rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Rebased to version 1.0.5.1

Browse Source 
Follow updated packaging guidelines for user alloc (bz #924501)
CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
This commit is contained in:
Cole Robinson 2013-05-19 18:33:15 -04:00
parent 45c1cabef6
commit 660e0112c6
4 changed files with 23 additions and 500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
0002-Fix-iohelper-usage-with-streams-opened-for-read.patch
View File

@ -1,34 +0,0 @@
From a2214c5257d3bd7b086ce04aca1648e8ff05ee96 Mon Sep 17 00:00:00 2001
Message-Id: <a2214c5257d3bd7b086ce04aca1648e8ff05ee96.1368567003.git.crobinso@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 10 May 2013 14:45:05 +0100
Subject: [PATCH] Fix iohelper usage with streams opened for read
In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
flag when opening files in the stream code. Unfortunately a later
piece of code was comparing the flags == O_RDONLY, without masking
out the non-access mode flags. This broke the iohelper when used
with streams for read, since it caused us to attach the stream
output pipe to the stream input FD instead of output FD :-(
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/fdstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fdstream.c b/src/fdstream.c
index 6f8ce53..a9a4851 100644
--- a/src/fdstream.c
+++ b/src/fdstream.c
@@ -641,7 +641,7 @@ virFDStreamOpenFileInternal(virStreamPtr st,
virCommandTransferFD(cmd, fd);
virCommandAddArgFormat(cmd, "%d", fd);
- if (oflags == O_RDONLY) {
+ if ((oflags & O_ACCMODE) == O_RDONLY) {
childfd = fds[1];
fd = fds[0];
virCommandSetOutputFD(cmd, &childfd);
--
1.8.2.1

