libvirt: Security fix for CVE-2020-10701

Source: https://libvirt.org/git/libvirt.git MR: 110898 Type: Security Fix Disposition: Backport from https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 ChangeID: 73bff4861d76b0674547ead4d4b251b60705bb8c Description: Affect libvirt < 6.2.0 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Armin Kuster <akuster@mvista.com> 2021-09-16 14:23:03 -0700
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2021-09-16 18:21:32 -0400
commit: 1c80e22533e69e2d098c726fb9280b652237d7b6 (patch)
tree: 51a9ab25fb97175e764fe752730ca105ae10d655
parent: edf199817cb07a720bab1bd6be9d5ab4409c4670 (diff)
download: meta-virtualization-1c80e22533e69e2d098c726fb9280b652237d7b6.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
new file mode 100644
index 00000000..453b02ba
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
@@ -0,0 +1,39 @@
+From 4cc90c2e62df653e909ad31fd810224bf8bcf913 Mon Sep 17 00:00:00 2001
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 20 Mar 2020 09:43:13 -0500
+Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only
+ connections
+This function changes the amount of time that libvirt waits for a
+response from the guest agent for all guest agent commands. Since this
+is a configuration change, it should not be allowed on read-only
+connections.
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Upstream-Status: Backport
+CVE: CVE-2020-10701 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 65813b68cc..a12809c2d5 100644
+--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
+@@ -12576,6 +12576,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
+     virCheckDomainReturn(domain, -1);
+     conn = domain->conn;
+ 
+    virCheckReadOnlyGoto(conn->flags, error);
+
+     if (conn->driver->domainAgentSetResponseTimeout) {
+         if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
+             goto error;
+-- 
+2.25.1
diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb
index f301a0e3..0146c6cb 100644
--- a/recipes-extended/libvirt/libvirt_6.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
           file://0001-build-drop-unnecessary-libgnu.la-reference.patch \
           file://hook_support.py \
           file://gnutls-helper.py \
+           file://CVE-2020-10701.patch \
          "
 SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"
author	Armin Kuster <akuster@mvista.com>	2021-09-16 14:23:03 -0700
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2021-09-16 18:21:32 -0400
commit	1c80e22533e69e2d098c726fb9280b652237d7b6 (patch)
tree	51a9ab25fb97175e764fe752730ca105ae10d655
parent	edf199817cb07a720bab1bd6be9d5ab4409c4670 (diff)
download	meta-virtualization-1c80e22533e69e2d098c726fb9280b652237d7b6.tar.gz

diff --git a/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch new file mode 100644 index 00000000..453b02ba --- /dev/null +++ b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
@@ -0,0 +1,39 @@
		1	From 4cc90c2e62df653e909ad31fd810224bf8bcf913 Mon Sep 17 00:00:00 2001
		2	From: Jonathon Jongsma <jjongsma@redhat.com>
		3	Date: Fri, 20 Mar 2020 09:43:13 -0500
		4	Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only
		5	connections
		6
		7	This function changes the amount of time that libvirt waits for a
		8	response from the guest agent for all guest agent commands. Since this
		9	is a configuration change, it should not be allowed on read-only
		10	connections.
		11
		12	Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
		13	Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
		14	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
		15
		16	Upstream-Status: Backport
		17	CVE: CVE-2020-10701
		18	Signed-off-by: Armin Kuster <akuster@mvista.com>
		19
		20	---
		21	src/libvirt-domain.c \| 2 ++
		22	1 file changed, 2 insertions(+)
		23
		24	diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
		25	index 65813b68cc..a12809c2d5 100644
		26	--- a/src/libvirt-domain.c
		27	+++ b/src/libvirt-domain.c
		28	@@ -12576,6 +12576,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
		29	virCheckDomainReturn(domain, -1);
		30	conn = domain->conn;
		31
		32	+ virCheckReadOnlyGoto(conn->flags, error);
		33	+
		34	if (conn->driver->domainAgentSetResponseTimeout) {
		35	if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
		36	goto error;
		37	--
		38	2.25.1
		39


diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb index f301a0e3..0146c6cb 100644 --- a/recipes-extended/libvirt/libvirt_6.1.0.bb +++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
40	file://0001-build-drop-unnecessary-libgnu.la-reference.patch \	40	file://0001-build-drop-unnecessary-libgnu.la-reference.patch \
41	file://hook_support.py \	41	file://hook_support.py \
42	file://gnutls-helper.py \	42	file://gnutls-helper.py \
		43	file://CVE-2020-10701.patch \
43	"	44	"
44		45
45	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"	46	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"