[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, experimental, updated. debian/0.9.2-4-2-gedaf33a
Laurent Léonard
laurent at open-minds.org
Thu Jun 30 17:34:29 UTC 2011
The following commit has been merged in the experimental branch:
commit 4fbc990b8144103ba9adf488c3b3c6422ee4280b
Author: Laurent Léonard <laurent at open-minds.org>
Date: Sat Jun 4 01:08:01 2011 +0200
New patch security-plug-regression-introduced-in-disk-probe-lo.patch
Closes: #629128
diff --git a/debian/patches/security-plug-regression-introduced-in-disk-probe-lo.patch b/debian/patches/security-plug-regression-introduced-in-disk-probe-lo.patch
new file mode 100644
index 0000000..cd5df27
--- /dev/null
+++ b/debian/patches/security-plug-regression-introduced-in-disk-probe-lo.patch
@@ -0,0 +1,33 @@
+From: Eric Blake <eblake at redhat.com>
+Date: Thu, 26 May 2011 08:18:46 -0600
+Subject: security: plug regression introduced in disk probe logic
+
+Regression introduced in commit d6623003 (v0.8.8) - using the
+wrong sizeof operand meant that security manager private data
+was overlaying the allowDiskFormatProbing member of struct
+_virSecurityManager. This reopens disk probing, which was
+supposed to be prevented by the solution to CVE-2010-2238.
+
+Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=709769
+Bug-Debian: http://bugs.debian.org/629128
+---
+ src/security/security_manager.c | 4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_manager.c b/src/security/security_manager.c
+index 0246dd8..6f0becd 100644
+--- a/src/security/security_manager.c
++++ b/src/security/security_manager.c
+@@ -107,7 +107,9 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
+
+ void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
+ {
+- return ((char*)mgr) + sizeof(mgr);
++ /* This accesses the memory just beyond mgr, which was allocated
++ * via VIR_ALLOC_VAR earlier. */
++ return mgr + 1;
+ }
+
+
+--
diff --git a/debian/patches/series b/debian/patches/series
index a06759e..14236b9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ Disable-CHECKSUM-rule.patch
Debianize-libvirt-guests.patch
virsh-Initialize-library-before-calling-virResetLast.patch
Disable-daemon-start-test.patch
+security-plug-regression-introduced-in-disk-probe-lo.patch
--
Libvirt Debian packaging
More information about the Pkg-libvirt-commits
mailing list