447
libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch
View File

@ -1,447 +0,0 @@
diff -ur libvirt-1.0.5.old/src/network/bridge_driver.c libvirt-1.0.5/src/network/bridge_driver.c
--- libvirt-1.0.5.old/src/network/bridge_driver.c 2013-05-02 03:18:51.000000000 +0100
+++ libvirt-1.0.5/src/network/bridge_driver.c 2013-05-03 14:20:03.666753641 +0100
@@ -1,4 +1,3 @@
-
/*
* bridge_driver.c: core driver methods for managing network
*
@@ -67,12 +66,6 @@
#include "virdbus.h"
#include "virfile.h"
-#define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network"
-#define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network"
-
-#define DNSMASQ_STATE_DIR LOCALSTATEDIR "/lib/libvirt/dnsmasq"
-#define RADVD_STATE_DIR LOCALSTATEDIR "/lib/libvirt/radvd"
-
#define VIR_FROM_THIS VIR_FROM_NETWORK
/* Main driver state */
@@ -84,7 +77,10 @@
iptablesContext *iptables;
char *networkConfigDir;
char *networkAutostartDir;
- char *logDir;
+ char *stateDir;
+ char *pidDir;
+ char *dnsmasqStateDir;
+ char *radvdStateDir;
dnsmasqCapsPtr dnsmasqCaps;
};
@@ -133,8 +129,8 @@
{
char *leasefile;
- ignore_value(virAsprintf(&leasefile, DNSMASQ_STATE_DIR "/%s.leases",
- netname));
+ ignore_value(virAsprintf(&leasefile, "%s/%s.leases",
+ driverState->dnsmasqStateDir, netname));
return leasefile;
}
@@ -146,8 +142,8 @@
{
char *conffile;
- ignore_value(virAsprintf(&conffile, DNSMASQ_STATE_DIR "/%s.conf",
- netname));
+ ignore_value(virAsprintf(&conffile, "%s/%s.conf",
+ driverState->dnsmasqStateDir, netname));
return conffile;
}
@@ -166,8 +162,8 @@
{
char *configfile;
- ignore_value(virAsprintf(&configfile, RADVD_STATE_DIR "/%s-radvd.conf",
- netname));
+ ignore_value(virAsprintf(&configfile, "%s/%s-radvd.conf",
+ driverState->radvdStateDir, netname));
return configfile;
}
@@ -187,8 +183,10 @@
int ret = -1;
/* remove the (possibly) existing dnsmasq and radvd files */
- if (!(dctx = dnsmasqContextNew(def->name, DNSMASQ_STATE_DIR)))
+ if (!(dctx = dnsmasqContextNew(def->name,
+ driverState->dnsmasqStateDir))) {
goto cleanup;
+ }
if (!(leasefile = networkDnsmasqLeaseFileName(def->name)))
goto cleanup;
@@ -202,7 +200,8 @@
if (!(configfile = networkDnsmasqConfigFileName(def->name)))
goto no_memory;
- if (!(statusfile = virNetworkConfigFile(NETWORK_STATE_DIR, def->name)))
+ if (!(statusfile
+ = virNetworkConfigFile(driverState->stateDir, def->name)))
goto no_memory;
/* dnsmasq */
@@ -212,7 +211,7 @@
/* radvd */
unlink(radvdconfigfile);
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
/* remove status file */
unlink(statusfile);
@@ -279,7 +278,7 @@
if (obj->def->ips && (obj->def->nips > 0)) {
char *radvdpidbase;
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, obj->def->name,
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, obj->def->name,
&obj->dnsmasqPid,
dnsmasqCapsGetBinaryPath(driver->dnsmasqCaps)));
@@ -287,7 +286,7 @@
virReportOOMError();
goto cleanup;
}
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, radvdpidbase,
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, radvdpidbase,
&obj->radvdPid, RADVD));
VIR_FREE(radvdpidbase);
}
@@ -359,7 +358,9 @@
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
void *opaque ATTRIBUTE_UNUSED)
{
- char *base = NULL;
+ int ret = -1;
+ char *configdir = NULL;
+ char *rundir = NULL;
#ifdef HAVE_FIREWALLD
DBusConnection *sysbus = NULL;
#endif
@@ -373,46 +374,53 @@
}
networkDriverLock(driverState);
+ /* Configuration paths one of
+ * ~/.libvirt/... (old style session/unprivileged)
+ * ~/.config/libvirt/... (new XDG session/unprivileged)
+ * /etc/libvirt/... && /var/(run|lib)/libvirt/... (system/privileged).
+ *
+ * NB: The qemu driver puts its domain state in /var/run, and I
+ * think the network driver should have used /var/run too (instead
+ * of /var/lib), but it's been this way for a long time, and we
+ * probably should change it now.
+ */
if (privileged) {
- if (virAsprintf(&driverState->logDir,
- "%s/log/libvirt/qemu", LOCALSTATEDIR) == -1)
- goto out_of_memory;
-
- if ((base = strdup(SYSCONFDIR "/libvirt")) == NULL)
+ if (!(driverState->networkConfigDir
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks")) ||
+ !(driverState->networkAutostartDir
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks/autostart")) ||
+ !(driverState->stateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/network")) ||
+ !(driverState->pidDir
+ = strdup(LOCALSTATEDIR "/run/libvirt/network")) ||
+ !(driverState->dnsmasqStateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/dnsmasq")) ||
+ !(driverState->radvdStateDir
+ = strdup(LOCALSTATEDIR "/lib/libvirt/radvd"))) {
goto out_of_memory;
+ }
} else {
- char *userdir = virGetUserCacheDirectory();
-
- if (!userdir)
+ configdir = virGetUserConfigDirectory();
+ rundir = virGetUserRuntimeDirectory();
+ if (!(configdir && rundir))
goto error;
- if (virAsprintf(&driverState->logDir,
- "%s/qemu/log", userdir) == -1) {
- VIR_FREE(userdir);
+ if ((virAsprintf(&driverState->networkConfigDir,
+ "%s/qemu/networks", configdir) < 0) ||
+ (virAsprintf(&driverState->networkAutostartDir,
+ "%s/qemu/networks/autostart", configdir) < 0) ||
+ (virAsprintf(&driverState->stateDir,
+ "%s/network/lib", rundir) < 0) ||
+ (virAsprintf(&driverState->pidDir,
+ "%s/network/run", rundir) < 0) ||
+ (virAsprintf(&driverState->dnsmasqStateDir,
+ "%s/dnsmasq/lib", rundir) < 0) ||
+ (virAsprintf(&driverState->radvdStateDir,
+ "%s/radvd/lib", rundir) < 0)) {
goto out_of_memory;
}
- VIR_FREE(userdir);
-
- userdir = virGetUserConfigDirectory();
- if (virAsprintf(&base, "%s", userdir) == -1) {
- VIR_FREE(userdir);
- goto out_of_memory;
- }
- VIR_FREE(userdir);
}
- /* Configuration paths are either ~/.libvirt/qemu/... (session) or
- * /etc/libvirt/qemu/... (system).
- */
- if (virAsprintf(&driverState->networkConfigDir, "%s/qemu/networks", base) == -1)
- goto out_of_memory;
-
- if (virAsprintf(&driverState->networkAutostartDir, "%s/qemu/networks/autostart",
- base) == -1)
- goto out_of_memory;
