1 files changed, 0 insertions, 81 deletions
diff --git a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch b/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
deleted file mode 100644
index 1d13dd36..00000000
--- a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Upstream-Status: Backport
-Backport patch to fix CVE-2016-5008 from:
-https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
-From f32441c69bf450d6ac593c3acd621c37e120cdaf Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Tue, 28 Jun 2016 14:39:58 +0200
-Subject: [PATCH] qemu: Let empty default VNC password work as documented
-CVE-2016-5008
-Setting an empty graphics password is documented as a way to disable
-VNC/SPICE access, but QEMU does not always behaves like that. VNC would
-happily accept the empty password. Let's enforce the behavior by setting
-password expiration to "now".
-https://bugzilla.redhat.com/show_bug.cgi?id=1180092
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)
---
- src/qemu/qemu_hotplug.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
-index 5f12d77..fda28b0 100644
--- a/src/qemu/qemu_hotplug.c
-+++ b/src/qemu/qemu_hotplug.c
-@@ -3547,6 +3547,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
-     time_t now = time(NULL);
-     char expire_time [64];
-     const char *connected = NULL;
-+    const char *password;
-     int ret = -1;
-     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
- 
-@@ -3554,16 +3555,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
-         ret = 0;
-         goto cleanup;
-     }
-+    password = auth->passwd ? auth->passwd : defaultPasswd;
- 
-     if (auth->connected)
-         connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
- 
-     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
-         goto cleanup;
-    ret = qemuMonitorSetPassword(priv->mon,
-                                 type,
-                                 auth->passwd ? auth->passwd : defaultPasswd,
-                                 connected);
-+    ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
- 
-     if (ret == -2) {
-         if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
-@@ -3571,14 +3570,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
-                            _("Graphics password only supported for VNC"));
-             ret = -1;
-         } else {
-            ret = qemuMonitorSetVNCPassword(priv->mon,
-                                            auth->passwd ? auth->passwd : defaultPasswd);
-+            ret = qemuMonitorSetVNCPassword(priv->mon, password);
-         }
-     }
-     if (ret != 0)
-         goto end_job;
- 
-    if (auth->expires) {
-+    if (password[0] == '\0') {
-+        snprintf(expire_time, sizeof(expire_time), "now");
-+    } else if (auth->expires) {
-         time_t lifetime = auth->validTo - now;
-         if (lifetime <= 0)
-             snprintf(expire_time, sizeof(expire_time), "now");
-- 
-2.9.0

diff --git a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch b/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch deleted file mode 100644 index 1d13dd36..00000000 --- a/recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch +++ /dev/null
@@ -1,81 +0,0 @@
1	Upstream-Status: Backport
2
3	Backport patch to fix CVE-2016-5008 from:
4
5	https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf
6
7	Signed-off-by: Kai Kang <kai.kang@windriver.com>
8	---
9	From f32441c69bf450d6ac593c3acd621c37e120cdaf Mon Sep 17 00:00:00 2001
10	From: Jiri Denemark <jdenemar@redhat.com>
11	Date: Tue, 28 Jun 2016 14:39:58 +0200
12	Subject: [PATCH] qemu: Let empty default VNC password work as documented
13
14	CVE-2016-5008
15
16	Setting an empty graphics password is documented as a way to disable
17	VNC/SPICE access, but QEMU does not always behaves like that. VNC would
18	happily accept the empty password. Let's enforce the behavior by setting
19	password expiration to "now".
20
21	https://bugzilla.redhat.com/show_bug.cgi?id=1180092
22
23	Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
24	(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)
25	---
26	src/qemu/qemu_hotplug.c \| 14 +++++++-------
27	1 file changed, 7 insertions(+), 7 deletions(-)
28
29	diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
30	index 5f12d77..fda28b0 100644
31	--- a/src/qemu/qemu_hotplug.c
32	+++ b/src/qemu/qemu_hotplug.c
33	@@ -3547,6 +3547,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
34	time_t now = time(NULL);
35	char expire_time [64];
36	const char *connected = NULL;
37	+ const char *password;
38	int ret = -1;
39	virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
40
41	@@ -3554,16 +3555,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
42	ret = 0;
43	goto cleanup;
44	}
45	+ password = auth->passwd ? auth->passwd : defaultPasswd;
46
47	if (auth->connected)
48	connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
49
50	if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
51	goto cleanup;
52	- ret = qemuMonitorSetPassword(priv->mon,
53	- type,
54	- auth->passwd ? auth->passwd : defaultPasswd,
55	- connected);
56	+ ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
57
58	if (ret == -2) {
59	if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
60	@@ -3571,14 +3570,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
61	_("Graphics password only supported for VNC"));
62	ret = -1;
63	} else {
64	- ret = qemuMonitorSetVNCPassword(priv->mon,
65	- auth->passwd ? auth->passwd : defaultPasswd);
66	+ ret = qemuMonitorSetVNCPassword(priv->mon, password);
67	}
68	}
69	if (ret != 0)
70	goto end_job;
71
72	- if (auth->expires) {
73	+ if (password[0] == '\0') {
74	+ snprintf(expire_time, sizeof(expire_time), "now");
75	+ } else if (auth->expires) {
76	time_t lifetime = auth->validTo - now;
77	if (lifetime <= 0)
78	snprintf(expire_time, sizeof(expire_time), "now");
79	--
80	2.9.0
81