From 938f073a9ba720b15dc915c768f30fc89c80e3720cdbb4577d398bcdfd6938a0 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 18 Dec 2015 21:01:20 +0000 Subject: [PATCH 1/2] Accepting request 349565 from home:jfehlig:branches:Virtualization - CVE-2015-5313: don't allow '/' in filesystem volume names 034e47c3-CVE-2015-5313.patch bsc#953110 - Fix failing qemuxml2argv test on 32-bit platforms ace1ee22-qemuxml2argv-test.patch - Update to libvirt 1.3.0 - New virtlogd log daemon - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patch: 703ec1b7-qemu-bridge-helper-fix.patch - Added patch: virtlogd-init-script.patch OBS-URL: https://build.opensuse.org/request/show/349565 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=505 --- 034e47c3-CVE-2015-5313.patch | 68 ++++++++++++ 703ec1b7-qemu-bridge-helper-fix.patch | 24 ---- ace1ee22-qemuxml2argv-test.patch | 45 ++++++++ add-with-login-shell.patch | 27 ++--- apparmor-fixes.patch | 8 +- apparmor-no-mount.patch | 6 +- blockcopy-check-dst-identical-device.patch | 8 +- libvirt-1.2.21.tar.gz | 3 - libvirt-1.2.21.tar.gz.asc | 7 -- libvirt-1.3.0.tar.gz | 3 + libvirt-1.3.0.tar.gz.asc | 7 ++ libvirt-guests-init-script.patch | 18 +-- libvirt-power8-models.patch | 6 +- libvirt-suse-netcontrol.patch | 42 +++---- libvirt.changes | 19 ++++ libvirt.spec | 60 +++++++--- libvirtd-defaults.patch | 18 +-- libvirtd-init-script.patch | 6 +- libvirtd-systemd-socket.patch | 6 +- lxc-wait-after-eth-del.patch | 35 +++--- ppc64le-canonical-name.patch | 6 +- qemu-apparmor-screenshot.patch | 8 +- support-managed-pci-xen-driver.patch | 12 +- suse-qemu-conf.patch | 6 +- systemd-service-xen.patch | 6 +- virt-aa-helper-rw-mounts.patch | 11 +- virtlockd-init-script.patch | 12 +- virtlogd-init-script.patch | 121 +++++++++++++++++++++ xen-pv-cdrom.patch | 6 +- xen-sxpr-disk-type.patch | 6 +- 30 files changed, 432 insertions(+), 178 deletions(-) create mode 100644 034e47c3-CVE-2015-5313.patch delete mode 100644 703ec1b7-qemu-bridge-helper-fix.patch create mode 100644 ace1ee22-qemuxml2argv-test.patch delete mode 100644 libvirt-1.2.21.tar.gz delete mode 100644 libvirt-1.2.21.tar.gz.asc create mode 100644 libvirt-1.3.0.tar.gz create mode 100644 libvirt-1.3.0.tar.gz.asc create mode 100644 virtlogd-init-script.patch diff --git a/034e47c3-CVE-2015-5313.patch b/034e47c3-CVE-2015-5313.patch new file mode 100644 index 0000000..e2d0f63 --- /dev/null +++ b/034e47c3-CVE-2015-5313.patch @@ -0,0 +1,68 @@ +commit 034e47c338b13a95cf02106a3af912c1c5f818d7 +Author: Eric Blake +Date: Tue Dec 8 17:46:31 2015 -0700 + + CVE-2015-5313: storage: don't allow '/' in filesystem volume names + + The libvirt file system storage driver determines what file to + act on by concatenating the pool location with the volume name. + If a user is able to pick names like "../../../etc/passwd", then + they can escape the bounds of the pool. For that matter, + virStoragePoolListVolumes() doesn't descend into subdirectories, + so a user really shouldn't use a name with a slash. + + Normally, only privileged users can coerce libvirt into creating + or opening existing files using the virStorageVol APIs; and such + users already have full privilege to create any domain XML (so it + is not an escalation of privilege). But in the case of + fine-grained ACLs, it is feasible that a user can be granted + storage_vol:create but not domain:write, and it violates + assumptions if such a user can abuse libvirt to access files + outside of the storage pool. + + Therefore, prevent all use of volume names that contain "/", + whether or not such a name is actually attempting to escape the + pool. + + This changes things from: + + $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 + Vol ../../../../../../etc/haha created + $ rm /etc/haha + + to: + + $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 + error: Failed to create vol ../../../../../../etc/haha + error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' + + Signed-off-by: Eric Blake + +Index: libvirt-1.3.0/src/storage/storage_backend_fs.c +=================================================================== +--- libvirt-1.3.0.orig/src/storage/storage_backend_fs.c ++++ libvirt-1.3.0/src/storage/storage_backend_fs.c +@@ -1,7 +1,7 @@ + /* + * storage_backend_fs.c: storage backend for FS and directory handling + * +- * Copyright (C) 2007-2014 Red Hat, Inc. ++ * Copyright (C) 2007-2015 Red Hat, Inc. + * Copyright (C) 2007-2008 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or +@@ -1057,6 +1057,14 @@ virStorageBackendFileSystemVolCreate(vir + else + vol->type = VIR_STORAGE_VOL_FILE; + ++ /* Volumes within a directory pools are not recursive; do not ++ * allow escape to ../ or a subdir */ ++ if (strchr(vol->name, '/')) { ++ virReportError(VIR_ERR_OPERATION_INVALID, ++ _("volume name '%s' cannot contain '/'"), vol->name); ++ return -1; ++ } ++ + VIR_FREE(vol->target.path); + if (virAsprintf(&vol->target.path, "%s/%s", + pool->def->target.path, diff --git a/703ec1b7-qemu-bridge-helper-fix.patch b/703ec1b7-qemu-bridge-helper-fix.patch deleted file mode 100644 index 906d37c..0000000 --- a/703ec1b7-qemu-bridge-helper-fix.patch +++ /dev/null @@ -1,24 +0,0 @@ -commit 703ec1b73da3560374cba65017d9eaf58f92c695 -Author: Michel Normand -Date: Wed Nov 4 10:01:24 2015 +0100 - - qemu: add /usr/lib to AC_PATH_PROG for qemu-bridge-helper - - For openSUSE the qemu-bridge-helper is installed in /usr/lib - So libvirt has to search it in this directory. - - Signed-off-by: Michel Normand - -diff --git a/configure.ac b/configure.ac -index f01bb40..f481c50 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2520,7 +2520,7 @@ AC_DEFINE_UNQUOTED([QEMU_USER], ["$QEMU_USER"], [QEMU user account]) - AC_DEFINE_UNQUOTED([QEMU_GROUP], ["$QEMU_GROUP"], [QEMU group account]) - - AC_PATH_PROG([QEMU_BRIDGE_HELPER], [qemu-bridge-helper], [/usr/libexec/qemu-bridge-helper], -- [/usr/libexec:/usr/lib/qemu]) -+ [/usr/libexec:/usr/lib/qemu:/usr/lib]) - AC_DEFINE_UNQUOTED([QEMU_BRIDGE_HELPER], ["$QEMU_BRIDGE_HELPER"], [QEMU bridge helper]) - - AC_ARG_WITH([macvtap], diff --git a/ace1ee22-qemuxml2argv-test.patch b/ace1ee22-qemuxml2argv-test.patch new file mode 100644 index 0000000..62c51bf --- /dev/null +++ b/ace1ee22-qemuxml2argv-test.patch @@ -0,0 +1,45 @@ +commit ace1ee225f5cd87fb095054a6a19bdcd0fa57518 +Author: Peter Krempa +Date: Thu Dec 10 14:36:51 2015 +0100 + + test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference + + Always return LLONG_MAX even on 32 bit systems. The limitation + originates from our use of "unsigned long" in several APIs. The internal + data type is unsigned long long. Make the test suite deterministic by + removing the architecture difference. + + Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where + I've added a test that uses too large numbers. + +Index: libvirt-1.3.0/src/util/virutil.c +=================================================================== +--- libvirt-1.3.0.orig/src/util/virutil.c ++++ libvirt-1.3.0/src/util/virutil.c +@@ -2639,6 +2639,8 @@ virMemoryLimitIsSet(unsigned long long v + * @capped: whether the value must fit into unsigned long + * (long long is assumed otherwise) + * ++ * Note: This function is mocked in tests/qemuxml2argvmock.c for test stability ++ * + * Returns the maximum possible memory value in bytes. + */ + unsigned long long +Index: libvirt-1.3.0/tests/qemuxml2argvmock.c +=================================================================== +--- libvirt-1.3.0.orig/tests/qemuxml2argvmock.c ++++ libvirt-1.3.0/tests/qemuxml2argvmock.c +@@ -74,3 +74,13 @@ virTPMCreateCancelPath(const char *devpa + + return path; + } ++ ++/** ++ * Large values for memory would fail on 32 bit systems, despite having ++ * variables that support it. ++ */ ++unsigned long long ++virMemoryMaxValue(bool capped ATTRIBUTE_UNUSED) ++{ ++ return LLONG_MAX; ++} diff --git a/add-with-login-shell.patch b/add-with-login-shell.patch index 8a9d82a..6dc64de 100644 --- a/add-with-login-shell.patch +++ b/add-with-login-shell.patch @@ -10,10 +10,10 @@ enabled. tools/Makefile.am | 12 ++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) -diff --git a/configure.ac b/configure.ac -index 75e95b7..d054ba6 100644 ---- a/configure.ac -+++ b/configure.ac +Index: libvirt-1.3.0/configure.ac +=================================================================== +--- libvirt-1.3.0.orig/configure.ac ++++ libvirt-1.3.0/configure.ac @@ -1074,6 +1074,19 @@ if test "$with_lxc" = "yes" ; then fi AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"]) @@ -34,7 +34,7 @@ index 75e95b7..d054ba6 100644 dnl dnl Checks for the Parallels driver dnl -@@ -2974,6 +2987,7 @@ AC_MSG_NOTICE([ Init script: $with_init_script]) +@@ -2974,6 +2987,7 @@ AC_MSG_NOTICE([ Init script: $with_ AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) AC_MSG_NOTICE([ Default Editor: $DEFAULT_EDITOR]) AC_MSG_NOTICE([ Loader/NVRAM: $with_loader_nvram]) @@ -42,10 +42,10 @@ index 75e95b7..d054ba6 100644 AC_MSG_NOTICE([]) AC_MSG_NOTICE([Developer Tools]) AC_MSG_NOTICE([]) -diff --git a/tools/Makefile.am b/tools/Makefile.am -index d5638d9..d005035 100644 ---- a/tools/Makefile.am -+++ b/tools/Makefile.am +Index: libvirt-1.3.0/tools/Makefile.am +=================================================================== +--- libvirt-1.3.0.orig/tools/Makefile.am ++++ libvirt-1.3.0/tools/Makefile.am @@ -71,12 +71,12 @@ sbin_SCRIPTS = virt-sanlock-cleanup DISTCLEANFILES += virt-sanlock-cleanup endif WITH_SANLOCK @@ -62,10 +62,10 @@ index d5638d9..d005035 100644 dist_man1_MANS = \ -@@ -84,11 +84,11 @@ dist_man1_MANS = \ - virt-pki-validate.1 \ +@@ -85,11 +85,11 @@ dist_man1_MANS = \ virt-xml-validate.1 \ - virsh.1 + virsh.1 \ + virt-admin.1 -if WITH_LXC +if WITH_LOGIN_SHELL dist_man1_MANS += virt-login-shell.1 @@ -77,6 +77,3 @@ index d5638d9..d005035 100644 if WITH_SANLOCK dist_man8_MANS = virt-sanlock-cleanup.8 endif WITH_SANLOCK --- -2.1.4 - diff --git a/apparmor-fixes.patch b/apparmor-fixes.patch index 2fdc948..eb68fcc 100644 --- a/apparmor-fixes.patch +++ b/apparmor-fixes.patch @@ -1,8 +1,8 @@ -Index: libvirt-1.2.21/examples/apparmor/libvirt-qemu +Index: libvirt-1.3.0/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.2.21.orig/examples/apparmor/libvirt-qemu -+++ libvirt-1.2.21/examples/apparmor/libvirt-qemu -@@ -124,6 +124,9 @@ +--- libvirt-1.3.0.orig/examples/apparmor/libvirt-qemu ++++ libvirt-1.3.0/examples/apparmor/libvirt-qemu +@@ -143,6 +143,9 @@ # for restore /bin/bash rmix, diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch index c1a5b4f..c988502 100644 --- a/apparmor-no-mount.patch +++ b/apparmor-no-mount.