From fd4b6dbada3b33160422d031b071f82bf965ba26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 15:15:07 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libvirt revision 5dc7ff94397c97d0b422b0fc552acf58 --- _service | 4 +- libvirt-10.0.0.tar.xz | 4 +- libvirt.changes | 1101 ++++++++++++++++++++--------------------- 3 files changed, 543 insertions(+), 566 deletions(-) diff --git a/_service b/_service index 5a372a7..e966bf7 100644 --- a/_service +++ b/_service @@ -1,8 +1,8 @@ git - https://github.com/openSUSE/libvirt.git - factory + https://gitlab.suse.de/virtualization/libvirt.git + v10.0.0-sle15sp6 libvirt.spec README.packaging.txt libvirt-supportconfig diff --git a/libvirt-10.0.0.tar.xz b/libvirt-10.0.0.tar.xz index 7085c3d..52d873c 100644 --- a/libvirt-10.0.0.tar.xz +++ b/libvirt-10.0.0.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1867fe7f5febc083182fb05d2c821cfa7b864d3d884ea96a7945c0880dc5a187 -size 9745520 +oid sha256:331721ec1d6f10d6260d2451072804d4f6d143ad7f4d553c84e2457069466bfd +size 9752164 diff --git a/libvirt.changes b/libvirt.changes index 936b33d..5c6fb09 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Tue Apr 9 16:10:19 UTC 2024 - James Fehlig + +- security: Ensure file exists before attempting to restore label + bsc#1220714 + +------------------------------------------------------------------- +Wed Mar 27 22:19:42 UTC 2024 - James Fehlig + +- qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled + bsc#1221879 + +------------------------------------------------------------------- +Thu Mar 21 15:30:22 UTC 2024 - James Fehlig + +- CVE-2024-2494: remote: check for negative array lengths before + allocation + bsc#1221815 + +------------------------------------------------------------------- +Tue Mar 12 14:46:48 UTC 2024 - James Fehlig + +- Fix off-by-one error in udevListInterfacesByStatus + CVE-2024-1441 + bsc#1221237 + +------------------------------------------------------------------- +Thu Feb 22 22:11:36 UTC 2024 - James Fehlig + +- Add SLE virtiofsd path to apparmor profiles + bsc#1219772 + +------------------------------------------------------------------- +Wed Feb 21 23:02:31 UTC 2024 - James Fehlig + +- Fix return value when libnetcontrol fails to initialize + boo#1219986 + ------------------------------------------------------------------- Thu Jan 25 13:01:34 UTC 2024 - James Fehlig @@ -105,112 +143,115 @@ Wed Aug 2 22:42:41 UTC 2023 - James Fehlig - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v9-6-0-2023-08-01 - jsc#PED-3725 -- spec: Unconditionally enable modular daemons - spec: Remove logic handling package upgrade from old libvirtd +- spec: Remove obsolete Groups tag +- spec: Integrate upstream spec file changes that split the + libvirt-daemon package, allowing more modular, customized + installations +- spec: New subpackages libvirt-daemon-common, libvirt-daemon-lock, + libvirt-daemon-log, libvirt-daemon-proxy, and + libvirt-daemon-plugin-lockd +- spec: Renamed subpackage libvirt-lock-sanlock to + libvirt-daemon-plugin-sanlock ------------------------------------------------------------------- -Thu Jul 20 21:44:18 UTC 2023 - James Fehlig +Tue Jul 25 22:00:31 UTC 2023 - James Fehlig + +- spec: Build library with support for modular daemons + bsc#1213352 + +------------------------------------------------------------------- +Thu Jul 20 21:22:50 UTC 2023 - James Fehlig - CVE-2023-3750: storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' bsc#1213447 - -------------------------------------------------------------------- -Thu Jul 13 20:07:10 UTC 2023 - James Fehlig - -- libxl: Improve handling of errors across migration phases - bsc#1213186 -- apparmor: Support local overrides in all profiles and abstractions - spec: Don't replace /etc/apparmor.d/ on package upgrade - spec: No longer package empty /etc/apparmor.d/local/* files - bsc#1211472 - -------------------------------------------------------------------- -Thu Jul 6 16:09:49 UTC 2023 - James Fehlig - -- Update to libvirt 9.5.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v9-5-0-2023-07-03 - - Add upstream commit 5f7f6ceb47 to fix builds on Leap 15.x - - Drop downstream commit adding SUSE-specific migration - parameters - -------------------------------------------------------------------- -Tue Jun 13 22:28:33 UTC 2023 - James Fehlig - -- spec: Don't move apparmor profiles to modular daemon subpackages - -------------------------------------------------------------------- -Wed Jun 7 22:21:45 UTC 2023 - James Fehlig - -- apparmor: Add support for local profile customizations - spec: Replace /etc/apparmor.d/ on package upgrade - bsc#1211472 -- supportconfig: Modular daemon improvements - -------------------------------------------------------------------- -Fri Jun 2 16:26:30 UTC 2023 - James Fehlig - -- Update to libvirt 9.4.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v9-4-0-2023-06-01 - -------------------------------------------------------------------- -Tue May 2 17:18:02 UTC 2023 - James Fehlig - -- Update to libvirt 9.3.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v9-3-0-2023-05-02 - - boo#1210654 - -------------------------------------------------------------------- -Wed Apr 12 21:01:17 UTC 2023 - James Fehlig - -- qemu: Fix potential crash during driver cleanup - bsc#1209861 - -------------------------------------------------------------------- -Mon Apr 10 14:11:42 UTC 2023 - James Fehlig - -- service: Remove unnecessary auth token from github URL - -------------------------------------------------------------------- -Mon Apr 3 20:38:30 UTC 2023 - James Fehlig - -- Update to libvirt 9.2.