Bug#856340: marked as done (unblock: libvirt/3.0.0-3)

Debian Bug Tracking System Tue, 28 Feb 2017 00:52:13 -0800

Your message dated Tue, 28 Feb 2017 08:48:01 +0000
with message-id <e1cidrx-0000mm...@respighi.debian.org>
and subject line unblock libvirt
has caused the Debian Bug report #856340,
regarding unblock: libvirt/3.0.0-3
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
856340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856340
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package libvirt

It fixes on CVE using the upstream commit and one RHism in the unit file
of virtlogd grabbing the configuration from /etc/sysconfig/virtlogd
instead of /etc/default/virtlogd.
Cheers,
 -- Guido

unblock libvirt/3.0.0-3

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index 31b53b902..253d0b172 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libvirt (3.0.0-3) unstable; urgency=medium
+
+  * [62ad289] Debianize virtlogd
+  * [cb216b5] CVE-2017-2635: qemu: Don't update physical storage size of empty drives
+    (Closes: #856313)
+
+ -- Guido Günther <a...@sigxcpu.org>  Mon, 27 Feb 2017 20:07:41 +0100
+
 libvirt (3.0.0-2) unstable; urgency=medium
 
   * Upload to unstable
diff --git a/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch b/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
new file mode 100644
index 000000000..7040d757b
--- /dev/null
+++ b/debian/patches/CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
@@ -0,0 +1,33 @@
+From: Peter Krempa <pkre...@redhat.com>
+Date: Thu, 23 Feb 2017 10:07:30 +0100
+Subject: CVE-2017-2635: qemu: Don't update physical storage size of empty
+ drives
+
+Previously the code called virStorageSourceUpdateBlockPhysicalSize which
+did not do anything on empty drives since it worked only on block
+devices. After the refactor in c5f6151390 it's called for all devices
+and thus attempts to deref the NULL path of empty drives.
+
+Add a check that skips the update of the physical size if the storage
+source is empty.
+
+Upstream-Commit: c3de387380f6057ee0e46cd9f2f0a092e8070875
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420718
+---
+ src/qemu/qemu_driver.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index d4422f3..2bb5906 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -11644,6 +11644,9 @@ qemuDomainStorageUpdatePhysical(virQEMUDriverPtr driver,
+     int fd = -1;
+     struct stat sb;
+ 
++    if (virStorageSourceIsEmpty(src))
++        return 0;
++
+     if (qemuDomainStorageOpenStat(driver, cfg, vm, src, &fd, &sb) < 0)
+         return -1;
+ 
diff --git a/debian/patches/debian/Debianize-virtlogd.patch b/debian/patches/debian/Debianize-virtlogd.patch
new file mode 100644
index 000000000..ce0d98c88
--- /dev/null
+++ b/debian/patches/debian/Debianize-virtlogd.patch
@@ -0,0 +1,21 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <a...@sigxcpu.org>
+Date: Fri, 3 Feb 2017 13:23:22 +0100
+Subject: Debianize virtlogd
+
+---
+ src/logging/virtlogd.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
+index 09e0740..87ac468 100644
+--- a/src/logging/virtlogd.service.in
++++ b/src/logging/virtlogd.service.in
+@@ -6,7 +6,7 @@ Documentation=man:virtlogd(8)
+ Documentation=http://libvirt.org
+ 
+ [Service]
+-EnvironmentFile=-/etc/sysconfig/virtlogd
++EnvironmentFile=-/etc/default/virtlogd
+ ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
+ ExecReload=/bin/kill -USR1 $MAINPID
+ # Loosing the logs is a really bad thing that will
diff --git a/debian/patches/series b/debian/patches/series
index 462605e4f..a5eeda373 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,5 @@ Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 openpty-Skip-test-if-no-pty-is-available.patch
 test-posix_openpt-don-t-fail-on-EACCESS.patch
 Disable-use-of-namespaces-by-default.patch
+debian/Debianize-virtlogd.patch
+CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch

--- End Message ---

--- Begin Message ---
Unblocked.
--- End Message ---

Bug#856340: marked as done (unblock: libvirt/3.0.0-3)

Reply via email to