diff options
| author |   Michal Privoznik <michal.privoznik@gmail.com> | 2023-10-31 10:00:44 +0100 |
|---|---|---|
| committer |   Matthias Maier <tamiko@gentoo.org> | 2023-10-31 11:25:18 -0500 |
| commit | 42fd27c7046a483b588a8e4e59f6ab8c1d2edcc2 (patch) | |
| tree | e1eee2ab4b8b7f4641f6df1be44ef6bd1c3d36a4 /app-emulation | |
| parent | app-backup/restic: drop 0.16.0 (diff) | |
| download | gentoo-42fd27c7046a483b588a8e4e59f6ab8c1d2edcc2.tar.gz gentoo-42fd27c7046a483b588a8e4e59f6ab8c1d2edcc2.tar.bz2 gentoo-42fd27c7046a483b588a8e4e59f6ab8c1d2edcc2.zip | |
app-emulation/libvirt: Backport fix for CVE-2023-3750
A security flaw was identified in <app-emulation/libvirt-9.6.0
which can result int DoS. The upstream is fixed from 9.6.0.
Backport the fix to older versions found in portage.
Bug: https://bugs.gentoo.org/916497
Closes: https://github.com/gentoo/gentoo/pull/33604
Signed-off-by: Michal Privoznik <michal.privoznik@gmail.com>
Signed-off-by: Matthias Maier <tamiko@gentoo.org>
Diffstat (limited to 'app-emulation')
| -rw-r--r-- | app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch | 57 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-9.3.0-r1.ebuild (renamed from app-emulation/libvirt/libvirt-9.3.0.ebuild) | 1 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-9.4.0-r4.ebuild (renamed from app-emulation/libvirt/libvirt-9.4.0-r3.ebuild) | 1 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-9.5.0-r1.ebuild (renamed from app-emulation/libvirt/libvirt-9.5.0.ebuild) | 1 |
4 files changed, 60 insertions, 0 deletions
diff --git a/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch b/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch new file mode 100644 index 000000000000..b2e1b3536227 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch @@ -0,0 +1,57 @@ +From 9a47442366fcf8a7b6d7422016d7bbb6764a1098 Mon Sep 17 00:00:00 2001 +Message-ID: <9a47442366fcf8a7b6d7422016d7bbb6764a1098.1698742017.git.mprivozn@redhat.com> +From: Peter Krempa <pkrempa@redhat.com> +Date: Thu, 13 Jul 2023 16:16:37 +0200 +Subject: [PATCH] storage: Fix returning of locked objects from + 'virStoragePoolObjListSearch' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2023-3750 + +'virStoragePoolObjListSearch' explicitly documents that it's returning +a pointer to a locked and ref'd pool that maches the lookup function. + +This was not the case as in commit 0c4b391e2a9 (released in +libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD' +which auto-unlocked it when leaving the scope, even when the code was +originally "leaking" the lock. + +Revert the corresponding conversion and add a comment that this function +is intentionally leaking a locked object. + +Fixes: 0c4b391e2a9 +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851 +Signed-off-by: Peter Krempa <pkrempa@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/conf/virstorageobj.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/conf/virstorageobj.c b/src/conf/virstorageobj.c +index 7010e97d61..59fa5da372 100644 +--- a/src/conf/virstorageobj.c ++++ b/src/conf/virstorageobj.c +@@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload, + virStoragePoolObj *obj = (virStoragePoolObj *) payload; + struct _virStoragePoolObjListSearchData *data = + (struct _virStoragePoolObjListSearchData *)opaque; +- VIR_LOCK_GUARD lock = virObjectLockGuard(obj); + ++ virObjectLock(obj); ++ ++ /* If we find the matching pool object we must return while the object is ++ * locked as the caller wants to return a locked object. */ + if (data->searcher(obj, data->opaque)) + return 1; + ++ virObjectUnlock(obj); ++ + return 0; + } + +-- +2.41.0 + diff --git a/app-emulation/libvirt/libvirt-9.3.0.ebuild b/app-emulation/libvirt/libvirt-9.3.0-r1.ebuild index 35e25c535b20..fb7df1f1d07e 100644 --- a/app-emulation/libvirt/libvirt-9.3.0.ebuild +++ b/app-emulation/libvirt/libvirt-9.3.0-r1.ebuild @@ -145,6 +145,7 @@ PATCHES=( "${FILESDIR}"/${PN}-6.0.0-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-8.2.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-8.2.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch ) pkg_setup() { diff --git a/app-emulation/libvirt/libvirt-9.4.0-r3.ebuild b/app-emulation/libvirt/libvirt-9.4.0-r4.ebuild index 1118dfad61ae..360f8a9efd17 100644 --- a/app-emulation/libvirt/libvirt-9.4.0-r3.ebuild +++ b/app-emulation/libvirt/libvirt-9.4.0-r4.ebuild @@ -146,6 +146,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.4.0-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-9.4.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.4.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch ) pkg_setup() { diff --git a/app-emulation/libvirt/libvirt-9.5.0.ebuild b/app-emulation/libvirt/libvirt-9.5.0-r1.ebuild index 0a0255e18fcf..79a057763a8a 100644 --- a/app-emulation/libvirt/libvirt-9.5.0.ebuild +++ b/app-emulation/libvirt/libvirt-9.5.0-r1.ebuild @@ -146,6 +146,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.4.0-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-9.4.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.4.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-9.6.0-storage-Fix-returning-of-locked-objects-from-virStor.patch ) pkg_setup() { |