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v9-2-0-2023-04-01 - - Move to a more git-centric packaging workflow using tar_scm - instead of download_files - - New source README.packaging.txt - - Remove now unused signature file and libvirt.keyring - - Patches now maintained in git - libxl-dom-reset.patch, - network-don-t-use-dhcp-authoritative-on-static-netwo.patch, - 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch, - libvirt-power8-models.patch, - ppc64le-canonical-name.patch, - libxl-set-migration-constraints.patch, - libxl-set-cach-mode.patch, - 0001-libxl-add-support-for-BlockResize-API.patch, - suse-libvirtd-disable-tls.patch, - suse-libvirt-guests-service.patch, - suse-qemu-conf.patch, - suse-qemu-ovmf-paths.patch, - libxl-support-block-script.patch, - qemu-apparmor-screenshot.patch, - libvirt-suse-netcontrol.patch, - lxc-wait-after-eth-del.patch, - suse-libxl-disable-autoballoon.patch, - suse-xen-ovmf-paths.patch, - virt-create-rootfs.patch, - suse-fix-lxc-container-init.patch - - Remove old, unused SUSEfirewall2 config file - libvirtd-relocation-server.fw - - Dropped patches: +- Move to a more git-centric packaging workflow using tar_scm + instead of download_files + - New source README.packaging.txt + - Drop now unused signature file and libvirt.keyring + - Patches dropped and now maintained in git + ef482951-apparmor-Allow-umount-dev.patch, + d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch, + c3f16cea-qemu-cleanup-label-on-umount-failure.patch, + 697c16e3-qemu_process-better-debug-message.patch, + 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch, 4959490e-support-SUSE-edk2-firmware-paths.patch, + 0f350a4d-virt-qemu-sev-validate-remote-detect.patch, bf3be5b7-libxl-Support-custom-firmware-path.patch, 705525cb-libxl-Support-custom-firmware-path-conversion.patch, + 15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch, + 86cfe93e-qemuProcessRefreshDisks-fix-info.patch, + 6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch, + 9b743ee1-apparmor-support-local-profile-customizations.patch, + f3ed5c27-libxl-dont-resume-domain-on-canceled-mig.patch, + b9eeeebd-libxl-support-MIGRATE_CHANGE_PROTECTION.patch, + libxl-dom-reset.patch, + network-don-t-use-dhcp-authoritative-on-static-netwo.patch, + 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch, + libvirt-power8-models.patch, + ppc64le-canonical-name.patch, + libxl-set-migration-constraints.patch, + libxl-set-cach-mode.patch, + 0001-libxl-add-support-for-BlockResize-API.patch, + suse-libvirtd-disable-tls.patch, + suse-libvirt-guests-service.patch, + suse-qemu-conf.patch, + suse-qemu-ovmf-paths.patch, + libxl-support-block-script.patch, + qemu-apparmor-screenshot.patch, + libvirt-suse-netcontrol.patch, + lxc-wait-after-eth-del.patch, + suse-libxl-disable-autoballoon.patch, + suse-xen-ovmf-paths.patch, + virt-create-rootfs.patch, + suse-fix-lxc-container-init.patch +- Drop old, unused SUSEfirewall2 config file + libvirtd-relocation-server.fw +- spec: Remove unneeded use of ldconfig +- spec: Remove libvirt_sysconfig_{pre,posttrans} macros. They are + noops on SUSE distros since files in /etc/sysconfig/ are not + owned by rpm. + +------------------------------------------------------------------- +Fri Jul 14 19:41:17 UTC 2023 - James Fehlig + +- libxl: Improve handling of errors across migration phases + f3ed5c27-libxl-dont-resume-domain-on-canceled-mig.patch, + b9eeeebd-libxl-support-MIGRATE_CHANGE_PROTECTION.patch + bsc#1213186 + spec: Don't replace /etc/apparmor.d/ on package upgrade + spec: Stop packaging empty /etc/apparmor.d/local/* files + bsc#1211472 + +------------------------------------------------------------------- +Wed Jun 7 22:56:51 UTC 2023 - James Fehlig + +- spec: Replace /etc/apparmor.d/ on package upgrade + apparmor: Add support for local profile customizations + 9b743ee1-apparmor-support-local-profile-customizations.patch + bsc#1211472 + +------------------------------------------------------------------- +Tue May 30 15:29:12 UTC 2023 - James Fehlig + +- CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList + 6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch + bsc#1211390 + +------------------------------------------------------------------- +Tue May 9 16:35:49 UTC 2023 - James Fehlig + +- qemu: Fix cdrom media change + 86cfe93e-qemuProcessRefreshDisks-fix-info.patch + bsc#1210666 + +------------------------------------------------------------------- +Thu Apr 13 17:14:56 UTC 2023 - James Fehlig + +- qemu: Fix potential crash during driver cleanup + 15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch + bsc#1209861 ------------------------------------------------------------------- Fri Mar 10 19:01:21 UTC 2023 - James Fehlig @@ -221,6 +262,14 @@ Fri Mar 10 19:01:21 UTC 2023 - James Fehlig bsc#1209161 - spec: Move ovmf dependency to correct package +------------------------------------------------------------------- +Fri Mar 3 00:11:51 UTC 2023 - James Fehlig + +- tools: Fix detection of remote libvirt access in + virt-qemu-sev-validate + 0f350a4d-virt-qemu-sev-validate-remote-detect.patch + jsc#PED-1472 + ------------------------------------------------------------------- Thu Mar 2 23:11:37 UTC 2023 - James Fehlig @@ -228,28 +277,6 @@ Thu Mar 2 23:11:37 UTC 2023 - James Fehlig 4959490e-support-SUSE-edk2-firmware-paths.patch boo#1208567 -------------------------------------------------------------------- -Wed Mar 1 20:58:57 UTC 2023 - James Fehlig - -- Update to libvirt 9.1.