From 5b542a55a61eeb6c8b0d69fcddfa27817ab780c3 Mon Sep 17 00:00:00 2001
From: CentOS Buildsys <bugs@centos.org>
Date: Jan 26 2014 21:07:08 +0000
Subject: import perl-Sys-Virt-1.1.1-5.el7.src.rpm


---

diff --git a/SOURCES/0003-Use-strncpy-instead-of-memcpy-for-migrate-parameters.patch b/SOURCES/0003-Use-strncpy-instead-of-memcpy-for-migrate-parameters.patch
new file mode 100644
index 0000000..ad1b471
--- /dev/null
+++ b/SOURCES/0003-Use-strncpy-instead-of-memcpy-for-migrate-parameters.patch
@@ -0,0 +1,92 @@
+From aafe1bf39f192679d18be7280ced4ca2e21eb95f Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Wed, 18 Dec 2013 11:25:12 +0000
+Subject: [PATCH] Use strncpy instead of memcpy for migrate parameters
+
+Using memcpy for copying migrate parameter names meant the
+code was reading beyond the end of the string constants.
+We must use strncpy to only read upto the null terminator.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit 48ffa420b50d2abf19600e2f5c9ff7694406762f)
+
+Conflicts:
+	Virt.xs
+---
+ Virt.xs | 40 ++++++++++++++++++++--------------------
+ 1 file changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/Virt.xs b/Virt.xs
+index e6b431c..2d6ba0c 100644
+--- a/Virt.xs
++++ b/Virt.xs
+@@ -3768,24 +3768,24 @@ _migrate(dom, destcon, newparams, flags=0)
+      nparams = 5;
+      Newx(params, nparams, virTypedParameter);
+ 
+-     memcpy(params[0].field, VIR_MIGRATE_PARAM_URI,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[0].field, VIR_MIGRATE_PARAM_URI,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[0].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[1].field, VIR_MIGRATE_PARAM_DEST_NAME,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[1].field, VIR_MIGRATE_PARAM_DEST_NAME,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[1].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[2].field, VIR_MIGRATE_PARAM_DEST_XML,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[2].field, VIR_MIGRATE_PARAM_DEST_XML,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[2].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[3].field, VIR_MIGRATE_PARAM_GRAPHICS_URI,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[3].field, VIR_MIGRATE_PARAM_GRAPHICS_URI,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[3].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[4].field, VIR_MIGRATE_PARAM_BANDWIDTH,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[4].field, VIR_MIGRATE_PARAM_BANDWIDTH,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[4].type = VIR_TYPED_PARAM_ULLONG;
+ 
+ 
+@@ -3817,24 +3817,24 @@ _migrate_to_uri(dom, desturi, newparams, flags=0)
+      nparams = 5;
+      Newx(params, nparams, virTypedParameter);
+ 
+-     memcpy(params[0].field, VIR_MIGRATE_PARAM_URI,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[0].field, VIR_MIGRATE_PARAM_URI,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[0].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[1].field, VIR_MIGRATE_PARAM_DEST_NAME,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[1].field, VIR_MIGRATE_PARAM_DEST_NAME,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[1].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[2].field, VIR_MIGRATE_PARAM_DEST_XML,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[2].field, VIR_MIGRATE_PARAM_DEST_XML,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[2].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[3].field, VIR_MIGRATE_PARAM_GRAPHICS_URI,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[3].field, VIR_MIGRATE_PARAM_GRAPHICS_URI,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[3].type = VIR_TYPED_PARAM_STRING;
+ 
+-     memcpy(params[4].field, VIR_MIGRATE_PARAM_BANDWIDTH,
+-            VIR_TYPED_PARAM_FIELD_LENGTH);
++     strncpy(params[4].field, VIR_MIGRATE_PARAM_BANDWIDTH,
++             VIR_TYPED_PARAM_FIELD_LENGTH);
+      params[4].type = VIR_TYPED_PARAM_ULLONG;
+ 
+      nparams = vir_typed_param_from_hv(newparams, params, nparams);
diff --git a/SPECS/perl-Sys-Virt.spec b/SPECS/perl-Sys-Virt.spec
index abdd6af..1f5559d 100644
--- a/SPECS/perl-Sys-Virt.spec
+++ b/SPECS/perl-Sys-Virt.spec
@@ -2,7 +2,7 @@
 
 Name:           perl-Sys-Virt
 Version:        1.1.1
-Release:        2%{?dist}%{?extra_release}
+Release:        5%{?dist}%{?extra_release}
 Summary:        Represent and manage a libvirt hypervisor connection
 License:        GPLv2+ or Artistic
 Group:          Development/Libraries
@@ -10,6 +10,7 @@ URL:            http://search.cpan.org/dist/Sys-Virt/
 Source0:        http://www.cpan.org/authors/id/D/DA/DANBERR/Sys-Virt-%{version}.tar.gz
 Patch1: 0001-Fix-error-handling-for-virNodeDeviceGetParent.patch
 Patch2: 0002-Fix-handling-of-flags-in-get_vcpu_info.patch
+Patch3: 0003-Use-strncpy-instead-of-memcpy-for-migrate-parameters.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  perl(ExtUtils::MakeMaker)
 BuildRequires:  perl(Test::Pod)
@@ -29,6 +30,7 @@ virtualization containers to be managed with a consistent API.
 %setup -q -n Sys-Virt-%{version}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 sed -i -e '/Sys-Virt\.spec/d' Makefile.PL
 sed -i -e '/\.spec\.PL$/d' MANIFEST
@@ -63,6 +65,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/*
 
 %changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.1.1-5
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.1.1-4
+- Mass rebuild 2013-12-27
+
+* Wed Dec 18 2013 Daniel P. Berrange <berrange@redhat.com> - 1.1.1-3
+- Fix out of bounds read in migrate param handling (rhbz #1043736)
+
 * Thu Aug  8 2013 Daniel P. Berrange <berrange@redhat.com> - 1.1.1-2
 - Fix incorrect handling of flags in $dom->get_vcpu_info() (rhbz #994139)
 - Fix error handling in $dev->get_parent() (rhbz #994141)