[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/0.9.12-4
Guido Günther
agx at sigxcpu.org
Wed Aug 1 19:34:19 UTC 2012
The following commit has been merged in the master branch:
commit 80ac2a6b14c6c3c12fc511bf50fdd083af3a7cfc
Author: Guido Günther <agx at sigxcpu.org>
Date: Wed Aug 1 21:11:22 2012 +0200
Fix CVE-2012-3445
with upstream commit 6039a2cb49c8af4c68460d2faf365a7e1c686c7b
Closes: #683483
diff --git a/debian/patches/Disable-failing-virnetsockettest.patch b/debian/patches/Disable-failing-virnetsockettest.patch
index f9740a9..3ee553a 100644
--- a/debian/patches/Disable-failing-virnetsockettest.patch
+++ b/debian/patches/Disable-failing-virnetsockettest.patch
@@ -5,10 +5,10 @@ Subject: Disable failing virnetsockettest
until we debugged the interaction with pbuilder
---
tests/virnetsockettest.c | 2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
+ 1 file changed, 2 insertions(+)
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
-index 44d6f65..bcfcbd3 100644
+index 204113e..f025f52 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -491,10 +491,12 @@ mymain(void)
diff --git a/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch b/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
index 64f6968..07499c5 100644
--- a/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
+++ b/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
@@ -7,7 +7,7 @@ since it fails on at least sparc and mips from time to time.
Issue reported upstresm.
---
gnulib/tests/test-nonblocking-pipe.sh | 4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
+ 1 file changed, 4 insertions(+)
diff --git a/gnulib/tests/test-nonblocking-pipe.sh b/gnulib/tests/test-nonblocking-pipe.sh
index dd692be..9690791 100755
diff --git a/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch b/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
index f6af824..fbd8a7d 100644
--- a/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
+++ b/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
@@ -4,13 +4,13 @@ Subject: Don't fail if we can't setup avahi
---
src/rpc/virnetserver.c | 5 ++---
- 1 files changed, 2 insertions(+), 3 deletions(-)
+ 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
-index f761e6b..ab6d112 100644
+index ae19e84..33dc807 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
-@@ -695,9 +695,8 @@ void virNetServerRun(virNetServerPtr srv)
+@@ -672,9 +672,8 @@ void virNetServerRun(virNetServerPtr srv)
virNetServerLock(srv);
#if HAVE_AVAHI
diff --git a/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch b/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch
index c78988d..ded6114 100644
--- a/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch
+++ b/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch
@@ -1,6 +1,3 @@
-Message-Id: <b3b5bf1ad7c56d826426b7f7974117ef5b2590e4.1336929172.git.agx at sigxcpu.org>
-In-Reply-To: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx at sigxcpu.org>
-References: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx at sigxcpu.org>
From: Guido Guenther <agx at sigxcpu.org>
Date: Thu, 26 Jun 2008 20:01:38 +0200
Subject: Allow libvirt group to access the socket
diff --git a/debian/patches/debian/Debianize-libvirt-guests.patch b/debian/patches/debian/Debianize-libvirt-guests.patch
index 4918291..e21fbfb 100644
--- a/debian/patches/debian/Debianize-libvirt-guests.patch
+++ b/debian/patches/debian/Debianize-libvirt-guests.patch
@@ -5,6 +5,7 @@ Subject: Debianize libvirt-guests
Origin: vendor
+
---
tools/libvirt-guests.init.sh | 41 +++++++++++++----------------------------
tools/libvirt-guests.sysconf | 4 ++--
diff --git a/debian/patches/debian/Don-t-enable-default-network-on-boot.patch b/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
index 5be54f0..f20235b 100644
--- a/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
+++ b/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
@@ -5,16 +5,17 @@ Subject: Don't enable default network on boot
to not interfere with existing network configurations
+
---
src/Makefile.am | 3 ---
src/Makefile.in | 3 ---
- 2 files changed, 0 insertions(+), 6 deletions(-)
+ 2 files changed, 6 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
-index a2aae9d..6860e21 100644
+index 0dadc29..998fd78 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
-@@ -1622,9 +1622,6 @@ if WITH_NETWORK
+@@ -1625,9 +1625,6 @@ if WITH_NETWORK
cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
$(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
@@ -25,10 +26,10 @@ index a2aae9d..6860e21 100644
uninstall-local::
diff --git a/src/Makefile.in b/src/Makefile.in
-index 26b9dce..34c96a8 100644
+index 209e118..90598de 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
-@@ -7423,9 +7423,6 @@ install-data-local:
+@@ -7486,9 +7486,6 @@ install-data-local:
@WITH_NETWORK_TRUE@ cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
@WITH_NETWORK_TRUE@ $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
@WITH_NETWORK_TRUE@ rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
diff --git a/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch b/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch
index bc748bf..9a3d332 100644
--- a/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch
+++ b/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch
@@ -6,15 +6,16 @@ Closes: #636712
Thanks: Luca Capello
+
---