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v9-1-0-2023-03-01 - - spec: Remove obsolete Groups tag - - spec: Integrate upstream spec file changes that split the - libvirt-daemon package, allowing more modular, customized - installations - - spec: New subpackages libvirt-daemon-common, libvirt-daemon-lock, - libvirt-daemon-log, libvirt-daemon-proxy, and - libvirt-daemon-plugin-lockd - - spec: Renamed subpackage libvirt-lock-sanlock to - libvirt-daemon-plugin-sanlock - - Dropped patches: - ef482951-apparmor-Allow-umount-dev.patch, - d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch, - c3f16cea-qemu-cleanup-label-on-umount-failure.patch, - 697c16e3-qemu_process-better-debug-message.patch, - 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch - ------------------------------------------------------------------- Wed Feb 8 18:01:55 UTC 2023 - James Fehlig @@ -335,111 +362,6 @@ Thu Sep 1 20:37:17 UTC 2022 - James Fehlig - jsc#PED-620, jsc#PED-1540 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-7-0-2022-09-01 - - Dropped patches: - 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, - c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch - -------------------------------------------------------------------- -Wed Aug 24 23:07:12 UTC 2022 - James Fehlig - -- spec: Suppress error messages about nonexistent or unreadable - files from grep - -------------------------------------------------------------------- -Fri Aug 19 18:43:03 UTC 2022 - James Fehlig - -- spec: Place 'Requires:' on compression binaries instead of their - associated packages - boo#1202569 - -------------------------------------------------------------------- -Mon Aug 15 15:59:38 UTC 2022 - James Fehlig - -- Fix build with glibc 2.36 - 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, - c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch - boo#1202321 - -------------------------------------------------------------------- -Tue Aug 2 16:10:13 UTC 2022 - James Fehlig - -- Update to libvirt 8.6.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-6-0-2022-08-01 - -------------------------------------------------------------------- -Tue Jul 19 23:54:51 UTC 2022 - James Fehlig - -- spec: Don't redefine libexecdir - boo#1201565 - -------------------------------------------------------------------- -Tue Jul 5 20:25:19 UTC 2022 - James Fehlig - -- Update to libvirt 8.5.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-5-0-2022-07-01 - - Drop downstream-only lxc patches. They received little interest - upstream, are difficult to maintain, and are no longer required - by the requester (SLE): - 0001-Extract-stats-functions-from-the-qemu-driver.patch, - 0002-lxc-implement-connectGetAllDomainStats.patch - -------------------------------------------------------------------- -Fri Jun 24 21:23:46 UTC 2022 - James Fehlig - -- spec: Include aarch64 in the list of architectures that 'Require' - dmidecode - boo#1196087 - -------------------------------------------------------------------- -Tue Jun 21 17:55:38 UTC 2022 - James Fehlig - -- spec: Move logrotate config files from /etc/logrotate.d to - /usr/etc/logrotate.d - -------------------------------------------------------------------- -Tue Jun 14 00:23:15 UTC 2022 - James Fehlig - -- spec: Closer alignment with upstream spec file, including - enabling more unit tests - -------------------------------------------------------------------- -Wed Jun 1 14:10:53 UTC 2022 - James Fehlig - -- Update to libvirt 8.4.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-4-0-2022-06-01 - -------------------------------------------------------------------- -Mon May 9 13:49:51 UTC 2022 - James Fehlig - -- Update to libvirt 8.3.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-3-0-2022-05-02 - -------------------------------------------------------------------- -Fri Apr 1 17:30:25 UTC 2022 - James Fehlig - -- Update to libvirt 8.2.0 - - CVE-2022-0897 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-2-0-2022-04-01 - - Dropped patches: - 823a62ec-qemu-fix-undefine-crash.patch - -------------------------------------------------------------------- -Thu Mar 3 15:25:50 UTC 2022 - James Fehlig - -- qemu: Fix segmentation fault in qemuDomainUndefineFlags - 823a62ec-qemu-fix-undefine-crash.patch - -------------------------------------------------------------------- -Tue Mar 1 16:15:32 UTC 2022 - James Fehlig - -- Update to libvirt 8.1.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html#v8-1-0-2022-03-01 - Dropped patches: 3be5ba11-libvirt-guests-install.patch, 16172741-libvirt-guests-manpage.patch, @@ -449,7 +371,118 @@ Tue Mar 1 16:15:32 UTC 2022 - James Fehlig e0241f33-libxl-mark-allocated-graphics-ports.patch, 18ec405a-libxl-release-graphics-ports.patch, 76deb656-qemu-fix-snapshot-revert.patch, - 454b927d-libxl-fix-dom-restore.patch + 454b927d-libxl-fix-dom-restore.patch, + d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, + 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, + 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, + 82be0ffe-conf-validate-serial-port-model.patch, + aab943a6-support-firmware-debug.patch, + 7714034e-qemu-debug-console-tests.patch, + 3ef9b51b-qemu-fix-pflash-formatting.patch, + 5adfb347-qemu-honor-user-nvram-path.patch, + 08101bde-qemu-inline-nvram-path-code.patch, + 24adb6c7-qemu-dont-regen-nvram-path.patch, + 392292cd-tests-dont-use-autogen-nvram-path.patch, + 32b9d8b0-qemu-support-fw-descriptor-mode.patch, + 823a62ec-qemu-fix-undefine-crash.patch, + a4947e8f-nwfilter-CVE-2022-0897.patch, + c61d1e9b-virfile-set-pipe-size.patch, + 47d6d185-virfile-fix-indent.patch, + cd7acb33-virfile-report-error.patch, + ba7f9812-conf-intro-mem-alloc-threads.patch, + a30dac15-qemu-detect-prealloc-threads.patch, + 75a4e016-qemu-validate-prealloc-threads.patch, + b8d6ecc7-qemu-generate-prealloc-threads.patch, + c890c496-qemu-cleanup-virQEMUCapsFindBinaryForArch.patch, + 0a301b19-qemu-dont-assume-qemukvm.patch, + fb7016a7-qemu-dissolve-virQEMUCapsFindBinaryForArch.patch, + db0564b4-vmx-Require-networkName.patch, + 0001-Extract-stats-functions-from-the-qemu-driver.patch, + 0002-lxc-implement-connectGetAllDomainStats.patch +- spec: Place 'Requires:' on compression binaries instead of their + associated packages + boo#1202569 +- spec: Don't redefine libexecdir + boo#1201565 +- spec: Closer alignment with upstream spec file, including + enabling more unit tests + +------------------------------------------------------------------- +Thu Sep 1 17:01:20 UTC 2022 - James Fehlig + +- vmx: Require networkName for bridged and custom NICs + db0564b4-vmx-Require-networkName.patch + bsc#1202630 + +------------------------------------------------------------------- +Wed Aug 24 20:48:37 UTC 2022 - James Fehlig + +- spec: Include aarch64 in the list of architectures that 'Require' + dmidecode + bsc#1202608 +- spec: Suppress error messages about nonexistent or unreadable + files from grep + +------------------------------------------------------------------- +Tue Aug 23 16:20:34 UTC 2022 - James Fehlig + +- Fix downstream patches to adhere to upstream coding standards + and pass 'make syntax-check' + +------------------------------------------------------------------- +Fri Jun 17 20:47:47 UTC 2022 - James Fehlig + +- qemu: Don't assume that /usr/libexec/qemu-kvm exists + c890c496-qemu-cleanup-virQEMUCapsFindBinaryForArch.patch, + 0a301b19-qemu-dont-assume-qemukvm.patch, + fb7016a7-qemu-dissolve-virQEMUCapsFindBinaryForArch.patch + bsc#1158430, boo#1196087 + +------------------------------------------------------------------- +Thu Jun 2 22:13:52 UTC 2022 - James Fehlig + +- qemu: Support memory allocation threads + ba7f9812-conf-intro-mem-alloc-threads.patch, + a30dac15-qemu-detect-prealloc-threads.patch, + 75a4e016-qemu-validate-prealloc-threads.patch, + b8d6ecc7-qemu-generate-prealloc-threads.patch + bsc#1197084 + +------------------------------------------------------------------- +Thu Mar 31 22:26:20 UTC 2022 - James Fehlig + +- qemu: Improve save operation by increasing pipe size + c61d1e9b-virfile-set-pipe-size.patch, + 47d6d185-virfile-fix-indent.patch, + cd7acb33-virfile-report-error.patch + bsc#1196625 + +------------------------------------------------------------------- +Tue Mar 29 22:19:24 UTC 2022 - James Fehlig + +- CVE-2022-0897: nwfilter: fix crash when counting number of + network filters + a4947e8f-nwfilter-CVE-2022-0897.patch + bsc#1197636 + +------------------------------------------------------------------- +Sat Mar 12 00:29:53 UTC 2022 - James Fehlig + +- qemu: Fixes and improvements for SEV(-ES) guests + d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, + 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, + 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, + 82be0ffe-conf-validate-serial-port-model.patch, + aab943a6-support-firmware-debug.patch, + 7714034e-qemu-debug-console-tests.patch, + 3ef9b51b-qemu-fix-pflash-formatting.patch, + 5adfb347-qemu-honor-user-nvram-path.patch, + 08101bde-qemu-inline-nvram-path-code.patch, + 24adb6c7-qemu-dont-regen-nvram-path.patch, + 392292cd-tests-dont-use-autogen-nvram-path.patch, + 32b9d8b0-qemu-support-fw-descriptor-mode.patch, + 823a62ec-qemu-fix-undefine-crash.patch + bsc#1196806 ------------------------------------------------------------------- Fri Feb 18 18:25:46 UTC 2022 - James Fehlig @@ -666,55 +699,65 @@ Mon Aug 2 20:44:29 UTC 2021 - James Fehlig - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 + - jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html + - Added patches: + suse-qemu-ovmf-paths.patch, + suse-xen-ovmf-paths.patch - Dropped patches: + ee3dc2c2-libxl-default-pcistub-name.patch, + 6b8e9613-avoid-use-after-free.patch, + eab7ae6b-fix-array-access.patch, + c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, + ccc6dd8f-fix-exec-restart.patch, + 15073504-CVE-2021-3631.patch, de1e0ae0-lockd-no-error-if-lockspace.patch, - f58349c9-qemu-storage-migration.patch - -------------------------------------------------------------------- -Tue Jul 27 18:10:29 UTC 2021 - James Fehlig - -- spec: Re-exec'ing virt{lock,log}d in posttrans was mistakenly - dropped in a previous change. Add it back. - -------------------------------------------------------------------- -Thu Jul 22 22:19:47 UTC 2021 - James Fehlig - + 447f69de-CVE-2021-3667.patch, + suse-ovmf-paths.patch, + suse-apparmor-libnl-paths.patch, + suse-xen-ovmf-loaders.patch, + suse-bump-xen-version.patch - libxl: ovmf now provides only one firmware for Xen. The firmware is named ovmf-x86_64-xen-4m.bin in the SUSE ovmf package. Adjust the upstream default firmware path to match the SUSE name. - packaging: To improve maintainability, rename suse-ovmf-paths.patch to suse-qemu-ovmf-paths.patch and suse-xen-ovmf-loaders.patch to suse-xen-ovmf-paths.patch - -------------------------------------------------------------------- -Fri Jul 16 23:05:03 UTC 2021 - James Fehlig - -- spec: Don't forcibly remove '--listen' arg from - /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is - not specified. - bsc#1188232 - spec: Remove the sysconfig fillup files for the various daemons - Dropped patches: suse-libvirtd-sysconfig-settings.patch, suse-virtlockd-sysconfig-settings.patch, suse-virtlogd-sysconfig-settings.patch - -------------------------------------------------------------------- -Fri Jul 16 15:53:31 UTC 2021 - James Fehlig - -- spec: Add bash-completion dependency to libvirt-daemon and - libvirt-client. It was mistakenly dropped when - libvirt-bash-completion was merged into the daemon and client - subpackages - -------------------------------------------------------------------- -Fri Jul 16 15:37:11 UTC 2021 - James Fehlig - - qemu: Use correct flag constant for enabling storage migration f58349c9-qemu-storage-migration.patch bsc#1188171 +- apparmor: Permit new capabilities required by libvirtd + boo#1186888 +- supportconfig plugin improvements +- Suggest numad package instead of requiring it. numad is not + required for libvirt daemon to run, it does not support the + cgroup2 API and it has been superseded by the kernel NUMA + balancer which is enabled by default. + bsc#1184722 +- libvirt-admin package merged with libvirt-daemon +- libvirt-bash-completion package merged with libvirt-client and + libvirt-daemon packages + +------------------------------------------------------------------- +Thu Jul 29 19:48:32 UTC 2021 - James Fehlig + +- storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath + CVE-2021-3667 + bsc#1188843 + +------------------------------------------------------------------- +Tue Jul 27 18:22:59 UTC 2021 - James Fehlig + +- spec: Don't forcibly remove '--listen' arg from + /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is + not specified. + bsc#1188232 ------------------------------------------------------------------- Wed Jul 7 15:54:59 UTC 2021 - James Fehlig @@ -724,53 +767,14 @@ Wed Jul 7 15:54:59 UTC 2021 - James Fehlig bsc#1184253 ------------------------------------------------------------------- -Thu Jul 1 14:17:12 UTC 2021 - James Fehlig +Tue Jul 6 13:47:12 UTC 2021 - James Fehlig -- Update to libvirt 7.5.0 - - security: Fix insecure sVirt label generation - CVE-2021-3631 - bsc#1187871 - - apparmor: Permit new capabilities required by libvirtd - boo#1186888 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - suse-apparmor-libnl-paths.patch -- supportconfig plugin improvements +- CVE-2021-3631: fix SELinux label generation logic + 15073504-CVE-2021-3631.patch + bsc#1187871 ------------------------------------------------------------------- -Mon Jun 21 07:22:36 UTC 2021 - Mel Gorman - -- Suggest numad package instead of requiring it. numad is not - required for libvirt daemon to run, it does not support the - cgroup2 API and it has been superseded by the kernel NUMA - balancer which is enabled by default. - bsc#1184722 - -------------------------------------------------------------------- -Tue Jun 1 15:06:44 UTC 2021 - James Fehlig - -- Update to libvirt 7.4.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - ee890f25-libxl-mock-funcs.patch - -------------------------------------------------------------------- -Mon May 3 22:14:22 UTC 2021 - James Fehlig - -- Update to libvirt 7.3.0 - - libvirt-admin package merged with libvirt-daemon - - libvirt-bash-completion package merged with libvirt-client and - libvirt-daemon packages - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - suse-bump-xen-version.patch - - Added patches: - ee890f25-libxl-mock-funcs.patch - -------------------------------------------------------------------- -Thu Apr 1 23:42:46 UTC 2021 - James Fehlig +Fri Apr 2 03:54:08 UTC 2021 - James Fehlig - spec: Remove use of %fdupes since it was only acting on files that should be excluded @@ -778,19 +782,6 @@ Thu Apr 1 23:42:46 UTC 2021 - James Fehlig - Remove bogus comment from /etc/sysconfig/libvirtd bsc#1184253 -------------------------------------------------------------------- -Thu Apr 1 17:26:46 UTC 2021 - James Fehlig - -- Update to libvirt 7.2.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - ee3dc2c2-libxl-default-pcistub-name.patch, - 6b8e9613-avoid-use-after-free.patch, - eab7ae6b-fix-array-access.patch, - c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, - ccc6dd8f-fix-exec-restart.patch - ------------------------------------------------------------------- Thu Mar 18 21:29:19 UTC 2021 - James Fehlig @@ -1071,80 +1062,30 @@ Tue Sep 1 19:59:58 UTC 2020 - James Fehlig disable-multipath-pr-tests.patch ------------------------------------------------------------------- -Wed Aug 19 19:36:52 UTC 2020 - James Fehlig - -- virdevmapper: Handle kernel without device-mapper support - 82bb167f-dont-cache-devmapper-major.patch, - feb8564a-handle-no-devmapper.patch, - 53d9af1e-ignore-devmapper-open-errors.patch - boo#1175465 - -------------------------------------------------------------------- -Tue Aug 18 21:40:48 UTC 2020 - James Fehlig - -- util: Fix logic in virFileSetCOW - 2edd63a0-fix-virFileSetCOW-logic.patch - boo#1175463 - -------------------------------------------------------------------- -Tue Aug 4 22:46:13 UTC 2020 - James Fehlig +Tue Aug 25 21:24:46 UTC 2020 - James Fehlig - Update to libvirt 6.6.0 + - jsc#SLE-14253 - CVE-2020-14339 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - -------------------------------------------------------------------- -Mon Jul 6 14:58:35 UTC 2020 - James Fehlig - -- Update to libvirt 6.5.0 - - The node device driver now supports creating mediated devices - using the mdevctl utility - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - ec07aad8-libxl-normalize-mac-addr.patch - -------------------------------------------------------------------- -Wed Jun 3 16:38:09 UTC 2020 - James Fehlig - -- libxl: Normalize MAC address in device conf on netdev hotplug - ec07aad8-libxl-normalize-mac-addr.patch - bsc#1172052 - -------------------------------------------------------------------- -Tue Jun 2 15:16:15 UTC 2020 - James Fehlig - -- Update to libvirt 6.4.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - d677de9d-libxl-fix-driver-name-check.patch, - d218a9c2-libxl-xen-driver-tables.patch, - 836ea91d-libxl-xenlight-internal.patch, - 57687260-xen-doc-improvements.patch - -------------------------------------------------------------------- -Wed May 6 20:43:16 UTC 2020 - James Fehlig - -- Xen: Fix connection when host uses modular daemons - d677de9d-libxl-fix-driver-name-check.patch, - d218a9c2-libxl-xen-driver-tables.patch, - 836ea91d-libxl-xenlight-internal.patch, - 57687260-xen-doc-improvements.patch - boo#1171113 - -------------------------------------------------------------------- -Wed May 6 01:40:32 UTC 2020 - James Fehlig - -- Update to libvirt 6.3.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - 88011ed2-libxl-driver-crash-fix.patch, + - Added patches: + 2edd63a0-fix-virFileSetCOW-logic.patch, + 82bb167f-dont-cache-devmapper-major.patch, + feb8564a-handle-no-devmapper.patch, + 53d9af1e-ignore-devmapper-open-errors.patch + Dropped patches: + 6c1dddaf-libxl-shutdown-inhibit.patch, + 849052ec-libxl-support-credit2.patch, + 72ed254b-drop-exec-perms-bashcompletion.patch, + e092daac-prohib-parallel-tunneled-mig.patch, + ae9e6c2a-qemu-allow-cond-format-probe.patch, + a30078cb-qemu-create-mp-target.patch, + aeb909bf-qemu-multipath-fix.patch, 8e669b38-conf-add-event-channels.patch, a93f55c5-libxl-add-event-channels.patch, 967f4eeb-xenconfig-event-channels.patch, + 4cc90c2e-CVE-2020-10701.patch, 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch, b7d6648d-conf-add-e820-host.patch, 5749395b-libxl-e820-host.patch, @@ -1154,7 +1095,58 @@ Wed