Compare commits
5 Commits
libvirt-0_
...
libvirt-0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
4a8ca1017f | ||
|
|
1e122ee5dc | ||
|
|
6a6307bcdc | ||
|
6e8332946a | ||
|
|
982683e56f |
@@ -5,3 +5,4 @@ x86_64
|
||||
libvirt-*.tar.gz
|
||||
libvirt-0.4.6.tar.gz
|
||||
libvirt-0.5.0.tar.gz
|
||||
libvirt-0.5.1.tar.gz
|
||||
|
||||
152
libvirt-0.5.1-read-only-checks.patch
Normal file
152
libvirt-0.5.1-read-only-checks.patch
Normal file
@@ -0,0 +1,152 @@
|
||||
diff --git a/src/libvirt.c b/src/libvirt.c
|
||||
--- a/src/libvirt.c
|
||||
+++ b/src/libvirt.c
|
||||
@@ -2296,6 +2296,16 @@ virDomainMigrate (virDomainPtr domain,
|
||||
conn = domain->conn; /* Source connection. */
|
||||
if (!VIR_IS_CONNECT (dconn)) {
|
||||
virLibConnError (conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (domain->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ if (dconn->flags & VIR_CONNECT_RO) {
|
||||
+ /* NB, delibrately report error against source object, not dest here */
|
||||
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -2426,6 +2436,11 @@ virDomainMigratePrepare (virConnectPtr d
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (dconn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (dconn->driver->domainMigratePrepare)
|
||||
return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
|
||||
uri_in, uri_out,
|
||||
@@ -2457,6 +2472,11 @@ virDomainMigratePerform (virDomainPtr do
|
||||
}
|
||||
conn = domain->conn;
|
||||
|
||||
+ if (domain->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (conn->driver->domainMigratePerform)
|
||||
return conn->driver->domainMigratePerform (domain, cookie, cookielen,
|
||||
uri,
|
||||
@@ -2482,6 +2502,11 @@ virDomainMigrateFinish (virConnectPtr dc
|
||||
|
||||
if (!VIR_IS_CONNECT (dconn)) {
|
||||
virLibConnError (NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (dconn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -2517,6 +2542,11 @@ virDomainMigratePrepare2 (virConnectPtr
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (dconn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (dconn->driver->domainMigratePrepare2)
|
||||
return dconn->driver->domainMigratePrepare2 (dconn, cookie, cookielen,
|
||||
uri_in, uri_out,
|
||||
@@ -2547,6 +2577,11 @@ virDomainMigrateFinish2 (virConnectPtr d
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (dconn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (dconn->driver->domainMigrateFinish2)
|
||||
return dconn->driver->domainMigrateFinish2 (dconn, dname,
|
||||
cookie, cookielen,
|
||||
@@ -2905,6 +2940,11 @@ virDomainBlockPeek (virDomainPtr dom,
|
||||
}
|
||||
conn = dom->conn;
|
||||
|
||||
+ if (dom->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
if (!path) {
|
||||
virLibDomainError (dom, VIR_ERR_INVALID_ARG,
|
||||
_("path is NULL"));
|
||||
@@ -2980,6 +3020,11 @@ virDomainMemoryPeek (virDomainPtr dom,
|
||||
}
|
||||
conn = dom->conn;
|
||||
|
||||
+ if (dom->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
/* Flags must be VIR_MEMORY_VIRTUAL at the moment.
|
||||
*
|
||||
* Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
|
||||
@@ -3246,6 +3291,11 @@ virDomainSetAutostart(virDomainPtr domai
|
||||
}
|
||||
|
||||
conn = domain->conn;
|
||||
+
|
||||
+ if (domain->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return (-1);
|
||||
+ }
|
||||
|
||||
if (conn->driver->domainSetAutostart)
|
||||
return conn->driver->domainSetAutostart (domain, autostart);
|
||||
@@ -4197,6 +4247,11 @@ virNetworkSetAutostart(virNetworkPtr net
|
||||
return (-1);
|
||||
}
|
||||
|
||||
+ if (network->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
conn = network->conn;
|
||||
|
||||
if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
|
||||
@@ -4395,6 +4450,11 @@ virConnectFindStoragePoolSources(virConn
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (conn->storageDriver && conn->storageDriver->findPoolSources)
|
||||
return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
|
||||
|
||||
@@ -5068,6 +5128,11 @@ virStoragePoolSetAutostart(virStoragePoo
|
||||
return (-1);
|
||||
}
|
||||
|
||||
+ if (pool->conn->flags & VIR_CONNECT_RO) {
|
||||
+ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
conn = pool->conn;
|
||||
|
||||
if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
|
||||
19
libvirt.spec
19
libvirt.spec
@@ -21,7 +21,7 @@
|
||||
%define with_xen_proxy 0
|
||||
%endif
|
||||
|
||||
%if "%{fedora}"
|
||||
%if 0%{?fedora}
|
||||
%ifarch ppc64
|
||||
%define with_qemu 0
|
||||
%endif
|
||||
@@ -34,12 +34,13 @@
|
||||
|
||||
Summary: Library providing a simple API virtualization
|
||||
Name: libvirt
|
||||
Version: 0.5.0
|
||||
Release: 1%{?dist}%{?extra_release}
|
||||
Version: 0.5.1
|
||||
Release: 2%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
Source: libvirt-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
Patch0: libvirt-0.5.1-read-only-checks.patch
|
||||
URL: http://libvirt.org/
|
||||
BuildRequires: python python-devel
|
||||
Requires: libxml2
|
||||
@@ -163,6 +164,7 @@ of recent versions of Linux (and other OSes).