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/examples/apparmor/libvirt-lxc +Index: libvirt-1.3.0/examples/apparmor/libvirt-lxc =================================================================== ---- libvirt-1.2.21.orig/examples/apparmor/libvirt-lxc -+++ libvirt-1.2.21/examples/apparmor/libvirt-lxc +--- libvirt-1.3.0.orig/examples/apparmor/libvirt-lxc ++++ libvirt-1.3.0/examples/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index 808ae45..bfa705b 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-1.2.21/src/qemu/qemu_driver.c +Index: libvirt-1.3.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-1.2.21.orig/src/qemu/qemu_driver.c -+++ libvirt-1.2.21/src/qemu/qemu_driver.c -@@ -16720,6 +16720,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-1.3.0.orig/src/qemu/qemu_driver.c ++++ libvirt-1.3.0/src/qemu/qemu_driver.c +@@ -16728,6 +16728,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt _("non-file destination not supported yet")); goto endjob; } diff --git a/libvirt-1.2.21.tar.gz b/libvirt-1.2.21.tar.gz deleted file mode 100644 index 283e025..0000000 --- a/libvirt-1.2.21.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8d406582f5fe88d739d1d83e0ba7ac7f91f5a8da4be82162ab85631744d8925b -size 29848954 diff --git a/libvirt-1.2.21.tar.gz.asc b/libvirt-1.2.21.tar.gz.asc deleted file mode 100644 index 9121139..0000000 --- a/libvirt-1.2.21.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlY5cxIACgkQRga4pd6VvB+57ACggaUKRQGC2f4SjR7yjRHl0xwF -QooAnjkqwZET0DNHixm+FA71UQ+mCn+1 -=sIXv ------END PGP SIGNATURE----- diff --git a/libvirt-1.3.0.tar.gz b/libvirt-1.3.0.tar.gz new file mode 100644 index 0000000..11345e1 --- /dev/null +++ b/libvirt-1.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ebcf5645fa565e3fe2fe94a86e841db9b768cf0e0a7e6cf395c6327f9a23bd64 +size 30114683 diff --git a/libvirt-1.3.0.tar.gz.asc b/libvirt-1.3.0.tar.gz.asc new file mode 100644 index 0000000..2fe8758 --- /dev/null +++ b/libvirt-1.3.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlZn8jcACgkQRga4pd6VvB/RIQCgkbUJElaR8UblnEcphnlFUaZt +YooAn32VWCOwuu/LanKnpQU5Ud0Fckx8 +=+X0a +-----END PGP SIGNATURE----- diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index bf6ce2f..153a7ab 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.2.21/tools/libvirt-guests.init.in +Index: libvirt-1.3.0/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.2.21.orig/tools/libvirt-guests.init.in -+++ libvirt-1.2.21/tools/libvirt-guests.init.in +--- libvirt-1.3.0.orig/tools/libvirt-guests.init.in ++++ libvirt-1.3.0/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.2.21/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.2.21/tools/libvirt-guests.sh.in +Index: libvirt-1.3.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.2.21.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.2.21/tools/libvirt-guests.sh.in +--- libvirt-1.3.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.3.0/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -191,10 +191,10 @@ Index: libvirt-1.2.21/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-1.2.21/tools/libvirt-guests.sysconf +Index: libvirt-1.3.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.2.21.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.2.21/tools/libvirt-guests.sysconf +--- libvirt-1.3.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.3.0/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index ba3322c..3ebcace 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/src/cpu/cpu_map.xml +Index: libvirt-1.3.0/src/cpu/cpu_map.xml =================================================================== ---- libvirt-1.2.21.orig/src/cpu/cpu_map.xml -+++ libvirt-1.2.21/src/cpu/cpu_map.xml +--- libvirt-1.3.0.orig/src/cpu/cpu_map.xml ++++ libvirt-1.3.0/src/cpu/cpu_map.xml @@ -1424,6 +1424,16 @@ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index f5c3521..ad98d3f 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/configure.ac +Index: libvirt-1.3.0/configure.ac =================================================================== ---- libvirt-1.2.21.orig/configure.ac -+++ libvirt-1.2.21/configure.ac +--- libvirt-1.3.0.orig/configure.ac ++++ libvirt-1.3.0/configure.ac @@ -242,6 +242,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL @@ -10,7 +10,7 @@ Index: libvirt-1.2.21/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2482,11 +2483,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2495,11 +2496,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.2.21/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2880,6 +2882,7 @@ LIBVIRT_RESULT_FUSE +@@ -2893,6 +2895,7 @@ LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_GLUSTER LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.2.21/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.2.21/src/Makefile.am +Index: libvirt-1.3.0/src/Makefile.am =================================================================== ---- libvirt-1.2.21.orig/src/Makefile.am -+++ libvirt-1.2.21/src/Makefile.am -@@ -878,6 +878,10 @@ if WITH_NETCF +--- libvirt-1.3.0.orig/src/Makefile.am ++++ libvirt-1.3.0/src/Makefile.am +@@ -922,6 +922,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ Index: libvirt-1.2.21/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1503,6 +1507,10 @@ if WITH_NETCF +@@ -1547,6 +1551,10 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) endif WITH_NETCF @@ -60,10 +60,10 @@ Index: libvirt-1.2.21/src/Makefile.am if WITH_UDEV libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS) libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) -Index: libvirt-1.2.21/tools/virsh.c +Index: libvirt-1.3.0/tools/virsh.c =================================================================== ---- libvirt-1.2.21.orig/tools/virsh.c -+++ libvirt-1.2.21/tools/virsh.c +--- libvirt-1.3.0.orig/tools/virsh.c ++++ libvirt-1.3.0/tools/virsh.c @@ -588,6 +588,8 @@ virshShowVersion(vshControl *ctl ATTRIBU vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -73,10 +73,10 @@ Index: libvirt-1.2.21/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.2.21/src/interface/interface_backend_netcf.c +Index: libvirt-1.3.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.2.21.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.2.21/src/interface/interface_backend_netcf.c +--- libvirt-1.3.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.3.0/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -160,10 +160,10 @@ Index: libvirt-1.2.21/src/interface/interface_backend_netcf.c if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) return -1; if (virRegisterStateDriver(&interfaceStateDriver) < 0) -Index: libvirt-1.2.21/src/interface/interface_driver.c +Index: libvirt-1.3.0/src/interface/interface_driver.c =================================================================== ---- libvirt-1.2.21.orig/src/interface/interface_driver.c -+++ libvirt-1.2.21/src/interface/interface_driver.c +--- libvirt-1.3.0.orig/src/interface/interface_driver.c ++++ libvirt-1.3.0/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -181,10 +181,10 @@ Index: libvirt-1.2.21/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.2.21/m4/virt-netcontrol.m4 +Index: libvirt-1.3.0/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.2.21/m4/virt-netcontrol.m4 ++++ libvirt-1.3.0/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 4c8059a..a0f5ef2 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Fri Dec 18 16:08:37 UTC 2015 - jfehlig@suse.com + +- CVE-2015-5313: don't allow '/' in filesystem volume names + 034e47c3-CVE-2015-5313.patch + bsc#953110 +- Fix failing qemuxml2argv test on 32-bit platforms + ace1ee22-qemuxml2argv-test.patch + +------------------------------------------------------------------- +Thu Dec 17 22:57:56 UTC 2015 - jfehlig@suse.com + +- Update to libvirt 1.3.0 + - New virtlogd log daemon + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patch: 703ec1b7-qemu-bridge-helper-fix.patch + - Added patch: virtlogd-init-script.patch + ------------------------------------------------------------------- Thu Dec 3 10:16:34 UTC 2015 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index e66b232..e8a2249 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -240,7 +240,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.2.21 +Version: 1.3.0 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -453,7 +453,8 @@ Source3: libvirtd.init Source4: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: 703ec1b7-qemu-bridge-helper-fix.patch +Patch0: 034e47c3-CVE-2015-5313.patch +Patch1: ace1ee22-qemuxml2argv-test.patch # Patches pending upstream review Patch100: add-with-login-shell.patch Patch101: virt-aa-helper-rw-mounts.patch @@ -468,14 +469,15 @@ Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch Patch202: libvirt-guests-init-script.patch Patch203: virtlockd-init-script.patch -Patch204: suse-qemu-conf.patch -Patch205: support-managed-pci-xen-driver.patch -Patch206: systemd-service-xen.patch -Patch207: xen-sxpr-disk-type.patch -Patch208: apparmor-no-mount.patch -Patch209: qemu-apparmor-screenshot.patch -Patch210: libvirt-suse-netcontrol.patch -Patch211: lxc-wait-after-eth-del.patch +Patch204: virtlogd-init-script.patch +Patch205: suse-qemu-conf.patch +Patch206: support-managed-pci-xen-driver.patch +Patch207: systemd-service-xen.patch +Patch208: xen-sxpr-disk-type.patch +Patch209: apparmor-no-mount.patch +Patch210: qemu-apparmor-screenshot.patch +Patch211: libvirt-suse-netcontrol.patch +Patch212: lxc-wait-after-eth-del.patch # SocketUser and SocketGroup settings were added to systemd.socket in # version 214. Patch the setting away in earlier systemd %if 0%{systemd_version} < 214 @@ -972,6 +974,7 @@ Wireshark dissector plugin for better analysis of libvirt RPC traffic. %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 @@ -991,6 +994,7 @@ Wireshark dissector plugin for better analysis of libvirt RPC traffic. %patch209 -p1 %patch210 -p1 %patch211 -p1 +%patch212 -p1 %if 0%{systemd_version} < 214 %patch300 -p1 %endif @@ -1236,8 +1240,11 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/vi_VN # temporarily remove polkit ACL policiy configuration - bnc#827644 rm -f $RPM_BUILD_ROOT/%{_datadir}/polkit-1/actions/org.libvirt.api.policy -# Until