May 6 01:40:32 UTC 2020 - James Fehlig 9529e007-libxl-passthrough.patch, 9cb8bc6f-xenconfig-refactor-features.patch, b523e225-xenconfig-passthrough.patch, - bed32525-tests-check-passthrough.patch + bed32525-tests-check-passthrough.patch, + 9bf9e0ae-CVE-2020-12430.patch, + ec07aad8-libxl-normalize-mac-addr.patch, + 22494556-CVE-2020-14339.patch, + c5fffb95-kernel-cmdline-parser.patch, + b611b620-check-s390-secure-guest.patch, + 657365e7-check-amd-secure-guest.patch, + 0254ceab-s390-host-validate-check.patch, + 4b561d49-amd-host-validate-check.patch, + 2c3ffa37-update-amd-doc.patch, + f0d0cd61-update-s390-doc.patch, + 8cb9d249-autoptr-file-callback.patch, + a551dd5f-intro-virHostCPUGetSignature.patch, + 44f826e4-virHostCPUGetSignature-x86.patch, + 2a68ceaa-virHostCPUGetSignature-ppc64.patch, + d3d87e0c-virHostCPUGetSignature-s390.patch, + 004804a7-qemu-invalidate-caps.patch +- qemu: Avoid stale capabilities cache host CPU or kernel command + line changes + bsc#1173157 +- virdevmapper: Handle kernel without device-mapper support + 82bb167f-dont-cache-devmapper-major.patch, + feb8564a-handle-no-devmapper.patch, + 53d9af1e-ignore-devmapper-open-errors.patch + boo#1175465 +- util: Fix logic in virFileSetCOW + 2edd63a0-fix-virFileSetCOW-logic.patch + boo#1175463 + +------------------------------------------------------------------- +Thu Jul 30 14:34:11 UTC 2020 - James Fehlig + +- CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use + ioctl's to obtain the dependency tree of disks and drop use of + libdevmapper. + 22494556-CVE-2020-14339.patch + bsc#1161883, bsc#1174458 + +------------------------------------------------------------------- +Wed Jun 3 16:38:09 UTC 2020 - James Fehlig + +- libxl: Normalize MAC address in device conf on netdev hotplug + ec07aad8-libxl-normalize-mac-addr.patch + bsc#1172052 + +------------------------------------------------------------------- +Wed Apr 29 17:03:01 UTC 2020 - James Fehlig + +- qemu: Fix memory leak in qemuDomainGetStatsIOThread + CVE-2020-12430 + 9bf9e0ae-CVE-2020-12430.patch + bsc#1170765 ------------------------------------------------------------------- Tue Apr 21 17:45:36 UTC 2020 - James Fehlig @@ -1178,6 +1170,14 @@ Fri Apr 17 05:19:57 UTC 2020 - Lin Ma 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch bsc#1161159 +------------------------------------------------------------------- +Thu Apr 9 22:26:36 UTC 2020 - James Fehlig + +- api: Disallow virDomainAgentSetResponseTimeout on read-only + connections. CVE-2020-10701 + 4cc90c2e-CVE-2020-10701.patch + bsc#1168680 + ------------------------------------------------------------------- Thu Apr 9 22:04:57 UTC 2020 - James Fehlig @@ -1188,26 +1188,6 @@ Thu Apr 9 22:04:57 UTC 2020 - James Fehlig 967f4eeb-xenconfig-event-channels.patch bsc#1168767 -------------------------------------------------------------------- -Mon Apr 6 14:30:29 UTC 2020 - James Fehlig - -- libxl: fix crash when initializing driver - 88011ed2-libxl-driver-crash-fix.patch - -------------------------------------------------------------------- -Fri Apr 3 20:47:27 UTC 2020 - James Fehlig - -- Update to libvirt 6.2.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - CVE-2020-10701 - bsc#1168680 - - Dropped patches: - a30078cb-qemu-create-mp-target.patch, - aeb909bf-qemu-multipath-fix.patch - - Added patch: - disable-multipath-pr-tests.patch - ------------------------------------------------------------------- Thu Mar 19 22:59:45 UTC 2020 - James Fehlig @@ -1224,24 +1204,6 @@ Tue Mar 17 19:50:01 UTC 2020 - James Fehlig aeb909bf-qemu-multipath-fix.patch bsc#1161883 -------------------------------------------------------------------- -Mon Mar 16 08:42:10 UTC 2020 - Guillaume GARDET - -- Xen is not built for armv7 anymore, so do not use it for armv7 - -------------------------------------------------------------------- -Thu Mar 5 04:09:43 UTC 2020 - James Fehlig - -- Update to libvirt 6.1.0 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Dropped patches: - 6c1dddaf-libxl-shutdown-inhibit.patch, - 849052ec-libxl-support-credit2.patch, - 72ed254b-drop-exec-perms-bashcompletion.patch, - e092daac-prohib-parallel-tunneled-mig.patch, - ae9e6c2a-qemu-allow-cond-format-probe.patch - ------------------------------------------------------------------- Tue Mar 3 23:22:42 UTC 2020 - James Fehlig @@ -1383,13 +1345,7 @@ Tue Oct 8 17:07:03 UTC 2019 - James Fehlig https://libvirt.org/news.html ------------------------------------------------------------------- -Thu Sep 5 22:21:03 UTC 2019 - James Fehlig - -- Add apparmor-abstractions as a required package for daemon - bsc#1142992 - -------------------------------------------------------------------- -Wed Sep 4 20:54:24 UTC 2019 - James Fehlig +Fri Sep 6 15:13:36 UTC 2019 - James Fehlig - Update to libvirt 5.7.0 - Experimental split of libvirtd into separate daemons @@ -1397,86 +1353,153 @@ Wed Sep 4 20:54:24 UTC 2019 - James Fehlig - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: - 93c1d5fe-network-fix-ability-to-use-openvswitch-with-vlans.patch, - blockcopy-check-dst-identical-device.patch, - suse-libvirtd-service-xen.patch - -------------------------------------------------------------------- -Thu Aug 15 19:54:20 UTC 2019 - Martin Wilck - -- network: fix ability to use openvswitch with vlans (bsc#1145651) - - Added patch: - 93c1d5fe-network-fix-ability-to-use-openvswitch-with-vlans.patch - -------------------------------------------------------------------- -Mon Aug 5 19:24:35 UTC 2019 - James Fehlig - -- Update to libvirt 5.6.0 - - Enable proper use of systemd socket activation with libvirtd - - bsc#1133719 - - Many incremental improvements and bug fixes, see - http://libvirt.org/news.html - - Dropped patches: - xen-pv-cdrom.patch, xen-sxpr-disk-type.patch -- qemu: fix default value of security_default_confined - Updated suse-qemu-conf.patch - bsc#1143871 - -------------------------------------------------------------------- -Tue Jul 2 21:24:26 