[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/bookworm] 2 commits: patches: Add backports

Andrea Bolognani (@abologna) gitlab at salsa.debian.org
Fri May 26 21:56:34 BST 2023 


Andrea Bolognani pushed to branch debian/bookworm at Libvirt Packaging Team / libvirt


Commits:
79f6669f by Andrea Bolognani at 2023-05-21T11:31:18+02:00
patches: Add backports

Specifically

  * backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch

which fixes CVE-2023-2700.

Closes: #1036297

- - - - -
3fa5e745 by Andrea Bolognani at 2023-05-21T11:36:12+02:00
Document changes and release 9.0.0-4

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+libvirt (9.0.0-4) unstable; urgency=medium
+
+  * [79f6669] patches: Add backports
+    - backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
+      - Fixes CVE-2023-2700 (Closes: #1036297)
+
+ -- Andrea Bolognani <eof at kiyuko.org>  Sun, 21 May 2023 11:31:31 +0200
+
 libvirt (9.0.0-3) unstable; urgency=medium
 
   * [56bee71] patches: Add backports


=====================================
debian/patches/backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
=====================================
@@ -0,0 +1,53 @@
+From: Tim Shearer <TShearer at adva.com>
+Date: Mon, 1 May 2023 13:15:48 +0000
+Subject: virpci: Resolve leak in virPCIVirtualFunctionList cleanup
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Repeatedly querying an SR-IOV PCI device's capabilities exposes a
+memory leak caused by a failure to free the virPCIVirtualFunction
+array within the parent struct's g_autoptr cleanup.
+
+Valgrind output after getting a single interface's XML description
+1000 times:
+
+==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635
+==325982==    at 0x4C3C096: realloc (vg_replace_malloc.c:1437)
+==325982==    by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4)
+==325982==    by 0x4EE1F52: virReallocN (viralloc.c:52)
+==325982==    by 0x4EE1FB7: virExpandN (viralloc.c:78)
+==325982==    by 0x4EE219A: virInsertElementInternal (viralloc.c:183)
+==325982==    by 0x4EE23B2: virAppendElement (viralloc.c:288)
+==325982==    by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389)
+==325982==    by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256)
+==325982==    by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969)
+==325982==    by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099)
+==325982==    by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677)
+==325982==    by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355)
+
+Signed-off-by: Tim Shearer <tshearer at adva.com>
+Reviewed-by: Ján Tomko <jtomko at redhat.com>
+(cherry picked from commit 6425a311b8ad19d6f9c0b315bf1d722551ea3585)
+
+https://bugs.debian.org/1036297
+https://security-tracker.debian.org/tracker/CVE-2023-2700
+
+Forwarded: not-needed
+Origin: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585
+---
+ src/util/virpci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/util/virpci.c b/src/util/virpci.c
+index 7800966..a44f70f 100644
+--- a/src/util/virpci.c
++++ b/src/util/virpci.c
+@@ -2253,6 +2253,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list)
+         g_free(list->functions[i].ifname);
+     }
+ 
++    g_free(list->functions);
+     g_free(list);
+ }
+ 


=====================================
debian/patches/series
=====================================
@@ -9,6 +9,7 @@ backport/qemu-blockjob-Handle-pending-blockjob-state-only-when-we-.patch
 backport/rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch
 backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch
 backport/conf-Fix-migration-in-some-firmware-autoselection-scenari.patch
+backport/virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
 forward/Skip-vircgrouptest.patch
 forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
 forward/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch



View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/d960f10bc51fc016e374fee349e0953375aea273...3fa5e745f69878611f73e7c65486d3b8ddf2d56a

-- 
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/compare/d960f10bc51fc016e374fee349e0953375aea273...3fa5e745f69878611f73e7c65486d3b8ddf2d56a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20230526/747db934/attachment-0001.htm>

More information about the Pkg-libvirt-commits mailing list