From 660e0112c694af80f761b0f66fa01ae0e763e68d Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Sun, 19 May 2013 18:33:15 -0400 Subject: [PATCH] Rebased to version 1.0.5.1 Follow updated packaging guidelines for user alloc (bz #924501) CVE-2013-1962 Open files DoS (bz #963789, bz #953107) --- ...r-usage-with-streams-opened-for-read.patch | 34 -- ...-network-driver-startup-qemu-session.patch | 447 ------------------ libvirt.spec | 39 +- sources | 3 +- 4 files changed, 23 insertions(+), 500 deletions(-) delete mode 100644 0002-Fix-iohelper-usage-with-streams-opened-for-read.patch delete mode 100644 libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch diff --git a/0002-Fix-iohelper-usage-with-streams-opened-for-read.patch b/0002-Fix-iohelper-usage-with-streams-opened-for-read.patch deleted file mode 100644 index 622dafd..0000000 --- a/0002-Fix-iohelper-usage-with-streams-opened-for-read.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a2214c5257d3bd7b086ce04aca1648e8ff05ee96 Mon Sep 17 00:00:00 2001 -Message-Id: -From: "Daniel P. Berrange" -Date: Fri, 10 May 2013 14:45:05 +0100 -Subject: [PATCH] Fix iohelper usage with streams opened for read - -In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY -flag when opening files in the stream code. Unfortunately a later -piece of code was comparing the flags == O_RDONLY, without masking -out the non-access mode flags. This broke the iohelper when used -with streams for read, since it caused us to attach the stream -output pipe to the stream input FD instead of output FD :-( - -Signed-off-by: Daniel P. Berrange ---- - src/fdstream.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fdstream.c b/src/fdstream.c -index 6f8ce53..a9a4851 100644 ---- a/src/fdstream.c -+++ b/src/fdstream.c -@@ -641,7 +641,7 @@ virFDStreamOpenFileInternal(virStreamPtr st, - virCommandTransferFD(cmd, fd); - virCommandAddArgFormat(cmd, "%d", fd); - -- if (oflags == O_RDONLY) { -+ if ((oflags & O_ACCMODE) == O_RDONLY) { - childfd = fds[1]; - fd = fds[0]; - virCommandSetOutputFD(cmd, &childfd); --- -1.8.2.1 - diff --git a/libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch b/libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch deleted file mode 100644 index 2f82793..0000000 --- a/libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch +++ /dev/null @@ -1,447 +0,0 @@ -diff -ur libvirt-1.0.5.old/src/network/bridge_driver.c libvirt-1.0.5/src/network/bridge_driver.c ---- libvirt-1.0.5.old/src/network/bridge_driver.c 2013-05-02 03:18:51.000000000 +0100 -+++ libvirt-1.0.5/src/network/bridge_driver.c 2013-05-03 14:20:03.666753641 +0100 -@@ -1,4 +1,3 @@ -- - /* - * bridge_driver.c: core driver methods for managing network - * -@@ -67,12 +66,6 @@ - #include "virdbus.h" - #include "virfile.h" - --#define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network" --#define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network" -- --#define DNSMASQ_STATE_DIR LOCALSTATEDIR "/lib/libvirt/dnsmasq" --#define RADVD_STATE_DIR LOCALSTATEDIR "/lib/libvirt/radvd" -- - #define VIR_FROM_THIS VIR_FROM_NETWORK - - /* Main driver state */ -@@ -84,7 +77,10 @@ - iptablesContext *iptables; - char *networkConfigDir; - char *networkAutostartDir; -- char *logDir; -+ char *stateDir; -+ char *pidDir; -+ char *dnsmasqStateDir; -+ char *radvdStateDir; - dnsmasqCapsPtr dnsmasqCaps; - }; - -@@ -133,8 +129,8 @@ - { - char *leasefile; - -- ignore_value(virAsprintf(&leasefile, DNSMASQ_STATE_DIR "/%s.leases", -- netname)); -+ ignore_value(virAsprintf(&leasefile, "%s/%s.leases", -+ driverState->dnsmasqStateDir, netname)); - return leasefile; - } - -@@ -146,8 +142,8 @@ - { - char *conffile; - -- ignore_value(virAsprintf(&conffile, DNSMASQ_STATE_DIR "/%s.conf", -- netname)); -+ ignore_value(virAsprintf(&conffile, "%s/%s.conf", -+ driverState->dnsmasqStateDir, netname)); - return conffile; - } - -@@ -166,8 +162,8 @@ - { - char *configfile; - -- ignore_value(virAsprintf(&configfile, RADVD_STATE_DIR "/%s-radvd.conf", -- netname)); -+ ignore_value(virAsprintf(&configfile, "%s/%s-radvd.conf", -+ driverState->radvdStateDir, netname)); - return configfile; - } - -@@ -187,8 +183,10 @@ - int ret = -1; - - /* remove the (possibly) existing dnsmasq and radvd files */ -- if (!(dctx = dnsmasqContextNew(def->name, DNSMASQ_STATE_DIR))) -+ if (!(dctx = dnsmasqContextNew(def->name, -+ driverState->dnsmasqStateDir))) { - goto cleanup; -+ } - - if (!(leasefile = networkDnsmasqLeaseFileName(def->name))) - goto cleanup; -@@ -202,7 +200,8 @@ - if (!(configfile = networkDnsmasqConfigFileName(def->name))) - goto no_memory; - -- if (!(statusfile = virNetworkConfigFile(NETWORK_STATE_DIR, def->name))) -+ if (!(statusfile -+ = virNetworkConfigFile(driverState->stateDir, def->name))) - goto no_memory; - - /* dnsmasq */ -@@ -212,7 +211,7 @@ - - /* radvd */ - unlink(radvdconfigfile); -- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase); -+ virPidFileDelete(driverState->pidDir, radvdpidbase); - - /* remove status file */ - unlink(statusfile); -@@ -279,7 +278,7 @@ - if (obj->def->ips && (obj->def->nips > 0)) { - char *radvdpidbase; - -- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, obj->def->name, -+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, obj->def->name, - &obj->dnsmasqPid, - dnsmasqCapsGetBinaryPath(driver->dnsmasqCaps))); - -@@ -287,7 +286,7 @@ - virReportOOMError(); - goto cleanup; - } -- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, radvdpidbase, -+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, radvdpidbase, - &obj->radvdPid, RADVD)); - VIR_FREE(radvdpidbase); - } -@@ -359,7 +358,9 @@ - virStateInhibitCallback callback ATTRIBUTE_UNUSED, - void *opaque ATTRIBUTE_UNUSED) - { -- char *base = NULL; -+ int ret = -1; -+ char *configdir = NULL; -+ char *rundir = NULL; - #ifdef HAVE_FIREWALLD - DBusConnection *sysbus = NULL; - #endif -@@ -373,46 +374,53 @@ - } - networkDriverLock(driverState); - -+ /* Configuration paths one of -+ * ~/.libvirt/... (old style session/unprivileged) -+ * ~/.config/libvirt/... (new XDG session/unprivileged) -+ * /etc/libvirt/... && /var/(run|lib)/libvirt/... (system/privileged). -+ * -+ * NB: The qemu driver puts its domain state in /var/run, and I -+ * think the network driver should have used /var/run too (instead -+ * of /var/lib), but it's been this way for a long time, and we -+ * probably should change it now. -+ */ - if (privileged) { -- if (virAsprintf(&driverState->logDir, -- "%s/log/libvirt/qemu", LOCALSTATEDIR) == -1) -- goto out_of_memory; -- -- if ((base = strdup(SYSCONFDIR "/libvirt")) == NULL) -+ if (!(driverState->networkConfigDir -+ = strdup(SYSCONFDIR "/libvirt/qemu/networks")) || -+ !(driverState->networkAutostartDir -+ = strdup(SYSCONFDIR "/libvirt/qemu/networks/autostart")) || -+ !(driverState->stateDir -+ = strdup(LOCALSTATEDIR "/lib/libvirt/network")) || -+ !(driverState->pidDir -+ = strdup(LOCALSTATEDIR "/run/libvirt/network")) || -+ !(driverState->dnsmasqStateDir -+ = strdup(LOCALSTATEDIR "/lib/libvirt/dnsmasq")) || -+ !(driverState->radvdStateDir -+ = strdup(LOCALSTATEDIR "/lib/libvirt/radvd"))) { - goto out_of_memory; -+ } - } else { -- char *userdir = virGetUserCacheDirectory(); -- -- if (!userdir) -+ configdir = virGetUserConfigDirectory(); -+ rundir = virGetUserRuntimeDirectory(); -+ if (!