diff --git a/libvirt-10.8.0.tar.xz b/libvirt-10.8.0.tar.xz deleted file mode 100644 index ac1190c..0000000 --- a/libvirt-10.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bbd976d3f0fb0a98ec4a35f997167ae78dbcc58a092a94e7426fcb8e1260883c -size 9932916 diff --git a/libvirt-10.9.0.tar.xz b/libvirt-10.9.0.tar.xz new file mode 100644 index 0000000..d59b485 --- /dev/null +++ b/libvirt-10.9.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:19244a31e86add49907ebcabbde4665967332f767504a448bbe1686656b22aee +size 9948724 diff --git a/libvirt.changes b/libvirt.changes index 35f3129..8f0ebac 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Nov 4 21:00:34 UTC 2024 - James Fehlig + +- json: do not call json_tokener_free with NULL + Fixes potential SEGV in libvirt-nss module + boo#1232726 + +------------------------------------------------------------------- +Fri Nov 1 19:52:45 UTC 2024 - James Fehlig + +- Update to libvirt 10.9.0 + - jsc#PED-8909, jsc#9854, jsc#9855 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-9-0-2024-11-01 + +------------------------------------------------------------------- +Tue Oct 22 15:59:15 UTC 2024 - James Fehlig + +- spec: Use default_firewall_backend prjconf setting +- spec: Loosen nwfilter dependency + boo#1231798 + ------------------------------------------------------------------- Tue Oct 1 19:57:06 UTC 2024 - James Fehlig @@ -14,6 +36,8 @@ Tue Sep 3 17:23:41 UTC 2024 - James Fehlig - Update to libvirt 10.7.0 - CVE-2024-8235, bsc#1230024 + - Unconditionally disable building the interface driver + - Remove SysV rc* compatibility symlinks - jsc#PED-8909 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-7-0-2024-09-02 @@ -27,13 +51,24 @@ Mon Aug 5 22:02:12 UTC 2024 - James Fehlig https://libvirt.org/news.html#v10-6-0-2024-08-05 ------------------------------------------------------------------- -Wed Jun 26 19:16:35 UTC 2024 - James Fehlig +Mon Jul 1 19:28:17 UTC 2024 - James Fehlig -- qemu: Fix migration with custom XML - bsc#1226492 +- Update to libvirt 10.5.0 + - Introduce SEV-SNP support + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-5-0-2024-07-01 ------------------------------------------------------------------- -Wed May 8 22:48:08 UTC 2024 - James Fehlig +Mon Jun 3 18:03:34 UTC 2024 - James Fehlig + +- Update to libvirt 10.4.0 + - network: use nftables to setup virtual network firewall rules + boo#1201510 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-4-0-2024-06-03 + +------------------------------------------------------------------- +Wed May 8 22:39:10 UTC 2024 - James Fehlig - CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop @@ -42,16 +77,28 @@ Wed May 8 22:48:08 UTC 2024 - James Fehlig bsc#1222584 ------------------------------------------------------------------- -Tue Apr 9 16:10:19 UTC 2024 - James Fehlig +Thu May 2 22:48:28 UTC 2024 - James Fehlig -- security: Ensure file exists before attempting to restore label - bsc#1220714 +- Update to libvirt 10.3.0 + - bsc#1220714 + - bsc#1226492 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-3-0-2024-05-02 ------------------------------------------------------------------- -Wed Mar 27 22:19:42 UTC 2024 - James Fehlig +Fri Apr 12 21:02:53 UTC 2024 - James Fehlig -- qemu: Fix migration from libvirt older than 9.10.0 when vmx is enabled - bsc#1221879 +- spec: Add 'Requires: netcat-openbsd' to libvirt-daemon-common + boo#1222100 + +------------------------------------------------------------------- +Tue Apr 2 15:03:20 UTC 2024 - James Fehlig + +- Update to libvirt 10.2.0 + - CVE-2024-2494 + - bsc#1221879 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-2-0-2024-04-02 ------------------------------------------------------------------- Thu Mar 21 15:30:22 UTC 2024 - James Fehlig @@ -61,11 +108,13 @@ Thu Mar 21 15:30:22 UTC 2024 - James Fehlig bsc#1221815 ------------------------------------------------------------------- -Tue Mar 12 14:46:48 UTC 2024 - James Fehlig +Tue Mar 5 21:20:53 UTC 2024 - James Fehlig -- Fix off-by-one error in udevListInterfacesByStatus - CVE-2024-1441 - bsc#1221237 +- Update to libvirt 10.1.0 + - CVE-2024-1441 + bsc#1221237 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v10-1-0-2024-03-01 ------------------------------------------------------------------- Thu Feb 22 22:11:36 UTC 2024 - James Fehlig @@ -186,116 +235,115 @@ Wed Aug 2 22:42:41 UTC 2023 - James Fehlig - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v9-6-0-2023-08-01 - jsc#PED-3725 +- spec: Unconditionally enable modular daemons - spec: Remove logic handling package upgrade from old libvirtd -- spec: Remove obsolete Groups tag -- spec: Integrate upstream spec file changes that split the - libvirt-daemon package, allowing more modular, customized - installations -- spec: New subpackages libvirt-daemon-common, libvirt-daemon-lock, - libvirt-daemon-log, libvirt-daemon-proxy, and - libvirt-daemon-plugin-lockd -- spec: Renamed subpackage libvirt-lock-sanlock to - libvirt-daemon-plugin-sanlock ------------------------------------------------------------------- -Tue Jul 25 22:00:31 UTC 2023 - James Fehlig - -- spec: Build library with support for modular daemons - bsc#1213352 - -------------------------------------------------------------------- -Thu Jul 20 21:22:50 UTC 2023 - James Fehlig +Thu Jul 20 21:44:18 UTC 2023 - James Fehlig - CVE-2023-3750: storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' bsc#1213447 -- Move to a more git-centric packaging workflow using tar_scm - instead of download_files - - New source README.packaging.txt - - Drop now unused signature file and libvirt.keyring - - Patches dropped and now maintained in git - ef482951-apparmor-Allow-umount-dev.patch, - d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch, - c3f16cea-qemu-cleanup-label-on-umount-failure.patch, - 697c16e3-qemu_process-better-debug-message.patch, - 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch, - 4959490e-support-SUSE-edk2-firmware-paths.patch, - 0f350a4d-virt-qemu-sev-validate-remote-detect.patch, - bf3be5b7-libxl-Support-custom-firmware-path.patch, - 705525cb-libxl-Support-custom-firmware-path-conversion.patch, - 15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch, - 86cfe93e-qemuProcessRefreshDisks-fix-info.patch, - 6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch, - 9b743ee1-apparmor-support-local-profile-customizations.patch, - f3ed5c27-libxl-dont-resume-domain-on-canceled-mig.patch, - b9eeeebd-libxl-support-MIGRATE_CHANGE_PROTECTION.patch, - libxl-dom-reset.patch, - network-don-t-use-dhcp-authoritative-on-static-netwo.patch, - 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch, - libvirt-power8-models.patch, - ppc64le-canonical-name.patch, - libxl-set-migration-constraints.patch, - libxl-set-cach-mode.patch, - 0001-libxl-add-support-for-BlockResize-API.patch, - suse-libvirtd-disable-tls.patch, - suse-libvirt-guests-service.patch, - suse-qemu-conf.patch, - suse-qemu-ovmf-paths.patch, - libxl-support-block-script.patch, - qemu-apparmor-screenshot.patch, - libvirt-suse-netcontrol.patch, - lxc-wait-after-eth-del.patch, - suse-libxl-disable-autoballoon.patch, - suse-xen-ovmf-paths.patch, - virt-create-rootfs.patch, - suse-fix-lxc-container-init.patch -- Drop old, unused SUSEfirewall2 config file - libvirtd-relocation-server.fw -- spec: Remove unneeded use of ldconfig -- spec: Remove libvirt_sysconfig_{pre,posttrans} macros. They are - noops on SUSE distros since files in /etc/sysconfig/ are not - owned by rpm. ------------------------------------------------------------------- -Fri Jul 14 19:41:17 UTC 2023 - James Fehlig +Thu Jul 13 20:07:10 UTC 2023 - James Fehlig - libxl: Improve handling of errors across migration phases - f3ed5c27-libxl-dont-resume-domain-on-canceled-mig.patch, - b9eeeebd-libxl-support-MIGRATE_CHANGE_PROTECTION.patch bsc#1213186 +- apparmor: Support local overrides in all profiles and abstractions spec: Don't replace /etc/apparmor.d/ on package upgrade - spec: Stop packaging empty /etc/apparmor.d/local/* files + spec: No longer package empty /etc/apparmor.d/local/* files bsc#1211472 ------------------------------------------------------------------- -Wed Jun 7 22:56:51 UTC 2023 - James Fehlig +Thu Jul 6 16:09:49 UTC 2023 - James Fehlig -- spec: Replace /etc/apparmor.d/ on package upgrade - apparmor: Add support for local profile customizations - 9b743ee1-apparmor-support-local-profile-customizations.patch +- Update to libvirt 9.5.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v9-5-0-2023-07-03 + - Add upstream commit 5f7f6ceb47 to fix builds on Leap 15.x + - Drop downstream commit adding SUSE-specific migration + parameters + +------------------------------------------------------------------- +Tue Jun 13 22:28:33 UTC 2023 - James Fehlig + +- spec: Don't move apparmor profiles to modular daemon subpackages + +------------------------------------------------------------------- +Wed Jun 7 22:21:45 UTC 2023 - James Fehlig + +- apparmor: Add support for local profile customizations + spec: Replace /etc/apparmor.d/ on package upgrade bsc#1211472 +- supportconfig: Modular daemon improvements ------------------------------------------------------------------- -Tue May 30 15:29:12 UTC 2023 - James Fehlig +Fri Jun 2 16:26:30 UTC 2023 - James Fehlig -- CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList - 6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch - bsc#1211390 +- Update to libvirt 9.4.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v9-4-0-2023-06-01 ------------------------------------------------------------------- -Tue May 9 16:35:49 UTC 2023 - James Fehlig +Tue May 2 17:18:02 UTC 2023 - James Fehlig -- qemu: Fix cdrom media change - 86cfe93e-qemuProcessRefreshDisks-fix-info.patch - bsc#1210666 +- Update to libvirt 9.3.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v9-3-0-2023-05-02 + - CVE-2023-2700 + bsc#1211390 + - boo#1210654 ------------------------------------------------------------------- -Thu Apr 13 17:14:56 UTC 2023 - James Fehlig +Wed Apr 12 21:01:17 UTC 2023 - James Fehlig - qemu: Fix potential crash during driver cleanup - 15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch bsc#1209861 +------------------------------------------------------------------- +Mon Apr 10 14:11:42 UTC 2023 - James Fehlig + +- service: Remove unnecessary auth token from github URL + +------------------------------------------------------------------- +Mon Apr 3 20:38:30 UTC 2023 - James Fehlig + +- Update to libvirt 9.2.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v9-2-0-2023-04-01 + - Move to a more git-centric packaging workflow using tar_scm + instead of download_files + - New source README.packaging.txt + - Remove now unused signature file and libvirt.keyring + - Patches now maintained in git + libxl-dom-reset.patch, + network-don-t-use-dhcp-authoritative-on-static-netwo.patch, + 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch, + libvirt-power8-models.patch, + ppc64le-canonical-name.patch, + libxl-set-migration-constraints.patch, + libxl-set-cach-mode.patch, + 0001-libxl-add-support-for-BlockResize-API.patch, + suse-libvirtd-disable-tls.patch, + suse-libvirt-guests-service.patch, + suse-qemu-conf.patch, + suse-qemu-ovmf-paths.patch, + libxl-support-block-script.patch, + qemu-apparmor-screenshot.patch, + libvirt-suse-netcontrol.patch, + lxc-wait-after-eth-del.patch, + suse-libxl-disable-autoballoon.patch, + suse-xen-ovmf-paths.patch, + virt-create-rootfs.patch, + suse-fix-lxc-container-init.patch + - Remove old, unused SUSEfirewall2 config file + libvirtd-relocation-server.fw + - Dropped patches: + 4959490e-support-SUSE-edk2-firmware-paths.patch, + bf3be5b7-libxl-Support-custom-firmware-path.patch, + 705525cb-libxl-Support-custom-firmware-path-conversion.patch, + ------------------------------------------------------------------- Fri Mar 10 19:01:21 UTC 2023 - James Fehlig @@ -305,14 +353,6 @@ Fri Mar 10 19:01:21 UTC 2023 - James Fehlig bsc#1209161 - spec: Move ovmf dependency to correct package -------------------------------------------------------------------- -Fri Mar 3 00:11:51 UTC 2023 - James Fehlig - -- tools: Fix detection of remote libvirt access in - virt-qemu-sev-validate - 0f350a4d-virt-qemu-sev-validate-remote-detect.patch - jsc#PED-1472 - ------------------------------------------------------------------- Thu Mar 2 23:11:37 UTC 2023 - James Fehlig @@ -320,6 +360,29 @@ Thu Mar 2 23:11:37 UTC 2023 - James Fehlig 4959490e-support-SUSE-edk2-firmware-paths.patch boo#1208567 +------------------------------------------------------------------- +Wed Mar 1 20:58:57 UTC 2023 - James Fehlig + +- Update to libvirt 9.1.0 + - bsc#1210666 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v9-1-0-2023-03-01 + - spec: Remove obsolete Groups tag + - spec: Integrate upstream spec file changes that split the + libvirt-daemon package, allowing more modular, customized + installations + - spec: New subpackages libvirt-daemon-common, libvirt-daemon-lock, + libvirt-daemon-log, libvirt-daemon-proxy, and + libvirt-daemon-plugin-lockd + - spec: Renamed subpackage libvirt-lock-sanlock to + libvirt-daemon-plugin-sanlock + - Dropped patches: + ef482951-apparmor-Allow-umount-dev.patch, + d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch, + c3f16cea-qemu-cleanup-label-on-umount-failure.patch, + 697c16e3-qemu_process-better-debug-message.patch, + 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch + ------------------------------------------------------------------- Wed Feb 8 18:01:55 UTC 2023 - James Fehlig @@ -403,8 +466,115 @@ Thu Sep 1 20:37:17 UTC 2022 - James Fehlig - Update to libvirt 8.7.0 - jsc#PED-620, jsc#PED-1540 + - bsc#1202630 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-7-0-2022-09-01 + - Dropped patches: + 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, + c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch + +------------------------------------------------------------------- +Wed Aug 24 23:07:12 UTC 2022 - James Fehlig + +- spec: Suppress error messages about nonexistent or unreadable + files from grep + +------------------------------------------------------------------- +Fri Aug 19 18:43:03 UTC 2022 - James Fehlig + +- spec: Place 'Requires:' on compression binaries instead of their + associated packages + boo#1202569 + +------------------------------------------------------------------- +Mon Aug 15 15:59:38 UTC 2022 - James Fehlig + +- Fix build with glibc 2.36 + 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, + c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch + boo#1202321 + +------------------------------------------------------------------- +Tue Aug 2 16:10:13 UTC 2022 - James Fehlig + +- Update to libvirt 8.6.