summaryrefslogtreecommitdiff
path: root/app-emulation/libvirt
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/libvirt')
-rw-r--r--app-emulation/libvirt/Manifest7
-rw-r--r--app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch74
-rw-r--r--app-emulation/libvirt/libvirt-3.8.0-r1.ebuild (renamed from app-emulation/libvirt/libvirt-3.7.0.ebuild)4
-rw-r--r--app-emulation/libvirt/libvirt-9999.ebuild3
4 files changed, 81 insertions, 7 deletions
diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest
index 30444c2f7f10..e879cfa0e899 100644
--- a/app-emulation/libvirt/Manifest
+++ b/app-emulation/libvirt/Manifest
@@ -5,6 +5,7 @@ AUX libvirt-1.3.4-glibc-2.23.patch 2049 SHA256 8fa125da2a8e6dabf17fc47863597b2b3
AUX libvirt-3.0.0-fix_paths_for_apparmor.patch 2904 SHA256 77ccadc9bf80b029a3105ac7609b759d5b73c40fef03d4eabcb6c6c9bd3334f9 SHA512 be4aba4b9bd44bb2f1b4f269f573caafce746783e0a7c08ff72d03a96b9675261346ededaf1d6b6c89afaa6d2b88fe7fb0d9f120d40fd714179e6f9d209a6724 WHIRLPOOL 917b54d20a1a2567052de25f08b8296b392002292303eee11acfee486eb8437a767695325adc63a08f239edcbdceae9787f63cdebb313631c7e6880c97a54caf
AUX libvirt-3.1.0-musl-fix-includes.patch 221 SHA256 40b1814d2a1d05a987242af46592a74feb612ccb3f064e93984bdad29d9c1fc7 SHA512 876c7dacedcce1d69938779b978b3a23b2f51128f121b4aa53f5f301d7740f90d77f335523210ed492b68b5f7a0b864b25a694ee562fb5e8ab1b6411d3da48e7 WHIRLPOOL d9d7f57cee28f1f6149f6de6f853f08679cbb9b3e82b019ff6046da525c1768ea3f7ef34cf3afa6033e87f80e8f5c74e5f2d129122d8df6edb371e743a3a3af5
AUX libvirt-3.6.0-ssh-malicious-hostname-fix.patch 1770 SHA256 6dd8209b02a14f4db4cd4b3903d62418bec4a200b2c85eb597266eefc4fb0814 SHA512 177a85183d9a4b3e2a8be523cfd10c8dd8e7988aca69864c3ff55ebaf5576eebf904317ac0814e588be21909b21c1deb1dfca13f84f3af54ebbdb55e8f12f562 WHIRLPOOL 1935e293c8a438b326b6c617fd695f93e92c99b6bca13c7815a62ae04bc7c2dba885763595b02a7d4ec4f3235124ff03cea704f4e56ac7c613edbeca847c9225
+AUX libvirt-3.8.0-CVE-2017-1000256.patch 3737 SHA256 af14abe57e4764eb35df8e104f992132e0ca9797d5b470adde6515f6c7c95c10 SHA512 2c3e88670ec9531207c60b89e8e2ec6188834e795cd0e698d63781209182801209d4097fd72607166853b54a9f301a160b575f757741da5aeb995d752bbcb80a WHIRLPOOL 61cfac579defb75b2d92622c3fafc25036f9b3d5260e296941188d541327b381397b4bf996c9e5c5b624aae82a76b43798bf3253b66d26e3f7f3e5fba70273f9
AUX libvirt-guests.confd 2430 SHA256 d5f85bb8c1d2010347f23badc422e98046b97a0066254739b5829fce07837d63 SHA512 78f419a89de7aabaad860903c24f1c070786fc1296d987e61dd537705b0e7f71a46c315888028f3826c3417e42861ca8471788be4ec5695e98427c5f18ae63fc WHIRLPOOL 4f06b9319f52b872f14f86da9aeeafecf176c46755955c7773badd0df239fdd76efaff50921565154fa24896d0e4b07df788e785ed6ff5f2308c0ba0e79a9418
AUX libvirt-guests.init-r2 5412 SHA256 f78ced5ebe644522c6ce102b3f6bcf932686243a50629559f988548c570cad3a SHA512 0f46ec5776c61d1776248779fa894b1a6d7b98d0eb8e8374b320c785c25d92468f087e350233b9152eb2cd0680f6b334c3a61684dabc7c5b559d3b55fdcb712d WHIRLPOOL 77ce5c6e615c94b437f13f8bfb2689cea7b8231a4aa227e83944fd66793a3daf0ada8c041c358f38c2f676dfc7fb071880df682dcc759f63e8e20f033e141d39
