Security fix for CVE-2013-1962. Fixes #1892

author: Leonardo Arena <rnalrd@alpinelinux.org> 2013-05-17 07:03:25 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2013-05-17 07:04:18 +0000
commit: 4628047e00483e7cd428cfe876de11334905df70 (patch)
tree: 7bf00a719b41735f40c1d6a3554f4e42a8686676
parent: b05d0f7c6103d70d11b5e1cef74c8e7011541d14 (diff)
download: alpine_aports-4628047e00483e7cd428cfe876de11334905df70.tar.bz2
alpine_aports-4628047e00483e7cd428cfe876de11334905df70.tar.xz
alpine_aports-4628047e00483e7cd428cfe876de11334905df70.zip
2 files changed, 41 insertions, 4 deletions
diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD
index 17267345ad..e1cca4fbd7 100644
--- a/main/libvirt/APKBUILD
+++ b/main/libvirt/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=libvirt
 pkgver=1.0.5
 _ver="${pkgver/_rc/-rc}"
-pkgrel=0
+pkgrel=1
 pkgdesc="A virtualization API for several hypervisor and container systems"
 url="http://libvirt.org/"
 arch="all"
@@ -20,6 +20,7 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz
        libvirt.confd
        libvirt.initd
        uclibc-physmem.patch
+        remoteDispatchStoragePoolListAllVolumes.patch
        "
 if [ "$ALPINE_LIBC" != "eglibc" ]; then
@@ -142,12 +143,15 @@ uml() {
 md5sums="91c4145f49bcf92e89470fa3fb28fff6  libvirt-1.0.5.tar.gz
 1c84a7baeafe0a7f4e9d7ae5180311b7  libvirt.confd
 d897df38c7e7fa1a297aa551108633c9  libvirt.initd
-df9cbfaf8a6e520a4822914a300add4d  uclibc-physmem.patch"
+df9cbfaf8a6e520a4822914a300add4d  uclibc-physmem.patch
+25d31e5965f90ac8c50483305d5f3d12  remoteDispatchStoragePoolListAllVolumes.patch"
 sha256sums="337f1cd6611462b6e3cdf94541c49477df678074321fb7923274e4e30398209f  libvirt-1.0.5.tar.gz
 851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1  libvirt.confd
 e9fad203434ffaa6afe524e42a9fb6594edad61cb02b1ca60a68d1a7fe0c31ab  libvirt.initd
-807005a8669b7396c9af43ddb2534bb0f073f1e97a5c8b1d9eefc1949f3c2df8  uclibc-physmem.patch"
+807005a8669b7396c9af43ddb2534bb0f073f1e97a5c8b1d9eefc1949f3c2df8  uclibc-physmem.patch
+de912a18bcf62a11b4c7e25c13f42d3f10d5f6597bd2787cb20a97b7af39dfc0  remoteDispatchStoragePoolListAllVolumes.patch"
 sha512sums="ee069f6047bad26b59cc14f7811725801d96525e7943e7abc31d33d256c77ae6024cf5ff841af9441a6853a3c24ba6aa5e0f437dcf2c5b2cfe860364b01719fc  libvirt-1.0.5.tar.gz
 9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc  libvirt.confd
 f48c97f93ef4509a86eda6200b3aae5b2c0c6263403bde933b770fd62240dca27bc439bd29b440ea6a47c8337f8b4511230ed915cb5ff54d9a1cf311863f6fa1  libvirt.initd
-4c885e72dcb11f8523a267917315d4874812eee289fb00075334c1728d0da9bd0e5db6c52d6e3c39bd3fe66d5ccadf9e26ec9dcaa855397e211b9bd1173ac72d  uclibc-physmem.patch"
+4c885e72dcb11f8523a267917315d4874812eee289fb00075334c1728d0da9bd0e5db6c52d6e3c39bd3fe66d5ccadf9e26ec9dcaa855397e211b9bd1173ac72d  uclibc-physmem.patch
+cd31b3a68fe29f7e506068806f2854902319d0fd4506c02da39a8e4d29eec7fd18a7a4ea2ee85be64ef3795cb199446ad0d2f342d5e7995bb48f0a4cd7ec925a  remoteDispatchStoragePoolListAllVolumes.patch"
diff --git a/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch b/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch
new file mode 100644
index 0000000000..86de595dfd
--- /dev/null
+++ b/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch
@@ -0,0 +1,33 @@
+From 08e817e91f44f947f8945115302100500b51ae22 Mon Sep 17 00:00:00 2001
+Message-Id: <08e817e91f44f947f8945115302100500b51ae22.1366126535.git.jtomko@redhat.com>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 12 Apr 2013 17:30:56 +0200
+Subject: [PATCH] daemon: fix leak after listing all volumes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
+The pool also held a reference to the connection, preventing it from
+getting freed and closing the netcf interface driver, which held two
+sockets open.
