From 48654de6e4a36670d594b53fc93e1639848e26069f674674d8f2092cc617775b Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 1 Jul 2021 17:24:26 +0000 Subject: [PATCH] Accepting request 903563 from home:jfehlig:branches:Virtualization - Update to libvirt 7.5.0 - security: Fix insecure sVirt label generation - CVE-2021-3631 bsc#1187871 - apparmor: Permit new capabilities required by libvirtd boo#1186888 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: suse-apparmor-libnl-paths.patch - supportconfig plugin improvements OBS-URL: https://build.opensuse.org/request/show/903563 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=895 --- ...stats-functions-from-the-qemu-driver.patch | 46 +++++++++--------- ...ibxl-add-support-for-BlockResize-API.patch | 24 +++++----- ...c-implement-connectGetAllDomainStats.patch | 6 +-- libvirt-7.4.0.tar.xz | 3 -- libvirt-7.4.0.tar.xz.asc | 16 ------- libvirt-7.5.0.tar.xz | 3 ++ libvirt-7.5.0.tar.xz.asc | 16 +++++++ libvirt-power8-models.patch | 6 +-- libvirt-supportconfig | 9 +--- libvirt-suse-netcontrol.patch | 48 +++++++++---------- libvirt.changes | 14 ++++++ libvirt.spec | 24 +++++----- libxl-dom-reset.patch | 10 ++-- libxl-set-cach-mode.patch | 10 ++-- libxl-set-migration-constraints.patch | 48 +++++++++---------- libxl-support-block-script.patch | 14 +++--- lxc-wait-after-eth-del.patch | 18 +++---- ...e-dhcp-authoritative-on-static-netwo.patch | 12 ++--- ppc64le-canonical-name.patch | 6 +-- qemu-apparmor-screenshot.patch | 8 ++-- suse-apparmor-libnl-paths.patch | 35 -------------- suse-libvirt-guests-service.patch | 12 ++--- suse-libvirtd-disable-tls.patch | 18 +++---- suse-libvirtd-sysconfig-settings.patch | 6 +-- suse-libxl-disable-autoballoon.patch | 22 ++++----- suse-ovmf-paths.patch | 24 +++++----- suse-qemu-conf.patch | 18 +++---- suse-virtlockd-sysconfig-settings.patch | 6 +-- suse-virtlogd-sysconfig-settings.patch | 6 +-- suse-xen-ovmf-loaders.patch | 8 ++-- virt-create-rootfs.patch | 20 ++++---- 31 files changed, 244 insertions(+), 272 deletions(-) delete mode 100644 libvirt-7.4.0.tar.xz delete mode 100644 libvirt-7.4.0.tar.xz.asc create mode 100644 libvirt-7.5.0.tar.xz create mode 100644 libvirt-7.5.0.tar.xz.asc delete mode 100644 suse-apparmor-libnl-paths.patch diff --git a/0001-Extract-stats-functions-from-the-qemu-driver.patch b/0001-Extract-stats-functions-from-the-qemu-driver.patch index 0777e9c..c5475bf 100644 --- a/0001-Extract-stats-functions-from-the-qemu-driver.patch +++ b/0001-Extract-stats-functions-from-the-qemu-driver.patch @@ -18,10 +18,10 @@ them. create mode 100644 src/conf/domain_stats.c create mode 100644 src/conf/domain_stats.h -Index: libvirt-7.4.0/src/conf/domain_stats.c +Index: libvirt-7.5.0/src/conf/domain_stats.c =================================================================== --- /dev/null -+++ libvirt-7.4.0/src/conf/domain_stats.c ++++ libvirt-7.5.0/src/conf/domain_stats.c @@ -0,0 +1,117 @@ +/* + * domain_stats.c: domain stats extraction helpers @@ -140,10 +140,10 @@ Index: libvirt-7.4.0/src/conf/domain_stats.c +} + +#undef STATS_ADD_NET_PARAM -Index: libvirt-7.4.0/src/conf/domain_stats.h +Index: libvirt-7.5.0/src/conf/domain_stats.h =================================================================== --- /dev/null -+++ libvirt-7.4.0/src/conf/domain_stats.h ++++ libvirt-7.5.0/src/conf/domain_stats.h @@ -0,0 +1,60 @@ +/* + * domain_stats.h: domain stats extraction helpers @@ -205,10 +205,10 @@ Index: libvirt-7.4.0/src/conf/domain_stats.h + virTypedParamList *params); + +#endif /* __DOMAIN_STATS_H */ -Index: libvirt-7.4.0/src/libvirt_private.syms +Index: libvirt-7.5.0/src/libvirt_private.syms =================================================================== ---- libvirt-7.4.0.orig/src/libvirt_private.syms -+++ libvirt-7.4.0/src/libvirt_private.syms +--- libvirt-7.5.0.orig/src/libvirt_private.syms ++++ libvirt-7.5.0/src/libvirt_private.syms @@ -756,12 +756,16 @@ virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; @@ -227,7 +227,7 @@ Index: libvirt-7.4.0/src/libvirt_private.syms # conf/interface_conf.h virInterfaceDefFormat; virInterfaceDefFree; -@@ -1918,6 +1922,7 @@ virCgroupGetMemoryUsage; +@@ -1921,6 +1925,7 @@ virCgroupGetMemoryUsage; virCgroupGetMemSwapHardLimit; virCgroupGetMemSwapUsage; virCgroupGetPercpuStats; @@ -235,10 +235,10 @@ Index: libvirt-7.4.0/src/libvirt_private.syms virCgroupHasController; virCgroupHasEmptyTasks; virCgroupKillPainfully; -Index: libvirt-7.4.0/src/qemu/qemu_driver.c +Index: libvirt-7.5.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/qemu/qemu_driver.c -+++ libvirt-7.4.0/src/qemu/qemu_driver.c +--- libvirt-7.5.0.orig/src/qemu/qemu_driver.c ++++ libvirt-7.5.0/src/qemu/qemu_driver.c @@ -67,6 +67,7 @@ #include "virarptable.h" #include "viruuid.h" @@ -247,7 +247,7 @@ Index: libvirt-7.4.0/src/qemu/qemu_driver.c #include "domain_audit.h" #include "domain_cgroup.h" #include "domain_driver.h" -@@ -17537,13 +17538,7 @@ qemuDomainGetStatsState(virQEMUDriver *d +@@ -17519,13 +17520,7 @@ qemuDomainGetStatsState(virQEMUDriver *d virTypedParamList *params, unsigned int privflags G_GNUC_UNUSED) { @@ -262,7 +262,7 @@ Index: libvirt-7.4.0/src/qemu/qemu_driver.c } -@@ -17836,25 +17831,11 @@ qemuDomainGetStatsCpuCgroup(virDomainObj +@@ -17818,25 +17813,11 @@ qemuDomainGetStatsCpuCgroup(virDomainObj virTypedParamList *params) { qemuDomainObjPrivate *priv = dom->privateData; @@ -289,7 +289,7 @@ Index: libvirt-7.4.0/src/qemu/qemu_driver.c } -@@ -18027,76 +18008,15 @@ qemuDomainGetStatsVcpu(virQEMUDriver *dr +@@ -18009,76 +17990,15 @@ qemuDomainGetStatsVcpu(virQEMUDriver *dr return ret; } @@ -367,10 +367,10 @@ Index: libvirt-7.4.0/src/qemu/qemu_driver.c /* refresh information by opening images on the disk */ static int -Index: libvirt-7.4.0/src/util/vircgroup.c +Index: libvirt-7.5.0/src/util/vircgroup.c =================================================================== ---- libvirt-7.4.0.orig/src/util/vircgroup.c -+++ libvirt-7.4.0/src/util/vircgroup.c +--- libvirt-7.5.0.orig/src/util/vircgroup.c ++++ libvirt-7.5.0/src/util/vircgroup.c @@ -3002,6 +3002,31 @@ virCgroupControllerAvailable(int control return virCgroupHasController(cgroup, controller); } @@ -418,10 +418,10 @@ Index: libvirt-7.4.0/src/util/vircgroup.c int virCgroupNewPartition(const char *path G_GNUC_UNUSED, bool create G_GNUC_UNUSED, -Index: libvirt-7.4.0/src/util/vircgroup.h +Index: libvirt-7.5.0/src/util/vircgroup.h =================================================================== ---- libvirt-7.4.0.orig/src/util/vircgroup.h -+++ libvirt-7.4.0/src/util/vircgroup.h +--- libvirt-7.5.0.orig/src/util/vircgroup.h ++++ libvirt-7.5.0/src/util/vircgroup.h @@ -23,6 +23,7 @@ #include "virbitmap.h" @@ -437,10 +437,10 @@ Index: libvirt-7.4.0/src/util/vircgroup.h + +int virCgroupGetStatsCpu(virCgroup *cgroup, + virTypedParamList *params); -Index: libvirt-7.4.0/src/conf/meson.build +Index: libvirt-7.5.0/src/conf/meson.build =================================================================== ---- libvirt-7.4.0.orig/src/conf/meson.build -+++ libvirt-7.4.0/src/conf/meson.build +--- libvirt-7.5.0.orig/src/conf/meson.build ++++ libvirt-7.5.0/src/conf/meson.build @@ -15,6 +15,7 @@ domain_conf_sources = [ 'domain_conf.c', 'domain_nwfilter.c', diff --git a/0001-libxl-add-support-for-BlockResize-API.patch b/0001-libxl-add-support-for-BlockResize-API.patch index 7f88612..87dc8d4 100644 --- a/0001-libxl-add-support-for-BlockResize-API.patch +++ b/0001-libxl-add-support-for-BlockResize-API.patch @@ -19,11 +19,11 @@ reworking this patch and submitting it to upstream libvirt. src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) -Index: libvirt-7.4.0/src/libxl/libxl_driver.c +Index: libvirt-7.5.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_driver.c -+++ libvirt-7.4.0/src/libxl/libxl_driver.c -@@ -5310,6 +5310,97 @@ libxlDomainMemoryStats(virDomainPtr dom, +--- libvirt-7.5.0.orig/src/libxl/libxl_driver.c ++++ libvirt-7.5.0/src/libxl/libxl_driver.c +@@ -5285,6 +5285,95 @@ libxlDomainMemoryStats(virDomainPtr dom, #undef LIBXL_SET_MEMSTAT @@ -44,8 +44,8 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c + virDomainObj *vm; + int ret = -1; + virDomainDiskDef *disk = NULL; -+ char *moncmd = NULL; -+ char *monreply = NULL; ++ g_autofree char *moncmd = NULL; ++ g_autofree char *monreply = NULL; + + virCheckFlags(VIR_DOMAIN_BLOCK_RESIZE_BYTES, -1); + @@ -111,8 +111,6 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c + libxlDomainObjEndJob(driver, vm); + + cleanup: -+ VIR_FREE(moncmd); -+ VIR_FREE(monreply); + virDomainObjEndAPI(&vm); + virObjectUnref(cfg); + return ret; @@ -121,18 +119,18 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c static int libxlDomainGetJobInfo(virDomainPtr dom, virDomainJobInfoPtr info) -@@ -6610,6 +6701,7 @@ static virHypervisorDriver libxlHypervis - #endif +@@ -6583,6 +6672,7 @@ static virHypervisorDriver libxlHypervis + .domainGetNumaParameters = libxlDomainGetNumaParameters, /* 1.1.1 */ .nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */ .nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */ + .domainBlockResize = libxlDomainBlockResize, /* 4.2.0 */ .domainGetJobInfo = libxlDomainGetJobInfo, /* 1.3.1 */ .domainGetJobStats = libxlDomainGetJobStats, /* 1.3.1 */ .domainMemoryStats = libxlDomainMemoryStats, /* 1.3.0 */ -Index: libvirt-7.4.0/src/libxl/libxl_api_wrapper.h +Index: libvirt-7.5.0/src/libxl/libxl_api_wrapper.h =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_api_wrapper.h -+++ libvirt-7.4.0/src/libxl/libxl_api_wrapper.h +--- libvirt-7.5.0.orig/src/libxl/libxl_api_wrapper.h ++++ libvirt-7.5.0/src/libxl/libxl_api_wrapper.h @@ -215,3 +215,18 @@ libxlSetMemoryTargetWrapper(libxl_ctx *c return ret; diff --git a/0002-lxc-implement-connectGetAllDomainStats.patch b/0002-lxc-implement-connectGetAllDomainStats.patch index 3a3e47d..f8fec96 100644 --- a/0002-lxc-implement-connectGetAllDomainStats.patch +++ b/0002-lxc-implement-connectGetAllDomainStats.patch @@ -9,10 +9,10 @@ them using the existing API. src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) -Index: libvirt-7.4.0/src/lxc/lxc_driver.c +Index: libvirt-7.5.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/lxc/lxc_driver.c -+++ libvirt-7.4.0/src/lxc/lxc_driver.c +--- libvirt-7.5.0.orig/src/lxc/lxc_driver.c ++++ libvirt-7.5.0/src/lxc/lxc_driver.c @@ -74,6 +74,8 @@ #include "netdev_bandwidth_conf.h" #include "virsocket.h" diff --git a/libvirt-7.4.0.tar.xz b/libvirt-7.4.0.tar.xz deleted file mode 100644 index 21a3ae0..0000000 --- a/libvirt-7.4.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b366d73dee6ce77a226bedef592e0620ceb8e22e5998f60768017f79fc4ead26 -size 8617788 diff --git a/libvirt-7.4.0.tar.xz.asc b/libvirt-7.4.0.tar.xz.asc deleted file mode 100644 index 76fba91..0000000 --- a/libvirt-7.4.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEERTtlMQWVVihVRxGZymi+gBAITJwFAmC2ByYACgkQymi+gBAI -TJxzcQ//ZQRiP01dNU5fcIZNoCtemO8XfjVA1JPsxZ23F+Dk8bK1YPdnWz5VjVZt -IlmTjyiOpqy3Iyvyf51hvLDv9EOrNF+su9xyW+L/ZZyb1ziGIXVkQHCz/MlsDR8Y -h8AUCE0gyFcBbD46GhNulELX/dAr6cSyQIgPVFuhzGArcR4A29o02vpuVOUEaxQv -2c4N3gwMnj2Vnf4c6H52FHPe0FW/hInWR8rs2zlG2rs39GQpLGfWw2iqE2GM7oG3 -4dy8+nmqCg8uZEUkNCPXGqH6WhcJLLLB6j6hRchHLPNvT7gAaBAxJyklsgt0zd9k -08+8ZMdH7l1hcZSlppiFKk97w/ANr3kZCpoUvC/Ppvtu3R8SzocCNpQDYkdpUkdp -hH6W9D/ZPz2LEA4q6g4juAnUf5f6WW6AZ+9PrTzj8aM211TbpzwSBhWcJsP5XYb4 -+bYeXdKNXLjkVjj6Jw1O0BS+BmI7uanvEEfX62Xo5La3gOnAoj5eox4Hko27YQDC -96QGxEVISnRdcmt5/DHrK16yI1V/J4e+SnqUwlS5xkwkQw0AlLWamQJXBd6mu43k -eqCKK/8G1sA53Asedx0Y1ZgoXjPYLdZdNC1jV6XcqLPCCP0JU+lZ4UH5kv0MANmi -EOCGPafkfNeT+J0330IE5jKWagDEgeMCAowcZQ/n47Qn6eecR28= -=lDRr ------END PGP SIGNATURE----- diff --git a/libvirt-7.5.0.tar.xz b/libvirt-7.5.0.tar.xz new file mode 100644 index 0000000..348a219 --- /dev/null +++ b/libvirt-7.5.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:90107b49032c2f3022c84076c649135187fbc70c8efd16427c6c4b6d613c2895 +size 8642788 diff --git a/libvirt-7.5.0.tar.xz.asc b/libvirt-7.5.0.tar.xz.asc new file mode 100644 index 0000000..00d2ef1 --- /dev/null +++ b/libvirt-7.5.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEERTtlMQWVVihVRxGZymi+gBAITJwFAmDdxtgACgkQymi+gBAI +TJzOTw/+N2vQS7wRNPGh2t62TsjGIFAWGsWjJNFZdm9atydJRFJ/6HeC7dVhjwAJ +RUFWomC7gQ4OqXeTWJc9dcQ9khAOha45r0mRUsto6gi1XiMDiytjkC8YKkpj6NRV +Q4FLDJaaN7V67hXq7Iw1J0APG/DBRrO+mggJuI5ujYLgA8mIjGu4826sXf34Epem +GBeMkBtX/KFv9FAet6Bl6wUpBdrpP4gvAjKSTnHgJ7+dlWuZKb+ZBUTy8/eoR2TE +Q9vxt6TZe2VRhAKiYkqtVS15iVWlfnYKcjLUAQPQi6hh/Hr3JwMOu8Jyy9bTIyOF +8bwdxTKX+Palb7ImCeQSYCdGV+ZyljDo89LeVS8OYHkS/qsNp4/LKU9B7zdHdUhB +qgso8qqfqq+hK2u6gKSFlvHbCD5vnOD8GgHVX0gWYqGjq0GAcapKtsv7cOH+C+xr +c+rmXvTO78JmMFvCcOpduwKtO/MNWSPYft4eCdePqZU6eC7/5mkcOJmPiiYowgZR +w+jwt2yKYi6EWVTgBSRDpuVDG6/VTb1hv/DFgcgxpBQTVM+GQSg2Og+JgCivNYuJ +yKgDzVY8ubMnfwTy8tBvpuAl8oAWroOvCX2k/YEolwipHs9VW01rB2mDoWD1/Yd7 +ubSuXymL8CZJQqZI7PWH9XBZbFeHz/vpCC/YhO9NkxfGkMLTPHM= +=N7Ov +-----END PGP SIGNATURE----- diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index 14553c7..46ebe90 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML From: -Index: libvirt-7.4.0/src/cpu_map/ppc64_POWER8.xml +Index: libvirt-7.5.0/src/cpu_map/ppc64_POWER8.xml =================================================================== ---- libvirt-7.4.0.orig/src/cpu_map/ppc64_POWER8.xml -+++ libvirt-7.4.0/src/cpu_map/ppc64_POWER8.xml +--- libvirt-7.5.0.orig/src/cpu_map/ppc64_POWER8.xml ++++ libvirt-7.5.0/src/cpu_map/ppc64_POWER8.xml @@ -4,5 +4,7 @@ diff --git a/libvirt-supportconfig b/libvirt-supportconfig index f6045e6..dcf781b 100644 --- a/libvirt-supportconfig +++ b/libvirt-supportconfig @@ -8,7 +8,7 @@ RCFILE="/usr/lib/supportconfig/resources/scplugin.rc" -LIBVIRTD_CONF_FILES="/etc/libvirt/libvirtd.conf /etc/libvirt/virtlockd.conf /etc/libvirt/virtlogd.conf" +LIBVIRTD_CONF_FILES="$(find -L /etc/libvirt/*.conf -type f | sort)" VM_CONF_FILES="" LIBVIRTD_LOG_FILES="$(find -L /var/log/libvirt/ -name libvirtd.log -type f | sort)" @@ -52,27 +52,20 @@ rpm_verify() { } if rpm_installed libvirt-daemon-xen; then - LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/libxl.conf /etc/libvirt/libxl-lockd.conf /etc/libvirt/libxl-sanlock.conf" test -d /etc/libvirt/libxl && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/libxl/ -type f | sort)" test -d /var/log/libvirt/libxl && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/libxl/ -type f | sort)" fi if rpm_installed libvirt-daemon-qemu; then - LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/qemu.conf /etc/libvirt/qemu-lockd.conf /etc/libvirt/qemu-sanlock.conf" test -d /etc/libvirt/qemu && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/qemu/ -type f | sort)" test -d /var/log/libvirt/qemu && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/qemu/ -type f | sort)" fi if rpm_installed libvirt-daemon-lxc; then - LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/lxc.conf" test -d /etc/libvirt/lxc && VM_CONF_FILES="$VM_CONF_FILES $(find -L /etc/libvirt/lxc/ -type f | sort)" test -d /var/log/libvirt/lxc && LIBVIRTD_LOG_FILES="$LIBVIRTD_LOG_FILES $(find -L /var/log/libvirt/lxc/ -type f | sort)" fi -if rpm_installed libvirt-admin; then - LIBVIRTD_CONF_FILES="$LIBVIRTD_CONF_FILES /etc/libvirt/libvirt-admin.conf" -fi - if ! rpm_verify libvirt-daemon; then echo "Skipped" exit 0 diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index d301faa..4849674 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,8 +1,8 @@ -Index: libvirt-7.4.0/tools/virsh.c +Index: libvirt-7.5.0/tools/virsh.c =================================================================== ---- libvirt-7.4.0.orig/tools/virsh.c -+++ libvirt-7.4.0/tools/virsh.c -@@ -542,6 +542,8 @@ virshShowVersion(vshControl *ctl G_GNUC_ +--- libvirt-7.5.0.orig/tools/virsh.c ++++ libvirt-7.5.0/tools/virsh.c +@@ -545,6 +545,8 @@ virshShowVersion(vshControl *ctl G_GNUC_ vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -11,10 +11,10 @@ Index: libvirt-7.4.0/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-7.4.0/src/interface/interface_backend_netcf.c +Index: libvirt-7.5.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-7.4.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-7.4.0/src/interface/interface_backend_netcf.c +--- libvirt-7.5.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-7.5.0/src/interface/interface_backend_netcf.c @@ -21,7 +21,12 @@ #include @@ -126,10 +126,10 @@ Index: libvirt-7.4.0/src/interface/interface_backend_netcf.c if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0) return -1; if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) -Index: libvirt-7.4.0/src/interface/interface_driver.c +Index: libvirt-7.5.0/src/interface/interface_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/interface/interface_driver.c -+++ libvirt-7.4.0/src/interface/interface_driver.c +--- libvirt-7.5.0.orig/src/interface/interface_driver.c ++++ libvirt-7.5.0/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -147,16 +147,16 @@ Index: libvirt-7.4.0/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-7.4.0/meson.build +Index: libvirt-7.5.0/meson.build =================================================================== ---- libvirt-7.4.0.orig/meson.build -+++ libvirt-7.4.0/meson.build -@@ -1070,6 +1070,12 @@ if not get_option('netcf').disabled() - endif +--- libvirt-7.5.0.orig/meson.build ++++ libvirt-7.5.0/meson.build +@@ -1052,6 +1052,12 @@ else + netcf_dep = dependency('', required: false) endif +netcontrol_version = '0.2.0' -+netcontrol_dep = dependency('netcontrol', version: '>=' + netcontrol_version, require: get_option('netcontrol')) ++netcontrol_dep = dependency('netcontrol', version: '>=' + netcontrol_version, required: get_option('netcontrol')) +if netcontrol_dep.found() + conf.set('WITH_NETCONTROL', 1) +endif @@ -164,7 +164,7 @@ Index: libvirt-7.4.0/meson.build have_gnu_gettext_tools = false if not get_option('nls').disabled() have_gettext = cc.has_function('gettext') -@@ -1465,10 +1471,10 @@ elif get_option('driver_hyperv').enabled +@@ -1476,10 +1482,10 @@ elif get_option('driver_hyperv').enabled error('openwsman is required for the Hyper-V driver') endif @@ -177,7 +177,7 @@ Index: libvirt-7.4.0/meson.build endif if not get_option('driver_libxl').disabled() and conf.has('WITH_LIBVIRTD') -@@ -2277,6 +2283,7 @@ libs_summary = { +@@ -2325,6 +2331,7 @@ libs_summary = { 'libssh2': libssh2_dep.found(), 'libutil': libutil_dep.found(), 'netcf': conf.has('WITH_NETCF'), @@ -185,10 +185,10 @@ Index: libvirt-7.4.0/meson.build 'NLS': have_gnu_gettext_tools, 'numactl': numactl_dep.found(), 'openwsman': openwsman_dep.found(), -Index: libvirt-7.4.0/src/interface/meson.build +Index: libvirt-7.5.0/src/interface/meson.build =================================================================== ---- libvirt-7.4.0.orig/src/interface/meson.build -+++ libvirt-7.4.0/src/interface/meson.build +--- libvirt-7.5.0.orig/src/interface/meson.build ++++ libvirt-7.5.0/src/interface/meson.build @@ -2,7 +2,7 @@ interface_driver_sources = [ 'interface_driver.c', ] @@ -206,10 +206,10 @@ Index: libvirt-7.4.0/src/interface/meson.build udev_dep, ], 'link_args': [ -Index: libvirt-7.4.0/meson_options.txt +Index: libvirt-7.5.0/meson_options.txt =================================================================== ---- libvirt-7.4.0.orig/meson_options.txt -+++ libvirt-7.4.0/meson_options.txt +--- libvirt-7.5.0.orig/meson_options.txt ++++ libvirt-7.5.0/meson_options.txt @@ -29,6 +29,7 @@ option('libpcap', type: 'feature', value option('libssh', type: 'feature', value: 'auto', description: 'libssh support') option('libssh2', type: 'feature', value: 'auto', description: 'libssh2 support') diff --git a/libvirt.changes b/libvirt.changes index b85741e..0d2d34e 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Jul 1 14:17:12 UTC 2021 - James Fehlig + +- Update to libvirt 7.5.0 + - security: Fix insecure sVirt label generation - CVE-2021-3631 + bsc#1187871 + - apparmor: Permit new capabilities required by libvirtd + boo#1186888 + - Many incremental improvements and bug fixes, see + https://libvirt.org/news.html + - Dropped patches: + suse-apparmor-libnl-paths.patch +- supportconfig plugin improvements + ------------------------------------------------------------------- Mon Jun 21 07:22:36 UTC 2021 - Mel Gorman diff --git a/libvirt.spec b/libvirt.spec index a8479eb..c57aa98 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -141,7 +141,7 @@ Name: libvirt URL: http://libvirt.org/ -Version: 7.4.0 +Version: 7.5.0 Release: 0 Summary: Library providing a virtualization API License: LGPL-2.1-or-later @@ -309,14 +309,13 @@ Patch203: suse-virtlockd-sysconfig-settings.patch Patch204: suse-virtlogd-sysconfig-settings.patch Patch205: suse-qemu-conf.patch Patch206: suse-ovmf-paths.patch -Patch207: suse-apparmor-libnl-paths.patch -Patch208: libxl-support-block-script.patch -Patch209: qemu-apparmor-screenshot.patch -Patch210: libvirt-suse-netcontrol.patch -Patch211: lxc-wait-after-eth-del.patch -Patch212: suse-libxl-disable-autoballoon.patch -Patch213: suse-xen-ovmf-loaders.patch -Patch214: virt-create-rootfs.patch +Patch207: libxl-support-block-script.patch +Patch208: qemu-apparmor-screenshot.patch +Patch209: libvirt-suse-netcontrol.patch +Patch210: lxc-wait-after-eth-del.patch +Patch211: suse-libxl-disable-autoballoon.patch +Patch212: suse-xen-ovmf-loaders.patch +Patch213: virt-create-rootfs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -898,10 +897,10 @@ libvirt plugin for NSS for translating domain names into IP addresses. %endif %if %{with_apparmor} %define arg_apparmor -Dapparmor=enabled - %define arg_apparmor_profiles -Dapparmor_profiles=true + %define arg_apparmor_profiles -Dapparmor_profiles=enabled %else %define arg_apparmor -Dapparmor=disabled - %define arg_apparmor_profiles -Dapparmor_profiles=false + %define arg_apparmor_profiles -Dapparmor_profiles=disabled %endif %if %{with_sanlock} %define arg_sanlock -Dsanlock=enabled @@ -952,11 +951,14 @@ libvirt plugin for NSS for translating domain names into IP addresses. -Dsasl=enabled \ -Dpolkit=enabled \ -Ddriver_libvirtd=enabled \ + -Ddriver_remote=enabled \ + -Ddriver_test=enabled \ %{?arg_esx} \ %{?arg_hyperv} \ %{?arg_vmware} \ -Ddriver_vz=disabled \ -Ddriver_bhyve=disabled \ + -Ddriver_ch=disabled \ -Dremote_default_mode=legacy \ -Ddriver_interface=enabled \ -Ddriver_network=enabled \ diff --git a/libxl-dom-reset.patch b/libxl-dom-reset.patch index 31678ab..8f5cdf9 100644 --- a/libxl-dom-reset.patch +++ b/libxl-dom-reset.patch @@ -8,11 +8,11 @@ Date: Mon Jun 23 15:51:20 2014 -0600 option, but domainReset can be implemented in the libxl driver by forcibly destroying the domain and starting it again. -Index: libvirt-7.4.0/src/libxl/libxl_driver.c +Index: libvirt-7.5.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_driver.c -+++ libvirt-7.4.0/src/libxl/libxl_driver.c -@@ -1367,6 +1367,63 @@ libxlDomainReboot(virDomainPtr dom, unsi +--- libvirt-7.5.0.orig/src/libxl/libxl_driver.c ++++ libvirt-7.5.0/src/libxl/libxl_driver.c +@@ -1361,6 +1361,63 @@ libxlDomainReboot(virDomainPtr dom, unsi } static int @@ -76,7 +76,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c libxlDomainDestroyFlags(virDomainPtr dom, unsigned int flags) { -@@ -6486,6 +6543,7 @@ static virHypervisorDriver libxlHypervis +@@ -6461,6 +6518,7 @@ static virHypervisorDriver libxlHypervis .domainShutdown = libxlDomainShutdown, /* 0.9.0 */ .domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */ .domainReboot = libxlDomainReboot, /* 0.9.0 */ diff --git a/libxl-set-cach-mode.patch b/libxl-set-cach-mode.patch index 0faaf77..2d2b907 100644 --- a/libxl-set-cach-mode.patch +++ b/libxl-set-cach-mode.patch @@ -3,11 +3,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425 src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) -Index: libvirt-7.4.0/src/libxl/libxl_conf.c +Index: libvirt-7.5.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_conf.c -+++ libvirt-7.4.0/src/libxl/libxl_conf.c -@@ -965,6 +965,30 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-7.5.0.orig/src/libxl/libxl_conf.c ++++ libvirt-7.5.0/src/libxl/libxl_conf.c +@@ -951,6 +951,30 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -38,7 +38,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c static char * libxlMakeNetworkDiskSrcStr(virStorageSource *src, const char *username, -@@ -1209,6 +1233,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk, +@@ -1191,6 +1215,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk, x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0; if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; diff --git a/libxl-set-migration-constraints.patch b/libxl-set-migration-constraints.patch index 4c40d3f..a3449b9 100644 --- a/libxl-set-migration-constraints.patch +++ b/libxl-set-migration-constraints.patch @@ -16,10 +16,10 @@ Signed-off-by: Jim Fehlig tools/virsh.pod | 8 ++++++++ 6 files changed, 125 insertions(+), 6 deletions(-) -Index: libvirt-7.4.0/docs/manpages/virsh.rst +Index: libvirt-7.5.0/docs/manpages/virsh.rst =================================================================== ---- libvirt-7.4.0.orig/docs/manpages/virsh.rst -+++ libvirt-7.4.0/docs/manpages/virsh.rst +--- libvirt-7.5.0.orig/docs/manpages/virsh.rst ++++ libvirt-7.5.0/docs/manpages/virsh.rst @@ -3180,7 +3180,8 @@ migrate [--postcopy-bandwidth bandwidth] [--parallel [--parallel-connections connections]] @@ -43,10 +43,10 @@ Index: libvirt-7.4.0/docs/manpages/virsh.rst Running migration can be canceled by interrupting virsh (usually using ``Ctrl-C``) or by ``domjobabort`` command sent from another virsh instance. -Index: libvirt-7.4.0/include/libvirt/libvirt-domain.h +Index: libvirt-7.5.0/include/libvirt/libvirt-domain.h =================================================================== ---- libvirt-7.4.0.orig/include/libvirt/libvirt-domain.h -+++ libvirt-7.4.0/include/libvirt/libvirt-domain.h +--- libvirt-7.5.0.orig/include/libvirt/libvirt-domain.h ++++ libvirt-7.5.0/include/libvirt/libvirt-domain.h @@ -1079,6 +1079,25 @@ typedef enum { */ # define VIR_MIGRATE_PARAM_TLS_DESTINATION "tls.destination" @@ -73,11 +73,11 @@ Index: libvirt-7.4.0/include/libvirt/libvirt-domain.h /* Domain migration. */ virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn, unsigned long flags, const char *dname, -Index: libvirt-7.4.0/src/libxl/libxl_driver.c +Index: libvirt-7.5.