(configdir && rundir)) - goto error; - -- if (virAsprintf(&driverState->logDir, -- "%s/qemu/log", userdir) == -1) { -- VIR_FREE(userdir); -+ if ((virAsprintf(&driverState->networkConfigDir, -+ "%s/qemu/networks", configdir) < 0) || -+ (virAsprintf(&driverState->networkAutostartDir, -+ "%s/qemu/networks/autostart", configdir) < 0) || -+ (virAsprintf(&driverState->stateDir, -+ "%s/network/lib", rundir) < 0) || -+ (virAsprintf(&driverState->pidDir, -+ "%s/network/run", rundir) < 0) || -+ (virAsprintf(&driverState->dnsmasqStateDir, -+ "%s/dnsmasq/lib", rundir) < 0) || -+ (virAsprintf(&driverState->radvdStateDir, -+ "%s/radvd/lib", rundir) < 0)) { - goto out_of_memory; - } -- VIR_FREE(userdir); -- -- userdir = virGetUserConfigDirectory(); -- if (virAsprintf(&base, "%s", userdir) == -1) { -- VIR_FREE(userdir); -- goto out_of_memory; -- } -- VIR_FREE(userdir); - } - -- /* Configuration paths are either ~/.libvirt/qemu/... (session) or -- * /etc/libvirt/qemu/... (system). -- */ -- if (virAsprintf(&driverState->networkConfigDir, "%s/qemu/networks", base) == -1) -- goto out_of_memory; -- -- if (virAsprintf(&driverState->networkAutostartDir, "%s/qemu/networks/autostart", -- base) == -1) -- goto out_of_memory; -- -- VIR_FREE(base); -- - if (!(driverState->iptables = iptablesContextNew())) { - goto out_of_memory; - } -@@ -421,7 +429,7 @@ - driverState->dnsmasqCaps = dnsmasqCapsNewFromBinary(DNSMASQ); - - if (virNetworkLoadAllState(&driverState->networks, -- NETWORK_STATE_DIR) < 0) -+ driverState->stateDir) < 0) - goto error; - - if (virNetworkLoadAllConfigs(&driverState->networks, -@@ -462,18 +470,19 @@ - } - #endif - -- return 0; -+ ret = 0; -+cleanup: -+ VIR_FREE(configdir); -+ VIR_FREE(rundir); -+ return ret; - - out_of_memory: - virReportOOMError(); -- - error: - if (driverState) - networkDriverUnlock(driverState); -- -- VIR_FREE(base); - networkStateCleanup(); -- return -1; -+ goto cleanup; - } - - /** -@@ -489,7 +498,7 @@ - - networkDriverLock(driverState); - virNetworkLoadAllState(&driverState->networks, -- NETWORK_STATE_DIR); -+ driverState->stateDir); - virNetworkLoadAllConfigs(&driverState->networks, - driverState->networkConfigDir, - driverState->networkAutostartDir); -@@ -516,9 +525,12 @@ - /* free inactive networks */ - virNetworkObjListFree(&driverState->networks); - -- VIR_FREE(driverState->logDir); - VIR_FREE(driverState->networkConfigDir); - VIR_FREE(driverState->networkAutostartDir); -+ VIR_FREE(driverState->stateDir); -+ VIR_FREE(driverState->pidDir); -+ VIR_FREE(driverState->dnsmasqStateDir); -+ VIR_FREE(driverState->radvdStateDir); - - if (driverState->iptables) - iptablesContextFree(driverState->iptables); -@@ -1060,32 +1072,33 @@ - goto cleanup; - } - -- if (virFileMakePath(NETWORK_PID_DIR) < 0) { -+ if (virFileMakePath(driverState->pidDir) < 0) { - virReportSystemError(errno, - _("cannot create directory %s"), -- NETWORK_PID_DIR); -+ driverState->pidDir); - goto cleanup; - } -- if (virFileMakePath(NETWORK_STATE_DIR) < 0) { -+ if (virFileMakePath(driverState->stateDir) < 0) { - virReportSystemError(errno, - _("cannot create directory %s"), -- NETWORK_STATE_DIR); -+ driverState->stateDir); - goto cleanup; - } - -- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, network->def->name))) { -+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir, -+ network->def->name))) { - virReportOOMError(); - goto cleanup; - } - -- if (virFileMakePath(DNSMASQ_STATE_DIR) < 0) { -+ if (virFileMakePath(driverState->dnsmasqStateDir) < 0) { - virReportSystemError(errno, - _("cannot create directory %s"), -- DNSMASQ_STATE_DIR); -+ driverState->dnsmasqStateDir); - goto cleanup; - } - -- dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR); -+ dctx = dnsmasqContextNew(network->def->name, driverState->dnsmasqStateDir); - if (dctx == NULL) - goto cleanup; - -@@ -1113,7 +1126,7 @@ - * pid - */ - -- ret = virPidFileRead(NETWORK_PID_DIR, network->def->name, -+ ret = virPidFileRead(driverState->pidDir, network->def->name, - &network->dnsmasqPid); - if (ret < 0) - goto cleanup; -@@ -1150,8 +1163,10 @@ - return networkStartDhcpDaemon(driver, network); - - VIR_INFO("Refreshing dnsmasq for network %s", network->def->bridge); -- if (!(dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR))) -+ if (!(dctx = dnsmasqContextNew(network->def->name, -+ driverState->dnsmasqStateDir))) { - goto cleanup; -+ } - - /* Look for first IPv4 address that has dhcp defined. - * We only support dhcp-host config on one IPv4 subnetwork -@@ -1375,16 +1390,16 @@ - goto cleanup; - } - -- if (virFileMakePath(NETWORK_PID_DIR) < 0) { -+ if (virFileMakePath(driverState->pidDir) < 0) { - virReportSystemError(errno, - _("cannot create directory %s"), -- NETWORK_PID_DIR); -+ driverState->pidDir); - goto cleanup; - } -- if (virFileMakePath(RADVD_STATE_DIR) < 0) { -+ if (virFileMakePath(driverState->radvdStateDir) < 0) { - virReportSystemError(errno, - _("cannot create directory %s"), -- RADVD_STATE_DIR); -+ driverState->radvdStateDir); - goto cleanup; - } - -@@ -1393,7 +1408,7 @@ - virReportOOMError(); - goto cleanup; - } -- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, radvdpidbase))) { -+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir, radvdpidbase))) { - virReportOOMError(); - goto cleanup; - } -@@ -1421,7 +1436,7 @@ - if (virCommandRun(cmd, NULL) < 0) - goto cleanup; - -- if (virPidFileRead(NETWORK_PID_DIR, radvdpidbase, &network->radvdPid) < 0) -+ if (virPidFileRead(driverState->pidDir, radvdpidbase, &network->radvdPid) < 0) - goto cleanup; - - ret = 0; -@@ -1448,7 +1463,7 @@ - network->def->name) >= 0) && - ((radvdpidbase = networkRadvdPidfileBasename(network->def->name)) - != NULL)) { -- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase); -+ virPidFileDelete(driverState->pidDir, radvdpidbase); - VIR_FREE(radvdpidbase); - } - network->radvdPid = -1; -@@ -1488,7 +1503,7 @@ - network->def->name) >= 0) && - ((radvdpidbase = networkRadvdPidfileBasename(network->def->name)) - != NULL)) { -- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase); -+ virPidFileDelete(driverState->pidDir, radvdpidbase); - VIR_FREE(radvdpidbase); - } - network->radvdPid = -1; -@@ -2572,7 +2587,7 @@ - if (!(radvdpidbase = networkRadvdPidfileBasename(network->def->name))) { - virReportOOMError(); - } else { -- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase); -+ virPidFileDelete(driverState->pidDir, radvdpidbase); - VIR_FREE(radvdpidbase); - } - } -@@ -2673,7 +2688,8 @@ - /* Persist the live configuration now that anything autogenerated - * is setup. - */ -- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0) { -+ if ((ret = virNetworkSaveStatus(driverState->stateDir, -+ network)) < 0) { - goto error; - } - -@@ -2703,7 +2719,8 @@ - if (!virNetworkObjIsActive(network)) - return 0; - -- stateFile = virNetworkConfigFile(NETWORK_STATE_DIR, network->def->name); -+ stateFile = virNetworkConfigFile(driverState->stateDir, -+ network->def->name); - if (!stateFile) - return -1; - -@@ -3368,8 +3385,10 @@ - } - - /* save current network state to disk */ -- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0) -+ if ((ret = virNetworkSaveStatus(driverState->stateDir, -+ network)) < 