Hello community,
here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2019-06-26 16:02:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvirt (Old)
and /work/SRC/openSUSE:Factory/.libvirt.new.4615 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt"
Wed Jun 26 16:02:02 2019 rev:286 rq:711170 version:5.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-06-07 12:17:47.376801453 +0200
+++ /work/SRC/openSUSE:Factory/.libvirt.new.4615/libvirt.changes 2019-06-26 16:02:05.019466385 +0200
@@ -1,0 +2,17 @@
+Thu Jun 20 14:55:04 UTC 2019 - Jim Fehlig
+
+- api: disallow virConnect*HypervisorCPU,
+ virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML,
+ and virDomainSaveImageGetXMLDesc on read-only connections
+ aed6a032-CVE-2019-10161.patch, db0b7845-CVE-2019-10166.patch,
+ 8afa68ba-CVE-2019-10167.patch, bf6c2830-CVE-2019-10168.patch
+ CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168
+ bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305
+
+-------------------------------------------------------------------
+Wed Jun 12 15:03:47 UTC 2019 - Dominique Leuenberger
+
+- Drop systemd BuildRequires: there is already pkgconfig(systemd)
+ present, which is the same package.
+
+-------------------------------------------------------------------
New:
----
8afa68ba-CVE-2019-10167.patch
aed6a032-CVE-2019-10161.patch
bf6c2830-CVE-2019-10168.patch
db0b7845-CVE-2019-10166.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.87FfPF/_old 2019-06-26 16:02:06.043467802 +0200
+++ /var/tmp/diff_new_pack.87FfPF/_new 2019-06-26 16:02:06.047467807 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -221,7 +221,6 @@
BuildRequires: libtool
# Needed for virkmodtest in 'make check'
BuildRequires: modutils
-BuildRequires: systemd
BuildRequires: pkgconfig(systemd)
%if %{with_libxl}
BuildRequires: xen-devel
@@ -337,6 +336,10 @@
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
+Patch0: aed6a032-CVE-2019-10161.patch
+Patch1: db0b7845-CVE-2019-10166.patch
+Patch2: 8afa68ba-CVE-2019-10167.patch
+Patch3: bf6c2830-CVE-2019-10168.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -869,6 +872,10 @@
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%patch100 -p1
%patch101 -p1
%patch150 -p1
++++++ 8afa68ba-CVE-2019-10167.patch ++++++
commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26
Author: Ján Tomko
Date: Fri Jun 14 09:16:14 2019 +0200
api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.
Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Index: libvirt-5.4.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-domain.c
+++ libvirt-5.4.0/src/libvirt-domain.c
@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConne
virResetLastError();
virCheckConnectReturn(conn, NULL);
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->connectGetDomainCapabilities) {
char *ret;
++++++ aed6a032-CVE-2019-10161.patch ++++++
commit aed6a032cead4386472afb24b16196579e239580
Author: Ján Tomko
Date: Fri Jun 14 08:47:42 2019 +0200
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.
Forbid it on read-only connections.
Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Index: libvirt-5.4.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-domain.c
+++ libvirt-5.4.0/src/libvirt-domain.c
@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn
* previously by virDomainSave() or virDomainSaveFlags().
*
* No security-sensitive data will be included unless @flags contains
- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
- * connections.
+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
*
* Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
* error. The caller must free() the returned value.
@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP
virCheckConnectReturn(conn, NULL);
virCheckNonNullArgGoto(file, error);
-
- if ((conn->flags & VIR_CONNECT_RO) &&
- (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
- _("virDomainSaveImageGetXMLDesc with secure flag"));
- goto error;
- }
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->domainSaveImageGetXMLDesc) {
char *ret;
Index: libvirt-5.4.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-5.4.0.orig/src/qemu/qemu_driver.c
+++ libvirt-5.4.0/src/qemu/qemu_driver.c
@@ -7038,7 +7038,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect
if (fd < 0)
goto cleanup;
- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
goto cleanup;
ret = qemuDomainDefFormatXML(driver, def, flags);
Index: libvirt-5.4.0/src/remote/remote_protocol.x
===================================================================
--- libvirt-5.4.0.orig/src/remote/remote_protocol.x
+++ libvirt-5.4.0/src/remote/remote_protocol.x
@@ -5242,8 +5242,7 @@ enum remote_procedure {
/**
* @generate: both
* @priority: high
- * @acl: domain:read
- * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
+ * @acl: domain:write
*/
REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
++++++ bf6c2830-CVE-2019-10168.patch ++++++
commit bf6c2830b6c338b1f5699b095df36f374777b291
Author: Ján Tomko
Date: Fri Jun 14 09:17:39 2019 +0200
api: disallow virConnect*HypervisorCPU on read-only connections
These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.
Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Index: libvirt-5.4.0/src/libvirt-host.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-host.c
+++ libvirt-5.4.0/src/libvirt-host.c
@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnec
virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
virCheckNonNullArgGoto(xmlCPU, error);
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->connectCompareHypervisorCPU) {
int ret;
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConne
virCheckConnectReturn(conn, NULL);
virCheckNonNullArgGoto(xmlCPUs, error);
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->connectBaselineHypervisorCPU) {
char *cpu;
++++++ db0b7845-CVE-2019-10166.patch ++++++
commit db0b78457f183e4c7ac45bc94de86044a1e2056a
Author: Ján Tomko
Date: Fri Jun 14 09:14:53 2019 +0200
api: disallow virDomainManagedSaveDefineXML on read-only connections
The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.
Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner
Signed-off-by: Ján Tomko
Reviewed-by: Daniel P. Berrangé
Index: libvirt-5.4.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.4.0.orig/src/libvirt-domain.c
+++ libvirt-5.4.0/src/libvirt-domain.c
@@ -9563,6 +9563,7 @@ virDomainManagedSaveDefineXML(virDomainP
virCheckDomainReturn(domain, -1);
conn = domain->conn;
+ virCheckReadOnlyGoto(conn->flags, error);
if (conn->driver->domainManagedSaveDefineXML) {
int ret;