc#459009 + ------------------------------------------------------------------- Fri Dec 5 13:52:31 MST 2008 - jfehlig@novell.com diff --git a/libvirt.spec b/libvirt.spec index 419766a..8a5ab63 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -49,7 +49,7 @@ License: LGPL v2.1 or later Group: Development/Libraries/C and C++ AutoReqProv: yes Version: 0.4.6 -Release: 12 +Release: 13 Summary: A C toolkit to interract with the virtualization capabilities of Linux Requires: readline Requires: ncurses @@ -85,6 +85,7 @@ Patch15: suse-network.patch Patch16: xen-pv-cdrom.patch Patch17: detach-disk.patch Patch18: migrate-params.patch +Patch19: cve-2008-5086.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -194,6 +195,7 @@ Authors: %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 rm po/no.* %build @@ -326,6 +328,9 @@ rm -rf $RPM_BUILD_ROOT %{py_sitedir}/libvirtmod* %changelog +* Mon Dec 15 2008 jfehlig@novell.com +- Patch for CVE-2008-5086 + bnc#459009 * Fri Dec 05 2008 jfehlig@novell.com - Fix migration of Xen domains bnc#456946