libvirt: fix CVE-2016-5008

Backport patch to fix CVE-2016-5008 from:

https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

recipes-extended/libvirt/libvirt-1.3.5/0001-qemu-Let-empty-default-VNC-password-work-as-document.patch

@@ -0,0 +1,81 @@
+Upstream-Status: Backport
+
+Backport patch to fix CVE-2016-5008 from:
+
+https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From f32441c69bf450d6ac593c3acd621c37e120cdaf Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 28 Jun 2016 14:39:58 +0200
+Subject: [PATCH] qemu: Let empty default VNC password work as documented
+
+CVE-2016-5008
+
+Setting an empty graphics password is documented as a way to disable
+VNC/SPICE access, but QEMU does not always behaves like that. VNC would
+happily accept the empty password. Let's enforce the behavior by setting
+password expiration to "now".
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1180092
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)
+---
+ src/qemu/qemu_hotplug.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index 5f12d77..fda28b0 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -3547,6 +3547,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+     time_t now = time(NULL);
+     char expire_time [64];
+     const char *connected = NULL;
++    const char *password;
+     int ret = -1;
+     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ 
+@@ -3554,16 +3555,14 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+         ret = 0;
+         goto cleanup;
+     }
++    password = auth->passwd ? auth->passwd : defaultPasswd;
+ 
+     if (auth->connected)
+         connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected);
+ 
+     if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
+         goto cleanup;
+-    ret = qemuMonitorSetPassword(priv->mon,
+-                                 type,
+-                                 auth->passwd ? auth->passwd : defaultPasswd,
+-                                 connected);
++    ret = qemuMonitorSetPassword(priv->mon, type, password, connected);
+ 
+     if (ret == -2) {
+         if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
+@@ -3571,14 +3570,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
+                            _("Graphics password only supported for VNC"));
+             ret = -1;
+         } else {
+-            ret = qemuMonitorSetVNCPassword(priv->mon,
+-                                            auth->passwd ? auth->passwd : defaultPasswd);
++            ret = qemuMonitorSetVNCPassword(priv->mon, password);
+         }
+     }
+     if (ret != 0)
+         goto end_job;
+ 
+-    if (auth->expires) {
++    if (password[0] == '\0') {
++        snprintf(expire_time, sizeof(expire_time), "now");
++    } else if (auth->expires) {
+         time_t lifetime = auth->validTo - now;
+         if (lifetime <= 0)
+             snprintf(expire_time, sizeof(expire_time), "now");
+-- 
+2.9.0
+

recipes-extended/libvirt/libvirt_1.3.5.bb

@@ -34,6 +34,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz;name=libvirt \
            file://Revert-build-add-prefix-to-SYSTEMD_UNIT_DIR.patch \
            file://install-missing-file.patch \
            file://0001-nsslinktest-also-build-virAtomic.h.patch \
+           file://0001-qemu-Let-empty-default-VNC-password-work-as-document.patch \
           "
 
 SRC_URI[libvirt.md5sum] = "f9dc1e63d559eca50ae0ee798a4c6c6d"