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-6-0-2022-08-01 + +------------------------------------------------------------------- +Tue Jul 19 23:54:51 UTC 2022 - James Fehlig + +- spec: Don't redefine libexecdir + boo#1201565 + +------------------------------------------------------------------- +Tue Jul 5 20:25:19 UTC 2022 - James Fehlig + +- Update to libvirt 8.5.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-5-0-2022-07-01 + - Drop downstream-only lxc patches. They received little interest + upstream, are difficult to maintain, and are no longer required + by the requester (SLE): + 0001-Extract-stats-functions-from-the-qemu-driver.patch, + 0002-lxc-implement-connectGetAllDomainStats.patch + +------------------------------------------------------------------- +Fri Jun 24 21:23:46 UTC 2022 - James Fehlig + +- spec: Include aarch64 in the list of architectures that 'Require' + dmidecode + boo#1196087 + +------------------------------------------------------------------- +Tue Jun 21 17:55:38 UTC 2022 - James Fehlig + +- spec: Move logrotate config files from /etc/logrotate.d to + /usr/etc/logrotate.d + +------------------------------------------------------------------- +Tue Jun 14 00:23:15 UTC 2022 - James Fehlig + +- spec: Closer alignment with upstream spec file, including + enabling more unit tests + +------------------------------------------------------------------- +Wed Jun 1 14:10:53 UTC 2022 - James Fehlig + +- Update to libvirt 8.4.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-4-0-2022-06-01 + +------------------------------------------------------------------- +Mon May 9 13:49:51 UTC 2022 - James Fehlig + +- Update to libvirt 8.3.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-3-0-2022-05-02 + +------------------------------------------------------------------- +Fri Apr 1 17:30:25 UTC 2022 - James Fehlig + +- Update to libvirt 8.2.0 + - CVE-2022-0897 + bsc#1197636 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-2-0-2022-04-01 + - Dropped patches: + 823a62ec-qemu-fix-undefine-crash.patch + +------------------------------------------------------------------- +Thu Mar 3 15:25:50 UTC 2022 - James Fehlig + +- qemu: Fix segmentation fault in qemuDomainUndefineFlags + 823a62ec-qemu-fix-undefine-crash.patch + +------------------------------------------------------------------- +Tue Mar 1 16:15:32 UTC 2022 - James Fehlig + +- Update to libvirt 8.1.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html#v8-1-0-2022-03-01 - Dropped patches: 3be5ba11-libvirt-guests-install.patch, 16172741-libvirt-guests-manpage.patch, @@ -414,118 +584,7 @@ Thu Sep 1 20:37:17 UTC 2022 - James Fehlig e0241f33-libxl-mark-allocated-graphics-ports.patch, 18ec405a-libxl-release-graphics-ports.patch, 76deb656-qemu-fix-snapshot-revert.patch, - 454b927d-libxl-fix-dom-restore.patch, - d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, - 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, - 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, - 82be0ffe-conf-validate-serial-port-model.patch, - aab943a6-support-firmware-debug.patch, - 7714034e-qemu-debug-console-tests.patch, - 3ef9b51b-qemu-fix-pflash-formatting.patch, - 5adfb347-qemu-honor-user-nvram-path.patch, - 08101bde-qemu-inline-nvram-path-code.patch, - 24adb6c7-qemu-dont-regen-nvram-path.patch, - 392292cd-tests-dont-use-autogen-nvram-path.patch, - 32b9d8b0-qemu-support-fw-descriptor-mode.patch, - 823a62ec-qemu-fix-undefine-crash.patch, - a4947e8f-nwfilter-CVE-2022-0897.patch, - c61d1e9b-virfile-set-pipe-size.patch, - 47d6d185-virfile-fix-indent.patch, - cd7acb33-virfile-report-error.patch, - ba7f9812-conf-intro-mem-alloc-threads.patch, - a30dac15-qemu-detect-prealloc-threads.patch, - 75a4e016-qemu-validate-prealloc-threads.patch, - b8d6ecc7-qemu-generate-prealloc-threads.patch, - c890c496-qemu-cleanup-virQEMUCapsFindBinaryForArch.patch, - 0a301b19-qemu-dont-assume-qemukvm.patch, - fb7016a7-qemu-dissolve-virQEMUCapsFindBinaryForArch.patch, - db0564b4-vmx-Require-networkName.patch, - 0001-Extract-stats-functions-from-the-qemu-driver.patch, - 0002-lxc-implement-connectGetAllDomainStats.patch -- spec: Place 'Requires:' on compression binaries instead of their - associated packages - boo#1202569 -- spec: Don't redefine libexecdir - boo#1201565 -- spec: Closer alignment with upstream spec file, including - enabling more unit tests - -------------------------------------------------------------------- -Thu Sep 1 17:01:20 UTC 2022 - James Fehlig - -- vmx: Require networkName for bridged and custom NICs - db0564b4-vmx-Require-networkName.patch - bsc#1202630 - -------------------------------------------------------------------- -Wed Aug 24 20:48:37 UTC 2022 - James Fehlig - -- spec: Include aarch64 in the list of architectures that 'Require' - dmidecode - bsc#1202608 -- spec: Suppress error messages about nonexistent or unreadable - files from grep - -------------------------------------------------------------------- -Tue Aug 23 16:20:34 UTC 2022 - James Fehlig - -- Fix downstream patches to adhere to upstream coding standards - and pass 'make syntax-check' - -------------------------------------------------------------------- -Fri Jun 17 20:47:47 UTC 2022 - James Fehlig - -- qemu: Don't assume that /usr/libexec/qemu-kvm exists - c890c496-qemu-cleanup-virQEMUCapsFindBinaryForArch.patch, - 0a301b19-qemu-dont-assume-qemukvm.patch, - fb7016a7-qemu-dissolve-virQEMUCapsFindBinaryForArch.patch - bsc#1158430, boo#1196087 - -------------------------------------------------------------------- -Thu Jun 2 22:13:52 UTC 2022 - James Fehlig - -- qemu: Support memory allocation threads - ba7f9812-conf-intro-mem-alloc-threads.patch, - a30dac15-qemu-detect-prealloc-threads.patch, - 75a4e016-qemu-validate-prealloc-threads.patch, - b8d6ecc7-qemu-generate-prealloc-threads.patch - bsc#1197084 - -------------------------------------------------------------------- -Thu Mar 31 22:26:20 UTC 2022 - James Fehlig - -- qemu: Improve save operation by increasing pipe size - c61d1e9b-virfile-set-pipe-size.patch, - 47d6d185-virfile-fix-indent.patch, - cd7acb33-virfile-report-error.patch - bsc#1196625 - -------------------------------------------------------------------- -Tue Mar 29 22:19:24 UTC 2022 - James Fehlig - -- CVE-2022-0897: nwfilter: fix crash when counting number of - network filters - a4947e8f-nwfilter-CVE-2022-0897.patch - bsc#1197636 - -------------------------------------------------------------------- -Sat Mar 12 00:29:53 UTC 2022 - James Fehlig - -- qemu: Fixes and improvements for SEV(-ES) guests - d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, - 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, - 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, - 82be0ffe-conf-validate-serial-port-model.patch, - aab943a6-support-firmware-debug.patch, - 7714034e-qemu-debug-console-tests.patch, - 3ef9b51b-qemu-fix-pflash-formatting.patch, - 5adfb347-qemu-honor-user-nvram-path.patch, - 08101bde-qemu-inline-nvram-path-code.patch, - 24adb6c7-qemu-dont-regen-nvram-path.patch, - 392292cd-tests-dont-use-autogen-nvram-path.patch, - 