-
- VIR_FREE(base);
-
if (!(driverState->iptables = iptablesContextNew())) {
goto out_of_memory;
}
@@ -421,7 +429,7 @@
driverState->dnsmasqCaps = dnsmasqCapsNewFromBinary(DNSMASQ);
if (virNetworkLoadAllState(&driverState->networks,
- NETWORK_STATE_DIR) < 0)
+ driverState->stateDir) < 0)
goto error;
if (virNetworkLoadAllConfigs(&driverState->networks,
@@ -462,18 +470,19 @@
}
#endif
- return 0;
+ ret = 0;
+cleanup:
+ VIR_FREE(configdir);
+ VIR_FREE(rundir);
+ return ret;
out_of_memory:
virReportOOMError();
-
error:
if (driverState)
networkDriverUnlock(driverState);
-
- VIR_FREE(base);
networkStateCleanup();
- return -1;
+ goto cleanup;
}
/**
@@ -489,7 +498,7 @@
networkDriverLock(driverState);
virNetworkLoadAllState(&driverState->networks,
- NETWORK_STATE_DIR);
+ driverState->stateDir);
virNetworkLoadAllConfigs(&driverState->networks,
driverState->networkConfigDir,
driverState->networkAutostartDir);
@@ -516,9 +525,12 @@
/* free inactive networks */
virNetworkObjListFree(&driverState->networks);
- VIR_FREE(driverState->logDir);
VIR_FREE(driverState->networkConfigDir);
VIR_FREE(driverState->networkAutostartDir);
+ VIR_FREE(driverState->stateDir);
+ VIR_FREE(driverState->pidDir);
+ VIR_FREE(driverState->dnsmasqStateDir);
+ VIR_FREE(driverState->radvdStateDir);
if (driverState->iptables)
iptablesContextFree(driverState->iptables);
@@ -1060,32 +1072,33 @@
goto cleanup;
}
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
+ if (virFileMakePath(driverState->pidDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_PID_DIR);
+ driverState->pidDir);
goto cleanup;
}
- if (virFileMakePath(NETWORK_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->stateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_STATE_DIR);
+ driverState->stateDir);
goto cleanup;
}
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, network->def->name))) {
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir,
+ network->def->name))) {
virReportOOMError();
goto cleanup;
}
- if (virFileMakePath(DNSMASQ_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->dnsmasqStateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- DNSMASQ_STATE_DIR);
+ driverState->dnsmasqStateDir);
goto cleanup;
}
- dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR);
+ dctx = dnsmasqContextNew(network->def->name, driverState->dnsmasqStateDir);
if (dctx == NULL)
goto cleanup;
@@ -1113,7 +1126,7 @@
* pid
*/
- ret = virPidFileRead(NETWORK_PID_DIR, network->def->name,
+ ret = virPidFileRead(driverState->pidDir, network->def->name,
&network->dnsmasqPid);
if (ret < 0)
goto cleanup;
@@ -1150,8 +1163,10 @@
return networkStartDhcpDaemon(driver, network);
VIR_INFO("Refreshing dnsmasq for network %s", network->def->bridge);
- if (!(dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR)))
+ if (!(dctx = dnsmasqContextNew(network->def->name,
+ driverState->dnsmasqStateDir))) {
goto cleanup;
+ }
/* Look for first IPv4 address that has dhcp defined.
* We only support dhcp-host config on one IPv4 subnetwork
@@ -1375,16 +1390,16 @@
goto cleanup;
}
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
+ if (virFileMakePath(driverState->pidDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- NETWORK_PID_DIR);
+ driverState->pidDir);
goto cleanup;
}
- if (virFileMakePath(RADVD_STATE_DIR) < 0) {
+ if (virFileMakePath(driverState->radvdStateDir) < 0) {
virReportSystemError(errno,
_("cannot create directory %s"),
- RADVD_STATE_DIR);
+ driverState->radvdStateDir);
goto cleanup;
}
@@ -1393,7 +1408,7 @@
virReportOOMError();
goto cleanup;
}
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, radvdpidbase))) {
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir, radvdpidbase))) {
virReportOOMError();
goto cleanup;
}
@@ -1421,7 +1436,7 @@
if (virCommandRun(cmd, NULL) < 0)
goto cleanup;
- if (virPidFileRead(NETWORK_PID_DIR, radvdpidbase, &network->radvdPid) < 0)
+ if (virPidFileRead(driverState->pidDir, radvdpidbase, &network->radvdPid) < 0)
goto cleanup;
ret = 0;
@@ -1448,7 +1463,7 @@
network->def->name) >= 0) &&
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
!= NULL)) {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
network->radvdPid = -1;
@@ -1488,7 +1503,7 @@
network->def->name) >= 0) &&
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
!= NULL)) {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
network->radvdPid = -1;
@@ -2572,7 +2587,7 @@
if (!(radvdpidbase = networkRadvdPidfileBasename(network->def->name))) {
virReportOOMError();
} else {
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
VIR_FREE(radvdpidbase);
}
}
@@ -2673,7 +2688,8 @@
/* Persist the live configuration now that anything autogenerated
* is setup.
*/
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0) {
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
+ network)) < 0) {
goto error;
}
@@ -2703,7 +2719,8 @@
if (!virNetworkObjIsActive(network))
return 0;
- stateFile = virNetworkConfigFile(NETWORK_STATE_DIR, network->def->name);
+ stateFile = virNetworkConfigFile(driverState->stateDir,
+ network->def->name);
if (!stateFile)
return -1;
@@ -3368,8 +3385,10 @@
}
/* save current network state to disk */
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0)
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
+ network)) < 0) {
goto cleanup;
+ }
}
ret = 0;
cleanup:
@@ -4702,7 +4721,7 @@
/* update sum of 'floor'-s of attached NICs */
net->floor_sum += ifaceBand->in->floor;
/* update status file */
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
ignore_value(virBitmapClearBit(net->class_id, class_id));
net->floor_sum -= ifaceBand->in->floor;
iface->data.network.actual->class_id = 0;
@@ -4748,7 +4767,7 @@
ignore_value(virBitmapClearBit(net->class_id,
iface->data.network.actual->class_id));
/* update status file */
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
net->floor_sum += ifaceBand->in->floor;
ignore_value(virBitmapSetBit(net->class_id,
iface->data.network.actual->class_id));

