Bug#683589: unblock: libvirt/0.9.12-4

[Guido Günther <agx@sigxcpu.org>]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libvirt

It fixes CVE-2012-3445 (#683483). Debdiff attached.

unblock libvirt/0.9.12-4

Cheers,
 -- Guido

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru libvirt-0.9.12/debian/changelog libvirt-0.9.12/debian/changelog
--- libvirt-0.9.12/debian/changelog	2012-06-20 08:24:44.000000000 +0200
+++ libvirt-0.9.12/debian/changelog	2012-08-01 21:12:20.000000000 +0200
@@ -1,3 +1,10 @@
+libvirt (0.9.12-4) unstable; urgency=low
+
+  * [80ac2a6] Fix CVE-2012-3445 with upstream commit
+    6039a2cb49c8af4c68460d2faf365a7e1c686c7b (Closes: #683483)
+
+ -- Guido Günther <agx@sigxcpu.org>  Wed, 01 Aug 2012 21:12:13 +0200
+
 libvirt (0.9.12-3) unstable; urgency=low
 
   * [6b610b6] Include stdint.h for uint32_t to fix the build on kFreeBSD
diff -Nru libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch
--- libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Allow-libvirt-group-to-access-the-socket.patch	2012-08-01 21:11:17.000000000 +0200
@@ -1,6 +1,3 @@
-Message-Id: <b3b5bf1ad7c56d826426b7f7974117ef5b2590e4.1336929172.git.agx@sigxcpu.org>
-In-Reply-To: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx@sigxcpu.org>
-References: <3212167ef5921de92659b7f6bf21d29fad1e4aa6.1336929172.git.agx@sigxcpu.org>
 From: Guido Guenther <agx@sigxcpu.org>
 Date: Thu, 26 Jun 2008 20:01:38 +0200
 Subject: Allow libvirt group to access the socket
diff -Nru libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch
--- libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Debianize-libvirt-guests.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,6 +5,7 @@
 Origin: vendor
 
 
+
 ---
  tools/libvirt-guests.init.sh |   41 +++++++++++++----------------------------
  tools/libvirt-guests.sysconf |    4 ++--
diff -Nru libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch
--- libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Don-t-enable-default-network-on-boot.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,16 +5,17 @@
 to not interfere with existing network configurations
 
 
+
 ---
  src/Makefile.am |    3 ---
  src/Makefile.in |    3 ---
- 2 files changed, 0 insertions(+), 6 deletions(-)
+ 2 files changed, 6 deletions(-)
 
 diff --git a/src/Makefile.am b/src/Makefile.am
-index a2aae9d..6860e21 100644
+index 0dadc29..998fd78 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -1622,9 +1622,6 @@ if WITH_NETWORK
+@@ -1625,9 +1625,6 @@ if WITH_NETWORK
  	    cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
  	      $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
  	    rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
@@ -25,10 +26,10 @@
  
  uninstall-local::
 diff --git a/src/Makefile.in b/src/Makefile.in
-index 26b9dce..34c96a8 100644
+index 209e118..90598de 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -7423,9 +7423,6 @@ install-data-local:
+@@ -7486,9 +7486,6 @@ install-data-local:
  @WITH_NETWORK_TRUE@	    cp $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t \
  @WITH_NETWORK_TRUE@	      $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml && \
  @WITH_NETWORK_TRUE@	    rm $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml.t; }
diff -Nru libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch
--- libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/Don-t-require-gawk-for-a-simple-print-expression.patch	2012-08-01 21:11:17.000000000 +0200
@@ -6,15 +6,16 @@
 Thanks: Luca Capello
 
 
+
 ---
  src/nwfilter/nwfilter_ebiptables_driver.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
-index 0db9f19..09538a2 100644
+index 28f48bd..ee71bb5 100644
 --- a/src/nwfilter/nwfilter_ebiptables_driver.c
 +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
-@@ -4044,7 +4044,7 @@ ebiptablesDriverInit(bool privileged)
+@@ -4062,7 +4062,7 @@ ebiptablesDriverInit(bool privileged)
      if (virMutexInit(&execCLIMutex) < 0)
          return -EINVAL;
  
diff -Nru libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch
--- libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/fix-Debian-specific-path-to-hvm-loader.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,6 +5,7 @@
 Closes: #517059
 
 
+
 ---
  src/xen/xen_hypervisor.c               |    2 +-
  tests/xencapsdata/xen-i686-pae-hvm.xml |    2 +-
@@ -14,7 +15,7 @@
  5 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
-index 4401b68..4817b95 100644
+index b4ec579..5160d53 100644
 --- a/src/xen/xen_hypervisor.c
 +++ b/src/xen/xen_hypervisor.c
 @@ -2359,7 +2359,7 @@ xenHypervisorBuildCapabilities(virConnectPtr conn,
diff -Nru libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch
--- libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/debian/remove-RHism.diff.patch	2012-08-01 21:11:17.000000000 +0200
@@ -4,13 +4,13 @@
 
 ---
  tools/virsh.pod |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/tools/virsh.pod b/tools/virsh.pod
-index c7d5bbd..747832a 100644
+index ef71717..19dde93 100644
 --- a/tools/virsh.pod
 +++ b/tools/virsh.pod
-@@ -103,7 +103,7 @@ telnet's B<^]> is used.
+@@ -104,7 +104,7 @@ alphabetic character, @, [, ], \, ^, _.
  