UTC 2019 - James Fehlig - -- Update to libvirt 5.5.0 - - CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 - - Many incremental improvements and bug fixes, see - http://libvirt.org/news.html - - Dropped patches: - aed6a032-CVE-2019-10161.patch, - db0b7845-CVE-2019-10166.patch, - 8afa68ba-CVE-2019-10167.patch, - bf6c2830-CVE-2019-10168.patch - -------------------------------------------------------------------- -Thu Jun 20 14:55:04 UTC 2019 - Jim Fehlig - -- api: disallow virConnect*HypervisorCPU, - virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, - and virDomainSaveImageGetXMLDesc on read-only connections - aed6a032-CVE-2019-10161.patch, db0b7845-CVE-2019-10166.patch, - 8afa68ba-CVE-2019-10167.patch, bf6c2830-CVE-2019-10168.patch - CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 - bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 - -------------------------------------------------------------------- -Wed Jun 12 15:03:47 UTC 2019 - Dominique Leuenberger - -- Drop systemd BuildRequires: there is already pkgconfig(systemd) - present, which is the same package. - -------------------------------------------------------------------- -Mon Jun 3 17:05:52 UTC 2019 - Jim Fehlig - -- Update to libvirt 5.4.0 - - Many incremental improvements and bug fixes, see - http://libvirt.org/news.html - - Dropped patches: + 4ec3cf9a-apparmor-rules.patch, + f38ef0fa-no-RDMA-check.patch, + 411cdaf8-apparmor-check-profile-name.patch. + 696239ba-qemu-fix-query-cpus-fast.patch, + 09eb1ae0-conf-add-xenbus-controller.patch, + fb059757-libxl-add-xenbus-controller.patch, + ec5a1191-libxl-support-max-grant-frames.patch, + 5a64c202-xenconfig-support-max-grant-frames.patch, + CVE-2019-3886-api.patch, + CVE-2019-3886-remote.patch, + e0246257-cputest-add-data-for-Cascadelake-Server.patch, 5cd9db3a-cputest-add-data-E3-1225-v5.patch, 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch, 96f41cd7-admin-reject-clients.patch, f111e094-locking-restrict-sockets-to-mode-0600.patch, e37bd65f-logging-restrict-sockets-to-mode-0600.patch, - 76b420d0-build-libqemutestdriver-lto-fix.patch + 9f4e35dc-network-improve-chain-create-error-report.patch, + 686803a1-network-split-ipv4-ipv6-chains.patch, + c1c235eb-nework-clear-cached-error.patch, + 4330d138-network-refactor-global-chains.patch, + 3b66bd9a-add-debug-chain-creation.patch, + c6cbe187-network-delay-global-fw-setup.patch, + CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, + CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, + CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, + CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch, + 51f9f80d-fix-copying-bitmaps.patch, + 2878278c-cpu_map-add-Cascaselake-Server.patch, + 4a0f604d-cpu_map-distribute-Cascaselake-Server.patch, + d5572f62-qemu-support-override-max-thread.patch, + 673f805d-qemu-chown-uniqDir.patch, + 975b004d-virtlogd-over-logrotate.patch, + 18d47d61-revert-d00c77ae.patch, + d6943eab-libxl-pmsuspend-event.patch, + 3d179919-virsh-precopy-bandwidth.patch, + f4bdd829-rename-precopy-bandwidth.patch, + xen-pv-cdrom.patch, + blockcopy-check-dst-identical-device.patch, + suse-libvirtd-service-xen.patch, + xen-sxpr-disk-type.patch ------------------------------------------------------------------- -Thu May 30 16:08:06 UTC 2019 - James Fehlig +Tue Sep 3 17:20:09 UTC 2019 - James Fehlig -- build: fix linking libqemutestdriver with LTO enabled - 76b420d0-build-libqemutestdriver-lto-fix.patch - boo#1133253 +- virsh: use upstream name for migration precopy bandwidth parameter + f4bdd829-rename-precopy-bandwidth.patch + bsc#1145586 ------------------------------------------------------------------- -Thu May 30 06:58:30 UTC 2019 - Martin Liška +Tue Aug 27 20:58:45 UTC 2019 - James Fehlig -- Use %make_build in order to provide verbose output. +- virsh: support for setting precopy bandwidth in migrate + 3d179919-virsh-precopy-bandwidth.patch + bsc#1145586 +- Rename patches to include commit ID + revert-d00c77ae.patch -> 18d47d61-revert-d00c77ae.patch + libxl-pmsuspend-event.patch -> d6943eab-libxl-pmsuspend-event.patch + +------------------------------------------------------------------- +Fri Aug 16 17:17:57 UTC 2019 - James Fehlig + +- libxl: fix domain state following successful suspend operation + revert-d00c77ae.patch, libxl-pmsuspend-event.patch + bsc#1145440 + +------------------------------------------------------------------- +Fri Aug 9 14:28:22 UTC 2019 - James Fehlig + +- logging: ensure virtlogd rollover takes priority over logrotate + 975b004d-virtlogd-over-logrotate.patch + bsc#1137137 + +------------------------------------------------------------------- +Fri Aug 2 21:06:27 UTC 2019 - James Fehlig + +- qemu: fix default value of security_default_confined + Updated suse-qemu-conf.patch + bsc#1143871 + +------------------------------------------------------------------- +Fri Aug 2 20:48:51 UTC 2019 - James Fehlig + +- qemu: Change owner of temp directories under /var/lib/libvirt/qemu + 673f805d-qemu-chown-uniqDir.patch + bsc#1143497 + +------------------------------------------------------------------- +Wed Jul 31 14:27:36 UTC 2019 - Goldwyn Rodrigues + +- Add apparmor-abstractions as a required package for daemon + (bsc#1142992) + +------------------------------------------------------------------- +Thu Jul 25 16:00:05 UTC 2019 - James Fehlig + +- qemu: Add support for overriding max threads per process limit + d5572f62-qemu-support-override-max-thread.patch + bsc#1133719 + +------------------------------------------------------------------- +Thu Jul 18 16:17:46 UTC 2019 - James Fehlig + +- cpu_map: Add Cascadelake-Server CPU model + e0246257-cputest-add-data-for-Cascadelake-Server.patch, + 2878278c-cpu_map-add-Cascaselake-Server.patch, + 4a0f604d-cpu_map-distribute-Cascaselake-Server.patch + bsc#1141251 + +------------------------------------------------------------------- +Wed Jun 19 21:37:53 UTC 2019 - James Fehlig + +- util: fix copying