[Pkg-libvirt-maintainers] Bug#701649: Fix for stable

Sat Mar 9 18:54:42 UTC 2013

Hi,
sorry for the delay but attached is the diff for the stable update. This
addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
CVE-2013-0170). Is this enough for the security team to issue the DSA?
Let me know if I can help further.
Cheers,
 -- Guido
-------------- next part --------------

diff --git a/debian/README.Debian b/debian/README.Debian
index b8c97e0..02c0a49 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -56,6 +56,9 @@ Access Control
 Access to the libvirt socket is controlled by membership in the "libvirt" group.
 If you want to manage VMs as non root you need to add a user to that group.
 
+System QEMU/KVM processes are run as user and group libvirt-qemu. This can be
+adjusted via /etc/libvirt/qemu.conf.
+
 QEMU/KVM: Dropping Capabilties
 ==============================
 Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up
diff --git a/debian/changelog b/debian/changelog
index bd3ec0d..719b74e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+libvirt (0.8.3-5+squeeze4) stable-security; urgency=low
+
+  * [9d7846f] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
+    instances.  This makes sure we don't chown files to groups possibly used
+    by other programs. (Closes: #701649)
+
+ -- Guido G?nther <agx at sigxcpu.org>  Sat, 09 Mar 2013 17:03:01 +0100
+
+libvirt (0.8.3-5+squeeze3) stable-security; urgency=low
+
+  * [0bbbca1] Add missing return on error path (Closes: #699224)
+
+ -- Guido G?nther <agx at sigxcpu.org>  Fri, 22 Feb 2013 20:32:53 +0100
+
 libvirt (0.8.3-5+squeeze2) stable-security; urgency=low
 
   * [ac67c93] CVE-2011-1486: Make error reporting in libvirtd thread safe
diff --git a/debian/libvirt-bin.NEWS b/debian/libvirt-bin.NEWS
index ee32190..c6c40f6 100644
--- a/debian/libvirt-bin.NEWS
+++ b/debian/libvirt-bin.NEWS
@@ -1,3 +1,12 @@
+libvirt (0.8.3-5+squeeze4) experimental; urgency=low
+
+  For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This
+  makes sure image files and volumes aren't accessible by users in the more
+  general and previously used kvm group. To change this behaviour adjust the
+  group option in /etc/libvirt/qemu.conf.
+
+ -- Guido G?nther <agx at sigxcpu.org>  Tue, 26 Feb 2013 06:30:48 +0100
+
 libvirt (0.8.3-2) unstable; urgency=low
 
   Disk format probing is disabled now by default for security reasons
diff --git a/debian/libvirt-bin.postinst b/debian/libvirt-bin.postinst
index ea85ad2..fed481b 100644
--- a/debian/libvirt-bin.postinst
+++ b/debian/libvirt-bin.postinst
@@ -17,17 +17,16 @@ set -e
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 
-
 case "$1" in
     configure)
     	if ! getent group libvirt >/dev/null; then
     		addgroup --system libvirt
 	fi
 
-	# user and group libvirt runs qemu/kvm instances with
 	if ! getent group kvm >/dev/null; then
 		addgroup --quiet --system kvm
 	fi
+	# user and group libvirt runs qemu/kvm instances with
 	if ! getent passwd libvirt-qemu >/dev/null; then
 		adduser --quiet \
 			--system \
@@ -40,6 +39,10 @@ case "$1" in
 			-gecos "Libvirt Qemu" \
 			libvirt-qemu
 	fi
+	if ! getent group libvirt-qemu >/dev/null; then
+		addgroup --quiet --system libvirt-qemu
+		adduser libvirt-qemu libvirt-qemu
+	fi
 
 	# libvirt from 0.6.0 on is safe to restart with running vms:
 	if [ -n "$2" ] &&  dpkg --compare-versions "$2" ge 0.6.0; then
diff --git a/debian/libvirt-bin.postrm b/debian/libvirt-bin.postrm
index d6e9b99..086fda3 100644
--- a/debian/libvirt-bin.postrm
+++ b/debian/libvirt-bin.postrm
@@ -24,7 +24,14 @@ case "$1" in
     	if getent group libvirt >/dev/null; then
     		delgroup libvirt || true
 	fi
-	
+
+    	if getent passwd libvirt-qemu >/dev/null; then
+    		deluser libvirt-qemu || true
+	fi
+
+    	if getent group libvirt-qemu >/dev/null; then
+    		delgroup libvirt-qemu || true
+	fi
     ;;
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
     ;;
diff --git a/debian/patches/0016-Add-missing-return-on-error-path.patch b/debian/patches/0016-Add-missing-return-on-error-path.patch
new file mode 100644
index 0000000..2da0deb
--- /dev/null
+++ b/debian/patches/0016-Add-missing-return-on-error-path.patch
@@ -0,0 +1,20 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Fri, 22 Feb 2013 20:06:25 +0100
+Subject: Add missing return on error path
+
+---
+ daemon/libvirtd.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
+index 711360b..9b88aac 100644
+--- a/daemon/libvirtd.c
++++ b/daemon/libvirtd.c
+@@ -1820,6 +1820,7 @@ readmore:
+         if (remoteDecodeClientMessageHeader(msg) < 0) {
+             VIR_FREE(msg);
+             qemudDispatchClientFailure(client);
++            return;
+         }
+ 
+         /* Check if any filters match this message */
diff --git a/debian/patches/series b/debian/patches/series
index e98d06b..1c3ce85 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@
 security/0013-Add-missing-checks-for-read-only-connections.patch
 security/0014-Make-error-reporting-in-libvirtd-thread-safe.patch
 security/0015-Fix-integer-overflow-in-VirDomainGetVcpus.patch
+0016-Add-missing-return-on-error-path.patch
diff --git a/debian/rules b/debian/rules
index 159797d..63559e5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,7 +25,7 @@ DEB_CONFIGURE_EXTRA_FLAGS :=     \
 	--disable-rpath          \
 	--with-qemu              \
 	--with-qemu-user=libvirt-qemu  \
-	--with-qemu-group=kvm    \
+	--with-qemu-group=libvirt-qemu \
 	--with-openvz            \
 	--with-avahi             \
 	--with-sasl              \