32b9d8b0-qemu-support-fw-descriptor-mode.patch, - 823a62ec-qemu-fix-undefine-crash.patch - bsc#1196806 + 454b927d-libxl-fix-dom-restore.patch ------------------------------------------------------------------- Fri Feb 18 18:25:46 UTC 2022 - James Fehlig @@ -742,65 +801,55 @@ Mon Aug 2 20:44:29 UTC 2021 - James Fehlig - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 - - jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - - Added patches: - suse-qemu-ovmf-paths.patch, - suse-xen-ovmf-paths.patch - Dropped patches: - ee3dc2c2-libxl-default-pcistub-name.patch, - 6b8e9613-avoid-use-after-free.patch, - eab7ae6b-fix-array-access.patch, - c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, - ccc6dd8f-fix-exec-restart.patch, - 15073504-CVE-2021-3631.patch, de1e0ae0-lockd-no-error-if-lockspace.patch, - 447f69de-CVE-2021-3667.patch, - suse-ovmf-paths.patch, - suse-apparmor-libnl-paths.patch, - suse-xen-ovmf-loaders.patch, - suse-bump-xen-version.patch + f58349c9-qemu-storage-migration.patch + +------------------------------------------------------------------- +Tue Jul 27 18:10:29 UTC 2021 - James Fehlig + +- spec: Re-exec'ing virt{lock,log}d in posttrans was mistakenly + dropped in a previous change. Add it back. + +------------------------------------------------------------------- +Thu Jul 22 22:19:47 UTC 2021 - James Fehlig + - libxl: ovmf now provides only one firmware for Xen. The firmware is named ovmf-x86_64-xen-4m.bin in the SUSE ovmf package. Adjust the upstream default firmware path to match the SUSE name. - packaging: To improve maintainability, rename suse-ovmf-paths.patch to suse-qemu-ovmf-paths.patch and suse-xen-ovmf-loaders.patch to suse-xen-ovmf-paths.patch -- spec: Remove the sysconfig fillup files for the various daemons - - Dropped patches: - suse-libvirtd-sysconfig-settings.patch, - suse-virtlockd-sysconfig-settings.patch, - suse-virtlogd-sysconfig-settings.patch -- qemu: Use correct flag constant for enabling storage migration - f58349c9-qemu-storage-migration.patch - bsc#1188171 -- apparmor: Permit new capabilities required by libvirtd - boo#1186888 -- supportconfig plugin improvements -- Suggest numad package instead of requiring it. numad is not - required for libvirt daemon to run, it does not support the - cgroup2 API and it has been superseded by the kernel NUMA - balancer which is enabled by default. - bsc#1184722 -- libvirt-admin package merged with libvirt-daemon -- libvirt-bash-completion package merged with libvirt-client and - libvirt-daemon packages ------------------------------------------------------------------- -Thu Jul 29 19:48:32 UTC 2021 - James Fehlig - -- storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath - CVE-2021-3667 - bsc#1188843 - -------------------------------------------------------------------- -Tue Jul 27 18:22:59 UTC 2021 - James Fehlig +Fri Jul 16 23:05:03 UTC 2021 - James Fehlig - spec: Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. bsc#1188232 +- spec: Remove the sysconfig fillup files for the various daemons + - Dropped patches: + suse-libvirtd-sysconfig-settings.patch, + suse-virtlockd-sysconfig-settings.patch, + suse-virtlogd-sysconfig-settings.patch + +------------------------------------------------------------------- +Fri Jul 16 15:53:31 UTC 2021 - James Fehlig + +- spec: Add bash-completion dependency to libvirt-daemon and + libvirt-client. It was mistakenly dropped when + libvirt-bash-completion was merged into the daemon and client + subpackages + +------------------------------------------------------------------- +Fri Jul 16 15:37:11 UTC 2021 - James Fehlig + +- qemu: Use correct flag constant for enabling storage migration + f58349c9-qemu-storage-migration.patch + bsc#1188171 ------------------------------------------------------------------- Wed Jul 7 15:54:59 UTC 2021 - James Fehlig @@ -810,14 +859,53 @@ Wed Jul 7 15:54:59 UTC 2021 - James Fehlig bsc#1184253 ------------------------------------------------------------------- -Tue Jul 6 13:47:12 UTC 2021 - James Fehlig +Thu Jul 1 14:17:12 UTC 2021 - James Fehlig -- CVE-2021-3631: fix SELinux label generation logic - 15073504-CVE-2021-3631.patch - bsc#1187871 +- Update to libvirt 7.5.0 + - security: Fix insecure sVirt label generation - CVE-2021-3631 + bsc#1187871 + - apparmor: Permit new capabilities required by libvirtd + boo#1186888 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + suse-apparmor-libnl-paths.patch +- supportconfig plugin improvements ------------------------------------------------------------------- -Fri Apr 2 03:54:08 UTC 2021 - James Fehlig +Mon Jun 21 07:22:36 UTC 2021 - Mel Gorman + +- Suggest numad package instead of requiring it. numad is not + required for libvirt daemon to run, it does not support the + cgroup2 API and it has been superseded by the kernel NUMA + balancer which is enabled by default. + bsc#1184722 + +------------------------------------------------------------------- +Tue Jun 1 15:06:44 UTC 2021 - James Fehlig + +- Update to libvirt 7.4.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + ee890f25-libxl-mock-funcs.patch + +------------------------------------------------------------------- +Mon May 3 22:14:22 UTC 2021 - James Fehlig + +- Update to libvirt 7.3.0 + - libvirt-admin package merged with libvirt-daemon + - libvirt-bash-completion package merged with libvirt-client and + libvirt-daemon packages + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + suse-bump-xen-version.patch + - Added patches: + ee890f25-libxl-mock-funcs.patch + +------------------------------------------------------------------- +Thu Apr 1 23:42:46 UTC 2021 - James Fehlig - spec: Remove use of %fdupes since it was only acting on files that should be excluded @@ -825,6 +913,19 @@ Fri Apr 2 03:54:08 UTC 2021 - James Fehlig - Remove bogus comment from /etc/sysconfig/libvirtd bsc#1184253 +------------------------------------------------------------------- +Thu Apr 1 17:26:46 UTC 2021 - James Fehlig + +- Update to libvirt 7.2.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + ee3dc2c2-libxl-default-pcistub-name.patch, + 6b8e9613-avoid-use-after-free.patch, + eab7ae6b-fix-array-access.patch, + c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, + ccc6dd8f-fix-exec-restart.patch + ------------------------------------------------------------------- Thu Mar 18 21:29:19 UTC 2021 - James Fehlig @@ -1105,76 +1206,39 @@ Tue Sep 1 19:59:58 UTC 2020 - James Fehlig disable-multipath-pr-tests.patch ------------------------------------------------------------------- -Tue Aug 25 21:24:46 UTC 2020 - James Fehlig +Wed Aug 19 19:36:52 UTC 2020 - James Fehlig -- Update to libvirt 6.6.0 - - jsc#SLE-14253 - - CVE-2020-14339 - - Many incremental improvements and bug fixes, see - https://libvirt.org/news.html - - Added patches: - 2edd63a0-fix-virFileSetCOW-logic.patch, - 82bb167f-dont-cache-devmapper-major.patch, - feb8564a-handle-no-devmapper.patch, - 53d9af1e-ignore-devmapper-open-errors.patch - Dropped patches: - 6c1dddaf-libxl-shutdown-inhibit.patch, - 849052ec-libxl-support-credit2.patch, - 72ed254b-drop-exec-perms-bashcompletion.patch, - e092daac-prohib-parallel-tunneled-mig.patch, - ae9e6c2a-qemu-allow-cond-format-probe.patch, - a30078cb-qemu-create-mp-target.patch, - aeb909bf-qemu-multipath-fix.patch, - 8e669b38-conf-add-event-channels.patch, - a93f55c5-libxl-add-event-channels.patch, - 967f4eeb-xenconfig-event-channels.patch, - 4cc90c2e-CVE-2020-10701.patch, - 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch, - b7d6648d-conf-add-e820-host.patch, - 5749395b-libxl-e820-host.patch, - f3ef7daf-xenconfig-e820-host.patch, - 34077c1b-tests-check-e820-host.patch, - fadbaa23-conf-add-passthrough.patch, - 9529e007-libxl-passthrough.patch, - 9cb8bc6f-xenconfig-refactor-features.patch, - b523e225-xenconfig-passthrough.patch, - bed32525-tests-check-passthrough.patch, - 9bf9e0ae-CVE-2020-12430.patch, - ec07aad8-libxl-normalize-mac-addr.patch, - 22494556-CVE-2020-14339.patch, - c5fffb95-kernel-cmdline-parser.patch, - b611b620-check-s390-secure-guest.patch, - 657365e7-check-amd-secure-guest.patch, - 0254ceab-s390-host-validate-check.patch, - 4b561d49-amd-host-validate-check.patch, - 2c3ffa37-update-amd-doc.patch, - f0d0cd61-update-s390-doc.patch, - 8cb9d249-autoptr-file-callback.patch, - a551dd5f-intro-virHostCPUGetSignature.patch, - 44f826e4-virHostCPUGetSignature-x86.patch, - 2a68ceaa-virHostCPUGetSignature-ppc64.patch, - d3d87e0c-virHostCPUGetSignature-s390.patch, - 004804a7-qemu-invalidate-caps.patch -- qemu: Avoid stale capabilities cache host CPU or kernel command - line changes - bsc#1173157 - virdevmapper: Handle kernel without device-mapper support 82bb167f-dont-cache-devmapper-major.patch, feb8564a-handle-no-devmapper.patch, 53d9af1e-ignore-devmapper-open-errors.patch boo#1175465 + +------------------------------------------------------------------- +Tue Aug 18 21:40:48 UTC 2020 - James Fehlig + - util: Fix logic in virFileSetCOW 2edd63a0-fix-virFileSetCOW-logic.patch boo#1175463 ------------------------------------------------------------------- -Thu Jul 30 14:34:11 UTC 2020 - James Fehlig +Tue Aug 4 22:46:13 UTC 2020 - James Fehlig -- CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use - ioctl's to obtain the dependency tree of disks and drop use of - libdevmapper. - 22494556-CVE-2020-14339.patch - bsc#1161883, bsc#1174458 +- Update to libvirt 6.6.0 + - CVE-2020-14339 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + +------------------------------------------------------------------- +Mon Jul 6 14:58:35 UTC 2020 - James Fehlig + +- Update to libvirt 6.5.0 + - The node device driver now supports creating mediated devices + using the mdevctl utility + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + ec07aad8-libxl-normalize-mac-addr.patch ------------------------------------------------------------------- Wed Jun 3 16:38:09 UTC 2020 - James Fehlig @@ -1184,12 +1248,48 @@ Wed Jun 3 16:38:09 UTC 2020 - James Fehlig bsc#1172052 ------------------------------------------------------------------- -Wed Apr 29 17:03:01 UTC 2020 - James Fehlig +Tue Jun 2 15:16:15 UTC 2020 - James Fehlig -- qemu: Fix memory leak in qemuDomainGetStatsIOThread - CVE-2020-12430 - 9bf9e0ae-CVE-2020-12430.patch - bsc#1170765 +- Update to libvirt 6.4.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + d677de9d-libxl-fix-driver-name-check.patch, + d218a9c2-libxl-xen-driver-tables.patch, + 836ea91d-libxl-xenlight-internal.patch, + 57687260-xen-doc-improvements.patch + +------------------------------------------------------------------- +Wed May 6 20:43:16 UTC 2020 - James Fehlig + +- Xen: Fix connection when host uses modular daemons + d677de9d-libxl-fix-driver-name-check.patch, + d218a9c2-libxl-xen-driver-tables.patch, + 836ea91d-libxl-xenlight-internal.patch, + 57687260-xen-doc-improvements.patch + boo#1171113 + +------------------------------------------------------------------- +Wed May 6 01:40:32 UTC 2020 - James Fehlig + +- Update to libvirt 6.3.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + 88011ed2-libxl-driver-crash-fix.patch, + 8e669b38-conf-add-event-channels.patch, + a93f55c5-libxl-add-event-channels.patch, + 967f4eeb-xenconfig-event-channels.patch, + 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch, + b7d6648d-conf-add-e820-host.patch, + 5749395b-libxl-e820-host.patch, + f3ef7daf-xenconfig-e820-host.patch, + 34077c1b-tests-check-e820-host.patch, + fadbaa23-conf-add-passthrough.patch, + 9529e007-libxl-passthrough.patch, + 9cb8bc6f-xenconfig-refactor-features.patch, + b523e225-xenconfig-passthrough.patch, + bed32525-tests-check-passthrough.patch ------------------------------------------------------------------- Tue Apr 21 17:45:36 UTC 2020 - James Fehlig @@ -1213,14 +1313,6 @@ Fri Apr 17 05:19:57 UTC 2020 - Lin Ma 93b15ba0-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch bsc#1161159 -------------------------------------------------------------------- -Thu Apr 9 22:26:36 UTC 2020 - James Fehlig - -- api: Disallow virDomainAgentSetResponseTimeout on read-only - connections. CVE-2020-10701 - 4cc90c2e-CVE-2020-10701.patch - bsc#1168680 - ------------------------------------------------------------------- Thu Apr 9 22:04:57 UTC 2020 - James Fehlig @@ -1231,6 +1323,26 @@ Thu Apr 9 22:04:57 UTC 2020 - James Fehlig 967f4eeb-xenconfig-event-channels.patch bsc#1168767 +------------------------------------------------------------------- +Mon Apr 6 14:30:29 UTC 2020 - James Fehlig + +- libxl: fix crash when initializing driver + 88011ed2-libxl-driver-crash-fix.patch + +------------------------------------------------------------------- +Fri Apr 3 20:47:27 UTC 2020 - James Fehlig + +- Update to libvirt 6.2.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - CVE-2020-10701 + bsc#1168680 + - Dropped patches: + a30078cb-qemu-create-mp-target.patch, + aeb909bf-qemu-multipath-fix.patch + - Added patch: + disable-multipath-pr-tests.patch + ------------------------------------------------------------------- Thu Mar 19 22:59:45 UTC 2020 - James Fehlig @@ -1247,6 +1359,26 @@ Tue Mar 17 19:50:01 UTC 2020 - James Fehlig aeb909bf-qemu-multipath-fix.patch bsc#1161883 +------------------------------------------------------------------- +Mon Mar 16 08:42:10 UTC 2020 - Guillaume GARDET + +- Xen is not built for armv7 anymore, so do not use it for armv7 + +------------------------------------------------------------------- +Thu Mar 5 04:09:43 UTC 2020 - James Fehlig + +- Update to libvirt 6.1.0 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - CVE-2020-12430 + bsc#1170765 + - Dropped patches: + 6c1dddaf-libxl-shutdown-inhibit.patch, + 849052ec-libxl-support-credit2.patch, + 72ed254b-drop-exec-perms-bashcompletion.patch, + e092daac-prohib-parallel-tunneled-mig.patch, + ae9e6c2a-qemu-allow-cond-format-probe.patch + ------------------------------------------------------------------- Tue Mar 3 23:22:42 UTC 2020 - James Fehlig @@ -1388,7 +1520,13 @@ Tue Oct 8 17:07:03 UTC 2019 - James Fehlig https://libvirt.org/news.html ------------------------------------------------------------------- -Fri Sep 6 15:13:36 UTC 2019 - James Fehlig +Thu Sep 5 22:21:03 UTC 2019 - James Fehlig + +- Add apparmor-abstractions as a required package for daemon + bsc#1142992 + +------------------------------------------------------------------- +Wed Sep 4 20:54:24 UTC 2019 - James Fehlig - Update to libvirt 5.7.0 - Experimental split of libvirtd into separate daemons @@ -1396,153 +1534,86 @@ Fri Sep 6 15:13:36 UTC 2019 - James Fehlig - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: - 