gentoo resync : 15.02.2018

2 files changed, 0 insertions, 153 deletions

diff --git a/app-emulation/libvirt/files/libvirt-3.0.0-fix_paths_for_apparmor.patch b/app-emulation/libvirt/files/libvirt-3.0.0-fix_paths_for_apparmor.patch
deleted file mode 100644
index c9c7eb6ad49f..000000000000
--- a/app-emulation/libvirt/files/libvirt-3.0.0-fix_paths_for_apparmor.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From baad1483ed0a699509f66abac6708797f370f888 Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@kyomu.43-1.org>
-Date: Sun, 22 Jan 2017 09:07:57 -0600
-Subject: [PATCH] Update paths to Gentoo layout
-
----
- examples/Makefile.am                                                | 4 ++--
- .../{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper}  | 4 ++--
- examples/apparmor/usr.sbin.libvirtd                                 | 6 ++++--
- 3 files changed, 8 insertions(+), 6 deletions(-)
- rename examples/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (90%)
-
-diff --git a/examples/Makefile.am b/examples/Makefile.am
-index 2956e14..d81e34b 100644
---- a/examples/Makefile.am
-+++ b/examples/Makefile.am
-@@ -23,7 +23,7 @@ EXTRA_DIST = \
- 	apparmor/TEMPLATE.lxc \
- 	apparmor/libvirt-qemu \
- 	apparmor/libvirt-lxc \
--	apparmor/usr.lib.libvirt.virt-aa-helper \
-+	apparmor/usr.libexec.virt-aa-helper \
- 	apparmor/usr.sbin.libvirtd \
- 	lxcconvert/virt-lxc-convert \
- 	polkit/libvirt-acl.rules \
-@@ -70,7 +70,7 @@ admin_logging_SOURCES = admin/logging.c
- if WITH_APPARMOR_PROFILES
- apparmordir = $(sysconfdir)/apparmor.d/
- apparmor_DATA = \
--	apparmor/usr.lib.libvirt.virt-aa-helper \
-+	apparmor/usr.libexec.virt-aa-helper \
- 	apparmor/usr.sbin.libvirtd \
- 	$(NULL)
- 
-diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.libexec.virt-aa-helper
-similarity index 90%
-rename from examples/apparmor/usr.lib.libvirt.virt-aa-helper
-rename to examples/apparmor/usr.libexec.virt-aa-helper
-index 4a8f197..a6072f1 100644
---- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/examples/apparmor/usr.libexec.virt-aa-helper
-@@ -1,7 +1,7 @@
- # Last Modified: Mon Apr  5 15:10:27 2010
- #include <tunables/global>
- 
--profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
-+profile virt-aa-helper /usr/libexec/virt-aa-helper {
-   #include <abstractions/base>
- 
-   # needed for searching directories
-@@ -20,7 +20,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
-   /sys/devices/ r,
-   /sys/devices/** r,
- 
--  /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
-+  /usr/libexec/virt-aa-helper mr,
-   /{usr/,}sbin/apparmor_parser Ux,
- 
-   /etc/apparmor.d/libvirt/* r,
-diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
-index 8893e75..f0b471c 100644
---- a/examples/apparmor/usr.sbin.libvirtd
-+++ b/examples/apparmor/usr.sbin.libvirtd
-@@ -59,8 +59,10 @@
-   audit deny /sys/kernel/security/apparmor/.* rwxl,
-   /sys/kernel/security/apparmor/profiles r,
-   /usr/{lib,lib64}/libvirt/* PUxr,
--  /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
--  /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
-+  /usr/libexec/virt-aa-helper PUxr,
-+  /usr/libexec/libvirt_lxc PUxr,
-+  /usr/libexec/libvirt_parthelper ix,
-+  /usr/libexec/libvirt_iohelper ix,
-   /etc/libvirt/hooks/** rmix,
-   /etc/xen/scripts/** rmix,
- 
--- 
-2.10.2
-
diff --git a/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch b/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch
deleted file mode 100644
index 8c347cd799ad..000000000000
--- a/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 441d3eb6d1be940a67ce45a286602a967601b157 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Thu, 5 Oct 2017 17:54:28 +0100
-Subject: [PATCH] qemu: ensure TLS clients always verify the server certificate
-
-The default_tls_x509_verify (and related) parameters in qemu.conf
-control whether the QEMU TLS servers request & verify certificates
-from clients. This works as a simple access control system for
-servers by requiring the CA to issue certs to permitted clients.
-This use of client certificates is disabled by default, since it
-requires extra work to issue client certificates.
-
-Unfortunately the code was using this configuration parameter when
-setting up both TLS clients and servers in QEMU. The result was that
-TLS clients for character devices and disk devices had verification
-turned off, meaning they would ignore errors while validating the
-server certificate.
-
-This allows for trivial MITM attacks between client and server,
-as any certificate returned by the attacker will be accepted by
-the client.
-
-This is assigned CVE-2017-1000256  / LSN-2017-0002
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- src/qemu/qemu_command.c                                                 | 2 +-
- tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args     | 2 +-
- .../qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args                 | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
-index 46f0bdd18..f68b82d08 100644
---- a/src/qemu/qemu_command.c
-+++ b/src/qemu/qemu_command.c
-@@ -721,7 +721,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
-     if (virJSONValueObjectCreate(propsret,
-                                  "s:dir", path,
-                                  "s:endpoint", (isListen ? "server": "client"),
--                                 "b:verify-peer", verifypeer,
-+                                 "b:verify-peer", (isListen ? verifypeer : true),
-                                  NULL) < 0)
-         goto cleanup;
- 
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-index 5aff7734e..ab5f7e27f 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-@@ -26,7 +26,7 @@ server,nowait \
- localport=1111 \
- -device isa-serial,chardev=charserial0,id=serial0 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no \
-+endpoint=client,verify-peer=yes \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-index 91f1fe0cd..2567abbfa 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-@@ -31,7 +31,7 @@ localport=1111 \
- data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
- keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
-+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
--- 
-2.13.6
-