From b905305de10a5467e9a2a9f6c9756c96a8adf8c77c54da6ae65394305c0a5a57 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 17 Oct 2013 20:18:18 +0000 Subject: [PATCH 01/10] - Use newer libnl3 instead of libnl-1_1 bnc#845540 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=312 --- libvirt.changes | 6 ++++++ libvirt.spec | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libvirt.changes b/libvirt.changes index 86abbbd..06e30bf 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 17 14:14:46 MDT 2013 - jfehlig@suse.com + +- Use newer libnl3 instead of libnl-1_1 + bnc#845540 + ------------------------------------------------------------------- Mon Oct 14 22:20:41 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index f870a1d..29e76b3 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -314,7 +314,7 @@ BuildRequires: libpcap-devel %if 0%{?suse_version} < 1210 BuildRequires: libnl-devel %else -BuildRequires: libnl-1_1-devel +BuildRequires: libnl3-devel %endif %endif %if %{with_avahi} From 4b629b33b6df47805731449a61d8156a7ed51e1c8680ed099e3543b5ec5b0305 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 18 Oct 2013 20:46:45 +0000 Subject: [PATCH 02/10] - Move hypervisor-specific files out of libvirt-daemon package and into libvirt-daemon- subpackage bnc#845851 - conf: Don't crash on invalid chardev source definition 79552754-libvirtd-chardev-crash.patch bnc#845704, rhb#1012196 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=313 --- 79552754-libvirtd-chardev-crash.patch | 87 +++++++++++++++++++++++++++ libvirt.changes | 10 +++ libvirt.spec | 85 +++++++++----------------- 3 files changed, 124 insertions(+), 58 deletions(-) create mode 100644 79552754-libvirtd-chardev-crash.patch diff --git a/79552754-libvirtd-chardev-crash.patch b/79552754-libvirtd-chardev-crash.patch new file mode 100644 index 0000000..dfe5e97 --- /dev/null +++ b/79552754-libvirtd-chardev-crash.patch @@ -0,0 +1,87 @@ +commit 795527548fea79902ea4ce32747e069944cf3e61 +Author: Peter Krempa +Date: Thu Sep 26 08:12:39 2013 +0200 + + conf: Don't crash on invalid chardev source definition of RNGs and other + + Since commit 297c99a5 an invalid source definition XML of a character + device that is used as backend for RNG devices, smartcards and redirdevs + causes crash of the daemon when parsing such a definition. + + The device types mentioned above are not a part of a regular character + device but are backends for other types. Thus when parsing such device + NULL is passed as the argument @chr_def. Later when checking the + validity of the definition @chr_def was dereferenced when parsing a UNIX + socket backend with missing path of the socket and crashed the daemon. + + Sample offending configuration: + + ... + + + + + + + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196 + +Index: libvirt-1.1.2/src/conf/domain_conf.c +=================================================================== +--- libvirt-1.1.2.orig/src/conf/domain_conf.c ++++ libvirt-1.1.2/src/conf/domain_conf.c +@@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC + case VIR_DOMAIN_CHR_TYPE_UNIX: + /* path can be auto generated */ + if (!path && +- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) { ++ (!chr_def || ++ chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Missing source path attribute for char device")); + goto error; +Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml +=================================================================== +--- /dev/null ++++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml +@@ -0,0 +1,27 @@ ++ ++ QEMUGuest1 ++ c7a5fdbd-edaf-9455-926a-d65c16db1809 ++ 219100 ++ 219100 ++ 1 ++ ++ hvm ++ ++ ++ ++ destroy ++ restart ++ destroy ++ ++ /usr/bin/qemu ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +Index: libvirt-1.1.2/tests/qemuxml2argvtest.c +=================================================================== +--- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c ++++ libvirt-1.1.2/tests/qemuxml2argvtest.c +@@ -973,6 +973,8 @@ mymain(void) + QEMU_CAPS_OBJECT_RNG_RANDOM); + DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, + QEMU_CAPS_OBJECT_RNG_EGD); ++ DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE, ++ QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD); + DO_TEST("virtio-rng-ccw", + QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG, + QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW, diff --git a/libvirt.changes b/libvirt.changes index 06e30bf..c6d6c33 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Oct 18 14:42:39 MDT 2013 - jfehlig@suse.com + +- Move hypervisor-specific files out of libvirt-daemon package + and into libvirt-daemon- subpackage + bnc#845851 +- conf: Don't crash on invalid chardev source definition + 79552754-libvirtd-chardev-crash.patch + bnc#845704, rhb#1012196 + ------------------------------------------------------------------- Thu Oct 17 14:14:46 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 29e76b3..bd2e970 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -411,6 +411,7 @@ Patch4: 922b7fda-CVE-2013-4311.patch Patch5: e4697b92-CVE-2013-4311.patch Patch6: 8294aa0c-CVE-2013-4399.patch Patch7: 484cc321-fix-spice-migration.patch +Patch8: 79552754-libvirtd-chardev-crash.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -926,6 +927,7 @@ of recent versions of Linux (and other OSes). %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %patch100 -p1 %patch101 %patch102 -p1 @@ -1193,34 +1195,19 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter rm -rf $RPM_BUILD_ROOT%{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so %endif -%if %{with_lxc} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-lxc.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing LXC. -EOF -%else +%if ! %{with_lxc} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc %endif -%if %{with_qemu} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-qemu.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing QEMU/KVM. -EOF -%else +%if ! %{with_qemu} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu %endif -%if %{with_uml} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-uml.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing UML. -EOF -%else +%if ! %{with_uml} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml %endif %if %{with_vbox} @@ -1229,12 +1216,6 @@ Any empty package encapsulating requirements for a libvirtd capable of managing VirtualBox. EOF %endif -%if %{with_xen} || %{with_libxl} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-xen.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing Xen. -EOF -%endif %if ! %{with_sanlock} rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirt_sanlock.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug @@ -1414,36 +1395,6 @@ fi %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy %endif %endif -%if %{with_qemu} -%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf -%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ -%{_datadir}/augeas/lenses/libvirtd_qemu.aug -%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug -%endif -%if %{with_lxc} -%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ -%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc -%{_datadir}/augeas/lenses/libvirtd_lxc.aug -%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug -%endif -%if %{with_uml} -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/ -%endif -%if %{with_libxl} -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ -%endif %if %{with_storage_disk} %attr(0755, root, root) %{_libdir}/%{name}/libvirt_parthelper %endif @@ -1567,28 +1518,46 @@ fi %files daemon-qemu %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-qemu.README +%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf +%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ +%{_datadir}/augeas/lenses/libvirtd_qemu.