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_driver.c -+++ libvirt-7.4.0/src/libxl/libxl_driver.c -@@ -6050,6 +6050,9 @@ libxlDomainMigratePerform3Params(virDoma +--- libvirt-7.5.0.orig/src/libxl/libxl_driver.c ++++ libvirt-7.5.0/src/libxl/libxl_driver.c +@@ -6025,6 +6025,9 @@ libxlDomainMigratePerform3Params(virDoma const char *dname = NULL; const char *uri = NULL; int ret = -1; @@ -87,7 +87,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c #ifdef LIBXL_HAVE_NO_SUSPEND_RESUME virReportUnsupportedError(); -@@ -6066,6 +6069,15 @@ libxlDomainMigratePerform3Params(virDoma +@@ -6041,6 +6044,15 @@ libxlDomainMigratePerform3Params(virDoma virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_DEST_NAME, &dname) < 0 || @@ -103,7 +103,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_URI, &uri) < 0) -@@ -6080,11 +6092,11 @@ libxlDomainMigratePerform3Params(virDoma +@@ -6055,11 +6067,11 @@ libxlDomainMigratePerform3Params(virDoma if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) { if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml, @@ -117,10 +117,10 @@ Index: libvirt-7.4.0/src/libxl/libxl_driver.c goto cleanup; } -Index: libvirt-7.4.0/src/libxl/libxl_migration.c +Index: libvirt-7.5.0/src/libxl/libxl_migration.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_migration.c -+++ libvirt-7.4.0/src/libxl/libxl_migration.c +--- libvirt-7.5.0.orig/src/libxl/libxl_migration.c ++++ libvirt-7.5.0/src/libxl/libxl_migration.c @@ -340,18 +340,38 @@ libxlMigrateDstReceive(virNetSocket *soc static int libxlDoMigrateSrcSend(libxlDriverPrivate *driver, @@ -281,10 +281,10 @@ Index: libvirt-7.4.0/src/libxl/libxl_migration.c virObjectLock(vm); if (ret == 0) { -Index: libvirt-7.4.0/src/libxl/libxl_migration.h +Index: libvirt-7.5.0/src/libxl/libxl_migration.h =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_migration.h -+++ libvirt-7.4.0/src/libxl/libxl_migration.h +--- libvirt-7.5.0.orig/src/libxl/libxl_migration.h ++++ libvirt-7.5.0/src/libxl/libxl_migration.h @@ -35,6 +35,9 @@ VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \ VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \ @@ -327,11 +327,11 @@ Index: libvirt-7.4.0/src/libxl/libxl_migration.h virDomainPtr libxlDomainMigrationDstFinish(virConnectPtr dconn, -Index: libvirt-7.4.0/tools/virsh-domain.c +Index: libvirt-7.5.0/tools/virsh-domain.c =================================================================== ---- libvirt-7.4.0.orig/tools/virsh-domain.c -+++ libvirt-7.4.0/tools/virsh-domain.c -@@ -10685,6 +10685,18 @@ static const vshCmdOptDef opts_migrate[] +--- libvirt-7.5.0.orig/tools/virsh-domain.c ++++ libvirt-7.5.0/tools/virsh-domain.c +@@ -10672,6 +10672,18 @@ static const vshCmdOptDef opts_migrate[] .type = VSH_OT_STRING, .help = N_("override the destination host name used for TLS verification") }, @@ -350,7 +350,7 @@ Index: libvirt-7.4.0/tools/virsh-domain.c {.name = NULL} }; -@@ -10705,6 +10717,7 @@ doMigrate(void *opaque) +@@ -10692,6 +10704,7 @@ doMigrate(void *opaque) unsigned long long ullOpt = 0; int rv; virConnectPtr dconn = data->dconn; @@ -358,7 +358,7 @@ Index: libvirt-7.4.0/tools/virsh-domain.c #ifndef WIN32 sigset_t sigmask, oldsigmask; -@@ -10835,6 +10848,22 @@ doMigrate(void *opaque) +@@ -10822,6 +10835,22 @@ doMigrate(void *opaque) goto save_error; } diff --git a/libxl-support-block-script.patch b/libxl-support-block-script.patch index 0f09a37..c127b74 100644 --- a/libxl-support-block-script.patch +++ b/libxl-support-block-script.patch @@ -7,11 +7,11 @@ and npiv. For more details, see bsc#954872 and FATE#319810 -Index: libvirt-7.4.0/src/libxl/libxl_conf.c +Index: libvirt-7.5.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_conf.c -+++ libvirt-7.4.0/src/libxl/libxl_conf.c -@@ -965,6 +965,22 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-7.5.0.orig/src/libxl/libxl_conf.c ++++ libvirt-7.5.0/src/libxl/libxl_conf.c +@@ -951,6 +951,22 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -34,7 +34,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c static void libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode) { -@@ -1110,6 +1126,7 @@ libxlMakeNetworkDiskSrc(virStorageSource +@@ -1096,6 +1112,7 @@ libxlMakeNetworkDiskSrc(virStorageSource int libxlMakeDisk(virDomainDiskDef *l_disk, libxl_device_disk *x_disk) { @@ -42,7 +42,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c const char *driver = virDomainDiskGetDriver(l_disk); int format = virDomainDiskGetFormat(l_disk); int actual_type = virStorageSourceGetActualType(l_disk->src); -@@ -1123,7 +1140,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk, +@@ -1109,7 +1126,7 @@ libxlMakeDisk(virDomainDiskDef *l_disk, if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0) return -1; } else { @@ -51,7 +51,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c } x_disk->vdev = g_strdup(l_disk->dst); -@@ -1234,6 +1251,9 @@ libxlMakeDisk(virDomainDiskDef *l_disk, +@@ -1216,6 +1233,9 @@ libxlMakeDisk(virDomainDiskDef *l_disk, if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; libxlDiskSetCacheMode(x_disk, l_disk->cachemode); diff --git a/lxc-wait-after-eth-del.patch b/lxc-wait-after-eth-del.patch index 4f4343f..1d90dfb 100644 --- a/lxc-wait-after-eth-del.patch +++ b/lxc-wait-after-eth-del.patch @@ -13,10 +13,10 @@ device with the same name that is being created. src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -Index: libvirt-7.4.0/src/lxc/lxc_controller.c +Index: libvirt-7.5.0/src/lxc/lxc_controller.c =================================================================== ---- libvirt-7.4.0.orig/src/lxc/lxc_controller.c -+++ libvirt-7.4.0/src/lxc/lxc_controller.c +--- libvirt-7.5.0.orig/src/lxc/lxc_controller.c ++++ libvirt-7.5.0/src/lxc/lxc_controller.c @@ -2013,6 +2013,7 @@ static int virLXCControllerDeleteInterfa if (virNetDevVethDelete(ctrl->veths[i]) < 0) ret = -1; @@ -25,10 +25,10 @@ Index: libvirt-7.4.0/src/lxc/lxc_controller.c return ret; } -Index: libvirt-7.4.0/src/lxc/lxc_driver.c +Index: libvirt-7.5.