Rebased to version 1.0.5.1

Follow updated packaging guidelines for user alloc (bz #924501)
CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
This commit is contained in:
Cole Robinson 2013-05-19 18:33:15 -04:00
parent 45c1cabef6
commit 660e0112c6
4 changed files with 23 additions and 500 deletions

View File

@ -1,34 +0,0 @@
From a2214c5257d3bd7b086ce04aca1648e8ff05ee96 Mon Sep 17 00:00:00 2001
Message-Id: <a2214c5257d3bd7b086ce04aca1648e8ff05ee96.1368567003.git.crobinso@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 10 May 2013 14:45:05 +0100
Subject: [PATCH] Fix iohelper usage with streams opened for read
In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
flag when opening files in the stream code. Unfortunately a later
piece of code was comparing the flags == O_RDONLY, without masking
out the non-access mode flags. This broke the iohelper when used
with streams for read, since it caused us to attach the stream
output pipe to the stream input FD instead of output FD :-(
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/fdstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fdstream.c b/src/fdstream.c
index 6f8ce53..a9a4851 100644
--- a/src/fdstream.c
+++ b/src/fdstream.c
@@ -641,7 +641,7 @@ virFDStreamOpenFileInternal(virStreamPtr st,
virCommandTransferFD(cmd, fd);
virCommandAddArgFormat(cmd, "%d", fd);
- if (oflags == O_RDONLY) {
+ if ((oflags & O_ACCMODE) == O_RDONLY) {
childfd = fds[1];
fd = fds[0];
virCommandSetOutputFD(cmd, &childfd);
--
1.8.2.1

View File

@ -1,447 +0,0 @@
diff -ur libvirt-1.0.5.old/src/network/bridge_driver.c libvirt-1.0.5/src/network/bridge_driver.c
--- libvirt-1.0.5.old/src/network/bridge_driver.c 2013-05-02 03:18:51.000000000 +0100
+++ libvirt-1.0.5/src/network/bridge_driver.c 2013-05-03 14:20:03.666753641 +0100
@@ -1,4 +1,3 @@
-
/*
* bridge_driver.c: core driver methods for managing network
*
@@ -67,12 +66,6 @@
#include "virdbus.h"
#include "virfile.h"
-#define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network"
-#define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network"
-
-#define DNSMASQ_STATE_DIR LOCALSTATEDIR "/lib/libvirt/dnsmasq"
-#define RADVD_STATE_DIR LOCALSTATEDIR "/lib/libvirt/radvd"
-
#define VIR_FROM_THIS VIR_FROM_NETWORK
/* Main driver state */
@@ -84,7 +77,10 @@
iptablesContext *iptables;
char *networkConfigDir;
char *networkAutostartDir;
- char *logDir;
+ char *stateDir;
+ char *pidDir;
+ char *dnsmasqStateDir;
+ char *radvdStateDir;
dnsmasqCapsPtr dnsmasqCaps;
};
@@ -133,8 +129,8 @@
{
char *leasefile;
- ignore_value(virAsprintf(&leasefile, DNSMASQ_STATE_DIR "/%s.leases",
- netname));
+ ignore_value(virAsprintf(&leasefile, "%s/%s.leases",
+ driverState->dnsmasqStateDir, netname));
return leasefile;
}
@@ -146,8 +142,8 @@
{
char *conffile;
- ignore_value(virAsprintf(&conffile, DNSMASQ_STATE_DIR "/%s.conf",
- netname));
+ ignore_value(virAsprintf(&conffile, "%s/%s.conf",
+ driverState->dnsmasqStateDir, netname));
return conffile;
}
@@ -166,8 +162,8 @@
{
char *configfile;
- ignore_value(virAsprintf(&configfile, RADVD_STATE_DIR "/%s-radvd.conf",
- netname));
+ ignore_value(virAsprintf(&configfile, "%s/%s-radvd.conf",
+ driverState->radvdStateDir, netname));
return configfile;
}
@@ -187,8 +183,10 @@
int ret = -1;
/* remove the (possibly) existing dnsmasq and radvd files */
- if (!(dctx = dnsmasqContextNew(def->name, DNSMASQ_STATE_DIR)))
+ if (!(dctx = dnsmasqContextNew(def->name,
+ driverState->dnsmasqStateDir))) {
goto cleanup;
+ }
if (!(leasefile = networkDnsmasqLeaseFileName(def->name)))
goto cleanup;
@@ -202,7 +200,8 @@
if (!(configfile = networkDnsmasqConfigFileName(def->name)))
goto no_memory;
- if (!(statusfile = virNetworkConfigFile(NETWORK_STATE_DIR, def->name)))
+ if (!(statusfile
+ = virNetworkConfigFile(driverState->stateDir, def->name)))
goto no_memory;
/* dnsmasq */
@@ -212,7 +211,7 @@
/* radvd */
unlink(radvdconfigfile);
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
/* remove status file */
unlink(statusfile);
@@ -279,7 +278,7 @@
if (obj->def->ips && (obj->def->nips > 0)) {
char *radvdpidbase;
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, obj->def->name,
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, obj->def->name,
&obj->dnsmasqPid,
dnsmasqCapsGetBinaryPath(driver->dnsmasqCaps)));
@@ -287,7 +286,7 @@
virReportOOMError();
goto cleanup;
}
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, radvdpidbase,
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, radvdpidbase,
&obj->radvdPid, RADVD));
VIR_FREE(radvdpidbase);
}
@@ -359,7 +358,9 @@
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
void *opaque ATTRIBUTE_UNUSED)
{
- char *base = NULL;
+ int ret = -1;
+ char *configdir = NULL;
+ char *rundir = NULL;
#ifdef HAVE_FIREWALLD
DBusConnection *sysbus = NULL;
#endif
@@ -373,46 +374,53 @@
}
networkDriverLock(driverState);
+ /* Configuration paths one of
+ * ~/.libvirt/... (old style session/unprivileged)
+ * ~/.config/libvirt/... (new XDG session/unprivileged)
+ * /etc/libvirt/... && /var/(run|lib)/libvirt/... (system/privileged).
+ *
+ * NB: The qemu driver puts its domain state in /var/run, and I
+ * think the network driver should have used /var/run too (instead
+ * of /var/lib), but it's been this way for a long time, and we
+ * probably should change it now.
+ */
if (privileged) {
- if (virAsprintf(&driverState->logDir,
- "%s/log/libvirt/qemu", LOCALSTATEDIR) == -1)
- goto out_of_memory;
-
- if ((base = strdup(SYSCONFDIR "/libvirt")) == NULL)
+ if (!(driverState->networkConfigDir
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks")) ||
+ !(driverState->networkAutostartDir
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks/autostart")) ||
+ !(driverState->stateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/network")) ||
+ !(driverState->pidDir
+ = strdup(LOCALSTATEDIR "/run/libvirt/network")) ||
+ !(driverState->dnsmasqStateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/dnsmasq")) ||
+ !(driverState->radvdStateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/radvd"))) {
goto out_of_memory;
+ }
} else {
- char *userdir = virGetUserCacheDirectory();
-
- if (!userdir)
+ configdir = virGetUserConfigDirectory();
+ rundir = virGetUserRuntimeDirectory();
+ if (!(configdir && rundir))
goto error;
- if (virAsprintf(&driverState->logDir,
- "%s/qemu/log", userdir) == -1) {
- VIR_FREE(userdir);
+ if ((virAsprintf(&driverState->networkConfigDir,
+ "%s/qemu/networks", configdir) < 0) ||
+ (virAsprintf(&driverState->networkAutostartDir,
+ "%s/qemu/networks/autostart", configdir) < 0) ||
+ (virAsprintf(&driverState->stateDir,
+ "%s/network/lib", rundir) < 0) ||
+ (virAsprintf(&driverState->pidDir,
+ "%s/network/run", rundir) < 0) ||
+ (virAsprintf(&driverState->dnsmasqStateDir,
+ "%s/dnsmasq/lib", rundir) < 0) ||
+ (virAsprintf(&driverState->radvdStateDir,
+ "%s/radvd/lib", rundir) < 0)) {
goto out_of_memory;
}
- VIR_FREE(userdir);
-
- userdir = virGetUserConfigDirectory();
- if (virAsprintf(&base, "%s", userdir) == -1) {
- VIR_FREE(userdir);
- goto out_of_memory;
- }
- VIR_FREE(userdir);
}
- /* Configuration paths are either ~/.libvirt/qemu/... (session) or
- * /etc/libvirt/qemu/... (system).
- */
- if (virAsprintf(&driverState->networkConfigDir, "%s/qemu/networks", base) == -1)
- goto out_of_memory;
-
- if (virAsprintf(&driverState->networkAutostartDir, "%s/qemu/networks/autostart",
- base) == -1)
- goto out_of_memory;
-
- VIR_FREE(base);
-
if (!(driverState->iptables = iptablesContextNew())) {
goto out_of_memory;
}
@@ -421,7 +429,7 @@
driverState->dnsmasqCaps = dnsmasqCapsNewFromBinary(DNSMASQ);
if (virNetworkLoadAllState(&driverState->networks,
- NETWORK_STATE_DIR) < 0)
+ driverState->stateDir) < 0)
goto error;
if (virNetworkLoadAllConfigs(&driverState->networks,
@@ -462,18 +470,19 @@
}
#endif
- return 0;
+ ret = 0;
+cleanup:
+ VIR_FREE(configdir);
+ VIR_FREE(rundir);
+ return ret;
out_of_memory:
virReportOOMError();
-
error:
if (driverState)
networkDriverUnlock(driverState);
-
- VIR_FREE(base);
networkStateCleanup();
- return -1;
+ goto cleanup;
}
/**
@@ -489,7 +498,7 @@
networkDriverLock(driverState);
virNetworkLoadAllState(&driverState->networks,
- NETWORK_STATE_DIR);
+ driverState->stateDir);
virNetworkLoadAllConfigs(&driverState->networks,
driverState->networkConfigDir,
driverState->networkAutostartDir);
@@ -516,9 +525,12 @@
/* free inactive networks */
virNetworkObjListFree(&driverState->networks);
- VIR_FREE(driverState->logDir);
VIR_FREE(driverState->networkConfigDir);
VIR_FREE(driverState->networkAutostartDir);
+ VIR_FREE(driverState->stateDir);
+ VIR_FREE(driverState->pidDir);
+ VIR_FREE(driverState->dnsmasqStateDir);
+ VIR_FREE(driverState->radvdStateDir);
if (driverState->iptables)
iptablesContextFree(driverState->iptables);
@@ -1060,32 +1072,33 @@
goto cleanup;
}
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
+ if (virFileMakePath(driverState->pidDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_PID_DIR);
+ driverState->pidDir);
goto cleanup;
}
- if (virFileMakePath(NETWORK_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->stateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_STATE_DIR);
+ driverState->stateDir);
goto cleanup;
}
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, network->def->name))) {
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir,
+ network->def->name))) {
virReportOOMError();
goto cleanup;
}
- if (virFileMakePath(DNSMASQ_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->dnsmasqStateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- DNSMASQ_STATE_DIR);
+ driverState->dnsmasqStateDir);
goto cleanup;
}
- dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR);
+ dctx = dnsmasqContextNew(network->def->name, driverState->dnsmasqStateDir);
if (dctx == NULL)
goto cleanup;
@@ -1113,7 +1126,7 @@
* pid
*/
- ret = virPidFileRead(NETWORK_PID_DIR, network->def->name,
+ ret = virPidFileRead(driverState->pidDir, network->def->name,
&network->dnsmasqPid);
if (ret < 0)
goto cleanup;
@@ -1150,8 +1163,10 @@
return networkStartDhcpDaemon(driver, network);
VIR_INFO("Refreshing dnsmasq for network %s", network->def->bridge);
- if (!(dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR)))
+ if (!(dctx = dnsmasqContextNew(network->def->name,
+ driverState->dnsmasqStateDir))) {
goto cleanup;
+ }
/* Look for first IPv4 address that has dhcp defined.
* We only support dhcp-host config on one IPv4 subnetwork
@@ -1375,16 +1390,16 @@
goto cleanup;
}
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
+ if (virFileMakePath(driverState->pidDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_PID_DIR);
+ driverState->pidDir);
goto cleanup;
}
- if (virFileMakePath(RADVD_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->radvdStateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- RADVD_STATE_DIR);
+ driverState->radvdStateDir);
goto cleanup;
}
@@ -1393,7 +1408,7 @@
virReportOOMError();
goto cleanup;
}
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, radvdpidbase))) {
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir, radvdpidbase))) {
virReportOOMError();
goto cleanup;
}
@@ -1421,7 +1436,7 @@
if (virCommandRun(cmd, NULL) < 0)
goto cleanup;
- if (virPidFileRead(NETWORK_PID_DIR, radvdpidbase, &network->radvdPid) < 0)
+ if (virPidFileRead(driverState->pidDir, radvdpidbase, &network->radvdPid) < 0)
goto cleanup;
ret = 0;
@@ -1448,7 +1463,7 @@
network->def->name) >= 0) &&
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
!= NULL)) {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
network->radvdPid = -1;
@@ -1488,7 +1503,7 @@
network->def->name) >= 0) &&
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
!= NULL)) {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
network->radvdPid = -1;
@@ -2572,7 +2587,7 @@
if (!(radvdpidbase = networkRadvdPidfileBasename(network->def->name))) {
virReportOOMError();
} else {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
}
@@ -2673,7 +2688,8 @@
/* Persist the live configuration now that anything autogenerated
* is setup.
*/
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0) {
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
+ network)) < 0) {
goto error;
}
@@ -2703,7 +2719,8 @@
if (!virNetworkObjIsActive(network))
return 0;
- stateFile = virNetworkConfigFile(NETWORK_STATE_DIR, network->def->name);
+ stateFile = virNetworkConfigFile(driverState->stateDir,
+ network->def->name);
if (!stateFile)
return -1;
@@ -3368,8 +3385,10 @@
}
/* save current network state to disk */
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0)
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
+ network)) < 0) {
goto cleanup;
+ }
}
ret = 0;
cleanup:
@@ -4702,7 +4721,7 @@
/* update sum of 'floor'-s of attached NICs */
net->floor_sum += ifaceBand->in->floor;
/* update status file */
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
ignore_value(virBitmapClearBit(net->class_id, class_id));
net->floor_sum -= ifaceBand->in->floor;
iface->data.network.actual->class_id = 0;
@@ -4748,7 +4767,7 @@
ignore_value(virBitmapClearBit(net->class_id,
iface->data.network.actual->class_id));
/* update status file */
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
net->floor_sum += ifaceBand->in->floor;
ignore_value(virBitmapSetBit(net->class_id,
iface->data.network.actual->class_id));