AUX libvirtd.confd-r5 740 SHA256 4f7fba7e64533868119c0f3355aa22932e163b208397323dc2cd96daadcc4079 SHA512 98f935589dbc5f2a99329f77fdf84c563fa0dc99404b7476603679478d68ce8dbea2c88645251d3c28f59e7bcae124ae632972146e8a8c3e0e9fcbfb27296f91 WHIRLPOOL cc40f10c1ab440efff318f4cac95c0923dfb3309e727d3de4a5dd5cd95181da76a6f1de4ad6740b99d0b65b6bbf5a5128ce24288f77a91268e74d2e8d8e95e49
@@ -14,10 +15,10 @@ AUX libvirtd.tmpfiles.conf 36 SHA256 0102a9bbbb6fc9764c2d49933a89d1661b3999aec53
AUX virtlockd.init-r1 570 SHA256 23ddea66fb2d85c17c382daa07abfabe7fa57d62406d2ca5df0c755f5dcc3834 SHA512 65a05d406200da9a534df5caa1b9cb2af97f0b03f64e6b4157322975fa754f59ae74fff9ec8301a6c0510e4b75e2b72a78cddf004a76109e18c375e83527cee5 WHIRLPOOL 7959e426986747165ef074ca52b8049aa4120b0206b7532330346552fe5811a46fa71b58e02fcd37e55b872e099ccc8688fcc3f30b2e2316e01a4220806d49b4
AUX virtlogd.init-r1 569 SHA256 1647c11779fd874bdc115234bae0f0f65278084541473d2825aa9864ad49f939 SHA512 0a3e083e742f9e0d8206ab9a48c63bbd395bdc24e5551e2cbeddffa3fb576a817b73dbafe646c392a35c354d6b65426a9b6f3ce3dcafc30077715e90684968c1 WHIRLPOOL e0fa334c60dac4aa1ff721c3c4e957a688e0a58297cb06249de50dd838c55eee3c1c00fcb4b1c06b74c1fb61c52354889a09bd2793c8623faa120489cac95c3a
DIST libvirt-3.6.0.tar.xz 14797704 SHA256 3a2c97f6950796f300f6a2e0404f4de8e51c3b9430cdb82738439adb0ac59e3d SHA512 6cde735a18cb71c9e6dbb25cd2a8f9c72d55ad7d74bdf97b00d784593f0bc59498917fb235ce04de4428899241520d87bf19c015b80282b3d0c12918d9b8b288 WHIRLPOOL 8185ad998158bac9aa6bc0dd0f590a3d9fb393ad94d308bdc84e60ac5c56e110d5f4a2355e2a10b01a6521d8261ae7484aee275e12a17cc7f2830f169e990596
-DIST libvirt-3.7.0.tar.xz 14803752 SHA256 4e7bcb209eeef99f026484293abc733e30ed06dabcdde62c4c3e95f71b2b67ba SHA512 b3f7021ef4c6954430f8fa503f0c49e3df4f662b228cb631ba2c2139ecec2307dde6cec05037cc28663e82ab1001296c20c5c68acd183cd364dd484a7746f498 WHIRLPOOL 93ae283bd9048983ea6f1bb9572a94313b40c0d7e82c8d61fc36c6b2fde6b2d1a16333a2ac89ef0675130eda07b5268d2ed3ddaef8305dd04858291559b95850
+DIST libvirt-3.8.0.tar.xz 14868712 SHA256 73eba834089ed0ce74e3183a7f12cf0c6f7de08e9a700b5456c62fb124f903f9 SHA512 fc48f29b493a5ec2b3586f6c5df0b8cb81f3f26be847bc42acfb6481d45970edc760dda0232ad57b95b8cf13382d0269dd3edf4a744040cda15b835d32d8c672 WHIRLPOOL af36d20c2713398f0d7aaf1b9fc2bcf978abc096d3070cb7cb1efa6680204e591e02b03340f4d862f6e7d1fabd4135cba23eef8ccd459264a44a052acf0e509e
EBUILD libvirt-3.6.0.ebuild 9705 SHA256 5d9511479f979dce30eef8ddc68a80b0e602461a459b8dd71f637d6628a44061 SHA512 e44a8cdfc9d9070c726610d6ec2f4191fdbc19fb2e3dceff4ac2a232aa73d43d8a7a2548909906c0d5d273c23e3fd2762d8a7379cdfa03a539d09d36d38dd9d9 WHIRLPOOL af6d2497a375d6639b3c0903abdc8c0cf1122b62a03de0825ade097eed2acefd18acc3781e3a05fc9a27afe26ddf69a5ae497ffc3b98cc00556674aaef84adc1
-EBUILD libvirt-3.7.0.ebuild 9633 SHA256 77b30ad103039e78f1ba2feebddc3e4760d85516e22a16e00182aa0810c4f2d3 SHA512 676e228e30c94d0ffda19443de127e5d1df224a25b04d6543329b63eca52faef7a13493bb680e55bfcb9c5df29d6786b5a7ae22886d7bf60fa37e338a8147bd9 WHIRLPOOL bde33afb6b43120c9853f799b08a68f0298ae6a9e424d222391aedf34180c9a6b224e586bc484d297993d8c920dedd2c1c3b4027afe6c33c711322e908e89aa8
