From e2d84e38284aeb9d522a7e935554340ddf0e4a6f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 15 Nov 2017 17:13:45 +0000 Subject: gentoo resync : 15.11.2017 --- .../libvirt-3.6.0-ssh-malicious-hostname-fix.patch | 47 ---------------------- .../libvirt/files/libvirt-3.9.0-tirpc.patch | 13 ++++++ 2 files changed, 13 insertions(+), 47 deletions(-) delete mode 100644 app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch create mode 100644 app-emulation/libvirt/files/libvirt-3.9.0-tirpc.patch (limited to 'app-emulation/libvirt/files') diff --git a/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch b/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch deleted file mode 100644 index 628928412767..000000000000 --- a/app-emulation/libvirt/files/libvirt-3.6.0-ssh-malicious-hostname-fix.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e4cb8500810a310a10a6cb359e1b53fac03ed597 Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Fri, 11 Aug 2017 17:19:53 +0100 -Subject: [PATCH] rpc: avoid ssh interpreting malicious hostname as arguments - -Inspired by the recent GIT / Mercurial security flaws -(http://blog.recurity-labs.com/2017-08-10/scm-vulns), -consider someone/something manages to feed libvirt a bogus -URI such as: - - virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system - -In this case, the hosname "-oProxyCommand=gnome-calculator" -will get interpreted as an argument to ssh, not a hostname. -Fortunately, due to the set of args we have following the -hostname, SSH will then interpret our bit of shell script -that runs 'nc' on the remote host as a cipher name, which is -clearly invalid. This makes ssh exit during argv parsing and -so it never tries to run gnome-calculator. - -We are lucky this time, but lets be more paranoid, by using -'--' to explicitly tell SSH when it has finished seeing -command line options. This forces it to interpret -"-oProxyCommand=gnome-calculator" as a hostname, and thus -see a fail from hostname lookup. - -Signed-off-by: Daniel P. Berrange ---- - src/rpc/virnetsocket.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c -index d228c8a8c..23089afef 100644 ---- a/src/rpc/virnetsocket.c -+++ b/src/rpc/virnetsocket.c -@@ -868,7 +868,7 @@ int virNetSocketNewConnectSSH(const char *nodename, - if (!netcat) - netcat = "nc"; - -- virCommandAddArgList(cmd, nodename, "sh", "-c", NULL); -+ virCommandAddArgList(cmd, "--", nodename, "sh", "-c", NULL); - - virBufferEscapeShell(&buf, netcat); - if (virBufferCheckError(&buf) < 0) { --- -2.13.5 - diff --git a/app-emulation/libvirt/files/libvirt-3.9.0-tirpc.patch b/app-emulation/libvirt/files/libvirt-3.9.0-tirpc.patch new file mode 100644 index 000000000000..39e2bfafa63a --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-3.9.0-tirpc.patch @@ -0,0 +1,13 @@ +diff --git a/tools/Makefile.am b/tools/Makefile.am +index 5b73558..05bf8a5 100644 +--- a/tools/Makefile.am ++++ b/tools/Makefile.am +@@ -428,7 +428,7 @@ if WITH_WIRESHARK_DISSECTOR + + ws_plugin_LTLIBRARIES = wireshark/src/libvirt.la + wireshark_src_libvirt_la_CPPFLAGS = \ +- -I wireshark/src $(WIRESHARK_DISSECTOR_CFLAGS) ++ -I wireshark/src -I/usr/include/tirpc $(WIRESHARK_DISSECTOR_CFLAGS) + wireshark_src_libvirt_la_LDFLAGS = -avoid-version -module + nodist_wireshark_src_libvirt_la_SOURCES = wireshark/src/plugin.c + wireshark_src_libvirt_la_SOURCES = \ -- cgit v1.2.3