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%if ! %{with_xen}
|
||||
@@ -403,6 +405,17 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Dec 17 2008 Daniel Veillard <veillard@redhat.com> - 0.5.1-2.fc11
|
||||
- fix missing read-only access checks, fixes CVE-2008-5086
|
||||
|
||||
* Fri Dec 5 2008 Daniel Veillard <veillard@redhat.com> - 0.5.1-1.fc11
|
||||
- upstream release 0.5.1
|
||||
- mostly bugfixes e.g #473071
|
||||
- some driver improvments
|
||||
|
||||
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.5.0-2
|
||||
- Rebuild for Python 2.6
|
||||
|
||||
* Wed Nov 26 2008 Daniel Veillard <veillard@redhat.com> - 0.5.0-1.fc11
|
||||
- upstream release 0.5.0
|
||||
- domain lifecycle event support
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
Index: python/Makefile.am
|
||||
===================================================================
|
||||
RCS file: /data/cvs/libxen/python/Makefile.am,v
|
||||
retrieving revision 1.13
|
||||
diff -u -p -r1.13 Makefile.am
|
||||
--- python/Makefile.am 5 Feb 2008 19:27:37 -0000 1.13
|
||||
+++ python/Makefile.am 24 Sep 2008 13:21:06 -0000
|
||||
@@ -50,7 +50,7 @@ GENERATED= libvirt-export.c \
|
||||
$(GENERATED): $(srcdir)/$(GENERATE) $(API_DESC)
|
||||
$(PYTHON) $(srcdir)/$(GENERATE) $(srcdir)
|
||||
|
||||
-libvirt.py: $(srcdir)/libvir.py libvirtclass.py
|
||||
+libvirt.py: $(srcdir)/libvir.py $(GENERATED)
|
||||
cat $(srcdir)/libvir.py libvirtclass.py > $@-t
|
||||
mv $@-t $@
|
||||
|
||||
*** python/Makefile.in.orig 2008-09-24 15:19:20.000000000 +0200
|
||||
--- python/Makefile.in 2008-09-24 15:20:07.000000000 +0200
|
||||
*************** uninstall-am: uninstall-local uninstall-
|
||||
*** 1027,1033 ****
|
||||
@WITH_PYTHON_TRUE@$(GENERATED): $(srcdir)/$(GENERATE) $(API_DESC)
|
||||
@WITH_PYTHON_TRUE@ $(PYTHON) $(srcdir)/$(GENERATE) $(srcdir)
|
||||
|
||||
! @WITH_PYTHON_TRUE@libvirt.py: $(srcdir)/libvir.py libvirtclass.py
|
||||
@WITH_PYTHON_TRUE@ cat $(srcdir)/libvir.py libvirtclass.py > $@-t
|
||||
@WITH_PYTHON_TRUE@ mv $@-t $@
|
||||
|
||||
--- 1027,1033 ----
|
||||
@WITH_PYTHON_TRUE@$(GENERATED): $(srcdir)/$(GENERATE) $(API_DESC)
|
||||
@WITH_PYTHON_TRUE@ $(PYTHON) $(srcdir)/$(GENERATE) $(srcdir)
|
||||
|
||||
! @WITH_PYTHON_TRUE@libvirt.py: $(srcdir)/libvir.py $(GENERATED)
|
||||
@WITH_PYTHON_TRUE@ cat $(srcdir)/libvir.py libvirtclass.py > $@-t
|
||||
@WITH_PYTHON_TRUE@ mv $@-t $@
|
||||
|
||||
Reference in New Issue
Block a user