app-emulation/libvirt: Apply upstream patch for CVE-2016-5008, bug #587570

Package-Manager: portage-2.2.28

2 files changed, 74 insertions, 1 deletions

diff --git a/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch b/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch
new file mode 100644
index 000000000000..a47b408b3cae
--- /dev/null
+++ b/app-emulation/libvirt/files/libvirt-1.3.5-CVE-2016-5008.patch
@@ -0,0 +1,72 @@
+From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 28 Jun 2016 14:39:58 +0200
+Subject: [PATCH] qemu: Let empty default VNC password work as documented
+
+CVE-2016-5008
+
+Setting an empty graphics password is documented as a way to disable
+VNC/SPICE access, but QEMU does not always behaves like that. VNC would
+happily accept the empty password. Let's enforce the behavior by setting
+password expiration to "now".
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1180092
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/qemu/qemu_hotplug.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index e0b8230..bf6430d 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -3933,6 +3933,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+     time_t now = time(NULL);
+     char expire_time [64];
+     const char *connected = NULL;
++    const char *password;
+     int ret = -1;
+     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ 
+@@ -3940,16 +3941,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+         ret = 0;
+         goto cleanup;
+     }
++    password = auth->passwd ? auth->passwd : defaultPasswd;
+ 
+     if (auth->connected)
+         connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
+ 
+     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
+         goto cleanup;
+-    ret = qemuMonitorSetPassword(priv->mon,
+-                                 type,
+-                                 auth->passwd ? auth->passwd : defaultPasswd,
+-                                 connected);
++    ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
+ 
+     if (ret == -2) {
+         if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
+@@ -3957,14 +3956,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+                            _("Graphics password only supported for VNC"));
+             ret = -1;
+         } else {
+-            ret = qemuMonitorSetVNCPassword(priv->mon,
+-                                            auth->passwd ? auth->passwd : defaultPasswd);
++            ret = qemuMonitorSetVNCPassword(priv->mon, password);
+         }
+     }
+     if (ret != 0)
+         goto end_job;
+ 
+-    if (auth->expires) {
++    if (password[0] == '\0') {
++        snprintf(expire_time, sizeof(expire_time), "now");
++    } else if (auth->expires) {
+         time_t lifetime = auth->validTo - now;
+         if (lifetime <= 0)
+             snprintf(expire_time, sizeof(expire_time), "now");
+-- 
+2.7.3
+
diff --git a/app-emulation/libvirt/libvirt-1.3.5.ebuild b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild
index dc601a4b3265..dcff0fd71c05 100644
--- a/app-emulation/libvirt/libvirt-1.3.5.ebuild
+++ b/app-emulation/libvirt/libvirt-1.3.5-r1.ebuild
@@ -222,7 +222,8 @@ src_prepare() {
 		"${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \
 		"${FILESDIR}"/${PN}-1.3.1-fix_paths_for_apparmor.patch \
 		"${FILESDIR}"/${PN}-1.2.21-avoid_deprecated_pc_file.patch \
-		"${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch
+		"${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch \
+		"${FILESDIR}"/${P}-CVE-2016-5008.patch
 
 	[[ -n ${BACKPORTS} ]] &&
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \