2 files changed, 40 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
new file mode 100644
index 00000000..453b02ba
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
@@ -0,0 +1,39 @@
+From 4cc90c2e62df653e909ad31fd810224bf8bcf913 Mon Sep 17 00:00:00 2001
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 20 Mar 2020 09:43:13 -0500
+Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only
+ connections
+This function changes the amount of time that libvirt waits for a
+response from the guest agent for all guest agent commands. Since this
+is a configuration change, it should not be allowed on read-only
+connections.
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Upstream-Status: Backport
+CVE: CVE-2020-10701 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 65813b68cc..a12809c2d5 100644
+--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
+@@ -12576,6 +12576,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
+     virCheckDomainReturn(domain, -1);
+     conn = domain->conn;
+ 
+    virCheckReadOnlyGoto(conn->flags, error);
+
+     if (conn->driver->domainAgentSetResponseTimeout) {
+         if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
+             goto error;
+-- 
+2.25.1
diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb
index f301a0e3..0146c6cb 100644
--- a/recipes-extended/libvirt/libvirt_6.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
           file://0001-build-drop-unnecessary-libgnu.la-reference.patch \
           file://hook_support.py \
           file://gnutls-helper.py \
+           file://CVE-2020-10701.patch \
          "
 SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"

diff --git a/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch new file mode 100644 index 00000000..453b02ba --- /dev/null +++ b/recipes-extended/libvirt/libvirt/CVE-2020-10701.patch
@@ -0,0 +1,39 @@
		1	From 4cc90c2e62df653e909ad31fd810224bf8bcf913 Mon Sep 17 00:00:00 2001
		2	From: Jonathon Jongsma <jjongsma@redhat.com>
		3	Date: Fri, 20 Mar 2020 09:43:13 -0500
		4	Subject: [PATCH] api: disallow virDomainAgentSetResponseTimeout() on read-only
		5	connections
		6
		7	This function changes the amount of time that libvirt waits for a
		8	response from the guest agent for all guest agent commands. Since this
		9	is a configuration change, it should not be allowed on read-only
		10	connections.
		11
		12	Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
		13	Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
		14	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
		15
		16	Upstream-Status: Backport
		17	CVE: CVE-2020-10701
		18	Signed-off-by: Armin Kuster <akuster@mvista.com>
		19
		20	---
		21	src/libvirt-domain.c \| 2 ++
		22	1 file changed, 2 insertions(+)
		23
		24	diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
		25	index 65813b68cc..a12809c2d5 100644
		26	--- a/src/libvirt-domain.c
		27	+++ b/src/libvirt-domain.c
		28	@@ -12576,6 +12576,8 @@ virDomainAgentSetResponseTimeout(virDomainPtr domain,
		29	virCheckDomainReturn(domain, -1);
		30	conn = domain->conn;
		31
		32	+ virCheckReadOnlyGoto(conn->flags, error);
		33	+
		34	if (conn->driver->domainAgentSetResponseTimeout) {
		35	if (conn->driver->domainAgentSetResponseTimeout(domain, timeout, flags) < 0)
		36	goto error;
		37	--
		38	2.25.1
		39


diff --git a/recipes-extended/libvirt/libvirt_6.1.0.bb b/recipes-extended/libvirt/libvirt_6.1.0.bb index f301a0e3..0146c6cb 100644 --- a/recipes-extended/libvirt/libvirt_6.1.0.bb +++ b/recipes-extended/libvirt/libvirt_6.1.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
40	file://0001-build-drop-unnecessary-libgnu.la-reference.patch \	40	file://0001-build-drop-unnecessary-libgnu.la-reference.patch \
41	file://hook_support.py \	41	file://hook_support.py \
42	file://gnutls-helper.py \	42	file://gnutls-helper.py \
		43	file://CVE-2020-10701.patch \
43	"	44	"
44		45
45	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"	46	SRC_URI[libvirt.md5sum] = "a870e63f20fac2ccf98e716d05256145"