Hello community,
here is the log from the commit of package hyper-v for openSUSE:Factory checked in at 2012-11-30 12:21:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hyper-v (Old)
and /work/SRC/openSUSE:Factory/.hyper-v.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hyper-v", Maintainer is "OHering@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/hyper-v/hyper-v.changes 2012-11-02 17:36:59.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.hyper-v.new/hyper-v.changes 2012-11-30 12:25:40.000000000 +0100
@@ -1,0 +2,29 @@
+Tue Nov 27 11:19:32 CET 2012 - ohering@suse.de
+
+- update hv_set_ifconfig, use single index for static ipv4/ipv6 [bnc#790469]
+
+-------------------------------------------------------------------
+Sun Nov 25 17:50:40 CET 2012 - ohering@suse.de
+
+- update hv_set_ifconfig further to work with our ifcfg [bnc#790469]
+
+-------------------------------------------------------------------
+Thu Nov 22 18:14:12 CET 2012 - ohering@suse.de
+
+- update hv_get_dhcp_info to work with our ifcfg [bnc#790469]
+- remove cat usage from hv_get_dns_info
+- add quoting to hv_set_ifconfig to make it more robust
+
+-------------------------------------------------------------------
+Mon Nov 12 17:18:25 CET 2012 - ohering@suse.de
+
+- remove code to build kmp, it was not enabled because the
+ drivers are now in kernel since a long time. [bnc#676890]
+
+-------------------------------------------------------------------
+Thu Nov 8 14:30:05 CET 2012 - ohering@suse.de
+
+- Netlink source address validation allows DoS [bnc#791605, CVE-2012-5532]
+ bugfix for recvfrom check from bnc#761200
+
+-------------------------------------------------------------------
@@ -33 +62 @@
-- check origin of netlink messages, use recvfrom() [bnc#761200]
+- check origin of netlink messages, use recvfrom() [bnc#761200, CVE-2012-2669]
Old:
----
Module.supported
full-kernel-version.patch
hyper-v.dummy_ko.c
hyper-v.supplements.txt
hyperv_pvdrivers.conf
kmp_filelist
no-loopback.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ hyper-v.spec ++++++
--- /var/tmp/diff_new_pack.27S5S3/_old 2012-11-30 12:25:41.000000000 +0100
+++ /var/tmp/diff_new_pack.27S5S3/_new 2012-11-30 12:25:41.000000000 +0100
@@ -16,21 +16,9 @@
#
-%define with_kmp 0
-%define with_modprobe 0
-%if %{with_kmp}
-%define with_drivers_in_kmp 0
-%endif
%define hv_kvp_daemon hv_kvp_daemon
Name: hyper-v
-%if %{with_kmp}
-BuildRequires: kernel-default-devel
-BuildRequires: module-init-tools
-%ifarch %ix86
-BuildRequires: kernel-pae-devel
-%endif
-%endif
ExclusiveArch: %ix86 x86_64
PreReq: %insserv_prereq
Summary: Microsoft Hyper-V tools
@@ -41,11 +29,6 @@
Url: http://www.kernel.org
Version: 4
Release: 0
-Source: Module.supported
-Source1: hyperv_pvdrivers.conf
-Source2: kmp_filelist
-Source3: hyper-v.supplements.txt
-Source4: hyper-v.dummy_ko.c
Source5: hyper-v.kvptest.ps1.txt
Source9: hyper-v.include.linux.hyperv.h
Source10: hyper-v.tools.hv.hv_kvp_daemon.c
@@ -53,44 +36,17 @@
Source20: hyper-v.tools.hv.hv_get_dhcp_info.sh
Source21: hyper-v.tools.hv.hv_get_dns_info.sh
Source22: hyper-v.tools.hv.hv_set_ifconfig.sh
-Patch0: full-kernel-version.patch
-Patch1: no-loopback.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if %{with_kmp}
-%if %{with_drivers_in_kmp}
-%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist
-%else
-%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist -p hyper-v.supplements.txt
-%endif
-%endif
%description
This package contains the Microsoft Hyper-V tools.
-
-
-%if %{with_kmp}
-
-%package KMP
-
-Summary: Microsoft Hyper-V drivers
-Group: System/Kernel
-
-%description KMP
-This package contains the Microsoft Hyper-V drivers.