libvirt 1.3.0, follow upstream and remove libvirt-admin.so +# Similar to upstream, temporarily remove admin-related files rm -f $RPM_BUILD_ROOT%{_libdir}/libvirt-admin.so +rm -f $RPM_BUILD_ROOT%{_bindir}/virt-admin +rm -f $RPM_BUILD_ROOT%{_mandir}/man1/virt-admin.1* +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/libvirt-admin.conf mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/libvirt mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/libvirt/hooks @@ -1334,12 +1341,17 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd $RPM_BUILD_ROOT%{_localstate rm -f $RPM_BUILD_ROOT/usr/lib/sysctl.d/60-libvirtd.conf # For other services, use the in-tree scripts %if %{with_systemd} +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlogd +ln -s %{_sbindir}/service $RPM_BUILD_ROOT%{_sbindir}/rcvirtlogd rm -f $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlockd ln -s %{_sbindir}/service $RPM_BUILD_ROOT%{_sbindir}/rcvirtlockd %else +mv $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlogd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/virtlogd +ln -s /etc/init.d/virtlogd $RPM_BUILD_ROOT%{_sbindir}/rcvirtlogd mv $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlockd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/virtlockd ln -s /etc/init.d/virtlockd $RPM_BUILD_ROOT%{_sbindir}/rcvirtlockd %endif +mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/virtlogd $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.virtlogd mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/virtlockd $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.virtlockd #install firewall definitions format is described here: #/usr/share/SuSEfirewall2/services/TEMPLATE @@ -1393,6 +1405,7 @@ fi %if %{with_systemd} %service_add_pre libvirtd.service libvirtd.socket %service_add_pre virtlockd.service virtlockd.socket +%service_add_pre virtlogd.service virtlogd.socket %endif %{_bindir}/getent group libvirt >/dev/null || \ %{_sbindir}/groupadd -r libvirt 2>/dev/null @@ -1402,17 +1415,21 @@ fi %if %{with_systemd} %service_add_post libvirtd.service libvirtd.socket %service_add_post virtlockd.service virtlockd.socket +%service_add_post virtlogd.service virtlogd.socket %endif %{fillup_only -n libvirtd} %{fillup_only -n virtlockd} +%{fillup_only -n virtlogd} %preun daemon %if %{with_systemd} %service_del_preun libvirtd.service libvirtd.socket %service_del_preun virtlockd.service virtlockd.socket +%service_del_preun virtlogd.service virtlogd.socket %else %stop_on_removal libvirtd %stop_on_removal virtlockd +%stop_on_removal virtlogd %endif %postun daemon @@ -1420,9 +1437,11 @@ fi %if %{with_systemd} %service_del_postun libvirtd.service libvirtd.socket %service_del_postun virtlockd.service virtlockd.socket +%service_del_postun virtlogd.service virtlogd.socket %else %restart_on_update libvirtd %restart_on_update virtlockd +%restart_on_update virtlogd %endif %insserv_cleanup @@ -1439,6 +1458,11 @@ fi %endif %endif # with_libvirtd +%pre client + %if %{with_systemd} +%service_add_pre libvirt-guests.service + %endif + %post client /sbin/ldconfig %if %{with_systemd} @@ -1472,31 +1496,40 @@ fi %files daemon %defattr(-, root, root) %{_sbindir}/libvirtd +%{_sbindir}/virtlogd %{_sbindir}/virtlockd %dir %{_libdir}/%{name} %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/ %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/hooks %{_localstatedir}/adm/fillup-templates/sysconfig.libvirtd +%{_localstatedir}/adm/fillup-templates/sysconfig.virtlogd %{_localstatedir}/adm/fillup-templates/sysconfig.virtlockd %if %{with_systemd} %{_unitdir}/libvirtd.service %{_unitdir}/libvirtd.socket +%{_unitdir}/virtlogd.service +%{_unitdir}/virtlogd.socket %{_unitdir}/virtlockd.service %{_unitdir}/virtlockd.socket %else %config /etc/init.d/libvirtd +%config /etc/init.d/virtlogd %config /etc/init.d/virtlockd %endif %{_sbindir}/rclibvirtd +%{_sbindir}/rcvirtlogd %{_sbindir}/rcvirtlockd %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd +%config(noreplace) %{_sysconfdir}/libvirt/virtlogd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf %dir %{_datadir}/augeas/ %dir %{_datadir}/augeas/lenses %dir %{_datadir}/augeas/lenses/tests %{_datadir}/augeas/lenses/libvirtd.aug %{_datadir}/augeas/lenses/tests/test_libvirtd.aug +%{_datadir}/augeas/lenses/virtlogd.aug +%{_datadir}/augeas/lenses/tests/test_virtlogd.aug %{_datadir}/augeas/lenses/virtlockd.aug %{_datadir}/augeas/lenses/tests/test_virtlockd.aug %{_datadir}/augeas/lenses/libvirt_lockd.aug @@ -1525,7 +1558,8 @@ fi %endif %attr(0755, root, root) %{_libdir}/%{name}/libvirt_iohelper %doc %{_mandir}/man8/libvirtd.8* -%{_mandir}/man8/virtlockd.8* +%doc %{_mandir}/man8/virtlogd.8* +%doc %{_mandir}/man8/virtlockd.8* %if %{with_apparmor} %dir %{_sysconfdir}/apparmor.d %dir %{_sysconfdir}/apparmor.d/abstractions diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index fadcb16..d004f06 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/daemon/libvirtd.conf +Index: libvirt-1.3.0/daemon/libvirtd.conf =================================================================== ---- libvirt-1.2.21.orig/daemon/libvirtd.conf -+++ libvirt-1.2.21/daemon/libvirtd.conf +--- libvirt-1.3.0.orig/daemon/libvirtd.conf ++++ libvirt-1.3.0/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.2.21/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.2.21/daemon/libvirtd-config.c +Index: libvirt-1.3.0/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.2.21.orig/daemon/libvirtd-config.c -+++ libvirt-1.2.21/daemon/libvirtd-config.c +--- libvirt-1.3.0.orig/daemon/libvirtd-config.c ++++ libvirt-1.3.0/daemon/libvirtd-config.c @@ -242,7 +242,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -26,10 +26,10 @@ Index: libvirt-1.2.21/daemon/libvirtd-config.c data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-1.2.21/daemon/test_libvirtd.aug.in +Index: libvirt-1.3.0/daemon/test_libvirtd.aug.in =================================================================== ---- libvirt-1.2.21.orig/daemon/test_libvirtd.aug.in -+++ libvirt-1.2.21/daemon/test_libvirtd.aug.in +--- libvirt-1.3.0.orig/daemon/test_libvirtd.aug.in ++++ libvirt-1.3.0/daemon/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index b0a4796..5793be7 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.2.21/daemon/libvirtd.sysconf +Index: libvirt-1.3.0/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.2.21.orig/daemon/libvirtd.sysconf -+++ libvirt-1.2.21/daemon/libvirtd.sysconf +--- libvirt-1.3.0.orig/daemon/libvirtd.sysconf ++++ libvirt-1.3.0/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/libvirtd-systemd-socket.patch b/libvirtd-systemd-socket.patch index d7bb5f4..912c113 100644 --- a/libvirtd-systemd-socket.patch +++ b/libvirtd-systemd-socket.patch @@ -9,10 +9,10 @@ as See bsc#933043 -Index: libvirt-1.2.21/daemon/libvirtd.socket.in +Index: libvirt-1.3.0/daemon/libvirtd.socket.in =================================================================== ---- libvirt-1.2.21.orig/daemon/libvirtd.socket.in -+++ libvirt-1.2.21/daemon/libvirtd.socket.in +--- libvirt-1.3.0.orig/daemon/libvirtd.socket.in ++++ libvirt-1.3.0/daemon/libvirtd.socket.in @@ -2,10 +2,8 @@ ListenStream=@runstatedir@/libvirt/libvirt-sock ListenStream=@runstatedir@/libvirt/libvirt-sock-ro diff --git a/lxc-wait-after-eth-del.patch b/lxc-wait-after-eth-del.patch index 3fb2d71..0f8b36a 100644 --- a/lxc-wait-after-eth-del.patch +++ b/lxc-wait-after-eth-del.patch @@ -13,11 +13,11 @@ device with the same name that is being created. src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c -index 3e5d2b4..02ef04f 100644 ---- a/src/lxc/lxc_controller.c -+++ b/src/lxc/lxc_controller.c -@@ -2002,6 +2002,7 @@ static int virLXCControllerDeleteInterfaces(virLXCControllerPtr ctrl) +Index: libvirt-1.3.0/src/lxc/lxc_controller.c +=================================================================== +--- libvirt-1.3.0.orig/src/lxc/lxc_controller.c ++++ libvirt-1.3.0/src/lxc/lxc_controller.c +@@ -2002,6 +2002,7 @@ static int virLXCControllerDeleteInterfa if (virNetDevVethDelete(ctrl->veths[i]) < 0) ret = -1; } @@ -25,11 +25,11 @@ index 3e5d2b4..02ef04f 100644 return ret; } -diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c -index 1a9550e..4c7c28f 100644 ---- a/src/lxc/lxc_driver.c -+++ b/src/lxc/lxc_driver.c -@@ -4254,6 +4254,7 @@ lxcDomainAttachDeviceNetLive(virConnectPtr conn, +Index: libvirt-1.3.0/src/lxc/lxc_driver.c +=================================================================== +--- libvirt-1.3.0.orig/src/lxc/lxc_driver.c ++++ libvirt-1.3.0/src/lxc/lxc_driver.c +@@ -4254,6 +4254,7 @@ lxcDomainAttachDeviceNetLive(virConnectP case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: ignore_value(virNetDevVethDelete(veth)); @@ -37,7 +37,7 @@ index 1a9550e..4c7c28f 100644 break; case VIR_DOMAIN_NET_TYPE_DIRECT: -@@ -4681,6 +4682,7 @@ lxcDomainDetachDeviceNetLive(virDomainObjPtr vm, +@@ -4681,6 +4682,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } @@ -45,11 +45,11 @@ index 1a9550e..4c7c28f 100644 break; /* It'd be nice to support this, but with macvlan -diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c -index 57e3880..8967de8 100644 ---- a/src/lxc/lxc_process.c -+++ b/src/lxc/lxc_process.c -@@ -221,6 +221,7 @@ static void virLXCProcessCleanup(virLXCDriverPtr driver, +Index: libvirt-1.3.0/src/lxc/lxc_process.c +=================================================================== +--- libvirt-1.3.0.orig/src/lxc/lxc_process.c ++++ libvirt-1.3.0/src/lxc/lxc_process.c +@@ -221,6 +221,7 @@ static void virLXCProcessCleanup(virLXCD } networkReleaseActualDevice(vm->def, iface); } @@ -57,6 +57,3 @@ index 57e3880..8967de8 100644 virDomainConfVMNWFilterTeardown(vm); --- -2.1.4 - diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index 1dcaf3c..3e0df63 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-1.2.21/src/util/virarch.c +Index: libvirt-1.3.0/src/util/virarch.c =================================================================== ---- libvirt-1.2.21.orig/src/util/virarch.c -+++ libvirt-1.2.21/src/util/virarch.c +--- libvirt-1.3.0.orig/src/util/virarch.c ++++ libvirt-1.3.0/src/util/virarch.c @@ -169,6 +169,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index 88ae633..3014514 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,8 +1,8 @@ -Index: libvirt-1.2.21/examples/apparmor/libvirt-qemu +Index: libvirt-1.3.0/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.2.21.orig/examples/apparmor/libvirt-qemu -+++ libvirt-1.2.21/examples/apparmor/libvirt-qemu -@@ -133,6 +133,9 @@ +--- libvirt-1.3.0.orig/examples/apparmor/libvirt-qemu ++++ libvirt-1.3.0/examples/apparmor/libvirt-qemu +@@ -152,6 +152,9 @@ /sys/bus/ r, /sys/class/ r, diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index 45d73d2..5f52204 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.2.21/src/xenconfig/xen_common.c +Index: libvirt-1.3.0/src/xenconfig/xen_common.c =================================================================== ---- libvirt-1.2.21.orig/src/xenconfig/xen_common.c -+++ libvirt-1.2.21/src/xenconfig/xen_common.c +--- libvirt-1.3.0.orig/src/xenconfig/xen_common.c ++++ libvirt-1.3.0/src/xenconfig/xen_common.c @@ -403,6 +403,8 @@ xenParsePCI(virConfPtr conf, virDomainDe { virConfValuePtr list = virConfGetValue(conf, "pci"); @@ -66,10 +66,10 @@ Index: libvirt-1.2.21/src/xenconfig/xen_common.c hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-1.2.21/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.21.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.2.21/src/xenconfig/xen_sxpr.c +--- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c @@ -999,6 +999,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 10c4ad2..77697a2 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/src/qemu/qemu.conf +Index: libvirt-1.3.0/src/qemu/qemu.conf =================================================================== ---- libvirt-1.2.21.orig/src/qemu/qemu.conf -+++ libvirt-1.2.21/src/qemu/qemu.conf +--- libvirt-1.3.0.orig/src/qemu/qemu.conf ++++ libvirt-1.3.0/src/qemu/qemu.conf @@ -201,11 +201,20 @@ # isolation, but it cannot appear in a list of drivers. # diff --git a/systemd-service-xen.patch b/systemd-service-xen.patch index db74b9c..7bd3daf 100644 --- a/systemd-service-xen.patch +++ b/systemd-service-xen.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/daemon/libvirtd.service.in +Index: libvirt-1.3.0/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.2.21.orig/daemon/libvirtd.service.in -+++ libvirt-1.2.21/daemon/libvirtd.service.in +--- libvirt-1.3.0.orig/daemon/libvirtd.service.in ++++ libvirt-1.3.0/daemon/libvirtd.service.in @@ -7,6 +7,7 @@ After=iscsid.service After=apparmor.service After=local-fs.target diff --git a/virt-aa-helper-rw-mounts.patch b/virt-aa-helper-rw-mounts.patch index a3373ad..a49d9fd 100644 --- a/virt-aa-helper-rw-mounts.patch +++ b/virt-aa-helper-rw-mounts.patch @@ -15,10 +15,10 @@ denials, making it harder to debug. src/security/virt-aa-helper.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c -index 5de56e5..a2d7226 100644 ---- a/src/security/virt-aa-helper.c -+++ b/src/security/virt-aa-helper.c +Index: libvirt-1.3.0/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-1.3.0.orig/src/security/virt-aa-helper.c ++++ libvirt-1.3.0/src/security/virt-aa-helper.c @@ -1127,7 +1127,10 @@ get_files(vahControl * ctl) ctl->def->fss[i]->src) { virDomainFSDefPtr fs = ctl->def->fss[i]; @@ -31,6 +31,3 @@ index 5de56e5..a2d7226 100644 goto cleanup; } } --- -2.1.4 - diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index 5b6f0b2..ba73dfa 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.2.21/src/locking/virtlockd.sysconf +Index: libvirt-1.3.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.2.21.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.2.21/src/locking/virtlockd.sysconf +--- libvirt-1.3.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.3.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ Index: libvirt-1.2.21/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.2.21/src/locking/virtlockd.init.in +Index: libvirt-1.3.0/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.2.21.orig/src/locking/virtlockd.init.in -+++ libvirt-1.2.21/src/locking/virtlockd.init.in +--- libvirt-1.3.0.orig/src/locking/virtlockd.init.in ++++ libvirt-1.3.0/src/locking/virtlockd.init.in @@ -4,12 +4,14 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # diff --git a/virtlogd-init-script.patch b/virtlogd-init-script.patch new file mode 100644 index 0000000..e1c6835 --- /dev/null +++ b/virtlogd-init-script.patch @@ -0,0 +1,121 @@ +Adjust virtlogd init files to conform to SUSE standards + +Index: libvirt-1.3.0/src/logging/virtlogd.init.in +=================================================================== +--- libvirt-1.3.0.orig/src/logging/virtlogd.init.in ++++ libvirt-1.3.0/src/logging/virtlogd.init.in +@@ -4,12 +4,14 @@ + # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV + # + ### BEGIN INIT INFO +-# Provides: virtlogd +-# Default-Start: +-# Default-Stop: 0 1 2 3 4 5 6 ++# Provides: virtlogd ++# Required-Start: $network $remote_fs ++# Default-Start: 3 5 ++# Required-Stop: $network $remote_fs ++# Default-Stop: 0 1 2 4 6 + # Short-Description: virtual machine log manager +-# Description: This is a daemon for managing logs +-# of virtual machine consoles ++# Description: This is a daemon for managing logs ++# of virtual machine consoles + ### END INIT INFO + + # the following is chkconfig init header +@@ -24,35 +26,32 @@ + # pidfile: @localstatedir@/run/virtlogd.pid + # + +-# Source function library. +-. @sysconfdir@/rc.d/init.d/functions ++. @sysconfdir@/rc.status ++rc_reset + + SERVICE=virtlogd +-PROCESS=virtlogd ++PROCESS=@sbindir@/virtlogd + PIDFILE=@localstatedir@/run/$SERVICE.pid + + VIRTLOGD_ARGS= + + test -f @sysconfdir@/sysconfig/virtlogd && . @sysconfdir@/sysconfig/virtlogd + +-RETVAL=0 + + start() { +- echo -n $"Starting $SERVICE daemon: " +- daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $VIRTLOGD_ARGS +- RETVAL=$? +- echo +- [ $RETVAL -eq 0 ] && touch @localstatedir@/log/subsys/$SERVICE ++ echo -n $"Starting $SERVICE " ++ test -d $PIDDIR || mkdir -p $PIDDIR ++ startproc -p $PIDFILE $PROCESS --pid-file $PIDFILE --daemon $VIRTLOGD_ARGS ++ rc_status -v + } + + stop() { +- echo -n $"Stopping $SERVICE daemon: " ++ echo -n $"Stopping $SERVICE " + +- killproc -p $PIDFILE $PROCESS ++ killproc -p $PIDFILE $PROCESS > /dev/null 2>&1 + RETVAL=$? +- echo ++ rc_status -v + if [ $RETVAL -eq 0 ]; then +- rm -f @localstatedir@/log/subsys/$SERVICE + rm -f $PIDFILE + fi + } +@@ -66,9 +65,7 @@ reload() { + echo -n $"Reloading $SERVICE configuration: " + + killproc -p $PIDFILE $PROCESS -USR1 +- RETVAL=$? +- echo +- return $RETVAL ++ rc_status + } + + # See how we were called. +@@ -77,18 +74,20 @@ case "$1" in + $1 + ;; + status) +- status -p $PIDFILE $PROCESS +- RETVAL=$? ++ echo -n "Checking status of $SERVICE " ++ checkproc $PROCESS ++ rc_status -v + ;; + force-reload) + reload + ;; + condrestart|try-restart) +- [ -f @localstatedir@/log/subsys/$SERVICE ] && restart || : ++ $0 status >/dev/null && restart || : + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart}" +- exit 2 ++ rc_failed 2 ++ rc_exit + ;; + esac +-exit $RETVAL ++rc_exit +Index: libvirt-1.3.0/src/logging/virtlogd.sysconf +=================================================================== +--- libvirt-1.3.0.orig/src/logging/virtlogd.sysconf ++++ libvirt-1.3.0/src/logging/virtlogd.sysconf +@@ -1,3 +1,7 @@ ++## Path: System/Virtualization/virtlogd ++ ++## Type: string ++## Default: "" + # + # Pass extra arguments to virtlogd + #VIRTLOGD_ARGS= diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index 9a46f6c..61acada 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.21/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.21.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.2.21/src/xenconfig/xen_sxpr.c +--- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c @@ -334,7 +334,7 @@ xenParseSxprChar(const char *value, static int xenParseSxprDisks(virDomainDefPtr def, diff --git a/xen-sxpr-disk-type.patch b/xen-sxpr-disk-type.patch index e50b8b2..5ab67a1 100644 --- a/xen-sxpr-disk-type.patch +++ b/xen-sxpr-disk-type.patch @@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c. https://bugzilla.suse.com/show_bug.cgi?id=938228 -Index: libvirt-1.2.21/src/xenconfig/xen_sxpr.c +Index: libvirt-1.3.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.21.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.2.21/src/xenconfig/xen_sxpr.c +--- libvirt-1.3.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.3.0/src/xenconfig/xen_sxpr.c @@ -449,10 +449,11 @@ xenParseSxprDisks(virDomainDefPtr def, omnipotent, we can revisit this, perhaps stat()'ing the src file in question */ From 7d7161c99c1bd697767b61e3762c77357465f82fd1cc37eb7875dffc0a6501ed Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 22 Dec 2015 02:31:20 +0000 Subject: [PATCH 2/2] In an upgrade scenario we must explicitly enable virtlockd/virtlogd sockets, if libvirtd is already enabled and start them if libvirtd is running, otherwise the qemu driver will fail to start guests. - spec: perform one-time enable and start of virtlogd.socket when upgrading from libvirt < 1.3.0. Inspired by upstream libvirt.git commit da054f35. OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=506 --- libvirt.changes | 7 +++++++ libvirt.spec | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/libvirt.changes b/libvirt.changes index a0f5ef2..7a73f95 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Dec 22 02:21:44 UTC 2015 - jfehlig@suse.com + +- spec: perform one-time enable and start of virtlogd.socket when + upgrading from libvirt < 1.3.0. Inspired by upstream libvirt.git + commit da054f35. + ------------------------------------------------------------------- Fri Dec 18 16:08:37 UTC 2015 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index e8a2249..e52c2d9 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1445,6 +1445,25 @@ fi %endif %insserv_cleanup +# In upgrade scenario we must explicitly enable virtlockd/virtlogd +# sockets, if libvirtd is already enabled and start them if +# libvirtd is running, otherwise you'll get failures to start +# guests +%triggerpostun daemon -- libvirt-daemon < 1.3.0 +if [ $1 -ge 1 ] ; then + %if %{with_systemd} + /usr/bin/systemctl is-enabled libvirtd.service 1>/dev/null 2>&1 && + /usr/bin/systemctl enable virtlogd.socket || : + /usr/bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1 && + /usr/bin/systemctl start virtlogd.socket || : + %else + /sbin/chkconfig libvirtd 1>/dev/null 2>&1 && + /sbin/chkconfig virtlogd on || : + /sbin/service libvirtd status 1>/dev/null 2>&1 && + /sbin/service virtlogd start || : + %endif +fi + %if %{with_network} %post daemon-config-network