Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libvirt It fixes on CVE using the upstream commit and one RHism in the unit file of virtlogd grabbing the configuration from /etc/sysconfig/virtlogd instead of /etc/default/virtlogd. Cheers, -- Guido unblock libvirt/3.0.0-3 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog index 31b53b902..253d0b172 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +libvirt (3.0.0-3) unstable; urgency=medium + + * [62ad289] Debianize virtlogd + * [cb216b5] CVE-2017-2635: qemu: Don't update physical storage size of empty drives + (Closes: #856313) + + -- Guido Günther <a...@sigxcpu.org> Mon, 27 Feb 2017 20:07:41 +0100 + libvirt (3.0.0-2) unstable; urgency=medium * Upload to unstable diff --git a/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch b/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch new file mode 100644 index 000000000..7040d757b --- /dev/null +++ b/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch @@ -0,0 +1,33 @@ +From: Peter Krempa <pkre...@redhat.com> +Date: Thu, 23 Feb 2017 10:07:30 +0100 +Subject: CVE-2017-2635: qemu: Don't update physical storage size of empty + drives + +Previously the code called virStorageSourceUpdateBlockPhysicalSize which +did not do anything on empty drives since it worked only on block +devices. After the refactor in c5f6151390 it's called for all devices +and thus attempts to deref the NULL path of empty drives. + +Add a check that skips the update of the physical size if the storage +source is empty. + +Upstream-Commit: c3de387380f6057ee0e46cd9f2f0a092e8070875 +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420718 +--- + src/qemu/qemu_driver.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index d4422f3..2bb5906 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -11644,6 +11644,9 @@ qemuDomainStorageUpdatePhysical(virQEMUDriverPtr driver, + int fd = -1; + struct stat sb; + ++ if (virStorageSourceIsEmpty(src)) ++ return 0; ++ + if (qemuDomainStorageOpenStat(driver, cfg, vm, src, &fd, &sb) < 0) + return -1; + diff --git a/debian/patches/debian/Debianize-virtlogd.patch b/debian/patches/debian/Debianize-virtlogd.patch new file mode 100644 index 000000000..ce0d98c88 --- /dev/null +++ b/debian/patches/debian/Debianize-virtlogd.patch @@ -0,0 +1,21 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <a...@sigxcpu.org> +Date: Fri, 3 Feb 2017 13:23:22 +0100 +Subject: Debianize virtlogd + +--- + src/logging/virtlogd.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in +index 09e0740..87ac468 100644 +--- a/src/logging/virtlogd.service.in ++++ b/src/logging/virtlogd.service.in +@@ -6,7 +6,7 @@ Documentation=man:virtlogd(8) + Documentation=http://libvirt.org + + [Service] +-EnvironmentFile=-/etc/sysconfig/virtlogd ++EnvironmentFile=-/etc/default/virtlogd + ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Loosing the logs is a really bad thing that will diff --git a/debian/patches/series b/debian/patches/series index 462605e4f..a5eeda373 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -18,3 +18,5 @@ Pass-GPG_TTY-env-var-to-the-ssh-binary.patch openpty-Skip-test-if-no-pty-is-available.patch test-posix_openpt-don-t-fail-on-EACCESS.patch Disable-use-of-namespaces-by-default.patch +debian/Debianize-virtlogd.patch +CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
