Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Dec 2015 02:12:38 +0000 (UTC)
From:      Roman Bogorodskiy <novel@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r404038 - in branches/2015Q4/devel/libvirt: . files
Message-ID:  <201512200212.tBK2Ccha042614@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: novel
Date: Sun Dec 20 02:12:38 2015
New Revision: 404038
URL: https://svnweb.freebsd.org/changeset/ports/404038

Log:
  devel/libvirt: fix CVE-2015-5313
  
  Approved by:	ports-secteam (delphij)

Added:
  branches/2015Q4/devel/libvirt/files/patch-CVE-2015-5313   (contents, props changed)
Modified:
  branches/2015Q4/devel/libvirt/Makefile

Modified: branches/2015Q4/devel/libvirt/Makefile
==============================================================================
--- branches/2015Q4/devel/libvirt/Makefile	Sun Dec 20 02:08:38 2015	(r404037)
+++ branches/2015Q4/devel/libvirt/Makefile	Sun Dec 20 02:12:38 2015	(r404038)
@@ -3,7 +3,7 @@
 
 PORTNAME=	libvirt
 PORTVERSION=	1.2.19
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	http://libvirt.org/sources/ \
 		ftp://libvirt.org/libvirt/

Added: branches/2015Q4/devel/libvirt/files/patch-CVE-2015-5313
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q4/devel/libvirt/files/patch-CVE-2015-5313	Sun Dec 20 02:12:38 2015	(r404038)
@@ -0,0 +1,26 @@
+--- src/storage/storage_backend_fs.c
++++ src/storage/storage_backend_fs.c
+@@ -1,7 +1,7 @@
+ /*
+  * storage_backend_fs.c: storage backend for FS and directory handling
+  *
+- * Copyright (C) 2007-2014 Red Hat, Inc.
++ * Copyright (C) 2007-2015 Red Hat, Inc.
+  * Copyright (C) 2007-2008 Daniel P. Berrange
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED,
+     else
+         vol->type = VIR_STORAGE_VOL_FILE;
+ 
++    /* Volumes within a directory pools are not recursive; do not
++     * allow escape to ../ or a subdir */
++    if (strchr(vol->name, '/')) {
++        virReportError(VIR_ERR_OPERATION_INVALID,
++                       _("volume name '%s' cannot contain '/'"), vol->name);
++        return -1;
++    }
++
+     VIR_FREE(vol->target.path);
+     if (virAsprintf(&vol->target.path, "%s/%s",
+                     pool->def->target.path,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512200212.tBK2Ccha042614>