Bug#683589: marked as done (unblock: libvirt/0.9.12-4)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 02 Aug 2012 08:35:27 +0100
with message-id <f345236f3595a6e154c3cf120efb9e8e@mail.adsl.funky-badger.org>
and subject line Re: Bug#683589: unblock: libvirt/0.9.12-4
has caused the Debian Bug report #683589,
regarding unblock: libvirt/0.9.12-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
683589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683589
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: libvirt/0.9.12-4
• From: Guido Günther <agx@sigxcpu.org>
• Date: Thu, 2 Aug 2012 08:52:26 +0200
• Message-id: <[🔎] 20120802065225.GA3183@bogon.sigxcpu.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libvirt

It fixes CVE-2012-3445 (#683483). Debdiff attached.

unblock libvirt/0.9.12-4

Cheers,
 -- Guido

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru libvirt-0.9.12/debian/changelog libvirt-0.9.12/debian/changelog
--- libvirt-0.9.12/debian/changelog	2012-06-20 08:24:44.000000000 +0200
+++ libvirt-0.9.12/debian/changelog	2012-08-01 21:12:20.000000000 +0200
@@ -1,3 +1,10 @@
+libvirt (0.9.12-4) unstable; urgency=low
+
+  * [80ac2a6] Fix CVE-2012-3445 with upstream commit
+    6039a2cb49c8af4c68460d2faf365a7e1c686c7b (Closes: #683483)
+
+ -- Guido Günther <agx@sigxcpu.org>  Wed, 01 Aug 2012 21:12:13 +0200
+
 libvirt (0.9.12-3) unstable; urgency=low
 
   * [6b610b6] Include stdint.h for uint32_t to fix the build on kFreeBSD
diff -Nru libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch
--- libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch	2012-08-01 21:11:17.000000000 +0200
@@ -1,6 +1,3 @@
-Message-Id: <b3b5bf1ad7c56d826426b7f7974117ef5b2590e4.1336929172.git.agx@sigxcpu.org>
-In-Reply-To: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx@sigxcpu.org>
-References: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx@sigxcpu.org>
 From: Guido Guenther <agx@sigxcpu.org>
 Date: Thu, 26 Jun 2008 20:01:38 +0200
 Subject: Allow libvirt group to access the socket
diff -Nru libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch
--- libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,6 +5,7 @@
 Origin: vendor
 
 
+
 ---
  tools/libvirt-guests.init.sh |   41 +++++++++++++----------------------------
  tools/libvirt-guests.sysconf |    4 ++--
diff -Nru libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
--- libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,16 +5,17 @@
 to not interfere with existing network configurations
 
 
+
 ---
  src/Makefile.am |    3 ---
  src/Makefile.in |    3 ---
- 2 files changed, 0 insertions(+), 6 deletions(-)
+ 2 files changed, 6 deletions(-)
 
 diff --git a/src/Makefile.am b/src/Makefile.am
-index a2aae9d..6860e21 100644
+index 0dadc29..998fd78 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -1622,9 +1622,6 @@ if WITH_NETWORK
+@@ -1625,9 +1625,6 @@ if WITH_NETWORK
  	    cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
  	      $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
  	    rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
@@ -25,10 +26,10 @@
  
  uninstall-local::
 diff --git a/src/Makefile.in b/src/Makefile.in
-index 26b9dce..34c96a8 100644
+index 209e118..90598de 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -7423,9 +7423,6 @@ install-data-local:
+@@ -7486,9 +7486,6 @@ install-data-local:
  @WITH_NETWORK_TRUE@	    cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
  @WITH_NETWORK_TRUE@	      $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
  @WITH_NETWORK_TRUE@	    rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
diff -Nru libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch
--- libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch	2012-08-01 21:11:17.000000000 +0200
@@ -6,15 +6,16 @@
 Thanks: Luca Capello
 
 
+
 ---
  src/nwfilter/nwfilter_ebiptables_driver.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
-index 0db9f19..09538a2 100644
+index 28f48bd..ee71bb5 100644
 --- a/src/nwfilter/nwfilter_ebiptables_driver.c
 +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
-@@ -4044,7 +4044,7 @@ ebiptablesDriverInit(bool privileged)
+@@ -4062,7 +4062,7 @@ ebiptablesDriverInit(bool privileged)
      if (virMutexInit(&execCLIMutex) < 0)
          return -EINVAL;
  
diff -Nru libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch
--- libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,6 +5,7 @@
 Closes: #517059
 
 
+
 ---
  src/xen/xen_hypervisor.c               |    2 +-
  tests/xencapsdata/xen-i686-pae-hvm.xml |    2 +-
@@ -14,7 +15,7 @@
  5 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
-index 4401b68..4817b95 100644
+index b4ec579..5160d53 100644
 --- a/src/xen/xen_hypervisor.c
 +++ b/src/xen/xen_hypervisor.c
 @@ -2359,7 +2359,7 @@ xenHypervisorBuildCapabilities(virConnectPtr conn,
diff -Nru libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch
--- libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch	2012-08-01 21:11:17.000000000 +0200
@@ -4,13 +4,13 @@
 
 ---
  tools/virsh.pod |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/tools/virsh.pod b/tools/virsh.pod
-index c7d5bbd..747832a 100644
+index ef71717..19dde93 100644
 --- a/tools/virsh.pod
 +++ b/tools/virsh.pod
-@@ -103,7 +103,7 @@ telnet's B<^]> is used.
+@@ -104,7 +104,7 @@ alphabetic character, @, [, ], \, ^, _.
  
