[Pkg-libvirt-commits] [libvirt] 04/09: Revert "Fix CVE-2015-0236"
Guido Guenther
agx at moszumanska.debian.org
Thu Jan 29 10:42:03 UTC 2015
This is an automated email from the git hooks/post-receive script.
agx pushed a commit to branch experimental
in repository libvirt.
commit e6ee3996a18deba1fe2d379e363d24ad6cd0a421
Author: Guido Günther <agx at sigxcpu.org>
Date: Sun Jan 25 13:03:54 2015 +0100
Revert "Fix CVE-2015-0236"
This reverts commit 5d93b9bd0090cfa35c9a8efc3697ec16dc973daa.
Gbp-Dch: Ignore
---
...36-qemu-Check-ACLs-when-dumping-securi-14.patch | 38 ----------------------
...36-qemu-Check-ACLs-when-dumping-security-.patch | 37 ---------------------
debian/patches/series | 2 --
3 files changed, 77 deletions(-)
diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
deleted file mode 100644
index 65aae79..0000000
--- a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Tue, 20 Jan 2015 17:01:01 +0100
-Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from
- snapshots
-
-The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
-appropriate permission for it. Found via code inspection while fixing
-permissions for save images.
----
- src/qemu/qemu_driver.c | 2 +-
- src/remote/remote_protocol.x | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index c9110f0..bc6aae4 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -14406,7 +14406,7 @@ qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
- if (!(vm = qemuDomObjFromSnapshot(snapshot)))
- return NULL;
-
-- if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
-+ if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
- goto cleanup;
-
- if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index 15694fa..c8162a5 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -4489,6 +4489,7 @@ enum remote_procedure {
- * @generate: both
- * @priority: high
- * @acl: domain:read
-+ * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
- */
- REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
-
diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
deleted file mode 100644
index 923a5e9..0000000
--- a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Tue, 20 Jan 2015 17:01:01 +0100
-Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from save
- image
-
-The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
-appropriate permission for it.
----
- src/qemu/qemu_driver.c | 2 +-
- src/remote/remote_protocol.x | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 5994558..c9110f0 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -6031,7 +6031,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
- if (fd < 0)
- goto cleanup;
-
-- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
-+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
- goto cleanup;
-
- ret = qemuDomainDefFormatXML(driver, def, flags);
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index d91fbe0..15694fa 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -4819,6 +4819,7 @@ enum remote_procedure {
- * @generate: both
- * @priority: high
- * @acl: domain:read
-+ * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
- */
- REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
-
diff --git a/debian/patches/series b/debian/patches/series
index dcf614f..86e77c7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,5 +11,3 @@ debian/Debianize-systemd-service-files.patch
Allow-xen-toolstack-to-find-it-s-binaries.patch
Skip-vircgrouptest.patch
debian/Debianize-virtlockd.patch
-security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
-security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git
More information about the Pkg-libvirt-commits
mailing list