From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../libvirt/libvirt/CVE-2019-10167.patch | 41 ---------------------- 1 file changed, 41 deletions(-) delete mode 100644 external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch') diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch deleted file mode 100644 index 576f46c7..00000000 --- a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 5441f05a42a90779b0df86518286bf527e94aafb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=A1n=20Tomko?= -Date: Fri, 14 Jun 2019 09:16:14 +0200 -Subject: [PATCH 10/11] api: disallow virConnectGetDomainCapabilities on - read-only connections -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This API can be used to execute arbitrary emulators. -Forbid it on read-only connections. - -Fixes: CVE-2019-10167 -Signed-off-by: Ján Tomko -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26) -Signed-off-by: Ján Tomko - -Upstream-Status: Backport -CVE: CVE-2019-10167 -Signed-off-by: Armin Kuster - ---- - src/libvirt-domain.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c -index 5c764aa..9862a5d 100644 ---- a/src/libvirt-domain.c -+++ b/src/libvirt-domain.c -@@ -11274,6 +11274,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, - virResetLastError(); - - virCheckConnectReturn(conn, NULL); -+ virCheckReadOnlyGoto(conn->flags, error); - - if (conn->driver->connectGetDomainCapabilities) { - char *ret; --- -2.7.4 - -- cgit 1.2.3-korg