Bug#1036453: marked as done (unblock: libvirt/9.0.0-4)

To: Paul Gevers <elbrus@debian.org>
Subject: Bug#1036453: marked as done (unblock: libvirt/9.0.0-4)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 28 May 2023 06:03:03 +0000
Message-id: <[🔎] handler.1036453.D1036453.16852536711881300.ackdone@bugs.debian.org>
Reply-to: 1036453@bugs.debian.org
References: <3e658333-7718-d29c-3a0c-b53de5887c62@debian.org> <[🔎] 168466543701.55368.10631520160487535942.reportbug@meyneth>

Your message dated Sun, 28 May 2023 08:01:06 +0200
with message-id <3e658333-7718-d29c-3a0c-b53de5887c62@debian.org>
and subject line Re: Bug#1036453: unblock: libvirt/9.0.0-4
has caused the Debian Bug report #1036453,
regarding unblock: libvirt/9.0.0-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036453: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036453
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libvirt/9.0.0-4
From: Andrea Bolognani <eof@kiyuko.org>
Date: Sun, 21 May 2023 12:37:17 +0200
Message-id: <[🔎] 168466543701.55368.10631520160487535942.reportbug@meyneth>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libvirt@packages.debian.org
Control: affects -1 + src:libvirt

Please unblock package libvirt


[ Reason ]

Fix CVE-2023-2700.


[ Impact ]

Fix CVE-2023-2700.


[ Tests ]

I haven't found tests covering this specific functionality. However,
the change is part of libvirt 9.3.0, which is already in Debian
experimental as well as other distributions such as Fedora, and to
the best of my knowledge no issues with it have been reported.


[ Risks ]

The change has already been reviewed and accepted upstream. The
function being patched hasn't changed between 9.0.0 and 9.3.0, so the
backport was a clean one. I have reviewed the changes again in the
context of the Debian package.


[ Checklist ]

  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


[ Other info ]

N/A


unblock libvirt/9.0.0-4

diff -Nru libvirt-9.0.0/debian/changelog libvirt-9.0.0/debian/changelog
--- libvirt-9.0.0/debian/changelog	2023-04-15 18:27:51.000000000 +0200
+++ libvirt-9.0.0/debian/changelog	2023-05-21 11:31:31.000000000 +0200
@@ -1,3 +1,11 @@
+libvirt (9.0.0-4) unstable; urgency=medium
+
+  * [79f6669] patches: Add backports
+    - backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
+      - Fixes CVE-2023-2700 (Closes: #1036297)
+
+ -- Andrea Bolognani <eof@kiyuko.org>  Sun, 21 May 2023 11:31:31 +0200
+
 libvirt (9.0.0-3) unstable; urgency=medium
 
   * [56bee71] patches: Add backports
diff -Nru libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
--- libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvirt-9.0.0/debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch	2023-05-21 11:31:31.000000000 +0200
@@ -0,0 +1,53 @@
+From: Tim Shearer <TShearer@adva.com>
+Date: Mon, 1 May 2023 13:15:48 +0000
+Subject: virpci: Resolve leak in virPCIVirtualFunctionList cleanup
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Repeatedly querying an SR-IOV PCI device's capabilities exposes a
+memory leak caused by a failure to free the virPCIVirtualFunction
+array within the parent struct's g_autoptr cleanup.
+
+Valgrind output after getting a single interface's XML description
+1000 times:
+
+==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635
+==325982==    at 0x4C3C096: realloc (vg_replace_malloc.c:1437)
+==325982==    by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4)
+==325982==    by 0x4EE1F52: virReallocN (viralloc.c:52)
+==325982==    by 0x4EE1FB7: virExpandN (viralloc.c:78)
+==325982==    by 0x4EE219A: virInsertElementInternal (viralloc.c:183)
+==325982==    by 0x4EE23B2: virAppendElement (viralloc.c:288)
+==325982==    by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389)
+==325982==    by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256)
+==325982==    by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969)
+==325982==    by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099)
+==325982==    by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677)
+==325982==    by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355)
+
+Signed-off-by: Tim Shearer <tshearer@adva.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 6425a311b8ad19d6f9c0b315bf1d722551ea3585)
+
+https://bugs.debian.org/1036297
+https://security-tracker.debian.org/tracker/CVE-2023-2700
+
+Forwarded: not-needed
+Origin: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
+---
+ src/util/virpci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/util/virpci.c b/src/util/virpci.c
+index 7800966..a44f70f 100644
+--- a/src/util/virpci.c
++++ b/src/util/virpci.c
+@@ -2253,6 +2253,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list)
+         g_free(list->functions[i].ifname);
+     }
+ 
++    g_free(list->functions);
+     g_free(list);
+ }
+ 
diff -Nru libvirt-9.0.0/debian/patches/series libvirt-9.0.0/debian/patches/series
--- libvirt-9.0.0/debian/patches/series	2023-04-15 18:27:51.000000000 +0200
+++ libvirt-9.0.0/debian/patches/series	2023-05-21 11:31:31.000000000 +0200
@@ -9,6 +9,7 @@
 backport/rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch
 backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch
 backport/conf-Fix-migration-in-some-firmware-autoselection-scenari.patch
+backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
 forward/Skip-vircgrouptest.patch
 forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
 forward/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch

--- End Message ---

--- Begin Message ---

To: Andrea Bolognani <eof@kiyuko.org>

Cc: 1036453-done@bugs.debian.org

Subject: Re: Bug#1036453: unblock: libvirt/9.0.0-4

From: Paul Gevers <elbrus@debian.org>

Date: Sun, 28 May 2023 08:01:06 +0200

Message-id: <3e658333-7718-d29c-3a0c-b53de5887c62@debian.org>

In-reply-to: <[🔎] ZHFMTbdVMW2+PQdE@meyneth>

References: <[🔎] 168466543701.55368.10631520160487535942.reportbug@meyneth> <[🔎] a1247ff3-f153-af50-5f7f-06ceab450f63@debian.org> <[🔎] ZHFMTbdVMW2+PQdE@meyneth>
Hi,

On 27-05-2023 02:18, Andrea Bolognani wrote:
On Tue, May 23, 2023 at 06:53:06PM +0200, Paul Gevers wrote:
Please go ahead. And please remove the moreinfo tag once the upload
happened.
Done, thanks :)
unblocked.

Paul
Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Reply to:

References:
- Bug#1036453: unblock: libvirt/9.0.0-4
  - From: Andrea Bolognani <eof@kiyuko.org>

Prev by Date: Re: Upcoming OpenSSL release
Next by Date: Bug#1036592: marked as done (pre-approval: unblock: c-ares/1.18.1-3)
Previous by thread: Processed: Re: Bug#1036453: unblock: libvirt/9.0.0-4
Next by thread: Bug#1036456: unblock: libfastjson/1.2304.0-1
Index(es):
- Date
- Thread