diff --git a/SOURCES/libvirt-Don-t-use-AI_ADDRCONFIG-when-binding-to-wildcard-addresses.patch b/SOURCES/libvirt-Don-t-use-AI_ADDRCONFIG-when-binding-to-wildcard-addresses.patch new file mode 100644 index 0000000..a65948b --- /dev/null +++ b/SOURCES/libvirt-Don-t-use-AI_ADDRCONFIG-when-binding-to-wildcard-addresses.patch @@ -0,0 +1,102 @@ +From 00f93eb12547bbd7314394e23faf72695972efcf Mon Sep 17 00:00:00 2001 +Message-Id: <00f93eb12547bbd7314394e23faf72695972efcf@dist-git> +From: =?UTF-8?q?J=C3=A1n=20Tomko?= +Date: Tue, 24 Jun 2014 16:02:37 +0200 +Subject: [PATCH] Don't use AI_ADDRCONFIG when binding to wildcard addresses + +https://bugzilla.redhat.com/show_bug.cgi?id=1112692 + +With parallel boot, network addresses might not yet be assigned [1], +but binding to wildcard addresses should work. + +For non-wildcard addresses, ADDRCONFIG is still used. Document this +in libvirtd.conf. + +[1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ + +(cherry picked from commit 819ca36e2b65a0a34263547161a98cec497780c8) + +Signed-off-by: Jiri Denemark +--- + daemon/libvirtd.conf | 4 ++++ + src/rpc/virnetsocket.c | 28 ++++++++++++++++++++++++++-- + 2 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf +index 5353927..e518ae5 100644 +--- a/daemon/libvirtd.conf ++++ b/daemon/libvirtd.conf +@@ -48,6 +48,10 @@ + # Override the default configuration which binds to all network + # interfaces. This can be a numeric IPv4/6 address, or hostname + # ++# If the libvirtd service is started in parallel with network ++# startup (e.g. with systemd), binding to addresses other than ++# the wildcards (0.0.0.0/::) might not be available yet. ++# + #listen_addr = "192.168.0.1" + + +diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c +index fcd41ca..85fedb0 100644 +--- a/src/rpc/virnetsocket.c ++++ b/src/rpc/virnetsocket.c +@@ -224,15 +224,29 @@ int virNetSocketNewListenTCP(const char *nodename, + struct addrinfo hints; + int fd = -1; + size_t i; +- int addrInUse = false; ++ bool addrInUse = false; ++ bool familyNotSupported = false; ++ virSocketAddr tmp_addr; + + *retsocks = NULL; + *nretsocks = 0; + + memset(&hints, 0, sizeof(hints)); +- hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; ++ hints.ai_flags = AI_PASSIVE; + hints.ai_socktype = SOCK_STREAM; + ++ /* Don't use ADDRCONFIG for binding to the wildcard address. ++ * Just catch the error returned by socket() if the system has ++ * no IPv6 support. ++ * ++ * This allows libvirtd to be started in parallel with the network ++ * startup in most cases. ++ */ ++ if (nodename && ++ !(virSocketAddrParse(&tmp_addr, nodename, AF_UNSPEC) > 0 && ++ virSocketAddrIsWildcard(&tmp_addr))) ++ hints.ai_flags |= AI_ADDRCONFIG; ++ + int e = getaddrinfo(nodename, service, &hints, &ai); + if (e != 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, +@@ -249,6 +263,11 @@ int virNetSocketNewListenTCP(const char *nodename, + + if ((fd = socket(runp->ai_family, runp->ai_socktype, + runp->ai_protocol)) < 0) { ++ if (errno == EAFNOSUPPORT) { ++ familyNotSupported = true; ++ runp = runp->ai_next; ++ continue; ++ } + virReportSystemError(errno, "%s", _("Unable to create socket")); + goto error; + } +@@ -306,6 +325,11 @@ int virNetSocketNewListenTCP(const char *nodename, + fd = -1; + } + ++ if (nsocks == 0 && familyNotSupported) { ++ virReportSystemError(EAFNOSUPPORT, "%s", _("Unable to bind to port")); ++ goto error; ++ } ++ + if (nsocks == 0 && + addrInUse) { + virReportSystemError(EADDRINUSE, "%s", _("Unable to bind to port")); +-- +2.0.0 + diff --git a/SOURCES/libvirt-LSN-2014-0003-Don-t-expand-entities-when-parsing-XML.patch b/SOURCES/libvirt-LSN-2014-0003-Don-t-expand-entities-when-parsing-XML.patch new file mode 100644 index 0000000..a401de9 --- /dev/null +++ b/SOURCES/libvirt-LSN-2014-0003-Don-t-expand-entities-when-parsing-XML.patch @@ -0,0 +1,44 @@ +From 4243ecb180e5236351d671a16201816721ee8fd2 Mon Sep 17 00:00:00 2001 +Message-Id: <4243ecb180e5236351d671a16201816721ee8fd2@dist-git> +From: "Daniel P. Berrange" +Date: Tue, 6 May 2014 15:18:22 +0100 +Subject: [PATCH] LSN-2014-0003: Don't expand entities when parsing XML + +For CVE-2014-0179. + +If the XML_PARSE_NOENT flag is passed to libxml2, then any +entities in the input document will be fully expanded. This +allows the user to read arbitrary files on the host machine +by creating an entity pointing to a local file. Removing +the XML_PARSE_NOENT flag means that any entities are left +unchanged by the parser, or expanded to "" by the XPath +APIs. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit d6b27d3e4c40946efa79e91d134616b41b1666c4) +Signed-off-by: Jiri Denemark +--- + src/util/virxml.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/util/virxml.c b/src/util/virxml.c +index f652ee0..4769569 100644 +--- a/src/util/virxml.c ++++ b/src/util/virxml.c +@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode, + + if (filename) { + xml = xmlCtxtReadFile(pctxt, filename, NULL, +- XML_PARSE_NOENT | XML_PARSE_NONET | ++ XML_PARSE_NONET | + XML_PARSE_NOWARNING); + } else { + xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL, +- XML_PARSE_NOENT | XML_PARSE_NONET | ++ XML_PARSE_NONET | + XML_PARSE_NOWARNING); + } + if (!xml) +-- +2.0.0 + diff --git a/SOURCES/libvirt-qemu-Unlock-the-NWFilter-update-lock-by-leaving-via-the-cleanup-label.patch b/SOURCES/libvirt-qemu-Unlock-the-NWFilter-update-lock-by-leaving-via-the-cleanup-label.patch new file mode 100644 index 0000000..a1e6600 --- /dev/null +++ b/SOURCES/libvirt-qemu-Unlock-the-NWFilter-update-lock-by-leaving-via-the-cleanup-label.patch @@ -0,0 +1,35 @@ +From 0fcbd4b6e8027c5d6df0a6f8900596832b4f9faa Mon Sep 17 00:00:00 2001 +Message-Id: <0fcbd4b6e8027c5d6df0a6f8900596832b4f9faa@dist-git> +From: Stefan Berger +Date: Thu, 17 Apr 2014 06:30:08 -0400 +Subject: [PATCH] qemu: Unlock the NWFilter update lock by leaving via the + cleanup label + +Fix a locking problem by leaving the function via the cleanup label. + +Signed-off-by: Stefan Berger + +https://bugzilla.redhat.com/show_bug.cgi?id=1112690 + +(cherry picked from commit a4209f53795290ff9f2173092800eb3f767fff3e) +Signed-off-by: Jiri Denemark +--- + src/qemu/qemu_driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 89be90c..475b752 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -6173,7 +6173,7 @@ qemuDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) + virNWFilterReadLockFilterUpdates(); + + if (!(vm = qemuDomObjFromDomain(dom))) +- return -1; ++ goto cleanup; + + if (virDomainCreateWithFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; +-- +2.0.0 + diff --git a/SOURCES/libvirt-virNetClientSetTLSSession-Restore-original-signal-mask.patch b/SOURCES/libvirt-virNetClientSetTLSSession-Restore-original-signal-mask.patch new file mode 100644 index 0000000..a2a1b71 --- /dev/null +++ b/SOURCES/libvirt-virNetClientSetTLSSession-Restore-original-signal-mask.patch @@ -0,0 +1,55 @@ +From fc487718995019c158cbf8305b6473f0dfb61ef7 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Tue, 24 Jun 2014 15:44:35 +0200 +Subject: [PATCH] virNetClientSetTLSSession: Restore original signal mask + +https://bugzilla.redhat.com/show_bug.cgi?id=1112689 + +Currently, we use pthread_sigmask(SIG_BLOCK, ...) prior to calling +poll(). This is okay, as we don't want poll() to be interrupted. +However, then - immediately as we fall out from the poll() - we try to +restore the original sigmask - again using SIG_BLOCK. But as the man +page says, SIG_BLOCK adds signals to the signal mask: + +SIG_BLOCK + The set of blocked signals is the union of the current set and the set argument. + +Therefore, when restoring the original mask, we need to completely +overwrite the one we set earlier and hence we should be using: + +SIG_SETMASK + The set of blocked signals is set to the argument set. + +Signed-off-by: Michal Privoznik +(cherry picked from commit 3d4b4f5ac634c123af1981084add29d3a2ca6ab0) +Signed-off-by: Jiri Denemark +--- + src/rpc/virnetclient.