4ec3cf9a-apparmor-rules.patch, - f38ef0fa-no-RDMA-check.patch, - 411cdaf8-apparmor-check-profile-name.patch. - 696239ba-qemu-fix-query-cpus-fast.patch, - 09eb1ae0-conf-add-xenbus-controller.patch, - fb059757-libxl-add-xenbus-controller.patch, - ec5a1191-libxl-support-max-grant-frames.patch, - 5a64c202-xenconfig-support-max-grant-frames.patch, - CVE-2019-3886-api.patch, - CVE-2019-3886-remote.patch, - e0246257-cputest-add-data-for-Cascadelake-Server.patch, - 5cd9db3a-cputest-add-data-E3-1225-v5.patch, - 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch, - 96f41cd7-admin-reject-clients.patch, - f111e094-locking-restrict-sockets-to-mode-0600.patch, - e37bd65f-logging-restrict-sockets-to-mode-0600.patch, - 9f4e35dc-network-improve-chain-create-error-report.patch, - 686803a1-network-split-ipv4-ipv6-chains.patch, - c1c235eb-nework-clear-cached-error.patch, - 4330d138-network-refactor-global-chains.patch, - 3b66bd9a-add-debug-chain-creation.patch, - c6cbe187-network-delay-global-fw-setup.patch, - CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, - CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, - CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, - CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch, - 51f9f80d-fix-copying-bitmaps.patch, - 2878278c-cpu_map-add-Cascaselake-Server.patch, - 4a0f604d-cpu_map-distribute-Cascaselake-Server.patch, - d5572f62-qemu-support-override-max-thread.patch, - 673f805d-qemu-chown-uniqDir.patch, - 975b004d-virtlogd-over-logrotate.patch, - 18d47d61-revert-d00c77ae.patch, - d6943eab-libxl-pmsuspend-event.patch, - 3d179919-virsh-precopy-bandwidth.patch, - f4bdd829-rename-precopy-bandwidth.patch, - xen-pv-cdrom.patch, + 93c1d5fe-network-fix-ability-to-use-openvswitch-with-vlans.patch, blockcopy-check-dst-identical-device.patch, - suse-libvirtd-service-xen.patch, - xen-sxpr-disk-type.patch + suse-libvirtd-service-xen.patch ------------------------------------------------------------------- -Tue Sep 3 17:20:09 UTC 2019 - James Fehlig +Thu Aug 15 19:54:20 UTC 2019 - Martin Wilck -- virsh: use upstream name for migration precopy bandwidth parameter - f4bdd829-rename-precopy-bandwidth.patch - bsc#1145586 +- network: fix ability to use openvswitch with vlans (bsc#1145651) + - Added patch: + 93c1d5fe-network-fix-ability-to-use-openvswitch-with-vlans.patch ------------------------------------------------------------------- -Tue Aug 27 20:58:45 UTC 2019 - James Fehlig - -- virsh: support for setting precopy bandwidth in migrate - 3d179919-virsh-precopy-bandwidth.patch - bsc#1145586 -- Rename patches to include commit ID - revert-d00c77ae.patch -> 18d47d61-revert-d00c77ae.patch - libxl-pmsuspend-event.patch -> d6943eab-libxl-pmsuspend-event.patch - -------------------------------------------------------------------- -Fri Aug 16 17:17:57 UTC 2019 - James Fehlig - -- libxl: fix domain state following successful suspend operation - revert-d00c77ae.patch, libxl-pmsuspend-event.patch - bsc#1145440 - -------------------------------------------------------------------- -Fri Aug 9 14:28:22 UTC 2019 - James Fehlig - -- logging: ensure virtlogd rollover takes priority over logrotate - 975b004d-virtlogd-over-logrotate.patch - bsc#1137137 - -------------------------------------------------------------------- -Fri Aug 2 21:06:27 UTC 2019 - James Fehlig +Mon Aug 5 19:24:35 UTC 2019 - James Fehlig +- Update to libvirt 5.6.0 + - Enable proper use of systemd socket activation with libvirtd + - bsc#1133719 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + xen-pv-cdrom.patch, xen-sxpr-disk-type.patch - qemu: fix default value of security_default_confined Updated suse-qemu-conf.patch bsc#1143871 ------------------------------------------------------------------- -Fri Aug 2 20:48:51 UTC 2019 - James Fehlig +Tue Jul 2 21:24:26 UTC 2019 - James Fehlig -- qemu: Change owner of temp directories under /var/lib/libvirt/qemu - 673f805d-qemu-chown-uniqDir.patch - bsc#1143497 +- Update to libvirt 5.5.0 + - CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + aed6a032-CVE-2019-10161.patch, + db0b7845-CVE-2019-10166.patch, + 8afa68ba-CVE-2019-10167.patch, + bf6c2830-CVE-2019-10168.patch ------------------------------------------------------------------- -Wed Jul 31 14:27:36 UTC 2019 - Goldwyn Rodrigues - -- Add apparmor-abstractions as a required package for daemon - (bsc#1142992) - -------------------------------------------------------------------- -Thu Jul 25 16:00:05 UTC 2019 - James Fehlig - -- qemu: Add support for overriding max threads per process limit - d5572f62-qemu-support-override-max-thread.patch - bsc#1133719 - -------------------------------------------------------------------- -Thu Jul 18 16:17:46 UTC 2019 - James Fehlig - -- cpu_map: Add Cascadelake-Server CPU model - e0246257-cputest-add-data-for-Cascadelake-Server.patch, - 2878278c-cpu_map-add-Cascaselake-Server.patch, - 4a0f604d-cpu_map-distribute-Cascaselake-Server.patch - bsc#1141251 - -------------------------------------------------------------------- -Wed Jun 19 21:37:53 UTC 2019 - James Fehlig - -- util: fix copying bitmap to larger data buffer - 51f9f80d-fix-copying-bitmaps.patch - bsc#1138734 - -------------------------------------------------------------------- -Fri Jun 14 17:08:57 UTC 2019 - James Fehlig +Thu Jun 20 14:55:04 UTC 2019 - Jim Fehlig - api: disallow virConnect*HypervisorCPU, virConnectGetDomainCapabilities, virDomainManagedSaveDefineXML, and virDomainSaveImageGetXMLDesc on read-only connections - CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc.patch, - CVE-2019-10166-api-disallow-virDomainManagedSaveDefineXML.patch, - CVE-2019-10167-api-disallow-virConnectGetDomainCapabilities.patch, - CVE-2019-10168-api-disallow-virConnect-HypervisorCPU.patch + aed6a032-CVE-2019-10161.patch, db0b7845-CVE-2019-10166.patch, + 8afa68ba-CVE-2019-10167.patch, bf6c2830-CVE-2019-10168.patch CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 bsc#1138301, bsc#1138302, bsc#1138303, bsc#1138305 ------------------------------------------------------------------- -Fri May 24 18:22:39 UTC 2019 - James Fehlig +Wed Jun 12 15:03:47 UTC 2019 - Dominique Leuenberger -- network: delay global firewall setup if no networks are running - 9f4e35dc-network-improve-chain-create-error-report.patch, - 686803a1-network-split-ipv4-ipv6-chains.patch, - c1c235eb-nework-clear-cached-error.patch, - 4330d138-network-refactor-global-chains.patch, - 3b66bd9a-add-debug-chain-creation.patch, - c6cbe187-network-delay-global-fw-setup.patch, - Dropped patches: revert-7431b3eb.patch, revert-8b967198.patch - bsc#1133229 -- Renamed patches to include commit id: - CVE-2019-10132-admin-reject-clients.patch -> - 96f41cd7-admin-reject-clients.patch - CVE-2019-10132-locking-restrict-sockets-to-mode-0600.patch -> - f111e094-locking-restrict-sockets-to-mode-0600.patch - CVE-2019-10132-logging-restrict-sockets-to-mode-0600.patch -> - e37bd65f-logging-restrict-sockets-to-mode-0600.patch +- Drop systemd BuildRequires: there is already pkgconfig(systemd) + present, which is the same package. + +------------------------------------------------------------------- +Mon Jun 3 17:05:52 UTC 2019 - Jim Fehlig + +- Update to libvirt 5.4.