diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2016-07-09 10:06:54 -0500 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2016-07-09 10:10:13 -0500 |
| commit | b2635367a98aa4e0770c5364f9d354322960cc59 (patch) | |
| tree | f6b9ea8546d3cff36ab451c4129b3ba7f48b6ae0 | |
| parent | app-emulation/libvirt: drop vulnerable 1.2.21-r2, bug #587570 (diff) | |
| download | gentoo-b2635367a98aa4e0770c5364f9d354322960cc59.tar.gz gentoo-b2635367a98aa4e0770c5364f9d354322960cc59.tar.bz2 gentoo-b2635367a98aa4e0770c5364f9d354322960cc59.zip | |
app-emulation/libvirt: 1.3.5-r1: Switch to v1.3.5-maint channel for patches
Package-Manager: portage-2.2.28
| -rw-r--r-- | app-emulation/libvirt/Manifest | 1 | ||||
| -rw-r--r-- | app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch | 72 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-1.3.5-r1.ebuild | 5 |
3 files changed, 3 insertions, 75 deletions
diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest index af8e9bbefab9..9bd7c4c538e3 100644 --- a/app-emulation/libvirt/Manifest +++ b/app-emulation/libvirt/Manifest @@ -1,4 +1,5 @@ DIST libvirt-1.2.21-20160709.tar.xz 3048 SHA256 c2bef1c300099c3ff6ce81488a2678e588d18ca46a27916df160c8304239ca80 SHA512 fdf0cd5e1cc3e0144fa99577c1a8c2d5e69ab610c923071b645465fb58076b2ce7a8e4e7747f3a6c59716917c6d41f369d77565c0f9fe10907a76d9b39edede6 WHIRLPOOL 2816d54588e4a49efd6773982b2b8a281572607c86c5a57c45b1736ce22836ea4cb91cee8d59b8fddcaafd2e552d0422ef5ed4b33d19a1705d4a38f270b9d39d DIST libvirt-1.2.21.tar.gz 29848954 SHA256 8d406582f5fe88d739d1d83e0ba7ac7f91f5a8da4be82162ab85631744d8925b SHA512 5c15d0ba5d75c13f735c6a60dfdbad007426f77e113f95894d520f7fc358fa4361d5cce7bb9a548a436f323b845f13b8940abbad568b8b146418430068bb970e WHIRLPOOL d53bbb07c85b3aa2d9b0f38ff2edd3cd0a2a5300627f3e2f0a82bc057303617cab9d6f1d8a9a771bd968b0496d38d3a39a0154f88bdca44dda359a65fdc2c650 +DIST libvirt-1.3.5-20160709.tar.xz 1336 SHA256 d14b14661e9bd89a8805dd84d8ee5f8b39f428a4dcbf70693eea593328e28033 SHA512 08ad8c691f145a3a8c27b594b486b9265777f756099c127e58fd76bac7249a0e84181a3f15da4cf64ffdcf35ff7e3a2f1f1ee50f3882df5d980ad7250a30e44e WHIRLPOOL 8d8106314c2bed984db3947b51b90dadd45680a07d568cc980c6534ba2229bfff8d041ecf40898131030f3db8d6e223fe30ba3dc72b3fe7fedc02a77b5c37331 DIST libvirt-1.3.5.tar.gz 35109092 SHA256 93a23c44eb431da46c9458f95a66e29c9b98e37515d44b6be09e75b35ec94ac8 SHA512 6c6a09623d3d4d426311bfa7039f5e39584d5f891b8e761bbdb3022601ea066b8e1c3f8d609326e8ba4081ae40b7b03086fbc8ba5759d218b8616ec98200a89d WHIRLPOOL 88ac308cc461efff842c27e40263a3b25ce0bc0ca310fb6e9def9126ab893fe43aed01bda9fc3615439ee797c36e2800f741b346e0b3d96aac64e7909c269879 DIST libvirt-2.0.0.tar.xz 13161096 SHA256 10e90af55e613953c0ddc60b4ac3a10c73c0f3493d7014259e3f012b2ffc9acb SHA512 1182346e9268ec50cfd191a18172ad8ca80615a111547cc72fbe227cbbe9579263a1236f80cb36542272bdbf092e2184c9060b65c56dc2098076bbd1a89dd66c WHIRLPOOL 3d6d9e307228f54993c6082f7787d678b2afe84d96b47889d1565e38da489fb99691aeb598831dff04cd9fe47448ea35dc1f5a44b3c6638816cf61533155688c diff --git a/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch b/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch deleted file mode 100644 index a47b408b3cae..000000000000 --- a/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch +++ /dev/null @@ -1,72 +0,0 @@ -From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001 -From: Jiri Denemark <jdenemar@redhat.com> -Date: Tue, 28 Jun 2016 14:39:58 +0200 -Subject: [PATCH] qemu: Let empty default VNC password work as documented - -CVE-2016-5008 - -Setting an empty graphics password is documented as a way to disable -VNC/SPICE access, but QEMU does not always behaves like that. VNC would -happily accept the empty password. Let's enforce the behavior by setting -password expiration to "now". - -https://bugzilla.redhat.com/show_bug.cgi?id=1180092 - -Signed-off-by: Jiri Denemark <jdenemar@redhat.com> ---- - src/qemu/qemu_hotplug.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c -index e0b8230..bf6430d 100644 ---- a/src/qemu/qemu_hotplug.c -+++ b/src/qemu/qemu_hotplug.c -@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, - time_t now = time(NULL); - char expire_time [64]; - const char *connected = NULL; -+ const char *password; - int ret = -1; - virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); - -@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, - ret = 0; - goto cleanup; - } -+ password = auth->passwd ? auth->passwd : defaultPasswd; - - if (auth->connected) - connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); - - if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) - goto cleanup; -- ret = qemuMonitorSetPassword(priv->mon, -- type, -- auth->passwd ? auth->passwd : defaultPasswd, -- connected); -+ ret = qemuMonitorSetPassword(priv->mon, type, password, connected); - - if (ret == -2) { - if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { -@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, - _("Graphics password only supported for VNC")); - ret = -1; - } else { -- ret = qemuMonitorSetVNCPassword(priv->mon, -- auth->passwd ? auth->passwd : defaultPasswd); -+ ret = qemuMonitorSetVNCPassword(priv->mon, password); - } - } - if (ret != 0) - goto end_job; - -- if (auth->expires) { -+ if (password[0] == '\0') { -+ snprintf(expire_time, sizeof(expire_time), "now"); -+ } else if (auth->expires) { - time_t lifetime = auth->validTo - now; - if (lifetime <= 0) - snprintf(expire_time, sizeof(expire_time), "now"); --- -2.7.3 - diff --git a/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild index c5f3f23ac351..b4d328938350 100644 --- a/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild +++ b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild @@ -6,7 +6,7 @@ EAPI=5 inherit eutils user autotools-utils linux-info systemd readme.gentoo -BACKPORTS="" +BACKPORTS="20160709" # CVE-2016-5008 if [[ ${PV} = *9999* ]]; then inherit git-r3 @@ -227,8 +227,7 @@ src_prepare() { "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ "${FILESDIR}"/${PN}-1.3.1-fix_paths_for_apparmor.patch \ "${FILESDIR}"/${PN}-1.2.21-avoid_deprecated_pc_file.patch \ - "${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch \ - "${FILESDIR}"/${P}-CVE-2016-5008.patch + "${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch [[ -n ${BACKPORTS} ]] && EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ |