From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: Armin Kuster <akuster808@gmail.com>
Cc: meta-virtualization@yoctoproject.org
Subject: Re: [warrior][PATCH] libvirt: Five security fixes
Date: Mon, 9 Sep 2019 13:28:04 -0400 [thread overview]
Message-ID: <20190909172801.GA26811@gmail.com> (raw)
In-Reply-To: <1567738340-20286-1-git-send-email-akuster808@gmail.com>
In message: [meta-virtualization] [warrior][PATCH] libvirt: Five security fixes
on 05/09/2019 Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> Affects <= 4.9.0
>
> This affectively moves sources to tip
> Fixes the following cves.
>
> CVE-2019-10132
> CVE-2019-10161
> CVE-2019-10166
> CVE-2019-10167
> CVE-2019-10168
Thanks armin. This is now merged to the warrior branch.
Bruce
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
> .../libvirt/libvirt/CVE-2019-10132_p1.patch | 63 +++++++++++++
> .../libvirt/libvirt/CVE-2019-10132_p2.patch | 55 +++++++++++
> .../libvirt/libvirt/CVE-2019-10132_p3.patch | 55 +++++++++++
> .../libvirt/libvirt/CVE-2019-10161.patch | 101 +++++++++++++++++++++
> .../libvirt/libvirt/CVE-2019-10166.patch | 43 +++++++++
> .../libvirt/libvirt/CVE-2019-10167.patch | 41 +++++++++
> .../libvirt/libvirt/CVE-2019-10168.patch | 49 ++++++++++
> recipes-extended/libvirt/libvirt_4.9.0.bb | 7 ++
> 8 files changed, 414 insertions(+)
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10161.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10166.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
> create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10168.patch
>
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch
> new file mode 100644
> index 0000000..1f958fa
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch
> @@ -0,0 +1,63 @@
> +From b0f788c2d3d9930015258a7df95dde80a498e657 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
> +Date: Tue, 30 Apr 2019 17:26:13 +0100
> +Subject: [PATCH 1/7] admin: reject clients unless their UID matches the
> + current UID
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +The admin protocol RPC messages are only intended for use by the user
> +running the daemon. As such they should not be allowed for any client
> +UID that does not match the server UID.
> +
> +Fixes CVE-2019-10132
> +
> +Reviewed-by: Ján Tomko <jtomko@redhat.com>
> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-10132 patch #1
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
> + 1 file changed, 22 insertions(+)
> +
> +diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
> +index b78ff90..9f25813 100644
> +--- a/src/admin/admin_server_dispatch.c
> ++++ b/src/admin/admin_server_dispatch.c
> +@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
> + void *opaque)
> + {
> + struct daemonAdmClientPrivate *priv;
> ++ uid_t clientuid;
> ++ gid_t clientgid;
> ++ pid_t clientpid;
> ++ unsigned long long timestamp;
> ++
> ++ if (virNetServerClientGetUNIXIdentity(client,
> ++ &clientuid,
> ++ &clientgid,
> ++ &clientpid,
> ++ ×tamp) < 0)
> ++ return NULL;
> ++
> ++ VIR_DEBUG("New client pid %lld uid %lld",
> ++ (long long)clientpid,
> ++ (long long)clientuid);
> ++
> ++ if (geteuid() != clientuid) {
> ++ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
> ++ (long long)clientpid,
> ++ (long long)clientuid);
> ++ return NULL;
> ++ }
> +
> + if (VIR_ALLOC(priv) < 0)
> + return NULL;
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch
> new file mode 100644
> index 0000000..2fffe14
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch
> @@ -0,0 +1,55 @@
> +From ea014c9fcf19539c75a7cb6926b14858426746a7 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
> +Date: Tue, 30 Apr 2019 16:51:37 +0100
> +Subject: [PATCH 2/7] locking: restrict sockets to mode 0600
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +The virtlockd daemon's only intended client is the libvirtd daemon. As
> +such it should never allow clients from other user accounts to connect.
> +The code already enforces this and drops clients from other UIDs, but
> +we can get earlier (and thus stronger) protection against DoS by setting
> +the socket permissions to 0600
> +
> +Fixes CVE-2019-10132
> +
> +Reviewed-by: Ján Tomko <jtomko@redhat.com>
> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-10132 patch #2
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +---
> + src/locking/virtlockd-admin.socket.in | 1 +
> + src/locking/virtlockd.socket.in | 1 +
> + 2 files changed, 2 insertions(+)
> +
> +diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
> +index 2a7500f..f674c49 100644
> +--- a/src/locking/virtlockd-admin.socket.in
> ++++ b/src/locking/virtlockd-admin.socket.in
> +@@ -5,6 +5,7 @@ Before=libvirtd.service
> + [Socket]
> + ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
> + Service=virtlockd.service
> ++SocketMode=0600
> +
> + [Install]
> + WantedBy=sockets.target
> +diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
> +index 45e0f20..d701b27 100644
> +--- a/src/locking/virtlockd.socket.in
> ++++ b/src/locking/virtlockd.socket.in
> +@@ -4,6 +4,7 @@ Before=libvirtd.service
> +
> + [Socket]
> + ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
> ++SocketMode=0600
> +
> + [Install]
> + WantedBy=sockets.target
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch
> new file mode 100644
> index 0000000..0cb0005
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch
> @@ -0,0 +1,55 @@
> +From a474f18dceed61d562508980999e5f2d7445d683 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
> +Date: Tue, 30 Apr 2019 17:27:41 +0100
> +Subject: [PATCH 3/7] logging: restrict sockets to mode 0600
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +The virtlogd daemon's only intended client is the libvirtd daemon. As
> +such it should never allow clients from other user accounts to connect.
> +The code already enforces this and drops clients from other UIDs, but
> +we can get earlier (and thus stronger) protection against DoS by setting
> +the socket permissions to 0600
> +
> +Fixes CVE-2019-10132
> +
> +Reviewed-by: Ján Tomko <jtomko@redhat.com>
> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-10132 patch #3
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +---
> + src/logging/virtlogd-admin.socket.in | 1 +
> + src/logging/virtlogd.socket.in | 1 +
> + 2 files changed, 2 insertions(+)
> +
> +diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
> +index 595e6c4..5c41dfe 100644
> +--- a/src/logging/virtlogd-admin.socket.in
> ++++ b/src/logging/virtlogd-admin.socket.in
> +@@ -5,6 +5,7 @@ Before=libvirtd.service
> + [Socket]
> + ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
> + Service=virtlogd.service
> ++SocketMode=0600
> +
> + [Install]
> + WantedBy=sockets.target
> +diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
> +index 22b9360..ae48cda 100644
> +--- a/src/logging/virtlogd.socket.in
> ++++ b/src/logging/virtlogd.socket.in
> +@@ -4,6 +4,7 @@ Before=libvirtd.service
> +
> + [Socket]
> + ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
> ++SocketMode=0600
> +
> + [Install]
> + WantedBy=sockets.target
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch
> new file mode 100644
> index 0000000..72e69a8
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch
> @@ -0,0 +1,101 @@
> +From 568c735d7b0ccb55f9476c86f8603eb3a5c9fc5c Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
> +Date: Fri, 14 Jun 2019 08:47:42 +0200
> +Subject: [PATCH 4/7] api: disallow virDomainSaveImageGetXMLDesc on read-only
> + connections
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +The virDomainSaveImageGetXMLDesc API is taking a path parameter,
> +which can point to any path on the system. This file will then be
> +read and parsed by libvirtd running with root privileges.
> +
> +Forbid it on read-only connections.
> +
> +Fixes: CVE-2019-10161
> +Reported-by: Matthias Gerstner <mgerstner@suse.de>
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +
> +Conflicts:
> + src/libvirt-domain.c
> + src/remote/remote_protocol.x
> +
> +Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
> +alias for VIR_DOMAIN_XML_SECURE is not backported.
> +Just skip the commit since we now disallow the whole API on read-only
> +connections, regardless of the flag.
> +
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-19161
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +---
> + src/libvirt-domain.c | 11 ++---------
> + src/qemu/qemu_driver.c | 2 +-
> + src/remote/remote_protocol.x | 3 +--
> + 3 files changed, 4 insertions(+), 12 deletions(-)
> +
> +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> +index 7690339..c188239 100644
> +--- a/src/libvirt-domain.c
> ++++ b/src/libvirt-domain.c
> +@@ -1073,9 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
> + * previously by virDomainSave() or virDomainSaveFlags().
> + *
> + * No security-sensitive data will be included unless @flags contains
> +- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only
> +- * connections. For this API, @flags should not contain either
> +- * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU.
> ++ * VIR_DOMAIN_XML_SECURE.
> + *
> + * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
> + * error. The caller must free() the returned value.
> +@@ -1091,12 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
> +
> + virCheckConnectReturn(conn, NULL);
> + virCheckNonNullArgGoto(file, error);
> +-
> +- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
> +- virReportError(VIR_ERR_OPERATION_DENIED, "%s",
> +- _("virDomainSaveImageGetXMLDesc with secure flag"));
> +- goto error;
> +- }
> ++ virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (conn->driver->domainSaveImageGetXMLDesc) {
> + char *ret;
> +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> +index a52e249..f7656e5 100644
> +--- a/src/qemu/qemu_driver.c
> ++++ b/src/qemu/qemu_driver.c
> +@@ -6798,7 +6798,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
> + if (fd < 0)
> + goto cleanup;
> +
> +- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
> ++ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
> + goto cleanup;
> +
> + ret = qemuDomainDefFormatXML(driver, def, flags);
> +diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
> +index 28c8feb..52b9233 100644
> +--- a/src/remote/remote_protocol.x
> ++++ b/src/remote/remote_protocol.x
> +@@ -5226,8 +5226,7 @@ enum remote_procedure {
> + /**
> + * @generate: both
> + * @priority: high
> +- * @acl: domain:read
> +- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
> ++ * @acl: domain:write
> + */
> + REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
> +
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch
> new file mode 100644
> index 0000000..6305ffd
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch
> @@ -0,0 +1,43 @@
> +From 0a744e15517d727c7f473fabe32ca6b0dbb7b7d1 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
> +Date: Fri, 14 Jun 2019 09:14:53 +0200
> +Subject: [PATCH 5/7] api: disallow virDomainManagedSaveDefineXML on read-only
> + connections
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +The virDomainManagedSaveDefineXML can be used to alter the domain's
> +config used for managedsave or even execute arbitrary emulator binaries.
