diff options
author | Roman Bogorodskiy <novel@FreeBSD.org> | 2015-12-20 02:12:38 +0000 |
---|---|---|
committer | Roman Bogorodskiy <novel@FreeBSD.org> | 2015-12-20 02:12:38 +0000 |
commit | 6162a8e771606eb8d5faa6fed0404b31ece1b58d (patch) | |
tree | 099a1b8ac57a61b6f515bfe3cdd25e1d1a6ad0a6 | |
parent | db4da5493c830745cc51fdceb84ef5572f34fc15 (diff) | |
download | ports-6162a8e771606eb8d5faa6fed0404b31ece1b58d.tar.gz ports-6162a8e771606eb8d5faa6fed0404b31ece1b58d.zip |
devel/libvirt: fix CVE-2015-5313
Approved by: ports-secteam (delphij)
Notes
Notes:
svn path=/branches/2015Q4/; revision=404038
-rw-r--r-- | devel/libvirt/Makefile | 2 | ||||
-rw-r--r-- | devel/libvirt/files/patch-CVE-2015-5313 | 26 |
2 files changed, 27 insertions, 1 deletions
diff --git a/devel/libvirt/Makefile b/devel/libvirt/Makefile index b553261e462a..b1acddf093e8 100644 --- a/devel/libvirt/Makefile +++ b/devel/libvirt/Makefile @@ -3,7 +3,7 @@ PORTNAME= libvirt PORTVERSION= 1.2.19 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel MASTER_SITES= http://libvirt.org/sources/ \ ftp://libvirt.org/libvirt/ diff --git a/devel/libvirt/files/patch-CVE-2015-5313 b/devel/libvirt/files/patch-CVE-2015-5313 new file mode 100644 index 000000000000..ad1037cddffa --- /dev/null +++ b/devel/libvirt/files/patch-CVE-2015-5313 @@ -0,0 +1,26 @@ +--- src/storage/storage_backend_fs.c ++++ src/storage/storage_backend_fs.c +@@ -1,7 +1,7 @@ + /* + * storage_backend_fs.c: storage backend for FS and directory handling + * +- * Copyright (C) 2007-2014 Red Hat, Inc. ++ * Copyright (C) 2007-2015 Red Hat, Inc. + * Copyright (C) 2007-2008 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or +@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED, + else + vol->type = VIR_STORAGE_VOL_FILE; + ++ /* Volumes within a directory pools are not recursive; do not ++ * allow escape to ../ or a subdir */ ++ if (strchr(vol->name, '/')) { ++ virReportError(VIR_ERR_OPERATION_INVALID, ++ _("volume name '%s' cannot contain '/'"), vol->name); ++ return -1; ++ } ++ + VIR_FREE(vol->target.path); + if (virAsprintf(&vol->target.path, "%s/%s", + pool->def->target.path, |