libvirt: Security fix CVE-2019-3840

Source: https://libvirt.org
MR: 97512
Type: Security Fix
Disposition: Backport from https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377
ChangeID: 6c662c67dd3cf6e0eba493b7b619db35f2e07d93
Description:

Fixes CVE-2019-3840

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

2 files changed, 40 insertions, 0 deletions

diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch b/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch
new file mode 100644
index 00000000..8cca8216
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2019-3840.patch
@@ -0,0 +1,39 @@
+From 9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377 Mon Sep 17 00:00:00 2001
+From: John Ferlan <jferlan@redhat.com>
+Date: Fri, 7 Sep 2018 16:01:27 -0400
+Subject: [PATCH] qemu: Remove duplicated qemuAgentCheckError
+
+Commit 5b3492fadb moved qemuAgentCheckError calls into
+qemuAgentCommand for various reasons; however, subsequent
+commit 0977b8aa0 adding a new command made call again
+So let's just remove the duplicitous call from
+qemuAgentGetInterfaces.
+
+Signed-off-by: John Ferlan <jferlan@redhat.com>
+ACKed-by: Michal Privoznik <mprivozn@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2019-3840
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/qemu/qemu_agent.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+Index: libvirt-4.7.0/src/qemu/qemu_agent.c
+===================================================================
+--- libvirt-4.7.0.orig/src/qemu/qemu_agent.c
++++ libvirt-4.7.0/src/qemu/qemu_agent.c
+@@ -1987,10 +1987,9 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
+     if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
+         goto cleanup;
+ 
+-    if (qemuAgentCommand(mon, cmd, &reply, false, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 ||
+-        qemuAgentCheckError(cmd, reply) < 0) {
++    if (qemuAgentCommand(mon, cmd, &reply, false,
++                         VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
+         goto cleanup;
+-    }
+ 
+     if (!(ret_array = virJSONValueObjectGet(reply, "return"))) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
diff --git a/recipes-extended/libvirt/libvirt_4.7.0.bb b/recipes-extended/libvirt/libvirt_4.7.0.bb
index 51367985..270dc725 100644
--- a/recipes-extended/libvirt/libvirt_4.7.0.bb
+++ b/recipes-extended/libvirt/libvirt_4.7.0.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
            file://0001-ptest-Remove-Windows-1252-check-from-esxutilstest.patch \
            file://configure.ac-search-for-rpc-rpc.h-in-the-sysroot.patch \
            file://lxc_monitor-Avoid-AB-BA-lock-race.patch \
+           file://CVE-2019-3840.patch \
           "
 
 SRC_URI[libvirt.md5sum] = "38da6c33250dcbc0a6d68de5c758262b"