From 27ca069db7c53cad0392810906d28aa80db5118e Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Jul 11 2013 20:47:16 +0000
Subject: CVE-2013-2230 libvirt: multiple registered events crash


---

diff --git a/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch b/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
new file mode 100644
index 0000000..ad476d2
--- /dev/null
+++ b/0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
@@ -0,0 +1,34 @@
+From f38c8185f97720ecae7ef2291fbaa5d6b0209e17 Mon Sep 17 00:00:00 2001
+Message-Id: <f38c8185f97720ecae7ef2291fbaa5d6b0209e17.1373575119.git.crobinso@redhat.com>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Tue, 2 Jul 2013 15:17:09 +0200
+Subject: [PATCH] Fix crash when multiple event callbacks were registered
+
+CVE-2013-2230
+
+Don't overwrite the callback ID returned by
+virDomainEventStateRegisterID in ret by 0.
+
+Introduced by abf75aea.
+---
+ src/qemu/qemu_driver.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 571d1f8..b0180c9 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -10043,9 +10043,7 @@ qemuConnectDomainEventRegisterAny(virConnectPtr conn,
+                                       driver->domainEventState,
+                                       dom, eventID,
+                                       callback, opaque, freecb, &ret) < 0)
+-        goto cleanup;
+-
+-    ret = 0;
++        ret = -1;
+ 
+ cleanup:
+     return ret;
+-- 
+1.8.3.1
+
diff --git a/libvirt.spec b/libvirt.spec
index 3e013c2..9e55960 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -350,7 +350,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 1.1.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -361,6 +361,9 @@ URL: http://libvirt.org/
 %endif
 Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
 
+# CVE-2013-2230 libvirt: multiple registered events crash
+Patch0001: 0001-Fix-crash-when-multiple-event-callbacks-were-registe.patch
+
 %if %{with_libvirtd}
 Requires: libvirt-daemon = %{version}-%{release}
     %if %{with_network}
@@ -1131,6 +1134,9 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 
+# CVE-2013-2230 libvirt: multiple registered events crash
+%patch0001 -p1
+
 %build
 %if ! %{with_xen}
     %define _without_xen --without-xen
@@ -2066,6 +2072,9 @@ fi
 %endif
 
 %changelog
+* Thu Jul 11 2013 Cole Robinson <crobinso@redhat.com> - 1.1.0-2
+- CVE-2013-2230 libvirt: multiple registered events crash
+
 * Mon Jul  1 2013 Daniel Veillard <veillard@redhat.com> - 1.1.0-1
 - CVE-2013-2218: Fix crash listing network interfaces with filters
 - Fine grained ACL support for the API