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c +index 9deec9e..9cb77cd 100644 +--- a/src/rpc/virnetclient.c ++++ b/src/rpc/virnetclient.c +@@ -789,7 +789,7 @@ int virNetClientSetTLSSession(virNetClientPtr client, + if (ret < 0 && (errno == EAGAIN || errno == EINTR)) + goto repoll; + +- ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL)); ++ ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL)); + } + + ret = virNetTLSContextCheckCertificate(tls, client->tls); +@@ -813,7 +813,7 @@ int virNetClientSetTLSSession(virNetClientPtr client, + if (ret < 0 && (errno == EAGAIN || errno == EINTR)) + goto repoll2; + +- ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL)); ++ ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL)); + + len = virNetTLSSessionRead(client->tls, buf, 1); + if (len < 0 && errno != ENOMSG) { +-- +2.0.0 + diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec index 85c5000..6f8b47e 100644 --- a/SPECS/libvirt.spec +++ b/SPECS/libvirt.spec @@ -379,7 +379,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 1.1.1 -Release: 29%{?dist}%{?extra_release} +Release: 29%{?dist}.1%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -898,6 +898,10 @@ Patch505: libvirt-qemu-Introduce-qemuDomainDefCheckABIStability.patch Patch506: libvirt-nwfilter-Increase-buffer-size-for-libpcap.patch Patch507: libvirt-nwfilter-Display-pcap-s-error-message-when-pcap-setup-fails.patch Patch508: libvirt-nwfilter-Fix-double-free-of-pointer.patch +Patch509: libvirt-LSN-2014-0003-Don-t-expand-entities-when-parsing-XML.patch +Patch510: libvirt-virNetClientSetTLSSession-Restore-original-signal-mask.patch +Patch511: libvirt-Don-t-use-AI_ADDRCONFIG-when-binding-to-wildcard-addresses.patch +Patch512: libvirt-qemu-Unlock-the-NWFilter-update-lock-by-leaving-via-the-cleanup-label.patch %if %{with_libvirtd} @@ -1695,6 +1699,22 @@ of recent versions of Linux (and other OSes). %prep %setup -q +# Patches have to be stored in a temporary file because RPM has +# a limit on the length of the result of any macro expansion; +# if the string is longer, it's silently cropped +%{lua: + tmp = os.tmpname(); + f = io.open(tmp, "w+"); + count = 0; + for i, p in ipairs(patches) do + f:write(p.."\n"); + count = count + 1; + end; + f:close(); + print("PATCHCOUNT="..count.."\n") + print("PATCHLIST="..tmp.."\n") +} + git init -q git config user.name rpm-build git config user.email rpm-build @@ -1702,9 +1722,17 @@ git config gc.auto 0 git add . git commit -q -a --author 'rpm-build ' \ -m '%{name}-%{version} base' -{ -%{lua: for i, p in ipairs(patches) do print(" echo "..p.."\n") end} -} | xargs git am + +COUNT=$(grep '\.patch$' $PATCHLIST | wc -l) +if [ $COUNT -ne $PATCHCOUNT ]; then + echo "Found $COUNT patches in $PATCHLIST, expected $PATCHCOUNT" + exit 1 +fi +if [ $COUNT -gt 0 ]; then + xargs git am <$PATCHLIST || exit 1 +fi +echo "Applied $COUNT patches" +rm -f $PATCHLIST %build @@ -2667,6 +2695,12 @@ exit 0 %endif %changelog +* Thu Jul 3 2014 Jiri Denemark - 1.1.1-29.el7_0.1 +- LSN-2014-0003: Don't expand entities when parsing XML (CVE-2014-0179) +- virNetClientSetTLSSession: Restore original signal mask (rhbz#1112689) +- Don't use AI_ADDRCONFIG when binding to wildcard addresses (rhbz#1112692) +- qemu: Unlock the NWFilter update lock by leaving via the cleanup label (rhbz#1112690) + * Mon Mar 24 2014 Jiri Denemark - 1.1.1-29 - nwfilter: Increase buffer size for libpcap (rhbz#1078347) - nwfilter: Display pcap's error message when pcap setup fails (rhbz#1078347)