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + 5cd9db3a-cputest-add-data-E3-1225-v5.patch, + 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch, + 96f41cd7-admin-reject-clients.patch, + f111e094-locking-restrict-sockets-to-mode-0600.patch, + e37bd65f-logging-restrict-sockets-to-mode-0600.patch, + 76b420d0-build-libqemutestdriver-lto-fix.patch + +------------------------------------------------------------------- +Thu May 30 16:08:06 UTC 2019 - James Fehlig + +- build: fix linking libqemutestdriver with LTO enabled + 76b420d0-build-libqemutestdriver-lto-fix.patch + boo#1133253 + +------------------------------------------------------------------- +Thu May 30 06:58:30 UTC 2019 - Martin Liška + +- Use %make_build in order to provide verbose output. ------------------------------------------------------------------- Thu May 23 17:07:21 UTC 2019 - Jim Fehlig @@ -1551,47 +1622,93 @@ Thu May 23 17:07:21 UTC 2019 - Jim Fehlig bsc#1136109 ------------------------------------------------------------------- -Mon May 20 17:33:59 UTC 2019 - James Fehlig +Tue May 21 17:15:09 UTC 2019 - James Fehlig -- cpu: add tests for md-clear feature - Updated 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch and - added 5cd9db3a-cputest-add-data-E3-1225-v5.patch - bsc#1135273 - -------------------------------------------------------------------- -Mon May 20 17:24:53 UTC 2019 - James Fehlig - -- CVE-2019-10132: admin: reject clients unless their UID matches - the server UID - CVE-2019-10132-admin-reject-clients.patch, - CVE-2019-10132-locking-restrict-sockets-to-mode-0600.patch, - CVE-2019-10132-logging-restrict-sockets-to-mode-0600.patch +- admin: reject clients unless their UID matches the server UID + CVE-2019-10132 + 96f41cd7-admin-reject-clients.patch, + f111e094-locking-restrict-sockets-to-mode-0600.patch, + e37bd65f-logging-restrict-sockets-to-mode-0600.patch bsc#1134348 ------------------------------------------------------------------- -Wed May 15 16:51:50 UTC 2019 - Bruce Rogers +Mon May 20 21:50:28 UTC 2019 - James Fehlig - cpu_map: add cpu feature md-clear. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + 5cd9db3a-cputest-add-data-E3-1225-v5.patch, 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch - bsc#1111331 - bsc#1135273 + bsc#1111331, bsc#1135273 ------------------------------------------------------------------- -Thu Apr 25 15:45:28 UTC 2019 - James Fehlig +Wed May 8 17:03:43 UTC 2019 - James Fehlig -- Revert commits 5f1e6a7d and f6c5babb to avoid loading conntrack - module at libvird start - revert-7431b3eb.patch, revert-8b967198.patch - bsc#1133229 +- Update to libvirt 5.3.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + ff376c62-tests-fix-mocking-stat-lstat.patch, + ebe9c6ea-qemu-firmware-dirent.patch, + 2a07c990-api-CVE-2019-3886.patch, + ae076bb4-remote-CVE-2019-3886.patch, + f66f70ac-snapshot-fix-use-after-free.patch, + 89237d53-conf-expose-virDomainSCSIDriveAddressIsUsed.patch, + ee2c5ef3-test-scsi-disk.patch, + ddc72f99-qemu-check-dup-drive-address.patch, + 22dc3e94-revert-f1d65853.patch + +------------------------------------------------------------------- +Thu Apr 25 20:42:03 UTC 2019 - Jim Fehlig + +- Fix build with LTO enabled + Adjusted support-managed-pci-xen-driver.patch + boo#1133253 + +------------------------------------------------------------------- +Fri Apr 19 17:06:42 UTC 2019 - James Fehlig + +- qemu: fix CDROM media change when using virDomainAttachDevice + 89237d53-conf-expose-virDomainSCSIDriveAddressIsUsed.patch, + ee2c5ef3-test-scsi-disk.patch, + ddc72f99-qemu-check-dup-drive-address.patch, + 22dc3e94-revert-f1d65853.patch + boo#1132127 + +------------------------------------------------------------------- +Thu Apr 11 23:00:48 UTC 2019 - James Fehlig + +- Fix and re-enable snapshot tests + f66f70ac-snapshot-fix-use-after-free.patch ------------------------------------------------------------------- Fri Apr 5 19:58:10 UTC 2019 - James Fehlig - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users - CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch + 2a07c990-api-CVE-2019-3886.patch, + ae076bb4-remote-CVE-2019-3886.patch bsc#1131595 +- spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch + touches remote_protocol.x + +------------------------------------------------------------------- +Wed Apr 3 18:08:00 UTC 2019 - Jim Fehlig + +- Update to libvirt 5.2.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + 4ec3cf9a-apparmor-rules.patch, + f38ef0fa-no-RDMA-check.patch, + 411cdaf8-apparmor-check-profile-name.patch, + 696239ba-qemu-fix-query-cpus-fast.patch, + 09eb1ae0-conf-add-xenbus-controller.patch, + fb059757-libxl-add-xenbus-controller.patch, + ec5a1191-libxl-support-max-grant-frames.patch, + 5a64c202-xenconfig-support-max-grant-frames.patch + - Added patches: + ff376c62-tests-fix-mocking-stat-lstat.patch, + ebe9c6ea-qemu-firmware-dirent.patch ------------------------------------------------------------------- Thu Mar 21 21:40:06 UTC 2019 - James Fehlig diff --git a/libvirt.spec b/libvirt.spec index 38235dc..a4a8435 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -38,7 +38,11 @@ %define with_storage_gluster 0%{!?_without_storage_gluster:1} %define with_storage_iscsi_direct 0%{!?_without_storage_iscsi_direct:0} %define with_apparmor 0%{!?_without_apparmor:1} -%define with_interface 0%{!?_without_interface:1} +# The udev interface backend is the only one that works across SUSE distros. +# It supports just a handful of read-only operations, has a history of +# instability, and is insufficiently maintained. Completely disable the +# interface driver. +%define with_interface 0%{!?_without_interface:0} # Optional bits on by default %define with_sanlock 0%{!?_without_sanlock:1} @@ -68,9 +72,9 @@ %define with_numactl 0 %endif -# Tumbleweeed and SLE15 SP7 are new enough to support /dev/userfaultfd, -# which does not require enabling vm.unprivileged_userfaultfd sysct -%if 0%{?suse_version} > 1500 || 0%{?sle_version} > 150600 +# Tumbleweeed is new enough to support /dev/userfaultfd, which +# does not require enabling vm.unprivileged_userfaultfd sysct +%if 0%{?suse_version} > 1500 %define with_userfaultfd_sysctl 0 %endif @@ -119,9 +123,8 @@ %define with_storage_gluster 0 %endif -# Prefer nftables for Tumbleweed, but keep using iptables for distros based -# on SLE15 codestream -%if 0%{?suse_version} > 1500 +# Prefer nftables if available +%if "%{?default_firewall_backend}" == "nftables" %define prefer_nftables 1 %define firewall_backend_priority nftables,iptables %else @@ -145,7 +148,7 @@ Name: libvirt URL: https://libvirt.org/ -Version: 10.8.0 +Version: 10.9.0 Release: 0 Summary: Library providing a virtualization API License: LGPL-2.1-or-later @@ -686,7 +689,7 @@ Requires: %{name}-daemon-driver-interface = %{version}-%{release} %endif Requires: %{name}-daemon-driver-network = %{version}-%{release} Requires: %{name}-daemon-driver-nodedev = %{version}-%{release} -Requires: %{name}-daemon-driver-nwfilter = %{version}-%{release} +Recommends: %{name}-daemon-driver-nwfilter = %{version}-%{release} Requires: %{name}-daemon-driver-qemu = %{version}-%{release} Requires: %{name}-daemon-driver-secret = %{version}-%{release} Requires: %{name}-daemon-driver-storage = %{version}-%{release} @@ -708,7 +711,7 @@ Requires: %{name}-daemon-driver-interface = %{version}-%{release} Requires: %{name}-daemon-driver-lxc = %{version}-%{release} Requires: %{name}-daemon-driver-network = %{version}-%{release} Requires: %{name}-daemon-driver-nodedev = %{version}-%{release} -Requires: %{name}-daemon-driver-nwfilter = %{version}-%{release} +Recommends: %{name}-daemon-driver-nwfilter = %{version}-%{release} Requires: %{name}-daemon-driver-secret = %{version}-%{release} Requires: %{name}-daemon-driver-storage = %{version}-%{release} @@ -730,7 +733,6 @@ Requires: %{name}-daemon-driver-interface = %{version}-%{release} Requires: %{name}-daemon-driver-libxl = %{version}-%{release} Requires: %{name}-daemon-driver-network = %{version}-%{release} Requires: %{name}-daemon-driver-nodedev = %{version}-%{release} -Requires: %{name}-daemon-driver-nwfilter = %{version}-%{release} Requires: %{name}-daemon-driver-secret = %{version}-%{release} Requires: %{name}-daemon-driver-storage = %{version}-%{release} Requires: xen @@ -749,7 +751,7 @@ Requires: %{name}-daemon-driver-interface = %{version}-%{release} %endif Requires: %{name}-daemon-driver-network = %{version}-%{release} Requires: %{name}-daemon-driver-nodedev = %{version}-%{release} -Requires: %{name}-daemon-driver-nwfilter = %{version}-%{release} +Recommends: %{name}-daemon-driver-nwfilter = %{version}-%{release} Requires: %{name}-daemon-driver-secret = %{version}-%{release} Requires: %{name}-daemon-driver-storage = %{version}-%{release} Requires: %{name}-daemon-driver-vbox = %{version}-%{release} @@ -1149,33 +1151,6 @@ rm -f %{buildroot}/%{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug rm -f %{buildroot}/%{_sysusersdir}/libvirt-qemu.conf rm -f %{buildroot}/usr/lib/sysctl.d/60-libvirtd.conf -# Provide rc symlink backward compatibility -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rclibvirtd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtproxyd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtlogd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtlockd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtnetworkd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtnodedevd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtnwfilterd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtsecretd -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtstoraged -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rclibvirt-guests - -%if %{with_interface} -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtinterfaced -%endif -%if %{with_qemu} -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtqemud -%endif -%if %{with_lxc} -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtlxcd -%endif -%if %{with_libxl} -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtxend -%endif -%if %{with_vbox} -ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtvboxd -%endif # Install firewall services for migration ports mkdir -p %{buildroot}/%{_fwdefdir} @@ -1470,7 +1445,6 @@ fi %{_unitdir}/libvirtd-admin.socket %{_unitdir}/libvirtd-tcp.socket %{_unitdir}/libvirtd-tls.socket -%{_sbindir}/rclibvirtd %config(noreplace) %{_sysconfdir}/%{name}/libvirtd.conf %if %{with_apparmor} %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.libvirtd @@ -1489,7 +1463,6 @@ fi %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/hooks %{_unitdir}/libvirt-guests.service %{_unitdir}/virt-guest-shutdown.target -%{_sbindir}/rclibvirt-guests %{_bindir}/virt-admin %{_bindir}/virt-host-validate %dir %{_sysconfdir}/sasl2/ @@ -1536,7 +1509,6 @@ fi %{_unitdir}/virtlockd.service %{_unitdir}/virtlockd.socket %{_unitdir}/virtlockd-admin.socket -%{_sbindir}/rcvirtlockd %config(noreplace) %{_sysconfdir}/%{name}/virtlockd.conf %{_datadir}/augeas/lenses/virtlockd.aug %{_datadir}/augeas/lenses/tests/test_virtlockd.aug @@ -1553,7 +1525,6 @@ fi %{_unitdir}/virtlogd.service %{_unitdir}/virtlogd.socket %{_unitdir}/virtlogd-admin.socket -%{_sbindir}/rcvirtlogd %config(noreplace) %{_sysconfdir}/%{name}/virtlogd.conf %{_datadir}/augeas/lenses/virtlogd.aug %{_datadir}/augeas/lenses/tests/test_virtlogd.aug @@ -1567,7 +1538,6 @@ fi %{_unitdir}/virtproxyd-admin.socket %{_unitdir}/virtproxyd-tcp.socket %{_unitdir}/virtproxyd-tls.socket -%{_sbindir}/rcvirtproxyd %config(noreplace) %{_sysconfdir}/%{name}/virtproxyd.conf %{_datadir}/augeas/lenses/virtproxyd.aug %{_datadir}/augeas/lenses/tests/test_virtproxyd.aug @@ -1594,7 +1564,6 @@ fi %{_unitdir}/virtinterfaced-ro.socket %{_unitdir}/virtinterfaced-admin.socket %{_sbindir}/virtinterfaced -%{_sbindir}/rcvirtinterfaced %dir %{_libdir}/%{name}/connection-driver/ %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so %doc %{_mandir}/man8/virtinterfaced.8* @@ -1612,7 +1581,6 @@ fi %{_unitdir}/virtnetworkd-ro.socket %{_unitdir}/virtnetworkd-admin.socket %{_sbindir}/virtnetworkd -%{_sbindir}/rcvirtnetworkd %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/qemu/ %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/qemu/networks/ %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/qemu/networks/autostart/ @@ -1641,7 +1609,6 @@ fi %{_unitdir}/virtnodedevd-ro.socket %{_unitdir}/virtnodedevd-admin.socket %{_sbindir}/virtnodedevd -%{_sbindir}/rcvirtnodedevd %dir %{_libdir}/%{name}/connection-driver/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so %doc %{_mandir}/man8/virtnodedevd.8* @@ -1655,7 +1622,6 @@ fi %{_unitdir}/virtnwfilterd-ro.socket %{_unitdir}/virtnwfilterd-admin.socket %{_sbindir}/virtnwfilterd -%{_sbindir}/rcvirtnwfilterd %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/nwfilter/ %dir %{_libdir}/%{name}/connection-driver/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so @@ -1670,7 +1636,6 @@ fi %{_unitdir}/virtsecretd-ro.socket %{_unitdir}/virtsecretd-admin.socket %{_sbindir}/virtsecretd -%{_sbindir}/rcvirtsecretd %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/secrets/ %dir %{_libdir}/%{name}/connection-driver/ %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so @@ -1687,7 +1652,6 @@ fi %{_unitdir}/virtstoraged-ro.socket %{_unitdir}/virtstoraged-admin.socket %{_sbindir}/virtstoraged -%{_sbindir}/rcvirtstoraged %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/storage/ %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/storage/autostart/ @@ -1747,7 +1711,6 @@ fi %{_unitdir}/virtqemud-ro.socket %{_unitdir}/virtqemud-admin.socket %{_sbindir}/virtqemud -%{_sbindir}/rcvirtqemud %config(noreplace) %{_sysconfdir}/%{name}/qemu.conf %config(noreplace) %{_sysconfdir}/%{name}/qemu-lockd.conf %{logrotate_prefix} %{logrotate_dir}/libvirtd.qemu @@ -1779,7 +1742,6 @@ fi %{_unitdir}/virtlxcd-ro.socket %{_unitdir}/virtlxcd-admin.socket %{_sbindir}/virtlxcd -%{_sbindir}/rcvirtlxcd %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/lxc/ %dir %attr(0700, root, root) %{_sysconfdir}/%{name}/lxc/autostart/ %config(noreplace) %{_sysconfdir}/%{name}/lxc.conf @@ -1810,7 +1772,6 @@ fi %{_unitdir}/virtxend-ro.socket %{_unitdir}/virtxend-admin.socket %{_sbindir}/virtxend -%{_sbindir}/rcvirtxend %config(noreplace) %{_sysconfdir}/%{name}/libxl.conf %{logrotate_prefix} %{logrotate_dir}/libvirtd.libxl %config(noreplace) %{_sysconfdir}/%{name}/libxl-lockd.conf @@ -1838,7 +1799,6 @@ fi %{_unitdir}/virtvboxd-ro.socket %{_unitdir}/virtvboxd-admin.socket %{_sbindir}/virtvboxd -%{_sbindir}/rcvirtvboxd %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so %doc %{_mandir}/man8/virtvboxd.8* %endif