-
-
-
-%endif
-
%prep
%setup -Tc
cp -avL %{S:5} kvptest.ps1.txt
cp -vL %{S:9} %{hv_kvp_daemon}.h
cp -vL %{S:10} %{hv_kvp_daemon}.c
-%patch0 -p3
-%patch1 -p3
%build
sed -i~ '/#include /d' %{hv_kvp_daemon}.c
@@ -104,31 +60,8 @@
-DCN_KVP_IDX=0x9 \
-DCN_KVP_VAL=0x1 \
-o %{hv_kvp_daemon}
-%if %{with_kmp}
-for flavor in %flavors_to_build; do
-%if %{with_drivers_in_kmp}
- krel=$(make -s -C %{kernel_source $flavor} kernelrelease)
- cp -a /lib/modules/$krel/source/drivers/staging/hv $flavor
-%else
- rm -rfv $flavor
- mkdir -p $flavor
- cp %_sourcedir/hyper-v.dummy_ko.c $flavor/hyper-v.suse_kmp_dummy.c
- cat > $flavor/Makefile <<-EOF
-obj-m += hyper-v.suse_kmp_dummy.o
-EOF
-%endif
- cp %_sourcedir/Module.supported $flavor
- make -C %{kernel_source $flavor} modules M=$PWD/$flavor
-done
-%endif
%install
-%if %{with_kmp}
-export INSTALL_MOD_PATH=$RPM_BUILD_ROOT
-for flavor in %flavors_to_build; do
- make -C %{kernel_source $flavor} modules_install M=$PWD/$flavor
-done
-%endif
mkdir -p $RPM_BUILD_ROOT/usr/sbin
install -m755 %{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}/bin
@@ -139,20 +72,10 @@
mkdir -p $RPM_BUILD_ROOT/etc/init.d
install -m755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/%{hv_kvp_daemon}
ln -sfvbn ../../etc/init.d/%{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin/rc%{hv_kvp_daemon}
-%if %{with_modprobe}
-mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d
-install -m644 %SOURCE1 $RPM_BUILD_ROOT/etc/modprobe.d/hyperv_pvdrivers.conf
-%endif
%files
%defattr (-,root,root)
%doc kvptest.ps1.txt
-%if %{with_modprobe}
-%if !%{with_kmp}
-%dir /etc/modprobe.d
-%config /etc/modprobe.d/hyperv_pvdrivers.conf
-%endif
-%endif
/etc/init.d/%{hv_kvp_daemon}
/usr/sbin/rc%{hv_kvp_daemon}
/usr/sbin/%{hv_kvp_daemon}
++++++ hyper-v.tools.hv.hv_get_dhcp_info.sh ++++++
--- /var/tmp/diff_new_pack.27S5S3/_old 2012-11-30 12:25:41.000000000 +0100
+++ /var/tmp/diff_new_pack.27S5S3/_new 2012-11-30 12:25:41.000000000 +0100
@@ -1,6 +1,6 @@
#!/bin/bash
-# This example script retrieves the DHCP state of a given interface.
+# This script retrieves the DHCP state of a given interface.
# In the interest of keeping the KVP daemon code free of distro specific
# information; the kvp daemon code invokes this external script to gather
# DHCP setting for the specific interface.
@@ -16,9 +16,9 @@
# this script can be based on the Network Manager APIs for retrieving DHCP
# information.
-if_file="/etc/sysconfig/network-scripts/ifcfg-"$1
+if_file="/etc/sysconfig/network/ifcfg-$1"
-dhcp=$(grep "dhcp" $if_file 2>/dev/null)
+dhcp=$(grep -- '^BOOTPROTO=.*dhcp' "$if_file" 2>/dev/null)
if [ "$dhcp" != "" ];
then
++++++ hyper-v.tools.hv.hv_get_dns_info.sh ++++++
--- /var/tmp/diff_new_pack.27S5S3/_old 2012-11-30 12:25:41.000000000 +0100
+++ /var/tmp/diff_new_pack.27S5S3/_new 2012-11-30 12:25:41.000000000 +0100
@@ -1,6 +1,6 @@
#!/bin/bash
-# This example script parses /etc/resolv.conf to retrive DNS information.
+# This script parses /etc/resolv.conf to retrive DNS information.