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %endif %if %{with_lxc} %files daemon-lxc %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-lxc.README +%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ +%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc +%{_datadir}/augeas/lenses/libvirtd_lxc.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug %endif %if %{with_uml} %files daemon-uml %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-uml.README +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/ %endif %if %{with_xen} || %{with_libxl} %files daemon-xen %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-xen.README +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ %endif %if %{with_vbox} From c27ca0ddd7f381ac045c3c14cd00cd2e391c156413a654b098c44bb45b463897 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 18 Oct 2013 22:13:52 +0000 Subject: [PATCH 03/10] fix build for distros that don't have libxl OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=314 --- libvirt.spec | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libvirt.spec b/libvirt.spec index bd2e970..765fa17 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1216,6 +1216,12 @@ Any empty package encapsulating requirements for a libvirtd capable of managing VirtualBox. EOF %endif +%if %{with_xen} || %{with_libxl} +cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-xen.README << 'EOF' +Any empty package encapsulating requirements for a libvirtd capable +of managing Xen. +EOF +%endif %if ! %{with_sanlock} rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirt_sanlock.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug @@ -1504,6 +1510,8 @@ fi %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver %{_libdir}/%{name}/connection-driver/libvirt_driver_libxl.so +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ %endif %if %{with_vbox} @@ -1556,8 +1564,7 @@ fi %files daemon-xen %defattr(-, root, root) -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ +%doc %{_docdir}/%{name}/libvirt-daemon-xen.README %endif %if %{with_vbox} From fffa5dcc99ef7b6ab89498e489f9d71b498935302c6936c963cd093df7b76a7c Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 21 Oct 2013 21:49:57 +0000 Subject: [PATCH 04/10] - CVE-2013-4400: Unsantized use of env variables allows privilege escalation via virt-login-shell ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, CVE-2013-4400-build-fix.patch bnc#837609 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native 57687fd6-CVE-2013-4401.patch bnc#845704 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=315 --- 3e2f27e1-CVE-2013-4400.patch | 354 ++++++++++++++++++++++++++++++++++ 57687fd6-CVE-2013-4401.patch | 52 +++++ 8c3586ea-CVE-2013-4400.patch | 61 ++++++ CVE-2013-4400-build-fix.patch | 37 ++++ ae53e5d1-CVE-2013-4400.patch | 96 +++++++++ b7fcc799a-CVE-2013-4400.patch | 36 ++++ libvirt-suse-netcontrol.patch | 10 +- libvirt.changes | 13 ++ libvirt.spec | 12 ++ 9 files changed, 666 insertions(+), 5 deletions(-) create mode 100644 3e2f27e1-CVE-2013-4400.patch create mode 100644 57687fd6-CVE-2013-4401.patch create mode 100644 8c3586ea-CVE-2013-4400.patch create mode 100644 CVE-2013-4400-build-fix.patch create mode 100644 ae53e5d1-CVE-2013-4400.patch create mode 100644 b7fcc799a-CVE-2013-4400.patch diff --git a/3e2f27e1-CVE-2013-4400.patch b/3e2f27e1-CVE-2013-4400.patch new file mode 100644 index 0000000..9be1c8c --- /dev/null +++ b/3e2f27e1-CVE-2013-4400.patch @@ -0,0 +1,354 @@ +commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc +Author: Daniel P. Berrange +Date: Thu Oct 10 13:09:08 2013 +0100 + + Don't link virt-login-shell against libvirt.so (CVE-2013-4400) + + The libvirt.so library has far too many library deps to allow + linking against it from setuid programs. Those libraries can + do stuff in __attribute__((constructor) functions which is + not setuid safe. + + The virt-login-shell needs to link directly against individual + files that it uses, with all library deps turned off except + for libxml2 and libselinux. + + Create a libvirt-setuid-rpc-client.la library which is linked + to by virt-login-shell. A config-post.h file allows this library + to disable all external deps except libselinux and libxml2. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.1.2/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/Makefile.am ++++ libvirt-1.1.2/Makefile.am +@@ -31,6 +31,7 @@ XML_EXAMPLES = \ + test/*.xml storage/*.xml))) + + EXTRA_DIST = \ ++ config-post.h \ + ChangeLog-old \ + libvirt.spec libvirt.spec.in \ + mingw-libvirt.spec.in \ +Index: libvirt-1.1.2/config-post.h +=================================================================== +--- /dev/null ++++ libvirt-1.1.2/config-post.h +@@ -0,0 +1,44 @@ ++/* ++ * Copyright (C) 2013 Red Hat, Inc. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library. If not, see ++ * . ++ */ ++ ++/* ++ * Since virt-login-shell will be setuid, we must do everything ++ * we can to avoid linking to other libraries. Many of them do ++ * unsafe things in functions marked __atttribute__((constructor)). ++ * The only way avoid to avoid such deps is to re-compile the ++ * functions with the code in question disabled, and for that we ++ * must override the main config.h rules. Hence this file :-( ++ */ ++ ++#ifdef LIBVIRT_SETUID_RPC_CLIENT ++# undef HAVE_LIBDEVMAPPER_H ++# undef HAVE_LIBNL ++# undef HAVE_LIBNL3 ++# undef HAVE_LIBSASL2 ++# undef WITH_CAPNG ++# undef WITH_CURL ++# undef WITH_DTRACE_PROBES ++# undef WITH_GNUTLS ++# undef WITH_MACVTAP ++# undef WITH_NUMACTL ++# undef WITH_SASL ++# undef WITH_SSH2 ++# undef WITH_VIRTUALPORT ++# undef WITH_YAJL ++# undef WITH_YAJL2 ++#endif +Index: libvirt-1.1.2/configure.ac +=================================================================== +--- libvirt-1.1.2.orig/configure.ac ++++ libvirt-1.1.2/configure.ac +@@ -20,6 +20,7 @@ AC_INIT([libvirt], [1.1.2], [libvir-list + AC_CONFIG_SRCDIR([src/libvirt.c]) + AC_CONFIG_AUX_DIR([build-aux]) + AC_CONFIG_HEADERS([config.h]) ++AH_BOTTOM([#include ]) + AC_CONFIG_MACRO_DIR([m4]) + dnl Make automake keep quiet about wildcards & other GNUmake-isms + AM_INIT_AUTOMAKE([-Wno-portability tar-ustar]) +Index: libvirt-1.1.2/daemon/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/daemon/Makefile.am ++++ libvirt-1.1.2/daemon/Makefile.am +@@ -18,6 +18,7 @@ + + INCLUDES = \ + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ ++ -I$(top_srcdir) \ + -I$(top_builddir)/include -I$(top_srcdir)/include \ + -I$(top_builddir)/src -I$(top_srcdir)/src \ + -I$(top_srcdir)/src/util \ +Index: libvirt-1.1.2/examples/domain-events/events-c/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/examples/domain-events/events-c/Makefile.am ++++ libvirt-1.1.2/examples/domain-events/events-c/Makefile.am +@@ -15,7 +15,8 @@ + ## . + + INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include \ +- -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib ++ -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ ++ -I$(top_srcdir) + noinst_PROGRAMS = event-test + event_test_CFLAGS = $(WARN_CFLAGS) + event_test_SOURCES = event-test.c +Index: libvirt-1.1.2/examples/hellolibvirt/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/examples/hellolibvirt/Makefile.am ++++ libvirt-1.1.2/examples/hellolibvirt/Makefile.am +@@ -14,7 +14,7 @@ + ## License along with this library. If not, see + ## . + +-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include ++INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) + noinst_PROGRAMS = hellolibvirt + hellolibvirt_CFLAGS = $(WARN_CFLAGS) + hellolibvirt_SOURCES = hellolibvirt.c +Index: libvirt-1.1.2/examples/openauth/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/examples/openauth/Makefile.am ++++ libvirt-1.1.2/examples/openauth/Makefile.am +@@ -14,7 +14,7 @@ + ## License along with this library. If not, see + ## . + +-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include ++INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) + noinst_PROGRAMS = openauth + openauth_CFLAGS = $(WARN_CFLAGS) + openauth_SOURCES = openauth.c +Index: libvirt-1.1.2/gnulib/lib/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/gnulib/lib/Makefile.am ++++ libvirt-1.1.2/gnulib/lib/Makefile.am +@@ -27,4 +27,4 @@ noinst_LTLIBRARIES = + + include gnulib.mk + +-INCLUDES = $(GETTEXT_CPPFLAGS) ++INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS) +Index: libvirt-1.1.2/python/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/python/Makefile.am ++++ libvirt-1.1.2/python/Makefile.am +@@ -20,6 +20,7 @@ INCLUDES = \ + $(PYTHON_INCLUDES) \ + -I$(top_builddir)/gnulib/lib \ + -I$(top_srcdir)/gnulib/lib \ ++ -I$(top_srcdir) \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/src/util \ +Index: libvirt-1.1.2/src/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/src/Makefile.am ++++ libvirt-1.1.2/src/Makefile.am +@@ -21,6 +21,7 @@ + # that actually use them. Also keep GETTEXT_CPPFLAGS at the end. + INCLUDES = -I../gnulib/lib \ + -I$(top_srcdir)/gnulib/lib \ ++ -I$(top_srcdir) \ + -I../include \ + -I$(top_srcdir)/include \ + -I$(top_srcdir)/src/util \ +@@ -1917,6 +1918,77 @@ libvirt_lxc_la_LDFLAGS = \ + libvirt_lxc_la_CFLAGS = $(AM_CFLAGS) + libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD) + ++# Since virt-login-shell will be setuid, we must do everything ++# we can to avoid linking to other libraries. Many of them do ++# unsafe things in functions marked __atttribute__((constructor)). ++# This library is built to include the bare minimum required to ++# have a RPC client for local UNIX socket access only. We use ++# the ../config-post.h header to disable all external deps that ++# we don't want ++if WITH_LXC ++noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la ++ ++libvirt_setuid_rpc_client_la_SOURCES = \ ++ util/viralloc.c \ ++ util/virbitmap.c \ ++ util/virbuffer.c \ ++ util/vircommand.c \ ++ util/virconf.c \ ++ util/virerror.c \ ++ util/virevent.c \ ++ util/vireventpoll.c \ ++ util/virfile.c \ ++ util/virhash.c \ ++ util/virhashcode.c \ ++ util/virjson.c \ ++ util/virlog.c \ ++ util/virobject.c \ ++ util/virpidfile.c \ ++ util/virprocess.c \ ++ util/virrandom.c \ ++ util/virsocketaddr.c \ ++ util/virstoragefile.c \ ++ util/virstring.c \ ++ util/virtime.c \ ++ util/virthread.c \ ++ util/virtypedparam.c \ ++ util/viruri.c \ ++ util/virutil.c \ ++ util/viruuid.c \ ++ conf/domain_event.c \ ++ rpc/virnetsocket.c \ ++ rpc/virnetsocket.h \ ++ rpc/virnetmessage.h \ ++ rpc/virnetmessage.c \ ++ rpc/virkeepalive.c \ ++ rpc/virkeepalive.h \ ++ rpc/virnetclient.c \ ++ rpc/virnetclientprogram.c \ ++ rpc/virnetclientstream.c \ ++ rpc/virnetprotocol.c \ ++ remote/remote_driver.c \ ++ remote/remote_protocol.c \ ++ remote/qemu_protocol.c \ ++ remote/lxc_protocol.c \ ++ datatypes.c \ ++ libvirt.c \ ++ libvirt-lxc.c \ ++ $(NULL) ++ ++libvirt_setuid_rpc_client_la_LDFLAGS = \ ++ $(AM_LDFLAGS) \ ++ $(LIBXML_LIBS) \ ++ $(SELINUX_LIBS) \ ++ $(NULL) ++libvirt_setuid_rpc_client_la_CFLAGS = \ ++ -DLIBVIRT_SETUID_RPC_CLIENT \ ++ -I$(top_srcdir)/src/conf \ ++ -I$(top_srcdir)/src/rpc \ ++ $(AM_CFLAGS) \ ++ $(SELINUX_CFLAGS) \ ++ $(NULL) ++endif WITH_LXC ++ + lockdriverdir = $(libdir)/libvirt/lock-driver + lockdriver_LTLIBRARIES = + +Index: libvirt-1.1.2/src/libvirt.c +=================================================================== +--- libvirt-1.1.2.orig/src/libvirt.c ++++ libvirt-1.1.2/src/libvirt.c +@@ -446,40 +446,46 @@ virGlobalInit(void) + goto error; + + /* ++ * Note we must avoid everything except 'remote' driver ++ * for virt-login-shell usage ++ */ ++#ifndef LIBVIRT_SETUID_RPC_CLIENT ++ /* + * Note that the order is important: the first ones have a higher + * priority when calling virConnectOpen. + */ +-#ifdef WITH_TEST ++# ifdef WITH_TEST + if (testRegister() == -1) + goto error; +-#endif +-#ifdef WITH_OPENVZ ++# endif ++# ifdef WITH_OPENVZ + if (openvzRegister() == -1) + goto error; +-#endif +-#ifdef WITH_VMWARE ++# endif ++# ifdef WITH_VMWARE + if (vmwareRegister() == -1) + goto error; +-#endif +-#ifdef WITH_PHYP ++# endif ++# ifdef WITH_PHYP + if (phypRegister() == -1) + goto error; +-#endif +-#ifdef WITH_ESX ++# endif ++# ifdef WITH_ESX + if (esxRegister() == -1) + goto error; +-#endif +-#ifdef WITH_HYPERV ++# endif ++# ifdef WITH_HYPERV + if (hypervRegister() == -1) + goto error; +-#endif +-#ifdef WITH_XENAPI ++# endif ++# ifdef WITH_XENAPI + if (xenapiRegister() == -1) + goto error; +-#endif +-#ifdef WITH_PARALLELS ++# endif ++# ifdef WITH_PARALLELS + if (parallelsRegister() == -1) + goto error; ++# endif + #endif + #ifdef WITH_REMOTE + if (remoteRegister() == -1) +Index: libvirt-1.1.2/tools/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/tools/Makefile.am ++++ libvirt-1.1.2/tools/Makefile.am +@@ -149,6 +149,11 @@ virt_host_validate_CFLAGS = \ + $(COVERAGE_CFLAGS) \ + $(NULL) + ++# Since virt-login-shell will be setuid, we must do everything ++# we can to avoid linking to other libraries. Many of them do ++# unsafe things in functions marked __atttribute__((constructor)). ++# This we statically link to a library containing only the minimal ++# libvirt client code, not libvirt.so itself. + virt_login_shell_SOURCES = \ + virt-login-shell.c + +@@ -159,11 +164,11 @@ virt_login_shell_LDFLAGS = \ + virt_login_shell_LDADD = \ + $(STATIC_BINARIES) \ + $(PIE_LDFLAGS) \ +- ../src/libvirt.la \ +- ../src/libvirt-lxc.la \ ++ ../src/libvirt-setuid-rpc-client.la \ + ../gnulib/lib/libgnu.la + + virt_login_shell_CFLAGS = \ ++ -DLIBVIRT_SETUID_RPC_CLIENT \ + $(WARN_CFLAGS) \ + $(PIE_CFLAGS) \ + $(COVERAGE_CFLAGS) diff --git a/57687fd6-CVE-2013-4401.patch b/57687fd6-CVE-2013-4401.patch new file mode 100644 index 0000000..81b7b45 --- /dev/null +++ b/57687fd6-CVE-2013-4401.patch @@ -0,0 +1,52 @@ +commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c +Author: Daniel P. Berrange +Date: Thu Oct 3 16:37:57 2013 +0100 + + Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401) + + The virConnectDomainXMLToNative API should require 'connect:write' + not 'connect:read', since it will trigger execution of the QEMU + binaries listed in the XML. + + Also make virConnectDomainXMLFromNative API require a full + read-write connection and 'connect:write' permission. Although the + current impl doesn't trigger execution of QEMU, we should not + rely on that impl detail from an API permissioning POV. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.1.2/src/libvirt.c +=================================================================== +--- libvirt-1.1.2.orig/src/libvirt.c ++++ libvirt-1.1.2/src/libvirt.c +@@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC + virDispatchError(NULL); + return NULL; + } ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } + + virCheckNonNullArgGoto(nativeFormat, error); + virCheckNonNullArgGoto(nativeConfig, error); +Index: libvirt-1.1.2/src/remote/remote_protocol.x +=================================================================== +--- libvirt-1.1.2.orig/src/remote/remote_protocol.x ++++ libvirt-1.1.2/src/remote/remote_protocol.x +@@ -3812,13 +3812,13 @@ enum remote_procedure { + + /** + * @generate: both +- * @acl: connect:read ++ * @acl: connect:write + */ + REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135, + + /** + * @generate: both +- * @acl: connect:read ++ * @acl: connect:write + */ + REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136, + diff --git a/8c3586ea-CVE-2013-4400.patch b/8c3586ea-CVE-2013-4400.patch new file mode 100644 index 0000000..8e94fb4 --- /dev/null +++ b/8c3586ea-CVE-2013-4400.patch @@ -0,0 +1,61 @@ +commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994 +Author: Daniel P. Berrange +Date: Wed Oct 9 10:59:36 2013 +0100 + + Only allow 'stderr' log output when running setuid (CVE-2013-4400) + + We must not allow file/syslog/journald log outputs when running + setuid since they can be abused to do bad things. In particular + the 'file' output can be used to overwrite files. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.1.2/src/util/virlog.c +=================================================================== +--- libvirt-1.1.2.orig/src/util/virlog.c ++++ libvirt-1.1.2/src/util/virlog.c +@@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit + * Multiple output can be defined in a single @output, they just need to be + * separated by spaces. + * ++ * If running in setuid mode, then only the 'stderr' output will ++ * be allowed ++ * + * Returns the number of output parsed and installed or -1 in case of error + */ + int +@@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs) + virLogPriority prio; + int ret = -1; + int count = 0; ++ bool isSUID = virIsSUID(); + + if (cur == NULL) + return -1; +@@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs) + if (virLogAddOutputToStderr(prio) == 0) + count++; + } else if (STREQLEN(cur, "syslog", 6)) { ++ if (isSUID) ++ goto cleanup; + cur += 6; + if (*cur != ':') + goto cleanup; +@@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs) + VIR_FREE(name); + #endif /* HAVE_SYSLOG_H */ + } else if (STREQLEN(cur, "file", 4)) { ++ if (isSUID) ++ goto cleanup; + cur += 4; + if (*cur != ':') + goto cleanup; +@@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs) + VIR_FREE(name); + VIR_FREE(abspath); + } else if (STREQLEN(cur, "journald", 8)) { ++ if (isSUID) ++ goto cleanup; + cur += 8; + #if USE_JOURNALD + if (virLogAddOutputToJournald(prio) == 0) diff --git a/CVE-2013-4400-build-fix.patch b/CVE-2013-4400-build-fix.patch new file mode 100644 index 0000000..6dd6391 --- /dev/null +++ b/CVE-2013-4400-build-fix.patch @@ -0,0 +1,37 @@ +commit a6f05b5fdf139aa7155b64b2b581ff88151fbfca +Author: Jim Fehlig +Date: Mon Oct 21 14:57:27 2013 -0600 + + build: fix virt-login-shell build with apparmor + + With libapparmor-devel installed, virt-login-shell fails to link + + CCLD virt-login-shell + ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': + /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' + collect2: error: ld returned 1 exit status + + Fix by linking libvirt_setuid_rpc_client with previously determined + SECDRIVER_LIBS in src/Makefile.am. + +Index: libvirt-1.1.2/src/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/src/Makefile.am ++++ libvirt-1.1.2/src/Makefile.am +@@ -1978,7 +1978,7 @@ libvirt_setuid_rpc_client_la_SOURCES = + libvirt_setuid_rpc_client_la_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(LIBXML_LIBS) \ +- $(SELINUX_LIBS) \ ++ $(SECDRIVER_LIBS) \ + $(NULL) + libvirt_setuid_rpc_client_la_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ +@@ -1986,6 +1986,7 @@ libvirt_setuid_rpc_client_la_CFLAGS = \ + -I$(top_srcdir)/src/rpc \ + $(AM_CFLAGS) \ + $(SELINUX_CFLAGS) \ ++ $(APPARMOR_CFLAGS) \ + $(NULL) + endif WITH_LXC + diff --git a/ae53e5d1-CVE-2013-4400.patch b/ae53e5d1-CVE-2013-4400.patch new file mode 100644 index 0000000..175d9bd --- /dev/null +++ b/ae53e5d1-CVE-2013-4400.patch @@ -0,0 +1,96 @@ +commit ae53e5d10e434e07079d7e3ba11ec654ba6a256e +Author: Daniel P. Berrange +Date: Wed Oct 9 10:52:39 2013 +0100 + + Add helpers for getting env vars in a setuid environment + + Care must be taken accessing env variables when running + setuid. Introduce a virGetEnvAllowSUID for env vars which + are safe to use in a setuid environment, and another + virGetEnvBlockSUID for vars which are not safe. Also add + a virIsSUID helper method for any other non-env var code + to use. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.1.2/src/libvirt_private.syms +=================================================================== +--- libvirt-1.1.2.orig/src/libvirt_private.syms ++++ libvirt-1.1.2/src/libvirt_private.syms +@@ -2042,6 +2042,8 @@ virFindFCHostCapableVport; + virFormatIntDecimal; + virGetDeviceID; + virGetDeviceUnprivSGIO; ++virGetEnvAllowSUID; ++virGetEnvBlockSUID; + virGetFCHostNameByWWN; + virGetGroupID; + virGetGroupList; +@@ -2060,6 +2062,7 @@ virIndexToDiskName; + virIsCapableFCHost; + virIsCapableVport; + virIsDevMapperDevice; ++virIsSUID; + virManageVport; + virParseNumber; + virParseOwnershipIds; +Index: libvirt-1.1.2/src/util/virutil.c +=================================================================== +--- libvirt-1.1.2.orig/src/util/virutil.c ++++ libvirt-1.1.2/src/util/virutil.c +@@ -2116,3 +2116,42 @@ cleanup: + + return rc; + } ++ ++ ++/** ++ * virGetEnvBlockSUID: ++ * @name: the environment variable name ++ * ++ * Obtain an environment variable which is unsafe to ++ * use when running setuid. If running setuid, a NULL ++ * value will be returned ++ */ ++const char *virGetEnvBlockSUID(const char *name) ++{ ++ return secure_getenv(name); ++} ++ ++ ++/** ++ * virGetEnvBlockSUID: ++ * @name: the environment variable name ++ * ++ * Obtain an environment variable which is safe to ++ * use when running setuid. The value will be returned ++ * even when running setuid ++ */ ++const char *virGetEnvAllowSUID(const char *name) ++{ ++ return getenv(name); ++} ++ ++ ++/** ++ * virIsSUID: ++ * Return a true value if running setuid. Does not ++ * check for elevated capabilities bits. ++ */ ++bool virIsSUID(void) ++{ ++ return getuid() != geteuid(); ++} +Index: libvirt-1.1.2/src/util/virutil.h +=================================================================== +--- libvirt-1.1.2.orig/src/util/virutil.h ++++ libvirt-1.1.2/src/util/virutil.h +@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long l + + int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr); + ++const char *virGetEnvBlockSUID(const char *name); ++const char *virGetEnvAllowSUID(const char *name); ++bool virIsSUID(void); ++ + #endif /* __VIR_UTIL_H__ */ diff --git a/b7fcc799a-CVE-2013-4400.patch b/b7fcc799a-CVE-2013-4400.patch new file mode 100644 index 0000000..1568934 --- /dev/null +++ b/b7fcc799a-CVE-2013-4400.patch @@ -0,0 +1,36 @@ +commit b7fcc799ad5d8f3e55b89b94e599903e3c092467 +Author: Daniel P. Berrange +Date: Wed Oct 9 15:14:34 2013 +0100 + + Close all non-stdio FDs in virt-login-shell (CVE-2013-4400) + + We don't want to inherit any FDs in the new namespace + except for the stdio FDs. Explicitly close them all, + just in case some do not have the close-on-exec flag + set. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.1.2/tools/virt-login-shell.c +=================================================================== +--- libvirt-1.1.2.orig/tools/virt-login-shell.c ++++ libvirt-1.1.2/tools/virt-login-shell.c +@@ -313,6 +313,18 @@ main(int argc, char **argv) + if (cpid == 0) { + pid_t ccpid; + ++ int openmax = sysconf(_SC_OPEN_MAX); ++ int fd; ++ if (openmax < 0) { ++ virReportSystemError(errno, "%s", ++ _("sysconf(_SC_OPEN_MAX) failed")); ++ return EXIT_FAILURE; ++ } ++ for (fd = 3; fd < openmax; fd++) { ++ int tmpfd = fd; ++ VIR_MASS_CLOSE(tmpfd); ++ } ++ + /* Fork once because we don't want to affect + * virt-login-shell's namespace itself + */ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 137931e..c7a3f07 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -2,7 +2,7 @@ Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac -@@ -173,6 +173,7 @@ LIBVIRT_CHECK_DBUS +@@ -174,6 +174,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF @@ -10,7 +10,7 @@ Index: libvirt-1.1.2/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2296,11 +2297,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2297,11 +2298,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.1.2/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2608,6 +2610,7 @@ LIBVIRT_RESULT_DBUS +@@ -2609,6 +2611,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -38,7 +38,7 @@ Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am -@@ -750,6 +750,10 @@ if WITH_NETCF +@@ -751,6 +751,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ Index: libvirt-1.1.2/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1310,11 +1314,16 @@ if WITH_NETCF +@@ -1311,11 +1315,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else diff --git a/libvirt.changes b/libvirt.changes index c6d6c33..9012bb6 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Oct 21 11:33:03 MDT 2013 - jfehlig@suse.com + +- CVE-2013-4400: Unsantized use of env variables allows privilege + escalation via virt-login-shell + ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, + b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, + CVE-2013-4400-build-fix.patch + bnc#837609 +- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native + 57687fd6-CVE-2013-4401.patch + bnc#845704 + ------------------------------------------------------------------- Fri Oct 18 14:42:39 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 765fa17..f769a20 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -412,10 +412,16 @@ Patch5: e4697b92-CVE-2013-4311.patch Patch6: 8294aa0c-CVE-2013-4399.patch Patch7: 484cc321-fix-spice-migration.patch Patch8: 79552754-libvirtd-chardev-crash.patch +Patch9: 57687fd6-CVE-2013-4401.patch +Patch10: ae53e5d1-CVE-2013-4400.patch +Patch11: 8c3586ea-CVE-2013-4400.patch +Patch12: b7fcc799a-CVE-2013-4400.patch +Patch13: 3e2f27e1-CVE-2013-4400.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch Patch102: xen-pv-cdrom.patch +Patch103: CVE-2013-4400-build-fix.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -928,9 +934,15 @@ of recent versions of Linux (and other OSes). %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 %patch100 -p1 %patch101 %patch102 -p1 +%patch103 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 From 53a4a5c7facf57d3bcbe8817e52c1c7919e9701abcc3ebb0d97fdbf08775713e Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 22 Oct 2013 17:07:40 +0000 Subject: [PATCH 05/10] Add upstream patches to fix build on older systems that have a gnutls that uses libgcrypt. OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=316 --- 5a0ea4b7-CVE-2013-4400.patch | 103 ++++++++++++++++++++++++++++++++++ 843bdb2f-CVE-2013-4400.patch | 27 +++++++++ CVE-2013-4400-build-fix.patch | 37 ------------ libvirt-suse-netcontrol.patch | 4 +- libvirt.changes | 2 +- libvirt.spec | 6 +- 6 files changed, 137 insertions(+), 42 deletions(-) create mode 100644 5a0ea4b7-CVE-2013-4400.patch create mode 100644 843bdb2f-CVE-2013-4400.patch delete mode 100644 CVE-2013-4400-build-fix.patch diff --git a/5a0ea4b7-CVE-2013-4400.patch b/5a0ea4b7-CVE-2013-4400.patch new file mode 100644 index 0000000..409add3 --- /dev/null +++ b/5a0ea4b7-CVE-2013-4400.patch @@ -0,0 +1,103 @@ +commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2 +Author: Jim Fehlig +Date: Mon Oct 21 15:36:11 2013 -0600 + + build: fix linking virt-login-shell + + After commit 3e2f27e1, I've noticed build failures of virt-login-shell + when libapparmor-devel is installed on the build host + + CCLD virt-login-shell + ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): + In function `virExec': + /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined + reference to `aa_change_profile' + collect2: error: ld returned 1 exit status + + I was about to commit an easy fix under the build-breaker rule + (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS + to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it + makes sense (build-fix-2.patch). + + Should I just stick with the simple fix, or is something along the lines + of patch 2 preferred? + + Regards, + Jim + + >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001 + From: Jim Fehlig + Date: Mon, 21 Oct 2013 15:30:02 -0600 + Subject: [PATCH] build: fix virt-login-shell build with apparmor + + With libapparmor-devel installed, virt-login-shell fails to link + + CCLD virt-login-shell + ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': + /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' + collect2: error: ld returned 1 exit status + + Fix by linking libvirt_setuid_rpc_client with previously determined + SECDRIVER_LIBS in src/Makefile.am. While at it, introduce SECDRIVER_CFLAGS + and use both throughout src/Makefile.am where it makes sense. + + Signed-off-by: Jim Fehlig + +Index: libvirt-1.1.2/src/Makefile.am +=================================================================== +--- libvirt-1.1.2.orig/src/Makefile.am ++++ libvirt-1.1.2/src/Makefile.am +@@ -49,11 +49,14 @@ nodist_conf_DATA = + + THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD) + ++SECDRIVER_CFLAGS = + SECDRIVER_LIBS = + if WITH_SECDRIVER_SELINUX ++SECDRIVER_CFLAGS += $(SELINUX_CFLAGS) + SECDRIVER_LIBS += $(SELINUX_LIBS) + endif + if WITH_SECDRIVER_APPARMOR ++SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS) + SECDRIVER_LIBS += $(APPARMOR_LIBS) + endif + +@@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES = + libvirt_setuid_rpc_client_la_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(LIBXML_LIBS) \ +- $(SELINUX_LIBS) \ ++ $(SECDRIVER_LIBS) \ + $(NULL) + libvirt_setuid_rpc_client_la_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ + -I$(top_srcdir)/src/conf \ + -I$(top_srcdir)/src/rpc \ + $(AM_CFLAGS) \ +- $(SELINUX_CFLAGS) \ ++ $(SECDRIVER_CFLAGS) \ + $(NULL) + endif WITH_LXC + +@@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \ + $(GNUTLS_LIBS) \ + $(SASL_LIBS) \ + $(SSH2_LIBS)\ ++ $(SECDRIVER_LIBS) \ + $(AM_LDFLAGS) \ + $(CYGWIN_EXTRA_LDFLAGS) \ + $(MINGW_EXTRA_LDFLAGS) +@@ -2410,12 +2414,7 @@ if WITH_BLKID + libvirt_lxc_CFLAGS += $(BLKID_CFLAGS) + libvirt_lxc_LDADD += $(BLKID_LIBS) + endif +-if WITH_SECDRIVER_SELINUX +-libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS) +-endif +-if WITH_SECDRIVER_APPARMOR +-libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS) +-endif ++libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS) + endif + endif + EXTRA_DIST += $(LXC_CONTROLLER_SOURCES) diff --git a/843bdb2f-CVE-2013-4400.patch b/843bdb2f-CVE-2013-4400.patch new file mode 100644 index 0000000..8daa299 --- /dev/null +++ b/843bdb2f-CVE-2013-4400.patch @@ -0,0 +1,27 @@ +commit 843bdb2f8a3364637cda2911624149525188843f +Author: Jim Fehlig +Date: Mon Oct 21 23:12:22 2013 -0600 + + build: fix build of virt-login-shell on systems with older gnutls + + On systems where gnutls uses libgcrypt, I'm seeing the following + build failure + + libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type + libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function) + ... + + Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h + +Index: libvirt-1.1.2/config-post.h +=================================================================== +--- libvirt-1.1.2.orig/config-post.h ++++ libvirt-1.1.2/config-post.h +@@ -34,6 +34,7 @@ + # undef WITH_CURL + # undef WITH_DTRACE_PROBES + # undef WITH_GNUTLS ++# undef WITH_GNUTLS_GCRYPT + # undef WITH_MACVTAP + # undef WITH_NUMACTL + # undef WITH_SASL diff --git a/CVE-2013-4400-build-fix.patch b/CVE-2013-4400-build-fix.patch deleted file mode 100644 index 6dd6391..0000000 --- a/CVE-2013-4400-build-fix.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit a6f05b5fdf139aa7155b64b2b581ff88151fbfca -Author: Jim Fehlig -Date: Mon Oct 21 14:57:27 2013 -0600 - - build: fix virt-login-shell build with apparmor - - With libapparmor-devel installed, virt-login-shell fails to link - - CCLD virt-login-shell - ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': - /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' - collect2: error: ld returned 1 exit status - - Fix by linking libvirt_setuid_rpc_client with previously determined - SECDRIVER_LIBS in src/Makefile.am. - -Index: libvirt-1.1.2/src/Makefile.am -=================================================================== ---- libvirt-1.1.2.orig/src/Makefile.am -+++ libvirt-1.1.2/src/Makefile.am -@@ -1978,7 +1978,7 @@ libvirt_setuid_rpc_client_la_SOURCES = - libvirt_setuid_rpc_client_la_LDFLAGS = \ - $(AM_LDFLAGS) \ - $(LIBXML_LIBS) \ -- $(SELINUX_LIBS) \ -+ $(SECDRIVER_LIBS) \ - $(NULL) - libvirt_setuid_rpc_client_la_CFLAGS = \ - -DLIBVIRT_SETUID_RPC_CLIENT \ -@@ -1986,6 +1986,7 @@ libvirt_setuid_rpc_client_la_CFLAGS = \ - -I$(top_srcdir)/src/rpc \ - $(AM_CFLAGS) \ - $(SELINUX_CFLAGS) \ -+ $(APPARMOR_CFLAGS) \ - $(NULL) - endif WITH_LXC - diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index c7a3f07..cb32f6e 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -38,7 +38,7 @@ Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am -@@ -751,6 +751,10 @@ if WITH_NETCF +@@ -754,6 +754,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ Index: libvirt-1.1.2/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1311,11 +1315,16 @@ if WITH_NETCF +@@ -1314,11 +1318,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else diff --git a/libvirt.changes b/libvirt.changes index 9012bb6..23ce6fc 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -5,7 +5,7 @@ Mon Oct 21 11:33:03 MDT 2013 - jfehlig@suse.com escalation via virt-login-shell ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, - CVE-2013-4400-build-fix.patch + 5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch bnc#837609 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native 57687fd6-CVE-2013-4401.patch diff --git a/libvirt.spec b/libvirt.spec index f769a20..964fe05 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -417,11 +417,12 @@ Patch10: ae53e5d1-CVE-2013-4400.patch Patch11: 8c3586ea-CVE-2013-4400.patch Patch12: b7fcc799a-CVE-2013-4400.patch Patch13: 3e2f27e1-CVE-2013-4400.patch +Patch14: 5a0ea4b7-CVE-2013-4400.patch +Patch15: 843bdb2f-CVE-2013-4400.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch Patch102: xen-pv-cdrom.patch -Patch103: CVE-2013-4400-build-fix.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -939,10 +940,11 @@ of recent versions of Linux (and other OSes). %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 +%patch15 -p1 %patch100 -p1 %patch101 %patch102 -p1 -%patch103 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 From 8296f9e96dd4d9745427a6a80e61444a102bf6421aa98facbe9234bd60feb0ed Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 22 Oct 2013 18:29:21 +0000 Subject: [PATCH 06/10] - Spec file fixes to only package libvirt-login-shell when building the LXC driver OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=317 --- libvirt.changes | 6 ++++++ libvirt.spec | 13 ++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libvirt.changes b/libvirt.changes index 23ce6fc..f87efc8 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 22 12:28:03 MDT 2013 - jfehlig@suse.com + +- Spec file fixes to only package libvirt-login-shell when + building the LXC driver + ------------------------------------------------------------------- Mon Oct 21 11:33:03 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 964fe05..7b6610f 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -900,14 +900,18 @@ Requires: augeas Includes the Sanlock lock manager plugin for the QEMU driver %endif +%if %{with_lxc} + %package login-shell -Summary: Login shell for containers +Summary: Login shell for connecting users to an LXC container Group: Development/Libraries/C and C++ Requires: %{name}-client = %{version}-%{release} %description login-shell -Povides virt-login-shell, a tool to execute a shell within a container -matching the users name +Provides the set-uid virt-login-shell binary that is used to +connect a user to an LXC container when they login, by switching +namespaces. +%endif %if %{with_python} @@ -1680,6 +1684,8 @@ fi %attr(0755, root, root) %{_libdir}/%{name}/libvirt_sanlock_helper %endif +%if %{with_lxc} + %files login-shell %defattr(-, root, root) %config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf @@ -1688,6 +1694,7 @@ fi # In the meantime, don't install setuid #%attr(4755, root, root) %{_bindir}/virt-login-shell %{_bindir}/virt-login-shell +%endif %if %{with_python} From 65c4cfdc025dd83cb579ab7ddc91eecb725da5ba632a84ee162d0d409a4fc6fd Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 22 Oct 2013 21:27:53 +0000 Subject: [PATCH 07/10] - Have systemd terminate the machine as a workaround of fdo#68370 bd773e74-lxc-terminate-machine.patch bnc#842834 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=318 --- bd773e74-lxc-terminate-machine.patch | 247 +++++++++++++++++++++++++++ libvirt.changes | 7 + libvirt.spec | 2 + 3 files changed, 256 insertions(+) create mode 100644 bd773e74-lxc-terminate-machine.patch diff --git a/bd773e74-lxc-terminate-machine.patch b/bd773e74-lxc-terminate-machine.patch new file mode 100644 index 0000000..4417f6d --- /dev/null +++ b/bd773e74-lxc-terminate-machine.patch @@ -0,0 +1,247 @@ +commit bd773e74f0d1d1b9ebbfcaa645178316b4f2265c +Author: Cédric Bosdonnat +Date: Mon Sep 30 16:46:29 2013 +0200 + + LXC: workaround machined uncleaned data with containers running systemd. + + The problem is described by [0] but its effect on libvirt is that + starting a container with a full distro running systemd after having + stopped it simply fails. + + The container cleanup now calls the machined Terminate function to make + sure that everything is in order for the next run. + + [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370 + +Index: libvirt-1.1.2/src/libvirt_private.syms +=================================================================== +--- libvirt-1.1.2.orig/src/libvirt_private.syms ++++ libvirt-1.1.2/src/libvirt_private.syms +@@ -1940,8 +1940,10 @@ virSysinfoSetup; + + # util/virsystemd.h + virSystemdCreateMachine; ++virSystemdMakeMachineName; + virSystemdMakeScopeName; + virSystemdMakeSliceName; ++virSystemdTerminateMachine; + + + # util/virthread.h +Index: libvirt-1.1.2/src/lxc/lxc_process.c +=================================================================== +--- libvirt-1.1.2.orig/src/lxc/lxc_process.c ++++ libvirt-1.1.2/src/lxc/lxc_process.c +@@ -50,6 +50,7 @@ + #include "virstring.h" + #include "viratomic.h" + #include "virprocess.h" ++#include "virsystemd.h" + + #define VIR_FROM_THIS VIR_FROM_LXC + +@@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCD + virCgroupFree(&priv->cgroup); + } + ++ /* Get machined to terminate the machine as it may not have cleaned it ++ * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for ++ * the bug we are working around here. ++ */ ++ virSystemdTerminateMachine(vm->def->name, "lxc", true); ++ ++ + /* now that we know it's stopped call the hook if present */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); +Index: libvirt-1.1.2/src/util/virsystemd.c +=================================================================== +--- libvirt-1.1.2.orig/src/util/virsystemd.c ++++ libvirt-1.1.2/src/util/virsystemd.c +@@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char + return virBufferContentAndReset(&buf); + } + ++char *virSystemdMakeMachineName(const char *name, ++ const char *drivername, ++ bool privileged) ++{ ++ char *machinename = NULL; ++ char *username = NULL; ++ if (privileged) { ++ if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) ++ goto cleanup; ++ } else { ++ if (!(username = virGetUserName(geteuid()))) ++ goto cleanup; ++ if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) ++ goto cleanup; ++ } ++ ++cleanup: ++ VIR_FREE(username); ++ ++ return machinename; ++} + + /** + * virSystemdCreateMachine: +@@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char * + DBusConnection *conn; + char *machinename = NULL; + char *creatorname = NULL; +- char *username = NULL; + char *slicename = NULL; + + if (!virDBusHasSystemBus()) +@@ -150,15 +170,8 @@ int virSystemdCreateMachine(const char * + + conn = virDBusGetSystemBus(); + +- if (privileged) { +- if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) +- goto cleanup; +- } else { +- if (!(username = virGetUserName(geteuid()))) +- goto cleanup; +- if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) +- goto cleanup; +- } ++ if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) ++ goto cleanup; + + if (virAsprintf(&creatorname, "libvirt-%s", drivername) < 0) + goto cleanup; +@@ -241,8 +254,52 @@ int virSystemdCreateMachine(const char * + ret = 0; + + cleanup: +- VIR_FREE(username); + VIR_FREE(creatorname); + VIR_FREE(machinename); + return ret; + } ++ ++int virSystemdTerminateMachine(const char *name, ++ const char *drivername, ++ bool privileged) ++{ ++ int ret; ++ DBusConnection *conn; ++ char *machinename = NULL; ++ ++ if(!virDBusHasSystemBus()) ++ return -2; ++ ++ conn = virDBusGetSystemBus(); ++ ++ ret = -1; ++ if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) ++ goto cleanup; ++ ++ /* ++ * The systemd DBus API we're invoking has the ++ * following signature ++ * ++ * TerminateMachine(in s name); ++ * ++ * @name a host unique name for the machine. shows up ++ * in 'ps' listing & similar ++ */ ++ ++ VIR_DEBUG("Attempting to terminate machine via systemd"); ++ if (virDBusCallMethod(conn, ++ NULL, ++ "org.freedesktop.machine1", ++ "/org/freedesktop/machine1", ++ "org.freedesktop.machine1.Manager", ++ "TerminateMachine", ++ "s", ++ machinename) < 0) ++ goto cleanup; ++ ++ ret = 0; ++ ++cleanup: ++ VIR_FREE(machinename); ++ return ret; ++} +Index: libvirt-1.1.2/src/util/virsystemd.h +=================================================================== +--- libvirt-1.1.2.orig/src/util/virsystemd.h ++++ libvirt-1.1.2/src/util/virsystemd.h +@@ -29,6 +29,10 @@ char *virSystemdMakeScopeName(const char + const char *slicename); + char *virSystemdMakeSliceName(const char *partition); + ++char *virSystemdMakeMachineName(const char *name, ++ const char *drivername, ++ bool privileged); ++ + int virSystemdCreateMachine(const char *name, + const char *drivername, + bool privileged, +@@ -38,4 +42,8 @@ int virSystemdCreateMachine(const char * + bool iscontainer, + const char *partition); + ++int virSystemdTerminateMachine(const char *name, ++ const char *drivername, ++ bool privileged); ++ + #endif /* __VIR_SYSTEMD_H__ */ +Index: libvirt-1.1.2/tests/virsystemdtest.c +=================================================================== +--- libvirt-1.1.2.orig/tests/virsystemdtest.c ++++ libvirt-1.1.2/tests/virsystemdtest.c +@@ -51,6 +51,18 @@ static int testCreateContainer(const voi + return 0; + } + ++static int testTerminateContainer(const void *opaque ATTRIBUTE_UNUSED) ++{ ++ if (virSystemdTerminateMachine("demo", ++ "lxc", ++ true) < 0) { ++ fprintf(stderr, "%s", "Failed to terminate LXC machine\n"); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int testCreateMachine(const void *opaque ATTRIBUTE_UNUSED) + { + unsigned char uuid[VIR_UUID_BUFLEN] = { +@@ -74,6 +86,18 @@ static int testCreateMachine(const void + return 0; + } + ++static int testTerminateMachine(const void *opaque ATTRIBUTE_UNUSED) ++{ ++ if (virSystemdTerminateMachine("demo", ++ "qemu", ++ false) < 0) { ++ fprintf(stderr, "%s", "Failed to terminate KVM machine\n"); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int testCreateNoSystemd(const void *opaque ATTRIBUTE_UNUSED) + { + unsigned char uuid[VIR_UUID_BUFLEN] = { +@@ -177,8 +201,12 @@ mymain(void) + + if (virtTestRun("Test create container ", 1, testCreateContainer, NULL) < 0) + ret = -1; ++ if (virtTestRun("Test terminate container ", 1, testTerminateContainer, NULL) < 0) ++ ret = -1; + if (virtTestRun("Test create machine ", 1, testCreateMachine, NULL) < 0) + ret = -1; ++ if (virtTestRun("Test terminate machine ", 1, testTerminateMachine, NULL) < 0) ++ ret = -1; + if (virtTestRun("Test create no systemd ", 1, testCreateNoSystemd, NULL) < 0) + ret = -1; + if (virtTestRun("Test create bad systemd ", 1, testCreateBadSystemd, NULL) < 0) diff --git a/libvirt.changes b/libvirt.changes index f87efc8..af34c24 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 22 14:37:08 MDT 2013 - cbosdonnat@suse.com + +- Have systemd terminate the machine as a workaround of fdo#68370 + bd773e74-lxc-terminate-machine.patch + bnc#842834 + ------------------------------------------------------------------- Tue Oct 22 12:28:03 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 7b6610f..71ede12 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -419,6 +419,7 @@ Patch12: b7fcc799a-CVE-2013-4400.patch Patch13: 3e2f27e1-CVE-2013-4400.patch Patch14: 5a0ea4b7-CVE-2013-4400.patch Patch15: 843bdb2f-CVE-2013-4400.patch +Patch16: bd773e74-lxc-terminate-machine.