-EBUILD libvirt-9999.ebuild 9559 SHA256 4cfbe31874591a16b09c161b1de03dd93e9f055a9ffe8c291988993188a6c88e SHA512 c371eebaba49abe6018f69faf9f41c6b7801efb36f2ddd52474f3ea692bd0dd6d3b6dfcd9565036f91f2cccfc4d62ce804207b6804914b47ff5ef60037ba03eb WHIRLPOOL d126e9a509c39a4bf6f3cdc7f7a4fee1166a3fe1d8739ae31352b4b1197c5a8cf9f51d45656c3492e26ebbe5286f3e734df42eb21cf41ec77183d27e6f00e5e4
+EBUILD libvirt-3.8.0-r1.ebuild 9654 SHA256 18017ad471d8ba23b78489d29d6bb5f5833c6ade99fcf418b848d04b966eaa32 SHA512 81d1abce5b9fc4b3705b59d12d0383e178d0a443952ee8828d08fd4ba2c890129c6cae25d188ffe8bf19fbd8221073488fa6c57b41968b689ece539f0bca7e1b WHIRLPOOL cfff4b177ac911a659855445fe2842428dbdcedf1f403890a8049d5a418468847b7a8fa013fc2ae5898ddff9ba07062ff77e1286e6b74dee2593a4dc8936f3a8
+EBUILD libvirt-9999.ebuild 9506 SHA256 d5af8cfea0f8f40cb4c1e474a64709440cd5fc31672af9be7bc607fcec880f04 SHA512 669472ae963372efc043f20dcf3a38d06fcdf45eb80ca13c7b76e6fed35590255206731ebd4a42b95017399bba309d49e734c14c07c9b5dc22cc7ae7819dbac2 WHIRLPOOL 1158f1338973b99a1dc518aae73e50015fff4cc2a7d8afee086784525571b2668b76dd5f6eaf5391d8a80d6817f4d8c5caf363d93e758b89202ee73e4c047f43
MISC ChangeLog 27207 SHA256 94b83a13739094fab2b993a9a833e735422f1117aa3511fc399ef7449977cbe4 SHA512 36eda4a70d13b8e06fc293ae0a31e0841e0bbb541b3c8294e9a3f341957739208836f353175cba6ff6f3b9f99c41d6be6ab69909812a5d28f2b3b79b6e386fa0 WHIRLPOOL 8721914e310158f81b907583aaeac8d2000a3db9e63f761cd7ee9674ec7834f953f9ffa248a06938d5af5ae98aee304a1e53467e8d134ebf56351ff37aaaaa48
MISC ChangeLog-2015 33229 SHA256 9b5ab13f86ef62f4eead3fc3ce0a20da725cf43437e4edc24c606fa56ca46831 SHA512 e1209249689918947d066bb91245d851f39a48b78819cb3265aa36cbe5e678e8374ef7a6279dffe678b7264a4d53aecf1d5e4f4e690e4a70df32dd84a067571a WHIRLPOOL 94ef57fc540991bc6fc9442a3d74cd6e7c10bccfee41275fca6ae4286fa73ef8bf1d9c1e9d76f10a6c2548250f5d1e72a9c1776c7b504efd9325f61b09bee55d
MISC metadata.xml 3766 SHA256 66a0ada4191fa3c10cf6b50c8d42bec0c4fe41c0fbc4453f3f48b09355756c16 SHA512 10d96f652bdcf32e34ea415a37de0c3c4aae3a716403a0ca73228af640788734119cbf4ade26a450cc3cda81ef6182391a6f590a851a6834d52394b7c81c49ed WHIRLPOOL 1d69d7520f3e228e730c1cb035996b5a3ba27bd7e4bfcb92703de69b16eb4f5c0dd7631cce75076bd8e98e61fca68802f4262e2f76a88818eca11b2e2bdc3b1b
diff --git a/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch b/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch
new file mode 100644
index 000000000000..8c347cd799ad
--- /dev/null
+++ b/app-emulation/libvirt/files/libvirt-3.8.0-CVE-2017-1000256.patch
@@ -0,0 +1,74 @@
+From 441d3eb6d1be940a67ce45a286602a967601b157 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Thu, 5 Oct 2017 17:54:28 +0100
+Subject: [PATCH] qemu: ensure TLS clients always verify the server certificate
+
+The default_tls_x509_verify (and related) parameters in qemu.conf
+control whether the QEMU TLS servers request & verify certificates
+from clients. This works as a simple access control system for
+servers by requiring the CA to issue certs to permitted clients.
