diff --git a/0001-fix-CVE-2024-4418.patch b/0001-fix-CVE-2024-4418.patch new file mode 100644 index 0000000000000000000000000000000000000000..b99b5470c907ce3ce1bb555fad19b1c938e08f54 --- /dev/null +++ b/0001-fix-CVE-2024-4418.patch @@ -0,0 +1,45 @@ +From 2983d845c83704f2b8bfab268db503ba93c54cc2 Mon Sep 17 00:00:00 2001 +From: Chunmei Xu +Date: Fri, 5 Jul 2024 10:09:21 +0800 +Subject: [PATCH 1/1] fix CVE-2024-4418 + +--- + src/rpc/virnetclient.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c +index 4ab8af6..15304cf 100644 +--- a/src/rpc/virnetclient.c ++++ b/src/rpc/virnetclient.c +@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client, + #endif /* !WIN32 */ + int timeout = -1; + virNetMessage *msg = NULL; +- g_autoptr(GSource) G_GNUC_UNUSED source = NULL; ++ g_autoptr(GSource) source = NULL; + GIOCondition ev = 0; + struct virNetClientIOEventData data = { + .client = client, +@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client, + + g_main_loop_run(client->eventLoop); + ++ /* ++ * If virNetClientIOEventFD ran, this GSource will already be ++ * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy ++ * it, since we still own a reference. ++ * ++ * If virNetClientIOWakeup ran, it will have interrupted the ++ * g_main_loop_run call, before virNetClientIOEventFD could ++ * run, and thus the GSource is still registered, and we need ++ * to destroy it since it is referencing stack memory for 'data' ++ */ ++ g_source_destroy(source); ++ + #ifndef WIN32 + ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL)); + #endif /* !WIN32 */ +-- +2.41.0 + + diff --git a/libvirt.spec b/libvirt.spec index aca6e95d435323912c0bd81742471eb9ce69895b..626124ec2b659d1b352bd757f2c04d364f988401 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,4 +1,4 @@ -%define anolis_release 5 +%define anolis_release 7 %define arches_qemu_kvm x86_64 aarch64 loongarch64 @@ -10,8 +10,8 @@ %define arches_xen %{arches_x86} aarch64 %define arches_vbox %{arches_x86} %define arches_zfs %{arches_x86} -%define arches_numactl %{arches_x86} aarch64 -%define arches_numad %{arches_x86} aarch64 +%define arches_numactl %{arches_x86} aarch64 loongarch64 +%define arches_numad %{arches_x86} aarch64 loongarch64 # The hypervisor drivers that run in libvirtd %define with_qemu 0%{!?_without_qemu:1} @@ -170,6 +170,8 @@ Patch0005: cpu-Add-new-Dharma-CPU-model.patch Patch0006: libvirt-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch Patch0007: libvirt-remote-check-for-negative-array-lengths-before-allocation.patch +Patch1000: 0001-fix-CVE-2024-4418.patch + Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-nwfilter = %{version}-%{release} @@ -2148,7 +2150,13 @@ exit 0 %changelog -*Mon Jun 03 2024 gaoxulin - 9.10.0-5 +* Fri Nov 01 2024 mgb01105731 - 9.10.0-7 +- add patch for CVE-2024-4418 + +* Wed Sep 25 2024 Xianglai Li - 9.10.0-6 +- spec: add numa support for loongarch64 + +* Mon Jun 03 2024 gaoxulin - 9.10.0-5 - fix CVE-2024-2494 CVE-2024-1441 * Tue May 14 2024 Yanjing Zhou - 9.10.0-4