From 5dc8437fc0ff3dedf75de2183e3bf9d493e4aa81 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 16 Aug 2018 02:38:32 +0200 Subject: gnu: qemu: Update to 3.0.0 [mitigate CVE-2018-3639]. * gnu/packages/virtualization.scm (qemu): Update to 3.0.0. [source]: Remove patch. * gnu/packages/patches/qemu-CVE-2018-11806.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/packages/virtualization.scm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'gnu/packages/virtualization.scm') diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 8e7eded5e1..a39f2fa58f 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -94,15 +94,14 @@ (define (qemu-patch commit file-name sha256) (define-public qemu (package (name "qemu") - (version "2.12.1") + (version "3.0.0") (source (origin (method url-fetch) (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) - (patches (search-patches "qemu-CVE-2018-11806.patch")) (sha256 (base32 - "0krnp2wvggpchc7fdlmyasqy7j17baz8asr2g05x0v00w003hn1k")))) + "04sp3f1gp4bdb913jf7fw761njaqp2l32wgipp1sapmxx17zcyld")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit v1.2.3 From c4f8953a12b8831bcbbea6a217190ac8ca70ae73 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 17 Aug 2018 05:16:23 +0200 Subject: gnu: lxc: Update to 3.0.2. * gnu/packages/virtualization.scm (lxc): Update to 3.0.2. [source]: Remove patch. * gnu/packages/patches/lxc-CVE-2018-6556.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/lxc-CVE-2018-6556.patch | 116 --------------------------- gnu/packages/virtualization.scm | 5 +- 3 files changed, 2 insertions(+), 120 deletions(-) delete mode 100644 gnu/packages/patches/lxc-CVE-2018-6556.patch (limited to 'gnu/packages/virtualization.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 1e64015faa..fc674ffff7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -929,7 +929,6 @@ dist_patch_DATA = \ %D%/packages/patches/luit-posix.patch \ %D%/packages/patches/luminance-hdr-qt-printer.patch \ %D%/packages/patches/lvm2-static-link.patch \ - %D%/packages/patches/lxc-CVE-2018-6556.patch \ %D%/packages/patches/lxsession-use-gapplication.patch \ %D%/packages/patches/lyx-2.2.3-fix-test.patch \ %D%/packages/patches/mailutils-uninitialized-memory.patch \ diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch deleted file mode 100644 index 7eab7101f1..0000000000 --- a/gnu/packages/patches/lxc-CVE-2018-6556.patch +++ /dev/null @@ -1,116 +0,0 @@ -Fix CVE-2018-6556: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556 -https://bugzilla.suse.com/show_bug.cgi?id=988348#c8 - -Patch copied from upstream source repository: - -https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032 - -From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Wed, 25 Jul 2018 19:56:54 +0200 -Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic - -Signed-off-by: Christian Brauner ---- - src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++--- - src/lxc/utils.c | 12 ++++++++++++ - src/lxc/utils.h | 5 +++++ - 3 files changed, 49 insertions(+), 3 deletions(-) - -diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c -index ec9cd97e0..c5beb6c8d 100644 ---- a/src/lxc/cmd/lxc_user_nic.c -+++ b/src/lxc/cmd/lxc_user_nic.c -@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[]) - exit(EXIT_FAILURE); - } - } else if (request == LXC_USERNIC_DELETE) { -- netns_fd = open(args.pid, O_RDONLY); -+ char opath[LXC_PROC_PID_FD_LEN]; -+ -+ /* Open the path with O_PATH which will not trigger an actual -+ * open(). Don't report an errno to the caller to not leak -+ * information whether the path exists or not. -+ * When stracing setuid is stripped so this is not a concern -+ * either. -+ */ -+ netns_fd = open(args.pid, O_PATH | O_CLOEXEC); - if (netns_fd < 0) { -- usernic_error("Could not open \"%s\": %s\n", args.pid, -- strerror(errno)); -+ usernic_error("Failed to open \"%s\"\n", args.pid); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { -+ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd); -+ if (ret < 0 || (size_t)ret >= sizeof(opath)) { -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Now get an fd that we can use in setns() calls. */ -+ ret = open(opath, O_RDONLY | O_CLOEXEC); -+ if (ret < 0) { -+ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno)); -+ close(netns_fd); - exit(EXIT_FAILURE); - } -+ close(netns_fd); -+ netns_fd = ret; - } - - if (!create_db_dir(LXC_USERNIC_DB)) { -diff --git a/src/lxc/utils.c b/src/lxc/utils.c -index 530b1f81a..3b854e35b 100644 ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val) - return has_type; - } - -+bool fhas_fs_type(int fd, fs_type_magic magic_val) -+{ -+ int ret; -+ struct statfs sb; -+ -+ ret = fstatfs(fd, &sb); -+ if (ret < 0) -+ return false; -+ -+ return is_fs_type(&sb, magic_val); -+} -+ - bool lxc_nic_exists(char *nic) - { - #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1 -diff --git a/src/lxc/utils.h b/src/lxc/utils.h -index 6a0bebded..0805f5d0d 100644 ---- a/src/lxc/utils.h -+++ b/src/lxc/utils.h -@@ -95,6 +95,10 @@ - #define CGROUP2_SUPER_MAGIC 0x63677270 - #endif - -+#ifndef NSFS_MAGIC -+#define NSFS_MAGIC 0x6e736673 -+#endif -+ - /* Useful macros */ - /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */ - #define LXC_NUMSTRLEN64 21 -@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz); - /* __typeof__ should be safe to use with all compilers. */ - typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; - extern bool has_fs_type(const char *path, fs_type_magic magic_val); -+extern bool fhas_fs_type(int fd, fs_type_magic magic_val); - extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); - extern bool lxc_nic_exists(char *nic); - extern int lxc_make_tmpfile(char *template, bool rm); diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index a39f2fa58f..7427465f57 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -340,16 +340,15 @@ (define-public libosinfo (define-public lxc (package (name "lxc") - (version "3.0.1") + (version "3.0.2") (source (origin (method url-fetch) (uri (string-append "https://linuxcontainers.org/downloads/lxc/lxc-" version ".tar.gz")) - (patches (search-patches "lxc-CVE-2018-6556.patch")) (sha256 (base32 - "1nyml98k28sc5sda0260cmby4irkpnhpwgmx4yhqy10wpr4nr625")))) + "0p1gy553cm4mhwxi85fl6qiwz61rjmvysm8c8pd20qh62xxi3dva")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3