View File

@ -340,8 +340,8 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 1.0.5
Release: 3%{?dist}%{?extra_release}
Version: 1.0.5.1
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -352,10 +352,6 @@ URL: http://libvirt.org/
%endif
Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
Patch1: libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch
# Fix stream operations like screenshot (bz #960879)
Patch0002: 0002-Fix-iohelper-usage-with-streams-opened-for-read.patch
%if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release}
%if %{with_network}
@ -722,6 +718,8 @@ Requires: numad
%endif
# libvirtd depends on 'messagebus' service
Requires: dbus
# For uid creation during pre
Requires(pre): shadow-utils
%description daemon
Server side daemon required to manage the virtualization capabilities
@ -1085,9 +1083,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
%patch1 -p1
# Fix stream operations like screenshot (bz #960879)
%patch0002 -p1
%build
%if ! %{with_xen}
@ -1451,14 +1446,19 @@ make check
%if %{with_libvirtd}
%pre daemon
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
# Normally 'setup' adds this in /etc/passwd, but this is
# here for case of upgrades from earlier Fedora/RHEL. This
# UID/GID pair is reserved for qemu:qemu
getent group kvm >/dev/null || groupadd -g 36 -r kvm
getent group qemu >/dev/null || groupadd -g 107 -r qemu
getent passwd qemu >/dev/null || \
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
-c "qemu user" qemu
# We want soft static allocation of well-known ids, as disk images
# are commonly shared across NFS mounts by id rather than name; see
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
if ! getent passwd qemu >/dev/null; then
if ! getent passwd 107 >/dev/null; then
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
else
useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
fi
fi
exit 0
%endif
%post daemon
@ -2005,6 +2005,11 @@ fi
%endif
%changelog
* Sun May 19 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5.1-1
- Rebased to version 1.0.5.1
- Follow updated packaging guidelines for user alloc (bz #924501)
- CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
* Tue May 14 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5-3
- Fix stream operations like screenshot (bz #960879)

View File

@ -1,2 +1 @@
97166bc42d7cacb037923907abe656ab libvirt-1.0.4.tar.gz
91c4145f49bcf92e89470fa3fb28fff6 libvirt-1.0.5.tar.gz
a5cfdbeccf6dc02d38dc28994bd50d74 libvirt-1.0.5.1.tar.gz