diff --git a/fix-CVE-2020-14339.patch b/fix-CVE-2020-14339.patch new file mode 100644 index 0000000000000000000000000000000000000000..abba4896595aa8a1f7ab93b48c9d2790df594514 --- /dev/null +++ b/fix-CVE-2020-14339.patch @@ -0,0 +1,28 @@ +From 328ee616ef35eacdf1b6cb7d25b8a57fd5506aef Mon Sep 17 00:00:00 2001 +From: Jiajie Li +Date: Tue, 19 Jan 2021 16:40:44 +0800 +Subject: [PATCH] fix CVE-2020-14339 + +Adapation for openeuler libvirt + +Signed-off-by: Jiajie Li +--- + po/POTFILES.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 6f9620d73a..197ff2f3d3 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -238,7 +238,7 @@ + @SRCDIR@/src/util/vircrypto.c + @SRCDIR@/src/util/virdaemon.c + @SRCDIR@/src/util/virdbus.c +-@SRCDIR@src/util/virdevmapper.c ++@SRCDIR@/src/util/virdevmapper.c + @SRCDIR@/src/util/virdnsmasq.c + @SRCDIR@/src/util/virerror.c + @SRCDIR@/src/util/virerror.h +-- +2.27.0 + diff --git a/libvirt.spec b/libvirt.spec index b264e1bc4edb02ab6486607f181e399821129c74..d702fa9e593dca91e8d20ca9e08fefff384256ad 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -99,7 +99,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.2.0 -Release: 15 +Release: 16 License: LGPLv2+ URL: https://libvirt.org/ @@ -170,6 +170,7 @@ Patch0059: rpc-require-write-acl-for-guest-agent-in-virDomainIn.patch Patch0060: qemu-agent-set-ifname-to-NULL-after-freeing.patch Patch0061: util-Move-virIsDevMapperDevice-to-virdevmapper.c.patch Patch0062: virdevmapper-Don-t-use-libdevmapper-to-obtain-depend.patch +Patch0063: fix-CVE-2020-14339.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -1902,6 +1903,9 @@ exit 0 %changelog +* Thu Jan 21 2021 Huawei Technologies Co., Ltd +- fix CVE-2020-14339 + * Wed Jan 20 2021 Huawei Technologies Co., Ltd - util: Move virIsDevMapperDevice() to virdevmapper.c - virdevmapper: Don't use libdevmapper to obtain dependencies