From 26923eccb37e74019df925da39028ead71ba26ba Mon Sep 17 00:00:00 2001
From: mgb01105731 <mgb01105731@alibaba-inc.com>
Date: Tue, 5 Nov 2024 13:44:01 +0800
Subject: [PATCH] add patch to fix CVE-2024-4418

---
 0001-fix-CVE-2024-4418.patch | 45 ++++++++++++++++++++++++++++++++++++
 libvirt.spec                 |  7 +++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 0001-fix-CVE-2024-4418.patch

diff --git a/0001-fix-CVE-2024-4418.patch b/0001-fix-CVE-2024-4418.patch
new file mode 100644
index 0000000..b99b547
--- /dev/null
+++ b/0001-fix-CVE-2024-4418.patch
@@ -0,0 +1,45 @@
+From 2983d845c83704f2b8bfab268db503ba93c54cc2 Mon Sep 17 00:00:00 2001
+From: Chunmei Xu <xuchunmei@linux.alibaba.com>
+Date: Fri, 5 Jul 2024 10:09:21 +0800
+Subject: [PATCH 1/1] fix CVE-2024-4418
+
+---
+ src/rpc/virnetclient.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 4ab8af6..15304cf 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ #endif /* !WIN32 */
+         int timeout = -1;
+         virNetMessage *msg = NULL;
+-        g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
++	g_autoptr(GSource) source = NULL;
+         GIOCondition ev = 0;
+         struct virNetClientIOEventData data = {
+             .client = client,
+@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ 
+         g_main_loop_run(client->eventLoop);
+ 
++	/*
++         * If virNetClientIOEventFD ran, this GSource will already be
++         * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
++         * it, since we still own a reference.
++         *
++         * If virNetClientIOWakeup ran, it will have interrupted the
++         * g_main_loop_run call, before virNetClientIOEventFD could
++         * run, and thus the GSource is still registered, and we need
++         * to destroy it since it is referencing stack memory for 'data'
++         */
++        g_source_destroy(source);
++
+ #ifndef WIN32
+         ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+ #endif /* !WIN32 */
+-- 
+2.41.0
+
+
diff --git a/libvirt.spec b/libvirt.spec
index 459b229..6bd31e1 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,4 +1,4 @@
-%define anolis_release 6
+%define anolis_release 7
 
 %define arches_qemu_kvm         x86_64 aarch64 loongarch64
 
@@ -170,6 +170,8 @@ Patch0005: cpu-Add-new-Dharma-CPU-model.patch
 Patch0006: libvirt-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
 Patch0007: libvirt-remote-check-for-negative-array-lengths-before-allocation.patch
 
+Patch1000: 0001-fix-CVE-2024-4418.patch
+
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
 Requires: libvirt-daemon-config-nwfilter = %{version}-%{release}
@@ -2148,6 +2150,9 @@ exit 0
 
 
 %changelog
+* Fri Nov 01 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 9.10.0-7
+- add patch for CVE-2024-4418
+
 * Wed Sep 25 2024 Xianglai Li <lixianglai@loongson.cn> - 9.10.0-6
 - spec: add numa support for loongarch64
 
-- 
Gitee