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -946,6 +947,7 @@ of recent versions of Linux (and other OSes). %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %patch100 -p1 %patch101 %patch102 -p1 From 3973ce3ddef99e83a77695cbae626c75baffecdf5ff03d65816d3088fa30c699 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 23 Oct 2013 03:41:22 +0000 Subject: [PATCH 08/10] - Fix file descriptor passing in python bindings e350826c-python-fix-fd-passing.patch rhb#1021434 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=319 --- e350826c-python-fix-fd-passing.patch | 26 ++++++++++++++++++++++++++ libvirt.changes | 7 +++++++ libvirt.spec | 2 ++ 3 files changed, 35 insertions(+) create mode 100644 e350826c-python-fix-fd-passing.patch diff --git a/e350826c-python-fix-fd-passing.patch b/e350826c-python-fix-fd-passing.patch new file mode 100644 index 0000000..ea9289b --- /dev/null +++ b/e350826c-python-fix-fd-passing.patch @@ -0,0 +1,26 @@ +commit e350826c653b20dd271ab99075d2f224c7451356 +Author: Marian Neagul +Date: Tue Oct 22 16:03:39 2013 +0100 + + python: Fix Create*WithFiles filefd passing + + Commit d76227be added functions virDomainCreateWithFiles and + virDomainCreateXMLWithFiles, but there was a little piece missing in + python bindings. This patch fixes proper passing of file descriptors + in the overwrites of these functions. + +Index: libvirt-1.1.2/python/libvirt-override.c +=================================================================== +--- libvirt-1.1.2.orig/python/libvirt-override.c ++++ libvirt-1.1.2/python/libvirt-override.c +@@ -7149,6 +7149,10 @@ libvirt_virDomainCreateXMLWithFiles(PyOb + + if (libvirt_intUnwrap(pyfd, &fd) < 0) + goto cleanup; ++ ++ files[i] = fd; ++ ++ files[i] = fd; + } + + LIBVIRT_BEGIN_ALLOW_THREADS; diff --git a/libvirt.changes b/libvirt.changes index af34c24..c8e51d8 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 22 21:37:08 MDT 2013 - jfehlig@suse.com + +- Fix file descriptor passing in python bindings + e350826c-python-fix-fd-passing.patch + rhb#1021434 + ------------------------------------------------------------------- Tue Oct 22 14:37:08 MDT 2013 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index 71ede12..6cb823a 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -420,6 +420,7 @@ Patch13: 3e2f27e1-CVE-2013-4400.patch Patch14: 5a0ea4b7-CVE-2013-4400.patch Patch15: 843bdb2f-CVE-2013-4400.patch Patch16: bd773e74-lxc-terminate-machine.patch +Patch17: e350826c-python-fix-fd-passing.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -948,6 +949,7 @@ of recent versions of Linux (and other OSes). %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 %patch100 -p1 %patch101 %patch102 -p1 From 1ec99abbc84f839163d08ce899a0aefcb23e983a055e5b418c62f3ab57552a87 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 25 Oct 2013 19:29:19 +0000 Subject: [PATCH 09/10] - libxl driver: fix initialization of VNC and SDL info for HVM domains libxl-hvm-vnc.patch bnc#847566 - Allow libvirtd apparmor profile to access /etc/xen/scripts/* OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=320 --- install-apparmor-profiles.patch | 3 ++- libvirt.changes | 9 +++++++ libvirt.spec | 2 ++ libxl-hvm-vnc.patch | 45 +++++++++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 libxl-hvm-vnc.patch diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index b3a7bcb..e29b641 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -203,7 +203,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null +++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,59 @@ +@@ -0,0 +1,60 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include +@{LIBVIRT}="libvirt" @@ -255,6 +255,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, ++ /etc/xen/scripts/* r, + @libdir@/libvirt/* Pxr, + @libdir@/libvirt/libvirt_parthelper Ux, + @libdir@/libvirt/libvirt_iohelper Ux, diff --git a/libvirt.changes b/libvirt.changes index c8e51d8..787e7ef 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Oct 25 13:10:27 MDT 2013 - jfehlig@suse.com + +- libxl driver: fix initialization of VNC and SDL info for + HVM domains + libxl-hvm-vnc.patch + bnc#847566 +- Allow libvirtd apparmor profile to access /etc/xen/scripts/* + ------------------------------------------------------------------- Tue Oct 22 21:37:08 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 6cb823a..58a6d58 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -425,6 +425,7 @@ Patch17: e350826c-python-fix-fd-passing.patch Patch100: xen-name-for-devid.patch Patch101: clone.patch Patch102: xen-pv-cdrom.patch +Patch103: libxl-hvm-vnc.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -953,6 +954,7 @@ of recent versions of Linux (and other OSes). %patch100 -p1 %patch101 %patch102 -p1 +%patch103 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 diff --git a/libxl-hvm-vnc.patch b/libxl-hvm-vnc.patch new file mode 100644 index 0000000..f6809ff --- /dev/null +++ b/libxl-hvm-vnc.patch @@ -0,0 +1,45 @@ +Index: libvirt-1.1.2/src/libxl/libxl_conf.c +=================================================================== +--- libvirt-1.1.2.orig/src/libxl/libxl_conf.c ++++ libvirt-1.1.2/src/libxl/libxl_conf.c +@@ -524,6 +524,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de + } + + static int ++libxlFixupDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config) ++{ ++ libxl_domain_build_info *b_info = &d_config->b_info; ++ int hvm = STREQ(def->os.type, "hvm"); ++ libxl_device_vfb vfb; ++ ++ if (!hvm) ++ return 0; ++ ++ if (d_config->num_vfbs) { ++ vfb = d_config->vfbs[0]; ++ if (libxl_defbool_val(vfb.vnc.enable)) ++ memcpy(&b_info->u.hvm.vnc, &vfb.vnc, sizeof(libxl_vnc_info)); ++ else if (libxl_defbool_val(vfb.sdl.enable)) ++ memcpy(&b_info->u.hvm.sdl, &vfb.sdl, sizeof(libxl_sdl_info)); ++ else ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ ++static int + libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config) + { + virDomainDefPtr def = vm->def; +@@ -1025,6 +1049,9 @@ libxlBuildDomainConfig(libxlDriverPrivat + if (libxlMakeVfbList(driver, def, d_config) < 0) + return -1; + ++ if (libxlFixupDomBuildInfo(def, d_config) < 0) ++ return -1; ++ + d_config->on_reboot = def->onReboot; + d_config->on_poweroff = def->onPoweroff; + d_config->on_crash = def->onCrash; From 534200398b23333afd4ad60faa0ac2c613651d5d3603df79e19e2e65cc67ef15 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 25 Oct 2013 20:21:05 +0000 Subject: [PATCH 10/10] Add missing execute permission for /etc/xen/scripts in libvirtd apparmor profile OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=321 --- install-apparmor-profiles.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index e29b641..56a4d4d 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -255,7 +255,7 @@ Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, -+ /etc/xen/scripts/* r, ++ /etc/xen/scripts/* rx, + @libdir@/libvirt/* Pxr, + @libdir@/libvirt/libvirt_parthelper Ux, + @libdir@/libvirt/libvirt_iohelper Ux,