From owner-svn-ports-all@freebsd.org  Fri Mar 16 15:20:29 2018
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15D8BF5693E;
 Fri, 16 Mar 2018 15:20:29 +0000 (UTC)
 (envelope-from novel@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BD20B8341D;
 Fri, 16 Mar 2018 15:20:28 +0000 (UTC)
 (envelope-from novel@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9EF84258F8;
 Fri, 16 Mar 2018 15:20:28 +0000 (UTC)
 (envelope-from novel@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2GFKSEa064491;
 Fri, 16 Mar 2018 15:20:28 GMT (envelope-from novel@FreeBSD.org)
Received: (from novel@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2GFKSlR064489;
 Fri, 16 Mar 2018 15:20:28 GMT (envelope-from novel@FreeBSD.org)
Message-Id: <201803161520.w2GFKSlR064489@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: novel set sender to
 novel@FreeBSD.org using -f
From: Roman Bogorodskiy <novel@FreeBSD.org>
Date: Fri, 16 Mar 2018 15:20:28 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r464689 - in head/devel/libvirt: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: novel
X-SVN-Commit-Paths: in head/devel/libvirt: . files
X-SVN-Commit-Revision: 464689
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 15:20:29 -0000

Author: novel
Date: Fri Mar 16 15:20:28 2018
New Revision: 464689
URL: https://svnweb.freebsd.org/changeset/ports/464689

Log:
  devel/libvirt: add a fix for QEMU agent denial of service vulnerability
  
  Add a fix from upstream master for QEMU agent
  denial of service (LSN-2018-0004, CVE-2018-1064).
  
  Security:	https://security.libvirt.org/2018/0004.html

Added:
  head/devel/libvirt/files/patch-src_qemu_qemu__agent.c   (contents, props changed)
Modified:
  head/devel/libvirt/Makefile

Modified: head/devel/libvirt/Makefile
==============================================================================
--- head/devel/libvirt/Makefile	Fri Mar 16 14:29:38 2018	(r464688)
+++ head/devel/libvirt/Makefile	Fri Mar 16 15:20:28 2018	(r464689)
@@ -3,7 +3,7 @@
 
 PORTNAME=	libvirt
 PORTVERSION=	4.1.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	http://libvirt.org/sources/ \
 		ftp://libvirt.org/libvirt/

Added: head/devel/libvirt/files/patch-src_qemu_qemu__agent.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/devel/libvirt/files/patch-src_qemu_qemu__agent.c	Fri Mar 16 15:20:28 2018	(r464689)
@@ -0,0 +1,31 @@
+--- src/qemu/qemu_agent.c.orig	2018-02-26 09:02:18 UTC
++++ src/qemu/qemu_agent.c
+@@ -53,6 +53,15 @@ VIR_LOG_INIT("qemu.qemu_agent");
+ #define DEBUG_IO 0
+ #define DEBUG_RAW_IO 0
+ 
++/* We read from QEMU until seeing a \r\n pair to indicate a
++ * completed reply or event. To avoid memory denial-of-service
++ * though, we must have a size limit on amount of data we
++ * buffer. 10 MB is large enough that it ought to cope with
++ * normal QEMU replies, and small enough that we're not
++ * consuming unreasonable mem.
++ */
++#define QEMU_AGENT_MAX_RESPONSE (10 * 1024 * 1024)
++
+ /* When you are the first to uncomment this,
+  * don't forget to uncomment the corresponding
+  * part in qemuAgentIOProcessEvent as well.
+@@ -535,6 +544,12 @@ qemuAgentIORead(qemuAgentPtr mon)
+     int ret = 0;
+ 
+     if (avail < 1024) {
++        if (mon->bufferLength >= QEMU_AGENT_MAX_RESPONSE) {
++            virReportSystemError(ERANGE,
++                                 _("No complete agent response found in %d bytes"),
++                                 QEMU_AGENT_MAX_RESPONSE);
++            return -1;
++        }
+         if (VIR_REALLOC_N(mon->buffer,
+                           mon->bufferLength + 1024) < 0)
+             return -1;