+This use of client certificates is disabled by default, since it
+requires extra work to issue client certificates.
+
+Unfortunately the code was using this configuration parameter when
+setting up both TLS clients and servers in QEMU. The result was that
+TLS clients for character devices and disk devices had verification
+turned off, meaning they would ignore errors while validating the
+server certificate.
+
+This allows for trivial MITM attacks between client and server,
+as any certificate returned by the attacker will be accepted by
+the client.
+
+This is assigned CVE-2017-1000256 / LSN-2017-0002
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ src/qemu/qemu_command.c | 2 +-
+ tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args | 2 +-
+ .../qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 46f0bdd18..f68b82d08 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -721,7 +721,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
+ if (virJSONValueObjectCreate(propsret,
+ "s:dir", path,
+ "s:endpoint", (isListen ? "server": "client"),
+- "b:verify-peer", verifypeer,
++ "b:verify-peer", (isListen ? verifypeer : true),
+ NULL) < 0)
+ goto cleanup;
+
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
+index 5aff7734e..ab5f7e27f 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
+@@ -26,7 +26,7 @@ server,nowait \
+ localport=1111 \
+ -device isa-serial,chardev=charserial0,id=serial0 \
+ -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
+-endpoint=client,verify-peer=no \
++endpoint=client,verify-peer=yes \
+ -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
+ tls-creds=objcharserial1_tls0 \
+ -device isa-serial,chardev=charserial1,id=serial1 \
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
+index 91f1fe0cd..2567abbfa 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
+@@ -31,7 +31,7 @@ localport=1111 \
+ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+ -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
+-endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
++endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
+ -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
+ tls-creds=objcharserial1_tls0 \
+ -device isa-serial,chardev=charserial1,id=serial1 \
+--
+2.13.6
+
diff --git a/app-emulation/libvirt/libvirt-3.7.0.ebuild b/app-emulation/libvirt/libvirt-3.8.0-r1.ebuild
index 8df3d9b0ab59..7ac23060bb18 100644
--- a/app-emulation/libvirt/libvirt-3.7.0.ebuild
+++ b/app-emulation/libvirt/libvirt-3.8.0-r1.ebuild
@@ -29,7 +29,7 @@ IUSE="
apparmor audit +caps +dbus firewalld fuse glusterfs iscsi +libvirtd lvm
libssh lxc +macvtap nfs nls numa openvz parted pcap phyp policykit
+qemu rbd sasl selinux +udev uml +vepa virtualbox virt-network
- wireshark-plugins xen zeroconf zfs elibc_glibc
+ wireshark-plugins xen zeroconf zfs
"
REQUIRED_USE="
@@ -68,7 +68,6 @@ RDEPEND="
audit? ( sys-process/audit )
caps? ( sys-libs/libcap-ng )
dbus? ( sys-apps/dbus )
- elibc_glibc? ( sys-libs/glibc[rpc(+)] )
firewalld? ( net-firewall/firewalld )
fuse? ( >=sys-fs/fuse-2.8.6:= )
glusterfs? ( >=sys-cluster/glusterfs-3.4.1 )
@@ -126,6 +125,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-3.0.0-fix_paths_for_apparmor.patch
"${FILESDIR}"/${PN}-1.3.4-glibc-2.23.patch
"${FILESDIR}"/${PN}-3.1.0-musl-fix-includes.patch # bug #609488
+ "${FILESDIR}"/${PN}-3.8.0-CVE-2017-1000256.patch # bug #635174
)
pkg_setup() {
diff --git a/app-emulation/libvirt/libvirt-9999.ebuild b/app-emulation/libvirt/libvirt-9999.ebuild
index 9ae7d7ea4e43..3716e896837b 100644
--- a/app-emulation/libvirt/libvirt-9999.ebuild
+++ b/app-emulation/libvirt/libvirt-9999.ebuild
@@ -29,7 +29,7 @@ IUSE="
apparmor audit +caps +dbus firewalld fuse glusterfs iscsi +libvirtd lvm
libssh lxc +macvtap nfs nls numa openvz parted pcap phyp policykit
+qemu rbd sasl selinux +udev uml +vepa virtualbox virt-network
- wireshark-plugins xen zeroconf zfs elibc_glibc
+ wireshark-plugins xen zeroconf zfs
"
REQUIRED_USE="
@@ -68,7 +68,6 @@ RDEPEND="
audit? ( sys-process/audit )
caps? ( sys-libs/libcap-ng )
dbus? ( sys-apps/dbus )
- elibc_glibc? ( sys-libs/glibc[rpc(+)] )
firewalld? ( net-firewall/firewalld )
fuse? ( >=sys-fs/fuse-2.8.6:= )
glusterfs? ( >=sys-cluster/glusterfs-3.4.1 )
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 17:43:28 +0000