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/lxc/lxc_driver.c -+++ libvirt-7.4.0/src/lxc/lxc_driver.c +--- libvirt-7.5.0.orig/src/lxc/lxc_driver.c ++++ libvirt-7.5.0/src/lxc/lxc_driver.c @@ -67,6 +67,7 @@ #include "virtime.h" #include "virtypedparam.h" @@ -53,10 +53,10 @@ Index: libvirt-7.4.0/src/lxc/lxc_driver.c break; /* It'd be nice to support this, but with macvlan -Index: libvirt-7.4.0/src/lxc/lxc_process.c +Index: libvirt-7.5.0/src/lxc/lxc_process.c =================================================================== ---- libvirt-7.4.0.orig/src/lxc/lxc_process.c -+++ libvirt-7.4.0/src/lxc/lxc_process.c +--- libvirt-7.5.0.orig/src/lxc/lxc_process.c ++++ libvirt-7.5.0/src/lxc/lxc_process.c @@ -51,6 +51,7 @@ #include "virstring.h" #include "virprocess.h" diff --git a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch index d8d4fc6..e46c969 100644 --- a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch +++ b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -17,10 +17,10 @@ Signed-off-by: Martin Wilck tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) -Index: libvirt-7.4.0/src/network/bridge_driver.c +Index: libvirt-7.5.0/src/network/bridge_driver.c =================================================================== ---- libvirt-7.4.0.orig/src/network/bridge_driver.c -+++ libvirt-7.4.0/src/network/bridge_driver.c +--- libvirt-7.5.0.orig/src/network/bridge_driver.c ++++ libvirt-7.5.0/src/network/bridge_driver.c @@ -1482,7 +1482,14 @@ networkDnsmasqConfContents(virNetworkObj if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) { if (ipdef->nranges || ipdef->nhosts) { @@ -37,10 +37,10 @@ Index: libvirt-7.4.0/src/network/bridge_driver.c } if (ipdef->tftproot) { -Index: libvirt-7.4.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +Index: libvirt-7.5.0/tests/networkxml2confdata/dhcp6host-routed-network.conf =================================================================== ---- libvirt-7.4.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf -+++ libvirt-7.4.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +--- libvirt-7.5.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf ++++ libvirt-7.5.0/tests/networkxml2confdata/dhcp6host-routed-network.conf @@ -10,7 +10,6 @@ bind-dynamic interface=virbr1 dhcp-range=192.168.122.1,static diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index a8372bd..a258f01 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-7.4.0/src/util/virarch.c +Index: libvirt-7.5.0/src/util/virarch.c =================================================================== ---- libvirt-7.4.0.orig/src/util/virarch.c -+++ libvirt-7.4.0/src/util/virarch.c +--- libvirt-7.5.0.orig/src/util/virarch.c ++++ libvirt-7.5.0/src/util/virarch.c @@ -220,6 +220,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index 1757a8a..b855a82 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,8 +1,8 @@ -Index: libvirt-7.4.0/src/security/apparmor/libvirt-qemu +Index: libvirt-7.5.0/src/security/apparmor/libvirt-qemu =================================================================== ---- libvirt-7.4.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-7.4.0/src/security/apparmor/libvirt-qemu -@@ -244,3 +244,6 @@ +--- libvirt-7.5.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-7.5.0/src/security/apparmor/libvirt-qemu +@@ -245,3 +245,6 @@ # /sys/bus/nd/devices / r, # harmless on any lsb compliant system /sys/bus/nd/devices/{,**/} r, diff --git a/suse-apparmor-libnl-paths.patch b/suse-apparmor-libnl-paths.patch deleted file mode 100644 index 6dcec70..0000000 --- a/suse-apparmor-libnl-paths.patch +++ /dev/null @@ -1,35 +0,0 @@ -Apparmor: Adjust libnl paths - -In SUSE distros, libnl paths generally contain only 'libnl', and -not an embedded version number such as 'libnl-3'. Use 'libnl*' in -the virt-aa-helper profile to accommodate all libnl path variants. - -It was also noticed that the per-domain profiles need a libnl rule -to squelch a denial when starting confined domains. - -Found while investigating bsc#1058847 -Index: libvirt-7.4.0/src/security/apparmor/libvirt-qemu -=================================================================== ---- libvirt-7.4.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-7.4.0/src/security/apparmor/libvirt-qemu -@@ -64,6 +64,7 @@ - #/dev/fb* rw, - - /etc/pulse/client.conf r, -+ /etc/libnl*/classid r, - @{HOME}/.pulse-cookie rwk, - owner /root/.pulse-cookie rwk, - owner /root/.pulse/ rw, -Index: libvirt-7.4.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in -=================================================================== ---- libvirt-7.4.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in -+++ libvirt-7.4.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in -@@ -19,7 +19,7 @@ profile virt-aa-helper @libexecdir@/virt - # Used when internally running another command (namely apparmor_parser) - @{PROC}/@{pid}/fd/ r, - -- @sysconfdir@/libnl-3/classid r, -+ @sysconfdir@/libnl*/classid r, - - # for gl enabled graphics - /dev/dri/{,*} r, diff --git a/suse-libvirt-guests-service.patch b/suse-libvirt-guests-service.patch index 2ceea2e..c8bbd04 100644 --- a/suse-libvirt-guests-service.patch +++ b/suse-libvirt-guests-service.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests service to conform to SUSE standards -Index: libvirt-7.4.0/tools/libvirt-guests.sh.in +Index: libvirt-7.5.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-7.4.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-7.4.0/tools/libvirt-guests.sh.in +--- libvirt-7.5.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-7.5.0/tools/libvirt-guests.sh.in @@ -20,10 +20,6 @@ sysconfdir="@sysconfdir@" localstatedir="@localstatedir@" libvirtd="@sbindir@"/libvirtd @@ -28,10 +28,10 @@ Index: libvirt-7.4.0/tools/libvirt-guests.sh.in RETVAL=0 -Index: libvirt-7.4.0/tools/libvirt-guests.sysconf +Index: libvirt-7.5.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-7.4.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-7.4.0/tools/libvirt-guests.sysconf +--- libvirt-7.5.