  Most B<virsh> operations rely upon the libvirt library being able to
  connect to an already running libvirtd service.  This can usually be
diff -Nru libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch
--- libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,10 +5,10 @@
 until we debugged the interaction with pbuilder
 ---
  tests/virnetsockettest.c |    2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
+ 1 file changed, 2 insertions(+)
 
 diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
-index 44d6f65..bcfcbd3 100644
+index 204113e..f025f52 100644
 --- a/tests/virnetsockettest.c
 +++ b/tests/virnetsockettest.c
 @@ -491,10 +491,12 @@ mymain(void)
diff -Nru libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
--- libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch	2012-08-01 21:11:17.000000000 +0200
@@ -7,7 +7,7 @@
 Issue reported upstresm.
 ---
  gnulib/tests/test-nonblocking-pipe.sh |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
+ 1 file changed, 4 insertions(+)
 
 diff --git a/gnulib/tests/test-nonblocking-pipe.sh b/gnulib/tests/test-nonblocking-pipe.sh
 index dd692be..9690791 100755
diff -Nru libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
--- libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch	2012-08-01 21:11:17.000000000 +0200
@@ -4,13 +4,13 @@
 
 ---
  src/rpc/virnetserver.c |    5 ++---
- 1 files changed, 2 insertions(+), 3 deletions(-)
+ 1 file changed, 2 insertions(+), 3 deletions(-)
 
 diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
-index f761e6b..ab6d112 100644
+index ae19e84..33dc807 100644
 --- a/src/rpc/virnetserver.c
 +++ b/src/rpc/virnetserver.c
-@@ -695,9 +695,8 @@ void virNetServerRun(virNetServerPtr srv)
+@@ -672,9 +672,8 @@ void virNetServerRun(virNetServerPtr srv)
      virNetServerLock(srv);
  
  #if HAVE_AVAHI
diff -Nru libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
--- libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch	2012-08-01 21:11:17.000000000 +0200
@@ -39,10 +39,10 @@
 to savely detect that the command 'info migrate' is not implemented.
 ---
  src/qemu/qemu_monitor_text.c |   10 +++++++++-
- 1 files changed, 9 insertions(+), 1 deletions(-)
+ 1 file changed, 9 insertions(+), 1 deletion(-)
 
 diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
-index 30a0416..631899b 100644
+index 9e2991b..96539b5 100644
 --- a/src/qemu/qemu_monitor_text.c
 +++ b/src/qemu/qemu_monitor_text.c
 @@ -1654,7 +1654,15 @@ int qemuMonitorTextGetMigrationStatus(qemuMonitorPtr mon,
diff -Nru libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch
--- libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch	2012-08-01 21:11:17.000000000 +0200
@@ -0,0 +1,87 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Wed, 1 Aug 2012 13:11:34 +0200
+Subject: CVE-2012-3445
+
+Patch taken from upstream commit
+6039a2cb49c8af4c68460d2faf365a7e1c686c7b.
+
+---
+ daemon/remote.c |   16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 16a8a05..4ece019 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -964,7 +964,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0)
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+         goto no_memory;
+ 
+     if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1019,7 +1019,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0)
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+         goto no_memory;
+ 
+     if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1200,7 +1200,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1674,7 +1674,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1739,7 +1739,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1804,7 +1804,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -2064,7 +2064,7 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED,
+         goto cleanup;
+     }
+ 
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -3567,7 +3567,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
diff -Nru libvirt-0.9.12/debian/patches/series libvirt-0.9.12/debian/patches/series
--- libvirt-0.9.12/debian/patches/series	2012-06-20 08:24:04.000000000 +0200
+++ libvirt-0.9.12/debian/patches/series	2012-08-01 21:11:17.000000000 +0200
@@ -12,3 +12,4 @@
 Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
 Reduce-udevadm-settle-timeout-to-10-seconds.patch
 Include-stdint.h-for-uint32_t.patch
+security/CVE-2012-3445.patch
diff -Nru libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
--- libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch	2012-08-01 21:11:17.000000000 +0200
@@ -23,13 +23,13 @@
  #11 main (argc=5, argv=0xbf9c2cd4) at virsh.c:12751
 ---
  tools/virsh.c |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
+ 1 file changed, 3 insertions(+)
 
 diff --git a/tools/virsh.c b/tools/virsh.c
-index ee6db4c..b3dc21c 100644
+index dd9292a..d798328 100644
 --- a/tools/virsh.c
 +++ b/tools/virsh.c
-@@ -19276,6 +19276,9 @@ vshInit(vshControl *ctl)
+@@ -19560,6 +19560,9 @@ vshInit(vshControl *ctl)
      /* set up the signals handlers to catch disconnections */
      vshSetupSignals();
  

--- End Message ---

--- Begin Message ---

• To: Guido Günther <agx@sigxcpu.org>, <683589-done@bugs.debian.org>
• Subject: Re: Bug#683589: unblock: libvirt/0.9.12-4
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Thu, 02 Aug 2012 08:35:27 +0100
• Message-id: <f345236f3595a6e154c3cf120efb9e8e@mail.adsl.funky-badger.org>
• In-reply-to: <[🔎] 20120802065225.GA3183@bogon.sigxcpu.org>
• References: <[🔎] 20120802065225.GA3183@bogon.sigxcpu.org>

On 02.08.2012 07:52, Guido Günther wrote:

Please unblock package libvirt

It fixes CVE-2012-3445 (#683483). Debdiff attached.

Already unblocked yesterday. :-)

Regards,

Adam

--- End Message ---