+---
+ daemon/remote.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 45c50f3..37f998f 100644
+--- a/daemon/remote.c
+++ b/daemon/remote.c
+@@ -4229,6 +4229,8 @@ cleanup:
+             virStorageVolFree(vols[i]);
+         VIR_FREE(vols);
+     }
+    if (pool)
+        virStoragePoolFree(pool);
+     return rv;
+ }
+ 
+-- 
+1.8.1.5
author	Leonardo Arena <rnalrd@alpinelinux.org>	2013-05-17 07:03:25 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2013-05-17 07:04:18 +0000
commit	4628047e00483e7cd428cfe876de11334905df70 (patch)
tree	7bf00a719b41735f40c1d6a3554f4e42a8686676
parent	b05d0f7c6103d70d11b5e1cef74c8e7011541d14 (diff)
download	alpine_aports-4628047e00483e7cd428cfe876de11334905df70.tar.bz2 alpine_aports-4628047e00483e7cd428cfe876de11334905df70.tar.xz alpine_aports-4628047e00483e7cd428cfe876de11334905df70.zip

diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD index 17267345ad..e1cca4fbd7 100644 --- a/main/libvirt/APKBUILD +++ b/main/libvirt/APKBUILD
@@ -2,7 +2,7 @@
2	pkgname=libvirt	2	pkgname=libvirt
3	pkgver=1.0.5	3	pkgver=1.0.5
4	_ver="${pkgver/_rc/-rc}"	4	_ver="${pkgver/_rc/-rc}"
5	pkgrel=0	5	pkgrel=1
6	pkgdesc="A virtualization API for several hypervisor and container systems"	6	pkgdesc="A virtualization API for several hypervisor and container systems"
7	url="http://libvirt.org/"	7	url="http://libvirt.org/"
8	arch="all"	8	arch="all"
@@ -20,6 +20,7 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz
20	libvirt.confd	20	libvirt.confd
21	libvirt.initd	21	libvirt.initd
22	uclibc-physmem.patch	22	uclibc-physmem.patch
		23	remoteDispatchStoragePoolListAllVolumes.patch
23	"	24	"
24		25
25	if [ "$ALPINE_LIBC" != "eglibc" ]; then	26	if [ "$ALPINE_LIBC" != "eglibc" ]; then
@@ -142,12 +143,15 @@ uml() {
142	md5sums="91c4145f49bcf92e89470fa3fb28fff6 libvirt-1.0.5.tar.gz	143	md5sums="91c4145f49bcf92e89470fa3fb28fff6 libvirt-1.0.5.tar.gz
143	1c84a7baeafe0a7f4e9d7ae5180311b7 libvirt.confd	144	1c84a7baeafe0a7f4e9d7ae5180311b7 libvirt.confd
144	d897df38c7e7fa1a297aa551108633c9 libvirt.initd	145	d897df38c7e7fa1a297aa551108633c9 libvirt.initd
145	df9cbfaf8a6e520a4822914a300add4d uclibc-physmem.patch"	146	df9cbfaf8a6e520a4822914a300add4d uclibc-physmem.patch
		147	25d31e5965f90ac8c50483305d5f3d12 remoteDispatchStoragePoolListAllVolumes.patch"
146	sha256sums="337f1cd6611462b6e3cdf94541c49477df678074321fb7923274e4e30398209f libvirt-1.0.5.tar.gz	148	sha256sums="337f1cd6611462b6e3cdf94541c49477df678074321fb7923274e4e30398209f libvirt-1.0.5.tar.gz
147	851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1 libvirt.confd	149	851ab3f9678f0fa9c3ee03f7fc7bd00c4ee86d5f0777eecf9eb1ffe3243adfd1 libvirt.confd
148	e9fad203434ffaa6afe524e42a9fb6594edad61cb02b1ca60a68d1a7fe0c31ab libvirt.initd	150	e9fad203434ffaa6afe524e42a9fb6594edad61cb02b1ca60a68d1a7fe0c31ab libvirt.initd