# In the interest of keeping the KVP daemon code free of distro specific
# information; the kvp daemon code invokes this external script to gather
# DNS information.
@@ -10,4 +10,7 @@
# this script can be based on the Network Manager APIs for retrieving DNS
# entries.
-cat /etc/resolv.conf 2>/dev/null | awk '/^nameserver/ { print $2 }'
+if test -r /etc/resolv.conf
+then
+ awk -- '/^nameserver/ { print $2 }' /etc/resolv.conf
+fi
++++++ hyper-v.tools.hv.hv_kvp_daemon.c ++++++
--- /var/tmp/diff_new_pack.27S5S3/_old 2012-11-30 12:25:41.000000000 +0100
+++ /var/tmp/diff_new_pack.27S5S3/_new 2012-11-30 12:25:41.000000000 +0100
@@ -43,6 +43,7 @@
#include
#include
#include
+#include
/*
* KVP protocol: The user mode component first registers with the
@@ -88,6 +89,7 @@
static char *os_minor = "";
static char *processor_arch;
static char *os_build;
+static char *os_version;
static char *lic_version = "Unknown version";
static struct utsname uts_buf;
@@ -453,7 +455,9 @@
char *p, buf[512];
uname(&uts_buf);
- os_build = uts_buf.release;
+ os_version = uts_buf.release;
+ os_build = strdup(uts_buf.release);
+
os_name = uts_buf.sysname;
processor_arch = uts_buf.machine;
@@ -462,7 +466,7 @@
* string to be of the form: x.y.z
* Strip additional information we may have.
*/
- p = strchr(os_build, '-');
+ p = strchr(os_version, '-');
if (p)
*p = '\0';
@@ -879,7 +883,7 @@
addr_length = INET6_ADDRSTRLEN;
}
- if ((length - *offset) < addr_length + 1)
+ if ((length - *offset) < addr_length + 2)
return HV_E_FAIL;
if (str == NULL) {
strcpy(buffer, "inet_ntop failed\n");
@@ -887,11 +891,13 @@
}
if (*offset == 0)
strcpy(buffer, tmp);
- else
+ else {
+ strcat(buffer, ";");
strcat(buffer, tmp);
- strcat(buffer, ";");
+ }
*offset += strlen(str) + 1;
+
return 0;
}
@@ -953,7 +959,9 @@
* supported address families; if not we gather info on
* the specified address family.
*/
- if ((family != 0) && (curp->ifa_addr->sa_family != family)) {
+ if ((((family != 0) &&
+ (curp->ifa_addr->sa_family != family))) ||
+ (curp->ifa_flags & IFF_LOOPBACK)) {
curp = curp->ifa_next;
continue;
}
@@ -1478,13 +1486,19 @@
len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
addr_p, &addr_l);
- if (len < 0 || addr.nl_pid) {
+ if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
+ if (addr.nl_pid) {
+ syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+ addr.nl_pid);
+ continue;
+ }
+
incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
@@ -1649,7 +1663,7 @@
strcpy(key_name, "OSMinorVersion");
break;
case OSVersion:
- strcpy(key_value, os_build);
+ strcpy(key_value, os_version);
strcpy(key_name, "OSVersion");
break;
case ProcessorArchitecture:
++++++ hyper-v.tools.hv.hv_set_ifconfig.sh ++++++
--- /var/tmp/diff_new_pack.27S5S3/_old 2012-11-30 12:25:41.000000000 +0100
+++ /var/tmp/diff_new_pack.27S5S3/_new 2012-11-30 12:25:41.000000000 +0100
@@ -41,43 +41,145 @@
: expect configuration datafile as first argument
exit 1
fi
-#
+# send subshell output to syslog
(
+f=/etc/sysconfig/network/scripts/functions
+if test -f ${f}
+then
+ . ${f}
+else
+ echo "MISSING ${f}"
+ exit 1
+fi
+# remove known config variables from environment
