[Pkg-libvirt-commits] [libvirt] 04/09: Revert "Fix CVE-2015-0236"

Guido Guenther agx at moszumanska.debian.org
Thu Jan 29 10:42:03 UTC 2015 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to branch experimental
in repository libvirt.

commit e6ee3996a18deba1fe2d379e363d24ad6cd0a421
Author: Guido Günther <agx at sigxcpu.org>
Date:   Sun Jan 25 13:03:54 2015 +0100

    Revert "Fix CVE-2015-0236"
    
    This reverts commit 5d93b9bd0090cfa35c9a8efc3697ec16dc973daa.
    
    Gbp-Dch: Ignore
---
 ...36-qemu-Check-ACLs-when-dumping-securi-14.patch | 38 ----------------------
 ...36-qemu-Check-ACLs-when-dumping-security-.patch | 37 ---------------------
 debian/patches/series                              |  2 --
 3 files changed, 77 deletions(-)

diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
deleted file mode 100644
index 65aae79..0000000
--- a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Tue, 20 Jan 2015 17:01:01 +0100
-Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from
- snapshots
-
-The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
-appropriate permission for it. Found via code inspection while fixing
-permissions for save images.
----
- src/qemu/qemu_driver.c       | 2 +-
- src/remote/remote_protocol.x | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index c9110f0..bc6aae4 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -14406,7 +14406,7 @@ qemuDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
-     if (!(vm = qemuDomObjFromSnapshot(snapshot)))
-         return NULL;
- 
--    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
-+    if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
-         goto cleanup;
- 
-     if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index 15694fa..c8162a5 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -4489,6 +4489,7 @@ enum remote_procedure {
-      * @generate: both
-      * @priority: high
-      * @acl: domain:read
-+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
-      */
-     REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
- 
diff --git a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch b/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
deleted file mode 100644
index 923a5e9..0000000
--- a/debian/patches/security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Tue, 20 Jan 2015 17:01:01 +0100
-Subject: CVE-2015-0236: qemu: Check ACLs when dumping security info from save
- image
-
-The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
-appropriate permission for it.
----
- src/qemu/qemu_driver.c       | 2 +-
- src/remote/remote_protocol.x | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 5994558..c9110f0 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -6031,7 +6031,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
-     if (fd < 0)
-         goto cleanup;
- 
--    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
-+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
-         goto cleanup;
- 
-     ret = qemuDomainDefFormatXML(driver, def, flags);
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index d91fbe0..15694fa 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -4819,6 +4819,7 @@ enum remote_procedure {
-      * @generate: both
-      * @priority: high
-      * @acl: domain:read
-+     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
-      */
-     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
- 
diff --git a/debian/patches/series b/debian/patches/series
index dcf614f..86e77c7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,5 +11,3 @@ debian/Debianize-systemd-service-files.patch
 Allow-xen-toolstack-to-find-it-s-binaries.patch
 Skip-vircgrouptest.patch
 debian/Debianize-virtlockd.patch
-security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-security-.patch
-security/CVE-2015-0236-qemu-Check-ACLs-when-dumping-securi-14.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git

More information about the Pkg-libvirt-commits mailing list