summaryrefslogtreecommitdiffstats
path: root/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
diff options
context:
space:
mode:
authorMark Asselstine <mark.asselstine@windriver.com>2018-06-05 10:01:48 -0400
committerBruce Ashfield <bruce.ashfield@windriver.com>2018-06-05 12:01:01 -0400
commit343b40ba0d44caeb22013a1586ae2159e415bd4c (patch)
tree3c5fdb72c38b060aeefccff3cd85091b5a5421c3 /recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
parent1fd1ff3720140baa3680d795f6d97597e5113e90 (diff)
downloadmeta-virtualization-343b40ba0d44caeb22013a1586ae2159e415bd4c.tar.gz
libvirt: uprev to the latest release, v4.3.0
We have been using the 1.3.x release series for a long time now which has been great for stability but is slowly becoming harder and harder to track and port bug and CVE fixes. This is a big jump to the latest upstream release which gives us access to a myriad of fixes as well as puts us in a better position to contribute to the upstream project when issues are found. Several patches have been dropped as they are either no longer valid against this release or have equivalent updates already applied to the upstream project. Some patches were consolidated which should ease future uprevs of this recipe. The majority of the updates were related to ptest patches, which is not a huge surprise given this code has no upstream equivalent. The overall runtime behavior remains much the same from v1.3.5 with the only notable configuration change being for 'seccomp_sandbox' which has been disabled here but should possibly be revisited in the near future. As usual the normal runtime usecases for qemu/kvm and lxc have been run successfully along with ptest results which are by and large OK: ==================================== Testsuite summary for libvirt 4.3.0 ==================================== # TOTAL: 119 # PASS: 115 # SKIP: 0 # XFAIL: 0 # FAIL: 4 # XPASS: 0 # ERROR: 0 Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch')
-rw-r--r--recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch81
1 files changed, 0 insertions, 81 deletions
diff --git a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch b/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
deleted file mode 100644
index 1d13dd36..00000000
--- a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
+++ /dev/null
@@ -1,81 +0,0 @@
1Upstream-Status: Backport
2
3Backport patch to fix CVE-2016-5008 from:
4
5https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf
6
7Signed-off-by: Kai Kang <kai.kang@windriver.com>
8---
9From f32441c69bf450d6ac593c3acd621c37e120cdaf Mon Sep 17 00:00:00 2001
10From: Jiri Denemark <jdenemar@redhat.com>
11Date: Tue, 28 Jun 2016 14:39:58 +0200
12Subject: [PATCH] qemu: Let empty default VNC password work as documented
13
14CVE-2016-5008
15
16Setting an empty graphics password is documented as a way to disable
17VNC/SPICE access, but QEMU does not always behaves like that. VNC would
18happily accept the empty password. Let's enforce the behavior by setting
19password expiration to "now".
20
21https://bugzilla.redhat.com/show_bug.cgi?id=1180092
22
23Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
24(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)
25---
26 src/qemu/qemu_hotplug.c | 14 +++++++-------
27 1 file changed, 7 insertions(+), 7 deletions(-)
28
29diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
30index 5f12d77..fda28b0 100644
31--- a/src/qemu/qemu_hotplug.c
32+++ b/src/qemu/qemu_hotplug.c
33@@ -3547,6 +3547,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
34 time_t now = time(NULL);
35 char expire_time [64];
36 const char *connected = NULL;
37+ const char *password;
38 int ret = -1;
39 virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
40
41@@ -3554,16 +3555,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
42 ret = 0;
43 goto cleanup;
44 }
45+ password = auth->passwd ? auth->passwd : defaultPasswd;
46
47 if (auth->connected)
48 connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
49
50 if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
51 goto cleanup;
52- ret = qemuMonitorSetPassword(priv->mon,
53- type,
54- auth->passwd ? auth->passwd : defaultPasswd,
55- connected);
56+ ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
57
58 if (ret == -2) {
59 if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
60@@ -3571,14 +3570,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
61 _("Graphics password only supported for VNC"));
62 ret = -1;
63 } else {
64- ret = qemuMonitorSetVNCPassword(priv->mon,
65- auth->passwd ? auth->passwd : defaultPasswd);
66+ ret = qemuMonitorSetVNCPassword(priv->mon, password);
67 }
68 }
69 if (ret != 0)
70 goto end_job;
71
72- if (auth->expires) {
73+ if (password[0] == '\0') {
74+ snprintf(expire_time, sizeof(expire_time), "now");
75+ } else if (auth->expires) {
76 time_t lifetime = auth->validTo - now;
77 if (lifetime <= 0)
78 snprintf(expire_time, sizeof(expire_time), "now");
79--
802.9.0
81
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-30 20:19:02 +0000