Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch')
-rw-r--r--app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch73
1 files changed, 0 insertions, 73 deletions
diff --git a/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch b/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch
deleted file mode 100644
index c5e6926d1e96..000000000000
--- a/app-emulation/libvirt/files/libvirt-1.2.10-cve-2014-7823.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Patch from: https://www.redhat.com/archives/libvir-list/2014-November/msg00114.html
-
-From: Eric Blake <eblake redhat com>
-To: libvir-list redhat com
-Subject: [libvirt] [PATCH] CVE-2014-7823: dumpxml: security hole with migratable flag
-Date: Wed, 5 Nov 2014 17:30:46 +0100
----
-
-Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
-the qemu implementation of virDomainGetXMLDesc, the use of the
-flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
-connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
-prior to calling qemuDomainFormatXML. However, the use of
-VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
-clients only. This patch treats the migratable flag as requiring
-the same permissions, rather than analyzing what might break if
-migratable xml no longer includes secret information.
-
-Fortunately, the information leak is low-risk: all that is gated
-by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
-but VNC passwords are already weak (FIPS forbids their use, and
-on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
-password sent in plaintext over the network deserves what they
-get). SPICE offers better security than VNC, and all other
-secrets are properly protected by use of virSecret associations
-rather than direct output in domain XML.
-
-* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
-Tighten rules on use of migratable flag.
-* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
-
-Signed-off-by: Eric Blake <eblake redhat com>
----
-
-The libvirt-security list agreed that this did not need an embargo
-because it is low-risk; but I'm on the road this week, so while
-this patch for master can go in now, I won't complete the backport
-to all the affected stable branches (everything since v1.0.0) or
-do the Libvirt Security Notice writeup until Monday.
-
- src/libvirt-domain.c | 3 ++-
- src/remote/remote_protocol.x | 1 +
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index 7dc3146..2b0defc 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
- virCheckDomainReturn(domain, NULL);
- conn = domain->conn;
-
-- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
-+ if ((conn->flags & VIR_CONNECT_RO) &&
-+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
- _("virDomainGetXMLDesc with secure flag"));
- goto error;
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index db12cda..ebf4530 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -3255,6 +3255,7 @@ enum remote_procedure {
- * @generate: both
- * @acl: domain:read
- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
-+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
- */
- REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
-
---
-1.9.3
-