From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1CE7E158043 for ; Sun, 14 Apr 2024 00:43:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 51A09E2A29; Sun, 14 Apr 2024 00:43:21 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2C7FFE2A29 for ; Sun, 14 Apr 2024 00:43:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5E0163433D0 for ; Sun, 14 Apr 2024 00:43:20 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C385716D0 for ; Sun, 14 Apr 2024 00:43:18 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1713055312.ae3831574e5c8344213c231e4b03acbb899f7fec.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/, app-emulation/libvirt/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch app-emulation/libvirt/libvirt-10.0.0-r1.ebuild app-emulation/libvirt/libvirt-9.8.0-r1.ebuild app-emulation/libvirt/libvirt-9.9.0-r1.ebuild X-VCS-Directories: app-emulation/libvirt/files/ app-emulation/libvirt/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: ae3831574e5c8344213c231e4b03acbb899f7fec X-VCS-Branch: master Date: Sun, 14 Apr 2024 00:43:18 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: fcdaeaef-6488-4ba1-a6d4-030e1ea86861 X-Archives-Hash: 74fd966a3fed779323172a62815a7231 commit: ae3831574e5c8344213c231e4b03acbb899f7fec Author: Michal Privoznik gmail com> AuthorDate: Sat Apr 13 18:49:27 2024 +0000 Commit: Sam James gentoo org> CommitDate: Sun Apr 14 00:41:52 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae383157 app-emulation/libvirt: Backport fix for CVE-2024-1441 The fix made it into app-emulation/libvirt-10.1.0 release. Backport the fix into anything older. https://nvd.nist.gov/vuln/detail/CVE-2024-1441 Bug: https://bugs.gentoo.org/929965 Signed-off-by: Michal Privoznik gmail.com> Signed-off-by: Sam James gentoo.org> ...y-one-error-in-udevListInterfacesByStatus.patch | 42 ++++++++++++++++++++++ app-emulation/libvirt/libvirt-10.0.0-r1.ebuild | 1 + app-emulation/libvirt/libvirt-9.8.0-r1.ebuild | 1 + app-emulation/libvirt/libvirt-9.9.0-r1.ebuild | 1 + 4 files changed, 45 insertions(+) diff --git a/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch b/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch new file mode 100644 index 000000000000..7ef0652faa38 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch @@ -0,0 +1,42 @@ +From 2127032ed8cd49001465dc0dce9f842e13467bc2 Mon Sep 17 00:00:00 2001 +Message-ID: <2127032ed8cd49001465dc0dce9f842e13467bc2.1713033988.git.mprivozn@redhat.com> +From: Martin Kletzander +Date: Tue, 27 Feb 2024 16:20:12 +0100 +Subject: [PATCH 1/2] Fix off-by-one error in udevListInterfacesByStatus +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ever since this function was introduced in 2012 it could've tried +filling in an extra interface name. That was made worse in 2019 when +the caller functions started accepting NULL arrays of size 0. + +This is assigned CVE-2024-1441. + +Signed-off-by: Martin Kletzander +Reported-by: Alexander Kuznetsov +Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca +Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15 +Reviewed-by: Ján Tomko +(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8) +Signed-off-by: Michal Privoznik +--- + src/interface/interface_backend_udev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index fb6799ed94..4091483060 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn, + g_autoptr(virInterfaceDef) def = NULL; + + /* Ensure we won't exceed the size of our array */ +- if (count > names_len) ++ if (count >= names_len) + break; + + path = udev_list_entry_get_name(dev_entry); +-- +2.43.2 + diff --git a/app-emulation/libvirt/libvirt-10.0.0-r1.ebuild b/app-emulation/libvirt/libvirt-10.0.0-r1.ebuild index 42348cdc1536..0f5860138006 100644 --- a/app-emulation/libvirt/libvirt-10.0.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-10.0.0-r1.ebuild @@ -147,6 +147,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.4.0-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch ) pkg_setup() { diff --git a/app-emulation/libvirt/libvirt-9.8.0-r1.ebuild b/app-emulation/libvirt/libvirt-9.8.0-r1.ebuild index 622d6a793d16..899d7683f299 100644 --- a/app-emulation/libvirt/libvirt-9.8.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-9.8.0-r1.ebuild @@ -147,6 +147,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.4.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch "${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch + "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch ) pkg_setup() { diff --git a/app-emulation/libvirt/libvirt-9.9.0-r1.ebuild b/app-emulation/libvirt/libvirt-9.9.0-r1.ebuild index 8b1148307051..8f39ada3c36b 100644 --- a/app-emulation/libvirt/libvirt-9.9.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-9.9.0-r1.ebuild @@ -148,6 +148,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch "${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch + "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch ) pkg_setup() {