+unset HWADDR
unset DHCP
unset IF_NAME
+unset ${!IPADDR*}
+unset ${!NETMASK*}
+unset ${!GATEWAY*}
+unset ${!IPV6ADDR*}
+unset ${!IPV6NETMASK*}
+unset ${!IPV6_DEFAULTGW*}
+unset ${!DNS*}
. "$1"
+#
if test -z "${IF_NAME}"
then
echo "Missing IF_NAME= in ${cfg}"
exit 1
fi
#
-t=`mktemp`
-if test -z "${t}"
-then
- exit 1
-fi
-
+t_ifcfg=`mktemp`
+t_ifroute=`mktemp`
_exit() {
- rm -f "${t}"
+ rm -f "${t_ifcfg}" "${t_ifroute}"
}
trap _exit EXIT
#
-cat >> "${t}" <<_EOF_
-# contents from $0 $*
-`cat "${cfg}"`
+if test -z "${t_ifcfg}" || test -z "${t_ifroute}"
+then
+ exit 1
+fi
#
-# additional options:
-STARTMODE=auto
-_EOF_
+# Create ifcfg-* file
+(
+ echo "STARTMODE=auto"
+ #
+ if test -n "${HWADDR}"
+ then
+ : # ignore HWADDR, it just repeats the existing MAC value
+ fi
+ #
+ if test "${DHCP}" = "yes"
+ then
+ echo "BOOTPROTO=dhcp"
+ fi
+ # single index for all ipv4 and ipv6 adresses in final ifcfg file
+ i=0
+ idx=""
+ # loop through all ipv4 adresses
+ for var in ${!IPADDR*}
+ do
+ index=${var#IPADDR}
+ pfx=
+ # find corresponding NETMASK variable
+ eval nm=\$NETMASK${index}
+ # if specified, calculate prefix
+ if test -n "${nm}"
+ then
+ pfx=`mask2pfxlen "${nm}" 2>/dev/null`
+ fi
+ # if not specified, force prefix
+ if test -z "${pfx}"
+ then
+ pfx="32"
+ fi
+ # construct actual value
+ eval val=\$IPADDR${index}
+ # write config variable
+ echo "IPADDR${idx}='${val}/${pfx}'"
+ idx="_$((++i))"
+ done
+ # loop through all ipv6 adresses
+ for var in ${!IPV6ADDR*}
+ do
+ index=${var#IPV6ADDR}
+ # find corresponding IPV6NETMASK variable
+ eval pfx=\$IPV6NETMASK${index}
+ # if not specified, force prefix
+ if test -z "${pfx}"
+ then
+ pfx=128
+ fi
+ # construct actual value
+ eval val=\$IPV6ADDR${index}
+ # write config variable
+ echo "IPADDR${idx}='${val}/${pfx}'"
+ idx="_$((++i))"
+ done
+
+) >> "${t_ifcfg}"
-if test "${DHCP}" = "yes"
+# Create ifroute-* file
+(
+ if test -n "${GATEWAY}"
+ then
+ echo "default $GATEWAY - $IF_NAME"
+ fi
+ if test -n "${IPV6_DEFAULTGW}"
+ then
+ echo "default $IPV6_DEFAULTGW - $IF_NAME"
+ fi
+) >> "${t_ifroute}"
+# Only a single default gateway is supported
+unset GATEWAY IPV6_DEFAULTGW
+if test -n "${!GATEWAY*}${!IPV6_DEFAULTGW*}"
then
- echo "BOOTPROTO=dhcp" >> ${t};
+ echo "WARNING: multiple gateways not supported: ${!GATEWAY*} ${!IPV6_DEFAULTGW*}"
fi
+# collect DNS info
+_DNS_=
+for var in ${!DNS*}
+do
+ eval val=\$${var}
+ if test -n "${_DNS_}"
+ then
+ _DNS_="${_DNS_} ${val}"
+ else
+ _DNS_=${val}
+ fi
+done
+#
echo "$0: working on network interface ifcfg-${IF_NAME}"
-cp -b ${t} /etc/sysconfig/network/ifcfg-${IF_NAME}
-ifdown ${IF_NAME} -o hotplug
-ifup ${IF_NAME} -o hotplug
+cp -fb ${t_ifcfg} "/etc/sysconfig/network/ifcfg-${IF_NAME}"
+cp -fb ${t_ifroute} "/etc/sysconfig/network/ifroute-${IF_NAME}"
+if test -w /etc/sysconfig/network/config
+then
+ sed -i "s@^NETCONFIG_DNS_STATIC_SERVERS=.*@NETCONFIG_DNS_STATIC_SERVERS='$_DNS_'@" /etc/sysconfig/network/config
+ netconfig update -m dns
+fi
+ifdown "${IF_NAME}"
+ifup "${IF_NAME}"
) 2>&1 | logger -t "${0##*/}[$PPID / $$]"
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org