bitmap to larger data buffer + 51f9f80d-fix-copying-bitmaps.patch + bsc#1138734 + +------------------------------------------------------------------- +Fri Jun 14 17:08:57 UTC 2019 - James Fehlig + +- api: disallow virConnect*HypervisorCPU, + virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, + and virDomainSaveImageGetXMLDesc on read-only connections + CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, + CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, + CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, + CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch + CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 + bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 + +------------------------------------------------------------------- +Fri May 24 18:22:39 UTC 2019 - James Fehlig + +- network: delay global firewall setup if no networks are running + 9f4e35dc-network-improve-chain-create-error-report.patch, + 686803a1-network-split-ipv4-ipv6-chains.patch, + c1c235eb-nework-clear-cached-error.patch, + 4330d138-network-refactor-global-chains.patch, + 3b66bd9a-add-debug-chain-creation.patch, + c6cbe187-network-delay-global-fw-setup.patch, + Dropped patches: revert-7431b3eb.patch, revert-8b967198.patch + bsc#1133229 +- Renamed patches to include commit id: + CVE-2019-10132-admin-reject-clients.patch -> + 96f41cd7-admin-reject-clients.patch + CVE-2019-10132-locking-restrict-sockets-to-mode-0600.patch -> + f111e094-locking-restrict-sockets-to-mode-0600.patch + CVE-2019-10132-logging-restrict-sockets-to-mode-0600.patch -> + e37bd65f-logging-restrict-sockets-to-mode-0600.patch ------------------------------------------------------------------- Thu May 23 17:07:21 UTC 2019 - Jim Fehlig @@ -1485,93 +1508,47 @@ Thu May 23 17:07:21 UTC 2019 - Jim Fehlig bsc#1136109 ------------------------------------------------------------------- -Tue May 21 17:15:09 UTC 2019 - James Fehlig +Mon May 20 17:33:59 UTC 2019 - James Fehlig -- admin: reject clients unless their UID matches the server UID - CVE-2019-10132 - 96f41cd7-admin-reject-clients.patch, - f111e094-locking-restrict-sockets-to-mode-0600.patch, - e37bd65f-logging-restrict-sockets-to-mode-0600.patch +- cpu: add tests for md-clear feature + Updated 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch and + added 5cd9db3a-cputest-add-data-E3-1225-v5.patch + bsc#1135273 + +------------------------------------------------------------------- +Mon May 20 17:24:53 UTC 2019 - James Fehlig + +- CVE-2019-10132: admin: reject clients unless their UID matches + the server UID + CVE-2019-10132-admin-reject-clients.patch, + CVE-2019-10132-locking-restrict-sockets-to-mode-0600.patch, + CVE-2019-10132-logging-restrict-sockets-to-mode-0600.patch bsc#1134348 ------------------------------------------------------------------- -Mon May 20 21:50:28 UTC 2019 - James Fehlig +Wed May 15 16:51:50 UTC 2019 - Bruce Rogers - cpu_map: add cpu feature md-clear. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - 5cd9db3a-cputest-add-data-E3-1225-v5.patch, 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch - bsc#1111331, bsc#1135273 + bsc#1111331 + bsc#1135273 ------------------------------------------------------------------- -Wed May 8 17:03:43 UTC 2019 - James Fehlig +Thu Apr 25 15:45:28 UTC 2019 - James Fehlig -- Update to libvirt 5.3.0 - - Many incremental improvements and bug fixes, see - http://libvirt.org/news.html - - Dropped patches: - ff376c62-tests-fix-mocking-stat-lstat.patch, - ebe9c6ea-qemu-firmware-dirent.patch, - 2a07c990-api-CVE-2019-3886.patch, - ae076bb4-remote-CVE-2019-3886.patch, - f66f70ac-snapshot-fix-use-after-free.patch, - 89237d53-conf-expose-virDomainSCSIDriveAddressIsUsed.patch, - ee2c5ef3-test-scsi-disk.patch, - ddc72f99-qemu-check-dup-drive-address.patch, - 22dc3e94-revert-f1d65853.patch - -------------------------------------------------------------------- -Thu Apr 25 20:42:03 UTC 2019 - Jim Fehlig - -- Fix build with LTO enabled - Adjusted support-managed-pci-xen-driver.patch - boo#1133253 - -------------------------------------------------------------------- -Fri Apr 19 17:06:42 UTC 2019 - James Fehlig - -- qemu: fix CDROM media change when using virDomainAttachDevice - 89237d53-conf-expose-virDomainSCSIDriveAddressIsUsed.patch, - ee2c5ef3-test-scsi-disk.patch, - ddc72f99-qemu-check-dup-drive-address.patch, - 22dc3e94-revert-f1d65853.patch - boo#1132127 - -------------------------------------------------------------------- -Thu Apr 11 23:00:48 UTC 2019 - James Fehlig - -- Fix and re-enable snapshot tests - f66f70ac-snapshot-fix-use-after-free.patch +- Revert commits 5f1e6a7d and f6c5babb to avoid loading conntrack + module at libvird start + revert-7431b3eb.patch, revert-8b967198.patch + bsc#1133229 ------------------------------------------------------------------- Fri Apr 5 19:58:10 UTC 2019 - James Fehlig - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users - 2a07c990-api-CVE-2019-3886.patch, - ae076bb4-remote-CVE-2019-3886.patch + CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 -- spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch - touches remote_protocol.x - -------------------------------------------------------------------- -Wed Apr 3 18:08:00 UTC 2019 - Jim Fehlig - -- Update to libvirt 5.2.0 - - Many incremental improvements and bug fixes, see - http://libvirt.org/news.html - - Dropped patches: - 4ec3cf9a-apparmor-rules.patch, - f38ef0fa-no-RDMA-check.patch, - 411cdaf8-apparmor-check-profile-name.patch, - 696239ba-qemu-fix-query-cpus-fast.patch, - 09eb1ae0-conf-add-xenbus-controller.patch, - fb059757-libxl-add-xenbus-controller.patch, - ec5a1191-libxl-support-max-grant-frames.patch, - 5a64c202-xenconfig-support-max-grant-frames.patch - - Added patches: - ff376c62-tests-fix-mocking-stat-lstat.patch, - ebe9c6ea-qemu-firmware-dirent.patch ------------------------------------------------------------------- Thu Mar 21 21:40:06 UTC 2019 - James Fehlig