> +Forbid it on read-only connections.
> +
> +Fixes: CVE-2019-10166
> +Reported-by: Matthias Gerstner <mgerstner@suse.de>
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-19166
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + src/libvirt-domain.c | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> +index c188239..d8b64c0 100644
> +--- a/src/libvirt-domain.c
> ++++ b/src/libvirt-domain.c
> +@@ -9490,6 +9490,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
> +
> + virCheckDomainReturn(domain, -1);
> + conn = domain->conn;
> ++ virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (conn->driver->domainManagedSaveDefineXML) {
> + int ret;
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
> new file mode 100644
> index 0000000..abca309
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch
> @@ -0,0 +1,41 @@
> +From 6452b9fdff7988024a6157ca0a973ac3abf54468 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
> +Date: Fri, 14 Jun 2019 09:16:14 +0200
> +Subject: [PATCH 6/7] api: disallow virConnectGetDomainCapabilities on
> + read-only connections
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +This API can be used to execute arbitrary emulators.
> +Forbid it on read-only connections.
> +
> +Fixes: CVE-2019-10167
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-19167
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + src/libvirt-domain.c | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> +index d8b64c0..1e1c4e3 100644
> +--- a/src/libvirt-domain.c
> ++++ b/src/libvirt-domain.c
> +@@ -11282,6 +11282,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
> + virResetLastError();
> +
> + virCheckConnectReturn(conn, NULL);
> ++ virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (conn->driver->connectGetDomainCapabilities) {
> + char *ret;
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch b/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch
> new file mode 100644
> index 0000000..2211238
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch
> @@ -0,0 +1,49 @@
> +From dd88b69a207c1ed6e89d7e9fa6b5f4a9ec4db97c Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
> +Date: Fri, 14 Jun 2019 09:17:39 +0200
> +Subject: [PATCH 7/7] api: disallow virConnect*HypervisorCPU on read-only
> + connections
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +These APIs can be used to execute arbitrary emulators.
> +Forbid them on read-only connections.
> +
> +Fixes: CVE-2019-10168
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> +(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
> +Signed-off-by: Ján Tomko <jtomko@redhat.com>
> +
> +Upstream-Status: Backport
> +CVE: CVE-2019-19168
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + src/libvirt-host.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/src/libvirt-host.c b/src/libvirt-host.c
> +index e20d6ee..2978825 100644
> +--- a/src/libvirt-host.c
> ++++ b/src/libvirt-host.c
> +@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
> +
> + virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
> + virCheckNonNullArgGoto(xmlCPU, error);
> ++ virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (conn->driver->connectCompareHypervisorCPU) {
> + int ret;
> +@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
> +
> + virCheckConnectReturn(conn, NULL);
> + virCheckNonNullArgGoto(xmlCPUs, error);
> ++ virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (conn->driver->connectBaselineHypervisorCPU) {
> + char *cpu;
> +--
> +2.7.4
> +
> diff --git a/recipes-extended/libvirt/libvirt_4.9.0.bb b/recipes-extended/libvirt/libvirt_4.9.0.bb
> index 813d95e..db5a4f9 100644
> --- a/recipes-extended/libvirt/libvirt_4.9.0.bb
> +++ b/recipes-extended/libvirt/libvirt_4.9.0.bb
> @@ -36,6 +36,13 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
> file://0001-ptest-Remove-Windows-1252-check-from-esxutilstest.patch \
> file://configure.ac-search-for-rpc-rpc.h-in-the-sysroot.patch \
> file://hook_support.py \
> + file://CVE-2019-10132_p1.patch \
> + file://CVE-2019-10132_p2.patch \
> + file://CVE-2019-10132_p3.patch \
> + file://CVE-2019-10161.patch \
> + file://CVE-2019-10166.patch \
> + file://CVE-2019-10167.patch \
> + file://CVE-2019-10168.patch \
> "
>
> SRC_URI[libvirt.md5sum] = "aaf7b265ac2013d6eb184a86b5f7eeb9"
> --
> 2.7.4
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
prev parent reply other threads:[~2019-09-09 17:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-06 2:52 [warrior][PATCH] libvirt: Five security fixes Armin Kuster
2019-09-09 17:28 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190909172801.GA26811@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=akuster808@gmail.com \
--cc=meta-virtualization@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.