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-7.5.0/tools/libvirt-guests.sysconf @@ -1,9 +1,14 @@ +## Path: System/Virtualization/libvirt-guests # Customizations for the libvirt-guests.service systemd unit diff --git a/suse-libvirtd-disable-tls.patch b/suse-libvirtd-disable-tls.patch index 30ac5e2..c6e90ce 100644 --- a/suse-libvirtd-disable-tls.patch +++ b/suse-libvirtd-disable-tls.patch @@ -3,10 +3,10 @@ Disable TLS by default On SUSE distros, the default is for libvirtd to listen only on the Unix Domain Socket. The libvirt client still provides remote access via a SSH tunnel. -Index: libvirt-7.4.0/src/remote/remote_daemon_config.c +Index: libvirt-7.5.0/src/remote/remote_daemon_config.c =================================================================== ---- libvirt-7.4.0.orig/src/remote/remote_daemon_config.c -+++ libvirt-7.4.0/src/remote/remote_daemon_config.c +--- libvirt-7.5.0.orig/src/remote/remote_daemon_config.c ++++ libvirt-7.5.0/src/remote/remote_daemon_config.c @@ -98,7 +98,7 @@ daemonConfigNew(bool privileged G_GNUC_U #ifdef WITH_IP @@ -16,10 +16,10 @@ Index: libvirt-7.4.0/src/remote/remote_daemon_config.c # else /* ! LIBVIRTD */ data->listen_tls = false; /* Always honoured, --listen doesn't exist. */ # endif /* ! LIBVIRTD */ -Index: libvirt-7.4.0/src/remote/libvirtd.conf.in +Index: libvirt-7.5.0/src/remote/libvirtd.conf.in =================================================================== ---- libvirt-7.4.0.orig/src/remote/libvirtd.conf.in -+++ libvirt-7.4.0/src/remote/libvirtd.conf.in +--- libvirt-7.5.0.orig/src/remote/libvirtd.conf.in ++++ libvirt-7.5.0/src/remote/libvirtd.conf.in @@ -17,8 +17,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -31,10 +31,10 @@ Index: libvirt-7.4.0/src/remote/libvirtd.conf.in # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to -Index: libvirt-7.4.0/src/remote/test_libvirtd.aug.in +Index: libvirt-7.5.0/src/remote/test_libvirtd.aug.in =================================================================== ---- libvirt-7.4.0.orig/src/remote/test_libvirtd.aug.in -+++ libvirt-7.4.0/src/remote/test_libvirtd.aug.in +--- libvirt-7.5.0.orig/src/remote/test_libvirtd.aug.in ++++ libvirt-7.5.0/src/remote/test_libvirtd.aug.in @@ -3,7 +3,7 @@ module Test_@DAEMON_NAME@ = test @DAEMON_NAME_UC@.lns get conf = diff --git a/suse-libvirtd-sysconfig-settings.patch b/suse-libvirtd-sysconfig-settings.patch index 61e5e47..d499695 100644 --- a/suse-libvirtd-sysconfig-settings.patch +++ b/suse-libvirtd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-7.4.0/src/remote/libvirtd.sysconf +Index: libvirt-7.5.0/src/remote/libvirtd.sysconf =================================================================== ---- libvirt-7.4.0.orig/src/remote/libvirtd.sysconf -+++ libvirt-7.4.0/src/remote/libvirtd.sysconf +--- libvirt-7.5.0.orig/src/remote/libvirtd.sysconf ++++ libvirt-7.5.0/src/remote/libvirtd.sysconf @@ -1,5 +1,8 @@ +## Path: System/Virtualization/libvirt # Customizations for the libvirtd.service systemd unit diff --git a/suse-libxl-disable-autoballoon.patch b/suse-libxl-disable-autoballoon.patch index d789183..68c461d 100644 --- a/suse-libxl-disable-autoballoon.patch +++ b/suse-libxl-disable-autoballoon.patch @@ -6,10 +6,10 @@ autoballooning. This patch changes libvirt to also disable autoballooning by default. It can only be enabled with the 'autoballoon' setting in libxl.conf. See jsc#SLE-3059 for more details. -Index: libvirt-7.4.0/src/libxl/libxl.conf +Index: libvirt-7.5.0/src/libxl/libxl.conf =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl.conf -+++ libvirt-7.4.0/src/libxl/libxl.conf +--- libvirt-7.5.0.orig/src/libxl/libxl.conf ++++ libvirt-7.5.0/src/libxl/libxl.conf @@ -4,12 +4,11 @@ # Enable autoballooning of domain0 @@ -27,11 +27,11 @@ Index: libvirt-7.4.0/src/libxl/libxl.conf # In order to prevent accidentally starting two domains that -Index: libvirt-7.4.0/src/libxl/libxl_conf.c +Index: libvirt-7.5.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_conf.c -+++ libvirt-7.4.0/src/libxl/libxl_conf.c -@@ -1786,15 +1786,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa +--- libvirt-7.5.0.orig/src/libxl/libxl_conf.c ++++ libvirt-7.5.0/src/libxl/libxl_conf.c +@@ -1762,15 +1762,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa /* * Get domain0 autoballoon configuration. Honor user-specified * setting in libxl.conf first. If not specified, autoballooning @@ -48,7 +48,7 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c int res; res = virConfGetValueBool(conf, "autoballoon", &cfg->autoballoon); -@@ -1803,15 +1800,8 @@ libxlGetAutoballoonConf(libxlDriverConfi +@@ -1779,15 +1776,8 @@ libxlGetAutoballoonConf(libxlDriverConfi else if (res == 1) return 0; @@ -66,10 +66,10 @@ Index: libvirt-7.4.0/src/libxl/libxl_conf.c return 0; } -Index: libvirt-7.4.0/src/libxl/test_libvirtd_libxl.aug.in +Index: libvirt-7.5.0/src/libxl/test_libvirtd_libxl.aug.in =================================================================== ---- libvirt-7.4.0.orig/src/libxl/test_libvirtd_libxl.aug.in -+++ libvirt-7.4.0/src/libxl/test_libvirtd_libxl.aug.in +--- libvirt-7.5.0.orig/src/libxl/test_libvirtd_libxl.aug.in ++++ libvirt-7.5.0/src/libxl/test_libvirtd_libxl.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd_libxl = @CONFIG@ diff --git a/suse-ovmf-paths.patch b/suse-ovmf-paths.patch index 0646b1f..b321aa6 100644 --- a/suse-ovmf-paths.patch +++ b/suse-ovmf-paths.patch @@ -1,9 +1,9 @@ Adjust paths of OVMF firmwares on SUSE distros -Index: libvirt-7.4.0/src/qemu/qemu.conf +Index: libvirt-7.5.0/src/qemu/qemu.conf =================================================================== ---- libvirt-7.4.0.orig/src/qemu/qemu.conf -+++ libvirt-7.4.0/src/qemu/qemu.conf +--- libvirt-7.5.0.orig/src/qemu/qemu.conf ++++ libvirt-7.5.0/src/qemu/qemu.conf @@ -858,10 +858,9 @@ # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default # follows this scheme. @@ -18,10 +18,10 @@ Index: libvirt-7.4.0/src/qemu/qemu.conf #] # The backend to use for handling stdout/stderr output from -Index: libvirt-7.4.0/src/qemu/qemu_conf.c +Index: libvirt-7.5.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/qemu/qemu_conf.c -+++ libvirt-7.4.0/src/qemu/qemu_conf.c +--- libvirt-7.5.0.orig/src/qemu/qemu_conf.c ++++ libvirt-7.5.0/src/qemu/qemu_conf.c @@ -98,10 +98,9 @@ qemuDriverUnlock(virQEMUDriver *driver) #ifndef DEFAULT_LOADER_NVRAM @@ -36,10 +36,10 @@ Index: libvirt-7.4.0/src/qemu/qemu_conf.c #endif -Index: libvirt-7.4.0/src/security/virt-aa-helper.c +Index: libvirt-7.5.0/src/security/virt-aa-helper.c =================================================================== ---- libvirt-7.4.0.orig/src/security/virt-aa-helper.c -+++ libvirt-7.4.0/src/security/virt-aa-helper.c +--- libvirt-7.5.0.orig/src/security/virt-aa-helper.c ++++ libvirt-7.5.0/src/security/virt-aa-helper.c @@ -480,7 +480,8 @@ valid_path(const char *path, const bool "/usr/share/ovmf/", /* for OVMF images */ "/usr/share/AAVMF/", /* for AAVMF images */ @@ -50,10 +50,10 @@ Index: libvirt-7.4.0/src/security/virt-aa-helper.c }; /* override the above with these */ const char * const override[] = { -Index: libvirt-7.4.0/src/qemu/test_libvirtd_qemu.aug.in +Index: libvirt-7.5.0/src/qemu/test_libvirtd_qemu.aug.in =================================================================== ---- libvirt-7.4.0.orig/src/qemu/test_libvirtd_qemu.aug.in -+++ libvirt-7.4.0/src/qemu/test_libvirtd_qemu.aug.in +--- libvirt-7.5.0.orig/src/qemu/test_libvirtd_qemu.aug.in ++++ libvirt-7.5.0/src/qemu/test_libvirtd_qemu.aug.in @@ -96,10 +96,9 @@ module Test_libvirtd_qemu = { "migration_port_max" = "49215" } { "log_timestamp" = "0" } diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 09fa783..4641c62 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -7,10 +7,10 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch, etc.), but for now they are all lumped together in this single patch. -Index: libvirt-7.4.0/src/qemu/qemu.conf +Index: libvirt-7.5.0/src/qemu/qemu.conf =================================================================== ---- libvirt-7.4.0.orig/src/qemu/qemu.conf -+++ libvirt-7.4.0/src/qemu/qemu.conf +--- libvirt-7.5.0.orig/src/qemu/qemu.conf ++++ libvirt-7.5.0/src/qemu/qemu.conf @@ -491,10 +491,19 @@ # isolation, but it cannot appear in a list of drivers. # @@ -60,10 +60,10 @@ Index: libvirt-7.4.0/src/qemu/qemu.conf # #lock_manager = "lockd" -Index: libvirt-7.4.0/src/qemu/qemu_conf.c +Index: libvirt-7.5.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/qemu/qemu_conf.c -+++ libvirt-7.4.0/src/qemu/qemu_conf.c +--- libvirt-7.5.0.orig/src/qemu/qemu_conf.c ++++ libvirt-7.5.0/src/qemu/qemu_conf.c @@ -272,7 +272,7 @@ virQEMUDriverConfig *virQEMUDriverConfig cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER); cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON); @@ -73,10 +73,10 @@ Index: libvirt-7.4.0/src/qemu/qemu_conf.c cfg->securityRequireConfined = false; cfg->keepAliveInterval = 5; -Index: libvirt-7.4.0/src/qemu/test_libvirtd_qemu.aug.in +Index: libvirt-7.5.0/src/qemu/test_libvirtd_qemu.aug.in =================================================================== ---- libvirt-7.4.0.orig/src/qemu/test_libvirtd_qemu.aug.in -+++ libvirt-7.4.0/src/qemu/test_libvirtd_qemu.aug.in +--- libvirt-7.5.0.orig/src/qemu/test_libvirtd_qemu.aug.in ++++ libvirt-7.5.0/src/qemu/test_libvirtd_qemu.aug.in @@ -45,6 +45,7 @@ module Test_libvirtd_qemu = { "remote_websocket_port_min" = "5700" } { "remote_websocket_port_max" = "65535" } diff --git a/suse-virtlockd-sysconfig-settings.patch b/suse-virtlockd-sysconfig-settings.patch index cc93fc4..ca7f901 100644 --- a/suse-virtlockd-sysconfig-settings.patch +++ b/suse-virtlockd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlockd sysconfig file to conform to SUSE standards -Index: libvirt-7.4.0/src/locking/virtlockd.sysconf +Index: libvirt-7.5.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-7.4.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-7.4.0/src/locking/virtlockd.sysconf +--- libvirt-7.5.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-7.5.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + diff --git a/suse-virtlogd-sysconfig-settings.patch b/suse-virtlogd-sysconfig-settings.patch index 114fd7b..16c7c05 100644 --- a/suse-virtlogd-sysconfig-settings.patch +++ b/suse-virtlogd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlogd sysconfig file to conform to SUSE standards -Index: libvirt-7.4.0/src/logging/virtlogd.sysconf +Index: libvirt-7.5.0/src/logging/virtlogd.sysconf =================================================================== ---- libvirt-7.4.0.orig/src/logging/virtlogd.sysconf -+++ libvirt-7.4.0/src/logging/virtlogd.sysconf +--- libvirt-7.5.0.orig/src/logging/virtlogd.sysconf ++++ libvirt-7.5.0/src/logging/virtlogd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlogd + diff --git a/suse-xen-ovmf-loaders.patch b/suse-xen-ovmf-loaders.patch index 93cbec2..d38e67f 100644 --- a/suse-xen-ovmf-loaders.patch +++ b/suse-xen-ovmf-loaders.patch @@ -5,11 +5,11 @@ upstream support for firmware autoselection in the xen driver. Sadly, the upstream efforts to improve firmware handling in the qemu driver broke the firmware handling in the xen driver. -Index: libvirt-7.4.0/src/libxl/libxl_conf.c +Index: libvirt-7.5.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-7.4.0.orig/src/libxl/libxl_conf.c -+++ libvirt-7.4.0/src/libxl/libxl_conf.c -@@ -1826,6 +1826,15 @@ libxlDriverConfigNew(void) +--- libvirt-7.5.0.orig/src/libxl/libxl_conf.c ++++ libvirt-7.5.0/src/libxl/libxl_conf.c +@@ -1802,6 +1802,15 @@ libxlDriverConfigNew(void) cfg->autoDumpDir = g_strdup(LIBXL_DUMP_DIR); cfg->channelDir = g_strdup(LIBXL_CHANNEL_DIR); diff --git a/virt-create-rootfs.patch b/virt-create-rootfs.patch index fd486e3..2ddd8af 100644 --- a/virt-create-rootfs.patch +++ b/virt-create-rootfs.patch @@ -1,7 +1,7 @@ -Index: libvirt-7.4.0/tools/virt-create-rootfs +Index: libvirt-7.5.0/tools/virt-create-rootfs =================================================================== --- /dev/null -+++ libvirt-7.4.0/tools/virt-create-rootfs ++++ libvirt-7.5.0/tools/virt-create-rootfs @@ -0,0 +1,231 @@ +#!/bin/sh +set -e @@ -234,10 +234,10 @@ Index: libvirt-7.4.0/tools/virt-create-rootfs + echo "pts/0" >> "$ROOT/etc/securetty" + chroot "$ROOT" /usr/bin/passwd +fi -Index: libvirt-7.4.0/docs/manpages/virt-create-rootfs.rst +Index: libvirt-7.5.0/docs/manpages/virt-create-rootfs.rst =================================================================== --- /dev/null -+++ libvirt-7.4.0/docs/manpages/virt-create-rootfs.rst ++++ libvirt-7.5.0/docs/manpages/virt-create-rootfs.rst @@ -0,0 +1,88 @@ +================== +virt-create-rootfs @@ -327,10 +327,10 @@ Index: libvirt-7.4.0/docs/manpages/virt-create-rootfs.rst +======== + +virsh(1), `https://libvirt.org/ `_ -Index: libvirt-7.4.0/docs/manpages/meson.build +Index: libvirt-7.5.0/docs/manpages/meson.build =================================================================== ---- libvirt-7.4.0.orig/docs/manpages/meson.build -+++ libvirt-7.4.0/docs/manpages/meson.build +--- libvirt-7.5.0.orig/docs/manpages/meson.build ++++ libvirt-7.5.0/docs/manpages/meson.build @@ -19,6 +19,7 @@ docs_man_files = [ { 'name': 'virt-pki-validate', 'section': '1', 'install': true }, { 'name': 'virt-qemu-run', 'section': '1', 'install': conf.has('WITH_QEMU') }, @@ -339,10 +339,10 @@ Index: libvirt-7.4.0/docs/manpages/meson.build { 'name': 'libvirtd', 'section': '8', 'install': conf.has('WITH_LIBVIRTD') }, { 'name': 'virt-sanlock-cleanup', 'section': '8', 'install': conf.has('WITH_SANLOCK') }, -Index: libvirt-7.4.0/tools/meson.build +Index: libvirt-7.5.0/tools/meson.build =================================================================== ---- libvirt-7.4.0.orig/tools/meson.build -+++ libvirt-7.4.0/tools/meson.build +--- libvirt-7.5.0.orig/tools/meson.build ++++ libvirt-7.5.0/tools/meson.build @@ -149,6 +149,8 @@ else virsh_icon_res = [] endif