  Most B<virsh> operations rely upon the libvirt library being able to
  connect to an already running libvirtd service.  This can usually be
diff -Nru libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch
--- libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Disable-failing-virnetsockettest.patch	2012-08-01 21:11:17.000000000 +0200
@@ -5,10 +5,10 @@
 until we debugged the interaction with pbuilder
 ---
  tests/virnetsockettest.c |    2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
+ 1 file changed, 2 insertions(+)
 
 diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
-index 44d6f65..bcfcbd3 100644
+index 204113e..f025f52 100644
 --- a/tests/virnetsockettest.c
 +++ b/tests/virnetsockettest.c
 @@ -491,10 +491,12 @@ mymain(void)
diff -Nru libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
--- libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch	2012-08-01 21:11:17.000000000 +0200
@@ -7,7 +7,7 @@
 Issue reported upstresm.
 ---
  gnulib/tests/test-nonblocking-pipe.sh |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
+ 1 file changed, 4 insertions(+)
 
 diff --git a/gnulib/tests/test-nonblocking-pipe.sh b/gnulib/tests/test-nonblocking-pipe.sh
 index dd692be..9690791 100755
diff -Nru libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
--- libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch	2012-08-01 21:11:17.000000000 +0200
@@ -4,13 +4,13 @@
 
 ---
  src/rpc/virnetserver.c |    5 ++---
- 1 files changed, 2 insertions(+), 3 deletions(-)
+ 1 file changed, 2 insertions(+), 3 deletions(-)
 
 diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
-index f761e6b..ab6d112 100644
+index ae19e84..33dc807 100644
 --- a/src/rpc/virnetserver.c
 +++ b/src/rpc/virnetserver.c
-@@ -695,9 +695,8 @@ void virNetServerRun(virNetServerPtr srv)
+@@ -672,9 +672,8 @@ void virNetServerRun(virNetServerPtr srv)
      virNetServerLock(srv);
  
  #if HAVE_AVAHI
diff -Nru libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
--- libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch	2012-08-01 21:11:17.000000000 +0200
@@ -39,10 +39,10 @@
 to savely detect that the command 'info migrate' is not implemented.
 ---
  src/qemu/qemu_monitor_text.c |   10 +++++++++-
- 1 files changed, 9 insertions(+), 1 deletions(-)
+ 1 file changed, 9 insertions(+), 1 deletion(-)
 
 diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
-index 30a0416..631899b 100644
+index 9e2991b..96539b5 100644
 --- a/src/qemu/qemu_monitor_text.c
 +++ b/src/qemu/qemu_monitor_text.c
 @@ -1654,7 +1654,15 @@ int qemuMonitorTextGetMigrationStatus(qemuMonitorPtr mon,
diff -Nru libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch
--- libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvirt-0.9.12/debian/patches/security/CVE-2012-3445.patch	2012-08-01 21:11:17.000000000 +0200
@@ -0,0 +1,87 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Wed, 1 Aug 2012 13:11:34 +0200
+Subject: CVE-2012-3445
+
+Patch taken from upstream commit
+6039a2cb49c8af4c68460d2faf365a7e1c686c7b.
+
+---
+ daemon/remote.c |   16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 16a8a05..4ece019 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -964,7 +964,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0)
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+         goto no_memory;
+ 
+     if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1019,7 +1019,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0)
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0)
+         goto no_memory;
+ 
+     if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+@@ -1200,7 +1200,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1674,7 +1674,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1739,7 +1739,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -1804,7 +1804,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -2064,7 +2064,7 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED,
+         goto cleanup;
+     }
+ 
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
+@@ -3567,7 +3567,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS
+         virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
+         goto cleanup;
+     }
+-    if (VIR_ALLOC_N(params, nparams) < 0) {
++    if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
+         virReportOOMError();
+         goto cleanup;
+     }
diff -Nru libvirt-0.9.12/debian/patches/series libvirt-0.9.12/debian/patches/series
--- libvirt-0.9.12/debian/patches/series	2012-06-20 08:24:04.000000000 +0200
+++ libvirt-0.9.12/debian/patches/series	2012-08-01 21:11:17.000000000 +0200
@@ -12,3 +12,4 @@
 Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
 Reduce-udevadm-settle-timeout-to-10-seconds.patch
 Include-stdint.h-for-uint32_t.patch
+security/CVE-2012-3445.patch
diff -Nru libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
--- libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch	2012-06-20 08:24:34.000000000 +0200
+++ libvirt-0.9.12/debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch	2012-08-01 21:11:17.000000000 +0200
@@ -23,13 +23,13 @@
  #11 main (argc=5, argv=0xbf9c2cd4) at virsh.c:12751
 ---
  tools/virsh.c |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
+ 1 file changed, 3 insertions(+)
 
 diff --git a/tools/virsh.c b/tools/virsh.c
-index ee6db4c..b3dc21c 100644
+index dd9292a..d798328 100644
 --- a/tools/virsh.c
 +++ b/tools/virsh.c
-@@ -19276,6 +19276,9 @@ vshInit(vshControl *ctl)
+@@ -19560,6 +19560,9 @@ vshInit(vshControl *ctl)
      /* set up the signals handlers to catch disconnections */
      vshSetupSignals();