39
libvirt.spec
View File

@ -340,8 +340,8 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 1.0.5 Version: 1.0.5.1
Release: 3%{?dist}%{?extra_release} Release: 1%{?dist}%{?extra_release}
License: LGPLv2+ License: LGPLv2+
Group: Development/Libraries Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -352,10 +352,6 @@ URL: http://libvirt.org/
%endif %endif
Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
Patch1: libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch
# Fix stream operations like screenshot (bz #960879)
Patch0002: 0002-Fix-iohelper-usage-with-streams-opened-for-read.patch
%if %{with_libvirtd} %if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
%if %{with_network} %if %{with_network}
@ -722,6 +718,8 @@ Requires: numad
%endif %endif
# libvirtd depends on 'messagebus' service # libvirtd depends on 'messagebus' service
Requires: dbus Requires: dbus
# For uid creation during pre
Requires(pre): shadow-utils
%description daemon %description daemon
Server side daemon required to manage the virtualization capabilities Server side daemon required to manage the virtualization capabilities
@ -1085,9 +1083,6 @@ of recent versions of Linux (and other OSes).
%prep %prep
%setup -q %setup -q
%patch1 -p1
# Fix stream operations like screenshot (bz #960879)
%patch0002 -p1
%build %build
%if ! %{with_xen} %if ! %{with_xen}
@ -1451,14 +1446,19 @@ make check
%if %{with_libvirtd} %if %{with_libvirtd}
%pre daemon %pre daemon
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
# Normally 'setup' adds this in /etc/passwd, but this is # We want soft static allocation of well-known ids, as disk images
# here for case of upgrades from earlier Fedora/RHEL. This # are commonly shared across NFS mounts by id rather than name; see
# UID/GID pair is reserved for qemu:qemu # https://fedoraproject.org/wiki/Packaging:UsersAndGroups
getent group kvm >/dev/null || groupadd -g 36 -r kvm getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
getent group qemu >/dev/null || groupadd -g 107 -r qemu getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
getent passwd qemu >/dev/null || \ if ! getent passwd qemu >/dev/null; then
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ if ! getent passwd 107 >/dev/null; then
-c "qemu user" qemu useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
else
useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
fi
fi
exit 0
%endif %endif
%post daemon %post daemon
@ -2005,6 +2005,11 @@ fi
%endif %endif
%changelog %changelog
* Sun May 19 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5.1-1
- Rebased to version 1.0.5.1
- Follow updated packaging guidelines for user alloc (bz #924501)
- CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
* Tue May 14 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5-3 * Tue May 14 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5-3
- Fix stream operations like screenshot (bz #960879) - Fix stream operations like screenshot (bz #960879)

3
sources
View File

@ -1,2 +1 @@
97166bc42d7cacb037923907abe656ab libvirt-1.0.4.tar.gz a5cfdbeccf6dc02d38dc28994bd50d74 libvirt-1.0.5.1.tar.gz
91c4145f49bcf92e89470fa3fb28fff6 libvirt-1.0.5.tar.gz