0) { - goto cleanup; -+ } - } - ret = 0; - cleanup: -@@ -4702,7 +4721,7 @@ - /* update sum of 'floor'-s of attached NICs */ - net->floor_sum += ifaceBand->in->floor; - /* update status file */ -- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) { -+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) { - ignore_value(virBitmapClearBit(net->class_id, class_id)); - net->floor_sum -= ifaceBand->in->floor; - iface->data.network.actual->class_id = 0; -@@ -4748,7 +4767,7 @@ - ignore_value(virBitmapClearBit(net->class_id, - iface->data.network.actual->class_id)); - /* update status file */ -- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) { -+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) { - net->floor_sum += ifaceBand->in->floor; - ignore_value(virBitmapSetBit(net->class_id, - iface->data.network.actual->class_id)); diff --git a/libvirt.spec b/libvirt.spec index 0acf734..eb4d6db 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -340,8 +340,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 1.0.5 -Release: 3%{?dist}%{?extra_release} +Version: 1.0.5.1 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -352,10 +352,6 @@ URL: http://libvirt.org/ %endif Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz -Patch1: libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch -# Fix stream operations like screenshot (bz #960879) -Patch0002: 0002-Fix-iohelper-usage-with-streams-opened-for-read.patch - %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} %if %{with_network} @@ -722,6 +718,8 @@ Requires: numad %endif # libvirtd depends on 'messagebus' service Requires: dbus +# For uid creation during pre +Requires(pre): shadow-utils %description daemon Server side daemon required to manage the virtualization capabilities @@ -1085,9 +1083,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch1 -p1 -# Fix stream operations like screenshot (bz #960879) -%patch0002 -p1 %build %if ! %{with_xen} @@ -1451,14 +1446,19 @@ make check %if %{with_libvirtd} %pre daemon %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 -# Normally 'setup' adds this in /etc/passwd, but this is -# here for case of upgrades from earlier Fedora/RHEL. This -# UID/GID pair is reserved for qemu:qemu -getent group kvm >/dev/null || groupadd -g 36 -r kvm -getent group qemu >/dev/null || groupadd -g 107 -r qemu -getent passwd qemu >/dev/null || \ - useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ - -c "qemu user" qemu +# We want soft static allocation of well-known ids, as disk images +# are commonly shared across NFS mounts by id rather than name; see +# https://fedoraproject.org/wiki/Packaging:UsersAndGroups +getent group kvm >/dev/null || groupadd -f -g 36 -r kvm +getent group qemu >/dev/null || groupadd -f -g 107 -r qemu +if ! getent passwd qemu >/dev/null; then + if ! getent passwd 107 >/dev/null; then + useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu + else + useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu + fi +fi +exit 0 %endif %post daemon @@ -2005,6 +2005,11 @@ fi %endif %changelog +* Sun May 19 2013 Cole Robinson - 1.0.5.1-1 +- Rebased to version 1.0.5.1 +- Follow updated packaging guidelines for user alloc (bz #924501) +- CVE-2013-1962 Open files DoS (bz #963789, bz #953107) + * Tue May 14 2013 Cole Robinson - 1.0.5-3 - Fix stream operations like screenshot (bz #960879) diff --git a/sources b/sources index 9efcfc9..1dead69 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -97166bc42d7cacb037923907abe656ab libvirt-1.0.4.tar.gz -91c4145f49bcf92e89470fa3fb28fff6 libvirt-1.0.5.tar.gz +a5cfdbeccf6dc02d38dc28994bd50d74 libvirt-1.0.5.1.tar.gz