forked from pool/libvirt
da9af7a383
- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime
for read-only connections and users
CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch
bsc#1131595
- spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch
touches remote_protocol.x
- Update to libvirt 5.2.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
4ec3cf9a-apparmor-rules.patch,
f38ef0fa-no-RDMA-check.patch,
411cdaf8-apparmor-check-profile-name.patch,
696239ba-qemu-fix-query-cpus-fast.patch,
09eb1ae0-conf-add-xenbus-controller.patch,
fb059757-libxl-add-xenbus-controller.patch,
ec5a1191-libxl-support-max-grant-frames.patch,
5a64c202-xenconfig-support-max-grant-frames.patch
- Added patches:
ff376c62-tests-fix-mocking-stat-lstat.patch,
mprivozn-test-fix-proposal.patch
OBS-URL: https://build.opensuse.org/request/show/692393
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
47 lines
1.7 KiB
Diff
47 lines
1.7 KiB
Diff
Disable TLS by default
|
|
|
|
On SUSE distros, the default is for libvirtd to listen only on the
|
|
Unix Domain Socket. The libvirt client still provides remote access
|
|
via a SSH tunnel.
|
|
Index: libvirt-5.2.0/src/remote/libvirtd.conf
|
|
===================================================================
|
|
--- libvirt-5.2.0.orig/src/remote/libvirtd.conf
|
|
+++ libvirt-5.2.0/src/remote/libvirtd.conf
|
|
@@ -18,8 +18,8 @@
|
|
# It is necessary to setup a CA and issue server certificates before
|
|
# using this capability.
|
|
#
|
|
-# This is enabled by default, uncomment this to disable it
|
|
-#listen_tls = 0
|
|
+# This is disabled by default, uncomment this to enable it
|
|
+#listen_tls = 1
|
|
|
|
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
|
# NB, must pass the --listen flag to the libvirtd process for this to
|
|
Index: libvirt-5.2.0/src/remote/remote_daemon_config.c
|
|
===================================================================
|
|
--- libvirt-5.2.0.orig/src/remote/remote_daemon_config.c
|
|
+++ libvirt-5.2.0/src/remote/remote_daemon_config.c
|
|
@@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT
|
|
if (VIR_ALLOC(data) < 0)
|
|
return NULL;
|
|
|
|
- data->listen_tls = 1;
|
|
+ data->listen_tls = 0;
|
|
data->listen_tcp = 0;
|
|
|
|
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
|
|
Index: libvirt-5.2.0/src/remote/test_libvirtd.aug.in
|
|
===================================================================
|
|
--- libvirt-5.2.0.orig/src/remote/test_libvirtd.aug.in
|
|
+++ libvirt-5.2.0/src/remote/test_libvirtd.aug.in
|
|
@@ -2,7 +2,7 @@ module Test_libvirtd =
|
|
::CONFIG::
|
|
|
|
test Libvirtd.lns get conf =
|
|
- { "listen_tls" = "0" }
|
|
+ { "listen_tls" = "1" }
|
|
{ "listen_tcp" = "1" }
|
|
{ "tls_port" = "16514" }
|
|
{ "tcp_port" = "16509" }
|