src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
-index 0db9f19..09538a2 100644
+index 28f48bd..ee71bb5 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
-@@ -4044,7 +4044,7 @@ ebiptablesDriverInit(bool privileged)
+@@ -4062,7 +4062,7 @@ ebiptablesDriverInit(bool privileged)
if (virMutexInit(&execCLIMutex) < 0)
return -EINVAL;
diff --git a/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch b/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch
index dd7c889..4e6e239 100644
--- a/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch
+++ b/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch
@@ -5,6 +5,7 @@ Subject: fix Debian specific path to hvm loader
Closes: #517059
+
---
src/xen/xen_hypervisor.c | 2 +-
tests/xencapsdata/xen-i686-pae-hvm.xml | 2 +-
@@ -14,7 +15,7 @@ Closes: #517059
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
-index 4401b68..4817b95 100644
+index b4ec579..5160d53 100644
--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
@@ -2359,7 +2359,7 @@ xenHypervisorBuildCapabilities(virConnectPtr conn,
diff --git a/debian/patches/debian/remove-RHism.diff.patch b/debian/patches/debian/remove-RHism.diff.patch
index aaa2519..e7c4461 100644
--- a/debian/patches/debian/remove-RHism.diff.patch
+++ b/debian/patches/debian/remove-RHism.diff.patch
@@ -4,13 +4,13 @@ Subject: remove-RHism.diff
---
tools/virsh.pod | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
-index c7d5bbd..747832a 100644
+index ef71717..19dde93 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
-@@ -103,7 +103,7 @@ telnet's B<^]> is used.
+@@ -104,7 +104,7 @@ alphabetic character, @, [, ], \, ^, _.
Most B<virsh> operations rely upon the libvirt library being able to
connect to an already running libvirtd service. This can usually be
diff --git a/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch b/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
index 7bbce93..d28d5ce 100644
--- a/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
+++ b/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
@@ -39,10 +39,10 @@ This patch triggers for 'info migration' in reply to 'info migrate' command
to savely detect that the command 'info migrate' is not implemented.
---
src/qemu/qemu_monitor_text.c | 10 +++++++++-
- 1 files changed, 9 insertions(+), 1 deletions(-)
+ 1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
-index 30a0416..631899b 100644
+index 9e2991b..96539b5 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -1654,7 +1654,15 @@ int qemuMonitorTextGetMigrationStatus(qemuMonitorPtr mon,
diff --git a/debian/patches/security/CVE-2012-3445.patch b/debian/patches/security/CVE-2012-3445.patch
new file mode 100644
index 0000000..b69eb39
--- /dev/null
+++ b/debian/patches/security/CVE-2012-3445.patch
@@ -0,0 +1,87 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Wed, 1 Aug 2012 13:11:34 +0200
+Subject: CVE-2012-3445
+
+Patch taken from upstream commit
+6039a2cb49c8af4c68460d2faf365a7e1c686c7b.
+
+---
+ daemon/remote.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 16a8a05..4ece019 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -964,7 +964,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0)
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+ goto no_memory;
+
+ if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1019,7 +1019,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0)
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+ goto no_memory;
+
+ if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1200,7 +1200,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+@@ -1674,7 +1674,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+@@ -1739,7 +1739,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+@@ -1804,7 +1804,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+@@ -2064,7 +2064,7 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED,
+ goto cleanup;
+ }
+
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+@@ -3567,7 +3567,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS
+ virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+ goto cleanup;
+ }
+- if (VIR_ALLOC_N(params, nparams) < 0) {
++ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index eb26336..df1449d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ Don-t-fail-if-we-can-t-setup-avahi.patch
Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
Reduce-udevadm-settle-timeout-to-10-seconds.patch
Include-stdint.h-for-uint32_t.patch
+security/CVE-2012-3445.patch
diff --git a/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch b/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
index 9e2477e..7d38bdc 100644
--- a/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
+++ b/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
@@ -23,13 +23,13 @@ Otherwise this results in crashes like:
#11 main (argc=5, argv=0xbf9c2cd4) at virsh.c:12751
---
tools/virsh.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
+ 1 file changed, 3 insertions(+)
diff --git a/tools/virsh.c b/tools/virsh.c
-index ee6db4c..b3dc21c 100644
+index dd9292a..d798328 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
-@@ -19276,6 +19276,9 @@ vshInit(vshControl *ctl)
+@@ -19560,6 +19560,9 @@ vshInit(vshControl *ctl)
/* set up the signals handlers to catch disconnections */
vshSetupSignals();
--
Libvirt Debian packaging
More information about the Pkg-libvirt-commits
mailing list