149	807005a8669b7396c9af43ddb2534bb0f073f1e97a5c8b1d9eefc1949f3c2df8 uclibc-physmem.patch"	151	807005a8669b7396c9af43ddb2534bb0f073f1e97a5c8b1d9eefc1949f3c2df8 uclibc-physmem.patch
		152	de912a18bcf62a11b4c7e25c13f42d3f10d5f6597bd2787cb20a97b7af39dfc0 remoteDispatchStoragePoolListAllVolumes.patch"
150	sha512sums="ee069f6047bad26b59cc14f7811725801d96525e7943e7abc31d33d256c77ae6024cf5ff841af9441a6853a3c24ba6aa5e0f437dcf2c5b2cfe860364b01719fc libvirt-1.0.5.tar.gz	153	sha512sums="ee069f6047bad26b59cc14f7811725801d96525e7943e7abc31d33d256c77ae6024cf5ff841af9441a6853a3c24ba6aa5e0f437dcf2c5b2cfe860364b01719fc libvirt-1.0.5.tar.gz
151	9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc libvirt.confd	154	9aba6ab73219a635c64a340ee8887356e644445c9128734cbce73f5d54778378da2f10a190365ad88a7db8bc95b1fb17f0c6ca41fc41bb786c09e1afe84d65dc libvirt.confd
152	f48c97f93ef4509a86eda6200b3aae5b2c0c6263403bde933b770fd62240dca27bc439bd29b440ea6a47c8337f8b4511230ed915cb5ff54d9a1cf311863f6fa1 libvirt.initd	155	f48c97f93ef4509a86eda6200b3aae5b2c0c6263403bde933b770fd62240dca27bc439bd29b440ea6a47c8337f8b4511230ed915cb5ff54d9a1cf311863f6fa1 libvirt.initd
153	4c885e72dcb11f8523a267917315d4874812eee289fb00075334c1728d0da9bd0e5db6c52d6e3c39bd3fe66d5ccadf9e26ec9dcaa855397e211b9bd1173ac72d uclibc-physmem.patch"	156	4c885e72dcb11f8523a267917315d4874812eee289fb00075334c1728d0da9bd0e5db6c52d6e3c39bd3fe66d5ccadf9e26ec9dcaa855397e211b9bd1173ac72d uclibc-physmem.patch
		157	cd31b3a68fe29f7e506068806f2854902319d0fd4506c02da39a8e4d29eec7fd18a7a4ea2ee85be64ef3795cb199446ad0d2f342d5e7995bb48f0a4cd7ec925a remoteDispatchStoragePoolListAllVolumes.patch"


diff --git a/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch b/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch new file mode 100644 index 0000000000..86de595dfd --- /dev/null +++ b/main/libvirt/remoteDispatchStoragePoolListAllVolumes.patch
@@ -0,0 +1,33 @@
		1	From 08e817e91f44f947f8945115302100500b51ae22 Mon Sep 17 00:00:00 2001
		2	Message-Id: <08e817e91f44f947f8945115302100500b51ae22.1366126535.git.jtomko@redhat.com>
		3	From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
		4	Date: Fri, 12 Apr 2013 17:30:56 +0200
		5	Subject: [PATCH] daemon: fix leak after listing all volumes
		6	MIME-Version: 1.0
		7	Content-Type: text/plain; charset=utf-8
		8	Content-Transfer-Encoding: 8bit
		9
		10	remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
		11	The pool also held a reference to the connection, preventing it from
		12	getting freed and closing the netcf interface driver, which held two
		13	sockets open.
		14	---
		15	daemon/remote.c \| 2 ++
		16	1 file changed, 2 insertions(+)
		17
		18	diff --git a/daemon/remote.c b/daemon/remote.c
		19	index 45c50f3..37f998f 100644
		20	--- a/daemon/remote.c
		21	+++ b/daemon/remote.c
		22	@@ -4229,6 +4229,8 @@ cleanup:
		23	virStorageVolFree(vols[i]);
		24	VIR_FREE(vols);
		25	}
		26	+ if (pool)
		27	+ virStoragePoolFree(pool);
		28	return rv;
		29	}
		30
		31	--
		32	1.8.1.5
		33